| |
PDF DRM FAQS – SECURE PDF DOCUMENTS WITHOUT PASSWORDS
How does Safeguard Enterprise PDF DRM differ from Safeguard PDF Security?
Safeguard Enterprise PDF DRM is for the larger publisher or corporate enterprise. It has all the functionality of Safeguard PDF Security with many additional security, customization, and administration features added. These include a superior administration system designed to handle a very large number of records, auditing, reports, statistics, and batch changes, and delivering more flexible protection options.
 For a complete list of differences see the PDF security comparison chart
How does Safeguard Enterprise PDF DRM differ from Acrobat PDF security for the protection of PDF files?
Unlike the Adobe approach, Safeguard Enterprise PDF DRM uses state of the art web based licensing to control who can install and register decryption keys that are required to view your secure PDF documents.
This ensures that before someone can view your protected documents they must have first received a license from you so they can install the free secure PDF viewer software and register it. The licenses you issue are one-time use (unless you specify otherwise), so once someone has registered they cannot do it again on another computer. This prevents license sharing. The keys used to decrypt the secure PDF files cannot be extracted from the system (they are encrypted for individual machines), and therefore they cannot be given to others.
With Acrobat PDF security, there is nothing to prevent users from sharing the keys used to decrypt protected PDF files. This is true for both PKI keys and for passwords. If PKI keys have been used then users can give their key pair to others. If passwords have been used then it is a simple matter of telling someone else what the password is so that they can use it and you cannot prevent or detect either situation.
Adobe have also been criticized for their weak implementation of security controls. Any company that uses the Acrobat plug-in also uses the Adobe implementation to 'protect' your PDF documents should read this article published by Bryan Guignard, an Adobe Certified expert. This is why we don't use Adobe's implementation / Acrobat plug-in for PDF protection.
How does Safeguard Enterprise PDF DRM differ from competing products?
Cost / ROI
All other solutions we have come across have significant implementation costs. You have to use and maintain your own server that hosts a licensing system, and configure it in-house or pay top dollar consultancy costs. In addition, some competitors start their pricing at $25,000 or limit you to the number of customers you can manage or the number of documents you can protect. Other less pricey systems force you to upload unprotected documents to their servers and use insecure methods to protect documents.
We host the licensing / administration system on our own servers so there are no extra implementation or consultancy costs. Or you can host it on your own servers. We let you protect as many documents as you like and manage as many customers as you like without any additional charge. So you know your costs are fixed instead of us charging for your success.
Much quicker to get up and running
Since we can host the licensing system, you can get up and running in a matter of minutes. Some of our competitors quote that you can be up and running in a number of days!
Simpler to use, easier to manage
There are no passwords or certificates to worry about, manage or send to your customers. Decryption keys are transparently relayed to your user's computers in a secure manner and stored in an encrypted keystore.
Protecting files is easy - just right-click on them in Windows Explorer and select the appropriate PDF document protection rights. There are no complex document identifiers, encoding schemes or confusing policy choices.
We also provide the unique concept of publications, enabling you to group documents into publications for simpler document management and customer subscription services.
Whilst we use public key technology, no key management is required by you as the publisher or by your users or customers, as it is all handled transparently by the licensing system. There are no certificates to revoke when you want to terminate user access or any other PKI complexity. To sum up, our system is simple to administer compared to competitor offerings.
Simple assigning of document access rights
Many of our competitors provide controls at the customer level. This is fine if you are certain that all the PDF documents you ever send to a customer require identical controls.
We provide controls at the document level. This means you can decide just how important the document is. This more closely matches the value of the information, rather than assuming that the user always has the same rights for every document you make available to them.
Of course, in our system, you can publish the same document more than once, applying different controls to each publication and expiry can be controlled at both the document and the user level.
Preventing third party screen grabbers
At best, our competitors prevent the use of the Windows print screen key. Most users, however, have screen grabbing software installed on their computers that enables them to use any key combination or mouse click to grab screen shots of your protected PDF documents. Preventing just the use of Windows print screen is therefore practically useless. Safeguard Enterprise PDF DRM prevents screen grabbing software from taking screen shots of your protected PDF documents.
Security
We don't use insecure passwords, low strength encryption (128 bit or less) or plug-ins that are vulnerable to attack, so you can be sure your PDF documents are protected using the best security available.
