Included in these case studies, Adobe customers will describe how electronic signature solutions involving products from Adobe and our Security Partner Community have improved their internal workflows and, in turn, saved them significant amounts of money, time, and resources.  You can expect to hear from:

• John Hannan, Chief Information Security Officer, U.S. Government Printing Office
• Kay Bross, Senior PKI Specialist, Information Security & Solutions, Procter & Gamble
• Thomas Niman, Director, Business Operations & Systems Integration, Snap-on Credit LLC

In addition, conference attendees will learn about government and insurance industry views on e-signatures; legal, regulatory & standards updates; and finally how the new administration might affect the future of e-signature policy.  For an updated agenda, keep checking here.

Sign up this week!  Early bird registration ends Monday, October 6th.

Tags:e-signature,conference,ESRA,adobe customers,electronic signature,digital signature

This past summer Adobe released the LiveCycle ES Update 1 release. This include LiveCycle Content Services ES, a fully integrated set of content services that enables organizations to "manage content in a lower-cost, extensible way for cross-company and cross-organizational processes". LiveCycle Rights Management ES is a core part of this offering, and allows organizations to include content protection as a part of these cross-organizational processes.

Each "space" within Content Services can be seen as a folder to hold sub-spaces or content. These spaces can be associated with business rules and security -- including various access control rights as defined by LiveCycle Rights Management ES.

It's easy for business users to interact with these spaces because content can be added in several different ways; for example: using the Web UI, FTP, CIFS, or WebDAV. Adding security is a breeze because the act of adding content can be associated with an automatic trigger that can protect the content with Rights Management. For example, an administrator can create a trigger to associate the "Confidential" policy for general documents, or the "Mergers & Acquisitions" policy for content being stored for the M&A team.

In today's blog entry we show off a simple example of how:

1. An administrator can create a rule to automatically protect all content with a specific predefined policy.
2. An end user can upload a document to be automatically protected.
3. A recipient can open a protected document within the Content Services repository.

Click on the following screenshot of LiveCycle Content Services for a brief tour of this functionality:

Guest Contributor: Neerav Aggarwal

Need more information on how your organization can effectively manage and protect your intellectual property? Further information can be obtained at http://www.adobe.com/go/rm or by contacting Adobe

A copy of the keynote presentation is available here as a 5MB PDF download.

DIRECTV is also providing SUPERCAST as a downloadable rich Internet application (RIA) built on Adobe AIR. Adobe AIR offers a new way to engage customers on the desktop with a downloadable, branded RIA that can be deployed across major operating systems. The SUPERCAST application on AIR provides a wide variety of real-time NFL SUNDAY TICKET content right on the desktop as games stream live in high-quality H.264 video, including Red Zone channel’s live-action of critical plays, statistics and moments from game broadcasts, as well as near real-time highlights from all the games. Additionally, only in the SUPERCAST application on Adobe AIR can fans receive desktop notification alerts when requested highlights become available. SUPERCAST is available at www.directv.com/supercast.

Content is streamed live via Adobe Flash Media Server software to the browser using Adobe Flash Player technology, which is installed on more than 98 percent of Internet-connected computers, and to the desktop via Adobe AIR. DIRECTV also uses Adobe Flash Media Rights Management Server software for digital rights management (DRM) to protect the NFL premium on-demand content downloaded to the desktop. Adobe Flash Media Server is helping enable DIRECTV to stream content more securely and cater to large volumes of fans with rapid, reliable delivery of exciting content. Adobe Flash Media Rights Management Server is a robust on-demand content protection solution that is non-intrusive to users, yet can allow DIRECTV to safeguard media integrity, authenticity and access, whether SuperFan subscribers are online or offline, even after the content has been viewed.

John Landwehr from Adobe and representatives from Hewlett Packard, Kaiser Permanente, McAfee, Microsoft, Panda Security, Sun, and Symantec discussed ways to protect against more numerous and sophisticated attacks by hackers and called for upgraded technology along with more attention to human and legal factors.

DLP technologies are very good at providing classification and segmentation of data into raw buckets based whether they are considered high, medium, or low impact to the business. These technologies are less effective, however, in the areas of active enforcement of the data since they typically focus on either blocking or encrypting information in somewhat of a binary fashion, based on the information itself, without significant context for the users or identities involved. In fact, most DLP deployments today are being used in passive mode to discover and monitor "hot spots" and understand where there may be broken business processes in place that may one day lead to data breach.

An effective way to develop a solutions approach to data loss prevention is to utilize Rights Management technology in concert with DLP to provide and extend protection persistently based on the identity of the recipient or group of recipients. This will effectively marry the classification policy (from DLP) with the enforcement policy (from Rights Management) to provide more effective and seamless protection. With Adobe Livecycle RIghts Management ES, this process can be automated by setting up watched folders or email workflows to streamline enforcement of sensitive information as it is being discovered by DLP products. Over time, these products will become more tightly integrated using APIs to build a information-centric policy management framework upon which data governance decisions can be made and implemented from executives down through the lines of business to IT.

