FileOpen Plug-in Update Available for MAC OS X

Posted by Diana Holm

We have released an updated FileOpen Plug-in for Adobe Acrobat and Reader for MAC OS X, Build 0967.   This new client implements support for the latest Adobe Acrobat/Reader. Specific improvements include:

  • Support for Adobe Acrobat Reader DC (64-bit architecture, with Broker process).
  • Modified and improved installation program.
  • Improved multi-language support.
  • Various bug fixes and other enhancements.

Note: This version supports Adobe Acrobat/Reader versions 8 through DC and 2015, and OS X versions from 10.6 through 10.11 (El Capitan), however B967 is installed only for Adobe 10 and up on OS X 10.9 and up. The installer delivers B958 for the remaining Adobe and OS X versions where B967 cannot be used.

This update replaces the MAC 0958 release from April 2015.

Accessing FileOpen-protected PDFs in a Web browser

Posted by FileOpen DRM News

The Web browser you are reading this article on is a small wonder of engineering.  Its origins can be traced back almost a quarter of a century, and is now one of 100+ available browsers serving over 360 million internet users.  With those statistics one can only imagine the rate of change when it comes to browser development.  Most of the time browser development improves user experience; making it faster, safer or more secure to surf the Web.  However, sometimes those advancements cause users to change their workflow or expectations on how a browser should behave.  In this post we are going to take a look at recent developments that affect users opening FileOpen-protected PDFs in a Web browser and how FileOpen is adapting to this change.


Say goodbye to NPAPI and ActiveX plug-ins

The presentation of PDF files in Adobe Reader within browsers has always been a somewhat odd and complex system. It works by Adobe installing a plug-in to the browser, generically the “Acrobat Helper”, which registers for the MIME type PDF and when the user clicks a link to a file of that type the helper launches or invokes the installed Adobe Acrobat/Reader program giving it the coordinates of the browser window. Acrobat/Reader then opens the PDF in an external window overlaying the window of the browser, such that the PDF appears to be displayed by the browser. When the file is encrypted using FileOpen the same thing happens with an added step of the FileOpen plug-in performing authentication and key retrieval prior to Acrobat/Reader displaying the file.

The above architecture was introduced somewhere around 1999 and has remained relatively unchanged except for some minor developments over the years. Recently, Chrome and Firefox have both deprecated NPAPI plug-ins, i.e. the mechanism by which the Adobe Helper operates, and both have integrated a native PDF viewer into the browser. It is still possible to configure Chrome to use the Adobe Acrobat/Reader as a PDF handler outside of the browser, but this advanced configuration will also be deprecated before the end of the year. Further, the new Microsoft Edge browser does not support any plug-ins, so Adobe cannot inject a mechanism to invoke Acrobat/Reader for PDFs opened in that environment (though Windows 10 also ships with IE 11, which does support Adobe integration). The bottom line is that Adobe or any other PDF Viewer that operates as a Plug-in is being excluded from the latest browser releases, and therefore FileOpen is being excluded as well. 

No, the Web isn’t going in reverse and losing features.  Instead, browsers are now supporting PDF files natively in the browser; they are just not quite there yet.  In nearly all cases this support does not include handling of complex PDF structures like forms, multimedia, or Security Handlers. So the user experience with PDF has become unpredictable, and demands system configuration, in ways that affect not only our solution, but every solution including Adobe’s own DRM. While FileOpen offers support for a number of other viewers (Foxit, Nuance, Nitro, Bluebeam, Tracker, etc.), neither we nor any other vendor can open encrypted files in the native Google Chrome, Apple Preview, Microsoft Edge or Mozilla PDF.js viewers.  We expect that this situation will only get worse over time, so alternative approaches should be considered.

Anticipating this, some years ago, we developed a set of technologies to convert PDF in real-time to renditions in Flash (.opn) or HTML5 (designed for clientless mobile delivery).  FileOpen customers are provided with a set of tools to do browser fingerprinting and detection which in combination with their defined policies, determines which format is most appropriate to the requesting user and device. Alternatively, we have added support for “encapsulation”, in which the encrypted PDF is placed into an unencrypted cover page that will display in any viewer and can be used to give the user some explanation of what needs to be configured and/or a link to the same content in one of the Web-friendly formats.


