Posts in Category "General"

Communicating the value of Adobe’s Information-Centric Security Solutions

We are excited to announce a new set of assets aimed at helping our customer community and ecosystem partners better understand the benefits and value that can be derived from Adobe’s Information-Centric security solutions. If you haven’t heard the term “Information-Centric” before, it’s not new, but it well represents the way Adobe technologies protect the confidentiality, integrity, and authenticity of information — natively within the information itself.

For LiveCycle Rights Management ES and LiveCycle Digital Signatures ES, please feel free to download and view a host of new collateral including:

New datasheets that provide a overview of the value proposition and specific areas where our solutions solve real customer problems:

LiveCycle RIghts Management ES:

LIveCycle Digital Signatures ES:

There are also two new whitepapers, the first one for Rights Management is entitled: Delivering an Information Risk Management strategy across the heterogeneous enterprise: and is intended to describe the need to protect sensitive information consistently wherever it resides in the enterprise. This paper also outlines common use cases via customer anecdotes about how LiveCycle Rights Managment ES is protecting the most widely used file types inside (and outside) the organization.

The second whitepaper is entitled: Electronic Signatures: Solution Scenarios for your Environment: This piece is intended to articulate the different electronic signatures solutions offered by Adobe and help folks understand the pro/cons of each, so you’re best prepared to map right electronic signature solution to your assurance level requirements.

Finally, there are also new updates to our website including updated customer success stories, in depth pages, features and benefits pages, and a detailed supported formats page for RIghts Management.

LiveCycle Rights Management ES:
LiveCycle Digital Signatures ES:

Live Webcast: Information Assurance – Keeping Your Documents Secure

Join us for this LIVE Event on:
Wednesday, October 29, 2008
12:00 PM PT / 3:00 PM ET

The need to keep your organization’s business critical information confidential by restricting distribution and preventing unauthorized disclosure of this information is imperative. Discover how Adobe Acrobat 9 can help protect your organization’s sensitive information by helping provide document control and security, addressing issues such as encryption, document authenticity, passwords, redaction, and sanitization/metadata removal. Join John Landwehr as he covers best practices on Security and Information Assurance.

More information and registration is available here.

Come One, Come All…

…to the E-Signatures ’08 Conference, scheduled for November 12-13, 2008, at the Omni Shoreham hotel in Washington, DC.   This conference, organized by the Electronic Signatures and Records Association, features compelling presentations from industry experts on the leading business, legal, and technology topics surrounding e-signatures, and prominently highlights several case studies.

Included in these case studies, Adobe customers will describe how electronic signature solutions involving products from Adobe and our Security Partner Community have improved their internal workflows and, in turn, saved them significant amounts of money, time, and resources.  You can expect to hear from:

In addition, conference attendees will learn about government and insurance industry views on e-signatures; legal, regulatory & standards updates; and finally how the new administration might affect the future of e-signature policy.  For an updated agenda, keep checking here.

Sign up this week!  Early bird registration ends Monday, October 6th.


Scientific American Article on Improving Online Security

Adobe recently participated in an industry roundtable on Improving Online Security. The transcript has been published in the September 2008 issue of Scientific American, page 96 and on their website.

John Landwehr from Adobe and representatives from Hewlett Packard, Kaiser Permanente, McAfee, Microsoft, Panda Security, Sun, and Symantec discussed ways to protect against more numerous and sophisticated attacks by hackers and called for upgraded technology along with more attention to human and legal factors.

Now hiring: Digital Signatures Product Management

Adobe is looking for a Sr. Product Manager to join our security solutions team and work on digital signatures in Acrobat, Reader, and LiveCycle.

The job description and application process is posted on

Adobe (NASDAQ: ADBE) revolutionizes how the world engages with ideas and information. For 25 years, the company’s award-winning software and technologies have redefined business, entertainment, and personal communications by setting new standards for producing and delivering content that engages people virtually anywhere at anytime. From rich images in print, video, and film to dynamic digital content for a variety of media, the impact of Adobe solutions is evident across industries and felt by anyone who creates, views, and interacts with information. With a reputation for excellence and a portfolio of many of the most respected and recognizable software brands, Adobe is one of the world’s largest and most diversified software companies.

