Posts in Category "Partner Community"

News from Adobe’s Security Partner Community: VeriSign Joins the Adobe Approved Trust List

Several weeks ago, Adobe launched the Adobe Approved Trust List (AATL), our latest effort at making the use of digital signatures easier through better trust mechanisms.  VeriSign, already a Provider in our flagship trust program Certified Document Services (CDS) through its acquisition of GeoTrust, announced the inclusion of its Non-Federal SSP in the AATL, widening VeriSign’s trust foundation in Adobe Acrobat and Reader.

According to
Mike Stewart, CIO at the Kansas Secretary of State’s office:

As a VeriSign Non-Federal SSP-PKI customer, we are excited to now have the ability to use the certificates we’ve already issued to digitally sign Adobe documents as part of the AATL program.  VeriSign and Adobe have made it easy to deploy and use.

Adobe is excited too!  VeriSign, along with other AATL charter Members and CDS Providers, is improving the capability for today’s agile enterprises and organizations to use digital signatures and bring cost efficiencies, integrity, and non-repudiation to more document workflows.

For more information on the Adobe Approved Trust List, please visit our website.

To learn more about Adobe’s security partner ecosystem, visit the Adobe Security Partner Community!


Casting a Wider Trust Net: Announcing the Adobe Approved Trust List

Over the years, Adobe has made electronic documents and workflows easier, more efficient, and more secure.  With one of the leading implementations of electronic signatures on the market, Adobe products allow you to go the last mile by eliminating the need to print a document out just to sign it.  At the same time, we’ve also been busy behind the scenes working on ways to better deliver trust in those electronic and digital signatures so users can rely fully on these new workflows.  Today, we’re announcing the launch of our latest trust effort, the Adobe Approved Trust List…available now.

The AATL will allow millions of users around the world to create digital signatures that are trusted whenever the signed document is opened in Acrobat or Reader 9.0 and above.  Essentially, both Acrobat and Reader have been programmed to reach out to an Adobe-hosted web page to periodically download a list of trusted root digital certificates.  Any digital signature created with a credential that can trace a relationship (‘chain’) back to a certificate on this list will be trusted by our products.  Trust is only one of many questions Adobe products ask when validating an electronic signature, but it is a critical one.

[SCM]actwin,12,0,1700,927;Beta AATL Test Document.pdf - Adobe Acrobat Pro Extended  Acrobat.exe  5/21/2009 , 5:40:46 PM

[SCM]actwin,12,0,1700,926;Beta AATL Test Document.pdf - Adobe Acrobat Pro Extended  Acrobat.exe  5/21/2009 , 5:39:46 PM

Document Before AATL

Document After AATL

Several countries and organizations have already placed their ‘trust’ in the AATL:

  • DigiNotar
    • DigiNotar Qualified CA
  • GBO.Overheid – Netherlands
    • Staat der Nederlanden Root CA – with Certificate Policies defining secure hardware
    • Staat der Nederlanden Root CA – G2 – with Certificate Policies defining secure hardware
  • GlobalSign
    • DocumentSign CA
  • Keynectis
    • ICS CA
  • SwissSign
    • SwissSign Platinum CA — G2
  • TC Trustcenter / ChosenSecurity
    • CA 7:PN
    • CA 8:PN
  • US Federal Common Policy Root
    • Common Policy – 2010 expiry @  Common Hardware, Common High, Medium HW CBP
    • Common Policy – 2027 expiry @  Common Hardware, Common High, Medium HW CBP
  • VeriSign
    • Class 3 Intermediate Non-Federal SSP @ Medium-Hardware

Starting today, valid signatures with credentials from these providers, chaining up to these certificates, and meeting a set of Technical Requirements will be automatically trusted in Acrobat and Reader 9.0 and above, including most US Federal HSPD-12 / PIV cards.

