PDF DRM

From Drumlin Security Wiki
Jump to navigation Jump to search

Digital Rights Management (DRM)

Digital Rights Management (or DRM for short) is the term applied to the protection of digital assets using a centralized rights management service. It uses the combination of several distinct elements to provide the strongest possible protection of documents, i.e. protection against copyright theft, amendment, forwarding files and much more. DRM services not only protect documents at the point of viewing, but also provide facilities to track access and in some instances, withdraw access permission from the end user.

DRM systems fall broadly into two main classes: (i) Hardware-based solutions, which rely on identification of pre-registered hardware, typically as an eBook reader (e.g. a Kindle) or controlled generic device (e.g. an Apple iPad) in order to verify the end user, their access and permissioning; and (ii) Software-based solutions, which apply across technology platforms, i.e. that are not based on proprietary hardware but rely on the exchange of information between the user and user's device and the central DRM service to uniquely identify the identity of the target recipient of the secured PDF file. Examples include our own "Offline" PDF security service. Note that for PDF files, unlike ePUB or similar files, the hardware-based ebook vendors like Amazon, do not offer a PDF DRM service, so use of third party software and service solutions are required for PDF DRM. This includes Adobe of course, and a number of other providers including FileOpen, Vitrium and Drumlin Security. A number of these providers offer cross-platform solutions, whilst others offer solutions that are both cross platform and cross document type. Because hardware-based DRM services do not support PDF files, software solutions are required. In general this involves using a special PDF reader, e.g. Digital Editions from Adobe or Javelin from Drumlin Security, to open a specially encrypted PDF file.

Software DRM solutions can also be separated into two distinct types - those that are based on use of some form of code string for authorization of access to a specific document, and those based on license files and/or online access by pre-registered users. In the former case there is no requirement for users to be registered, so no user management system is imposed on the implementation and management of the service. In the latter case all users must be registered with the central DRM service before they can be enabled to view specific documents. This latter requirement has the advantage that it provides a high level of access control, with the option to disable a document and/or user under specific circumstances. However, it has the disadvantage that the entire system has to be managed, which can impose a substantial overhead on organizations. For this reason it is best applied in cases where PDF documents are distributed intra-corporately, although it can be applied for extra-corporate PDF distribution when applied carefully (e.g. for well-defined closed user groups). It is not really suitable for eBook sales and similar low overhead/low margin applications, nor for smaller organizations where the cost of managing such a service and possibly providing DRM service integration, can be high.

Some PDF DRM providers, including ourselves, offer both options, i.e. code-based and license based. The standard service is code based, this being inexpensive and very quick and simple to implement, ideally suited to small-medium sized organizations and for ecommerce applications. For larger organizations, with more complex requirements, the license-based approach may be more suitable.

A rather different approach to PDF security is possible, based on delivery of content via a web browser, with or without user access controls (i.e. user login with tracking of this activity). With this model users access the PDF via a standard web browser (typically an HTML5 compliant browser, which most are nowadays) and view the pages online rather than offline. The advantages of this approach are that (i) no special software download and install is required; (ii) no document distribution is required; and (iii) the service is highly scalable with minimal management support required. The disadvantages are that the document must be read online, which means continuous access online is needed; the quality of display, speed of display, and overall functionality is typically not as good as offline usage (although this is improving year-by-year); and security is lower because the software being used to view the files is just a web browser over which the service provider has no control. Solutions of this type can be based on dynamically generated PDF display using HTML5 and pre-generated HTML5 display (which can be faster and provides very good quality), or pure HTML display using page images (effective but poorer quality and can be relatively slow).

For general information about Online (HTML5-based) PDF security services, please see our Online Services page.

For more information about DRM systems see the Wikipedia DRM page