Digital Signature Authentication

Similar Messages

• A problem about digital signature authentication

  Hi all:
  I just want to know how to implement the digital signature in the adobe form as well as its theroy, processing and the server condition. Please inform me any document available for reference.
  Thanks.

  The Digital Signature User Guide and Acrobat Security Administration Guide are of particular interest at the location Simon pointed to.

• Use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature?

  Dear all,
  I am looking to setup the use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature. We SSO to the backened ABAP AS via an SAP NW Portal to which SPNEgo kerberos authentication is setup. Today we specify R3 user id/password to digitally approvae a lot release. The idea is to have users maintain one AD password and don't have to remember the R/3 password anymore and also our Security team to avoid password maintenance.
  I know there are 3 options for digital signature and
  System signature with authorization by user ID and password (We use this currently)
  Digital User signature with verification - (We would like to use this with AD userid/password, so the system still ask the users their AD userid/password for the authentication when they try to "sign" a document.)
  User signature without verification
  Do you think there is a way to configure the system in order to ask and check the active directory userid/password instead of SAP R/3 password? Where can I found documentation about it ?
  I have several different versions of AS ABAP starting from NW 7.02 to NW 7.31.
  My active directory is based on Windows 2008.
  Thanks in advance!!
  Dhee

  Actually enabling Kerberos for SSO purposes and enabling Kerberos for digital signatures are two different topics although the latter is because of the former. I'm interested in the topic as well and I'm currently looking at different options. SAP provides a BAdI for the digital signature API which can be used for external authentication but they do not provide the solution to invoke Kerberos authentication based on username and password. SAP provides a semi solution with NWSSO 2.0 SP2 which works only on Windows with classic dynpros meaning SAP GUI for Windows is assumed. The solution is based on an ActiveX component which does the actual Kerberos authentication using the Secure Login Client which is part of the NWSSO suite. Extending that implementation to non-Windows and non-GUI applications would require some sort of web enabled service that could be used to authenticate the user with username and password. In case authentication is successful, a Kerberos token would be returned to SAP which would then be validated. All the required pieces are there since SAP has Kerberos support now in both stacks of the NetWeaver Application Server, some bits are still missing though which leaves customers looking at 3rd party or custom solutions.

• Adobe PDF/Acroforms & Digital signatures/Integrity/Authentication/Non repudiation

  Hi folks,
  I have been investigation the feasibility of using PDF as a customer-facing data collection mechanism, starting with Acroforms for a pilot, initially at least (we may consider XFA/Livecycle in a later phase).
  I've got a demo application up and running using the FDF toolkit, presenting PDF forms to the web user, collecting and processing/storing the collected data etc.
  My question is around how this process can be secured.
  (Q1) (This may be strictly a web dev question, please ignore if considered not relevant here) : If the web application communicates over HTTPS, then the conversation between client & server is secure (encrypted at least, so that others cant sniff the content?) - but it does not necessarily authenticate the end user to the server?
  (Q2) If we wish to ensure that the FDF data Submitted from the PDF form (via submit button to an ASP.NET url) is (a) known to be authentic from a particular known user, and (b) signed in some way to be non-repudiatable ... how can be do this with FDF ? If we re-generate a flat PDF document from the data they entered, is there any digital signature mechanism that can be employed for the public end-user to "sign" the PDF document in a manner that ensure Integrity/Authentication/Non repudiation ?
  any pointers to Adobe or Third party toolkits, products etc. ?
  best regards & thanks,
  Aidan.

  Q1. That's right. But if the form includes fields for a username/password, this could be sent along with the rest of the data and used to authenticate the user. Or you could use other common means, but as you said, this has nothing to do with Acrobat.
  Q2. FDF can contain digital signature data. So the form would have to contain a signature field and the user would have to sign it. Assuming a self-signed signature, it's up to you whether to trust such a signature. The signed PDF is constructed from the original PDF that was served by concatenating the appended saves contained in the FDF. You can then validate the signature.
  George

• Digital signatures with different versions of Reader

  I have created a form which requires a digital signature for approval. Typically, an employee will complete the form in Reader and forward it to a supervisor for approval. The supervisor needs to sign it digitally and forward it to me.
  The issue we are having is with those employees who are completing the form in Reader and the supervisor (or someone thereafter) has a more updated version of Reader and cannot sign the document. What can we do to stop this from happening? There is no practical way to keep everyone on the same version of Reader. We will have many more forms which require a signature, and we need this issue resolved. (I am using Adobe Acrobat 9 Pro to create the forms.)
  Also, is there a way to verify the digital signature without using a third-party source? At this point, we know anyone can create a digital signature using someone's hand-written signature they found on another paper and we would like to prevent this from happening. We need to validate the person who used the digital signature is really that person.
  Any help is appreciated! Thank you!

