Revoke documents & authorization to access
There will be many occasions when you need to revoke documents you have published or the authorization to access them. This could be because:
This guide examines some of the options you can use to revoke documents or document access (revoke authorization or access to a PDF file) and explains how you can use Safeguard PDF Security to achieve this.
The PDF DRM and licensing controls in Safeguard PDF Security give you a number of ways of preventing documents from being used once they have been issued.
Using document expiry to revoke access to PDF files
You can set documents to expire in specific circumstances. This is done when a document is protected and is bound to the document at that time (although expiry can be changed at a later date from the administration system):
For company documents, it is normal to have set an expiry end date, which is when they would normally be superseded. The other expiry methods are more likely used to control documents used in training courses, and documents for evaluation.
It is possible to set a document expiry end date of ‘never’ so that the document never expires, but if you do so then the end date cannot be changed. You can, however, change document expiry settings at a later stage on the administration system if you set a fixed date or a number of days/views/prints. This enables you to either extend or reduce document use, as well as instantly revoke access.
Apart from expiration on a set date, the other methods require an online license check before the user can open the document. As soon as the number is met, access stops, though it is possible to change the number in the administration system for individual users after the document has been assigned. This will take effect the next time the user opens the document. You can therefore publish a document with, say, a fixed expiry date for all users, but extend the access period for specific users when required.
Document expiry happens automatically when the expiry criteria is met. This is, therefore, an easy and automatic way of revoking document access without manual intervention.
Suspending or deleting a document to revoke document access for all users
If you want to revoke document access for all users straight away, then you can suspend or delete a document. Access will be revoked when the user next tries to open the document, provided the document is set to check against the licensing server (online use). If you have allowed the document to be used permanently offline (without ever checking with the server) then you cannot revoke access by suspending or deleting a document, as there is nothing in place to tell the document to connect to the licensing server to pick up the new controls.
With Safeguard Web Viewer, you can always revoke document access straight away, as documents are always viewed online.
If you use publications to manage your protected documents, then you can remove publication access from specific users, or change the publication access period so that revocation or expiry takes place for a group of documents. The same online/offline rules apply as to individual document revocation and expiry.
Revoking document access to all documents on a per user basis
This approach stops a user from accessing any documents, but it only happens if there is a mandatory license check when the document is opened. If you have set the license check to ‘never’ in Safeguard Writer, (offline access) then revocation cannot be implemented. One advantage of this approach is that you can reinstate the user, rather than having to delete them and then add them again.
At the user account level, you can revoke access to all license check documents by:
You can also change the fixed expiry date, but again, there must be a license check before the change is implemented. If you have a license check, then you can keep altering the end date to suit changing requirements and apply different end dates to the same file for different users. However, you must remember that it will be up to you to reconcile end dates manually since there is no provision in the administration system for showing different end dates by user.
Remote file deletion
Another approach used by some document DRM systems to prevent continued access to documents is the remote deletion of the document from the user’s computer – see remote file deletion. Sometimes, this includes the concept of being able to ‘delete’ a file ‘beyond recovery.’ Commonly, this is claimed to be achieved by multiple overwrites of the file in its location.
Safeguard PDF Security does not support this feature because it is more of a marketing ploy than a real security feature.
Now, don’t take our word on this – go and reference the work of Peter Gutmann, the noted computer scientist in New Zealand. He points out that, “the 35 pass overwrite technique …. a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques.”
That statement is referencing a system for trying to prevent any possible kind of recovery of a file stored on a hard drive. Never mind hosting files on remote servers or using RAID architectures or having system backups.
Everything sounds fine if everyone is playing by the rules. But dishonest people have already established that they are not playing by your rules. It is trivial to set a file to ‘read only’ so that an ordinary application cannot write to it no matter what it wants. Now, of course, there are ways of getting around that, but they need code that gets around the operating system of the computer, and that is most definitely a ‘bad’ idea. That is what hackers and viruses set out to do, and if anything goes wrong, you generally won’t have any files to come home to.
Be aware also that UK CESG, notes that if you want to be sure files cannot be recovered you need to physically destroy the disk drive. As in burning it. (Now, I’m not saying everyone wants or needs that level of certainty, but it shows agencies’ belief that nothing is ever truly deleted.)
