Rights Management supports the ability for users to view a policy protected document offline while still enforcing the policy the policy "permissions" (i.e. Content Copying - Not allowed).
The ability to view a document "offline" is a permission that can be assigned to each user or group when a policy is defined. By default the "offline" permission is granted to users.
Check out this post for more detail about the "offline" capability: http://forums.adobe.com/message/3385642#3385642
Correct me if my understanding is wrong.
A corresponding Principal Key is required to decrypt the document key which in turn decrypt the document itself.
In order to download the corresponding principal key onto the client machine which is then stored into the microsafe, user will be required to invoke the "Synchronize for offline” from Adobe Reader or Acrobat to establish a connection with the Rights Management Server to perform the download.
The client machine is required to have direct connection to the Rights Management Server to establish the link.
However for my case, the client machine is not able to access the network where Rights Management Server is hosted in. So downloading of the corresponding pincipal key will not be possible.
Is there another way to apply the 'Content Copying - Not allowed' permission?
Without using Rights Management?
1 person found this helpful
You are correct in your understanding. Just to clarify one point though, the client machine does require the "Principal" key be downloaded from the RM server and "Synchronize for offline" is one way to get the key. In addition to this, when a user "authenticates" to the RM server to open a policy protected document, a "synchronization" occurs in the background and if there are "new" principal keys for other policies they will be downloaded even if they are not reklated to the document the user is currently accessing.
Now, in addition to Rights Management, Adobe has two other "encryption" options.
You could password protect the document to prevent "content copying", but this is not a very secure option, password protection is easily cracked, there is no user authentication, and third party PDF viewers may not respect\enforce the password protection.
Another option, which is very secure is to use the "Encrypt with certificates" option, where the PDF is encrypted for a user based on the users x509 certificate (public key). The user then uses their corresponding private key to authenticate themselves and view the document. Encrypt with certificates allows you to enforce authentication and you can allow\deny the same "permissions" that you can with RM protection. There is no requirement for a server, but the "certificate management" (certificate creation\provisioning\revocation) capability requires a PKI. Also, the user will need to have their private key available to open the document.
Hope this helps.