Selling online courses securely
How to sell online courses securely – stop sharing, editing, copying & printing
When elearning courses are delivered or sold outside a controlled classroom environment you need a secure DRM system in place to protect online courses and course content from theft, unauthorized sharing and distribution.
How to sell online courses securely & prevent sharing
In today’s commercial landscape, delivering many things, including digital training course materials and elearning courses, must now be done at a distance, in an environment that is not under your control, but rather out of control. Selling online courses and getting paid for them is equally important, as is making sure you don’t find copies on download, social media, and other Internet sharing sites. And when you are selling online courses or coursework that is made up of digital documents (and therefore easily copied and distributed) you need a Digital Rights Management (DRM) system that was designed to work regardless of the infrastructure they are used in.
Traditionally, training courses would be taught in a controlled environment with students given access to a company’s computer systems and devices. With remote learning, students use their own devices (be that a computer or mobile device) enabling content to be easily shared with others since it is now under their control instead of yours. Locklizard’s DRM for training course content ensures that e-learning materials are always under your control and cannot be easily shared with unauthorized users.
Protecting online courses and course content from theft & illegal distribution
What problems do you need to solve to be successful?
- You want to sell online courses to people that you do not know (apart from a valid credit card?) the right to use elearning and digital training courses while not being able to rip you off (sharing a course or course content with others).
- Providing control over your course content whilst it is outside your network – most probably you would want to keep strangers out of your networks as much as possible in case they compromise the security of it in some way, such as inadvertently having been given access to the wrong areas.
- Preventing users from sharing logins to online courses.
- Making sure protection measures cannot be easily bypassed.
- Stopping PDF scraping of your course content for use in training AI models.
Protection of course content in hostile environments
When you are selling online courses or trying to sell notes online you need to make sure the controls of the copying and piracy protection you’re using work in hostile environments. And surviving an intermittent Internet service. Not everywhere has fiber to the doorway and in some places copper is removed by local ‘entrepreneurs’ just as fast as it can be installed.
So what characteristics do you need to have in your elearning course protection system to help you sell to and reach the largest market with the lowest risk?
Secure courseware eDelivery – the devil is in the domain
As we have already noted your elearning content protection solution must be able to bypass or ignore domain boundaries. These are introduced by corporate bodies to replace the earlier firewall physical boundary with a logical one. But introducing two domains to each other is a non-trivial undertaking so you can’t really expect to use a ‘standard’ Single Sign-On to control user access because it has domain boundaries. And ever so many of your customers are in no domain at all, or in a domain that is not going to join your domain anytime soon.
Domain bound systems suit corporate bodies that can undertake IRM (Information Rights Management) rather than DRM approaches because they control everything within the domain including known users (employees or trusted third parties) of the system. So they can define relationships and hierarchies and automate the ability to define what is confidential and what is sensitive and the internal protection rules that should apply. But not everyone agrees as to what the levels of trust correspond to what level of control. You have to have the ability to define what you want rather than what they support.
Stopping sharing of elearning courses and course content
Online courses are often accessed via a browser with user’s logging in to a portal. However there is no easy way to prevent users sharing login information even if 2FA is being used (they can share that as well). Some systems provide tracking information, but that is pretty useless since users can use a proxy to share the same IP address with others.
Trying to prevent course material being copied or printed in a browser environment is also an uphill task. The only way you can achieve this is using JavaScript which can be edited or removed in the browser environment. For an example of how insecure JavaScript-based browser controls are, see how easy it is to remove Google Docs security. Users can also take screenshots and print to PDF files.
To stop users sharing training courses with others, documents making up the course must be locked to the user’s device. This is achieved in a DRM system using encryption and license controls and ensures that only authorized users can open those documents. If the documents that make up a training course are copied to an unauthorized device they will fail to open.
Other DRM controls are needed to enforce copyright ownership and control of elearning course materials and courseware by authorized users (i.e. stopping copy and paste, screen grabbing, etc.) and those are covered below.
Stopping copy and paste and screen grabs of course material
One easy way of copying course content is to make a screenshot, and screen grabbing tools enable users to do just that – making high quality copies that can be shared with others.
So any elearning course protection solution you purchase should be able to prevent screen grabbing of content and stop copying and pasting of content for use in another application.
It is always possible to use the camera feature in a cell phone to make screen copies and nothing is going to prevent that. But you can discourage students from making and giving away copies by including watermarks on screen and print-outs that identify the student, show the time and date the copy was made and your Copyright marks. So when protecting training course content, your DRM protection system must allow you to create dynamic watermarks (watermarks that dynamically add user identifiable information at view/print time). This saves you having to know who the user is when protecting elearning courses and ending up with thousands of personalized copies of the same course.
Preventing editing of course content
Students need the ability to make notes while a training course is running (and these need to be capable of being linked to the relevant place in the course document or they are not going to be much help). And these may need to be in a form that allows students to ‘swap’ notes. At the same time however you need to protect course content from being edited so that it cannot be passed off as someone else’s work.
Locklizard enables students to make annotations (notes and markups) while preventing them from editing course content.
Preventing printing of training course content
Despite the problems of allowing printing at all (if you allow printing then documents could be photocopied), it is often necessary to allow particular sections of text to be printed. Whilst at the same time making sure that the remainder of the text is protected or there won’t be much sales revenue coming in.
