October 4, 2004 9:00 PM PDT
Adobe tackles document ID
- Related Stories
U.S. hit by rise in 'phishing' attacksMay 6, 2004
Adobe's PDF-everywhere strategySeptember 30, 2003
New Office locks down documentsSeptember 2, 2003
Hoax briefly shaves $2.5 billion off Emulex's market capAugust 25, 2000
The company's Certified Document Service verifies the authenticity of documents saved in Adobe's PDF, or portable document format, by adding digital signatures. The Texas National Guard, for instance, could add signatures to all official copies of documents, saving much typeface analysis for journalists.
The service, offered through online authentication specialist GeoTrust, is part of an ongoing effort by Adobe to expand PDF, already widely used for electronic exchange of documents, into a broad container for sharing business data.
Certified Document Service is meant to address growing corporate interest in protecting against spoofed documents, said John Landwehr, group manager for security solutions at Adobe. One such document was a faked press release that briefly sent technology company Emulex's stock into a nosedive two years ago.
The Adobe document service requires customers to sign up for an account with GeoTrust, which will charge an annual fee of $895 per account. Once GeoTrust has reviewed and accepted an applicant, it sends the new customer a password-protected USB key that stores signature information. "They apply a very thorough vetting process," Landwehr said of GeoTrust. "They make sure you are who you say your are."
When someone wants to add a digital signature to a document, he or she selects the "save as" command in Acrobat, Adobe's PDF authoring application, and chooses the option to add the signature stored on the USB key.
As the document is handed around, Adobe Reader, the company's free PDF viewer, reads the signature and checks to make sure the ID matches the person who sent the document. Reader will also display an icon of blue ribbon to indicate the reader is viewing a signed and verified document.
"We're going to be doing a lot to promote the blue ribbon as similar to the yellow padlock you look for (in a Web browser) before you enter a credit number on the Web," Landwehr said.
Early interest in the verification service is coming from government agencies and investor relations departments at large companies, who have regulatory and financial incentives to prevent spoofed communications, Landwehr said.
Banks and other financial institutions are also looking at the technology as a way to thwart "phishing" attacks, in which online scammers try to collect account information by directing e-mail recipients to bogus Web sites. By standardizing on secure, interactive PDF forms to collect customer data, banks can train customers to ignore phishing attempts, Landwehr said.
Adobe is working on another security-related add-on for Acrobat, LiveCycle Policy Server, that will allow document creators to set restrictions on who can read a PDF file, for how long and other factors. A PDF document can also be set up to check for more recent versions of the document, ensuring that customers are always working off an up-to-date price list, for example.
Adobe plans to introduce the server application in December. It will compete with Information Rights Management technology that Microsoft introduced last year for its Office applications.