Organizations operating within the Financial Services and Insurance markets
face mounting pressure to meet increased industry and government regulations.
At the same time pressure to reduce costs via automation drives
increased use of eBusiness solutions. Accountability is no longer an
afterthought, and steps to ensure auditable internal controls have been
weaved into day-to-day operations. This is especially evident by the
increased scrutiny which public organizations face as the result of regulations
such as Sarbanes-Oxley (SOX). SOX requires public companies to
implement increased controls in response to serious accounting mishaps of
the past. C level executives (CEO, CFO, CISO etc.) must meet or exceed both
outside mandated and industry recommended regulations and best
practices to avoid even the perception of improprieties. Executive accountability
is critical in an industry that must prove all significant decisions
impacting customers, shareholders, and other key stake-holders have been
adequately mapped to key authorized personnel. Embedding details such as
a SHA-256 time stamp and certificate validity creates Long Term Validation
(LTV) signatures, another key requirement.
Operating within a highly regulated industry Maintaining Integrity and Proving Authenticity
Although meeting regulatory requirements is essential to financial institutions,
banks, insurance companies, and brokerage firms, the pressure to
remain competitive through cost reduction and efficiency gains drives the
need for eBusiness processes. Adapting traditional paper-based transactions
to electronic processes reaps huge financial rewards in the transaction
intensive financial sector. Furthermore, many transactions reach out beyond
the organization’s network perimeter to engage close partners, remote
offices and even end entities. As important financial documents like
customer statements, external audit reports, and other compliance-based
forms leave the network, organizations must address a variety of issues
including brand protection, customer satisfaction, and security.
Operating a more pro table business
PDF Signing for Adobe CDS Digital IDs are highly vetted and secured digital
IDs that tie critical transactions to key personnel. When authors, approvers,
and reviewers of Adobe PDF documents apply a digital signature to an
Adobe PDF, they bind their identity within an organizational affiliation to
precise content. Within the context of the document an exact date and time
is embedded, providing auditors an easy to follow and non repudiated audit
trail surrounding key and often time sensitive business decisions. This trail is
embedded into the signature properties of the PDF and easily retrieved in
human readable format. Digitally signed PDFs signed with a CDS compatible
digital ID are validated using just the free Adobe reader, providing organizations
an easy and cost efficient method to distribute important documents
outside the controlled environment of their network whilst avoiding the
complex requirements related to maintaining an external verification
services.
The ‘Integrity’ checking mechanisms within the PDF document clearly
highlight whether any modification of the content has occurred since the
signature was applied - the result is a strong audit trail of accountability.
How is ‘authenticity’ handled? the answer is that each Digital Identity is
chained through the GlobalSign SHA-256 intermediate issuing CA to the
Adobe Root CA which is distributed and recognized by Adobe 7.0 onwards,
allowing 800M+ users to take advantage of the PKI capabilities built into
International Standards and Best Practice
Implementation of any IT process to mitigate a security risk must itself be
weighed against multiple acceptance criteria. These may include, amongst
others, Best Practice, the ability to meet International Standards and suitability
for stakeholders. Security through obscurity does not suit delivery of
products and/or services to a mass market via the Internet. The Internet
itself is a generic service, where as PKI (Public Key Infrastructure) is a highly
suitable security service for the Internet. PKI is a pervasive service, meaning
investments in PKI to address requirements in the Financial Services vertical
will allow additional ROI to be leveraged in other areas of synergy.
Whilst 800M+ users worldwide have access to the Adobe PDF reader, is PDF
not a proprietary standard? The answer is no, in that PDF is an International
Standards Organization (ISO) standard (ISO 32000-1) and equally
importantly the signature mechanisms built into Adobe Acrobat, Reader and
LiveCycle ES conform to a European Standard. ETSI/ESI Technical Standard
(TS) 102 778, better known as PAdES (pronounced with either a long or short
a), highlights how the digital signature format described in ISO 32000-1
meets the needs of the 1999 EU Signature Directive.
Part 1: "PAdES Overview - a framework document for PAdES"
Part 2: "PAdES Basic - Profile based on ISO 32000-1" (Best Practice)
Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"
Part 4: "PAdES Long Term - PAdES-LTV Profile"
Part 5: "PAdES for XML Content - Profiles for XAdES signatures"
This document you are viewing conforms to Part 2 and as best practice
embeds a copy of the certificate used to sign the document, the status of the
certificate (Certificate Revocation List) and a digitally signed Timestamp.
Any modification, however small,
causes an Integrity check failure.
The Adobe Root CA is
present in all versions of
Adobe reader and supports
SHA-256 from Version 7.0+,
maximizing ubiquity for
any CDS digitally signed
materials.
The GlobalSign provides a TSA (Time Stamp
Authority) service compliant to RFC 3161 which
also allows LTV (Long Term Validation) signatures
Timestamping Digital Identity
1-5 years
High Volume HSM
Test certificate
OCSP Responder
Digital Identity
1-3 years
Low Volume USB
For more information about GlobalSign solutions,
please call 603-570-7060 or 877-775-4562
PDF Signing for Adobe CDS - How it Works & Solutions by Industry
Visit www.globalsign.com for more information
Certi ed Document Services (CDS) provides a cost e ective PDF digital signing solution.
Certified Document Services (CDS) is a service which is enabled by the
Adobe root certificate authority and was introduced into the Adobe®
Acrobat® product range supporting SHA-256 signatures from version 7.0
onwards. CDS empowers document authors to digitally sign Portable
Document Format (PDF) files, using an industry standard X.509 digital
certificates chained to the Adobe Root Authority to allow automatic
validation of authenticity of the author using the free Adobe Reader
software. No additional client software or configuration is required.
A major advantage to any organization with stakeholders in multiple
countries, is the built-in international language support within the PDF
reader itself. Available in over 30+ languages, Adobe Reader ensures a
consistent digital signature experience worldwide. CDS was designed
specifically to enable any organization providing documents to large and
disparate recipients, who may be in multiple countries, to increase the
assurance level of the document. The document's integrity and authenticity
are digitally preserved by the addition of the CDS signature to the PDF
Document authors are able to increase this assurance level without requiring
recipients to deploy additional processes - it simply works, ensuring an
effective ROI through a vast reduction in the investment normally associated
with supporting a proprietary security system.
Following a thorough verification of the ‘Applicant’ requesting a PDF Signing
for Adobe CDS certificate, GlobalSign will issue a ‘pickup‘ link which allows a
certificate to be generated and securely stored on a SafeNet® hardware
cryptographic device. Authors can digitally certify PDFs using certificates
“chained” up to the trusted Adobe Root. Recipients simply need to open the
document using the Adobe free reader to instantly verify the authenticity
and integrity of the document. Adobe’s simple to interpret “Blue Ribbon,
Yellow Warning Triangle, and Red X” trust messaging allows even novice
users an easy to understand method to determine if the document is
legitimate.
No comments:
Post a Comment