This is the latest entry in our “What is an Electronic Signature, Anyway?” series.  You can find previous entries here.

Recently, I’ve received a number of emails from our users asking questions about electronic signatures, so I thought it would be useful to briefly answer some of these frequently asked questions and also direct you, dear reader, to a variety of resources here at Adobe that can help.

First, I recommend you read the other blog entries in our “What is an Electronic Signature, Anyway? “ series to better understand the terminology and issues surrounding electronic signatures.

Now onto the questions...

I want to electronically sign a PDF—what do I need to do?

There are lots of different ways to electronically ‘sign’ documents, but they vary in terms of reliability, longer-term validity, and application.

At a very basic level, you could create a signature stamp or use the (new in Acrobat 9) ‘Apply Ink Signature’ capability to put a handwriting-like signature on the PDF that could be printed out or emailed, much in the same way a fax signature might work. These signatures don’t get you much more than that fax signature, and can be manipulated, duplicated or deleted unless the document is ‘flattened,’ but it’s one way to get started. Unfortunately, these kinds of signatures will not lock out changes or notify the recipient if something has been changed in the document...which is not so different than a wet ink signature, is it?

At a more sophisticated level, you could use a dedicated signature pad and software to capture your signature and embed it into the document. This can lock the document and notify the recipient if changes have been made. Several of our partners provide hardware and software plug-ins to manage this type of signature: CIC, Interlink, and SoftPRO.

Finally, you have digital signatures, which can lock down the document and notify recipients that the document has been changed, resulting in higher trust in the document. Acrobat provides you with the capability to create so-called ‘self-signed’ digital IDs (credentials) used to create digital signatures. While these are convenient, they do not offer the recipient any proof of the signer’s identity...the signer is vouching for his or her self. However, this may be sufficient for personal use or small-medium businesses exchanging documents in trusted relationships.

You can also purchase digital IDs from third party ‘Certificate Authorities,’ who can validate your identity and provide better assurance as to your digital signature. These digital IDs may offer other benefits too, such as automatic trust in Acrobat and Reader, and embedding of secure time & validation information (Certified Document Services). More below...

 

Does Adobe provide digital IDs (certificates) for use with digital signatures? If not, where do I get them?

No, Adobe does not provide digital IDs, other than giving you the ability to create self-signed ones. We rely on close partnerships with a number of leading Certificate Authorities (CAs) from around the world to provide these certificates to our customers. Certificates can be bought on a one-off basis to sign your PDF documents and email, or your organization could actually contract with these CAs for a managed service where certificates are provisioned to your users via web interfaces. Other partners sell appliances and other products that can make deploying certificates quite easy. Visit our Security Partner Community and explore the partners and solutions listed under “Digital ID infrastructure.”

Of course, your organization may already be running a PKI (public key infrastructure) in-house that can provide you with a digital ID...be sure to check with your IT department.

 

I’ve read about CDS...how do I join the program?

I have received a number of inquiries about Adobe’s Certified Document Services (CDS) program and see that there is some confusion about how the program works.

Note that Adobe does not sell CDS certificates per se, but rather administers the program and provides the structure by which our CDS Providers can create these higher assurance, higher trust signing credentials—in use today with the US Government Printing Office, top universities, and other organizations looking to provide assurance as to the authorship and integrity of documents of record.

So, if you are interested in taking advantage of these credentials to sign your organization’s PDF documents and experience the automatic trust provided by CDS, please contact Adobe’s CDS Providers to purchase a CDS digital ID.

However, if your organization actually operates a Certificate Authority, and you would like to learn more about how to participate in the trust programs offered by Adobe, please contact us here.

 

Where do I go to get more information?

That’s easy!

• Start with this blog;
• Visit the AcrobatUsers.com Security Forum;
• Explore the Learn.adobe.com wiki and documentation site; and
• Be sure to use the built-in product help files!

Tags:electronic signatures,digital signatures,tutorial,FAQ,CDS,certified document services,security partner community

Posted by John B Harris at 1:59 PM | Permalink

Electronic signatures come in many shapes and sizes, and for a long time, Adobe has been primarily associated with three of those sub-types—digital signatures, certification signatures, and handwritten eSignatures based on solutions from our Security Partner Community—due to our comprehensive coverage of, and capability for, those technologies.  However, customers and partners do not often associate us with click-thru approvals and electronic signatures, where a user authenticates to a website, reviews a document, and then is allowed to approve or reject said document with a simple click of a button.

