Publishing secure PDFs

Publishing Guidance

Most of our users want to publish one or more ebooks, technical manuals or similar documents which they have in PDF format but wish to ensure are truly secure from copying and/or have other controls applied to them. For cross-patform publishing (to PCs, Macs and iPADs) publishers should create .DRMZ files (DRMX files with the iPAD comptible option ticked) and distributed these files - end users then use the Javelin PDF reader for their platform to open, authorize and view these files.

The simplest way to create a secure PDF using the Drumlin software and service is first: Download, install and register the free Drumlin reader/publisher software. Then, for the strongest security and where you do not necessarily know who your users will be in advance then follow the steps below. This will enable you to produce a secure PDF. Secure PDF files require an authorization code before they can be viewed on agiven device - for cross-platform (PC, Mac and iPAD usage) we recommend that iPAD-compatible (DRMZ) files are created and distributed. If you know all your users in advance (e.g. they are your in-house engineers or sales people, or are members of an existing group), then you may wish to use an alternative approach (user lists) with what we refer to as Basic DRM files (seeUserListsfor more details). Also, please read theonline help systemdocument for more details about all the options available. Now proceed to create a secure PDF file as follows:

Use the File menu, Publish option and select a test PDF on your PC for secure publishing - choose the Document type tab and select the "Fully secured DRMX" file option. If you want to produce an iPAD-compatible file then tick the iPAD box on the document type form (this reults in the file created having the extension .drmz). Then use the other form tabs to set the options you would like to use as controls (e.g. View=5, Print=0, End date=31st December 2013) and press the OK button (note that -1 in a count field means "unlimited"). You need to have an active Internet connection at this stage.
Drumlin then sends control information (NOT THE PDF FILE ITSELF) to our server. This includes the information necessary to identify your file (including the file name, your details and the controls you have applied) together with other security information. This information is stored on the server. At the same time your PDF file is protected by our security wrapper and this version is saved on your PC/chosen location with the file extension .DRMX or .DRMZ. Your original PDF file remains unchanged. A test authorization code is automatically sent to you to check your DRMX or DRMZ file, as if you were an end user. Ask us if you would like additional codes for test documents. Quick tip: If you have several PDF files you wish to publish for individual users you can combine these first into one PDF (e.g. using Adobe Acrobat) and create a single secured file and will need only one code for all the PDFs for a customer. DRMZ files (iPAD-compatible files) are created in much the same manner, but the document security methods are different. All Javelin readers can accept DRMZ files but only Windows and Mac versions accept DRMX files.
You can now send the DRMX or DRMZ version of your PDF file to anyone you wish or place it on a web site for downloading (if you have any problems with this please let us know - first check the answer to Q22 on the FAQs page) - it is secure and cannot be used/read. DRMX and DRMZ files are typically read using one of our Javelin lightweight secure PDF readers - downloaded as free software from our websites. To make the file readable it needs an authorization code, which you will provide. You get this code from us (contact us by email to obtain codes, stating the DocID and/or document name for which you require codes - you must identify yourself as the publisher and do this from your registered Drumlin email account) - we actually send you blocks of codes, up to 100 at a time, as text files - it is up to you to keep these safe and distribute them to your customers/users. Normally codes can only be used once, but you can ask for a set of codes that can be used 2 times or more if you wish. For subscription service customers an AdminApp program is available on request that enables opublishers to create their own authorization codes, without having to contact us first.
A DRMX file can be converted to a Windows "Click and Go" EXE file if you wish. This produces a very simple runnable file for the end user on their PC (not Mac), which has the same document ID as the source DRMX and still requires an authorization code, but does not require software installation or registration, and does not use Microsoft .NET software for the reader. This makes the process simpler and faster for the end user. Both standard DRMX files and EXE files can have their authorization code sent out as a .dac file - if this file is in the same directory as the DRMX or EXE file, the software will use this to pre-fill in the authorization code, again making it easier for the end user. Two additional options are also provided for exe files: (i) offline authorization, which will use a username and email address for authorization, comparing this with a code provided by the publisher (offline); and (ii) no authorization required, simply run the exe

