Authentica Strengthens DRM

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Traditionally, digital rights management controls on documents have been embedded in the documents themselves, making them very portable but also making it difficult to change these rights. Using server- and client-based DRM capabilities, Authentica Inc.s PageRecall 3.1 makes it possible to apply detailed access rights to documents and to change or revoke them at any time.

In eWEEK Labs tests, PageRecall proved a capable and simple-to-deploy DRM system for portable documents, allowing us to protect and safely distribute documents in no time. However, the product also has several limitations that could make it less attractive to many companies.

PageRecall works only with documents created in Adobe Systems Inc.s Acrobat PDF format. In addition, both the DRM authoring tools and the DRM client access plug-ins for PageRecall 3.1 work only on Windows systems—a significant drawback, given that a good number of PDF authors work in Macintosh environments. Mac OS clients are available for older versions of PageRecall, but if any new features are used, these clients will be unable to access the content.

Authenticas Policy Server, where DRM policies and rights are managed and to which users connect to confirm access rights, runs on Windows servers and Sun Microsystems Inc.s Solaris, although the GUI administration tools run only on Windows.

Prices for PageRecall 3.1, which includes Policy Server, start at $22,500. PageRecall 3.1 shipped in July.

Once we had Policy Server up and running, we were able to quickly create users and groups of users to which we could assign various permissions. We could create different policy templates, which was especially useful for applying DRM to different types of documents and users. Policy Server uses standard key-based encryption and certificates to protect content.

We could restrict various rights, preventing the ability to print, not allowing cutting and pasting of content, and applying expirations and time restrictions on content use.

PageRecall 3.1 includes an interesting new ability to prevent users from grabbing screen captures of documents they are viewing in Acrobat. Although this is a very useful restriction, it can be circumvented through the use of remote control applications. In addition, we were unable to turn this capability off in our rights policies.

To apply the DRM protections to content we edited or created, we had to install the PageRecall client tools to our system, which added a PageRecall menu option to our Acrobat authoring environment. Once we had finished work on a document, we simply chose Protect Document from the PageRecall menu, which brought up a wizard that stepped us through the process of applying DRM to the document.

From this wizard, we could apply any prebuilt DRM policy to the document or create our own custom policy on the fly, which was especially useful for documents that needed to be accessed only by a small number of users.

When everything was complete, a new protected version of the document was created that could be deployed to users, clients and customers. To access the document, recipients must have the PageRecall plug-ins for Acrobat, which can easily be deployed from a Web server.

Once installed, the plug-in contacts Policy Server when the user attempts to read the document. Based on the users log-in, the server returns the users access rights and makes it possible for that user to view that document. In addition to a direct log-in, PageRecall can use the Windows account so users dont have to log in to PageRecall separately.

It is also possible to define the rights so that users can take content offline. By defining offline rights, we could let a user begin a “lease” to read the content offline, and we could even define how long this would be allowed.

Without the PageRecall plug-in or the proper rights, users are unable to access the content at all. PageRecall uses strong RSA encryption to protect the content.

Technical Director Jim Rapoza can be reached at [email protected].