Archive for November, 2008

E-Invoicing Made E-asy: LiveCycle & PDF to the Rescue

No matter how far technology has reached into our personal and professional lives, it seems we just can’t get rid of paper cluttering our desks, folders, and cabinets.  Despite the ubiquity of PDF documents and ever-increasing use of the web and computers for banking and commerce, the bill, statement and invoice still rule the roost when it comes to sheer volume of paper.  (OK, next to junk mail, but…)

This problem is exacerbated in the European Union where the requirement to document and validate value-added taxes (VAT) results in the creation and exchange of over 30 billion invoices every year, at an estimated cost of €30 per invoice.  Add to that staggering cost environmental pressures to “go green” and reduce waste.  Add to that the loss in business agility resulting from delivery times and internal routing.  And then add to that the human errors attendant with the transposition of data from these paper documents to electronic systems, which can cost over €100 per incident.  Facing a global economic recession, the benefits of moving to electronic, or e-, invoicing systems are real: expected cost reductions on the order of 80%!

The EU acted in 2001 to harmonize invoicing legislation and encourage the use of e-invoicing across all 25 EU member states (Council Directive 2001/115/EC ).  These regulations mandated a common set of master data fields in addition to the use of technologies to better manage the integrity and authenticity of invoice content.  Yet even with this harmonization framework, there are still over 200 e-invoicing systems in place all over Europe, making it very difficult to exchange electronic invoices across national borders.  Given this challenge, the CEN/ISSS Workshop on Compliance of eInvoices works to create standards and best practices for a more universal solution that can be implemented on a broader scale and provide for improved accessibility, efficiency, and cost-savings. 

A solution based on the PDF file format (ISO 32000) and Adobe LiveCycle ES is a good example of those best practices in action.  LiveCycle Enterprise Suite is built on open standards like PDF and XML.  LiveCycle ES can also protect integrity with digital signatures; import data into a PDF document; archive those documents with the ISO ratified PDF/A format; distribute and then also process, verify, and validate e-invoices on the way back in.

Adobe_eInvoicing Architecture.png

Nick Pope, Technical Editor of the CEN/ISSS Workshop on Compliance of eInvoices, had this to say about the solution:  “By combining two de-facto standards – XML for data portability and PDF for human readable documents – with the power of digital signatures, intelligent PDF supports trading between virtually any two partners with fidelity and easy accessibility.”

E-invoicing systems based on LiveCycle ES have already been successfully deployed by several organizations.  Poste Italiane estimates that more than 1.5 million pages have been converted to digital resulting in substantial cost savings.  Cuatrecasas, Spain’s second largest law firm, has reduced invoicing costs by thousands of euros annually.  And Europcar leveraged e-invoicing to not only reduce costs but also improve interoperability with their clients’ ERP systems, enhancing the customer experience.

To read more about Adobe’s e-invoicing solutions using PDF and LiveCycle ES, please read the whitepaper, “Applying best practices for secure, automated electronic invoicing.”

Other links:


News from Adobe’s Security Partner Community – ARX Deepens Support for Adobe Acrobat & Reader

We’re always pleased to see our partners taking advantage of key, integrated capabilities of our products to better serve our joint customers’ needs.  Yesterday, ARX (Algorithmic Research) announced that its CoSign product now supports the Adobe Signature Service Protocol (ASSP), built into Adobe Acrobat and Adobe Reader version 8.0 and above.

CoSign is a hardened, plug-and-play appliance that allows organizations to easily set up a centralized repository of digital IDs.  These credentials are securely stored on the appliance, eliminating the need for users to carry hardware tokens, which can add to the cost of a digital certificate (PKI) rollout.  The user simply authenticates to the server to access their credentials.

Prior to this announcement, ARX required users to install a small client to provide signing capabilities in Adobe products.  Now, with ARX’s ASSP support, users can set up Acrobat and Reader to access their centralized (roaming) credentials in CoSign for digital signatures without any additional software.  The ASSP protocol provides users with the ability to choose a roaming credential, specify an ASSP-capable server, and then, after clicking on a signature field, simply enter the appropriate authentication information to access their credential.  ASSP handles the behind the scenes communication between client and server, passing the hash (fingerprint of the document) up to the server for signature and then returning it to the client to be embedded back into the document.

Here’s a brief demo of how the system works…note that I’m using a test credential here.

Easy, huh?

