Encryption is the keystone of any worthwhile PDF security software and image protect software, because without encryption, keeping documents or images from unauthorized use would be impossible. Encryption is the "safe locker" in which the PDF or image is stored, until all access requirements are met. Then the PDF or image can be decrypted and displayed to the viewer.
Encrypted PDF and images can be stored anywhere and transported by any means including email, download or on disk without being compromised. It doesn't matter if the media is out in the wild on CD or already saved to a user's computer, because until it is unlocked by decryption it is completely safe from unauthorized redistribution and copy or print.
The display of encrypted PDF and images will always require a proprietary viewer and that is how it should be. It is because a special viewer is required that ensures that the secure image or PDF remains secure until it is safe to display it, and by safe I mean after all access requirements are met. It will be the "proprietary viewer" that will be the only means of displaying the media because it will be the only means of decrypting it.
So when web developers enquire about PDF protection or image protection that can be used on all devices, it can be a tedious task trying to educate them in the ways of security and the limitations of the various operating systems. Something to consider is "what is the point of using the most secure encryption algorithms if the code used to decrypt them can be so easily exploited?" And that is what happens when using encryption on devices that are so limited that the apps themselves cannot be protected.
In the copy protection industry, if you can call it that, a commonly used expression is "strongest encryption methods" that doesn't really mean much when considering that a) that it may be the best encryption method that can be used with the scripting available, and on mobile phones that will be JavaScript only, or b) the best encryption method that could be found on a free scripts website, or c) the best encryption method that the coder's experience allowed.
Another expression used is "that it would take the computer resources of NASA to crack the code" but whether they tested it or are simply borrowing the words from their competitors, most encryption methods are safe from those that you need to protect against. In fact most hacking of encrypted data usually has help, either from trusted staff or by obtaining or guessing the passphrase. But again, if the application that is performing the decryption can be easily decompiled to reveal the workings of its code, then the passphrase will be easily obtained.
So the security and robustness of any encryption method is directly related to the sophistication of the application that decrypts it. Consequently, if your data is not mission critical, by all means distribute it for all apps including those used by amusement devices like mobile phones. But if data needs to be protected like crown jewels, then stick to Windows applications. Now a lot might argue that new programming languages for non-Windows devices have evolved and that Windows was never that secure, and they will be wrong because Windows has and always will be more evolved than what anyone can imagine. Stuff written for Windows 20 years ago still cannot be matched for its sophistication and complexity in any other language today. If you are a layman and wanting a second expert opinion on that you can save yourself a lot of time by looking in the System folder of any Windows computer. Then note how many resource DLLs that make up Windows are old, some of them being almost 20 years old and that is not because they are outdated but because they were coded properly in the first instance!
So how does ArtistScope select the encryption method to use such as in its
image protect software? Well that is privileged information just like ArtistScope's client list. We don't expose our methods and we have always had a policy of not disclosing our clients. But I can tell you that our encryption methods vary between processes and the overall requirement has always been file size because when encrypting documents and media of 5-300 Mb the client and consumer does not want to know about an increase in file size due to encryption. As for their security and robustness, they have never been exploited, full stop.
Now let's get back to disclosing client identities. I am sure that most companies will not want their name mentioned as a user of any particular security application for obvious reasons that I should not have to explain here. So why do so many in the copy protection industry claim that such and such a company endorses their product? Next time you see that on a web site stop and ponder the possibilities... "is that claim fake?" and it is so easily overlooked because citing the name of any company that has 30,000 staff worldwide just might make the possibility true. My guess is that it is not true and that the company making such a claim has no such client, otherwise they would respect their privacy and security policy by not disclosing the security solution that they use.
ArtistScope's pdf security software known as CopySafe PDF is used worldwide and the only exact number of clients that we can tally are by counting just how many of them use the DRM portal for their access rights management. There are currently 550 companies worldwide listed that include all sorts kings of industry from Universities and Online Schools to Oil Companies and Banks.
Encryption and copy protection solutions for all types of media can be located from the indexes at the top and bottom of the page.
Author: William Kent
Date: 6th November 2019
Return to DRM and Copy Protection
No comments