Posts tagged "digital signature"

Digital Signatures with PIV and PIV-I Credentials

In response to Homeland Security Presidential Directive (HSPD) 12, NIST created a program for improving the identification and authentication of Federal employees and contractors to Federal facilities and information systems.  This program is Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification (PIV) of Federal Employees and Contractors, which as of September 2011 had issued over 5 million credentials.  PIV-I expands the interoperable secure PKI credentialing to Non-Federal Issuers (NFI) so that other organizations seeking identity federation can include their own employees.  Currently approved PIV-I providers include DigiCert, Entrust, Operational Research Consultants, VeriSign/Symantec, and Verizon Business.  The CertiPath bridge also supports PIV-I credential providers such as Citi and HID.

If you have a PIV or PIV-I card, and are interested in digitally signing documents for consent/approval signatures or certified publishing – Adobe Acrobat and Adobe Reader will automatically validate digital signatures via US Federal Common Policy.  Through the Adobe Approved Trust List  (AATL) program, the following trust anchors are included in version 9 and higher:

  • Common Policy — 2010 expiry — Common Hardware, Common High, Medium HW CBP
  • Common Policy — 2027 expiry — Common Hardware, Common High, Medium HW CBP
  • Federal Common Policy CA — 2030 expiry — Common Hardware, Common High, Medium HW CBP, SHA1 Hardware
To have the digital signature automatically validate for any recipient, whether or not they have a PIV/PIV-I credential, the signer’s system must build a complete certificate chain for path validation to reach one of the supported trust anchors.  If the signer’s system only has the signer’s certificate – it will not validate for anyone else automatically.  A recommendation to make this easier is for all of the issuing certificate authority public key certificates to be stored on the smartcard and available to the OS+applications.  That way the card can be truly portable and sign documents on any system.  Otherwise, the system administrator will need to ensure all of the certificates are otherwise installed into the OS and available to Adobe Acrobat/Reader.
As an example, below is an overview of configuring digital signatures with the HID PIV-I service.
After the customer application is approved and credentials are being issued, the user will need to install the chain of certificates on their signing systems.  The certificates required are:
  1. HIDSigningCA1
  2. HIDRootCA1
  3. Federal Bridge CA
  4. CertiPath Bridge CA – G2

There are several ways these certificates can be installed.  The easiest is to open the attached file HID_PIV-I_AdobeConfiguration.pdf, which provides a simplified installation experience into Adobe Acrobat and Adobe Reader.  You can also download the FDF directly here:  HID-PIV-I-Certs-AdobeReader.fdf

Now you can sign a PDF file and it will automatically validate for anyone with Acrobat or Reader version 9.1 or higher.

Sample HID PIV-I Signature document digitally signed with a production HID PIV-I card looks like this:

Here is the path that the digital signature follows for validation:

Register Now! E-Signatures 2011 Conference in Washington, DC, November 9-10!

Saving money.  Getting business done faster.  Eliminating the need to print and route paper contracts and documents.  These are some of the great benefits provided by electronic signatures and records.

But you still have questions:  Is it legal?  Can I use these technologies internationally?  In which sectors can I leverage these technologies?  Who else is using electronic signatures, and what benefits are they seeing in the real-world?

The E-Signatures 2011: Electronic Signatures and Records Conference will provide the answers!  Organized by the Electronic Signatures and Records Association (ESRA) and scheduled to be held in Washington, DC on November 9th and 10th, the conference brings together a number of government, industry, vendor, and customer speakers to cover topics including:

  • IRS eSignature Programs and Initiatives
  • International Adoption and Cross Jurisdiction Issues for eSignatures
  • Enabling eSignatures and eRecords for eFiling and eTitling with Motor Vehicle Registration Offices
  • eSignature Case Studies
  • …and more!

Adobe is proud to be a Gold Sponsor of this event, and we encourage you to register now, before it’s too late.

PDF Brochure: Announcement – 2011 ESRA Conference

We hope to see you in DC!!

 

Adobe Acrobat X and Reader X Are Now JITC Certified!

“JITC certified,” you say…what’s that?  JITC stands for the US Department of Defense’s Joint Interoperability Test Command, which carries out extensive work on software and other systems intended to be used by the US military for mission critical purposes.

In this specific instance, Adobe Acrobat and Reader X have been certified by JITC for their compliance with the DoD’s application requirements for Public Key Enabled services, e.g digital signatures.  The testing included intensive, comprehensive evaluations of Acrobat and Reader’s capabilities in:

  • Certificate operations
  • Signature and certificate status validation
  • Path processing and validation
  • Configuration and documentation

Adobe is proud to note that we have consistently been certified for JITC compliance in every version of Adobe Acrobat and Reader back to version 7 back in 2006.

