1. Proof of Existence
Who provide that kind of digital document certificate services?
Adobe unveiled the Certified Document Services (CDS) program, which automatically trusts new
digital IDs that are chained to (part of the family of) the Adobe Root certificate embedded in Adobe
products. CDS, the predecessor to the Adobe Approved Trust List (AATL), has five certificate
authorities offering certificates:
Sr No Name Website
1 Geotrust http://www.geotrust.com/
2 Entrust http://www.entrust.com/
3 GlobalSign https://www.globalsign.com
6 Post.Trust http://www.post.trust.ie/
7 Symantec http://www.symantec.com/
8 Swiss Digital Certificate Services http://www.swissdigicert.ch/
Link:- http://helpx.adobe.com/acrobat/kb/certified-document-services.html
2. How they can certificate and how much cost it is?
Entrust Certificates for Adobe CDS enable organizations to use digital signatures to sign Adobe PDF
files with confidence. Recipients feel more confident by seeing the visual trust indicators that verify
who published the document and whether it's been altered.
Available in four distinct versions — Individual, Group, Enterprise Lite and Enterprise Pro — Entrust
Certificates for Adobe CDS are optimal for organizations or individuals who share sensitive or official
information electronically, including statements, invoices, legal documents, engineering plans and
diagrams, diplomas, charters and more.
Sign and Secure Adobe PDF Documents with PDF Signing
Moving from paper-based to electronic document workflows increases productivity and reduces
costs for organisations, but can also increase the risk of document forgery or tampering.
Organisations need a solution that offers their electronic documents the same assurance of origin
and integrity as a wet ink signature provides a physical document.
Using PDF Signing to certify and add approval signatures to the document is the electronic
equivalent of adding a wet ink signature. A certified document assures the recipient that the
document is authentic, comes from a verified source, and has not been tampered with. Approval
signatures expedite an organisation's approval procedure by capturing the electronic approvals
made by individuals or departments and embedding them within the actual PDF.
Features
No plug-ins or extra software needed
Scalable solution, desktop or server-based options available
Timestamping supports time sensitive document transactions and audit trails
Compliant with digital signature regulations
Save time and resources, remove cumbersome paper-based transactions
Assures document has not been altered since sending
Signatures can be customised with any font, size, and even images
Usage
Certify your documents
Adding a certifying signature to a PDF means you are the author of the document, have finalised its
contents, and want to secure it against tampering after it has been distributed. Certified documents
display a blue ribbon across the top of the document containing the signer's name and the certificate
issuer - a clear, visual indicator of document authenticity and authorship.
Ideal for:
Any organisations implementing electronic workflows around sensitive or proprietary
documents, where preserving document origin and integrity is necessary.
3. Add Approval Signatures
If you receive or create a PDF with a digital signature field, you can use your PDF Signing Certificate
to add your signature. Signatures can be customised to include an image (e.g., your physical
signature or official seal) and various signature details (e.g., signing location, date, reason for
signing).
Ideal for organisations wishing to move the following types of documents online:
Purchase Orders
Contracts
Invoices
Sales Quotes
Any other high value documents
How it works
GlobalSign is an approved member of Adobe's Certified Document Services (CDS) program and our
PDF Signing Certificates are transparently trusted by Adobe Acrobat. This means once you receive
your certificate you can immediately begin certifying and digitally signing PDFs, without the need to
install any additional software or plug-ins.
Adobe Reader’s simple to interpret “Blue Ribbon, Yellow Warning Triangle, and Red X” messaging
allows even novice users an easy to understand method to determine if the document is legitimate.
GlobalSign partners with Seiko for timestamping so the date and time are captured each time you
sign a document, providing the unarguable evidence essential for time sensitive transactions and
audit trails.
