Friday, July 14, 2006
The service is easy to use and can be used with Acrobat 6 or 7 although 7 offers higher security by utilizing the AES encryption standard in 128 bit cyher strength.
The Protected PDF service is now available as a public beta (users need to create a free trial account). You can access it either via the Create Adobe PDF Online service https://createpdf.adobe.com or directly via https://policy.adobe.com/spdf/login.do
Policy Server protects PDF documents and will not allow them to be rendered unless the policies declared by the document owners have been satisfied. Even then, APS might not allow certain types of interactions with the documents such a printing or copying parts of the document.
What I like doing is also using it as a tool to see how many people actually read the stuff they ask you for. Any PDF document can be audited to see who actually read it, for how long and what other actions they took.
Wouldn't it be fun to ask someone to summarize a document you sent them when you know for a fact they haven't read it? Oops - now my prankster side is emerging.
Wednesday, July 12, 2006
In my position as a technical evangelist, I often get opinions flying at me left, right and centre (note "correct" spelling of "centre") of issues. One recent issue that blew me away was in response to a news bit about how the FBI allegedly stopped an espionage ring from stealing a secret Coca-Cola recipe and selling it to rival Pepsi.
Given I usually talk about how using Adobe LiveCycle Policy Server could have prevented such things, many people were eager to come up to me and express that I should write about this. I am hesitant to make any such claims for a number of reasons. First - if you are dealing with people who have access to information and they are really intent on betraying your organization and leaking the information outside, there is little you can do to stop them. Employing some advanced information assurance technology like Adobe Policy Server or Microsoft’s Rights Management Server will do little to thwart someone with a pen, paper and access to the recipe or a digital camera. Secondly, if you can render something once, you can capture it and re-serialize it to distribute electronically later. The side channel art of deception is also commonly referred to as "Social Engineering".
People looking at Policy Server need to be very clear on their expectations. Policy server can do a number of very important things to protect digital property. Looking at the scenario at Coca-Cola, I would have recommended the following:
- Any recipe document should have been policy protected and available only to a very small list of people who were supposed to have access to it. I would also place a large watermark on the document so each of them know that if they release the document it can be traced back to them.
- I would audit the list of people who have access rights and immediately suspend rights to anyone who no longer needs to have the information.
- When the document is stored, it would always be encrypted using the AES 128 bit cipher.
- I would regularly audit the trail of document interactions to see if there are any patterns that would indicate a problem such as an employee repeatedly rendering it and trying things like Printing, Control-Printscreen, Cutting and Pasting etc. If these patterns persevere, it could be indicative of a problem.
- In the event that the recipe did leak out, I would immediately make that document non-render able.
- Each document involved in the process would have it's entire process model documented and would be immediately deprecated and non-render able once it is no longer required.
In short, no matter what security system you put in effect, someone can and will find a way around. What Applications like Policy Server do is make it more difficult for people to do front channel attacks, often drawing more attention to themselves as they have to develop side channel tactics.
On a side note, no one has yet claimed the $500.00 I offered if this Adobe Policy Server protected document could be rendered. It is still up for grabs if anyone thinks they can defeat Policy Server. The cash is sitting here – waiting for you.
Monday, July 10, 2006
1. Neither of us is complacent. If something is broken - do something about it.
2. Both of us are musicians who write and perform politically driven music.
3. We both push the boundaries. No society advances without someone constantly provoking it. People hate it but it needs to be done.
4. I guess there may be a slight resemblance between my picture and some from his site but you judge. I personally thought I was more like Billy Idol from Gen-X. Met the guy once - we do look alike.
Do we look alike?
So what the hell does this have to do with artificial intelligence and Adobe LiveCycle. Artificial Intelligence is a huge waste of time and will never work. What is promising is the concept of Computational Intelligence or getting computers to aspects of mimic intelligence based on our expectations. There are two very important and almost always neglected aspects of CI. One is the lack of context. Context is everything, especially for inference. Look at the Sex Pistols putting out Never Mind the Bullocks made a lot of people at the time very upset for a number of reasons. It was insulting to the queen of England and talked about real things we all think. Keep in mind this perspective, the Queen of England once hated Rock and Roll, but has since knighted several rock musicians. In the context of rock’s invention, it was not accepted however over time, it became an acceptable art form (WFT that really means). Looking back now, the Pistols got an entire generation to sit up and say "something’s not working here and were pissed". In the right context, I would nominate Johnny and the boys for giving an entire generation the message that they better think for themselves and things can be changed. It changed my life. When I had the chance to work for the United Nations and be disruptive and tell people who were full of crap that they were full of crap. I did it and I am proud of that.
The point is that Context is everything and most approaches to artificial intelligence seem to be rather static than dynamic. Most of the AI research to date in the field of Ontologies and semantics seems to take a hard coded approach. This is not how humans think.
