How to enhance security using PDF documents
More and more businesses are distributing electronic versions of documents--and asking customers to accept and act upon them with the same confidence that they bring to paper.
There are many obvious advantages in using electronic documents. Unfortunately, computer-savvy cyber-criminals also use electronic documents as tools for fraud. They attempt to forge press releases, alter stock reports, and use phishing scams to dupe people into disclosing personal information in order to steal their identities. These types of crimes have some people wary of trusting and using electronic documents.
A significantly more effective solution for protecting an electronic document in a PDF format is to assign security parameters that are an integral part of the document itself. The following criteria ensure document security:
- Confidentiality--Who should have access to the document?
- Authorization--What permissions does the user have for working with the document?
- Integrity--How do you know if the document has been altered?
- Authenticity--How do you know where the document came from?
- Non-repudiation--Can the signatory deny signing the document?
Note: To apply security features to PDFs, you need Acrobat 8.0 Professional, Acrobat 8.0 Standard, or Acrobat 3D Version 8.
Confidentiality
Encryption is an effective technique for managing document access. You can use a certificate to encrypt PDFs so that only an approved list of users can open them.
To encrypt PDFs, one option is to use public-key cryptography. Public-key cryptography uses two keys: a public key, which is stored inside a certificate that can be shared with other users; and a private key, which you don’t share with others. The public key (certificate) is used to encrypt data or to verify digital signatures, and the private key is used to decrypt data or to create digital signatures. Both keys are included in a digital ID.
If you need to encrypt a large number of PDFs, use the Batch Processing command to apply a predefined sequence, or edit an existing sequence to add the security features you want. You can also save your certificate settings as a security policy and reuse it to encrypt PDFs.
1. Do one of the following:- Click the Secure button
- Choose Advanced > Security > Certificate Encryption.
- Click the Secure button
2. In the Certificate Security Settings dialog box, specify whether to save your settings as a policy or discard them after applying (if available).
3. Select which document components to encrypt.
4. From the Encryption Algorithm menu, choose 128-bit AES or 128-bit RC4. If you select 128-bit AES, Acrobat 7.0 or later or Reader 7.0 or later is required to open the document. Click Next.
5. Select the digital ID you want to use.
Authorization
In addition to managing who can open a document, you can gain additional protection through authorization. Authorization specifies what a user can do with a document and is attached via permissions and dynamic document control.
6. Create a recipient list for the encrypted PDF: Click Search to locate identities in a directory server or in your list of trusted identities, or click Browse to locate the file that contains certificates.
7. While the verisign directory is already installed, you may choose to set up another directory for your company. If you are not using a directory, you will have needed to exchange certificates with the recipients first.
8. In the Recipients list, select the recipient(s) for whom you wish to set levels of access, click Permissions, and click OK in the Acrobat Security dialog box. Then select the levels of access. If you don't set permissions, recipients have full access by default. (See here.)
9. Click OK to implement your settings, and then click Next. Review your settings and then click Finish. When a recipient opens the PDF, the security settings you specified for that person are used.
Next week, learn more about digital signatures in PDF documents, and how you can establish trust for unconfirmed digital signatures.
Lori DeFurio is a developer evangelist in Adobe Systems' Intelligent Documents Business Unit.