Adobe, GeoTrust Join to Verify Documents

Adobe today unveiled a new offering with partner GeoTrust to help verify the integrity
and authenticity of documents.

Certified Document Services (CDS) is a new integrated service that is available for Adobe’s ubiquitous Acrobat
Reader software. The offering is designed to provide added assurance for a document’s authenticity and integrity,
so that anyone using Adobe Acrobat version 6 will automatically be able to verify the signature on the document
without the need for any extra plugins.

According to Adobe Security Evangelist John Landwehr, CDS takes advantage of technology that is already
built in to Acrobat Reader 6.

“In the months leading up to the release of Acrobat Reader 6, we put the infrastructure in place within the product
that is now widely distributed,” Landwehr told internetnews.com. “This is a service that is then being layered on
top of it and does not require any changes to the product.”

Landwehr added that since the company released Acrobat Reader 6, CDS has been in a pilot-testing process. He
also said that, while digital signatures have been around,
they typically have been limited to intranet types of activity based on having to deploy a full PKI
suite to employees’ desktops.

“Since Acrobat 4 we’ve had signing capabilities. If an organization has their own PKI or wants to self sign, they
can sign the document. The challenge is that if they send that outside of their organization, unless the recipient has
the required infrastructure, public key and access to revocation lists, they won’t be able to validate the signature,”
Landwehr explained. “With the GeoTrust infrastructure that’s available in Reader essentially out of the box.”

GeoTrust’s CTO Chris Bailey sees the new CDS initiative as being somewhat analogous to the way SSL
works in a browser today. Bailey explained that, like SSL, where a user sees a padlock for a secure site and doesn’t
have to do anything to make it work. It’s that ease of use Bailey sees that may turn
this new initiative into a major win.

“This is one of those things that can easily turn into a killer application,” Bailey told internetnews.com.
“From an end-user standpoint, they really don’t have to know anything it just works.
It could be and we’re hoping that this will be a significant part of our business.”

Adobe is also positioning the CDS initiative as a service that could be used by firms to help prevent phishing.
Adobe’s Landwehr explained that a company could send a signed document or a “roundtrip” form that a user could open,
fill out and automatically send back to an embedded address that has been digitally signed in the document. However,
Landwehr did admit that a digitally signed roundtrip form could be potentially thwarted by phishers, as the
service only guarantees the authenticity of the document and not the sender’s address.

“We do not provide anything for the authenticity of the e-mail address itself, because we don’t sit in
the area of the application stack,” Landwehr said. “That is where the e-mail standards infrastructure
needs to be overhauled. We’re focused on the content of the e-mail not the e-mail address.”

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web