• Homepage
• About the Law Society
• Becoming A Solicitor
• Members Information
  • Advice Rules & Guidance
  • Better Client Care
  • Conveyancing Essentials
    • ARTL
    • Coal Mining Searches
    • Contaminated Land
    • Conveyancing Styles
    • Home Reports
    • SDLT
    • Standard Missives
    • Unauthorised Alterations
  • Council Information
  • Service Provider Scheme
  • In-House Lawyers
  • FAQs
  • International Relations
  • Legal Aid
  • Tax Law Issues
  • New Complaints Commission
  • Forms & Information
  • Alternative Business Structures
  • LawCare
  • AGM2008
• Update CPD Training
• Equality & Diversity
• Public Information
• Media Centre
• Vacancies
• Find a Solicitor
• Paralegals
• Links
• Contact Us

ARTL: Digital Signatures and Adobe Acrobat Reader Software

Registers of Scotland (RoS) wishes to bring to the attention of all ARTL users an issue regarding the application of digital signatures within Adobe Acrobat Reader software.

Background information
In early 2006, RoS released information detailing the required software for use with the ARTL system. To support digital signature capability, Adobe Reader software is needed and the latest version of the software then available was version 7.0.7. Due to a flaw in version 7.0.7, Adobe released version 7.0.9 .and this became the minimum version of the Adobe Reader software required for ARTL.

In late 2006, Adobe released version 8 of Adobe Reader providing improved security. As a result, RoS now identifies version 8 of Adobe Reader as the recommended version of the software for use with ARTL.

Potential security vulnerability regarding Adobe Reader Version 7.0.9 and ARTL
It has been learned that in Version 7.0.9, when the ARTL smartcard is left in the card reader after the ARTL user’s personal identification number (PIN) has been entered and the digital signature has been applied, the Adobe software remains functional in the background – retaining the user’s PIN - until the Internet browser is closed down or the user removes the smartcard from the card reader.

This could result in a digital signature being applied unlawfully, without the knowledge of the ARTL user, if the user’s computer is left unattended and unlocked with the smartcard still in the reader.

The implication is that ARTL users who have Version 7.0.9 installed must remove their smartcards straight after digitally signing electronic documents, so as to prevent any security vulnerability arising. (Policy documents concerning smartcard usage, to be published soon by RoS, will require this action.) It is also good practice to lock computers whenever they are left unattended.

Improved security associated with Adobe Reader Version 8
The improved security associated with Version 8 of the Adobe Reader software provides a more robust alternative.

In Version 8, after an ARTL user has digitally signed and submitted an electronic document, the Adobe software automatically shuts down after a short time (approximately 30 seconds).

While the user using Adobe Version 8 should still remove the smartcard from the card reader after a signing event, because that is always best practice from a security standpoint, the potential for misuse of the smartcard is drastically reduced as the Adobe software quickly shuts down and no longer retains the user’s PIN.

Recommendation to upgrade to Adobe Reader Version 8
Having taken advice from Adobe, both RoS and BT plc (the IT partner of RoS) recommend that ARTL users should upgrade their Adobe Reader software to Version 8 if their operating system allows them to do so. They should check that upgrading will not have any adverse impact on any other applications in their office systems that use Adobe Acrobat Reader.

Version 8 is available as a free download from the Adobe website and should not involve users in incurring any expense. The position with the different Windows operating systems is shown in the following table.

Available versions of Adobe Acrobat as at March 2007
Windows Operating System Service Pack Version Adobe Reader Version Available Notes
Vista - 8 Adobe expects version 8 to be used with Vista
XP (All) SP2 8
SP1 7.0.9
No SP Installed 7.0.9
2000 SP4 8
SP2 & SP3 7.0.9
SP1 6.0.1 Below ARTL minimum specification

Links
Adobe

Adobe Acrobat 8 Reader only

System requirements for Adobe Acrobat Reader 8

Updated IT requirements for ARTL
RoS’ specification of IT requirements for ARTL users, as published in the ARTL section of its website, is being updated to reflect the information contained in this note.

A reminder about smartcard security
Finally, RoS wishes to emphasise once again the importance of good smartcard security, no matter which version of Adobe Reader is in use. This is, however, particularly relevant to ARTL users who do not use Adobe Reader Version 8, whether by choice or because their operating systems will not allow them to upgrade to that version.

Basically good security is a matter of always remembering:
· to remove the smartcards from the card reader straight after applying the digital signature
· not to leave the smartcard unattended, either in the card reader or anywhere else, at any time
· to ‘lock’ the computer when it is not in use.