Today, Adobe is better positioned than ever to push the boundaries of the digital universe. Under the leadership of President & CEO Shantanu Narayen, we’re driving even greater innovation with powerful, compelling software solutions that meet the needs of customers and markets ranging from designers and filmmakers, to enterprises and governments, to developers and home users.

Recognizing that employees are at the core of our success, Adobe recruits and retains highly qualified and motivated individuals, creates an environment where they can innovate and achieve their best, and rewards them for their performance by giving them an opportunity to share in the company’s success.

Position Overview
Adobe Information Assurance Solutions enable organizations to more securely engage with employees, external associates, and customers by protecting the information lifecycle. Security can be persistently applied to information independent of storage and transport, inside and outside an organization. Adobe’s ecosystem of security partners provides interoperability with many information security infrastructures including identity and access management, single-sign-on, public key infrastructures, smart cards, and biometrics.

This Sr. Product Manager position in the Security Solutions team of Adobe’s Business and Productivity BU will significantly contribute to growing Adobe’s market share in information assurance solutions by identifying and prioritizing feature requirements, providing product competitive analysis, understanding customer usage workflows and customer satisfaction, driving and evaluating technology trends, ease of use, standards and certifications.

Requires at least 5 years of experience in enterprise software product management. BS in Computer Science or related technical discipline, and in-depth experience with identity management, electronic and digital signatures, encryption, J2EE authentication, public key infrastructure, smartcards, maintaining documents of record, and information lifecycle workflows.

This position also requires significant cross-group interaction, a strong customer and partner focus, excellent communication, presentation, and negotiation skills, attention to detail, solid technical abilities to collaborate with engineering and direct market experience. Candidates must be passionate about the technology to make Adobe solutions more secure and easy to use. Preference given to candidates with security certifications.

Adobe believes personal fulfillment and company success go hand in hand, sustaining one another. In fact, our dynamic, rewarding working environment is well known – including eight years on FORTUNE magazine’s “100 Best Companies to Work For” and other, similar accolades. By hiring the very best and brightest, Adobe continues to be a simply better place to work – creating a dynamic environment today and providing incentives for future achievement.

Protecting native Office documents

On June 17th Adobe announced an expansion of the LiveCycle Enterprise Suite with our forthcoming LiveCycle ES Update 1 release. Included as a part of this release is our second version of our LiveCycle Rights Management ES Extension for Microsoft Office. This release expands our support for to include the ability to protect, and collaborate in natively protected Word documents, Excel spreadsheets and PowerPoint presentations. Further, we support all editions of Office 2003 and Office 2007 localized natively into English, French, German, and Japanese.

Click on the following screenshot to watch a short Captivate demo of our native support for PowerPoint presentations:

The software are now available for download from for use with your LiveCycle Rights Management ES system.

Questions or feedback on this entry? Contact us at

Need more information on how your organization can effectively manage and protect your intellectual property? Further information can be obtained at or by contacting Adobe

"This is legal, right?" – Electronic Signatures & The Law


This entry is the third in our “What is an Electronic Signature, Anyway?” (Part One / Part Two) educational series.

First, a disclaimer.  This blog entry is not intended to provide legal advice.  You should discuss issues relating to the use of electronic signatures in your business with your own legal counsel and compliance officers.

With that out of the way, welcome back to our series on electronic signatures.  Up to now we’ve covered what can be defined as an electronic signature, and how one can provide assurance as to the validity of an electronic signature.  However, our clients and customers are mainly concerned with one thing:  are electronic signatures legality and admissible in a court of law?  Will my contract be null and void if use this electronic signature pad?  Will my account documents be tossed out because they’ve been digitally signed?  Can I accept electronic signatures on my contracts?

Only your legal counsel can answer these specifically, but, in this lengthy entry, we can offer some very high-level information on the applicable laws, what is meant by legal effect versus admissibility, the availability of case law, and where you can go to find out more information.



