News, views, and other informal discussions about Adobe Systems Information Assurance initiatives that protect information by ensuring their authenticity, integrity, confidentiality/privacy, and non-repudiation. Digital Rights Management (DRM), Information Rights Management (IRM), digital signatures, Public Key Infrastructure (PKI), and identity management will be discussed frequently for Adobe applications and file formats.
Euthymics BioScience, a start-up biotechnology company focused on developing next generation treatments for neuropsychiatric disorders, is now using Adobe Acrobat and GlobalSign Certified Document Services (CDS) signature credentials to digitally sign key documents, according to a recent announcement from GlobalSign, a member of the Adobe Security Partner Community. Euthymics can now eliminate the time and money associated with the traditional paper, pen, routing, and archiving of wet ink signatures, and also better meet critical US Food and Drug Administration requirements, which place a high priority on document authentication and integrity.
John Landwehr, Director of Security Solutions here at Adobe, recently sat down for Focus Washington, an online television series that deals with a variety of topics at the convergence of policy and technology. Here, Landwehr describes certified documents, and notes their benefits not only to authenticity and integrity, but also to accessibility and indexing.
Announced last week, and built using Adobe LiveCycle ES, Adobe Security Partner 4Point’sQuickStart e-invoicing solution is designed to offer customers a faster path to cost reduction and improved customer satisfaction by providing an out-of-the-box approach to implementing secure electronic invoicing and eliminating paper.
4Point’s solution leverages LiveCycle ES to provide a way for customers to quickly stand-up an e-invoicing solution with a limited scope that can generate a quick ROI and later serve as a foundation for a broader enterprise-wide capability.
One of Germany’s most trusted savings banks, Berliner Sparkasse, recently rolled out a variety of digital workflow improvements intended to facilitate more efficient customer interaction with a combination of LiveCycle ES components and Adobe Security PartnerSoftPRO‘s electronic signature products.
However, there are five parts to the standard, and they all deal with terminology that may not be familiar. Don’t worry….you’re not alone. A new website has been set up to answer frequently asked questions on PAdES.
We’ve discussed the legal validity of electronic signatures and digital signatures in this blog in the past. While a concurrence of laws worldwide point to general acceptance of electronic signatures as legally binding, there are a number of nuances that need to be taken into account when dealing with the identity and evidentiary elements of those electronic signatures, especially as it relates to how they’ll stand up longer term in court.
An event to be
held on March 1, the first day of the RSA 2010 Conference, will be dedicated to these questions.
Managing information risk is a complex business these days, especially when you look at (1) the range of information you need to protect, (2) the breadth of risks you need to mitigate, and (3) the management policies and tools available to today’s IT security professionals to protect that information. However:
“A well-realized information risk management strategy has other benefits [beyond security]: enhanced business agility, competitiveness, efficiency and cost savings.”
In other words, you can’t do without it!!
The problem? According to Deloitte, on
average, only half of the companies surveyed in their annual Global Security and Privacy Survey had formal security
policies or strategies. Not a great foundation on which to build risk management on!
I wrote a recent article in Security Products magazine which confronts these challenges head-on, and provides some tips on navigating the “mind-boggling” task of information risk management.
Jim King, PDF Architect, senior principal scientist at Adobe and one of the key drivers behind the PDF format and its adoption and continuing development by ISO as a standard (ISO 32000), recently delivered a keynote presentation to the ISSE (Information Security Solutions Europe) 2009 Conference in The Hague, Netherlands. He discussed the evolution of the PDF format and standard, and spent most of his talk introducing the new PAdES signature standard and what it encompasses.
During that conference, Jim sat down with Roger Dean, executive director of eema UK, for a conversation about PDF, the need for digital signatures, challenges of communicating the benefits of digital signatures, and finally a description of the PAdES standard. This interview is now available below (and here)…enjoy!
Building on the delivery of the PDF format to the International Standards Organization (ISO) as ISO 32000-1, Adobe has been collaborating with standards bodies around the world to make it easier for companies, organizations and individuals to leverage the ubiquity of PDF to make business processes quicker, easier and more reliable. However, the rush to go paperless has often fallen short of its true potential because signing a document oftentimes brings business critical processes crashing to a halt, requiring users to print out the previously electronic document in order to apply their nom de plume with an ancient writing implement. Electronic signatures are obviously the solution, but there’s still the question of interoperability and the use of electronically signed documents within certain legal frameworks, such as the European Union (EU). With last week’s announcement of an ETSI open standard for PDF digital signatures, that question can now be answered.
ETSI/ESI Technical Standard (TS) 102 778, better known as PAdES (pronounced with either a long or short a), documents how the digital signature format described in ISO 32000-1 meets the needs of the 1999 EU Signature Directive (see previous blog entry), and then goes on to describe how that format can be expanded to take advantage of certain capabilities such as long-term document validation, where digital signatures placed on documents today can be validated five, ten and even 50 years later. (The standard can be downloaded free of charge from the ETSI website at http://pda.etsi.org/pda/.)
Judge Facciola viewing his just-digitally signed order in Adobe Acrobat.Courtesy National Notary Association (NNA).
Talk about setting precedent–while electronic filing has been required for some time, orders are typically printed out, signed, and then re-scanned into systems for filing. Not until now has there been such a vote of confidence in the legal significance and weight of a digital signature. By keeping the generation, signing and filing of the order completely electronic, the process is made much more efficient, potentially driving costs down and making the court’s systems work more effectively. This is the latest example of organizations understanding not only the integrity and authenticity benefits of digital signatures, but the resource savings also. Remember, it’s not so much the signature event that consumes time and money–it’s the processes around it.