Posts tagged "DRM"

Just Released! Adobe Reader 10.1 for iOS and Android with LiveCycle Rights Management Support

Now available for free on the Apple App Store and the Android MarketAdobe Reader 10.1 brings to your favorite mobile devices the same best-in-class PDF viewing experience you’re used to on the desktop. This latest release is our first for iOS devices, and shows Adobe’s commitment to provide the most compelling mobile experiences on the most popular platforms. With each new version, Adobe is bringing to mobile those capabilities that users on the go find most important, like text search, easy page navigation, bookmarks, and printing.

As a result, key among the new features in Adobe Reader 10.1 for Mobile is support for accessing files secured by Adobe LiveCycle Rights Management. LiveCycle Rights Management protects sensitive documents by encrypting them with industry-standard AES encryption and enabling central management of their access permissions. Protections persist even when documents are accidentally distributed via email, the cloud, or saved on a lost mobile device. Continue reading…

PDF Encryption Options

If you have sensitive information you want to protect and distribute, PDF is a good option to consider.  Adobe Reader could very well be the most widely distributed crypto-enabled application from any vendor, because Adobe has been including encryption since version 2.0 in 1994 – across numerous desktop and mobile platforms.   So there’s a pretty good chance that your intended recipients will be able to open an encrypted PDF.  Today in 2011, PDF supports the FIPS certified AES 256 algorithm and provides a number of advanced capabilities.

Another advantage of using the built in encryption of PDF is that it can be persistently integrated in the file – and not enveloped.  This means that anywhere the file goes, independent of storage and transport, it stays protected.  Common alternatives like PGP, ZIP, and S/MIME use enveloping encryption around content that gets discarded when the envelope is open – leaving the content unprotected, subject to accidental or malicious redistribution.

There are three main ways to encrypt a PDF file:

  1. Password encryption
  2. Public Key Infrastructure (PKI) encryption
  3. Rights Management

Password encryption relies on a shared password between the publisher and all the recipients.  The publisher selects a phrase like “No1Kn0w$” to encrypt the document, and the recipient uses the same to decrypt it.  To mitigate brute force attacks as well as simple guessing of common passwords – be sure to use long complex passwords with multiple upper, lower, number, and symbol combinations.  Remember to be creative, like song lyrics, poetry, and other long phrases as source material.

PKI encryption can provide greater protection by using additional cryptography and digital certificates.  Each recipient has a keypair (up to RSA4096), and publishes their public key certificate.  While encrypting, the publisher’s computer randomly generates a symmetric key(up to AES256), and encrypts that key to each recipient’s asymmetric public key to include in the document with the symmetric key encrypted content.  In return, the recipient computer uses their own private key to decrypt the symmetric key, and then decrypt the document.  When the private key is stored on a token, e.g. USB, CAC, PIV, eID – it can provide two factor security – requiring the token, and any PIN codes to unlock the token.

Rights Management was developed to provide integration into enterprise authentication (AuthN) and authorization (AuthZ) infrastructure without requiring PKI.  A Rights Management server ties into LDAP, Active Directory (AD), or other user databases to identify the ecosystem of users sharing a document.  Rights Management can also use those same directories to read in groups of users.  An administrator can create a rights management “policy” which is an easily reusable way to protect documents in a certain way.  The policy can define which users or groups can open the document, what they can do with the document, and track what they have done with the document.  These can be internal or external users – whether employees, partners, or consumers.  The publisher then selects the policy to protect a document.  The recipient opens the document and the Acrobat/Reader client will call back to the server to authenticate them, then determine whether they are authorized to open the document.  In addition to username/password types of authentication, the server can also support Kerberos single sign on (SSO),PKI authentication (which is different than PKI encryption above), OTP, and other custom methods.  With Rights Management you can also expire, revoke, version control, watermark, and audit document usage, too.  Rights Management is great for communities of users that have existing authentication and authorization systems in place – whether it’s secure information sharing, or electronic statements to consumers.  In addition to PDF, Rights Management can also apply to native Office and CAD documents, too.  Stay tuned for news on rights management capabilities being available on smartphone and tablet devices in Fall’11, too!

For all three encryption methods, it is also possible to restrict printing, clipboard, and modification after a protected document is opened.

Applying these encryption capabilities can be done ad-hoc on the desktop with Acrobat, as well as part of automated structured workflows on a server, too.

Now Live on Adobe TV: Members of Adobe’s Security Solutions Team!

Well, you’ve experienced us in print…now see us in these exciting, new moving pictures! Listen to John Landwehr and John B Harris discuss Adobe’s key information assurance capabilities and how they can help you achieve content-centric security with products that provide integrity, confidentiality, authentication and privacy.

Announcing the McAfee Data Protection Suite for Rights Management

Today McAfee announced the availability of a new joint offering with Adobe called the McAfee Data Protection Suite for Rights Management. This joint solution combines the classification capabilities from McAfee’s Host Data Loss Prevention (DLP) product with persistent protection from LiveCycle Rights Management ES. The joint value proposition allows customers to discover and classify sensitive information on laptops or desktops and automatically and proactively protect it from a single, uniform policy. This will significantly reduce the cost, complexity, and risk associated with sensitive IP and compliance information located on endpoints throughout the enterprise.

This is the result of a global alliance partnership between Adobe and McAfee, previously announced September 28, 2009 aimed at offering more comprehensive security to our Enterprise customers.

Learn more about the new offering available now from McAfee here. Please contact your local McAfee or Adobe sales representative for more in depth information or to schedule a demo of the solution.

Conquering Information Risk Management

Managing information risk is a complex business these days, especially when you look at (1) the range of information you need to protect, (2) the breadth of risks you need to mitigate, and (3) the management policies and tools available to today’s IT security professionals to protect that information. However:

“A well-realized information risk management strategy has other benefits [beyond security]: enhanced business agility, competitiveness, efficiency and cost savings.”

In other words, you can’t do without it!! 

The problem?  According to Deloitte, on
average, only half of the companies surveyed in their annual Global Security and Privacy Survey had formal security
policies or strategies.  Not a great foundation on which to build risk management on!

I wrote a recent article in Security Products magazine which confronts these challenges head-on, and provides some tips on navigating the “mind-boggling” task of information risk management.

Read the article here.

McAfee and Adobe Team on Automated Data Protection (DLP + DRM)

McAfee and Adobe today announced their global strategic partnership across enterprise and consumer businesses. For enterprises, the companies are developing an integrated solution to expand data protection across the enterprise using data loss prevention and rights management technologies. For consumers, McAfee’s free diagnostic tool, McAfee Security Scan, is available as an optional download to customers when installing Adobe Reader and Adobe Flash Player.

Continue reading…