Can someone explain other doc security options? How does the DRM feature work and it it iron clad? Does the recipient need to be on the internet whenever they want to view the doc? How much does it cost?
What are the benefits to using LiveCycle? What else can it do that's not available in Acrobat?
I have read posts on this web site concerning LiveCycle. Does this feature have more or better security measures? What it sounds like to me is, it's not for Mac's. Although, I have the PC version of Acrobat at work but cannot install it on the company's computer due to the previous employee set a admin password and never told it to the boss.
What I am trying to accomplish is - sure, to let people view my doc. But, not intrude Javascript coding or alter it and shanghi my work and make it their own. So, I would like to find out as much as I can about Security measures. Regardless, if it's more Javascripting or DRM or LiveCycle or whatever. If you have some input, let me know. Thanks folks.
LiveCycle DRM is controlled by a policy server sitting on the Internet - it shares a name with LiveCycle Designer in the Windows version of Acrobat Pro, but that is all. You apply LCDRM to a file using either the server web interface or using Adobe Acrobat (see later), and LC Designer has *nothing* to do with it.
All DRM relies on every user having at least initial Web access, so the document can check with the server what it's allowed to do and what the real date and time are. Each document is given a "policy" which defines:
- what permissions the user has (can you print, copy, comment, etc.)
- when or if the document expires (after that point it will not open)
- how long the document can wait between server calls (the "offline access" period, OAP)
- what auditing is applied.
- what named recipients can open the file (or can everyone)
If for example a file is set to expire in 90 days and has an OAP of 20 days, a user must connect to the DRM server when they first open the document, and then again once every 20 days. If they stay offline for 21 days, the file will stop opening until it's re-checked.
LCDRM encrypts the document using a hash which is only known to Adobe, so it is effectively uncrackable (we know of no case where a LCDRM file has been broken in the wild via key discovery). This means the file only opens on Adobe Reader and Adobe Acrobat, but there are no issues with the user having to enable scripting and no way to bypass it.
As the document author you can audit actions (the server is told each time a user opens, prints, etc.) but this tends to be used only when the policy specifies named users on the access list, otherwise the logs will just fill with pages of "anonymous did this..." entries. You can also revoke access at any time, though users will only find out when they reconnect so this is subject to a sensible OAP. You can specify a replacement file during the revocation, and users will be prompted to download it.
If a policy is "anonymous" users will ping the server when they open the file, but that will be all (they'll see a popup message but don't need to enter any credentials). If the policy uses named recipients, they will be prompted to log in to the server via a dialog in Acrobat or Reader (and so must have an account on it first).
Applying LCDRM via Acrobat is done via the usual protection dialogs; once you have entered the URL and login details for your policy server in the security settings preferences, the policies on the server appear on the favorites list along with all the usual password and certificate-based ones. The files themselves don't have to be uploaded to the server, but they can be if you're using LC as a document management system too.
The one thing I can't discuss is price, as "it depends". LiveCycle is an enterprise solution, and the DRM module is usually sold as part of a larger bundle (handling forms, CMS, etc) - of course as a server product it can be very expensive, but prices and support costs depend on your individual requirements. You'd have to talk to an Adobe sales rep to get a quote, but don't be surprised when it moves into five digits.
You can TRY the policy server DRM system for free using Adobe Document Center, but this free trial cannot be used to protect documents where the document itself is a commercial product (magazine subscriptions, eBooks, etc.) and there are no guarantees how long it'll stay open. Using named recipients is not as easy as they'd all have to register for the trial first (you have no server admin tools to create accounts for them) but the anonymous policies work as normal. To install the ADC settings into Acrobat, download the FDF file from the help section and open it in Acrobat (works in all versions). That will add ADC's URL to the Acrobat preferences, then you as the document author just need to log in when you apply the protection. You can send yourself files, expire them, watch the activity monitor, etc. (and try to crack them - but I guarantee you won't!)