Eutronsec - PDF document protection products http://www.eutronsec.it/infosecurity/Contents/ProductLine/Default.aspx PDF document protection products en Copyright 1996-2007 Eutron Infosecurity 15/09/2008 18:32:33 daniela.previtali@eutronsec.it m.zanchi.point2point.it <![CDATA[ KeySec - KeySec - FOCUS ]]> http://www.eutronsec.it/infosecurity/Contents/ProductLine/Default.aspx?IDProd=14&IDFamiglia=6 is a plug-in (supplementary module) for Adobe® Acrobat® 5.0 or higher, Adobe® Acrobat® Approval® 5.0 and Adobe® Reader® 5.0 or higher that enables protecting a PDF document by using the hardware keys.
KeySec enables encrypting a document so that it can be displayed only when an authorized key is present in the system.

WHAT IS A KEYSEC SOLUTION?
KeySec exploits the most wide-spread electronic format for contents display, namely the PDF format, adopting Adobe® Acrobat®.
It is made up of two modules:
1. the KeySec module, installed in Adobe® Acrobat®, enables encrypting the document and pairing it with a hardware protection
2. the KeySec Reader module, installed in Adobe ® Reader® , enables opening the protected document only if in possession of an authorized key.
This module can be downloaded from Eutron’s website, as well as the Adobe® application, for a better support of the users.
Who generates and distributes protected documents must only decide upon the users’ rights (Acrobat®’s standard) and the expiry date of the document (KeySec special feature). The module will take care of «binding» these values to the hardware key security.
Who receives protected documents shall only have to plug the authorized key in and open them with Adobe® Reader® as usual. ]]> KeySec <![CDATA[ KeySec - KeySec - PRODUCT FEATURES ]]> http://www.eutronsec.it/infosecurity/Contents/ProductLine/Default.aspx?IDProd=14&IDFamiglia=6

KeySec allows dividing PDF document users into three categories:

  • The owner (unique) of the Smartkey used to protect the document
  • The owners of Smartkeys authorised to open the document
  • Those not included in the categories above

Basic functions

A set of rights can be granted to each category of users (right to print, right to modify a document, right to "copy & paste" the content, and so on … ).

The owner of the Smartkey used to protect the document (called Master Key and identified by means of its serial number) has all rights on the documents, included the right to remove the protection and transform the encrypted PDF in a normal PDF, which can be displayed by everybody.

The owners of authorised Smartkeys are those with access to a Smartkey with the same IDCODE, same label and same password of the Smartkey used to protect the document.

All people without a valid key (or without any key) belong to the third category: generally, no right is granted to them, i.e. they can not even open the PDF.
Nevertheless, KeySec allows granting a set of rights to this category as well, even if Eutronsec advises against doing this for safety reasons.

In general, we can say that who doesn't own a valid key can benefit from certain rights (or, more often, no right at all), while who owns a valid key can benefit from more rights and , finally, who owns the Master Key can benefit from all rights.


Flowchart of how to create a protected PDF




Flowchart of how to open a protected PDF with authorised key




Activation of the product (KeySec or KeySec Reader)

A Smartkey dongle is supplied together with each copy of KeySec or KeySec Reader. Once the software installation is terminated, in order to use the product, it should be activated; you can activate the product in three ways:

o Via Internet on the same PC where KeySec or KeySec Reader have been installed
o Via Internet using another PC for connection
o Via Fax

The first two methods should be preferred, as they allow you to start using the software immediately. In simple words, you should connect with a normal Web browser to an Internet site; you will be prompted to enter an alphanumeric code (called personal code) generated by KeySec when requesting an activation. Based on this code, the site generates an activation code to be entered in the software in order to complete the procedure.
During these operations, the Smartkey to be initialised should be inserted.

The initialisation via fax mainly implies that the personal code is sent by fax to a defined fax number. The activation code will also be transmitted by fax.

To renew an expired key, the key user should follow a similar procedure, he should connect to a defined Web site to receive an updating code.


Advanced functions

KeySec allows specifying a PDF expiration date when protecting the PDF itself. This date is stored in the document; when the document "expires", it can be open only with the Master Key.

