News, views, and other informal discussions about Adobe Systems Information Assurance initiatives that protect information by ensuring their authenticity, integrity, confidentiality/privacy, and non-repudiation. Digital Rights Management (DRM), Information Rights Management (IRM), digital signatures, Public Key Infrastructure (PKI), and identity management will be discussed frequently for Adobe applications and file formats.
Posts in Category "Electronic Signatures, Digital Signatures & PKI"
Just last night, we announced the availability of updates to both Adobe Acrobat and Reader, bringing them up to version 10.1. Along with a significant list of vulnerability mitigations, these updates also bring with them substantial changes to the secure operation of Acrobat on Windows, and to the digital signature functionality across platforms.
First, Acrobat 10.1 on Windows now features the same Protected Mode operation as Adobe Reader X, protecting users from malicious PDFs. Additional information on Acrobat’s implementation of sandboxing is available on the Adobe Secure Software Engineering Team’s (ASSET) blog. For those savvy in digital signatures, note that Protected Mode (on both Acrobat and Reader) may impair the installation of PKCS#11-based tokens. Refer to the simple instructions here for a workaround.
And if you’re like me and love the nitty-gritty details of digital signatures, you’ll probably appreciate the other signature-specific changes in 10.1…
Today, Adobe pushed out yet another update to its certificate trust program implemented in Adobe Reader and Acrobat. The AATL program, launched in 2009, makes it easier for users to view and rely on digitally signed PDFs by automatically displaying a green checkmark for those signature credentials which meet higher assurance requirements when opened in Reader and Acrobat 9 and X.
Last Friday, one of our colleagues James Lockman published a great blog entry on creating digital IDs and signatures in Acrobat X, and ways in which to establish trust in those signatures.
This is a thorough, updated companion piece to three blog entries we published back in 2008 on trust–an issue which is still critical to understand when considering electronic signatures to reduce costs and expedite previously paper-based workflows:
The agenda for the nearly two day event is jam-packed with compelling content and speakers, covering both real-world implementation stories as well as guidance and advice for navigating this nascent field in North America and around the world. Among the presenters is US District Magistrate Judge John Facciola, who was the first to digitally sign a judicial order, as well as a number of other key industry, legal, and government personalities, all of whom have great stories to tell about the progress of electronic signatures and the benefits they bring.
On Wednesday, don’t be concerned/scared/shocked if you see your sales people looking somewhat calmer, your legal counsel winces a little less when you crack a lawyer joke, your chief risk officer smiles at you, and your controller pulls you over and eagerly points to the latest revenue figures.
Why? June 30th is the tenth anniversary of the US federal law that made their lives easier by putting electronic signatures on equal footing with wet ink! That’s right: 10 years ago tomorrow, President Bill Clinton digitally signed into law the ESIGN Act (eSignAct.pdf).
How is this important? The electronic signatures legalized with the ESIGN Act produce dramatic, real-world benefits for Adobe’s customers.
Signatures are utterly ubiquitous today…so much so, that we don’t even recognize how often and in how many different ways we are signing off on things. Of course, we’re all well-aware when we’re signing a legal document in person, like a mortgage or rental agreement. But we’re also assenting to a purchase when we chicken-scratch our signature on grocery store point-of-sale terminals. (OK, that’s my chicken scratch.) Did you know we’re also signing and assenting to a contract when we install software, or agree to privacy terms on a website, by clicking an ‘I agree’ button?
Last week, the Swiss government announced (English translation) the launch of the SuisseID, a program intended to provide citizens and business with access to high assurance identity credentials that can be used to access government and business services as well as digitally sign documents with legally binding signatures.
Well, you’ve experienced us in print…now see us in these exciting, new moving pictures! Listen to John Landwehr and John B Harris discuss Adobe’s key information assurance capabilities and how they can help you achieve content-centric security with products that provide integrity, confidentiality, authentication and privacy.
Some of our savvy readers and users may have already noticed a dialog box asking them to download a “security settings update from Adobe Systems”:
No, it’s not the latest patch. In fact, by clicking Yes, Acrobat and Reader 9+ users are downloading an update to the Adobe Approved Trust List (AATL), a list of trusted digital certificates that provides users with better assurances that the digitally signed documents they are receiving can be trusted. This is visible to document recipients as a green check mark or blue ribbon, depending on the type of digital signature.
In this update, four certificates, two each from Entrust and QuoVadis respectively, have been added to the AATL…