Publish Standards Documents Securely
Using Safeguard PDF Security to protect standards against theft
Document security in Standards publishing
There are hundreds of different standardisation bodies internationally, all publishing standards, but in different forms and formats, and having different recognition by national or trade bodies.
But all standards bodies face the same sorts of problems around controlling the access to and use of the contents of the standards they are responsible for. Because standards have to be developed and distributed, and those activities do not come for free. Standards have to be sold, or there are no standards bodies.
In the formal standards world, the International Standards Organization (ISO) is made up of national member bodies, not individuals or companies. National standards bodies (like ANSI or BSI or AFNOR) have members that are either individual companies or representing organizations (trade associations such as the electrical contractor’s association). Members get a discount on purchasing standards (that can be up to 50%), and national standards bodies also re-sell international standards.
Informal standards bodies produce standards for their members, who are effectively paying for them through the membership fee, so they are also subject to commercial pressures.
So there are strong pressures on standards bodies to protect their revenue streams when making copies of their documents, which can include training materials and methodologies, available electronically. Making copies available electronically has been a problem for some considerable time now for several reasons, and not just security.
Consistent form and format
The biggest problem to solve with electronically distributed standards is consistency of form and format – the text and diagrams have to come out exactly the same regardless of the format they are stored in or the device they are printed on. Where you have a standard, then it’s not much good if it reads differently on different devices!
Although there have been many proposals for text and document formats (try any SGML derivative such as HTML or XML) the results have been unsatisfactory, and the only really successful common format has been the PDF format pioneered by Adobe since the 1990’s. Locklizard DRM products focus on protecting PDF format documents so that consistent rendering can be achieved regardless of the operating system or printing solution being used.
What is then critical to the standardization process is to achieve a consistency of form, format and overall security functionality of standards so that there is certainty that:
- The printed or viewed standard is identical to the original
- The standard has its authentication markings
- The standard has not been altered or misrepresented.
Commercially, standards makers need to be able to deliver their products electronically to their customers with confidence that they will not be copied and re-distributed (by uploading to torrent sites, for instance).
The problem is that in the past it has been too easy to access a PDF document and copy it and send it to anyone you want to, so in order to make things more commercial you have to introduce some DRM control(s) to prevent loss of sales income. So PDFs need to be encrypted, and then only made available to authorized users subject to additional controls.
Document Security Controls must persist after distribution
Encryption to protect information has been in use publicly since the 1990s with the development of PGP by Phil Zimmerman. And it works very well at protecting content from being used by the unauthorized, except that when the authorized decrypt the files there are no controls over what can be done with the content.
With DRM you can specify additional controls that will be enforced when the standard is decrypted (although this must be only to memory to stop a temporary copy being left on disk). This means you can have a mixture of free-issue standards as well as paid for, all of which are controlled. Locklizard Safeguard & Enterprise PDF Security encrypt PDF documents, and bind the additional controls to the file so that they cannot be removed or altered when the file is decrypted into memory (the decrypted file is never written to disk and there is no Save functionality available).
Although a common method of controlling access to secured documents is using a Password (PGP allowed for self-decrypting files if you knew the password) this has the critical weakness that passwords can be given away, so documents encrypted just using passwords have no real security. Using its proprietary Viewers (installed and zero installation), Locklizard avoids having to disclose keys to end users and there are no passwords for users to give away or post on forums.
Additional controls for protecting Standards publications against unauthorized distribution
Stopping printing is the simplest control for preventing the redistribution of standards, since a printed copy can always be photocopied.
If printing has to be enabled because the standard can’t be used on-screen (some standards run to hundreds of pages), additional controls can be added to reduce the likelihood of misuse:
- Adding a dynamic watermark that identifies the authorized customer making the print
- Limiting the number of copies that can be requested
- Stopping use if the number of prints has been consumed
It may be necessary to allow prospective users to review standards materials before buying them, without giving the documents away. This can be done by:
- Limiting the number of times they can be viewed
- Setting a number of days for evaluation once first opened
- Setting a date after which they cannot be used/opened
It is also possible to protect standards documents with dynamic watermarks that are displayed when the document is viewed – these identify the authorized user, and can deter them taking photographs of the screen.
Online and offline use
Where standards are supplied over the cloud, providing web based access, there is the limitation that the user must be online in order to read the materials. This may be a valuable control where free standards are being issued since the user should not be able to download the underlying documents.
But for authorized users it may be very valuable to be able to use them offline, when traveling or out of the office. Any DRM solution has to be able to support both of these options if it is going to be effective. Offline use requires a copy of the encrypted standard(s) to be kept on the user’s device, so there must be no Save or Save As type functionality available when they are being used. With Locklizard users can benefit from both online and offline solutions, installed or zero installation secure PDF Viewers.
Another approach to offline use is to be able to load standards onto a USB drive so that they can be held as a self-contained group of documents (you could include the standard(s) and all the relevant training materials as a ‘package’ that can be used by customers or by training consultants, but cannot be redistributed to anyone by the USB holder. This has the advantage that a complex standard and its training materials, such as ISO 9000, can be delivered as a single package, and each document can have different controls, so blank forms and course notes can be printed without any controls, but the individual standards and courses cannot be printed at all. The approach combines simplicity of management and distribution.
Publishing Standards securely with PDF DRM Document Security
Locklizard enables standards publishers to publish standards securely, ensuring that publishers retain control over their standards and are able to gain the full economic benefits of selling their standards. And standard makers are able to distribute content free of charge without losing control of the standards themselves.