Contact us if you are interested in learning more about this functionality, or request a free trial.


Topics: Secure Document Viewer, pdf, Browser

Revoke or expire document access with FileOpen DRM

Posted by FileOpen DRM News

Today we are very much digital citizens with the world’s information at our fingertips; we are always on, operating in real-time.  The amount of data we produce is staggering.  Every time we share, copy to the cloud, re-name, edit and redistribute a file, we are scattering data. Often times this choice is made out of convenience rather than security or future data management work-load.  To put this into context, I logged into my personal Google Drive this morning.  I found sensitive and proprietary information in documents shared with me from former co-workers, bankers, lawyers and agencies that was no longer of great importance to me, but could cause significant damage if stolen, given to a competitor or otherwise abused.  While my example may not make big headlines, there is ample cause for concern.  As of this morning, there are 39,100 PDF files indexed by Google that have “not for public release” in the title.

While all of these documents may not truly be a security concern, they are just a result of one Google search,  and do indicate the magnitude of each document owner’s data sprawl; which, as a whole adds up to a serious vulnerability.   A vulnerability that can lead to lower business productivity, loss of competitive advantage, irrecoverable data loss or compliance violations; which, after all, is a fundamental responsibility of a document owner

So what can be done to address this? 

FileOpen document security and rights management solutions provide military-grade document encryption along with granular access and usage controls, enabling the document owner to share documents without giving up control. Today we will talk a little bit about core functionality within FileOpen software that allows document owners to expire file access based on predetermined usage, timeframe or date.  Additionally we will show you how to revoke document access, Mission Impossible style.   

How to revoke document access with FileOpen DRM

If the document owner determines business conditions warrant a change in who can access a FileOpen-protected document; the owner can instantly revoke a specific user’s access or access to a specific document by all users.   All changes take effect instantly.

Let’s look at an example. You send out a proprietary research to a number of people then later discover a critical error. In the meantime, that document has been edited, renamed, and saved locally to hundreds of devices. As the document owner, you can revoke access instantly with a simple tick of a checkbox. Now none of the recipients will be able to open any copy of that protected document. You can then send out an updated copy without the embarrassing error.

Here’s another example. You protect sensitive legal information in a document and send it to business partners and select staff. After a falling out, you are no longer business partners with one particular company. You can revoke access for the users in that particular company alone. All other users can still access the document without interruption.

How to Expire Documents with FileOpen DRM

In addition to instant revocation, FileOpen software can be configured to expire document access on a predetermined date, after a given timeframe or after a certain count of opens or prints.    To demonstrate, let’s look at another example.  You are preparing my company’s quarterly financials and need to distribute early drafts to a small group of staffers and outside legal counsel.  All access to this draft is to cease on October 5st, the day before earnings are made public.  You start by creating a Group within the FileOpen PermissionServer; a collection of authorized users, your protected files, and the policies that govern the usage of those files.  Within the Group you specify the permissions that will govern the usage of the documents. For this situation, you will set an absolute expiration date of October 5, 2015. 

After preparing the permissions for the Group, you add all authorized Users into the same Group through a quick pull down menu. As a side note, this step could be automated depending on your use case or workflow requirements; FileOpen integrates with existing ADS/ SSO system, eCommerce systems, enterprise file-sync-and-share or learning management tool; making it easy for administrators to centrally manage users and permissions. 

The next step is to protect the draft documents and add them to the Group.  You simply drop the source files into a watched directory on your local machine and FileOpen software does the rest. 


An encrypted version of your source document is created and placed into a corresponding Encrypted folder on your machine.   The only thing left to do is to distribute the document to the authorized Users.

On October 5th all access to the protected drafts is cut off, no matter where authorized users have stored the document.  The only way this draft can be opened after the expiration date is if/when the document owner re-enables the document from within the PermissionServer by modifying the expiration date.

Would you like to learn more?  Request a quick demo or get a free 14-day trial to test expiration and revocation for yourself.


