Secured PDF File: How to create, options & issues
Protection options & security issues for secured PDF files
When creating a secured pdf file environment there are many features and functions that must work together if you are going to be successful. These include:
- PDF protection method – pdf passwords or public key technology?
- Preventing sharing
- Preventing forwarding
- Preventing simple copy and paste
- Preventing editing
- Preventing screen grabbing
- Preventing printing, allowing printing, or limiting print usage
- Watermarking on view and/or on print
- Document expiry
- Tracking document opens and/or prints
- Revoking document access
- Use in thin client / virtual environments
- Allowing offline use
- Use of publications for simpler document assignment
- Secured PDF portable device
Each of these, and its interrelationships, are now discussed in more detail below.
1) PDF Protection method for a secured pdf file
The first question to consider when creating a secured pdf file is how easy is it for others to remove the security?
The most popular method for creating secured pdf files was and still is password protection, but passwords are easily removed using any of the pdf password recovery programs – see PDF Encryption & Security. However, if you want to create secured pdf files then passwords are not the way forwards.
Adobe content server used PKI technology (see Public Key Infrastructure for a description), to get away from passwords, but, that meant the publisher needed the customer’s/user’s public key in order to create a unique secured pdf file. This is because using PKI, a secured pdf file had to be protected independently for each individual recipient, so the same pdf file would end up being secured hundreds or thousands of times depending on how many recipients there were. Clearly this was not a readily scalable architecture if your business suddenly went global.
Locklizard DRM secured pdf files are protected once only using long and random encryption keys. Decryption keys required to open authorised secured pdf files, and do not travel with the secured pdfs but are transparently relayed securely to the user’s computer and stored encrypted in a keystore. There are no passwords for the users to enter so there are none to give away, and users don’t have to send their public key to anyone (or even begin to understand that system).
2) Preventing sharing secured pdf files
If you use passwords to create secure pdf files then users can easily share both the pdf file and the password with others. With a Locklizard DRM secured pdf, if that pdf file is given to an unauthorized recipient they won’t be able to open it since it is encrypted. In order to open a Locklizard DRM secured pdf file, the user has be both registered with the publisher of the secured pdf and authorized to view it. To stop users sharing the secured pdf file along with their keystore, the keystore is locked to their individual computer(s) and if it is copied to another computer it will stop working.
3) Preventing forwarding of secured pdf files
You can’t prevent users from forwarding secured pdf files (or indeed any files) to others. Even if a corporate email policy system is in place, users will find a way around the system (e.g. saving the secured pdf file to disk and sending it by webmail, usb stick, converting it to a zip file, etc.). What you can prevent, however, is the opening of the secured pdf file, because unauthorized recipients cannot use a secure pdf file without the without the publisher’s authority controlled in the Locklizard DRM administration system.
4) Preventing copy and paste
There is not much point in creating a secured pdf file if authorised users are allowed to copy and paste content from it. It’s a bit like building a strong prison and then locking the gaol door open. Locklizard DRM software prevents copying and pasting by using our own secure viewer environment to limit the functions available to users. We prevent the use of plug-ins being loaded so that third party plug-ins cannot compromise the system by enabling such features or bypassing other controls.
5) Preventing editing of a secured pdf
If users are able to edit or add to the content of a secured pdf, then they have to be able to copy and paste as a minimum, and likely have Save and Save As functionality as well. We have already considered why allowing copy and paste is a bad idea. In theory you could allow Save/Save As functionality and create new encrypted files, but then there would be version control questions, access rights management questions about the new document, and so on, to deal with. So on both counts allowing editing is not compatible with having a secured pdf, and Locklizard DRM products do not allow editing or saving.
6) Preventing screen grabbing of secured pdf content
Locklizard DRM software employs various techniques to prevent the use of print screen and third party screen grabbers. Whilst DRM cannot totally prevent screen grabbing from taking place (remember, nothing can stop a photograph of the screen from being taken), it can make the task more laborious (and expensive) and, especially when combined with other controls, discourage users from grabbing screen content in order to make copies.
7) Preventing printing, allowing printing, or limiting print usage
Stopping users from printing a secured pdf file is one of the most effective ways of preventing copies of your pdf documents from being circulated, since printed documents can be readily photocopied or scanned and then duplicated. But it may be a requirement to let users print. If you want to allow printing then Locklizard DRM software enables you to apply secure watermarks (see Watermarking on view and/or print). And Locklizard DRM software can also limit the number of high quality prints allowed and log print requests made by users so you can watch out for inappropriate behavior.
Locklizard DRM software automatically prevents printing to PDF drivers and XPS files so secured pdf files cannot be readily converted back to PDF format again. Also, documents that have been printed and scanned back in and then converted to pdf will only be image documents (so basically one big image in a pdf file). They lose all the bookmarks, embedded links, and text search capabilities – which are key usage differentiators of electronic documents over paper copies.
8) Watermarking on view and/or print
Locklizard DRM software enables publishers of pdf documents to apply dynamic watermarks to secured pdf files that automatically insert the users name, email, company name, and a date/time stamp at print time to discourage sharing of printed documents since the originator of those documents is clearly identifiable. Similarly, these dynamic variables can be inserted at view time to discourage screenshots from being taken and distributed.