We don't leave your documents in the Windows swap file in the clear so they can be easily copied by others. Nor do we create extra files on disk that can be copied to another computer along with the protected PDF files so they can be easily shared.
We don't make you upload your source files to a web server in order to protect them (where they could be easily compromized). With us unprotected and protected PDF files remain in your control and ownership at all times and are never exposed.
We don't use JavaScript (which leaves your customers computers open to attack).
See also PDF DRM - 10 things they did not tell you
How does Safeguard Enterprise PDF DRM differ from file encryption products?
Whilst file encryption products protect information that is in transit or when stored on disk, they do not provide protection for the entire lifecycle of an electronic document. Once a document reaches the recipient, the protection is lost (the recipient decrypts the document), and the document can then be forwarded, copied, altered or viewed by unauthorized recipients. In addition, encryption does not provide controls over document access rights - what a user can or cannot do with the document (print control, etc.) or when a document expires.
Safeguard Enterprise PDF DRM dynamically protects PDF documents inside and outside the enterprise, online and offline, with strong encryption, document expiry and access rights, to provide persistent, end-to-end protection throughout a protected PDF document's lifecycle.
How secure is Safeguard Enterprise PDF DRM?
Safeguard Enterprise PDF DRM uses US Government strength encryption - the AES algorithm at it's strongest setting, 256 bit. It would currently take todays fastest computer approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. Even with future advances in technology, AES has the potential to remain secure well beyond twenty years. For more information on AES see NIST's AES fact sheet
In addition, we don't use third party plug-ins to control access to your secure PDF documents. This ensures we are not open to weaknesses in the published APIs or security holes in the third party application. One of our competitors that uses this approach, has been compromised and found the only way to prevent hacking of their systems was via the legal system and a court writ!
We do not send decryption keys with the documents being protected. Such a technique is discredited, and is regarded as a fundamentaly flawed approach.
PDF documents are only decrypted for viewing in a secure, controlled environment, and are never made accessible in an unprotected form. If a user does not have a license they cannot view your protected PDF documents.
Is your PDF security application open to password attacks like Adobe PDF and similar password based products?
No. The keys required to decrypt protected PDF files are safely stored encrypted on the user's computer. There are no passwords to enter, and therefore the system is not open to compromise or password attacks.
What is LockLizard's stance on cracking programs? Are there any cracks available for PDC files?
Please see the following document - PDC Un-protect and other PDC cracking programs
Do my customers have to have Adobe Acrobat installed in order to view secure PDF documents?
No. Safeguard Enterprise PDF DRM is totally independent from Adobe Acrobat. We realize that there are a lot of people who do not have Acrobat installed and who don't want to download a 20MB file just for the privilege of viewing a secured PDF document.
Do you integrate with Adobe Acrobat in any way for the security of PDF documents?
No. Safeguard Secure PDF Viewer does not use Adobe Acrobat to render PDF files. We feel that Adobe Acrobat was just not built with security in mind and could potentially compromize the security of our system. Your security is not compromised by plug-in failures or conflicts. In fact, we think that plug-ins are potentially so insecure that we prevent them from loading so they can't compromise security. See Adobe PDF plug-in vulnerabilities
Do users have to have JavaScript enabled in order to view protected PDF documents?
No. Safeguard Secure PDF Viewer specifically prevents JavaScript from loading. Even Adobe warn users not to enable JavaScript, yet some of our competitors force users to have this enabled to view their protected PDF documents, leaving their computers wide open to hackers. We take the position that we should not require customers to reduce their effective security in order to accommodate our requirements. See PDF security issues.
Do I have to upload my PDF files to your web server to protect them?
Absolutely not. We would strongly advise against using any system that employed this approach. With Safeguard you protect PDF files on your local computer, so that they are not exposed to any potential compromise in their unprotected form on a web server or whilst being transferred. You also have peace of mind that you own those files at all times.
Do you host my secure PDF documents on your server?
No. You host them on your server, web site or network, or you can distribute them by email, CD, DVD, etc., just like any other file. You are free to choose whatever distribution method is best for your business.
For both security and legal liability reasons we never have access to either your unprotected or protected PDF files. In a professional environment that should not be a requirement and we recommend that you obtain legally enforceable indemnity where a supplier insists that they have access to your IPR at any time.