Furthermore, as we have already seen, a Smartkey can have an internal memory. If this is the case, KeySec allows specifying an expiration date for each physical Smartkey (i.e. for each serial number): the day after the specified expiration date, the Smartkey will no longer work. Key administrators, by means of a simple Web interface, control this setting; the date is materially written in the Smartkey when the product is activated.


----------------------------------------------------------------------------------------------------------

Example of step-by-step procedure for the distribution of a PDF document protected with KeySec

In the following example we analyse two figures: the operator, in charge of PDF document protection and, by means of the Web interface, management of expiration date of keys distributed; and the user, who benefits from the documents protected by the operator.
The operator should have the following instruments available:

  • Computer with Windows 98, 98SE, Me, NT 4.0, 2000 or XP
  • Adobe® Acrobat® 5.0
  • KeySec
  • A Smartkey (that will become the Master Key of this distribution network)
  • Connection to the Internet and Web browser
The user should have the following instruments available:
  • A PC with Windows 98, 98SE, Me, NT 4.0, 2000 or XP
  • Adobe® Acrobat® 5.0 or Adobe Acrobat Approval 5.0 or Adobe Acrobat Reader 5.0
  • KeySec or KeySec Reader
  • A Smartkey supplied by the operator (therefore, with the same IDCODE of operator's Master Key)
Procedure for the operator:
  1. Open Adobe Acrobat 5.0
  2. Activate KeySec connecting to the special Web site (only for first use)
  3. In Acrobat, open the PDF you want to protect
  4. Insert the Smartkey (Master Key) in the USB or parallel port
  5. Select the menu control in Acrobat that allows applying a protection to a PDF document
  6. Establish a label and a password for the Master Key of this distribution network and set them
  7. Select the rights granted to authorised key owners (i.e., with the same IDCODE, same label and same password of the Master Key)
  8. Save the document, which now is encrypted and protected
  9. Connect to the Web site for your own key management and set the expiration date and password of each key. The password should be identical to the one used for the Master Key
  10. Distribute protected PDF and Smartkey to users, transmitting the Master Key label to users.
The steps 3 to 8 can be carried out in batch, i.e., automatically on a large quantity of documents.

Procedure for the user:
  1. Insert the Smartkey received from the operator in the USB or parallel port
  2. Open Adobe Acrobat 5.0 or Adobe Acrobat Approval 5.0 or Adobe Acrobat Reader 5.0
  3. Set the label transmitted by the operator (only for first use)
  4. Activate KeySec or KeySec Reader by connecting to the Web site indicated (only for first use)
  5. Open the document
In order to complete points 3 and 4, the user should be aware of the label set by the operator for the Smartkey of this distribution network. On the contrary, the password will be transmitted to the software by means of the activation code, thus ensuring the safety of data stored in the key memory.

----------------------------------------------------------------------------------------------------------

Applications

KeySec will prove particularly useful when:

  • selling corporate financial reports to make sure the purchaser of the document alone can have access
  • distributing confidential files when a joint venture is about to be put up to avoid other parties from getting to know your next enterpreneurial action
  • circulating documents of a new industrial project to protect its secrecy until it's released to the public, thus allowing to save the exclusivity of your patent
  • complying to privacy regulations recently being enforced in terms of health to prevent the personal file of a patient from being exposed
  • demanding for the utmost sensibility related to the administration of your market investments
  • needing for descretion when you deal with insurance reports
  • and much much more still to name.

Not only large, but also small/medium sized companies can take benefit.


]]> KeySec <![CDATA[ KeySec - KeySec - SYSTEM REQUIREMENTS ]]> http://www.eutronsec.it/infosecurity/Contents/ProductLine/Default.aspx?IDProd=14&IDFamiglia=6

Hardware:

  • PC IBM o 100% compatible
  • Pentium 100MHz or higher
  • RAM 64MB or higher

Software:

  • Windows 2000, XP
  • Adobe® Acrobat®
  • Adobe®Acrobat® Approval® (solo per KeySec Reader)
  • Adobe® Acrobat® Reader® (solo per KeySec Reader)
]]> KeySec