 |  | Products -> Our technology |  |
 | |
| |
LockLizard do not use a single technology in order to provide the DRM management controls that allow you to enforce the license controls that you determine. Rather, we harness a range of technologies in order to achieve the features and functions that you expect from us. The technologies we use are described below.
DIGITAL RIGHTS MANAGEMENT (DRM) CONTROLS
In the digital world you need the ability to control what can be done with digitized information once it goes outside your personal control. DRM controls set out to control critical questions in regard to the type of document or file you are using. LockLizard products use the strength of encryption to support the ability to rigorously enforce available DRM controls that determine:
- when a document or file can be viewed
- how long a document or file can be viewed for
- whether printing is allowed and if so how many times
- whether information can be copied and used in other applications
If an authorized user has lost their rights (perhaps they have not paid or, perhaps they have left the organization) then it must be possible to cease their access to information, and this is what our products support.
DOCUMENT WATERMARKING
LockLizard products support both dynamic and static watermarks to discourage copying of documents.
Dynamic watermarks may be used as a form of copy preventing, because the individual allowing the watermarked document to be copied is also associating their own identity with it, and they most likely do not want to be identified as the source of copied materials.
User applied to viewed and/or printed documents. Publishers only have to protect a document once as the viewer software dynamically applies the correct user and system information.
Static watermarks may also be used for copy preventing. In this approach, a diffraction pattern (sometimes referred to as a Moire fringe pattern) is used. Whilst the human eye is subtle enough to be able to ignore the pattern, mechanical devices such as scanners and photocopiers become confused by the presence of the pattern and produce substandard copies or cannot convert the graphic scanned image back into text accurately.
GOVERNMENT STRENGTH ENCRYPTION
Underpinning everything is our use of encryption technology. We use what is regarded (by the US government) as the strongest publicly available encryption algorithm, AES, with its strongest key setting of 256 bits to protect your information.
The AES (formerly Rijndael) encryption algorithm, is approved by the US National Institute for Standards and Technology as the winner of an international competition judged by the US National Security Agency - “NIST is pleased to announce the approval of the Federal Information Processing Standard (FIPS) for the Advanced Encryption Standard, FIPS-197. This standard specifies Rijndael as a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.”
Locklizard use US encryption to protect your pdf documents, software programs, web content, ebooks, and files, and to ensure that license controls are applied to users or customers down to individual desktop level.
LICENSE CONTROL
We provide a granular series of mechanisms that provide you with sophisticated controls to be implemented over protected documents. By using an online Administration system (a permissions server) we provide IPR owners with the ability to control the number of times documents are printed, the number of times documents are viewed, stopping viewing after a ‘use-by’ date and verifying that the recipient is still in good standing (is still entitled to make licensed use of the protected information they have access to).
License authorizations are encoded uniquely to the individual desktop. We do this using a unique reference number for each desktop. An exchange of encrypted information takes place between the administration service and the user's desktop when they register their right to a document, product or a publication. The policies for that user and document / product / publication are then enforced by reference to information contained in the encrypted files that they have received. There are no passwords to issue, manage or forget for document transfer or use.
Linking user policy to a specific desktop prevents a user from transferring their rights to any other desktop, and thus prevents users from giving others access to information, even if they copy their hard drive bit for bit onto another machine.
User initial registration must take place on-line, and license codes are tracked uniquely giving feedback to the publisher if there is any attempt to register multiple times or to different locations.
We do not breach user confidentiality (unlike many tracking systems that may be the subject to action by the European Commission or EC states for breaching their Data Protection legislation) and do not invade user privacy. Publishers may use tracking to indicate users / customers who appear to be acting in breach of their license agreements.
NO USE OF TEMPORARY FILES
We do not use temporary files that may be processed later, or files that are ‘hidden’ from the operating system.
We inhibit third party products from creating and using temporary files that may leave unprotected copies of the publisher's original file on the computer. Unfortunately, many commonly used programs compromise the level of security that our customers are entitled to expect. We therefore provide free proprietary viewers that allow files to be viewed without creating uncontrolled copies.