With today’s announcement, ARX joins our other security partner Arcot in featuring support for the ASSP protocol.  This protocol is just the latest step in Adobe’s strategy to make electronic signature workflows easier and more productive. 

To learn more about Adobe’s security partner ecosystem, visit the Adobe Security Partner Community!


SecureWorld Expo Detroit Rewind

We had a fun trip earlier this month to the SecureWorld Expo show at the Ford Convention Center in Dearborn, MI. There was a good crowd on hand generating significant interest in our live demos of LiveCycle Rights Management ES with a specific focus on CAD support. Yours truly was interviewed on the spot, so if you couldn’t make it and would like to see what the booth and demo setup looked like (as well as hear a quick Adobe security elevator pitch under pressure) please click here. Thanks to the folks at for helping get the word out, the Booth Buzz concept is a good one….

There was also tremendous interest in the data security panel, where folks from Adobe, IBM, Symantec, and Websense among others, had a lively exchange on the growing information-centric security market. A wide range of topics were discussed: from the benefits of risk assessment consulting services, to the need for wider adoption of information risk management strategies, to the continued importance of education and training in a security context. Thanks to all who helped make it an great show and we’ll see you at another SecureWorld event in your area soon.

Update: FIPS 140 Validation Certificates for Acrobat, Reader, and LiveCycle

Version 9.0 of Adobe Acrobat and Adobe Reader include the RSA BSAFE Crypto-C ME encryption module with FIPS 140-2 validation certificate #828. Instructions here will also enable FIPS mode in Acrobat and Reader 9.0 to restrict document encryption and digital signatures to FIPS approved algorithms (AES/RSA/SHA) in this library.

Adobe LiveCycle ES still includes the RSA BSAFE Crypto-J 3.5.04 encryption module with FIPS 140-2 validation certificate #590. FIPS mode is configured in the product installer.

LiveCycle Digital Signatures: Three Common Use Cases

With Adobe LiveCycle Digital Signatures, a solution component of the LiveCycle Enterprise Suite, you can easily automate digital signature processes, enabling your organization to bring more paper-based processes online. By facilitating a 100% electronic workflow, with no paper-out for handwritten signatures or special document authenticity seals, you can reduce costs, improve compliance, increase user satisfaction, and accelerate business processes. This article highlights three common uses cases of this J2EE server component for digital signatures.

1. Automated Certified Document Publishing

Since version 6.0 of Acrobat and Reader, certified documents have provided documents recipients with added assurances that the document was published by the named author and has not been modified. This is indicated by a blue ribbon:

When a certified document is opened with Acrobat or Reader, the Document Message Bar across the top of the document indicates the author’s name, email, organization, and verifying third party.  Adobe published it’s Q3 2008 10Q as a certified document, like this:

Certifying digital signatures can automatically validate in Acrobat and Reader – without any additional software installation or configuration, by using the Certified Document Services program

Certified documents can be created manually using Adobe Acrobat on the desktop via File -> Save as Certified Document.  If you have a lot of documents to certify, or want to otherwise automate the certification process, LiveCycle Digital Signatures is the solution. The signing credential can either be stored in software on the server, or be more securely stored in a hardware security module (HSM) from one of Adobe’s Security Partners.  Then a process is designed within LiveCycle to specify the file input, signature properties, and resulting output. Some examples include webservices, drop folders/network shares, content management systems like LiveCycle Content Services  powered by Alfresco or Documentum, Sharepoint, FileNet, etc.

If you are also looking to automate document generation with certified documents, LiveCycle Digital Signatures can be integrated with LiveCycle PDF Generator and LiveCycle PDF Generator 3D to convert native documents to PDF and certify them in a single automated server process.

Certified documents are applicable not only for static documents, but also for interactive forms.  When coupled with LiveCycle Forms and LiveCycle Process Management, the automated certification can apply to the form template being delivered to a participant.  For example, if you are offering a loan of 30yr fixed at 6%, and want to have added assurances that what you sent out to a user is the same thing you get back (and not 60yrs at 3%!) – the certifying signature can be automatically applied to forms as they are generated and routed to participants in a workflow.  If certified form template data is modified or a fraudulent form is introduced into the process, LiveCycle can generate an exception when a document is returned with the certifying signature missing or invalid.

