How Drumlin Offline Digital Rights Management (DRM) Security Works
- User experience: The steps for an end user are very simple - they install a free Javelin PDF reader on their device; they download and open the secure PDF file you send them; and they enter an authorization code for that file that and if the code is OK the file will be opened, just like any other full function PDF (i.e. with bookmarks, links, correct font and page display etc.). So for the end user it is very easy and quick - and for all tech platforms (PC, Mac, Android and iOS) this process can be largely automated making it even simpler, as discussed further below.
- Publishing: All the publisher has to do use our free DrumlinPublisher software to encrypt the PDF as described below. It can then be distributed to as many end users as required. The publisher simply issues a separate authorization code for that file to each end user when they order the material or are sent it as part of a training course, private document distribution, subscription newsletter service etc.. Special facilities exist to allow codes to be used on multiple devices if required, and/or by multiple end users, and optionally on multiple documents. More details are provided below and on our other web pages, including our Frequently Asked Questions (FAQs) page.
- Authorization codes: The Drumlin DRM security service works using authorization codes rather than complex user management systems. This makes the service and software extremely fast and easy to use, and also is ideal for fully automated management of document security, for example for ebook sales and training courseware. Other authorization options are also available (license files, pre-authorized files, automated authorization etc.)
- Encrypted PDF files: A secured PDF is a standard PDF file that has been encrypted using our free DrumlinPublisher software (the encrypted file will have a .drmz file extension in most cases). These special encrypted PDFs can only be viewed using our free Javelin PDF readers, which are available for all the major technology platforms. In order to be permitted to view this special type of PDF file it needs to be authorized (enabled for viewing and/or printing) on the user's device (e.g. their PC, Mac, tablet or mobile phone). This is carried out by the end user by opening the secure file using our Javelin software and then entering a valid authorization code for that file when prompted by our PDF reader software. Each authorization code is typically unique and has a usage count, as described below. When a user tries to open the drmz file you have provided on their device, the Javelin software asks them for a code for that document (i.e. they need to get this from you and you generate the codes for your own files using our free DrumlinPublisher software).
- Example: Let us suppose that the code you provide them is abc123def and this code is valid for and PDF document you have encrypted (published, with DRM server-generated documentID 345632 and the code is set to allow 1 usage. The customer enters the code and it is checked over the internet on our DRM server - this takes around 1 second. If it is a valid code for that file (documentID) AND has a usage count greater than 0 and has not reached its expiry date, our DRM system will tell the local device to allow the file to be viewed, and this will be remembered on that device so the code is not needed again to view the file - this enables the document to be viewed offline (i.e. without an internet connection). On our DRM server the usage count for that code is reduced from 1 to 0. Now if the end user sends the file plus the instructions and the code to someone else, it will not work because the code has been used - and it will tell you that this has occurred with the details (including the code, IPaddress, document, date, time, device details etc.) of the attempt to access the file, so tracking of valid use and attempted invalid use is available to you immediately. You create the codes using the Codes tab on the DrumlinPublisher software (service subscribers only) and the activity tracking and related features are provided via this tab also.
- Some more things it is useful to know:
- (i) the secured PDF is not decrypted when authorization takes place - it remains encrypted and secure. It is the device that is enabled to view the file, rather than the file being decrypted or the end user being separately enabled for that file on that device or our DRM server
- (ii) secured PDFs can (and should ideally) include a dynamic watermark, so that the end user and their device etc. is identified if they make a screen shot of a page - on many devices screen shot support is provided in the hardware so cannot be prevented, and watermarking is an extra form of protection again possible abuse of your copyrighted material
- (iii) with the secure offline service it is possible to provide printable files, with more extensive dynamic watermarking, plus additional controls to prevent printing to non-physical devices and limits on the number of copies printed. This applies to secured files delivered to desktop/laptops only - for security and practical reasons printing is not supported for mobiles and tablet devices
- (iv) because a unique code is normally issued to one user for one particular document, the user is determined by the code they receive without needing to have end user registration. This makes meeting GDPR requirements very straightforward and also allows such codes to be disabled if required (e.g. if there is evidence of abuse, non-payment etc.). Again, this is a feature of all current versions of our Javelin3 readers and the DrumlinPublisher software
- (v) for Corporate users with PCs, there is an option to provide License files for authorization, where license files are specific to the user AND device. This facility is available although not widely used as it requires more service management than the authorization code approach
- (vi) secure (encrypted) PDF files can be created that do not require any authorization - such files may be copied and opened by any user with a Javelin PDF reader but the protection against copying of the content, print security and date expiry all remain provided. This is ideal for time expiring files where the use of a central DRM service is not desirable or maybe not possible due to internet access restrictions
- (vii) "personalized" secure (encrypted) PDF files can be created that have a unique filename and watermark, Lists of end users can be read in order to create a series of personalized secure PDFs from a single source PDF, together with authorization codes for each individual
- (viii) creation of secured files and authorization codes is managed using the free DrumlinPublisher software. This provides for single or multiple secure file creation, and may be used interactively or in batch mode (from a command line)
- (ix) for selected platforms (currently for Android only) the delivery of the item (e.g. ebook) and code, can be automated via a website link. A test/sample page illustrating this facility is provided here. The facility uses so-called "deep links" for app-to-website integration. A sample entry on a website might look like this:
