Rights Management security

To ensure the confidentiality of documents that are protected by policies, Rights Management implements three layers of security:

  • Authentication

  • Authorization

  • Document confidentiality

Authentication

All users are required to log in to interact with Rights Management. Users can log in through Acrobat or through the Rights Management web application.

Rights Management supports four methods of authentication:

  • Username/Password. Users are prompted for their user name and password.

  • Kerberos (from Acrobat on Windows only). Users of Acrobat or Adobe Reader for Windows can be transparently authenticated.

  • Client certificate based. Users can use their certificates installed in client machines to authenticate themselves.

  • Extended authentication. If available, users can be authenticated using any extended authentication providers.

After users are initially authenticated and Rights Management receives subsequent messages from clients, it uses Security Assertion Markup Language (SAML) authentication assertions to verify the identity of the message sender.

Authorization

Rights Management uses a role-based model to control access to the web application features. Roles also determine whether users can protect documents with policies through Acrobat. Rights Management implements these roles:

Administrators:
Have complete access to the server configuration and can manage all aspects of policies, policy-protected documents, external users, administrator accounts, and event audits.

Users:
Can create and manage their own policies, policy-protected documents that they distributed, and events that are associated with those documents.

External users:
Can create a Rights Management user account when an administrator explicitly invites them or when they are added to a policy.

Document confidentiality

Rights Management uses several technologies to protect documents and to provide access to them.

In general, Rights Management uses a symmetric cryptographic key system for encryption. Client applications such as Acrobat perform document encryption. Documents are never sent to Rights Management; Rights Management encrypts policies and licenses that are associated with documents.

The method used to protect documents depends on whether the policy requires users to access documents while online or whether the policy enables offline use.

// Ethnio survey code removed