This can be achieved by having different protected documents, some of which can be printed and some of which cannot. When it is less clear cut, and you want to allow controlled printing, your training course DRM solution must be able to prevent printing to file drivers (e.g. to a PDF file printer) otherwise students can make their own PDF files rather too easily.
Controlling access periods and expiring training courses
When protecting course content, your DRM controls should contain the ability to ensure your course content is time controlled. This may be that it cannot be viewed before a certain date and/or can only be viewed for a designated amount of time. This could be that users can open the protected content a number of times, or it can be used for a couple of weeks, months, or so on.
Document expiry controls should be flexible so that they can be applied to individual users rather than the documents that make up a course (you should of course have both expiry controls available so that you can expire both course content and user access). When applying expiry at the user level, each student’s access period to content can be for the same amount of time (say a month) regardless of the date from when they start a course. This is important if elearning courses can be purchased and taken at any time rather than always starting on a fixed date. Additionally, you might decide that access to course content lasts for a number of days after the end of the course so that it can be used as a reference for a short time.
You should ensure that the elearning DRM system enables access periods to be altered at any stage to either increase or decrease the amount of time students have access to course content. And that both user and document access can be instantly revoked. You may need to do this for example if a chargeback has been made or some course material is incorrect and needs to be replaced.
Online course security, phone home and the ever-online philosophy
Your elearning course protection system has to be able to talk to an administration service to find out what is currently allowed with the document(s) such as the number of prints made out of a maximum number allowed, or the number of times a document has been viewed, and what they should be changed to if you find you need to alter their permission(s). After all, you have to be able to change some controls after protecting course content to suit individual use cases.
Any needs to be able to operate without being online all the time, and to survive on being able to ‘phone home’ either when a connection is available or every so many days. All the time the document is being used offline it must continue to enforce the security controls as defined by the last time it connected to its administration system. And this must include the ability to revoke access to documents and individual users when it does get a connection to update itself.
Secure courseware eDelivery and offline use
While most students should be able to download courseware securely online, it should be possible with any elearning protection system to protect course content onto a flash drive and lock it to that device. That way all the content of a training course can be secured onto a flash drive and distributed to every student but licensed piecemeal (so students can only access courses that they have paid for).
Locklizard provide a USB add-on that enables you to distribute training courses securely on USB devices along with a secure viewer – so students can view course content offline without installing any software.
Any system that enables offline use should provide the same level of security as online use. Locklizard viewers enforce the same DRM controls whether in online or offline mode.
Location locking
It may be a requirement that training course content cannot be used outside of a specified location. So you will need to ensure that content use can be locked to a country location, an IP address, or range of IPs.
Locklizard can automatically pick up a user’s location and lock training course content to that location.
Logging when training courses are viewed and printed
It may be important to see if and when a student has opened a course and if they have printed it (assuming you allow that functionality). So the training course protection system you decide on should be able to log document use.
Most importantly however, you should know who you are tracking. If documents are locked to authorized devices, you have a pretty good idea who the user is. If however users login to an online system they can easily share login credentials and use the same IP address. Your tracking information is therefore useless.
Preventing students sharing logins
You can’t prevent users from sharing login credentials or 2FA authentication information. A more secure option is to prevent logged in users from gaining access to content they are not authorized to view.
If you protect course content using Locklizard, you can sell online courses from your website or upload them to an LMS without having to worry about who can access them. Any user that logs in can download the content, but only users with licensed devices can view them.
Selling online courses securely – enforcing elearning copyright and intellectual property protection
When moving from a controlled teaching environment to remote learning it is important to ensure your elearning content is not readily stolen and illegally distributed.
There are many businesses selling online courses that choose a DRM system such as that designed by Locklizard, to protect their intellectual property wherever and whenever it is being used. Locklizard enforce copyright ownership and control of elearning course materials and courseware providing complete intellectual property protection for online courses and training materials. Securely sell online courses from your website without fear that they will be shared, copied and pirated.
FAQs
Can you prevent students sharing logins for online courses?
No, but with Locklizard you don’t need to. Course content can only be viewed on authorized devices. So even if a user shares their login credentials with others, and downloads the materials to their device, they won’t be able to open the course content.
How do I stop online courses from being shared?
Courses must be locked to devices to stop them being shared, and you must stop all methods of copying content. As well as locking course materials to devices (and optionally locations), Locklizard prevents users copying and pasting content, screen grabbing, editing and printing.
Does Locklizard protect video content with DRM?
No, Locklizard only provides DRM for PDF files.
The issue with video content is that it is easy to re-record using local or remote screen recording software, so DRM controls can be instantly stripped.
For your videos, the best way to protect them is to refer to content in the manual/course content so people have to purchase this as well to benefit.
Does Social DRM stop users from sharing course content?
The issue with social DRM, or social watermarking is that both visible and invisible watermarks can be removed.
If you want to add watermarks to courses to identify users then you need to use a security solution that enforces watermarks.
Can I revoke course content if it is stored on a device?
Yes, as long as you enforce validity checking with the licensing server. This can be every time the user opens your course, every x days, or when an Internet connection is available.
Can I sell an online course securely from my website?
Yes. It does not matter where you upload your protected courses to – your website, an LMS, file sharing site, etc. You don’t have to store them in a protected folder or force users to login to yet another system. Only authorized users will be able to view Locklizard protected courses.