IBM, Adobe Team to Improve PKI in PDF

IBM and Adobe Systems have teamed up on a new set of cryptography features in Adobe’s latest Acrobat 6.0 software that are designed to make digital documents more secure by keeping encryption keys out of sight of the computer’s operating system.

With an embedded security chip in the motherboard of IBM’s latest ThinkPad notebook PCs, users of Acrobat 6.0’s Portable Document Format (PDF) files can add digital signatures with a unique software/hardware combination of Public Key Infrastructure (PKI) cryptography.

Stacy Cannady, product manager for client security at IBM, said Adobe has modified the Acrobat software to recognize IBM’s security chip, where critical encryption information is stored.

Digital certificates are usually kept on a PC’s hard drive, added Cannady. “One way of thinking of the hazard with that is like leaving the keys to your care in your car. You could have even hidden your key in the car, but there’s a possibility someone can find it.”

John Landwehr, general manager for security solutions for San Jose, Calif.-based Adobe, said a benefit of the new feature is that the private key in the encryption method is kept separate from the computer’s operating system by use of the chip. The program “sends the encrypted information down to the chip, so the key itself is never done on the operating system” when securing and sending digital documents and signatures, he said.

“Because the key is not directly available to the computer’s operating system, it cannot be intercepted through software vulnerabilities with an operating system, and (therefore) prevents the key from being duplicated. So it provides strong assurances that the private key, the most critical element for PKI and encryption, remains protected.”

Armonk, N.Y.-based IBM said its embedded security chip can be configured to require that the author of an Adobe PDF document meet certain predetermined criteria before it will allow the user to digitally sign or open a document. The authentication criteria could include requirements such as a fingerprint scan, password or smart card, which serve as added layers of protection of electronic documents even if the PC they reside on is stolen.

The new features are also included with Acrobat Reader, the free version of Adobe’s Acrobat software.