[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 888
  • Last Modified:

Auto-Lock a file based on date

I have a client that sends files to organizations with time sensitive data.  She doesn't want folks to be able to open the file after a certain date that she specifies.  These files are simple Excel files, but could be PDF, DOC, or even ZIP files.  She wants a program she can run, select a file she will send, and specify in the application that the selected file should lock itself so it can't be opened in 10 days.  Then she wants to send that file to these organizations.
0
hazenweber
Asked:
hazenweber
  • 4
  • 3
2 Solutions
 
Dave HoweCommented:
this has been tried several times, but isn't really practical.

the key criteria are that the file must be (and remain) locked, must be viewable only (so not printed, copyable or screenshottable) and must be dependent on a trusted clock (i.e. one on the internet or other external source, not the local pc, where the user could just set the clock back)

the last company to try and field a solution in this space was "disappearing, inc" which did time-limited emails - I think they had been officially "in the field" for three days when the first posted crack allowed offline copy of their "self deleting" emails, so they are moving more to an integrated DLP solution and have changed the company name to reflect this.

it is believed that it would be possible, by combining the trusted rendering path (used to try and discourage copying of movies) and Trusted Computing (where the cpu itself acts in support of the vendors instead of the owner of the machine) to prevent rendered documents being captured in digital form - which would leave really only screen photography (webcam and OCR could recover documents with a high degree of reliability) - but there are obviously privacy and security issues with handing over fundamental control over your machine to a third party (microsoft, for example) particularly if it could be in their commercial interests to abuse that, and for a number of potential customers (banks, for example) that would violate a number of laws. In any case, if such a platform were made the only available purchase choice from now, you would still expect a proportion of your customer base to be using "old" technology five years from now, so in the near term it isn't an option.
0
 
SadiDevCommented:
Till now it is not possible to apply any individual file (by using generic software).
But you can use/create any container/host (customized) program that will contain the file (encrypted) and make the file viewable for certain time, but never write file to the disk and prohibit any copy/snap/print. The problem is, why other organization blindly trust an executable file (which they can not control)?
0
 
Dave HoweCommented:
sadidev: the problem there is ensuring that the clock is accurate - otherwise, you just set the clock back into the "valid" period and the file opens...
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
SadiDevCommented:
Yes, there is depend on trusted clock. Only internet/server clock can be trusted not the local computer. Sorry I did not mentioned it.
0
 
Dave HoweCommented:
not even an internet clock can really be trusted - you need to run your own server, at which point you are probably better off just doing what invisible inc did - host the content on the server and allow it to be viewable though an applet.
0
 
SadiDevCommented:
Actually nothing can be 100% secure. Trusted server can be spoofed. Of course there are always better way to secure something. We can make something, that might be harder to break. Anyway thank you (DaveHowe) for pointing to it more specifically.
0
 
Dave HoweCommented:
trusted server can't be spoofed, provided you use PKI - but as I say, if you have to run a server anyway, host the content locally to the server, access it though a java applet or flash applet, and all the client has to do is pass a couple of parameters (document id and auth string) to read the document up to the point the server is told to no longer accept that auth string.

anything else is asking for the local applet to be hacked to not bother checking the date.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now