But to bypass the control, all the user has to do is make a copy of the file before using it. They lose nothing except time if one gets deleted. The idea of sudden deletion is interesting but is clearly less effective than expiring or revoking a file so that it is present, but can no longer be used.
Revoking PDF documents online
So, you can’t stop somebody from making a copy of a file on their PC, particularly if that PC is not on your enterprise network or under your control. However, what if you revoke PDF documents online – those delivered through a web portal or collaboration software? PDFs viewed via an internet browser do not have the same presence on a user’s PC. Various cloud solutions allow you to share documents with specific accounts and then revoke access to them at a later date. However, just because somebody doesn’t have a file to move about, it doesn’t mean they can’t copy.
The problem with all web-based document solutions is that the browser has very limited control over the user’s computer. This is more or less a necessity – imagine how much damage a malicious webpage could do if it could gain full access to your PC. From a document control perspective, however, it means an inability to prevent screenshots, printing to file drivers, and often copying and pasting.
Locklizard provides a cloud-based Web Viewer that our customers can publish PDF files to if they so wish. When you revoke a document or user in your admin portal, you revoke the PDF document online, too. However, though we have taken pains to make our online Viewer more secure than the competition, there is only so much that can be done in a browser environment. We therefore recommend that customers use the desktop viewer applications when maintaining confidentiality is important.
How to expire documents using Safeguard PDF Security
You can set PDF documents to expire automatically when protecting them using Safeguard Writer. It’s possible to change the document expiry settings for all or individual users at a later stage using the Safeguard administration system.
If you select an expiry date, then the document will expire on that date.
If you select a number of days from first use (say 30), then the document will expire 30 days from when it is first opened. The document will expire at different dates for different users depending on when they first opened the document.
To expire documents after a number of prints, select the number of copies you want to allow and check the ‘No access after print copies depleted’ checkbox. Once the number of prints have been reached the document will automatically expire and can no longer be used.
To expire documents after a number of views, check the box ‘Limit number of views’ and enter a number in the scroller field. Once the number of views has been reached the document expires.
Once a protected document has been published, you can change the expiry date from the Safeguard Admin System. You can do this for the document (so the new expiry date affects all users) or for individual users.
To change the document expiry date for a specific document, go to the Documents Tab and select the document you want to edit. Click on the Details button and enter the new document expiry date in the ‘Expires’ field.
To change the document expiry date for a specific user, go to the Documents Tab and select the document you want to edit. Click on the Details button and then the ‘Grant or Revoke Access’ link. Select the user you want to change the expiry date for and then from the ‘Grant Limited Access’ pull-down field enter a new document expiry date.
You can also change the start date of a document here. Changing the start date of a document to a future date stops access to the document until that date is reached. This is therefore another method of temporarily revoking document access for individual users, or ensuring that documents are not used before a certain date.
How to revoke document access on a user basis using Safeguard PDF Security
It is very easy to revoke access for a user for both single or multiple documents.
You can revoke access for multiple users to multiple documents in one go.
Revoking access to a document involves removing the user’s authorization or ability to view and interact with the document without necessarily deleting the file itself. This is typically achieved through the use of encryption and the removal of access to the decryption key – a revoked document becomes indecipherable if a user does not have the relevant key to decrypt it.
Limited access to a document simply means that the user can only use the document under certain terms. This could mean that the ability to view the document is removed after a certain date, but it could equally refer to:
If you protect it with Locklizard Safeguard before you distribute it, then it is a simple matter of removing authorization to view it. Just take a look at the “Revoke document access for a single user” section above for a step-by-step guide on how to revoke authorization to a PDF.
Yes, using Safeguard you can change the number of prints allowed to zero. You can also make the document no longer accessible once a certain number of prints have been made.
The only way to open a revoked document or expired document protected by Locklizard is to contact the seller or administrator. You may also be able to re-subscribe to their service or renew a license via their website.
No, Locklizard DRM only works with PDF files. Microsoft Office files have to be converted to PDF format first. Once converted you can then revoke PDF file access in Sharepoint for example using Locklizard.
If the email attachments are PDF files, then yes. You can send a secure PDF just like any other file and instantly revoke or automatically expire it after a period of time or use.
Yes, with Safeguard Enterprise you can specify the number of days users can view documents offline before they have to connect to a licensing server.