Previous articles have covered how one can "copy protect PDF" to prevent the copy of a document's contents after it is opened, so in this article we will look specifically at preventing unauthorized access and the options at your disposal for maintaining control over who and when users can open your PDF document.
Only some of these options will be available to PDF documents distributed without DRM. But all options will be available when DRM is applied to the PDF document. By DRM we mean "call-to-hone" access rights checks that the reader performs every time the user either opens the document or tries to print it. Only by using call-to-home (live) DRM can such actions be logged securely and a permanent record kept for all time.
Password protection is the most basic limitation that can be applied to protected PDF. Without the appropriate password the document cannot be opened thus preventing the user form accessing its contents. There is a lot of software available that adds password protection, and there is a lot of software available for extracting passwords.
The success of those solutions depends on where in the document the password is stored. Most store the password inside the document header, while the more secure method is to embed the password inside the encrypted body of the document so that it cannot be extracted by any tool other than the proprietary reader for which it was encrypted.
Printing can be completely disabled or limited to a number of prints. It can also be limited to the types of printer used such as direct or network connected printers. Preventing the use of printer drivers will prevent users from converting your protected PDF to any other file format that they desire.
Without using live DRM the number of prints needs to be stored on the user's computer leaving the print count open to exploit. Print count can easily be defeated by changing computers. But by using live DRM, the print count is logged per user account and cannot be exploited in any way.
With live DRM a user's usage can be logged enabling authors to set a view limit. For example with a view limit of 3, the user will be able to open the document 3 times after which they will see an error message advising them that their usage limit has expired and to contact the author. Note that once a document is open, it can remain open for an unlimited amount of time, even while collapsed and out of sight.
Setting an expiry date can prevent all users from opening the PDF document after the date expires. Expiry by calendar date can be set when publishing both with and without live DRM. Unfortunately most PDF protection software refers to the user's computer clock for time checks which can easily be exploited by setting the computer date back. A more secure method is by using independent time server checks or by using live DRM which checks the time on the DRM server.
When live DRM is employed all usage is logged. Every time a user opens a PDF document, the action can be logged, so the DRM server has a record of each user's first opening of any document. Consequently expiry by the number of days or hours from the first opening can be established and expiration applied accordingly. Note that such expiration applies to the opening of the document and that once opened, it can remain open on the user's computer indefinitely.
As mentioned above, the DRM mentioned here is live DRM that requires access rights checks every time a PDF document is opened or printed. CopySafe DRM identifies each user by a unique computer ID comprised of an algorithm based mainly on hard drive serial number and manufacturer so that the ID is unique. IP and Mac addresses can change between internet connections and the connection type which is why CopySafe prefers to use a unique computer ID. That Computer ID is submitted by the CopySafe Reader with every DRM check and the user is automatically identified after their first opening of any DRM protected PDF.
Each user's privileges are governed by individual settings, settings assigned to either the user's group or the document's group, or assigned per document, leaving an author with an arsenal of options to control just who, how and when they want their users to access their copy protected PDF documents.
Live DRM also gives authors total control over all aspects with immediate effect on any changes made, even on PDF documents already saved to a user's computer or still out in the wild on disk.
All of the methods recommended above for the best security and protection are employed by the CopySafe PDF Protection software, which is why it is the tool of choice where intellectual property and livelihoods are at stake. CopySafe PDF can be deployed for distribution for desktop reading and also web page reading. In fact it is today the only secure PDF solution that can be used on web pages. As web copy protection software, CopySafe PDF Protection is a world apart from all other copy protect PDF solutions.
Author: William Kent
Date: 24th June 2020
Return to DRM and Copy Protection