  If you are creating your forms in Acrobat 9 Pro. and then Reader-enabling them for digital signatures, then recipients of the form will need to use at least version 8 of the Adobe Reader. Also, you'll need to do a few things during the authoring stage of your form, if your form changes by role (i.e., additional data is entered, annotations, or multiple signatures). Mainly you'll need to use a certification sig. for the first signature and set permitted changes after certifying.
  You can find a lot more detail on best practices on developing forms for multiple signatures in the Digital Signature User Guide at:
  http://www.adobe.com/devnet/acrobat/pdfs/acrobat_digsig_userguide_90.pdf
  The guide also explains how to validate documents (authenticity validation and document integrity validation).

• Adobe Acrobat - Digital Signatures Security

  Hi,
  The business I am working for is making a push for online fill in forms for simplicity and less paperwork. At the moment they are using word docs with fill in sections that are terrible to deal with and still require you to print them out to sign it.
  I have developed a PDF fill in form using Adobe LiveCycle that uses digital signatures. My only worry is how the digital signatures are created. It seems it is fairly easy to create a digital signature for someone else and use it without it being authenticated.
  I have done some reading around and it seems to suggest that you are able to intergrate windows user accounts with adobe security somehow, but I am unable to find how to do this. I also don't have access to any of the windows security certificates so I will need to pass on information to the external IT company that manages it for them to do.
  So, more specific question: How do I intergrate Adobe Acrobat signatures/security with windows user accounts so that only a specific list of users are able to sign forms.
  Or if there is a better way of doing this let me know.
  Thanks

  Hi,
  You don't need to do anything. If the user has loaded their digital ID into the Windows Certificate Store (or the Mac Keychain) then Acrobat (and when I say Acrobat I mean both Acrobat & Reader) will pick up the digital ID and make it available at signing time in the Sign Document dialog, "Sign as" drop-down menu.
  Steve

• Confused about digital signatures

  Please refer to this archived thread:
  http://www.adobeforums.com/webx?128@@.59b4d8d6
  I'm researching digital signatures because we have a request form that was created in Acrobat 7.1, and that a user signed by creating his own signature in Reader 8.x. In Acrobat 7.1, I see a message when the file is opened that it has been digitally signed, and it verifies the signature. I'm trying to figure out whether that signature process would satisfy an auditor as to its authenticity.
  But according to the above thread, I'd need at least Acrobat 8.0 to "enable" a PDF to be signed. What does that mean? The form I received, by all appearances, *was* signed. It didn't need a special signature field... the signature was added over a standard text field and it was recognized and authenticated, and appeared in the signature pane in both Acrobat 7.1 and Reader 8+.
  Also, what does the 500 signature limit mean? By what process is it determined how many times a form has been used and signed? There is no tie, as far as I can see, from one copy of the form to another. The user simply saves a copy, fills it out, and sends it in. Many different people use that form (it's a work request form for IS services). Does the 500 limit apply in this scenario?
  If anyone could please advise and point me toward documentation that would help me understand how all this should work, I'd be deeply grateful.

  >But according to the above thread, I'd need at least Acrobat 8.0 to "enable" a PDF to be signed. What does that mean?
  It means that you need to use Acrobat 8.0 Professional or above to
  prepare a PDF in a special way.
  If this is not done, Reader cannot sign it.
  > The form I received, by all appearances, *was* signed.
  One possibility is that the person who signed it was not clear about
  what software they actually have.
  >
  >Also, what does the 500 signature limit mean?
  The EULA gives the legal details that lawyers would apply. It has
  seemed that each copy used counts towards the 500. If there is ANY
  POSSIBILITY of this limit being reached it is prudent to use Adobe's
  server enabling software instead.
  Aandi Inston