Click here for a link to the official JITC list of software and solutions that have been tested for Public Key Enabled compliance.

9/23/11: Update on Further DigiNotar Issues

The Dutch government today announced that DigiNotar’s subordinate Certificate Authorities (subCAs) under the Staat der Nederlanden root certificates will be revoked next Wednesday, September 28th.  This follows on the Dutch government’s removal of trust from DigiNotar, DigiNotar’s removal from the Netherlands Trust List, and the company’s announcement of bankruptcy proceedings.

Continue reading…

Trust, Enhanced: More updates to the Adobe Approved Trust List

Today, Adobe pushed out yet another update to its certificate trust program implemented in Adobe Reader and Acrobat.  The AATL program, launched in 2009, makes it easier for users to view and rely on digitally signed PDFs by automatically displaying a green checkmark for those signature credentials which meet higher assurance requirements when opened in Reader and Acrobat 9 and X.

The update today included the Columbian A.C. Raiz Certicamara S. A. root certificate for Acrobat and Reader X.

Continue reading…

Happy Birthday, ESIGN!!

On Wednesday, don’t be concerned/scared/shocked if you see your sales people looking somewhat calmer, your legal counsel winces a little less when you crack a lawyer joke, your chief risk officer smiles at you, and your controller pulls you over and eagerly points to the latest revenue figures.

Why? June 30th is the tenth anniversary of the US federal law that made their lives easier by putting electronic signatures on equal footing with wet ink! That’s right: 10 years ago tomorrow, President Bill Clinton digitally signed into law the ESIGN Act (eSignAct.pdf).

How is this important? The electronic signatures legalized with the ESIGN Act produce dramatic, real-world benefits for Adobe’s customers.

Continue reading…

Just Unveiled: Adobe eSignatures – Making it Easier than Ever to Sign Electronic Documents

Signatures are utterly ubiquitous today…so much so, that we don’t even recognize how often and in how many different ways we are signing off on things. Of course, we’re all well-aware when we’re signing a legal document in person, like a mortgage or rental agreement. But we’re also assenting to a purchase when we chicken-scratch our signature on grocery store point-of-sale terminals.  (OK, that’s my chicken scratch.)  Did you know we’re also signing and assenting to a contract when we install software, or agree to privacy terms on a website, by clicking an ‘I agree’ button?  

The truth is, there are many different ways in which we can express our intent.  In the paper world, some agreements require the signatures of multiple parties.  Others, by tradition, necessitate the signer use dozens of pens to sign one name!  Yet others require the use of specially designed stamps.  Different types of signatures for different types of transactions.

These same variations carry over into the electronic realm, based on
necessity, expediency, cost, regulations, and local and national laws.

We’ve explained in this blog what electronic signatures are and how they work.  Adobe eSignatures, launched last week, provides yet another option – a very convenient way to send documents out for electronic signature minus the cost of express delivery.

Continue reading…

SuisseID Launches in Switzerland – Adobe Approved Trust List Enables Trust for Several Providers

Last week, the Swiss government announced (English translation) the launch of the SuisseID, a program intended to provide citizens and business with access to high assurance identity credentials that can be used to access government and business services as well as digitally sign documents with legally binding signatures.

Two Members of the Adobe Approved Trust List (AATL), SwissSign and newly joined QuoVadis, are also key Providers in the SuisseID program.

Continue reading…

Trust Marches Onward: Adobe Approved Trust List Welcomes Two New Members

Some of our savvy readers and users may have already noticed a dialog box asking them to download a “security settings update from Adobe Systems”:

sectysettingsupdate_shot.png

No, it’s not the latest patch.  In fact, by clicking Yes, Acrobat and Reader 9+ users are downloading an update to the Adobe Approved Trust List (AATL), a list of trusted digital certificates that provides users with better assurances that the digitally signed documents they are receiving can be trusted.  This is visible to document recipients as a green check mark or blue ribbon, depending on the type of digital signature.

In this update, four certificates, two each from Entrust and QuoVadis respectively, have been added to the AATL…

Continue reading…

Certified Document Services (CDS) Program Grows to Six with Post.Trust Announcement

Adobe is excited to welcome Post.Trust, the certification authority subsidiary of An Post, the Irish postal service, into the Certified Document Services program.

CDS makes creating and receiving authentic documents easier by not
requiring a recipient to explicitly trust the author of the document. 
CDS signatures automatically validate in Adobe Acrobat or Adobe Reader 6.0 and above,
providing integrity and long-term assurance to electronic documents of
record.  Providers involved in the CDS Program are required to meet
stringent requirements for identity vetting, security, and operations.

Continue reading…