No charges per PDF or ebook sold – just a one off fee for unlimited users and documents.
Adobe Content Server is a server controlled approach to Digital Rights Management (DRM) that was introduced by Adobe for PDF documents (DRM PDF). Although there were 4 releases, with with Adobe Content Server 4 becoming available during 2008, by 2010 the system appeared to be moribund, and attempts to purchase a service during mid 2010 failed. It was then later revived, and Adobe are now actively selling it again as a system to protect digital books in PDF, EPUB, and EPUB3 formats.
Adobe Content Server was developed to provide an extension to the early DRM controls that Adobe provided within their PDF product. These were to control user access (by use of a password), prevent editing (also exporting, but not necessarily copying) and reduce printing quality. As Adobe noted, not all PDF viewers actually ‘respected’ the controls offered, so there were methods for bypassing the initial control system.
Although Adobe Content Server went through a number of iterations, and releases came and were withdrawn, release 4 contained the ability to restrict the use of controlled documents to six devices, have an end date for access that could be renewed (to facilitate lending libraries and similar institutions) and could limit the number of prints that could be made from a document within a given time frame.
Adobe Content Server DRM controls could be applied to PDF documents, and also to documents using the ePub format Adobe digital editions, and was respected on a number of platforms capable of processing those formats.
The Adobe Content Server licensing model was based upon a joining fee, an annual maintenance fee and a charge per protected document delivered to an end user/customer.
So what caused Adobe Content Server to be withdrawn? Perhaps the roots of the problem were grounded in the approach which started with the PDF document itself, and the inclusion of the password with the document (so elegantly exploited by Elcomsoft – see PDF & Ebook Security Flaws).
Back in September 2001 the Adobe document Adobe Content Server_pdf_v42.pdf referencing the then current version of Adobe Content Server contained the statement, “EBX is the recommended packaging technique. EBX packaging gives you fine control over the permissions that accompany your eBooks, and it allows customers to read them using Acrobat eBook Reader, which is designed specifically for reading eBooks. If you use EBX packaging exclusively – and if all your customers download eBooks using Acrobat eBook Reader – you do not need a PDF Merchant certificate, and you can ignore the rest of this document.”
It was only a matter of time before a direct attack on the key traveling with the secured document was mounted. In an article published in February 2009, Circumventing Adobe ADEPT DRM for EPUB, a technique for doing this was published that broke the Adobe Content Server architecture, as well as revealing how the architecture operated and the elements of a DRM control system. And thus, Adobe Content Server was withdrawn from the PDF DRM space.
When Adobe Content Server 5 was introduced, Adobe annouced that it had “an improved and hardened DRM solution to protect PDF and ePub files from unauthorized viewing” which was an option publishers could select by setting a flag in ACS 5. However, many blogs such as r/Piracy still provide links to software that claim to remove the protection. A simple search for ‘ACSM file crack’ also provides links to EPub DRM removal software such as EPubsoft Toolbox which state that they will remove the DRM protection from both Adobe PDF and EPUB formats amongst others. So despite the security improvements, the ACS system remains vulnerable to attack.
At the same time as Adobe Content Server was being introduced, other DRM enforcing programs were being developed, some specifically addressing the PDF format, whilst others addressed DRM for a wider number of file types.
PDF DRM products such as those from Locklizard have avoided the dangers of Adobe Content Server, and do not have an option that sends the decryption key, or the decryption method along with the protected file(s). For the many weaknesses in the Adobe implementation see PDF Security Issues.