So how do you take advantage of the AATL?  Well, if you’re using Acrobat or Reader 9, you don’t need to do anything!  This feature is turned on by default when you install these products, and the Trust List will automatically be updated every 90 days, though you must open a signed document (like the one here, for example) or open a signature-related menu item to trigger the timer and update.

If you want to verify the AATL is enabled, go to Edit (‘Acrobat’ on Mac)->Preferences->Trust Manager and be sure that the “Load trusted root certificates from an Adobe server…” check box is checked.  (See image below.)  You can then click the “Update Now” button in that same dialog box to download the latest version of the AATL from Adobe.  In any case, be sure to review the User FAQ if you’re having any problems or have any questions about how the AATL works.


The launch of the AATL complements our existing Certified Document Services (CDS) trust program, where new digital IDs that are chained to the Adobe Root certificate embedded in Adobe products are automatically trusted.  CDS is key to document certification efforts at the US Government Printing Office, Avow Systems, the Antwerp Port Authority, and many other customers who use high assurance signatures to protect the integrity and authorship of key electronic documents.  Anybody who opens a PDF document signed or certified by a CDS credential automatically gets a ‘blue ribbon’ experience with trust provided to the signature without any user interaction.  Five certificate authorities currently offer CDS certificates. 

While the high level benefits of the Adobe Approved Trust List program are similar, the AATL is only available in Acrobat and Reader 9 at this time.  It is not backwards compatible.  CDS credentials, on the other hand, are backwards compatible from the current generation of Acrobat and Reader all the way back to version 6. Also CDS Providers offer certificates that meet a similar high standard for assurance and feature additional capabilities including the automatic embedding of robust timestamping and real-time revocation to provide for easy, long term validation of digital signatures.  However, existing certificate communities, such as government national ID card programs, can join the AATL, as the chain to the Adobe Root certificate is not required.  Contact Adobe to get more information about which program is right for your organization / government.

If you’d like to test the AATL (and you’ve verified that it’s enabled and downloaded per the instructions above and in the FAQ), please browse our sample documents available here.

And the story doesn’t end there!  Several more government and commercial entities are lined up to join the program in the coming months…stay tuned.

Please visit the AATL webpage for more information.


“Sign here…” Getting started with electronic signatures in Adobe products

This is the latest entry in our “What is an Electronic Signature, Anyway?” series.  You can find previous entries here.

Recently, I’ve received a number of emails from our users asking questions about electronic signatures, so I thought it would be useful to briefly answer some of these frequently asked questions and also direct you, dear reader, to a variety of resources here at Adobe that can help.

First, I recommend you read the other blog entries in our “What is an Electronic Signature, Anyway? “ series to better understand the terminology and issues surrounding electronic signatures.

Now onto the questions…

I want to electronically sign a PDF—what do I need to do?

There are lots of different ways to electronically ‘sign’ documents, but they vary in terms of reliability, longer-term validity, and application.

Continue reading…

Adobe and Arcot Partner to SEND Secure Electronic Documents to Your Inbox

Tired of those paper bank statements, or having to log into your bank’s website to get your account information?  Adobe and Arcot announced Monday the launch of a new managed service called SEND to provide the ability for organizations to literally send secure PDF files to your email inbox, without requiring you to install anything other than the latest version of Adobe Reader or Acrobat.  Financial institutions, utilities, government agencies—really any organization or company that sends periodic paper documents, bills or notices—can take advantage of SEND.  The organization provides SEND with the PDF files and email addresses of recipients, and SEND takes care of the rest, encrypting the documents and delivering them to recipients. 

The idea of having information sent directly to you resonates strongly, even in our highly connected world, because you are empowered to manage the information and store it however you want.  Many have yet to opt for online solutions for this very reason.  However, paper statements are static, potentially subject to identity theft, and require action from recipients to service their accounts. 