System Requirements
Adobe Acrobat/Reader:
Digitally sign and/or certify PDFs with:
Acrobat Standard/Professional - Version 8.0+
Adobe LiveCycle Document Security Server - Version 9.0+
Validate signed PDFs with:
Adobe Reader/Acrobat - Version 8.0+
Adobe LiveCycle ES Digital Signatures - Version 8.0+
Drivers: For Acrobat to access the certificate (signing key) on your USB token, you must have
installed the SafeNet iKey drivers for your Operating System.
4. PDF Signing for the Enterprise
Organisations interested in implementing a secure PDF Signing solution should look no further than
the cost-effective, easy-to-use EnterprisEPKI (EPKI) to manage multiple PDF Signing Certificates. In
addition to offering significant savings over purchasing individual PDF Signing Certificates, EPKI
allows for full certificate lifecycle management. Administrators can easily and efficiently issue,
renew, reissue, and revoke PDF Signing Certificates all from one cloud-based platform.
Link:-https://www.globalsign.com/en-in/pdf-signing/#tab11
Adobe® CDS
Using digital signature technology, Adobe® Certified Document Services (CDS) provides recipients
with assurances that certified PDF documents are authentic — that they did indeed originate from
their stated author, and the portions of the document signed by the author have not been modified
since authoring.
CDS Certificat
Authors interested in creating certified documents will register with Entrust, have their identification
information verified and then be provided with a digital ID to be used in Adobe® Acrobat™ and
LiveCycle™ products to certify documents in real time. When a document is signed with an Adobe®
CDS certificate, the author's identity and the document content is verified every time a PDF
document is opened. In recent versions of Acrobat™ Reader, a blue ribbon appears at the top of the
document clearly indicating whether the document has been verified and who the author is.
How does it work
Authors that use Adobe® products to create PDF documents can now apply a trusted digital
signature to a document. Individuals using Adobe® Acrobat™ have always been able to apply a
digital signature to documents; however recipients (readers) haven't had the tools available to verify
those digital signatures. Now with Adobe® CDS signatures, the PDF reader can verify signatures and
authenticity of signed documents in real time without having to download software or plug-ins.
Organizations that use Adobe® Live Cycle can now have automated document processes certified so
recipients can verify.
For recipients or end users, when an Adobe® Certified Document is opened, a verification trust
dialog is immediately presented at the top of the document. The dialog may vary depending on the
version of Adobe® Acrobat™ however signatures generally look like:
What are the steps to get a CDS Certificate?
Getting a CDS is simple.
Step 1: Select the CDS certificate that's right for you. Our Guide should help you decide.
Step 2: Click on the Buy Now button on www.entrust.net. You will be guided through the process of
entering the necessary information to get your certificate. You will need to know your authorization,
5. billing and technical contact information. You will also have to provide your domain and company
information.
Step 3: Once the information is complete, Entrust will begin the process of verifying the information.
Our stringent verification process may include phone calls and trusted third party searches to verify
information. Once verified, your USB security token will be shipped to you unless you require a
certificate for an HSM module.
Step 4: Once you receive a Secure USB token you will have to install a software package that
initializes the token. Once complete the certificate is installed on the token.
Document has a valid signature and is certified
Document has an invalid signature
The signature cannot be validated
From a workflow standpoint, visual indicators can exist in the document indicating that the
document has been approved.
If my CDS certificate expires, what happens to the documents that have been signed?
6. Both Adobe® Acrobat™ and Adobe® Live Cycle are highly configurable to allow signatures to
?expire?. In most cases however, the signature will remain valid after the certificate has expired thus
allowing documents to be considered "valid" long after the initial signature.
How am I and my organization vetted?
In order to ensure the proper certificate is being issued, Entrust performs the following verification
steps to ensure a proper certificate is issued:
Individuals without an Organization
These individuals are not associated with an organization. The individual's name will be identified in
the CDS certificate.
Entrust will verify a government issued identity received by fax or scan.
A phone number for the individual will be obtained through a trusted third party source.
A call will be placed to the subscriber with the found phone number.
A validation email will confirm the email address of the subscriber via a shared secret.