• Digital Signatures with Smart Cards

  Hi folks,
  It is my first time with digital signatures on R/3 system. I’m at customer that uses smart cards (hardware cryptography). We are doing the SAPCRYPTOLIB and front end installations. After finish these tasks, we need to implement the signatures into 3 workflow processes. I already read the SSF programmers guide, API specifications and SSF user guide. But I still have some doubts:
  The SSF profile is stored into smart card with private key information, but where are the public keys stored? (PAB – Private Address Book of my trusted circle).
  Do I need the CRLs? Note: this is only for workflow processes that run inside of customer landscape; this is not a B2B scenario.
  We don’t have clear yet how we sign the data; we are thinking sign a BOR object. Create an attribute and use it to pass the signer data. Note: for the customer, the objective is user authenticity guarantee.
  The BOR object instance ends when the flows finish, so wee need to store the signed data for auditable reasons. A database table can be a good approach or there is another standard way?
  P.S.: anyone have documentation about this subject, something like how-to with guidelines?
  Thanks in advance,
  Ricardo.
  Message was edited by:
          Ricardo  Quintino

  The SmartCard device is present at the frontend PC - and that's the place where the digital signature operation has to take place. Important is the "What You See Is What You Sign" principle: it has to be ensured that the data that is to be signed (using the private key stored on the SmartCard) is exactly the same as the one that is displayed to the user.
  Notice: there is a different scenario where the server is signing the data (after prompting the user for userID and password and validating that information).
  The signed data is then transported back to the server where it is stored (to ensure auditibility); usually you'll have to keep the (archived) data for years; the public key need to be archived as well.
  Notice: it is possible to attach the certificate (-> public key) which has been used to sign the data to the signed data.
  Regards, Wolfgang

• How to configure CoSign Electronic Digital Signatures for UCM 11g

  Hi everyone,
  current I am doing a UCM poc with CoSign Electronic Digital Signature for a customer, this case is that when user approve a check-in PDF document in workflow, the user can use "sign and approve" to invoke the electronic digital signature action.
  since ECM 11g is based on weblogic, I configured the keystore for the weblogic as the below steps:
  1) use keytool to import a keystrore file just as cosigncert.jks from the cert file which provided by the vendor CoSign.
  2) Security Realms->myRealm->Providers->Credential Mapping, create a new provider using "PKI Credential Mapping Provider" and configure the storekey cosigncert.jks for this provider.
  3) Security Realms->myRealm->Providers->Authentication, select DefaultIdentityAsserter and add x509
  4) configure storekey for AdminServer and UCM managerServer using cosigncert.jks
  5) configure SSL for AdminServer and UCM managerServer.
  after finishing this steps, access the UCM console to do the approve with siginature. but it always throw "can not find the validate certification path"
  does any one know which step missing?
  Thanks & Regards
  shifeng

  Take a look at this chapter in the manual http://docs.oracle.com/cd/E23943_01/doc.1111/e10978/c03_repository.htm#CSMRC1611
  (Electronic Signature is now a feature of WebCenter Content; if you are looking for a 3rd party solution for signatures, but perhaps also timestamps, check what partners can do for you)

• Digital Signatures for cProjects Approval

  Hi Folks,
  I am on cProjects 4.5 and from what I understand there are 2 options for this based on whether or not I check the "Signature of Approval with User Certificate" box in Project Type config.
  Unchecked - user is prompted for cProjects password and this works fine. Only issue for us is, we are on the portal and most likely cProjects password will be different and unknown to user. As per note 928527 this is standard behavior and tough luck for anybody on the portal.
  Checked - use is given the ability to digitally sign the PDF approval document. When I select "sign" on the PDF I am given the ability to create a new ID or use an existing ID from a file, server etc. I created a new ID and signed the document. Once I do this and click the transfer button the system appears to hang. The progress indicator appears and keeps going.
  Therefore my questions are:
  1. Is there any additional config I need to do in cProjects. ADS or anywhere else?
  2. How exactly does adobe digital signatures work? If anybody simply create a signature how does that provide any verification of authenticity?
  Appreciate any help.
  Thanks,
  Lashan

  Hi,
  please see teh Configuration Content for cProjects 4.5 available in SAP Solution Manager and also as PDF attachment to SAP Note 1035436.
  There it says:
  Making Settings for the Approval
  Use
  You can use user certificates for digital signatures of approvals.
  Prerequisites
  ● You are using Microsoft® Internet Explorer 6.0 or higher.
  ● You have a user certificate that is suitable for digital signatures (for example, the single
  sign-on certificate).
  ● You have installed Adobe® Reader and Adobe Document Services.
  Procedure
  To verify the signature, enter the corresponding root certificate in the certificate list of the
  Personal Security Environment (PSE, transaction STRUST). For more information, see the
  documentation for the activity and the Adobe Document Services u2013 Configuration Guide NW
  2004s on SAP Service Marketplace at service.sap.com/adobe u2192 Media Library u2192
  Documentation.
  In fact, what is described in the ADS documentation referenced above is that you have to install
  the certificate also on the ADS.
  Kind regards,
     Florian

