PDF Protection Overview

20.06.2014

About PDF

PDF (Portable Document Format) is a standard format of text and graphic documents for storing and distribution. Unlike other popular formats (.txt, .rtf, .doc, etc.) PDF has a number of important benefits.

And the first one is its self-sufficiency that makes it to look the same on different devices. Its view does not depend on fonts and other features that this computer has at the moment. Especially it’s important for the document aimed to be printed: on the paper and on the screen a PDF document must look the same.

This and some other features of PDF (small size, scalability) made this format a standard for documents of different purposes: books, magazines, reports, forms. People prefer PDF to share and store them.

PDF has become popular in business that is why the question about its safety and access control is crucial. Moreover it does not matter what purpose a PDF document has. It can be a product to sell among mass audience (e-book, marketing report) or an inner document with a classified status to be used inside the company.

Common approach to PDF protection

PDF has some inbuilt means of security but they are simple and support the following options:

  • Protect a PDF document with a password.
  • Restrict opportunities to print and copy of the PDF document content (can be canceled if you know a password).
  • Protect a PDF document against unauthorized changing with a digital signature.

But the means mentioned above have serious weaknesses. Firstly it is a good awareness of used technologies that results in many programs (free or pay) to remove all these restrictions in a few mouse clicks. Secondly it is not suitable for access control – you don’t know how and where the protected PDF document is used.

If built-in mechanisms do not work properly we can take something developed by third party. Here are three main approaches:

  1. Nonstandard use of inbuilt means of PDF format. Though PDF is designed for storing and sharing static text and graphic information as well it supports interactivity. This way scripts written on javascript language can work. It can help to create an additional layer of security for file protection without attracting third party components. It’s a very elegant solution because it does not depend on the platform where the protected document is opened. But still it has is not ideal because many users just switch off the support of javascript because of security concerns. The number of accidents when javascript in PDF documents is used to insert a virus is growing day by day. The other weakness is poor protection of security code and lack of functions. Javascript is a high level script language to develop plain text programs. Even with obfuscation it is easy to analyze it and bypass the security mechanisms. And a number of functions that can be realized with javascript is too small.

  2. Use of plugin mechanisms for existed viewer programs. Standard Adobe PDF Reader supports plugin technology. It is an opportunity to increase its functionality by using external modules. Protection of PDF file can be performed with help of such a module. When the protected document is opened this module carries out necessary verifications, restrictions and other functions. Though the second approach is more flexible that the first one but it still has some weaknesses. The main disadvantage is its ‘binding’ to a definite viewer program and the platforms that the viewer is run on. So it is necessary to develop a separate plugin for every viewer. And the worst thing is connected with mobile devices – they don’t support this technology at all. Speaking about hacker resistance it is not very reliable. Though the plugin can be well protected against analyzes and modification still there is a weak point – the viewer program itself. Usually it is not protected and that is why it is easy to intercept valuable information outside the plugin.

  3. Development of one’s own viewer program for PDF documents with all necessary protection mechanisms. It’s obvious that this approach is the most expensive. But it gives the maximum control over PDF documents and security level. In some cases, e.g. for mobile platforms it is the only one available variant. Developers here have two main targets: to provide high security level together with user friendly interface for comfort work.

Features Inbuilt means of PDF Plugin Own viewer program

Security level

Low

Medium

High

Functionality

Restricted

Medium

Not limited

Compatibility

Medium

Low

Not limited

Development efforts

Medium

Medium

High

StarForce uses the third approach – the development of one’s own viewer program for high level protection and user comfort. The protection system is based on three main components:

  1. Converting the file into the format that can’t be opened with standard programs. That is why after protection the PDF file can be uploaded on the site for public access or can be shared on any media.

  2. Providing a reader a serial number for PDF file activation. During activation the protected PDF file is bound to the user’s device to prevent its illegal copying and distribution.

  3. Activation control from the personal account online.

At the moment StarForce viewer program is provided in one folder with a protected document. For more details please visit FAQ.