How to Protect PDFs without Passwords

Posted by FileOpen DRM News

How many times per day do you have to remember your username and password to access an application or Web page? According to a recent TeleSign study, consumers have an average of 23 online accounts, and more avid Internet users have a much higher number.  In my own experience, as of noon today, I’ve already logged into 9 different applications - all of which have required username and password authentication. To make matters worse, I had to reset a password to a website I hadn’t used in a while.  That said, we at FileOpen know just how frustrating it is to manage what seems is a never ending list of credentials in your head.  So today’s post will cover how you can protect your high-value documents without some of the inherent pain points and security issues associated with username and password authentication. 


The problem with passwords

Passwords are the most common way users confirm their identities.  However, passwords are also considered a weak form of authentication.  The truth is that there’s nothing wrong with passwords; the problem is the user. Users experience what is known as password fatigue; they select passwords that are too simple, too predictable, they re-use the same passwords across systems, they fail to change their passwords on a regular basis, and much to our disbelief, users log credentials in notebooks usually kept alongside their machine.  As you can see, the Personal Internet Address & Password Log Book retails for $6.49 and is currently a #1 Best Seller on Amazon. 


In addition to password fatigue, users fall victim to cybercriminal’s phishing and spoofing scams.  And finally, what is to keep a user from lending their credentials to someone else?


FileOpen Approach: Securing documents, without passwords

FileOpen document security software offers businesses a variety of authentication modes designed to alleviate the pain and insecurity of traditional username and password authentication. 

The first out-of-the-box mode of authentication is device or machine authentication.  With this mode, users authenticate once by opening a FileOpen Registration PDF on their desktop, laptop or iOS device with the FileOpen Client.  Once opened, the FileOpen Client sends a list of machine identifiers, unique to that user’s device, to the governing PermissionServer which then logs the information within the user’s profile as a registered device.  After opening that registration PDF, all subsequent access requests by that user are permissioned by validating the user’s machine identifiers with the governing PermissionServer.  This means the whole identification process is invisible to the user and is exactly the same as opening a non-protected PDF file.  All permissions are obtained from the document owner’s PermissionServer in real-time, and are specific to that user’s device. Permissions are not portable in any way that the user can control; permissions are locked to the original device. 


The FileOpen software may also employ additional means of authentication.   FileOpen integrates with existing ADS/ SSO systems, eCommerce systems, enterprise file-sync-and-share or learning management tools. These options make it easy for administrators to centrally manage users and permissions, without requiring users to manage yet another password.  In addition, custom configurations can be deployed to support cookie-based authentication, domain authentication, and user log-in authentication. 


While businesses truly dread the challenges and problems posed by passwords, it still remains a core authentication and security technology. And, as mentioned above, we don’t believe passwords are the root of the problem, we believe it’s the human element.  With that being said, FileOpen does support username password authentication and includes features to ensure security.  These features include:

  • Device limits: Owners may designate the maximum allowable count of devices that user may access a protected document from.  The smaller the number the more secure the system.
  • Revocation:  Allows owners to instantly disable access by document, user or user’s device.
  • Tracking:  Logs all access and usage by document or user ─ even failed access attempts.  This information includes device / machine identifiers, user login, host name, IP address as well as date and time.
  • Viewing Requirements:  Allows document owners to limit document access to specific operating systems.
  • Usage Controls:  Prevent or restrict copy/paste, printing, editing, saving and screenshots.


Want to learn more?  Start a free 14-day trial to see how you can start protecting your PDFs, without passwords. 

FileOpen Viewer for iOS (v2.4.0)

Posted by FileOpen DRM News


We are pleased to release the latest version of the FileOpen Viewer for iPad®/iPhone®.  The app updates like any other app you are accustomed to.  If you don’t have automatic updates enabled you will need to manually press "update" from the AppStore.  


What's New in Version 2.4.0

  •          Updated to support wider range of PDF files
  •          Improved decryption speed
  •          Added support for location services and device identification
  •          Small bug fixes and enhancements

This update replaces version 2.3.4 posted to iTunes in Jannuary 2015.