With online statements, recipients no longer ‘receive’ information.  They must actively retrieve it from by logging into their institution’s website.  While certainly saving money for the institution and the end customer, this ‘pull’ model breaks the mold recipients are accustomed to, and makes it more difficult for recipients to manage their own information.  However, more dynamic marketing and at-your-fingertips service options are readily available at the institution’s website. 

With SEND, organizations can proactively bridge the gap from a paper to an electronic delivery model.

Continue reading…

Digital Certificate Veteran Entrust Joins Certified Document Services (CDS) Program

Following on the heels of a number of successful customer deployments, Adobe is proud to welcome another respected organization to the CDS Program.  Entrust announced today they have joined the CDS Program and will begin offering certificates under its auspices in early 2009.  This will bring to five the number of CAs in the program, along with ChosenSecurity, GlobalSign, Keynectis, and VeriSign.

CDS makes creating and receiving authentic documents easier by not requiring a recipient to explicitly trust the author of the document.  CDS signatures automatically validate in Adobe Acrobat or Adobe Reader 6.0 and above, providing integrity and long-term assurance to electronic documents of record.  Providers involved in the CDS Program are required to meet stringent requirements for identity vetting, security, and operations.

According to Entrust’s President and CEO Bill Conner:

While electronic documents are an efficient method to do business, until recently they lacked the security necessary to be accepted for official enterprise use.  With the advent of this standard and the specialized certificates, organizations can be confident that electronic documents are authentic and have not been tampered with or altered.

Read more about CDS here.

To learn more about Adobe’s security partner ecosystem, visit the Adobe Security Partner Community!


News from Adobe’s Security Partner Community: Significant GlobalSign Customer Announcements Buoy CDS Program

Since its induction into the Adobe Certified Document Services (CDS) Program, GlobalSign has been very busy working to build a customer base eager to leverage the native trust and assurance that CDS brings to any recipient opening a CDS digitally signed PDF document in Adobe Acrobat or Reader 6.0 and above.  That work has paid off in three separate customer announcements this year, including one just released today:

  • December 8, 2008: In partnership with Adobe and SafeNet, GlobalSign today announced the success of the Antwerp Port Authority project.  This port is the second largest in Europe and the fourth largest in the world.  Looking to save time and money by eliminating paper invoices, and required by law to provide for the integrity and authenticity of the resulting electronic invoices for value-added taxes (VAT), the Port of Antwerp deployed a solution combining:
    • LiveCycle ES document generation and digital signature servers;
    • DocumentSign CDS digital certificates from GlobalSign; and
    • SafeNet hardware security modules (HSMs) to protect the signing keys themselves.

    “We’ve seen a marked increase in the number of projects across the whole of Europe in recent months as the worldwide economic climate causes enterprises both large and small to re-evaluate their invoicing processes to drive down costs and remain competitive.  DocumentSign is not only a cost effective and easy solution for businesses to use, but is also compliant with European e-VAT legislation.”  -Steve Roylance, Business Development Director, GlobalSign.

  • May 2008: At the annual National Notary Association conference, GlobalSign announced the positive results of a pilot undertaken with the UK Notaries Society in which the cost efficiency and legal admissibility of eNotarization performed with GlobalSign CDS credentials was well-documented.
  • May 2008: Bodycote, a leading provider of testing and thermal processing services, announced  that it had selected GlobalSign’s DocumentSign program, based on CDS credentials, to certify its test data and reports.  With this solution Bodycote can provide results to its clients in PDF form, confident in the both the accuracy and integrity of the data contained within. 

    “DocumentSign services our security requirements but is also instantly deployable and very scalable – essential factors for rolling out a solution that can be easily understood by every person in the reliance chain.  For our clients’ customers, they simply open the test results in [R]eader.”
    Alan Slater, Head of IS & IT Architecture, Bodycote


News from Adobe’s Security Partner Community – ARX Deepens Support for Adobe Acrobat & Reader

We’re always pleased to see our partners taking advantage of key, integrated capabilities of our products to better serve our joint customers’ needs.  Yesterday, ARX (Algorithmic Research) announced that its CoSign product now supports the Adobe Signature Service Protocol (ASSP), built into Adobe Acrobat and Adobe Reader version 8.0 and above.

