Posts in Category "Digital Signatures and PKI"

Seven Technology Habits of Highly Effective CFOs

Recently, Adobe executive vice president and Chief Financial Officer Mark Garrett presented a keynote at the CFO Rising conference, sponsored by CFO Magazine. Speaking to a ballroom full of senior finance executives, Mark outlined the “Seven Technology Habits of Highly Effective CFOs” and utilized several case study examples to illustrate his points.

Continue reading…

DoD Certification of Acrobat and Reader 9

The United States Department of Defense Joint Interoperability Test Command (JITC) has certified both Adobe Acrobat and Adobe Reader version 9…

Continue reading…

Acrobat and Reader 9.1 Now Available with Information Assurance Updates

Version 9.1 of Adobe Acrobat and Adobe Reader are now available with critical security updates and other product improvements. Adobe strongly recommends all users update using the built-in software update system or manual download from adobe.com. Here are some additional details on this release:

Continue reading…

Please Sign Here…” and Help Us Develop the Best Electronic Signature Features in the Industry

If you have (and use) an electronic signature credential, and are interested in helping Adobe craft the next generation of Adobe Acrobat, Reader, and LiveCycle products and signature features, we are offering you the ability to participate in an Electronic Signature Survey.

There are three parts to this Survey.  The first part asks you to sign a signature field with your signature credential.  The second asks you a series of questions about your use of electronic signatures, and the third concerns technical details about your signature credential. 

IMPORTANT NOTICE:  All information you provide as part of the Electronic Signature Survey will only be used to test the compatibility of Adobe’s LiveCycle ES, Adobe Acrobat and Adobe Reader products with the signatures collected by way of this Electronic Signature Survey and to understand the ways in which signatures are used in our products, helping guide Adobe’s electronic signature product strategy.   Adobe will retain the information you submit as part of the Electronic Signature Survey as long as reasonably necessary but solely for testing and product development purposes as noted above.  The information you provide as part of the Electronic Signature Survey will not be publicly disclosed.  If at any time you wish to have the information you submit via the Electronic Signature Survey removed from Adobe’s database, please send an email to signaturesurvey@adobe.com

All information submitted by you is subject to Adobe’s Online Privacy Policy located at:  http://www.adobe.com/misc/privacy.html.

Download the Survey here.  Thank you for participating! 

Tags:,,,,,

Packaging options for encrypted PDFs

Since Acrobat 2.0 in 1994, encryption has been available to protect a PDF document – restricting who can open it and what they can subsequently do with it. Today, there are a number of packaging options for distributing one or more protected PDF files.

Continue reading…

Digital Certificate Veteran Entrust Joins Certified Document Services (CDS) Program

Following on the heels of a number of successful customer deployments, Adobe is proud to welcome another respected organization to the CDS Program.  Entrust announced today they have joined the CDS Program and will begin offering certificates under its auspices in early 2009.  This will bring to five the number of CAs in the program, along with ChosenSecurity, GlobalSign, Keynectis, and VeriSign.

CDS makes creating and receiving authentic documents easier by not requiring a recipient to explicitly trust the author of the document.  CDS signatures automatically validate in Adobe Acrobat or Adobe Reader 6.0 and above, providing integrity and long-term assurance to electronic documents of record.  Providers involved in the CDS Program are required to meet stringent requirements for identity vetting, security, and operations.

According to Entrust’s President and CEO Bill Conner:

While electronic documents are an efficient method to do business, until recently they lacked the security necessary to be accepted for official enterprise use.  With the advent of this standard and the specialized certificates, organizations can be confident that electronic documents are authentic and have not been tampered with or altered.

Read more about CDS here.


To learn more about Adobe’s security partner ecosystem, visit the Adobe Security Partner Community!

Tags:,,,,,,

News from Adobe’s Security Partner Community: Significant GlobalSign Customer Announcements Buoy CDS Program

Since its induction into the Adobe Certified Document Services (CDS) Program, GlobalSign has been very busy working to build a customer base eager to leverage the native trust and assurance that CDS brings to any recipient opening a CDS digitally signed PDF document in Adobe Acrobat or Reader 6.0 and above.  That work has paid off in three separate customer announcements this year, including one just released today:

  • December 8, 2008: In partnership with Adobe and SafeNet, GlobalSign today announced the success of the Antwerp Port Authority project.  This port is the second largest in Europe and the fourth largest in the world.  Looking to save time and money by eliminating paper invoices, and required by law to provide for the integrity and authenticity of the resulting electronic invoices for value-added taxes (VAT), the Port of Antwerp deployed a solution combining:
    • LiveCycle ES document generation and digital signature servers;
    • DocumentSign CDS digital certificates from GlobalSign; and
    • SafeNet hardware security modules (HSMs) to protect the signing keys themselves.

    “We’ve seen a marked increase in the number of projects across the whole of Europe in recent months as the worldwide economic climate causes enterprises both large and small to re-evaluate their invoicing processes to drive down costs and remain competitive.  DocumentSign is not only a cost effective and easy solution for businesses to use, but is also compliant with European e-VAT legislation.”  -Steve Roylance, Business Development Director, GlobalSign.

  • May 2008: At the annual National Notary Association conference, GlobalSign announced the positive results of a pilot undertaken with the UK Notaries Society in which the cost efficiency and legal admissibility of eNotarization performed with GlobalSign CDS credentials was well-documented.
  • May 2008: Bodycote, a leading provider of testing and thermal processing services, announced  that it had selected GlobalSign’s DocumentSign program, based on CDS credentials, to certify its test data and reports.  With this solution Bodycote can provide results to its clients in PDF form, confident in the both the accuracy and integrity of the data contained within. 

