A start-up has developed a server for encrypting Adobe Portable Format (PDF) files in such a way that users cannot recover the key used for decryption and are limited as to what they can do with the secured document.
Authentica Security Technologies Inc. says outfitting PDF documents with a public-key system can help companies ensure that sensitive information remains private, even if shipped as attachments across the Internet. Its PageVault Key Server lets users control who can read not just entire documents, but specific pages within a document, as well.
“You cannot secure the network if information is leaving,” says Lance Urbas, president and CEO of Authentica. “You have to secure the information. You also need to protect the keys, not the locks.”
Authentica integrates with Adobe’s Acrobat Exchange tool to let users create and encrypt documents. Users can set which pages are viewable, by whom and for how long. PageVault stores and protects the one unique key for each page in a given PDF file using 128-bit encryption. Communication between the server and the client is also encrypted using Secure Sockets Layer.
Urbas says that by protecting the keys used to encrypt the document, the original can be stored anywhere in its encrypted format since 128-bit encryption is virtually uncrackable. Since the keys are held at a single point, the U.S. government allows the 128-bit encryption technology to be exported to any nation except the seven nations that the U.S. believes support terrorism.
Encrypted documents are downloaded and decrypted one page at a time. Users cannot print or screen dump the document unless authorized-nor can they capture the keys used in the decryption process, Urbas says.
Those wishing to read encrypted documents must use Exchange and an Authentica plug-in because Adobe Reader has not yet been fitted with the necessary add-ons. Encryption adds an extra 700 bytes to each page making the system suitable for dial-up users, Urbas says.
Tim Evans, a consultant working for DuPont, says PageVault is quite easy to install and administer. However, he says one problem was getting his users to understand how a public-key system works.
“Users have to be able to get and install a digital certificate for their browser, then export that certificate back to the PageVault server,” Evans says. He stressed that this is not a problem with PageVault, more a general lack of knowledge regarding PKI.
The PageVault Key Server (www.pagevault.com) is available for Sun Solaris 2.5.x or greater and Windows NT 4.0 with service pack three installed. Clients require Acrobat Exchange 3.01 or greater on Windows 95/98, Windows NT 4.0, or MacOS 7.6 or later. Pricing for the server starts at $13,995 for a 100-user licence.
Authentica in Waltham, Mass., is at (781) 487-2600.