Individuals or roles within an organization
In this case the certificate is for an individual associated with an organization. Both the individual's
and the organization's names will be identified in the certificate.
Confirmation of the legal existence of the organization will be obtained by Entrust using
trusted third party sources of information.
A phone number will be obtained through a third party listing.
A call to the Organization Representative (OR) contact will verify the employment of the
OR and confirm the authorization of the subscriber.
A call to the subscriber will confirm the request.
Entrust will validate the email address of the subscriber via a shared secret.
Organizations ordering certificates on behalf of the organization
In this case the certificate is for an organization whose name will be in the certificate. No individual's
name will appear in the certificate; however, a individual will be assigned as the Key Custodian for
the certificate:
Confirmation of the legal existence of the organization will be obtained by Entrust using
trusted third party sources of information.
A phone number will be obtained through a third party listing.
A call to the Organization Representative (OR) to verify the employment of the OR and
confirm the authorization of the Key Custodian.
A call to the Key Custodian to verify the request
Entrust will validate the email domain of the organization.
Entrust IdentityGuard Cloud Services
For customers of Entrust Identity Guard Cloud Services the verification must include authorization of
administrators that will perform the role of Local Registration Authority (LRA):
7. Confirmation of the legal existence of the organization will be obtained by Entrust using
trusted third party sources of information.
A phone number will be obtained through a third party listing.
A call to the Organization Representative (OR) to verify the employment of the OR and
confirm the authorization of the LRA's.A call to the Organization Representative (OR) to
verify the employment of the OR and confirm the authorization of the Key Custodian.
Entrust will validate the email domain of the organization.
What kind of certificates are there?
Entrust offers four different CDS Certificates:
Individual Signing Certificates — Manual: These certificates are used by individuals who wish to sign
and certify documents on an ad hoc basis. Examples of this are workflow approvals, legal
documents, contracts and letters. The certificates are assigned to an individual whose first and last
name appears in the signature along with their email address. This certificate is sold on a secure
token.
Group Signing Certificates — Manual: These Adobe® CDS Certificates are used by groups that wish
to sign and certify documents on behalf of a group. These certificates, delivered on a secure token,
display the organizational group name and email in the signature rather than an individual name.
They are intended for ad hoc use. For example a sales department may decide to sign its proposals
or RFP responses.
Group Signing Certificates — Automatic: These Adobe® CDS Certificates display the same signature
properties as the manual group signing certificates. The difference is that these are intended for use
in an automated process, (usually Adobe® Live Cycle) to sign and certify documents. Typical use
cases for this signature are invoices, account statements, transcript requests and confirmations.
Enterprise Signing Certificates — Automatic: Intended for corporate use, Enterprise signing
certificates display the company name in the signature properties rather than the name of an
individual or group.
Why do I need special hardware?
A requirement for providers of Adobe® CDS is to ensure the security of the private signing key. To
this end, the private key is generated and stored on a FIPS compliant cryptographic hardware that
ensures the key cannot be duplicated thus preserves the solution for non-repudiation. Entrust
includes a Safenet iKey with each certificate sold. This key is secured by passwords and is easily
accessed by signing applications. For Enterprise CDS signatures, organizations can download their
certificate to a HSM (Hardware Security Module) which is also FIPS compliant.
What products work with Adobe® CDS Certificates?
Adobe® CDS Certificates can be interpreted and displayed by Adobe® Acrobat™ Professional starting
at version 6, Adobe® Acrobat™ Standard starting at version 6.x, Acrobat™ Elements version 6.x
onwards, Adobe® Reader version 6.x and higher and LiveCycle™ version 8.x and higher.
Authoring software that work with Adobe® CDS certificates are Acrobat™ Professional and Standard,
versions 6.x onwards and Adobe® LiveCycle™ Document Security Server version 8.x and higher as
well as LiveCycle™ ES Digital Signatures.
