 |  | Products -> Lizard Protector Web Content Security -> FAQs |  |
 | |
| |
HTML PROTECTION FAQS - PROTECT HTML WITHOUT PASSWORDS
How does Lizard Protector Web Content Security differ from straight file encryption products?
Whilst file encryption products information protection whilst it is in transit or when stored on disk, they do not provide protection for the entire lifecycle of the information in a file. Once a file reaches a recipient, the protection is lost (the recipient decrypts the file), and the file can be forwarded, copied and viewed by unauthorized recipients. In addition, encryption products do not provide controls over file access rights - what a user can or cannot do with the file (print control, etc.) or file expiry.
LockLizard Protector Web Content Security dynamically protects files inside and outside the network, online and offline, with strong encryption and digital rights management controls (document expiry and access rights), to provide persistent end-to-end protection throughout a product's lifecycle.
How does Lizard Protector Web Content Security differ from html security products?
There are a lot of html security products on the market that claim to protect your html source code from being stolen and the displayed web page (text, images, etc.) from being copied.
Whilst these products appear to work on the surface they are easy to circumvent, since it is a simple matter of going to your browsers temporary file area and viewing the unprotected file and source. Even products that claim to prevent temporary files do not - that is how the browser works. These 'html security' products actually deliver the decryption key as part of the 'protected' file and use javascript to tell the browser how to decrypt the page. It does not take the brain of a rocket scientist to work out they are highly insecure.
Even if users don't bother looking at their temporary files to obtain all of your unprotected content, they can use screen grabber applications to take screen shots of your 'protected' content. Some products, whilst they prevent right-clicking on content to prevent copy and paste, fail to disable the file menu options to prevent copying and pasting through that method. But none of it really matters since the unprotected files are always viewable in the browsers temp area. What you are purchasing is a false sense of security.
LockLizard Protector Web Content Security only ever decrypts protected content to memory - there are no temporary files. Decryption keys are only ever delivered to authorized users via a secure mechanism and stored encrypted in a keystore that is locked to individual users computers.
How secure is LockLizard Protector?
LockLizard Protector uses US Government strength encryption - the AES algorithm at it's strongest strength, 256 bit. It would currently take todays fastest computer approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. Even with expected future advances in technology, AES has the potential to remain secure well beyond twenty years. For more information on AES please see NIST's AES fact sheet.
In addition, we don't use third party plug-ins to control your protected web content. This ensures we are not open to weaknesses in the published APIs or security holes in third party applications and cannot be compromised by the inadequacies of other plugins that could be loaded.
Protected web content is only decrypted for viewing in a secure, controlled environment, and is never made accessible unprotected. If a customer does not have a license they cannot view your protected information.
Is your application open to password attacks like password based products?
No. The keys required to decrypt protected web content are stored encrypted on the user's computer. There are no passwords to enter and therefore the system is not open to compromise or password attacks. An attacker is faced with a brute force attack of such a significant difficulty that they would need more than 20 years to gain access to a single product. It would be cheaper and quicker for them to photograph every viewable screen of your protected web content.
There are no passwords for users to enter, manage, forget or pass on to others.
Can I tell unauthorized people where to buy a license from automatically?
Yes. When you protect web content you can add a free format text message to it or have users navigated to a specific URL on your web site. You might want to enter information on how to purchase if you are selling products or give details on contacting your administrator if the system is used for internal information control.
This text / URL is shown when a customer opens unlicensed web content. The text is also visible at the top of each page and is visible if they try to open your protected files with a text editor or a similar application such as Notepad or MS-Word.
Can users change my security settings?
No. Once security settings have been applied to your web content they cannot be changed by anyone except yourself. The settings become part of each file and remain in force at all times, even when your customers are viewing your protected web content off-line (i.e. they are not connected to the Internet and server controls do not apply).
If you as the publisher want to issue the same content with different security settings (copying, printing, etc.) then you just save and protect the content again with the new settings. You can then send this newly protected content to your customers.
What is a product?
A product can be a single file, or multiple files that make up a document, web site, training course, etc. Web content is protected as a product and multiple products can be grouped into publications for simpler content management.
How can I control web content expiration & revocation once web content has been published?
Post publication content control is maintained through the use of expiry dates and the ability to revoke access to content or a user. For example, you can publish content that will expire in a month's time, so that users will not be able to view it once the expiration date has passed. Or, you can automatically revoke a user if they leave a project, department or company or fail to maintain payments for a subscription.