"https://www.drumlinsecurity.co.uk/docs/?docurl=https://www.drumlinsecurity.co.uk/ipad/alice.drmz&par01=abcabcabc&par02=0" where the ?docurl= part specifies where the secure file is located and parameter 1 (par01) specifies the optional authorization code to use, and par02 is not used at present. If the link is clicked on an unsuitable device the user is routed to a "catchall" page
See below for step-by-step instructions and links
Step by Step instructions
The simplest way to create a secure PDF for offline use using the Drumlin Publisher software is first: Download, install and register the free Drumlin Publisher software. Then follow the steps below to produce a secure PDF. Secure PDF files require an authorization code or document license file before they can be viewed on a given device. DrumlinPublisher will offer you a free code for testing when you create single secure PDFs. See this link for: Video demonstrations (MP4 videos) - video demonstrations of using Javelin readers and DrumlinPublisher software - not always the latest version of software but a useful guide. Now proceed to create a secure PDF file as follows:
- Run DrumlinPublisher, login and select a test PDF on your PC for secure publishing. We recommend you select our .DRMZ file format for most purposes ((this is the default) - also, use the SAVE SETTINGS button to save your preferred settings for secure publishing. Then use the other form tabs to set the options you would like to use as controls (e.g. View=unlimited, Print=Disabled, End date=31st December 2030 or "no end date", add an intelligent watermark), save your settings, and then press the Create Secure PDFs button. You need to have an active Internet connection at this stage
- DrumlinPublisher then sends control information (NOT THE PDF FILE ITSELF) to our DRM server. This includes the information necessary to identify your file as belonging to you (including the file name, your details and the permission controls you have applied) together with other security information. This information is stored on our DRM server. At the same time your PDF file is encrypted locally on your PC and protected by our security framework and this version is saved on your PC in your chosen location with the file extension .DRMZ or .DRMX. Your original PDF file remains unchanged. A test authorization code is automatically sent to you when you generate a single secure file at a time (not for multiple files) so you can check your file using our free Javelin PDF readers, as if you were an end user - select YES to save the free test code to a local text file. If you use Drumlin Publisher to create multiple secure PDFs in one go then no test code is provided. Ask us if you would like additional codes for test documents. Always TEST your secured file using Javelin3 for Windows (and optionally other platforms) before issuing it to end users. All Javelin readers can view PDF and DRMZ files but only the Windows and Mac versions can view DRMX files
- Once you have created your secure file, which will typically have a .DRMZ extension, you do not need to generate it again for each customer - the same file can be sent to all end users/customers. If you want individually personalized files sent to each user (e.g. from a list) there is a special "Personalization" option specifically for this
- You can now send the DRMX or DRMZ version of your PDF file to anyone you wish or place it on a web site for downloading. DRMZ and DRMX files are secure and cannot be used/read without Javelin plus a valid and available authorization code or license file for that specific secured PDF
- To make the file readable on a target device the user needs a copy of our Javelin PDF reader and an authorization code, which you will provide. Normally codes can only be used once, but you can ask for/generate a set of codes that can be used 2 times or more (up to 5 by default) if you wish - we can also enable you to be able to create special codes with larger number of usages. For subscription service customers the Codes option in DrumlinPublisher is available and enables publishers to create their own authorization codes (typically from 5 to 50 at a time per document), without having to contact us. DrumlinPublisher also provides code reset, tracking and reporting functions
- Sample email templates: https://www.drmz.net/email-templates/email.htm - a "universal" web-page based set of instructions for installing Javelin and downloading secure PDFs, with separate versions for each main operating system. See below for guidance on emailing files to end users
- Your customer, the end user, will need to know what to do in order to read your secured PDF. Typically you will send them an email, with simple instructions, possibly linked to a web page as described above. In most cases your email will also include an authorization code for them to use. Your customer now has the software installed and registered, your DRMX or DRMZ file, and an authorization code from you for that document. As noted above, you can provide this by email or automatically via your online service (e.g. using your own shopping cart system or a PHP product like Linklok from Vibralogix), or via a commercial service such as Fetchapp, Getdpd, SendOwl, PayLoadz or SoftSeller. The end customer opens the file and enters the authorization code they have been given when prompted. The code is checked centrally to ensure it matches the document ID and is a valid and unused/available code, and if so, exchanges information with the end user's PC/Mac/iOS or Android device to enable the DRMX or DRMZ file to be viewed. Note that authorization codes are simply look-up codes, and do not have any encryption/decryption function
- A test/sample page illustrating the automated delivery facility for Android devices is provided here
Emailing with attached secure files
If you were just emailing a secured document to a small number of clients or end users you might wish to send the secured version of the PDF as an attachment. In this case the following instructions work well, but apply for desktop/laptops rather than mobile devices. For full cross-platform instructions we strongly recommend using our automated "CATALOG" facility, which is described in more detail in the Catalog guide on our Documentation page. We can create catalogs for you, host them and your secured files on our servers, plus provide you with model email instructions if required.
Sample email for file attachments: To use this file on your PC or Mac please follow the three steps below:
1. Save the attached file to your DOCUMENTS folder
2. Download Javelin3 (for PC or Mac) from our : downloads page and install it as per the web page guidance (this only needs to be the very first time you use the system)
3. Run Javelin3, select the File menu, Open… option and open the file you have saved. It will ask for a code. Copy/paste or type in the code: xxxxxxxxx (typically 9 characters, no space on the end of it) into the field when prompted and press OK. The code will be checked over the internet and if OK, will allow you to view the document (this only needs to be the very first time you authorize the file)
If you have a corporate firewall that blocks access to or from our authorization server, try the Web Authorization option on the Windows PC Javelin3 reader, or let us know and we will explain how to resolve this problem.