To see more certified documents in action, visit the US Government Printing Office website where they used LiveCycle Digital Signatures to digitally sign the FY2009 Federal Budget. University registrars, such as Penn State, University of Colorado, and University of Southern California, are also certifying official transcripts and delivering them faster, cheaper, and more secure than paper – by using certified PDF documents.

2. Workflow Validation

In a paper world, someone needs to manually examine every document to determine if all handwritten signatures have been applied by the right people in the right places.  Fortunately in the digital world, LiveCycle Digital Signatures provides a signature validation engine for automating the receipt of digitally signed PDF documents. If you are sending out forms and contracts to be digitally signed by Acrobat or Reader users on the desktop, LiveCycle can subsequently receive those signed documents and check the signatures as part of an automated process.

The server side validation engine is configured using root PKI certificates as trust anchors to validate the certificate chain of each signature.  The server is also capable of doing CRL and OCSP checks to verify that the signing credentials are not revoked. Those capabilities are coupled with the document integrity checks to verify that the current document and its signature have the same cryptographic fingerprint using hashing algorithms such as MD5, SHA1, SHA256, etc. If any of the signatures on a document are not valid, exceptions are generated in the business process. Otherwise, a document with valid signatures can more quickly proceed through the process without user intervention.

In the first use case described above, certified documents were recommended as a way to have added assurances that what is sent out, is the same as what’s being received. LiveCycle can take a form template, such as one with loan terms, and certify it. It can then be delivered and reviewed by a recipient, digitally signed, and returned back to the server. LiveCycle’s digital signature validation engine first checks that the certifying signature on the form template is still valid (eg the loan terms). Then LiveCycle can validate that the recipient has applied their own digital signature on top of and data they supplied and the underlying form template. If the document needs multiple approvals, it can continue validating multiple signatures on the document.  When the signature validation process is complete, LiveCycle is able to extract the form data from the signed document, process in other enterprise applications and then store a copy of the signed document in a content management system for archival.

3. Counter-signatures

Many paper processes are not complete until they have an official "RECEIVED on DATE" stamp applied, like this:

In an electronic business process, LIveCycle Digital Signatures can also apply the equivalent of the received stamp as part of an automated workflow.  After all of the document’s signatures have been validated any any additional field validation is performed on the supplied data – a final role-based signature can be applied in the server process, which can look something like this:

It’s also possible to create custom signature appearances so the digital signature actually looks like a paper-based received stamp.

There are many benefits to applying this final "received signature" as part of an automated server process. The received signature can provide a cryptographic based timestamp (RFC3161) to the document to show what exactly was received and when – important for time sensitive processes.  The signature can also indicate that at the time the document was received, all of the form data was valid and all of the digital signatures applied by any participants were also valid.

Improving Design Collaboration While Reducing Risk

As we’ve mentioned in earlier posts on this blog, LiveCycle Rights Management ES has a growing set of integrations with 3D CAD/CAM packages. Today we have integrations in the market to provide for rights management IP protection in native Pro/ENGINEER, CATIA, and XVL files.

Adobe recently hosted a joint webcast with PTC to showcase how customers can improve design collaboration while reducing risk using Pro/ENGINEER and LiveCycle Rights Management. In today’s global manufacturing marketplace, survival depends on fast time-to-market.  Spreading the design process across the supply chain continues to increase design complexity as customers demand better products, quickly.   The key is better collaboration, but as companies try to deliver better information, earlier in the process, to a broader audience, the risk of intellectual property (IP) loss goes up dramatically.  Survey after survey has shown that protection of design information is at the top of the list for most engineering organizations.  Companies that learn to balance improved collaboration with the risk of IP loss will be the winners moving forward.

You can replay the webcast by going to:

Adobe at Secureworld Expo Detroit – This Week!

Adobe will participating in the Secureworld Expo in Detroit at the Ford Conference and Event Center. Adobe representatives will be in the booth on Wednesday, November 5th and Thursday, November 6th from 9am – 3pm EST. Please stop by the booth where we will be giving live demos and discussing the benefits of Adobe LiveCycle Rights Management ES in a manufacturing context. Click for more details on the conference agenda and last minute registration.

As a bonus, I’ll be particiapting in a panel discussion titled “Data Protection – It’s All About the Data” on Thursday November 6th at 1pm EST. The session will be moderated by David Meunier, former VP/CISO, CUNA Mutual.
Please click for additional information and a list of presenters.

We look forward to you joining us in Detroit this week!!