Client-side vs. Web-based document security

Posted by FileOpen DRM News

The more things change, the more they stay the same

In the early 1990’s client server architectures were ubiquitous. Businesses managed their own servers, software, and productivity tools for their workforce.  In the 2000’s, the growing adoption of the Web introduced new opportunities and serious new threats to the IT landscape. Businesses responded by installing more infrastructure; typically more hardware in the data center. The idea was to establish a perimeter around the business to keep hackers out and intellectual property (IP) in. Fast forward to 2010, the world had completely changed: Web access was ubiquitous. Social media, collaboration tools, file sync-and-share, and mobility (BYOD) were unstoppable forces.  However, the more things changed the more the need to protect sensitive, regulated or corporate IP stayed the same.


Today businesses have embraced this new era, accepting easy-to-use, always-available productivity tools delivered to everyone in their workforce, anywhere in the world, on all their devices, in real time.  By doing so, these companies not only realize a broad array of capabilities but a distinct cost savings of no longer maintaining servers and software in-house.  However, the downside is that centralized, perimeter-based security solutions no longer make sense.  

So, the question becomes: do you trust security measures provided by third party Web-based service providers, or do you apply client-side security to persistently protect your IP? 

Client-side vs. Web-based document encryption

With Web-based encryption, documents are encrypted by the sender, at the server, so that only the receiving party can decrypt them. This approach is designed to keep files safe during transfer, but both ends are often left vulnerable.  For example, in October 2014, Dropbox was a victim of a sender side breach.  Dropbox users had their usernames and passwords released on Reddit, giving millions of Internet users access to the contents of their accounts. Because the content stored in the cloud was not encrypted, any user with credentials could access that content.


Had those same documents been encrypted prior to being uploaded to Dropbox, the damage would have been significantly reduced. With client-side encryption your documents are always protected; only authorized users can access the content no matter how the document is obtained or where it is stored.  The same goes for your third-party service providers, with client-side encryption your Web App providers have “zero knowledge” of your content; meaning they can’t access or disclose your company’s private information.  Client-side encryption is the only option that offers that kind of security.

In addition to security, client-side tools have definite business benefits.  With client-side encryption tools your workforce is equipped to apply document encryption on the machine they use to author high-value documents.  It is always available; empowering your workforce to easily apply document security measures without opening a browser, remembering credentials, or additional steps.   Furthermore, having the encryption App local to the machine increases the likelihood of it becoming part of the user’s daily routine; a constant IP protection reminder, if you will. 

FileOpen Solutions

At FileOpen, we have been building document security solutions for our customers since the early 90’s.  We were the first Adobe Technology Partner to build a third party plug-in to control access and usage of PDF documents.  The solution consists of three basic components; document encryption tools, a permissioning server to govern access and usage, and a versatile set of clients and viewers.  Customers have the option to host their own permissioning server, RightsServer, or leverage a hosted version, RightsManager.  Both solutions offer true client-side document encryption tools. Put simply, we don’t ask you to upload your source documents to our server for encryption. 

FileOpen offers several configurations for client-side encryption to meet varying business needs.  At the most basic level, users simply drop their unprotected documents into a monitored directory on their machine.  That action initiates the encryption process and within seconds an encrypted version of the same document is placed into a directory of the user’s preference.  The file can then be distributed by any means available.  If appropriate there is an option to mirror the output folder to many popular file-sync-and-share sites through oAuth or other APIs.  In addition to our basic directory monitor interface, FileOpen software can be configured to programmatically encrypt all documents created on a given machine or server, as they are created or on-the-fly, as the documents are being requested. 


Want to learn more? Contact us if for a quick demonstration or start a free 14-day trial.



Topics: document encryption, security, DRM advice, DRM mistakes

FileOpen Client 0963 for Adobe Acrobat/Reader (WIN)

Posted by FileOpen DRM News

We have released an updated FileOpen Plug-in for Adobe Acrobat and Reader for Windows, Build 0963.   This new client implements support for the latest Adobe Acrobat/Reader and includes minor bug fixes and enhancements.  This update replaces the Windows 0962 release from July 6, 2015. 

FileOpen Client 0963 is backward-compatible to Adobe Reader/Acrobat 9.  We recommend that you encourage users to upgrade to the 0963 client.