NO PASSWORD MECHANISMS
Many providers offer simplistic password protection systems in support of their products. Passwords have been, of course, the black hole of too many security systems and are known to be a flawed security technique. They are difficult to make crack proof (the Internet is stuffed full of password cracker systems) and it is almost impossible to prevent users from passing on their passwords to 'friends and family' as often as they want. The only secure solution is one where the user never has contact with the encryption key.
LockLizard does not provide a password based control because :
- they are too difficult to manage;
- they are too easy to crack, because users cannot cope with long and complex character based strings;
- users can give their passwords to others
LockLizard supports a secret key exchange between our (or your) administration system and the user. What we actually do is to transfer decryption keys (64 character random passwords that cannot be guessed) without the end user having any possibility of gaining access to that information. Users cannot gain access to the key because it is hidden in an encrypted keystore on their computer, so they cannot pass it on. If they try to pass on their license file, the administration server will refuse to allow the license file to be used again, unless you, the publisher, authorize the situation.
So the LockLizard approach is fundamentally more secure than any password based system, and you should put into serious question any approach that recommends the use of passwords.
NO PLUG-IN VULNERABILITIES
We do not use plug-ins to other applications for several reasons. It is well known that plug-ins may act in conflict with each other, and that other plug-ins may be used to compromize security solutions plug-ins. Also, the applications being plugged into were not designed to operate in a secure manner, and it is not possible, as a plug-in, to control what the application can do, so any ability to compromise the application will also compromise the security.
LockLizard security cannot be compromised by plug-ins because we prevent all plug-ins from being loaded so that no vulnerabilities can be introduced.
Please read PDF Security Plug-ins for further information.
See also PDF Security News for a list of poor implementation vulnerabilities.
PROPRIETARY SECURITY MECHANISMS
We use proprietary methods to prevent users printing to devices that do not identify themselves as real, physical printers, in order to resist copying through multiple printings. Also, where printing is permitted, we provide sophisticated watermarking technology in order to identify the person/organization if they attempt to circulate documents that they have been authorized to print for their own (personal and private) study.
We also use proprietary methods in order to prevent PC screen grabbers from being able to locate the information that is being shown on the screen, preventing users from readily copying what is on the screen.
SIMPLICITY OF USE
A critical feature of the LockLizard products is ease of use. A great many DRM products require you to have, or to create, administrative structures for your internal staff, or require you to issue passwords, or, worse still, PKI credentials to both staff and customers before you can use them. Our products can be used ‘out of the box’ to protect files. The writer / administrator programs step you through the controls that you have to apply, so the process is both simple and transparent.
No administration system to build or pre-configure
Our products require no prior setup to become operational. The administrative system is already pre-built and the normal operational functionality provided – whether your hosting is on LockLizard or on your own server. There are no scripts to write or services to configure - you are up and running instantly.
No PKI system to develop or implement
Our products use PKI for their operations, but do not require you or your users to implement servers or purchase keys from public authorities. Public key cryptography is used to ensure that encryption keys are securely transferred between the publisher and the administration system, and from there to authorized users, so they cannot be intercepted during transmission. On the user desktop they are held encrypted so that the user cannot compromise the system. So you have all the power of PKI with none of the complexity.
No cryptographic administration
You do not get involved in administering the cryptography that underpins the security of the system. There are no document IDs to manage or key structures to figure out. You can decide to make ad-hoc arrangements at any time and the Administration system will enforce whatever decision you make. You can change your mind, and, provided you have required frequent license checking, you can enforce new administration controls and constraints regardless of previous decisions. You decide who are recipients (users/customers), what they are entitled to see, and what they are entitled to do, as you add users to your system.
Choose individual documents, products, or publications
Whilst you can publish all your material as individual documents or products, for some publishers it is much easier to supply their customers with continuing services. Our Administration system allows you to implement a further level of simplification: the Publication. Publications allow you to define an associated group of documents or products that are related (one issue or edition in a subscription service or one element in a training program). They mean that you can sell your customers a subscription service. When customers purchase (or staff are granted) your IPR for a period of time, then anything you deliver during that period is their to access. But once outside that time they cannot see any new products unless you extend their license.
LockLizard DRM technology. Digital rights management technologies with DRM copy protection, prevention and control. DRM technology with copy protection, copy prevention, encryption, and copy control - no temporary files, passwords or plug-ins. | |
| | |
Digital Rights Management controls