In 2000, President Clinton digitally signed into law the Electronic Signatures in Global and National Commerce Act (E-SIGN Act).  This public law provides that:

a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and (2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.

At the state level, the Uniform Electronic Transactions Act (UETA), passed by 48 US States, provides much the same protections to electronic signatures and records. (The remaining 2 states have other legislation covering electronic signatures.)

Note that neither piece of legislation specifies a particular electronic signature technology.  In fact, the E-Sign Act states that:

The term ‘‘electronic signature’’ means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.

By keeping the legislation technology-agnostic, the law doesn’t create a bias and also does not have to be changed as technology changes.  It therefore has the added benefit of allowing for a wide spectrum of electronic signature technologies (click-thru, signature pad, biometrics, digital signatures, etc), as long as the systems provide a signature that is “attached” to the electronic document needing to be signed, and provide evidence to the fact that the signatory actually signed the electronic document, showing an “intent to sign.”  The laws do prohibit the use of electronic signatures on certain legal documents such as wills and adoption papers, though.

Other US laws and regulations provide guidance in specific industries.  For instance, 21 CFR Part 11 covers the use of digital signatures in communications with the Food and Drug Administration.  This is a good time to mention that laws are not the only things to be concerned about when it comes to electronic signatures.  You also have to be aware of any regulatory standards or recommendations that may be in place for your industry. 

Using the pharmaceutical industry again as an example, the SAFE-BioPharma Association ( Signatures and Authentication for Everyone), interested in promoting the use of electronic documents and reducing costs, created a technical, legal & business model around the use of electronic signatures among pharmaceutical manufacturers, clinical investigators and regulators.    In fact, SAFE requires the use of digital signatures, and has certified (and recently re-certified) PDF-based digital signatures in Adobe Reader®, Acrobat®, and LiveCycle® Digital Signatures within the SAFE standard.

Outside of the US, most countries have electronic signature laws in place, as well, though they vary in complexity.  For the 27 member states of the European Union, Directive 1999/93/EC on a Community Framework for Electronic Signatures (EU Signature Directive) provides an in-depth legal framework for electronic signatures and their validity inside and between EU countries.  It creates several categories of electronic signatures, with so-called “Qualified” signatures required to be legally accepted and valid in all EU member states.  The high assurance requirements around Qualified Electronic Signatures (QES) do point to digital signature technology, with a requirement for a ‘Secure Signature Creation Device’ and best practices around key generation, storage, and certification of the providers of the signing credentials themselves.

Adding to the fun, EU member states are required to individually transpose EU Directives into their own legislation.  Certain countries decided to tweak the text on the way to implementation, and in so doing, created another layer of complexity that makes working with cross-border electronic signatures quite a challenge!

Note that electronic signatures applied in the US may not be provided legal admissibility in the European Union, especially on documents like electronic, or e-, invoices.


Legal Effect vs. Admissibility

We’ve tossed these terms around in this entry, so it’s probably time to clarify the difference between the two.  While lawyers around the globe may cringe at my over-simplification, here we go…

“Legal effect” pretty much means that, yes, the court will accept that an “electronic signature” is a “signature” as already defined by precedent and law.  So, in other words, an electronic signature and a wet ink signature are equivalent in most respects, and they can be brought into trial.

However, just like their wet ink counterparts, each document intended to be entered into evidence in a trial will need to be assessed for its “admissibility,” whether it’s signed with ink or a digital certificate.  Does it represent the intent of the signatory?  Has the document been altered?  Who had the right to sign this document?  How was the signature derived, and what controlled access to the document for its signature?  These questions come into play no matter the type of signature.

However, wet ink signatures have been in use for quite a long time and have established a certain amount of credibility.  Electronic signatures, on the other hand, are a newer phenomenon, and thus may be more subject to the critical eye of the court.  This is where the concept of assurance, as described in the previous entry in this series, can come into play.  Higher assurance signature methods that authenticate the signer, use document fingerprinting (‘hashing’) to provide integrity, and store signature keys (and thus, the “pen”) in a secure manner, are more likely in the long run to be provided with the benefit of the doubt than those signature technologies which provide lesser assurance.