Actually, Adobe has supported this capability for some time within our LiveCycle ES product line, but the capability was spread across components that can prepare documents for review (PDF Generator, Output, Reader Extensions, Forms), move documents along a workflow (Process Management), present documents for review, comment, and approval (Workspace), and then sign (Digital Signatures) and archive (Content Services) or further process those documents for storage, submission, etc. 

The challenge of piecing together these components was not lost on Adobe, and last year we started working on Solution Accelerators--sample code and tooling that brings together task-oriented building blocks composed of LiveCycle components.  More than a proof-of-concept, but less than complete production code, Solution Accelerators can be used by a customer or systems integrator to bring projects to fruition in a much shorter timeframe, while providing for flexibility in the final implementation. 

The eSubmissions Solution Accelerator, released this Spring, shows how LiveCycle can be used to present documents for review, commenting, & approval in parallel or serial workflows, and incorporates the capability to not only sign with traditional digital signatures or handwritten electronic signatures, but also via authenticated click-thru approvals and server-side signing and certification functions.  Download the demonstration video here.  Unlike other click-thru solutions on the market, this Solution Accelerator shows the breadth and depth of Adobe’s offering, providing for compliance with electronic signature regulations around the world.

 

While this Solution Accelerator was designed for the biopharmaceutical market, it can easily be repurposed for contract approvals, financial services transactions, and the like—this is one of the benefits of the Solution Accelerator approach. Moreover, eSubmissions demonstrates Adobe’s intent to provide users with a best-in-class experience when it comes to electronic documents and workflows.  There’s no longer any reason to print an electronic document just for review and signature...Adobe provides a one-stop shop for a full range of electronic signature and approval capabilities.

Tags:electronic signatures,click-thru signatures,click-through signatures,digital signatures,electronic approval,electronic workflow,solution accelerator,livecycle,security partner community,click-thru approval

Posted by John B Harris at 10:08 AM | Permalink

Today, I hope to answer some of the questions surrounding “offline lease” and “offline synchronization” settings within the LiveCycle Rights Management ES server configuration. Here is a screenshot showing several settings within our Admin UI:

 

and within our end-user-facing policy-edit UI:

 

What are these settings for? The “offline lease period” and “offline synchronization period” are interrelated settings that dictate how and when clients can be trusted to access (view, modify, print, etc) “offline”. There are varied casual definitions of “offline” depending on the scenario: when an executive needs to view confidential documents on an airplane without network access; when a field service technician is on-site at a customer location repairing a device but not entitled to “network guest access” due to security concerns. Both are supported with our solution and in fact are exceedingly transparent to the end user because they “just work” when the client is unable to “phone home” to the LiveCycle Rights Management ES server to authorize access in real time.

 

Customers appreciate that this offline access mechanism works transparently for users when they need it to most – but only when the author (and administrator) want it enabled. Not all organizations are willing to enable offline features for their most sensitive documents because while they retain complete access to revoke content or change authorization rules at any time, they are not guaranteed that these changes will go into effect immediately for all users world-wide. This is because the users and clients who are physically unable to “phone home” to the server will not receive an updated set of authorization rules while they remain disconnected.

 

In other words, by introducing offline access, authors retain complete control over protected intellectual property, however they introduce some latency before authorization rules are implemented.

 

This latency is the period of time before the clients can “phone home” to get the latest set of authorization rules. So we offer customers the ability to set a “ceiling” on the amount of latency they are willing to tolerate between an authorization rule being changed and when it will go into effect worldwide.

 

The maximum tolerated latency can be configured by document author/owners on a per-policy basis. This offers our customers the greatest flexibility because an internally-targeted policy covering executive “Insiders” may be very different from information classified for external use by customers. So how does this work? Each policy can set the "auto-offline lease period" - refer back to the second screnshot. This is how an author sets the maximum latency associated with one policy (and all documents associated with it). Since not all authors will want to set the latency, we give the administrator the ability to establish a default global latency: see screenshot one, where the administrator can set the default maximum latency – which is the value that is copied into each policy when it is created.