Note that you can only impose new controls if you require the user to verify their license with the administration server regularly.
Why would I want to set users to expire rather than protected web content?
The system is flexible so you can do both.
You may want users to expire rather than web content. This is because if a customer has subscribed to your service for a year then they are entitled to carry on viewing content they purchased after their subscription has expired. The administration system prevents them from viewing protected content with dates outside their subscription period.
On the other hand, you may want to issue your customers or prospects with time sensitive trials or samples of your content because you do not want them to carry on viewing protected content that has passed it's expiration date. In this case once the expiry date has been reached the protected content is no longer viewable unless they purchase a full copy from you.
We want to give prospects / customers free 30 day trials of our information. Is this possible?
Yes. When you protect web content you can specify how long it will be before it expires - e.g. 30 days, 1 year, etc. When a user registers they can then view your protected content for the time period you have allocated. Once this time period is reached either the protected content will expire (if the content expires, it can no longer be viewed) and they will need to come back to you for a license to continue viewing the protected content.
You can also set user accounts to expire (say after a 30 day period). The difference here is that any protected content published during their subscription period (with end dates after their subscription expires) that you have authorized them to view can still be viewed after their subscription period has expired - they just won't be able to view any protected content published before or after their subscription period unless they come back to you for a license.
So to summarize you can either expire protected web content (and it is no longer viewable once it expires) or you can expire users (and they can continue to view the content that they were authorized to view during their subscription period). Of course, if you have forced users to connect to the administration server before they can view your protected content then you can instantly suspend their account and this prevents them from viewing your protected web content.
Please remember that for these controls to be effective you must require the user to verify their license regularly with the administration server.
Can users distribute protected my protected web content to others?
No. They can send other people your protected content but other users will not be able to view it unless they have purchased a license and registered with you. For this reason, protected web content can be freely copied and distributed, emailed or published on the Internet without any unauthorized individual being able to access the protected content.
In addition, even existing users/customers cannot necessarily view your protected content. You decide which users have access to your protected web content.
You can assign products (a collection of web content that say makes up a single training course) to publications for simpler management so specific users can view all products assigned to a particular publication (all products in that publication are encrypted using the same key) or you can publish products on their own (where each product is encrypted using an unique key). If users have not been licensed with the correct keys then they cannot view your information.
Do users have to be connected to the Internet in order to view my protected web content?
No. You can allow protected web content to be viewed off-line.
All content controls (preventing copying, printing, etc.) are retained within each file that makes up your protected web content and therefore no Internet connection is required to enforce controls. Be aware that an initial connection to the Internet is required to validate the user license and to obtain the appropriate decryption key(s) when users view your protected content for the first time.
Be aware that if users do not have to connect to the administration server to verify their license details you cannot impose changes to your controls.
Where can I publish my protected web content?
You can publish your protected web content to your web site, on CD-ROM, memory stick, or send them it by email just like any other files.
Is there a limit to the amount of content I can protect or users that can view my protected web content?
No. You can protect as much content (files) as you want at no extra charge. There is no limit on the number of users you can add to the system, and the secure viewer software they download is totally free of charge.
Can I add existing users to future protected content or publications?
Yes. It is a simple matter of assigning the new content or publication to existing users.
Do you host my secure web content on your server?
No. You host it on your server, web site or network, or you can send it by email just like any other file.
What we host is the licensing system where you can issue users with licenses and control who can access your protected content. We never see either your unprotected files or the protected ones – they remain in your control at all times.
What software do my customers need on their computers in order to view my protected web content?
They need to download and install our free viewer software – LockLizard Protector Secure Viewer. The viewer software can be freely distributed and published on your own web site if you wish to offer your customers that facility.
In addition, you need to set users up with an account on the administration / licensing server so it can email them their license file. The registration of the license gives them access to the protected content you have licensed them to use.
What happens when my customers change or update their computers?
Upgrading Computers
LockLizard Protector Web Content Security can be re-installed on the same computer without you having to issue users with additional licenses. When a user re-registers with their license, the viewer software checks with the administration server to see if it is the same computer the software was originally registered on, and if so, lets the license be re-used. So if users re-install their operating system for whatever reason they can re-install the viewer software and continue using your protected web content as before.
Changing Computers
If your users change computers then you will need to allocate them an additional license so they can install the secure viewer software and register with you again. Additional licenses can be added to an existing user account.
HTML protection - protect html without passwords. Strong html protection with DRM controls. Protect web content - html, images and flash - without using a password. | |
| |