To add to the problem, there is one other important thing that humans do well that computers cannot do as well. This is excellently summed up in David Luckham who I consider a genius in every sense of the word. Definitely on par with Johnny. Simply stated, it is the ability to detect two events, recognize the context in which they occur and understand the causality relationship between them For example, if you came home and saw that your spouses car was gone, that is one event. If you then saw a guy carrying a TV around the corner, that in itself is another event. Now put the two events together and the causality may point to a situation where they are stealing your TV because the house is empty and they helped themselves. Easy for a human, not so easy for a programmer to capture this model in a generalized sense so it can be reused over multiple examples.
To make Computational Intelligence work, one would require a model for Complex Event Programing, an inference engine using something like the Blackboard patterns with a hypothesis limiter on it to negate the exponential hypothesis problem, a context ontology to layer over top of whatever semantic reasoning one might employ, and a large enough source of events that be used to feed it all. The latter is very important since event isolation would lead to an incomplete set of events to mine for the inference component and probably miss key things.
This is where Adobe LiveCycle enters. LiveCycle, as a platform, has several key places where events are captured and stored in a manner that they can be audited later. The next generation of the LiveCycle platform and the blades that plug into it carry a much more complex series of audit trails than the last version.
Here is a hypothetical situation where a phishing attack is starting. A mass email goes out and tells customers of a bank to use their forms to change their password because of a security breach. If you use LiveCycle Forms, served from a LiveCycle Form Manager, you will generate an auditable event each time one of your customers grabs the form. If your customers account is then accesses and a transfer form is filled out, that will also generate a second event. You now have two events that have a relationship to one thing - the unique account. This should be a relatively easy pattern to catch if you are using LiveCycle as a platform over your IT infrastructure. If you were to use multiple disparate technologies, it could also be caught however this may take more hard work to account for different Document models and mine the events at the same level of granularity.
LiveCycle Policy Server will be able to make events accessible in the LC 8 release and via the SDK, some events are available now. This should be useful to companies who are serious about thwarting criminal behaviour linked to people using their IT infrastructure.
Back to Johnny Rotten now. Things have to change in the world. The pistols and PIL changed me and now I am feeding back change into the world. People need to start thinking about this stuff and start finding ways to fix it. Come to think of it, I guess I am not too changed from my previous punk days. The picture on the left was taken in July of 2006 ;-)
For those of you who do not know what LiveCycle is, it is a core part of Adobe’s engagement platform. Essentially, it is a platform plus a series of servers that provide core functionality to act as a bridge to allow an enterprise to engage the far edges of the internet in a variety of ways. The marketing spiele states:
The Adobe® LiveCycle® family of J2EE-based enterprise software enables organizations to create, deploy, and optimize solutions to more efficiently capture, process, and archive information. It combines robust process management with electronic forms, document security, and document generation in an integrated and cohesive set of products that work inside and outside the firewall, for users in online and offline environments.
LiveCycle solutions leverage the universal client Adobe Reader® software and Intelligent Documents based on PDF and XML to capture information from users and automatically process it to the back-end or transaction systems that need it.”
For more about what it is, just visit http://www.adobe.com/products/livecycle/
The top four reasons why I think some find it boring?
- Most successful technologies are very simple and do something so well that they are often forgotten. Think about HTTP – you don’t see analysts and press talking about how radical and exciting it is. HTTP simply is a workhorse that does something extremely useful to the benefit of everyone. Once it is up and running, you tend to forget about it unless you have a problem. Adobe LiveCycle is a workhorse – most people are more interested in what it has done rather than how it has done it. Once it is deployed it sits there quietly in the background just performing its tasks. Not really that exciting…
- Another trait that well designed and well thought out technologies have is that they solve a problem and do it well. Once the problem is solved, the IT group moves on to the next problem and unless something breaks, tend to somewhat forget about the problem they just solved over time. Once you deploy LiveCycle to do something, you should hopefully be able to move on to other problems and more or less forget about it.
- LiveCycle does the middle tier connecting. Simply, with all the buzz about Application Servers and Rich Internet Applications (RIA’s), the workhorse (the middle tier) is often neglected. Although absolutely essential, most people will never see it directly, only interact with it other that the results. Look at components like LiveCycle Assembler. It gathers data from various other sources and serves it up as a PDF document then hands it off. The end user only sees the PDF document and should not really care how it got created. In fact, if you started telling them about Assembler, most would probably go to sleep since they do not need to care how.
- LiveCycle is complex. In fact, there are so many libraries providing the functionality behind the scenes, that most people would (and should) get bored if they tried to read through and understand all of it. If someone is really excited about LiveCycle and talks about it with a passion, they need another hobby.
In following weeks, I will post some more advanced subjects converning LiveCycle. Stay tuned.