Revoking Document Access, document expiry and remote file deletion
Revoking Document Access
There will be many occasions when you need to revoke documents you have published:
- the information contained in the documents is no longer valid because it is out of date or wrong
- you feel your documents are being misused
- the wrong document was distributed to people in the first place
This guide examines some of the options in Safeguard PDF Security you can use to revoke document access, and explains why some approaches to revoking document access are not really helpful.
The PDF DRM and licensing controls in Safeguard PDF Security give you a number of ways of stopping documents from being used once they have been issued.
Using Document Expiry to revoke access
You can set documents to expire in specific circumstances. This is done when a document is protected and is bound to the document at that time (although can be changed at a later date from the administration system):
- On a set date
- After a number of days from first use
- After a number of views
- After a number of prints
For company documents it is normal to have set an expiry end date, which is when they would normally be superseded. The other expiry methods are more likely used to control documents used in training courses, and documents for evaluation.
It is possible to set a document expiry end date of ‘never’ so the document never expires, but if you do the end date cannot be changed. You can however change document expiry settings at a later stage on the administration system if you set a fixed date or a number of days/views/prints. This enables you to either extend or reduce document use, or instantly revoke access.
Apart from on a set date, the other methods require an online license check before the user can open the document. As soon as the number is met access stops, although it is possible to change the number in the administration system for individual users after the document has been assigned and that will take effect next time the user opens the document. You can therefore publish a document with a say a fixed expiry date for all users, but extend the access period for specific users if you so wish.
Document expiry happens automatically when the expiry criteria is met. This is therefore an easy and automatic way of revoking document access without any administration intervention.
Suspending or deleting a document to revoke document access for all users
If you want to revoke document access straight away to all users then you can suspend or delete a document. Access will be revoked when the user next tries to open the document if the document is set to check against the licensing server (online use). If you have allowed the document to be used permanently offline (without ever checking with the server) then you cannot revoke access by suspending or deleting a document because there is nothing in place to enforce the document to connect to the licensing server to pick up the new controls.
With Safeguard Web Viewer you can always revoke document access straight away as documents are always viewed online.
If you use publications to manage your protected documents, then you can remove publication access from specific users or change the publication access period so that revocation or expiry takes place for a group of documents. The same online/offline rules apply as to individual document revocation and expiry.
Revoking document access to all documents on a per user basis
This approach stops a user from accessing any documents, but it only happens if there is a mandatory license check on the document being opened. If you have set the license check to ‘never’ then revocation cannot be implemented. One advantage of this approach is that you can reinstate the user rather than having to delete them and then add them again.
At the user account level you can revoke access to all license check documents by:
- Suspending the user account
- Setting the user account to expire after a certain date
You can change the fixed expiry date also, but again there must be a license check before the change is implemented. If you do that, then you can keep altering the end date to suit changing requirements, and apply different end dates to the same file for different users. But you must remember that it will be up to you to reconcile end dates manually since there is no provision in the administration system for showing different end dates by user.
Remote document or file deletion
Another approach used by some document DRM systems to preventing continuing access to documents is the ability to remotely delete the document on the user’s computer – see remote file deletion. Sometimes this includes the concept of being able to ‘delete’ a file ‘beyond recovery.’ Commonly this is claimed to be achieved by multiple overwrites of the file in its location.
Safeguard PDF Security does not support this feature as it is more of a marketing ploy than a security feature.
Now don’t take our word if this technique works or not – go and reference the work of Peter Gutmann, the noted computer scientist in New Zealand. He points out that that, “the 35 pass overwrite technique …. a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques.”
Now that is talking about a system for trying to prevent any possible kind of recovery of a file stored on a hard drive. Never mind about hosting files on remote servers or using RAID architectures or having system backups.
Everything sounds fine if everyone is playing by the rules. But dishonest people have already established that they are not playing by your rules, and their rules are different. It is trivial to set a file to ‘read only’ so an ordinary application cannot write to it no matter what it wants. Now of course there are ways of getting round that, but they need code that gets around the operating system of the computer, and that is most definitely a ‘bad’ idea. That is what hackers and viruses set out to do, and if anything goes wrong you generally don’t have any files to come home to.