    “DocumentSign services our security requirements but is also instantly deployable and very scalable – essential factors for rolling out a solution that can be easily understood by every person in the reliance chain.  For our clients’ customers, they simply open the test results in [R]eader.” -
    Alan Slater, Head of IS & IT Architecture, Bodycote

Tags:,,,,,,,,,,,,,,,,

Acrobat 9 and password encryption

Based on some recent online discussion of Acrobat 9 and password encryption, we’re posting to provide a quick summary on what has changed, how it impacts the overall security of PDF documents, and Adobe’s commitment to providing high-assurance document security implementations.

Continue reading…

E-Invoicing Made E-asy: LiveCycle & PDF to the Rescue

No matter how far technology has reached into our personal and professional lives, it seems we just can’t get rid of paper cluttering our desks, folders, and cabinets.  Despite the ubiquity of PDF documents and ever-increasing use of the web and computers for banking and commerce, the bill, statement and invoice still rule the roost when it comes to sheer volume of paper.  (OK, next to junk mail, but…)

This problem is exacerbated in the European Union where the requirement to document and validate value-added taxes (VAT) results in the creation and exchange of over 30 billion invoices every year, at an estimated cost of €30 per invoice.  Add to that staggering cost environmental pressures to “go green” and reduce waste.  Add to that the loss in business agility resulting from delivery times and internal routing.  And then add to that the human errors attendant with the transposition of data from these paper documents to electronic systems, which can cost over €100 per incident.  Facing a global economic recession, the benefits of moving to electronic, or e-, invoicing systems are real: expected cost reductions on the order of 80%!

The EU acted in 2001 to harmonize invoicing legislation and encourage the use of e-invoicing across all 25 EU member states (Council Directive 2001/115/EC ).  These regulations mandated a common set of master data fields in addition to the use of technologies to better manage the integrity and authenticity of invoice content.  Yet even with this harmonization framework, there are still over 200 e-invoicing systems in place all over Europe, making it very difficult to exchange electronic invoices across national borders.  Given this challenge, the CEN/ISSS Workshop on Compliance of eInvoices works to create standards and best practices for a more universal solution that can be implemented on a broader scale and provide for improved accessibility, efficiency, and cost-savings. 

A solution based on the PDF file format (ISO 32000) and Adobe LiveCycle ES is a good example of those best practices in action.  LiveCycle Enterprise Suite is built on open standards like PDF and XML.  LiveCycle ES can also protect integrity with digital signatures; import data into a PDF document; archive those documents with the ISO ratified PDF/A format; distribute and then also process, verify, and validate e-invoices on the way back in.

Adobe_eInvoicing Architecture.png

Nick Pope, Technical Editor of the CEN/ISSS Workshop on Compliance of eInvoices, had this to say about the solution:  “By combining two de-facto standards – XML for data portability and PDF for human readable documents – with the power of digital signatures, intelligent PDF supports trading between virtually any two partners with fidelity and easy accessibility.”

E-invoicing systems based on LiveCycle ES have already been successfully deployed by several organizations.  Poste Italiane estimates that more than 1.5 million pages have been converted to digital resulting in substantial cost savings.  Cuatrecasas, Spain’s second largest law firm, has reduced invoicing costs by thousands of euros annually.  And Europcar leveraged e-invoicing to not only reduce costs but also improve interoperability with their clients’ ERP systems, enhancing the customer experience.

To read more about Adobe’s e-invoicing solutions using PDF and LiveCycle ES, please read the whitepaper, “Applying best practices for secure, automated electronic invoicing.”

Other links:

Tags:,,,,,

News from Adobe’s Security Partner Community – ARX Deepens Support for Adobe Acrobat & Reader

We’re always pleased to see our partners taking advantage of key, integrated capabilities of our products to better serve our joint customers’ needs.  Yesterday, ARX (Algorithmic Research) announced that its CoSign product now supports the Adobe Signature Service Protocol (ASSP), built into Adobe Acrobat and Adobe Reader version 8.0 and above.

CoSign is a hardened, plug-and-play appliance that allows organizations to easily set up a centralized repository of digital IDs.  These credentials are securely stored on the appliance, eliminating the need for users to carry hardware tokens, which can add to the cost of a digital certificate (PKI) rollout.  The user simply authenticates to the server to access their credentials.

Prior to this announcement, ARX required users to install a small client to provide signing capabilities in Adobe products.  Now, with ARX’s ASSP support, users can set up Acrobat and Reader to access their centralized (roaming) credentials in CoSign for digital signatures without any additional software.  The ASSP protocol provides users with the ability to choose a roaming credential, specify an ASSP-capable server, and then, after clicking on a signature field, simply enter the appropriate authentication information to access their credential.  ASSP handles the behind the scenes communication between client and server, passing the hash (fingerprint of the document) up to the server for signature and then returning it to the client to be embedded back into the document.

Here’s a brief demo of how the system works…note that I’m using a test credential here.

Easy, huh?

With today’s announcement, ARX joins our other security partner Arcot in featuring support for the ASSP protocol.  This protocol is just the latest step in Adobe’s strategy to make electronic signature workflows easier and more productive. 


To learn more about Adobe’s security partner ecosystem, visit the Adobe Security Partner Community!

Tags:,,,,,