Topics: FileOpen plug-in, Client Release

FileOpen Client 0962 for Adobe Acrobat/Reader (WIN)

Posted by FileOpen DRM News

We have released an updated FileOpen Plug-in for Adobe Acrobat and Reader for Windows, Build 0962.   This new client implements support for the latest Adobe Acrobat/Reader. Specific improvements include:

  • Support for SHA-2 password hashing.
  • Updates to the FileOpen Broker.
  • Additions to application whitelist affected by screenshot prevention measures.
  • Support for print command, shrink to fit. 
  • Various bug fixes and enhancements.

This update replaces the Windows 0958 release from April 2015.

FileOpen Client 0962 is backward-compatible to Adobe Reader/Acrobat 9.  We recommend that you encourage users to upgrade to the 0962 client.

Topics: FileOpen plug-in, Client Release

Two Lesser-known FileOpen Features: Screen Capture Prevention & Watermarking

Posted by FileOpen DRM News

Document security is one of the most important challenges faced by businesses today.  Your documents contain your company’s proprietary, confidential or regulated data and are likely the most valuable things on your computer or network. FileOpen document security and rights management software not only allows businesses to set up strict access and usage controls to documents, it also provides additional layers of security to prevent or deter the unauthorized redistribution of the data in your documents.

Today we will take a look at two lesser-known features available in FileOpen software that protect your all-important data; screen-capture prevention and user identifying watermarking.

Screen capture prevention

For our most security conscious customers FileOpen offers screen-capture prevention in environments where possible; more specifically Windows operating systems.  FileOpen has obtained a  Code Signing (Class 3) Digital ID giving permission to run services at the kernel level, including monitoring for a screen capture event.  Once an event has been identified, our app hides the content of the protected document.  The screen shots below illustrate a FileOpen-protected document with and without screen capture prevention enabled. 

FileOpen-protected-documentFileOpen-protected PDF, viewed in Adobe Acrobat/Reader DC with the FileOpen Plugin, without screen capture prevention enabled.  Image captured with the Windows Snipping tool.

FileOpen-screen-capture-preventionFileOpen-protected PDF, viewed in Adobe Acrobat/Reader DC with the FileOpen Plugin, with screen capture prevention enabled.  Image captured with the Windows Snipping tool.

To be clear, we do not claim that FileOpen guards against all methods of screen capture; it is always possible for a determined adversary to use a camera or to transcribe content manually. Nothing is 100% secure unless it is 100% unusable.  That said, FileOpen screen-capture protection adds real value by preventing screenshots in environments where it can do so without impacting the recipient’s ability to use the document as intended. 

User identifying watermarks

In addition screen capture prevention FileOpen offers user identifying watermarks. Watermarks can be applied on-screen and to printed copies of protected documents and can be different watermarks in the two cases.  These watermarks are a defensive mechanism addressing the human element; a recipient is far less likely to disseminate content where they are identified as the source.

Watermarks can be configured as needed and can be edited with immediate effect. They can contain static and variable information (for example, the recipient email address, IP address, user host name, print driver and the date and time of view/print). For this reason, different users will see the same document with different watermarks.  FileOpen watermarks are supported  in PDF on Windows and Macintosh, in OPN on all supported devices, and in the FileOpen HTML5 rendition.

The screen shots below illustrate a FileOpen-protected document with user identifying watermarks.

FileOpen-user-identifying-watermarks-in-PDFFileOpen-protected PDF, viewed in Adobe Acrobat/Reader DC with the FileOpen Plugin. Both variable and static watermarks are present.

FileOpen-user-identifying-watermarks-Web-viewerFileOpen-protected PDF delivered in OPN format, viewed in Chrome without any clients or plugins.  Both variable and static watermarks are present.

Contact us today to learn more about the FileOpen document security or request a free 14-day trial.



Topics: document control, data protection, stop document piracy

What makes FileOpen document security & control different?

Posted by FileOpen DRM News

At FileOpen we understand that building out your security infrastructure can be a daunting task.  Every document security and DRM vendor claims their solution is bigger, better and faster than the others.  It is vital to evaluate these claims and potential issues before a solution is purchased.  We advise our potential customers to create a checklist encompassing their core requirements and desired results.   A checklist may start small and grow as you assess each solution.  To assist in this process we have put together a few questions based on what our customers have consistently identified as important differentiators, such as:

  • Security and encryption
  • Recipient ease-of-use
  • Day-to-day administration and permissioning
  • Flexibility and extensibility (integrations)

Security and encryption

This section covers issues pertaining to file-level security and encryption.  This encryption makes the contents of your files indecipherable to unauthorized individuals. Document encryption uses complex mathematical algorithms to convert documents into an information package that cannot be read until there is a positive client server interaction verifying user identity and permissions. So, if an unauthorized individual intercepts an encrypted document they will not be able to access and read it.

