Protect epub and kindle files for sale on personal website

Posted on 2011-05-03
Last Modified: 2012-05-11
I am working with two authors who have their books for sale in hard copy and also .epub and kindle formats. They want to sell their digital books on their own website. The digital versions do not come with any protection (copy or print) on them. When these types of digital ebooks are sold through major retailers (Barnes & Noble or Amazon) the protection is put on at that point. Is there any (cost effective) way to do that for these authors on thier own? If not, how vulnerable are their files and is it something they should be concerned about?
Question by:JustDuckyDesigns
    LVL 7

    Expert Comment


    Author Comment

    That doesn't really answer my question. These books have been converted into .epub and kindle formats (not PDF). I need to know if there is anything I can do to protect them from being freely distributed once someone purchases one from the authors ecommerce website.
    LVL 60

    Accepted Solution

    I see that it sum up to the use of Digital Right Management (DRM) technology for control access of the eBook. Barnes & Noble announced it is adopting the open EPUB eBook Format, PDF and Adobe Content Server as the basis of its eBook distribution—including on nook, the Barnes & Noble eBook reader. Content Server will simply have two options for protecting EPUB content: identity-based authorization and ID and password-based authorization.


    So to implement it on author own can be quite tough as having implementating DRM solution would go for client and server (in adobe approach is Content Server, see link below) based deployment meaning you needed to have some sort of agent at client to start the streaming from server or for locally stored copy, agent need to enforce with licence deployed at client end. Certificate based would be the more secure DRM approach (then password based).


    I was looking at open community for supporting ebook type and chanced upon OpenPub, but it is not a direct EPUB format though it does strive to achieve the DRM and compatibility. Unless you are open to different format and hosting your services, this would just be another good reading only. In particular they can serve ePUB but indirectly. An OPDS provider would very rarely serve ACS4 DRM-wrapped epub files directly; the much more common scenario would be for the OPDS provider to generate and serve an acsm file (which the  client is then free to use to acquire the 'final' epub file).


    So I recommend to use the hosting DRM approach as ePUB and Kindle format are already supporting DRM. See the wiki information

    There are four main ebook DRM schemes at present, one each from Adobe, Apple, Barnes & Noble and Amazon. Adobe's Adept DRM is applied to ePubs and PDFs, and can be read by several third-party ebook readers, as well as Adobe's Adobe Digital Editions software. Apple's Fairplay DRM is applied to ePubs,and can currently only be read by Apple's iBooks app on iOS devices. Barnes & Noble's DRM scheme is implemented by Adobe, and is applied to ePubs and the older Palm format ebooks. Amazon's DRM is an adaption of the original Mobipocket encryption, and is applied to Amazon's Mobipocket and Topaz format ebooks.


    Having said all these, DRM may not be fullproof as you queried on the vulnerability. There is open news that DRM based scheme for ePUB (including the service providers) were circumvented. The link is an active blog on all this - just look at all the title for a quick summary. Following properietary crypto is just security through obscurity, it is not true security as demonstrated in the blog: "...DRM systems ultimately depend not on the strength of their cryptography, but the complexity of their obfuscation."

    It is just a matter of time and interest to break the obscured portion if it is not too deterring (esp if there is huge gain for free DRM ebook to share with more...).

    Hope it helps ...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    If you are on a Windows computer and decide to protect a file with sensitive data, you can encrypt the file, password protect it or rely on steganography (hiding a file in an image). This technique is especially useful because unless someone knows t…
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now