Be aware that the UK agency CESG notes that if you want to be sure files cannot be recovered you need to physically destroy the disk drive. Like burning it. (Now I’m not saying everyone wants to go to that level of certainty, but you get the idea of what the agencies mean by data destruction.)
But to bypass the control, all the user has to do is make a copy of the file before using it, so they lose nothing except time if one gets deleted. So you see that the idea of sudden deletion is interesting, but is less effective than expiring or revoking a file so that it can no longer be used.
How to expire documents using Safeguard PDF Security
Document expiry options in Safeguard Writer
You can set PDF documents to expire automatically when protecting them using Safeguard Writer. You can change the document expiry settings for all or individual users at a later stage using the Safeguard administration system.
1. Go to the Expiry & Validity Tab and from the ‘Document Expires’ section select either an expiry date or a number of days from first use. If you select an expiry date then the document will expire on that date. If you select a number of days from first use (say 30), then the document will expire 30 days from when it is first opened. The document will expire at different dates for different users depending on when they first opened the document.
2. If you want to expire documents after a number of prints or views then this can be achieved from the ‘Printing & Viewing’ tab.
To expire documents after a number of prints, select the number of copies you want to allow and check the ‘No access after print copies depleted’ checkbox. Once the number of prints have been reached the document will automatically expire and can no longer be used.
To expire documents after a number of views, check the box ‘Limit number of views’ and enter a number in the scroller field. Once the number of views has been reached the document expires.
Changing document expiry in the Safeguard Admin System
Once a protected document has been published you can change the expiry date from the Safeguard Admin System. You can do this for the document (so the new expiry date affects all users) or for individual users.
To change the document expiry date for a specific document, go to the Documents Tab and select the document you want to edit. Click on the Details button and enter the new document expiry date in the ‘Expires’ field.
To change the document expiry date for a specific user, go to the Documents Tab and select the document you want to edit. Click on the Details button and then the ‘Grant or Revoke Access’ link. Select the user you want to change the expiry date for and then from the ‘Grant Limited Access’ pull-down field enter a new document expiry date.
You can also change the start date of a document here. Changing the start date of a document to a future date stops access to the document until that date is reached. This is therefore another method of temporarily revoking document access for individual users, or ensuring that documents are not used before a certain date.
How to revoke document access using Safeguard PDF Security
Revoke document access for a single user
To revoke access for a single user is very easy and you can do this for single or multiple documents.
1. Log in to the Safeguard administration system and go to the Customer Accounts tab. Here you can search for the individual customer record you want to alter.
2. Click on the Details tab to show you information about the selected customer record.
3. Go to the section titled ‘Manage Access’. This is where you grant access to documents, or revoke access. If you click on the option ‘Set document access’ it will bring up a tab showing all the documents that this user has access to.
If you find they have access to a lot of documents you can use the filter to narrow the search down to the document that you want.
4. Select the document(s) by clicking on the selection box and go to the ‘With all checked’ pull-down field. Here you can select from the options:
- Grant access
- Grant unlimited access
- Grant limited access
- Revoke access
5. Select ‘Revoke access’ and then press the OK button. Assuming that you set the original document to check its license, the next time license check happens, access is revoked.
A more granular result can be achieved using the ‘Grant limited access’ option.
Here you are able to set start and end dates for access that override the values set when the document was originally protected. So provided there is a license check for the document this control will override the original setting. So you could set the ‘Until’ date to yesterday and access would stop. And you can go back later and change these dates and have the new ones override the old ones.
Revoke document access for multiple users
You can revoke access for multiple users to multiple documents in one go.
- Select the documents tab and find the document you want to revoke.
- Then in ‘Manage access’ you can select all the customers who have been granted access to the document via the ‘View customers with access’ link.
- You can use the Filter to reduce the number of customers selected. You can check the records that you want to revoke or use the option to check all of them, and then you have the same options as before, applied to a larger number of users instead of just one.