FileOpen gives you a choice of encrypting on-premise or in the cloud, so you never have to upload an unprotected file. Once the document is protected, it can be distributed safely through whatever mechanism or protocol is most appropriate.  Documents are secured at all times and can only be accessed after a positive client server interaction verifying user identity and permissions.

Other Vendor
  1. Does the solution offer local encryption so source files are never transmitted over the internet?


  1. Are decryption keys stored within the document?


  1. Can the permission data be stored separately from the document?


  1. Can permission requests and data be encrypted as well as the document?


  1. Can document controls be enforced even after being downloaded to the recipient’s device? Offline?



Recipient ease-of-use

One of the biggest challenges of document DRM is making it easy for your users to share, access and work with protected files.  No organization wants to lose control of protected documents, or to place unnecessary barriers between authorized users and the information they need to do their jobs.  With FileOpen’s versatile client set you can define when, where and how users can interact with documents while still allowing users to use the productivity tools of their choice.


Other Vendor
  1. Does the solution provide protected files in standard file formats like Adobe® PDF, Microsoft® Word®, Excel® or PowerPoint®?


  1. Does the solution provide a preview of protected document to authorized users without any software installation (plugins/clients)?


  1. Can protected files be accessed from mobile devices? 


  1.  Are native applications required for mobile viewing?



Day-to-day administration and permissioning

This section covers issues pertaining to administering document access and usage controls.  These features allow you to securely share your files with others, while maintaining full control over who accesses them and how they can work with them. With FileOpen software, you control who can access your files by defining groups and including the users in these groups. For each group, you set specific usage policies, such as print restrictions, watermarks and offline capabilities. You then protect documents by assigning them to their respective groups, according to the permissions you want to grant. You can change a user’s or documents group membership at any time, with immediate effect.


Other Vendor
  1. Can the solution control printing, copying and saving of the file?


  1. Does the solution provide user-identifying watermarks on document view and print?


  1. Does the solution provide the ability to grant offline access? Configure how long offline access is permitted?


  1. Does the solution provide an out of the box, easy-to-use authentication scheme?


  1. Can the administrator of the solution remove access to specific documents, users or user’s device?


  1.  Does the solution provide access to activity reports by user, document and failed access attempts?


  1. Can the solution be configured to automatically apply permissions to documents? Provision users?



Extensibility & flexibility

This section is designed to help you find an integration-friendly solution; one that enhances and extends current investments.  At FileOpen, we work with customers evolving standalone solutions into infrastructure that protects and controls documents as they are created or on-demand. Our extensive list of services and APIs allow any person or system within an organization to protect documents and permission authorized users.

Other Vendor
  1. Can the solution be implemented on-premise? Or as a Software-as-a-service (SaaS) solution?


  1. Can the solution be configured to protect files as they are created?  In batches?  On-demand?


  1. Are there specialized services for eCommerce?


  1. Does the solution integrate into cloud-based sync-and-share systems like Dropbox?


  1. Does the solution extend current directory services? Does it support mixed-mode authentication?


  1.  Can the solution connect to existing NAS?


Creating a vendor checklist can be a difficult task but after reviewing your company’s polices you should be able to create a list that will help you decide which solution will conform to your company’s security requirements.  Contact us today for more information on how FileOpen solutions stack up or sign up for a free 14-day trial and see for yourself.

[1] The FileOpen Plugin/Client is required to securely collaborate within native publishing tools like Adobe® Acrobat®, Microsoft® Word® and Excel®
[2] While not required to preview a FileOpen-protected document in a browser, native iOS and Android Apps are freely available and provide a larger feature set.
[3] FileOpen offers extensive APIs to connect document and user permissioning to almost any third party system.  


Topics: document control