secure download

Secure Download

Secure Downloads – Stop Downloading of Files to Protect against Unauthorized Copying & Sharing

How to secure downloads & stop file copying

Most people associate the action of downloading a file with making a copy of it, and they’re right. Meanwhile, in the world of Intellectual Property Rights (Copyright), we always talk about controlling the creation of copies. But are these two things incompatible?

Here, we discuss some of the reasons why downloading is necessary and the impact if it is stopped. We then look at secure downloads — stopping use of downloaded content, or controlling use of downloaded content — to achieve a cost-efficient and secure approach.

Free 15 Day Trial

Protect PDF files – stop copying

Stop unauthorized access and sharing
Control use – stop printing, copying, editing, etc.
Lock PDFs to devices, countries, locations
User and PDF expiry, revoke files at any time

Stopping downloads to cache & file copying

As is so often the case in IT, what is happening at the technical level decides success or failure. Let’s take the case of information being viewed in the browser. Everything you view in a browser is automatically downloaded to a cache on your hard disk. The temporary internet files (or cache) folder is used by browsers to store webpage content on the computer’s hard disk to speed up viewing. The cache lets the browser download only content that has changed since you last viewed a web page, instead of downloading all of the content every time the page is displayed. This makes browsing much quicker.

You can use ASP code to disable caching of web pages, but often this code fails to work as predicted because browsers are regularly updated and new versions sometimes just don’t obey or understand the code. This has been especially true of JavaScript ‘fixes’, which often work with one version of a browser but not another. Trying to stop browser caching as a way to prevent file downloading is therefore unreliable, and it is best not to rely on this method of ‘protection’.

Depending on the information you are trying to protect, however, you might not want to stop it anyway. For example, there are big overheads if you open a PDF on a server and then smooth scroll down the page with every single line of pixels being sent over the network. If you did this, there could be major server overheads or response time problems, or likely both.

Stopping file copying with secure downloads

So if downloading is to solve a performance problem, why is controlling downloads so difficult?

The internet was made to facilitate the sharing of information, so it’s difficult to stop people from being able to download files, especially if you want some people to be able to download them, but not just anybody or everybody.

If you have your information on a server in an unprotected form, there are several free tools available (search ‘download website’) that will transfer a publicly accessible website onto someone’s hard drive, where they can be examined at leisure. If this fails, they can grab the specific resource using their browser’s developer mode, screenshot it, or print it to a PDF file from the browser.

If you want to stop illegal downloading, you’ll need to keep the information you want to protect in an encrypted form so that it’s of no use to anyone without an encryption key from you. Alternatively, you put it on a server that is not publicly accessible. Even then, however, you must be sure that the recipient is not going to misuse it.

There have been some ingenious approaches to try and stop unauthorized downloads of content by using secure downloads:

Providing a one-time access to a server that is not publicly accessible, so the link can only be used while the approved download takes place.
Uploading the file to be downloaded into a temporary location that expires when the download finishes.
Using specialist downloader applications that combine information in order to ‘make’ the downloaded file during the process, and controlling access to these applications.
Password access to content areas. Passwords, however, may be shared and are difficult to manage. You need to have training to stop somebody from socially engineering the password from your IT department, phishing your employees, etc.
Web viewers for cloud content that have JavaScript controls and obfuscation to stop downloads, editing, printing etc. These controls are usually easily bypassed by screenshotting or turning off or modifying JavaScript code before it executes in the user’s browser.

Ultimately, none of these will prevent the recipient, once they have downloaded the file(s), from then passing them on, including uploading them to piracy sites. It may have been a lot of work (and usually money) for nothing?

“Locklizard is the clear leader in the field for content protection. The ease of use by customers and the effectiveness of their PDF DRM product is definitely the best.”

Encrypted file downloads

If you want to prevent other people from making your files available for illegal downloads, you have to do something more to protect them than just relying on secure download software. That will involve using encryption, since it’s really the only effective tool to stop people from using files they have intercepted or pirated. An encrypted file is no use to anyone without the software to decrypt the file (it need not be in a ‘standard’ format like OpenPGP), and also the keying information to go with it.

Now, this all starts to get a bit complicated. Users have to be ‘authenticated’ in some way. Keying information has to be given to them secretly (if they know what the information is they can give it away just like they could give away the unencrypted files) – that is why passwords are a useless method of protection because they can be given to others. Also the keying information must not be part of the protected file or it can be too easily recovered and all protected files compromised. Users also have to be prevented from being able to make uncontrolled copies or they can still compromise the system.

How to download and share files safely using encryption

Locklizard has implemented a number of security controls that prevent misuse of downloaded documents:

Files are encrypted.
Most importantly, decryption keys are not part of the downloaded file, so the system cannot be attacked through the key mechanism. Decryption keys are securely and transparently relayed to a keystore that is locked to individual computers so a keystore will not work if copied to another computer along with the encrypted files. This ensures that users cannot share encrypted files with others as they will only work on authorized devices.
Locklizard products only decrypt content in memory, so that there are no temporary files left lying around with unprotected information in them for someone to copy.
You can lock document use to specific locations on a global and user basis. This can be useful when you need to ensure that confidential documents on mobile devices (BYOD) can only be viewed at say an office location and not when taken home.
Copies of documents cannot be made by screen grabbing software or by printing unless you allow this. Printing to file drivers (e.g. Adobe PDF Printer) is automatically prevented so that digital copies cannot be easily made.
Documents can be dynamically watermarked with user-identifiable information, so if you allow printing, you can identify the source of any photocopies.
Document use can be logged so you can identify any suspicious behavior.
Access can be revoked at any time regardless of where documents reside.

So, if you’re wondering how to prevent download of PDF files, the answer is that you can’t. However, you can make it so that downloaded files are of no use to anyone but the authorized user. Locklizard document DRM products therefore retain the efficiency of secure download without any loss of security and control over the downloaded file.

FAQs

What is intelligent download protection?

Intelligent download protection an anti-virus feature intended to protect users from malicious downloads, not secure files against unauthorized downloads or copying.

What file types does Locklizard protect?

We only protect files in the PDF format.

How do you secure a downloadable PDF on a website?

By encrypting it and applying digital rights management controls to ensure only authorized users can view it and even they cannot share, edit, or copy it.

Does Locklizard Safeguard have a limit on the number of files you can protect or their file size?

No. Only our web publisher browser viewer has such restrictions, with a 5 GB total storage limit and a 30MB max PDF limit. However, additional disk space and larger file sizes can be purchased if needed.

Customer Testimonials

We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.

The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.

I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.

Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.

I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.

Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.

We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.

Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.

Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.

The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.

It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.

Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.

Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.

I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.

We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.

Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.

	Introduction to Encryption
	Encryption is not enough for DRM
	Document encryption
	Are Passwords or Certificates best?
	Encryption to stop copying
	Digital Signature Security

	Security Learning Center
	Document Security Papers
	Information Security Glossary
	Regulatory Compliance
	Intellectual Property Theft
	Adobe PDF Security Issues
	PDF Plug-in Vulnerabilities
	Adobe Flash Security Issues
	DRM Security Issues