Because Locklizard DRM software uses dynamic variables, the publisher of the secured pdf file only has to protect one pdf document for all users. With Acrobat pdf security you have to protect each pdf file individually for each user in order to customize it with their user details.
Locklizard DRM software also enables static watermarks (graphic images) to be applied at the same time as dynamic ones. Static watermarks may be used to prevent forgery (as they are with banknotes) or to establish ownership, and can be under the main content.
9) Secured pdf files and document expiry
Locklizard DRM software enables the publisher of a secured pdf to enforce document expiry either on a given date or following document usage rules.
There are many reasons you may want to expire pdf documents such as:
- to comply with document retention policies;
- to enforce version control;
- trial usage (e.g. 1 or 2 views before purchase);
- enforcing complying with disclosure requirements;
- enforcing subscription periods to a service or series of documents.
Locklizard DRM software enables you to expire secured pdf files:
- After a number of views;
- After a number of days;
- On a fixed date;
- After a number of prints;
- When a subscription period has ended;
- At any time you decide.
It may be possible to alter an expiry date after a document has been protected and/or issued, but it is not possible to change the type of expiry that is going to be used once a document has been protected. So there may be occasions where there may be different versions of the same document because they have different control mechanisms set up.
10) Tracking secured pdf files usage
Tracking if or when a secured pdf file has been opened or printed can be essential for accountability or audit purposes. You may need to prove that the recipient has not only received the secured pdf file but has also read and/or printed it.
LockLizard DRM software enables you to record all document opens and prints and displays the number of times each document has been opened and printed. You can even filter results over a specific date range. Be aware that requiring view or print usage logging also requires an online connection to an administration server to record the activity so documents may not be used in an offline mode.
11) Revoking access to secured pdf files
Being able to revoke access to secure pdf files can be vital when confidential documents have been distributed or where chargebacks have been applied against a purchase of a document (e.g. a book, a report or a training course).
Locklizard DRM software enables publishers to revoke secured pdf files at any time ensuring your documents are always under your control (note: online usage must be enforced).
12) Use in thin client / virtual environments
Being able to limit the number of computers that a secured pdf file can be viewed on is at the heart of any DRM licensing system. However, most DRM systems don’t prevent viewing of secured pdf files in thin client / virtual environments. If a secured pdf file can be viewed in a thin client / virtual environment then it means that a secured pdf licensed for a single computer can be used on ALL computers in the thin client / virtual environment. It may make you question why you bothered to secure it to begin with.
Locklizard DRM software automatically prevents use of secured pdf documents in thin client / virtual environments unless they have been specifically authorized by the publisher of those files.
13) Allowing offline use
Not everyone wants to be (or is able to be) connected to the Internet every time they open a secured pdf file. Locklizard for example have customers that view secured pdf files from CD whilst out at sea, where Internet facilities are either unavailable or unreliable. Some PDF DRM systems force the user to always be connected to the Internet every time they want to view and/or print a secured pdf file, or even to be online for the whole of the time it is being used.
Locklizard DRM software supports both online and offline usage. You can always require users to be connected to the Internet (so checks can always be made with the licensing server for any updates – like removal of access, etc.), or make them go online every n days (e.g. check with the licensing server once a month for any updates), or allow them to view and print secured pdf files permanently offline. The latter gives the publisher of the secured pdf file less control and means they cannot instantly revoke access to secured pdf files, but it does provide greater flexibility for the user, and in the case of some documents, such as books, it may be a market requirement.
14) Use of publications for simpler document assignment
Unlike other PDF DRM software, Locklizard DRM software enables you to create secured pdf files that are part of a ‘publication’. This is a group of documents that are logically related – they might be segments of a training course or monthly issues of a magazine, or board papers and minutes. Access is given to the publication rather than individual secured pdf files (although the actual controls are still individual to each document). From a management point of view, publications are therefore both a convenient way of grouping secured pdf files, and a simpler way of assigning access to them.
15) Secured PDF Portable Device
Secured PDF Portable is a method of loading a secured environment onto a portable device such as a flash drive or USB stick. In this approach to delivering secured PDF files the documents are linked to the USB stick instead of being linked to the computer on which they are loaded. From a licensing perspective it means that the secured pdf documents may be used on any machine capable of running the Viewer application, and this is exactly like owning a book in that the purchaser of the book may lend it to others (or even rent it), but only by giving it to them physically and being denied a right to continue to use it unless and until it is returned. So this may be a significant advantage over standard DRM based systems. Otherwise, the DRM controls on the secured PDF portable device are just the same as they were on the PC since the Viewer application is exactly the same, it’s just a matter of where and how it gets installed.
DRM is, after all, really about responding to risk assessment. You have to balance the need to protect something against the inconvenience the user has in using it. You also have to balance the expectations the user has about how they can use information as against your expectations about what it is that you want to license and your business model. And that means having a granular series of overarching and overlapping methods and techniques since there is no one size fits all.
At one extreme, a determined thief can always sit down and reproduce, by hand, a copy of a secured pdf document they have authorised access to. But this is time consuming, expensive and painful, and there may be significant loss of quality to their product. At another extreme, a hacker may try to develop an automatic method for removing encryption security, and that is also expensive, complex and uncertain, but not impossible. Locklizard secured pdf solutions aim to provide you with tools that combine to make the various piracy approaches difficult to automate and difficult to reverse engineer.