 

When discussing the feature, customers ask what happens if a disconnected user has access to two different documents with different policies, and different latency thresholds (that offline lease period). An example may help – say we have document A which allows three days of offline access, and document B which allows 15 days, and the client last phoned home to the server on March 1. Through March 3, the client will be authorized to view document A and document B, and from March 4-15 will be able to view document B only. If on March 8 the client phones home again, the clock is reset so document A and B will be viewable until March 11, and B will continue to be accessible until March 23.

 

Back to the March 1 example. What if somebody gives the offline client document C with 10 days of maximum latency on March 6? Because our system tries to be transparent to the user, and we do not require offline documents to be opened first online, he will be able to open document C from March 6 through March 10.

 

So…how does “Default Offline Synchronization Period” (screenshot one) relate? It’s a global server setting regulated by the administrator that dictates how long offline accessible documents should remain available offline. We accomplish the feature of not requiring offline documents to be opened first online by having the server give the client enough information to open “all” documents the user should be entitled to use while offline.

 

Our engineers decided to allow customers to tune whether “all” is really “all documents ever protected in the system” or whether in most customer uses it may mean for example “all documents protected in the last 365 days”, because many customers may not need to grant access to documents offline forever. By tuning this from an infinite (true “all”) period to a rolling-window of XX (e.g., 365) days, it simplifies the amount of information that needs to be sent to the client, and the amount of information that the client must store. The user benefit of this is that if you hire a new employee in the future and want to enable his machine to access documents offline, it’s unlikely he would need to access documents from 1982 while offline.

 

There are clearly tradeoffs here; the key takeaway is that this value should be set to the amount of time the client should allow protected documents to be viewed offline from the date they are initially protected.  Tuning this value to accommodate your scenario may be somewhat complex, so if you have any questions about your setup, do not hesitate to contact your local Adobe support representative.

 

Some general advice: administrators should set the offline synchronization period to be the total amount you would like documents to be viewable offline. It’s very easy to set this value large at initial deployment and then decide to tune it down later. Increasing this value is possible, but we recommend you contact Adobe support first to understand the implications and interactions in the system.

 

In conclusion, the “offline synchronization period” is an administrator-tunable setting that makes sure the end-user experience is always straightforward and that people can view confidential intellectual property when on an airplane, at a disconnected customer site, etc. Simply set this as the maximum time any document can be used offline from when it is initially protected.

 

End users who want to control access to content need only set how long they want their content to be viewable offline—and remember that it will stop being viewable offline once the “offline synchronization period” has been exhausted.

---

Need more information on how your organization can effectively manage and protect your intellectual property? Further information can be obtained at http://www.adobe.com/go/rm or by contacting Adobe

Posted by Jonathan Herbach at 3:30 PM | Permalink

Recently, Adobe executive vice president and Chief Financial Officer Mark Garrett presented a keynote at the CFO Rising conference, sponsored by CFO Magazine. Speaking to a ballroom full of senior finance executives, Mark outlined the “Seven Technology Habits of Highly Effective CFOs” and utilized several case study examples to illustrate his points.

Here's Mark's list:

1. Eliminate paper – Use digital signatures and electronic workflows

2. Ensure compliance – Utilize technology to control access to sensitive information

3. Provide greater visibility – Create dashboards to monitor each part of the business

4. Walk in your sales force’s shoes – Participate in sales deals to understand where processes create roadblocks, and provide tools to help them be more effective

5. Engage your users – Give your employees a more “consumer-like” experience through applications like electronic forms and organization directories

6. Let ideas travel – Utilize web conferencing solutions to save on travel costs and reduce carbon footprint

7. Invest – Continue to invest in strategic technology projects, because companies that do invest will be best positioned when the economy turns around

Adobe Acrobat, Adobe Reader, Adobe LiveCycle, and Adobe Acrobat Connect Pro offer solutions to help today's CFOs better manage their business.

To learn more - Mark's keynote is available for viewing on the CFO Rising website.

Posted by John Landwehr at 8:43 AM | Permalink