Selling elearning courses securely

Intellectual Property Protection for Online Courses & Training.

When elearning courses are delivered outside a controlled classroom environment you need a secure DRM system in place to protect courses and course content from theft, unauthorized sharing and distribution.

Protecting digital training courses from theft & unauthorized distribution

In today’s commercial landscape, delivering many things, including digital training course materials and elearning courses, must now be done at a distance, in an environment that is not under your control, but rather out of control.  And getting paid for them is equally important, as is making sure you don’t find copies on download, social media, and other Internet sharing sites.  And when you are selling coursework that is made up of digital documents (and therefore easily copied and distributed) you need a Digital Rights Management (DRM) system that was designed to work regardless of the infrastructure they are used in.

Traditionally, training courses would be taught in a controlled environment with students given access to a company’s computer systems and devices.  With remote learning, students use their own devices (be that a computer or mobile device) enabling content to be easily shared with others since it is now under their control instead of yours.  Locklizard’s DRM for training course content ensures that e-learning materials are always under your control and cannot be easily shared with unauthorized users.

How to protect your courses & course content from theft

What problems do you need to solve to be successful?

  1. The first problem, put simply, is you want to sell people that you do not know (apart from a valid credit card?) the right to use elearning and digital training courses while not being able to rip you off (sharing a course or course content with others).
  2. The second problem is providing control over your course content whilst it is outside your network – most probably you would want to keep strangers out of your networks as much as possible in case they compromise the security of it in some way, such as inadvertently having been given access to the wrong areas.

Protection of course content in hostile environments

What you are selling has to have controls capable of working in hostile environments.  And surviving an intermittent Internet service.  Not everywhere has fiber to the doorway and in some places copper is removed by local ‘entrepreneurs’ just as fast as it can be installed.

So what characteristics do you need to have in your elearning course protection system to help you reach the largest market with the lowest risk?

Secure courseware eDelivery – the devil is in the domain

As we have already noted your elearning content protection solution must be able to bypass or ignore domain boundaries.  These are introduced by corporate bodies to replace the earlier firewall physical boundary with a logical one.  But introducing two domains to each other is a non-trivial undertaking so you can’t really expect to use a ‘standard’ Single Sign-On to control user access because it has domain boundaries.  And ever so many of your customers are in no domain at all, or in a domain that is not going to join your domain anytime soon.

Domain bound systems suit corporate bodies that can undertake IRM (Information Rights Management) rather than DRM approaches because they control everything within the domain including known users (employees or trusted third parties) of the system.  So they can define relationships and hierarchies and automate the ability to define what is confidential and what is sensitive and the internal protection rules that should apply.  But not everyone agrees as to what the levels of trust correspond to what level of control.  You have to have the ability to define what you want rather than what they support.

Stopping sharing of elearning courses and course content

To stop users sharing training courses with others, documents making up the course must be locked to the user’s device.  This is achieved in a DRM system using encryption and license controls and ensures that only authorized users can open those documents.  If the documents that make up a training course are copied to an unauthorized device they will fail to open.

Other DRM controls are needed to enforce copyright ownership and control of elearning course materials and courseware by authorized users (i.e. stopping copy and paste, screen grabbing, etc.) and those are covered below.

Stopping copy and paste and screen grabs of course material

Students need the ability to make notes while a training course is running (and these need to be capable of being linked to the relevant place in the course document or they are not going to be much help).  And these may need to be in a form that allows students to ‘swap’ notes.

At the same time, it is necessary to prevent screen grabbing of content and stop copying and pasting of content for use in another application and so any elearning course protection solution you purchase should be able to stop this.

It is always possible to use the camera feature in a cell phone to make screen copies and nothing is going to prevent that.  But you can discourage students from making and giving away copies by including watermarks on screen and print-outs that identify the student, show the time and date the copy was made and your Copyright marks.  So when protecting training course content, your DRM protection system must allow you to create dynamic watermarks (watermarks that dynamically add user identifiable information at view/print time).  This saves you having to know who the user is when protecting elearning courses and ending up with thousands of personalized copies of the same course.

Preventing printing of training course content

Despite the problems of allowing printing at all (if you allow printing then documents could be photocopied), it is often necessary to allow particular sections of text to be printed.  Whilst at the same time making sure that the remainder of the text is protected or there won’t be much sales revenue coming in.

This can be achieved by having different protected documents, some of which can be printed and some of which cannot.  When it is less clear cut, and you want to allow controlled printing, your training course DRM solution must be able to prevent printing to file drivers (e.g. to a PDF file printer) otherwise students can make their own PDF files rather too easily.

Controlling access periods and expiring training courses

When protecting course content, your DRM controls should contain the ability to ensure your course content is time controlled.  This may be that it cannot be viewed before a certain date and/or can only be viewed for a designated amount of time.  This could be that users can open the protected content a number of times, or it can be used for a couple of weeks, months, or so on.

Document expiry controls should be flexible so that they can be applied to individual users rather than the documents that make up a course (you should of course have both expiry controls available so that you can expire both course content and user access).  When applying expiry at the user level, each student’s access period to content can be for the same amount of time (say a month) regardless of the date from when they start a course.  This is important if elearning courses can be purchased and taken at any time rather than always starting on a fixed date.  Additionally, you might decide that access to course content lasts for a number of days after the end of the course so that it can be used as a reference for a short time.

You should ensure that the elearning DRM system enables access periods to be altered at any stage to either increase or decrease the amount of time students have access to course content.  And that both user and document access can be instantly revoked.  You may need to do this for example if a chargeback has been made or some course material is incorrect and needs to be replaced.

Online course security, phone home and the ever-online philosophy

Your elearning course protection system has to be able to talk to an administration service to find out what is currently allowed with the document(s) such as the number of prints made out of a maximum number allowed, or the number of times a document has been viewed, and what they should be changed to if you find you need to alter their permission(s).  After all, you have to be able to change some controls after protecting course content to suit individual use cases.

Any needs to be able to operate without being online all the time, and to survive on being able to ‘phone home’ either when a connection is available or every so many days.  All the time the document is being used offline it must continue to enforce the security controls as defined by the last time it connected to its administration system.  And this must include the ability to revoke access to documents and individual users when it does get a connection to update itself.

Secure courseware eDelivery and offline use

While most students should be able to download courseware securely online, it should be possible with any elearning protection system to protect course content onto a flash drive and lock it to that device.  That way all the content of a training course can be secured onto a flash drive and distributed to every student but licensed piecemeal (so students can only access courses that they have paid for).

Locklizard provide a USB add-on that enables you to distribute training courses securely on USB devices along with a secure viewer – so students can view course content offline without installing any software.

Location locking

It may be a requirement that training course content cannot be used outside of a specified location.  So you will need to ensure that content use can be locked to a country location, an IP address, or range of IPs.

Locklizard can automatically pick up a user’s location and lock training course content to that location.

Logging when training courses are viewed and printed

It may be important to see if and when a student has opened a course and if they have printed it (assuming you allow that functionality).  So the training course protection system you decide on should be able to log document use.

Conclusion – enforcing elearning copyright and intellectual property protection

When moving from a controlled teaching environment to remote learning it is important to ensure your elearning content is not readily stolen and illegally distributed.

There are many businesses selling digital documents that choose a DRM system such as that designed by Locklizard, to protect their intellectual property wherever and whenever it is being used.  Locklizard enforce copyright ownership and control of elearning course materials and courseware providing complete intellectual property protection for online courses and training materials.