What we host is the licensing system where you issue users with licenses and control who can access your secure PDF documents and publications. And if you are not happy with that you can host it yourself.
Where can I publish my secure PDF documents?
You can publish your secure PDF documents to the web, on CD-ROM, DVD, USB token, etc., or send them by email just like any other files.
Can users change my security settings?
No. Once security settings have been applied to a document they cannot be changed by anyone. The settings become part of the document and remain in force at all times, even when your customers are using your protected PDF documents off-line (i.e. they are not connected to the Internet).
If you as the publisher want to issue the same PDF document with different security settings (copying, printing, etc.) then you just protect the PDF file again with the new settings. You can then send this newly protected PDF document to your customers.
How can I control document expiration and revocation once a document has been published?
Post publication document control is maintained through the use of expiry dates and the ability to revoke access to a document or user. For example, you can publish a protected PDF document that will expire in a month's time, so that your customers will not be able to view it once the expiration date has passed. Or, you can automatically revoke a user if they leave a project, department or company or fail to maintain payments for a subscription. You can also change the expiry date of a protected PDF document after it has been published.
Why would I want to set users to expire rather than documents?
The system is flexible so that you can actually do both. You may want users to expire rather than documents because you might publish documents that are available to all your customers (not individually allocated or part of a publication) and you want to control how long individual users can access them.
On the other hand, you may want to issue your customers or prospects with time sensitive trials or samples of documents because you do not want them to carry on viewing a document that has passed it's expiration date. In this case once the expiry date has been reached the protected PDF document is no longer viewable.
How can I manage subscription services when users subscribe to more than one publication?
Safeguard Enterprise PDF DRM enables you to expire access to publications on a user basis, so expiry for every publication is unique to each user. This is useful for subscription services where the same user may subsribe to more than one of your publications but for different periods.
For users subscribing to single publications, it means that you don't have to expire user accounts, since access to the publication will expire at the date you set. This is useful if you still want users to be able to access documents published outside of the publication (ie. documents published for all users or those that are individually allocated).
We want to give prospects/customers a free 30 day trial of our protected PDF documents. Is this possible?
Yes. When you create a document you can specify how long it will be before it expires - e.g. 30 days, 1 year, etc. When a customer registers they can then view your documents for the time period you have allocated. Once this time period is reached either the document will expire (if the document expires, it can no longer be viewed) and they will need to come back to you for a license to continue viewing the document.
You can also set customer accounts to expire (say after a 30 day period). The difference here is that any documents published during their subscription period that you have authorized them to view can still be viewed after their subscription period has expired - they just won't be able to view any protected PDF documents published before or after their subscription period unless they come back to you for a license.
So to summarize you can either expire documents (and they are no longer viewable once they expire) or you can expire customers (and they can continue to view the protected PDF documents that they were authorized to view during their subscription period). Of course, if you have forced your customers to connect to the administration server before they can view your protected PDF documents then you can instantly suspend their account and this prevents them from viewing your secure PDF documents.
Can I warn a customer that a document is about to expire?
Yes. You choose how many days before a document expires that the document expiry message (or redirection to a URL) is displayed, giving users ample time to renew their subscriptions.
Can authorized users distribute protected PDF documents to others?
Users can send others your protected PDF (encrypted) documents, but other users will not be able to view them unless they have purchased a license from you and registered with the administration server. For this reason, protected PDF documents can be freely distributed, emailed or published on the Internet without any unauthorized individual being able to access the content.
In addition, even existing users cannot necessarily view all your protected PDF documents. You decide which customers have access to what documents and what publications. You can assign documents to publications for simpler management, so specific customers can view all documents assigned to a particular publication (all documents in that publication are encrypted using a common key) or you can publish documents on their own (where each document is encrypted using an unique key). If your customers have not been licensed with the correct keys then they cannot view your protected PDF documents.
Do users have to be connected to the Internet in order to view my secure PDF documents?
No. You can allow secure PDF documents to be viewed off-line.
All document controls (preventing copying, printing, etc.) are retained within the document itself and therefore no Internet connection is required to enforce those controls. Please bear in mind however that an initial connection to the Internet is required to validate the user license and obtain the appropriate decryption key(s) when users view your protected PDF documents for the first time (unless of course PDF documents are protected as part of a publication and then users only need to connect once to obtain the publication decryption key). Also, if you have specified a limited number of prints or views, or enabled auditing, an Internet connection will always be demanded to verify the control.
