Adobe Systems Inc. Tuesday announced the availability of the Adobe LiveCycle Policy Server, which company officials say provides the strongest and most versatile security controls Adobe has ever delivered for determining who can open or modify PDF documents.
The LiveCycle Policy Server is tightly integrated with Adobe Acrobat 7.0 and the Adobe Reader 7.0, which Adobe also officially released to the market this week.
Adobe first announced the policy server last February at the Demo 2004 technology conference in Scottsdale, Ariz., and followed through with its promise to deliver the product by the end of the year, said John Landwehr, group manager for security solutions and strategy with Adobe, in San Jose, Calif.
The LiveCycle Policy Server is a J2EE (Java 2 Enterprise Edition) application that runs on most widely used platforms, including Windows, Linux and the Macintosh. Pricing for the server starts at $50,000 per CPU.
Adobe developed the Livecycle Policy Server because, for quite a while, customers have been asking for a digital rights management system that gives them sophisticated tools to manage document access, whether the document is inside or outside corporate firewalls, Landwehr said.
They want to access these documents using the same user authentication passwords used to gain access to corporate computer systems or virtual private networks, Landwehr said.
One of the key capabilities of the policy server is “that you can now use your existing authentication scheme whether its based on an LDAP infrastructure or Active Directory or even a developer interface” to other existing authentication mechanisms, he said.
Customers “are looking for more sophisticated ways to enforce risk management and regulatory policies,” said Eric Skinner, vice president of secure data solutions with Adobe partner Entrust Inc.
“Adobes new LiveCycle Policy Server fills an important need for persistent protection of enterprise information, and is very complementary to Entrusts security solutions,” Skinner said.
The policy server can specify employees singly by name, group, department or reporting structures according to the need of the moment, according to Landwehr. The server obtains this information instantly from the LDAP directory, he said.
Another powerful feature is that document producers can set different expiration dates for documents that they distribute to customers, business partners or employees. For example, “you can set a document like a price list to expire an on an absolute date like Dec. 31,” Landwehr said. “After that date the document will no longer open.”
Or document managers can set a general expiration policy so that every new document will expire eight years after it was created for record retention purposes.
The policy server is so sophisticated that it allows rights managers to revoke access privileges for a document after it leaves the premises and goes beyond the reach of the corporate network, even if the document is copied to a CD-ROM, according to Landwehr.
When a user attempts to open the document, the policy server is contacted to authenticate the user and determine whether that user still has permission to view it, he explained. If the user meets certain conditions, the server will transmit the decryption key to the desktop, allowing the user to open and view the document.
However, that doesnt necessarily mean a user must be online all the time to be authorized to read a document, he said. The policy server can also grant permission for users to read protected documents offline. In addition, the server can set “lease” policies that give users the right to access documents for finite periods of time, such as a day, a week or a year, Landwehr said.
The policy server also provides auditing features that track who opens, prints, modifies or attempts to modify a document, Landwehr said. The audit feature works even when a user is offline, capturing the audit data and transmitting updates the next time the user goes back online to contact the server.