Signature credentials are trusted in Adobe products through the establishment and installation of trust anchors and trusted identities.  Trust anchors are typically root certificates—certificates at the top of the hierarchy from which other certificates are derived.  Trusted identities can be any certificate, even an end-entity, or user, certificate.  In any case, in order to pass validation, the signing certificate must either be a trust anchor (root) or be chained to (derived from) that root.

We’ll cover in this post the 3 ways an individual user can set trust in Adobe products.

When we consider electronic signatures, recognize that there are typically two parties to the transaction: the author / signer and the recipient, or relying party.  The signer’s role is obvious.  The relying party, on the other hand, is the one who is in the position to accept the signature and therefore the signer’s approval of the terms or nature of the signed document.  When faced with an electronic signature, the relying party must be aware (or have resources he/she can turn to, such as a lawyer) of three intersecting zones of validity—legal, contractual, and intrinsic—and how Adobe products can assist. 

I wanted to be sure the group was aware of the 2008 MAX Awards. These customer recognition awards showcase some of our best customer projects developed around the globe over the past year.

This year we will award projects in 6 categories: Advertising & Branding, Enterprise, Mobility and Devices, Public Sector, Rich Internet Application, and Video. Most of our security nominations are typically in the Enterprise and Public Sector categories.

The top three finalists in each category will be invited to attend MAX North America in San Francisco, where we will announce the winner, as well as the People's Choice award winner. All finalists will receive complimentary admission to MAX.

All submissions must be received online at by September 12th, 2008, so be sure to submit your Adobe Security project today! https://www.Adobemaxsubmission.com/submission

For more information or to see last year's finalists and winners please Click Here

Smart card / Certificate authentication

The fourth type of authentication that LiveCycle Rights Management ES supports is smart card, or certificate-based authentication. For some customers, this form of authentication is often more secure than the other forms of authentication supported. To understand how it works in LiveCycle Rights Management ES and the benefits it provides, however, requires some background and context.

A smart card, in its most well-known form, is a credit card-sized ‘intelligent card’ that carries user’s credentials in the form of Digital Certificates. Many variants today also possess processing capabilities like the ability to compute Digital Signatures. A smart card is a something-you-have type of authentication, as compared to Username/Password which is something-you-know.

A Digital Certificate, often just referred to as Certificate, is a digital document that at a minimum includes a Distinguished Name (DN) and an associated Public Key. The DN uniquely identifies a user’s identity, and the public key can be used to prove that identity. The Certificate is signed by a trusted third party known as Certificate Authority (CA). The CA vouches for the authenticity of the certificate holder. This Public Key Infrastructure (PKI) assumes the use of Public Key Cryptography, which is the most common method on the Internet for authenticating end parties or encrypting messages. PKI overcomes the significant flaws in the traditional cryptography or the symmetric cryptography, and at the same time provides added security by having strict requirements for key lengths and industry standard cryptographic algorithms (set forth by Public Key Cryptography Standards or PKCS, and governed by RSA Laboratories).

At the time of authentication, LiveCycle Rights Management ES validates the chosen Certificate’s signature against its cache of known and trusted CA certificates. The server verifies the Certificate, validates the Digital Signature, and finally maps this Certificate to a unique user through the rules an administrator creates when configuring LiveCycle. LiveCycle Rights Management ES also provides for flexibility and easier enterprise integration by providing server-based “SPIs,” which can be used to develop custom certificate authentication providers.

Many enterprises and governments today employ smart card based authentication, not only for its enhanced security but also for its ease of deployment and use for end users. For example the United States Department of Defense issues Common Access Cards (CAC cards) which can be used for secure user identification. These CAC cards can be used within LiveCycle Rights Management ES to authenticate users who are opening protected documents. A user would insert his card into a smart card reader on his machine to identify himself. These readers are available in a variety of form factors and can be connected to a computer using USB or PC card interface – and are integrated into many laptops today, such as the Dell Latitude line of business laptops.

To give you a better idea of how easy it is for an end user to authenticate to LiveCycle Rights Management ES using a smart card, click on the following demo:

Guest Contributor: Chaitanya Atreya

Questions or feedback on this entry? Contact us at RMFeedback@adobe.com

Need more information on how your organization can effectively manage and protect your intellectual property? Further information can be obtained at http://www.adobe.com/go/rm or by contacting Adobe

Disclaimer. This blog entry is not intended to provide legal advice. You should discuss issues relating to the use of electronic signatures in your business with your own legal counsel and compliance officers.

Two months ago we discussed here the nature of the legal environment surrounding electronic signatures. I’d like to point out some additional resources that can expand your knowledge of the subject.

• Within the EU context, Law Professor Dr. Jos DuMortier, director of the Interdisciplinary Centre for Law and ICT at the Catholic University of Leuven (K.U. Leuven) in Belgium, and a well-known authority on the intersection of law with information technology, has published and/or contributed to a large number of whitepapers and articles on the subject of electronic signatures. This whitepaper from October 2007 describes how digital signatures created with PDF documents and the Belgian eID can be granted valid, legal status.