CoSign is a hardened, plug-and-play appliance that allows organizations to easily set up a centralized repository of digital IDs.  These credentials are securely stored on the appliance, eliminating the need for users to carry hardware tokens, which can add to the cost of a digital certificate (PKI) rollout.  The user simply authenticates to the server to access their credentials.

Prior to this announcement, ARX required users to install a small client to provide signing capabilities in Adobe products.  Now, with ARX’s ASSP support, users can set up Acrobat and Reader to access their centralized (roaming) credentials in CoSign for digital signatures without any additional software.  The ASSP protocol provides users with the ability to choose a roaming credential, specify an ASSP-capable server, and then, after clicking on a signature field, simply enter the appropriate authentication information to access their credential.  ASSP handles the behind the scenes communication between client and server, passing the hash (fingerprint of the document) up to the server for signature and then returning it to the client to be embedded back into the document.

Here’s a brief demo of how the system works…note that I’m using a test credential here.

Easy, huh?

With today’s announcement, ARX joins our other security partner Arcot in featuring support for the ASSP protocol.  This protocol is just the latest step in Adobe’s strategy to make electronic signature workflows easier and more productive. 

To learn more about Adobe’s security partner ecosystem, visit the Adobe Security Partner Community!


Update: FIPS 140 Validation Certificates for Acrobat, Reader, and LiveCycle

Version 9.0 of Adobe Acrobat and Adobe Reader include the RSA BSAFE Crypto-C ME encryption module with FIPS 140-2 validation certificate #828. Instructions here will also enable FIPS mode in Acrobat and Reader 9.0 to restrict document encryption and digital signatures to FIPS approved algorithms (AES/RSA/SHA) in this library.

Adobe LiveCycle ES still includes the RSA BSAFE Crypto-J 3.5.04 encryption module with FIPS 140-2 validation certificate #590. FIPS mode is configured in the product installer.

Improving Design Collaboration While Reducing Risk

As we’ve mentioned in earlier posts on this blog, LiveCycle Rights Management ES has a growing set of integrations with 3D CAD/CAM packages. Today we have integrations in the market to provide for rights management IP protection in native Pro/ENGINEER, CATIA, and XVL files.

Adobe recently hosted a joint webcast with PTC to showcase how customers can improve design collaboration while reducing risk using Pro/ENGINEER and LiveCycle Rights Management. In today’s global manufacturing marketplace, survival depends on fast time-to-market.  Spreading the design process across the supply chain continues to increase design complexity as customers demand better products, quickly.   The key is better collaboration, but as companies try to deliver better information, earlier in the process, to a broader audience, the risk of intellectual property (IP) loss goes up dramatically.  Survey after survey has shown that protection of design information is at the top of the list for most engineering organizations.  Companies that learn to balance improved collaboration with the risk of IP loss will be the winners moving forward.

You can replay the webcast by going to:

Come One, Come All…

…to the E-Signatures ’08 Conference, scheduled for November 12-13, 2008, at the Omni Shoreham hotel in Washington, DC.   This conference, organized by the Electronic Signatures and Records Association, features compelling presentations from industry experts on the leading business, legal, and technology topics surrounding e-signatures, and prominently highlights several case studies.

Included in these case studies, Adobe customers will describe how electronic signature solutions involving products from Adobe and our Security Partner Community have improved their internal workflows and, in turn, saved them significant amounts of money, time, and resources.  You can expect to hear from:

In addition, conference attendees will learn about government and insurance industry views on e-signatures; legal, regulatory & standards updates; and finally how the new administration might affect the future of e-signature policy.  For an updated agenda, keep checking here.

Sign up this week!  Early bird registration ends Monday, October 6th.