I have a situation where I need to periodically deliver a set of PDFs to various remote clients with which I have no relationship other than that they have purchased this training material. Since this training is charged for on a per-person basis, I do not want the material circulated among the non-paying colleagues of my clients.
So, passwords don't cut it because they can easily be shared, which then leads to some sort of simple process that makes it easy for non-tech-savvy clients to get certificates that can be used to encrypt the documents so that only the paying client base can open them.
I was thinking in terms of simply telling them to open Adobe Reader and create a self-signed certificate (while on the machine they plan to view the material on) and email me the certificate for use in PDF encryption. This was simple and seemed like it would work fine until I realized that these clients can simply open up IE, access the certificate, export it along with its private key, and then share that full public/private certificate with all their friends who have not paid for the material. So, I don't see certificate protection in this scenario as being a big improvement over password protection, since uncontrolled sharing can still take place with a few easy steps.
I'm looking for any wisdom on how I could accomplish the distribution protection in a manner that is still simple for the client to set up, but virtually impossible for them to share (like some means whereby they can create a certificate on their machine but without the means to export the private key, for example)
Any suggestions?
Doug
The only practical way to try and restrict access to a file based on an individual's identity is to secure the file using DRM - for example via Adobe LiveCycle Policy Server. However access to such a server is still normally based on their login credentials, so if they share passwords anyone can pretend to be them. The advantage of DRM is you can audit the accesses and revoke the file if it looks suspicious.
To tie to a user without DRM requires the user to have a commercially-issued digital ID in physical form (for example an RSA hardware dongle) so there can only be one person using it at a time. Of course there's nothing to stop the owner lending the key to a colleague, but that's different from distribution. Software certificates are impossible to keep unique, as a user will always be able to share the file and password. They may infringe their license agreement, but the chances of the issuer going as far as revoking it are very slim.