• Just last week, the American Bar Association published an impressive book entitled, “Foundations of Digital Evidence,” which covers, as you might have guessed, the implications, nature, and changes that digital evidence has wrought upon legal systems around the world. Adobe’s own Ed Chase, a Solutions Architect and one of our electronic signature gurus, contributed a critical chapter on PDF and its impact on the subject, providing details about how the features of PDF and digital signatures can support legal requirements for electronic records.

With that in mind, we’re always extremely pleased to see cooperation among our many security partners so that they can also mutually leverage their capabilities which in the end is all the better for our own customers.

One of our partners, Communication Intelligence Corporation (CIC), a key electronic signature industry player, recently announced a partnership with 4Point Solutions, one of our foremost LiveCycle systems integrators, to promote closer integration of their technologies.

And ARX, Inc., a security partner offering a convenient , virtually plug-and-play CA and signing appliance, CoSign, announced relationships (here and here) with two of our Certificate Authority partners, GlobalSign and ChosenSecurity,to provide more complete and easy-to-deploy solutions around these two companies’ digital ID offerings.

So, how do these new relationships benefit Adobe’s customers? CIC’s relationship with 4Point means that customers deploying LiveCycle will have more electronic signature options on the table. With ARX, customers looking to speed workflows with digital signatures can deploy the ARX CoSign product, centrally storing user signing credentials from GlobalSign or Chosen Security, both leading certificate authorities in their own right.

In June, at an event at the National Press Club, Jerry Buckley, Founding Partner at the Buckley Kolar law firm in Washington DC, as well as Counsel to the Electronic Signatures and Records Association (ESRA), an organization devoted to promulgating the use of electronic signatures & documents and educating the public & industry on those matters, stated that the “train had left the station” when it came to electronic signature usage around the world. As the demand for more fully electronic workflows becomes more pronounced, especially given the meteoric rise in gas, and thus shipping, prices, as well as an increasing desire on the part of enterprises and organizations to ‘go green,’ electronic signatures will become even more ubiquitous.

The job description and application process is posted on cooljobs.adobe.com.

Description:
Adobe (NASDAQ: ADBE) revolutionizes how the world engages with ideas and information. For 25 years, the company’s award-winning software and technologies have redefined business, entertainment, and personal communications by setting new standards for producing and delivering content that engages people virtually anywhere at anytime. From rich images in print, video, and film to dynamic digital content for a variety of media, the impact of Adobe solutions is evident across industries and felt by anyone who creates, views, and interacts with information. With a reputation for excellence and a portfolio of many of the most respected and recognizable software brands, Adobe is one of the world’s largest and most diversified software companies.

Today, Adobe is better positioned than ever to push the boundaries of the digital universe. Under the leadership of President & CEO Shantanu Narayen, we're driving even greater innovation with powerful, compelling software solutions that meet the needs of customers and markets ranging from designers and filmmakers, to enterprises and governments, to developers and home users.

Recognizing that employees are at the core of our success, Adobe recruits and retains highly qualified and motivated individuals, creates an environment where they can innovate and achieve their best, and rewards them for their performance by giving them an opportunity to share in the company’s success.

Position Overview
Adobe Information Assurance Solutions enable organizations to more securely engage with employees, external associates, and customers by protecting the information lifecycle. Security can be persistently applied to information independent of storage and transport, inside and outside an organization. Adobe's ecosystem of security partners provides interoperability with many information security infrastructures including identity and access management, single-sign-on, public key infrastructures, smart cards, and biometrics.

This Sr. Product Manager position in the Security Solutions team of Adobe's Business and Productivity BU will significantly contribute to growing Adobe’s market share in information assurance solutions by identifying and prioritizing feature requirements, providing product competitive analysis, understanding customer usage workflows and customer satisfaction, driving and evaluating technology trends, ease of use, standards and certifications.

Requirements
Requires at least 5 years of experience in enterprise software product management. BS in Computer Science or related technical discipline, and in-depth experience with identity management, electronic and digital signatures, encryption, J2EE authentication, public key infrastructure, smartcards, maintaining documents of record, and information lifecycle workflows.

This position also requires significant cross-group interaction, a strong customer and partner focus, excellent communication, presentation, and negotiation skills, attention to detail, solid technical abilities to collaborate with engineering and direct market experience. Candidates must be passionate about the technology to make Adobe solutions more secure and easy to use. Preference given to candidates with security certifications.

Adobe believes personal fulfillment and company success go hand in hand, sustaining one another. In fact, our dynamic, rewarding working environment is well known – including eight years on FORTUNE magazine’s "100 Best Companies to Work For" and other, similar accolades. By hiring the very best and brightest, Adobe continues to be a simply better place to work – creating a dynamic environment today and providing incentives for future achievement.