Won't my customers be able to photocopy my documents if I let them print?
Yes. However, you can add a watermark image and/or text to be displayed on the printed document. Using a moire image will ensure poor quality photocopies and adding user and system information will enable you as the publisher to identify the source of the document.
Can I customize Safeguard Enterprise PDF DRM with individual user names so I can identify where printed documents came from?
Yes. When protecting PDF documents you can apply watermark text with dynamic system variables (user name, email address, company name and date/time). This information is picked up from the viewer application and automatically inserted into the document at print and/or view time. You therefore only ever have to protect a PDF document once (unlike competitor products that require you to protect the same PDF document multiple times to achieve the same result).
I want a watermark to be applied when the document is printed but not when it is viewed. Is this possible?
Yes. You can choose to have watermarks applied only when the document is viewed, only when the document is printed, or when the document is viewed and printed. You can have different watermarks applied to viewed and printed content.
How is the licensing system managed?
The licensing system is web based and is extremely simple to use. To issue users with a license all you have to do is enter their name and email address on the customer account creation page and they are automatically sent a license file and download link for the free Secure PDF Viewer software.
You can view all registered and unregistered users, see when users viewed your PDF documents for the first time, how many times they have attempted to register and from which IP address, allocate additional licenses and delete users from the system.
Is it possible to grant all of my users/customers access to a protected PDF document or a publication in one go?
Yes. Through the batch change facility you can grant access for ALL your customers to a publication or document in a single mouse click. You do not have to select individual customers to do this.
Is there a limit to the number of documents I can protect or the number of customers that can receive protected PDF documents?
No. You can protect as many PDF documents as you want at no extra charge. There is no limit on the number of users you can add to the administration system or who can view your protected PDF documents. The Secure PDF Viewer users download to view your secure PDF files is totally free of charge.
Can I add existing users to future protected PDF documents or publications?
Yes. It is a simple matter of assigning the new publication or documents to existing users.
What software do users need on their computers in order to view my secure PDF documents?
They need to download and install our free viewer software - Safeguard Secure PDF Viewer. The Secure PDF Viewer software can also be freely distributed and published on your own web site if you prefer. In addition, you need to set users up with an account on the administration / licensing server, so the system can email them their license file. The registration of the license gives them access to the protected PDF document(s) you have licensed them to use.
Can I tell people where to buy a license from if they have not got one?
Yes. When you protect a PDF file you can add a free format text message to it. You might want to enter information on how to purchase if you are selling PDF documents or give details on contacting your administrator if the system is used for internal document control.
This text is shown when a customer opens an unlicensed document. The text is also visible at the top of the document if they try to open it with a text editor or a similar application such as Notepad or MS-Word.
Can I prevent the default document splashscreen from loading?
Yes. You decide whether you want a splashscreen displayed or not. If you do decide to display a splashscreen you can choose what image is displayed, and how long it is displayed for.
Can I see which users have viewed/and or printed my protected PDF documents?
Yes. If you enable document view and print logs the administration system will record when users view and print your documents. You can even see which documents have been viewed/printed the most.
I sell ebooks and want customer records to be automatically created on the Administration system so that there is no delay in customers receiving their license emails after purchase. How can this be achieved?
You need to purchase our eCommerce integration module to achieve this. The system integrates with your existing eCommerce or shopping cart system and works by acting on HTTP PUT commands sent to the LockLizard licensing server. This creates the customer account and specifies what publications and or files they are allowed to access.
I need to encrypt PDF documents on the fly for integration with my web based application. Is this possible?
Yes. Safeguard PDF Security Command Line Encryption utility automates the protection of multiple PDF files on the command line or through a batch interface.
Batch files can be called from your existing applications providing and quick and simple solution without the need to use an API. All of the functionality available in the Safeguard Writer GUI can be accessed using the command line utility. You may also prefer to use this feature so you can maintain an audit trail over the control settings that were applied.
Does the administration system keep a record of changes made to user, document and publication records?
Yes. The administration system logs all administrator activity including record additions, edits, and deletions. In addition, logons, and backup and restore information is recorded.
| |
| |
