File Distribution

From Drumlin Security Wiki
Jump to navigation Jump to search

Distribution of PDF and Secured PDF files

With web-based PDF display it is usually the case that the PDFs are displayed on-the-fly, i.e. dynamically converted to HTML5, and the online viewers typically permit the source PDF file to be downloaded by the end user. With protected PDF display the download option is removed, and for selected services (e.g. Drumlin's Webdoxx services) the source PDF is not stored on the server, but is deleted as soon as an HTML5 fileset representing the source PDF has been generated. The pre-generated content is then displayed to the end user, which is significantly faster and more secure. In such cases, there is no distribution of the PDF files, which simplifies the service delivery. However, it does require the end user to have continual access to the internet, and includes some limitations (for example, printing should never be enabled as it cannot be made secure).

Distributing secured (encrypted) files to end users for local/offline use presents a more significant challenge. If the end user's device is provided by the service supplier and is registered to a specific user, delivery can be simplified considerably, by automating the process entirely. This is essentially how Amazon's Kindle ebook delivery service works. To use the service the end user must have a least one registered physical Kindle device from Amazon, which acts as the reference device for that user.

With generic devices, like PCs, Macbooks, tablet devices and mobile phones, direct downloads via a web link or using attachments to emails, can result in considerable end user issues. The direct download and file attachment method of secure file distribution can work reasonably well for PC and Mac users, as they are familiar with downloading and saving files, and hopefully are aware of the difference between permanently downloaded files and temp files. However, scope for confusion remains, particular with less-IT savvy users. The problems are significantly greater for mobile device users, as detailed knowledge of how and where files are downloaded is far less common. For standard PDFs the downloading is usually straightforward, and most end users are able to open such files without worrying about where they are stored. With DRM-protected files that require specialist reader software, special arrangements are needed. And because broadly consistent guidance is needed for cross-platform file distribution, approaches applied for successful distribution to mobile devices should also be available in a similar manner for desktop/laptop users. There are two main mechanisms for achieving this:

  • providing a built-in file downloader within the end user app, and
  • providing a feature that downloads and saves the secured files automatically, without the end user being aware where the files are downloaded from or saved to on the local device

Javelin readers from Drumlin Security provide for both options. In the built-in downloader (provided on the Home page of all Javelin apps) there is a download field, and if a valid (standard) URL is entered into the field, the relevant file will be downloaded and saved to the Home page of the app. The format of the URL entered must meet the following requirements (generic file distribution services like Google Drive, Mac Cloud, WeTransfer not conform to these specifications):

  • URL names must be correct when used in the address field of a standard browser - where the URL contains spaces or other special characters, always enter them into a web browser address field first, check the downloading works as expected, and then copy/paste the browser-amended URL as the URL to be used - we recommend using short URLs, all in lower case, with no spaces, where possible, in order to make it as simple as possible for end users to type in if they need to (i.e. rather than copy/paste)
  • the secured PDF filename should have the correct file extension - acceptable extensions are: .drmz, .drmx, .xml and .zip, where the .xml and .zip extensions refer to files formatted as "catalogs" (see further below). Note that hosted drmz and drmx files will require the hosting service to identify these filetypes as having a mimetype: application/octet-stream
  • When a .xml or .zip catalog file is downloaded, the catalog will appear on the app home screen or local catalog file list, and its entries will provide the automated links required to download and save the secured PDF files (.drmz or .drmx files) without further user action other than clicking on the item or touching the item cover in the downloaded catalog. An example top=level catalog (built into the Javelin3 readers) is illustrated below - this built-in catalog can be updated remotely to include catalog for subscribing publishers, enabling file distribution for many files without any end-user awareness of where the files are stored or saved:

Javelin3 for Windows sample main catalog

Details of Drumlin's catalog system is provided in the Drumlin Catalogs PDF guide.