With many high-profile issues on the agenda of this week’s RSA Show in San Francisco, it’s easy to lose track of smaller but interesting advances.
One that stands out is pdfProof, a PDF document authentication product announced yesterday by Cambridge-based encryption and security specialist nCipher.
The object of the new system is simple - to make it possible for companies to send PDFs in a way that lets recipients know with 100 percent certainty who they’ve come from.
At the moment, nCipher says this is difficult to achieve in a systematic way. Products tend to work only from desktop-to-desktop, leaving no secure audit trail. By contrast, pdfProof uses nCipher’s "document sealing engine" hardware appliance as the gateway through which PDFs are digitally signed with the identify of the originator before being time-stamped and routed to the addressee. Users creating PDFs need only load an Acrobat plug-in.
The company claims this will make it possible for recipients to be sure the PDF is genuine and, as importantly, has not been tampered with. It will be possible to trace PDFs back to specific individuals at a single moment in time.
This type of document authentication is becoming an increasingly important requirement in the legal, public sector and financial sectors where regulations such as the US Government’s Paperwork Elimination Act are starting to bear down on enterprises.
The pdfProof security appliance itself can process up to 125 PDFs per second. The signing and time stamping are performed within what the company describes as its “FIPS 140 Level-3 validated tamper-resistant, Hardware Security Module".
The hardware, originally launched last September, can 'seal' other types of file such as Word and Excel documents, but it is the ability to work with PDFs that is seen as most significant.
Pricing is £39,324 for the complete system.