So, in the end, your electronic signature may be a legal signature, but it could be tossed out of court if the judge feels that the signature process did not provide the appropriate level of assurance.


Case Law 

Well, we’d love to point you to a particular case which ruled this or that technology admissible or signatures captured on these types of documents were OK, but there are none.  In the United States, there are likely hundreds of cases that cover subjects related to the use of electronic documents and e-discovery, but none that specifically cover challenges to electronic signatures.  While this could mean that cases are being handled in arbitration (outside the courts), or that challenges have not been filed, it is all the more likely that the courts have been holding electronic signatures as accessible.  

What the future holds, no one is certain.  The EU Signature Directive provides a clear sign that assurance does play a role in admissibility.  Will the ideas of the Directive take hold in other countries around the world?  How will US and state case law react to increasing numbers of electronic signatures?  We’ll keep watching…and we’ll keep you informed!

The good thing is that with Adobe products like Acrobat and LiveCycle you are gaining the ability to sign electronic documents (PDF) with a spectrum of electronic signatures, whether they’re electronically captured on a tablet PC, created with digital certificates, or even required to be compliant with the EU Signature Directive.  You can rely on Adobe’s global expertise in the field and years of collaboration with our Security Partner Community to meet your electronic signature needs, no matter the requirements.



Here are some links to continue your reading.  Again, be sure to confer with your legal counsel on these topics.

  • ABA Digital Signature Guidelines Tutorial – A great starting point for understanding digital signatures from the American Bar Association.
  • The Sedona Conference® – Though focused primarily on electronic records, this educational non-profit organizations provides substantial coverage of related case law and issues that may come into play.
  • Electronic Signatures & Records Association (ESRA) – This association brings together vendors and business owners in its efforts to extol the benefits of electronic signatures and documents.  Adobe is a board member of the Association.


Next in our “What is an Electronic Signature, Anyway?” series will be an exploration of real world examples of electronic signatures in action around the world today and what the implications are for the businesses implementing them and the customers using them.

Adobe @ RSA

The RSA Conference is one of the most highly respected information security conferences and exhibitions in the industry.  This year, the Conference runs from April 7-11 in San Francisco, California, at the Moscone Convention Center.  Anyone who’s anyone in the information security space, specifically companies and individuals involved in authentication, identity management, encryption, and cryptography, will be there.  Attendees (over 17,000 expected) represent every key vertical market and range from C-level executives to front line IT staff.  Heck, even Al Gore is making an appearance (no really…he’s one of the keynotes at the event!).

Adobe will be exhibiting at Booth 828 and demonstrating our LiveCycle ES and Acrobat products, highlighting their electronic signature and rights management capabilities.  If you are planning on attending, please come by and say hello!  Learn about the latest updates to our product and feature line-up, as well as our integration with a wide variety of partners, many of whom will also be exhibiting at the event (see below).  We’ll be happy to answer any questions you have. 

The extended Security Solutions team, including product managers, engineering, and sales engineers will be on hand during RSA, not only manning the demo stations at the booth, but also roving the floor, and speaking at the conference itself.  For example, John Landwehr, director of Security Solutions and Strategy at Adobe, will be speaking on Thursday, April 10 at 8:00 AM on a panel (DEPL-301) with Deloitte & Touche covering the topic of Information Classification and its critical application to the questions of security policy, data leakage and rights management in the enterprise.

If your company is interested in a partnering relationship with Adobe, please visit the booth and ask for John Harris, who manages our security alliances.

We look forward to meeting you in San Francisco next week!  Our Security Partner Community will also be exhibiting at RSA…be sure to visit them and ask how they work hand-in-hand with Adobe:                                                


    Booth #
    Booth 657
    Athena Smartcard Solutions
    Booth 1350
    Arcot Systems, Inc. 
    Booth 1045
    CoreStreet Ltd.  
    Booth 1350
    Booth 817
    Gemalto Inc.
    Booth 1923
    nCipher Inc.
    Booth 2129
    RSA, The Security Division of EMC
    Booth 1717
    SafeNet, Inc.
    Booth 1039
    Booth 1332
    VeriSign, Inc.
    Booth 1316

Adobe’s history of content protection

Every once in a while, someone asks “How long has Adobe offered content protection?” Turns out, Adobe’s information assurance efforts have been ramping up for over a dozen years. Adobe provides security features in numerous products and also provides dedicated security solutions such as LiveCycle Digital Signatures and LiveCycle Rights Management. Here’s a brief history:

Adobe’s history of content protection started with Acrobat 2.0 in 1994. At the time, this was simple 40-bit RC4 password-based encryption and digital rights management (DRM) to restrict who can open the document and what they can do with it.