• Implementing Digital Signature Strategy In Adobe Forms

  Hi Everyone,
  I need to know how to implement Digital Signatures with the use of Signature Strategy in my ECC 6.0 system..
  Here is what i've done already,
  1) Created a signature strategy with user authentication and registered the Signature Object in TA_SIGNO according to the document below.
      [http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e0fbaa71-cd8d-2910-5982-e30626035400]
  2) I have Adobe Acrobat 9.0 already.
  3) Now, Ive added a Document Signature Field in my Adobe Form Layout too.
  4) How to implement the Signature strategy i've created in this Adobe Form ???????????
  Kindly share your ideas.
  Edited by: Prashanth on Jan 25, 2011 1:21 PM
  Edited by: Prashanth on Jan 25, 2011 1:30 PM

  Hi,
  maybe the reason for this is that the status of the digital signature is not changed. Then the system thinks that the digital signature is still completed and therefore the user is not getting the pop-up again. The database table for the digital signature for documents is TC77. I hope this information is usefull for you.
  Best regards,
  Christoph

• Digital Signatures with PIX and MS IAS

  Does the PIX support simple digital signatures? I would like to find a away for an IAS server and a PIX to exchange signed packets.
  In particular I am trying to increase the security of the initial PAP shared key exchange during user authentication.
  Any help is appreciated. I am coming at this from a windows background.
  TIA - Willem

  I believe PIX supports simple Dig Sig.

• How do I retain digital signatures when merging documents?

  We digitallty sign invoices, but when we merge them with the copies of the checks, the digital signatures are removed.  Is there any way to retain those signatures in the merging process?

  One really crucial thing to "get" right at the start of working with PDFs and digital signatures is this: what is signed is not a page, but a document. This can be painful when trying to convert a paper workflow based on signing pages. But the signature is giving the authenticity of the whole of the PDF. This is, in fact, a key reason why portfolios were invented.

• Integrating Digital Signatures into J2EE Web App

  I have a requirement to add digital signature functionality to a J2EE web application. Our customers would like to press a �sign� button on a web page, be prompted to connect their hardware security token (e.g. USB device or smart card), and the signatures stored inside our system for later verification (e.g. in court).
  The main issue I can see is that when using hardware-based tokens the private key can never leave the device, so the device itself does the signing. Whereas our J2EE Web Application has all the code on the app server tier, and the data is located on the database (and in our architecture cannot be exported to client PCs for security reasons).
  Does anyone know of any solutions to this kind of requirement? Any vendor toolkits that allow this? From what I�ve read from researching this subject the pieces are all there but most web-based security solutions only implement application login authentication of one sort or another.

  Hi Tony,
  As of DIAdem 2012 there is no product feature that makes it easier to create a web front end to DIAdem.  You can host DIAdem with a terminal services approach such as Citrix, which will give you all of DIAdem's functionality in a web GUI.  You can also host DIAdem on a cloud server if that's where your data is.
  On final option is that LabVIEW offers a user programmable web server which can make calls to DIAdem via ActiveX.
  Brad Turpin
  DIAdem Product Support Engineer
  National Instruments

• Importing older Digital Signatures into an Electronic Document Mgmt System

  I have Adobe PDF documents signed with digital signatures in 2002-03 that I need to import into an EMC Documentum repository without invalidating the signatures.  When I try pulling documents into the system, they are seen as "changed or modified" by the authentication software, and the signatures dissappear.  How do I get around this?

  2002-2003 signatures were signed probably with Acrobat 5 or 6. Two questions:
  1. If you open this PDF in Reader XI, does it validate the signatures as valid?
  2. If you import into Documentum PDF signed with the latest Acrobat version (X or XI), does Documentum import then without errors?
  If the answer to question 1 is "no" then there is something wrong with these PDFs.
  I am not familiar with Documentum, so this is just a speculation.
  My guess is that the answers to both questions are "yes". If so, then Documentum does not support the older PDF signature format (which is still in PDF 1.7 specification).
  If the answer to question 1 is "yes" and to question 2 is "no", then perhaps Documentum does not support signed PDFs.
  I am not familiar with Documentum, so this is just a speculation.