8. How does this differ from other client certificates?
Most client certificates work well inside an organization that had deployed software to validate and
sign digital documents. Typically PKI customers have the ability to apply digital signatures and have
them validated by coworkers inside the organization. The problem comes when exchanging
documents outside the organization. Many recipients do not have the technology in place to verify
signatures, nor the skills to configure that technology.
Adobe® CDS certificates are different because the technology to interpret them is built into Adobe®
Reader which is ubiquitous. The benefit of using signatures in an application that is readily available
and on most desktops is that readers do not have to configure software and no special skills are
needed.
Can I reissue Adobe® CDS Certificates?
Adobe® CDS certificates can be reissued to the same identity throughout the life of the certificate. A
certificate may be reissued if passwords are forgotten, tokens are misplaced (an administrative fee
applies to the replacement token), a key is compromised, or if the individual leaves and organization.
If the subscriber leaves the organization, the key should be revoked without re-issue.
Re-issuing certificates should not be confused with recycling certificates which is a feature of server
based SSL certificates in Entrust IdentityGuard Cloud Services SSL Enterprise. With the SSL Enterprise
service an administrator can revoke a certificate and reissue that certificate again to another server
without depleting their inventory of certificates. This feature of SSL Enterprise is not available for
Adobe® CDS certificates.
What's the difference between certified and approval signatures?
A document that is certified attests to the content of the document and certifies that it has not been
altered in any way. When a document is certified, the author can specify what changes can be made
to the document before its certification is no longer valid. That usually takes the form of:
no changes permitted
form fields filled out only
comments on the document allowed
When a person (not necessarily the author) signs a document to consent or approve it, an approval
signature is applied. In all cases for approvals and certification, the document displays the certificate
status in the blue bar at the top of the window.
9. Entrust Digital Certificates — Quick Comparison
From extended validation (EV) SSL certificates to advanced code-signing or Adobe CDS technology,
Entrust Certificate Services provides one of the most diverse certificate offerings available on the
market today. More affordable than the industry leader, Entrust SSL certificates can also be easily
managed via the online management portal, Entrust IdentityGuard Cloud Services.
SSL Certificates-
EV Multi-Domain Starting from $373/year
Standard Starting from $155/year
Advantage Starting from $186/year
UC Multi-Domain Starting from $249/year
Wildcard Starting from $725/year
Private Starting from $116/year
Signing Certificates-
Individual Starting from $368/year
Group Starting from $533/year
User Certificates-
Secure Email personal $20/year
Secure Email Enterprise $45/year
Link:-http://www.entrust.net/ssl-cert-comparisons.htm#tabs-2
10. Market size
The Adobe Approved Trust List (AATL) consists of member organizations from around the world and
includes the members of the European Union Trust List (EUTL). They provide certificates that enable
creation of trusted digital signatures, whenever the signed document is opened in Adobe Reader or
Acrobat.
AC Firmaprofesional
Actalis S.p.A.
Almerys
Aruba PEC S.p.A.
Atos Worldline
BUYPASS AS
Camerfirma
CertEurope
Certicamara SA
Certinomis
Hongkong Post
CERTUM (Unizeto Technologies)
ChamberSign France
ComSign Ltd.
CryptoLog International
Dictao
DigiCert Inc.
Digi-Sign Certification Services Limited
DigitalSign
Entrust Inc.
GlobalSign
InfoCert
Intesa
Izenpe
Japanese Government (Government Public Key Infrastructure)
Japanese Local Government (Local Government Public Key Infrastructure)
Keynectis
LAWtrust
Logius
LuxTrust
Namirial S.p.A.
Proveedor de Certificados (PROCERT), C.A.
První certifikační autorita, a.s.
QuoVadis Limited
SAFE-BioPharma Association
SECOM Trust Systems Co., Ltd.
South African Post Office
11. Swiss Government PKI
Swisscom
SwissSign AG
Symantec
United States Federal PKI Authority
U.S. Government (DoD)
WISeKey SA
WoSign
Link:-http://helpx.adobe.com/acrobat/kb/approved-trust-list1.html