Acrobat 4.0 in 1999 added support for Public Key Infrastructure (PKI) enabling a single PDF document to be protected for multiple recipients, with different permissions based on their own keypair. Depending on who opened the document, printing, modification, and clipboard actions are enabled/disabled. This release was also the first to add digital signatures using PKI. This was important for paper documents to move to digital with an opportunity for higher levels of assurance than a pen could provide on paper with a wet signature (ink) by utilizing cryptographic protections of authenticity, integrity, and non-repudiation. Acrobat 5.0 added support for 128-bit RC4 encryption for stronger levels of confidentiality. Acrobat 6.0 added support for the Microsoft CryptoAPI to (CAPI) so the keypair could be stored in the Windows certificate store or through a Crypto Service Provider (CSP) to smartcards and other tokens.

In 2005, Acrobat and Reader 7.0 shipped along with LiveCycle Policy Server and Security Server. AES128 encryption was added to PDF. The enterprise rights management capabilities of Policy Server integrate with an organization’s LDAP or Active Directory. A policy coupled with an information classification such as “Insider Restricted” restricts who can open the document, what they can do with it, and also provides enterprise auditing measures. Absolute (e.g. on 12/31) and relative (e.g. 7 years from document creation) expiration dates can be set to automatically expire documents. All these permissions in a policy are dynamic and can change after the document is published – to add or delete users, change permissions, or even revoke the document entirely. This revocation feature is used by many to enable version control outside a repository, so as a document is changed on the server all distributed copies of that document are automatically revoked providing the recipient with a notification to go back to the server for a current version. Visual watermarking capabilities on PDF are able to show the policy name, recipient opening the document, and the date/time. Acrobat and Reader 7.0 were also US Department of Defense (DoD) certified by the Joint Interoperability Test Command (JITC). The LiveCycle Security Server provided the ability to apply and validate digital signatures as well as encrypt and decrypt document in an automated business process. Flash Media Server 2 provided protected streaming capabilities for delivering video to Flash Player.

As we wrap up 2007, there has been a lot going on over the last 12 months. Acrobat, Reader, and LiveCycle shipped with new FIPS 140 approved encryption libraries. LiveCycle Rights Management (formerly Policy Server) now supports native Microsoft Office documents as well as Dassault CATIA. LiveCycle Digital Signatures (formerly Security Server) provides XML signature support as well as certified documents and is integrated with automated forms and document generation processes. Adobe’s rights management has been integrated into hardware devices such as Multi Function Peripherals (MFPs) from Ricoh and others. Third party software vendors including PTC and Hitachi/Lattice3D are integrating Rights Management into their native applications. Adobe Media Player is in public pre-release with support for content protection on downloadable and offline Flash video.

What about 2008 and beyond? Stay tuned for more entries as Adobe’s security solutions expand to protect even more aspects of the information lifecycle – independent of storage, independent of transport, across operating systems and file formats.

FIPS 140 Validation Certificates for Acrobat, Reader, and LiveCycle

Version 8.1 of Adobe Acrobat and Adobe Reader include the RSA BSAFE Crypto-C ME 2.1 encryption module with FIPS 140-2 validation certificate #828. FIPS mode can be enabled to restrict document encryption and digital signatures to FIPS approved algorithms (AES/RSA/SHA) from this library using these instructions.

Adobe LiveCycle ES includes the RSA BSAFE Crypto-J 3.5.04 encryption module with FIPS 140-2 validation certificate #590. FIPS mode is configured in the product installer.