Your customer, the end user, will need to know what to do in order to read your secured PDF. Typically you will send them an email, with simple instructions, possibly linked to a web page. In most cases your email will also include an authorization code for them to use. Your customer now has the software installed and registered, your DRMX or DRMZ file, and an authorization code from you for that document. As noted above, you can provide this by email or automatically via your online service (e.g. using your own shopping cart system or a PHP product like Linklok), or via a commercial service such as PayLoadz or SoftSeller. The end customer (PC/Mac customers) use the File menu, Authorize option and selects the DRMX or DRMZ file you have provided, and then they enter the authorization code they have been given when prompted. The code is checked centrally to ensure it matches the document ID and is a valid and unused code, and if so, exchanges information with the end user's PC to enable the DRMX or DRMZ file to be decrypted/decoded. Note that authorization codes are simply look-up codes, and do not have any encryption/decryption function

There are lots of checks and log files to make sure that as far as possible this all works smoothly. However, if there are questions or problems these can generally be sorted out very quickly. Facilities for this include:

a file called PublishingHistory.csv on your PC somewhere like: C:\DocumentsandSettings\username\Application Data\DrumlinSecurity\Drumlin which is very useful, as it contains lots of information about your publishing activities. This information can be accessed via the Tools menu, Document History option
there are several other files like this in the same location which are useful... such as the Drumlin.History file (can be opened with Notepad etc), AuthorisationHistory.xml and in the logs subdirectory, a full log file of usage of Drumlin and any issues or errors that arise
Within Drumlin itself there are facilities on the Help menu to assist end users. These include the Welcome document, the links to online help and faqs, the Updates... facility for automated updating of their software, and the ABOUT form, which includes a SEND LOG FILE button... this latter facility automatically sends the user's log file and settings file to our support desk by email in case of problems that cannot easily be resolved
users can double-click on a DRMX or DRMZ file to open it with Drumlin or Javelin. If they do this with a DRMX or DRMZ file it will ask if they wish to authorize it - if they have done so already it will detect this.
user activity is logged on our central servers, so it is possible for use to identify end-user issues and actvities remotely. It is also possible for us to report on such activities to the relevant publisher and to enable/disable documents, authorization codes and Drumlin users if absolutely necessary

Web-based published document list: If you select theUSER LOGINpage you can obtain a full list of the documents you have published. To log in you need your USERNAME (which is displayed on your Drumlin Help menu, About... form) and password. These were the ones you specified when you registered and are included on the Welcome registration email you were sent at the time. You can recover your password by entering your email address in the Recover password form and the password will be emailed to you.

Publishers often have special requirements. By default the free service provides the core software and service publishers require. However, there are many additional facilities and services available - Please contact us by email if you have any questions and look at our PDF-Publishing web site and the other pages on this web site for more information and advice

The terms and conditions for using this software and service are provided in the Software License document issued with each copy of Drumlin. This service is provided on the basis that it may not be used to distribute or promote indecent, racist, terrorist or any other materials likely to offend or provoke hatred. Drumlin Security reserve the right at any time to disable documents or users from the service if breaches of the License or usage terms are identified. Please see theAboutpage for more details. The Drumlin Digital Rights Management (DRM) Server is comprised of a Microsoft Windows server host configuration offering Web hosting, ASP/.NET and SQLServer 5 (or later) facilities. Service management is conducted via FTP and SQLServer management facilities. In the latter case this is typically Microsoft SQLServer Management Studio (or Studio Express) and Microsoft Access (connection via ODBC to SQLServer host). The latter is principally of use for ad hoc queries and management report generation, but may also be used for data updating where appropriate. The SQLServer configuration may be shared with many other databases and is typically very lightly loaded. This is because the data stored is fairly small (normally no documents are stored in the database, just document and user related data), and interaction between the client and host server is typically occasional, short and fast. Almost the only occasion where larger volumes of data are handled is when a large bulk publishing exercise is run (e.g. for 100s of files at one go)