Protect epub and kindle files for sale on personal website

Posted on 2011-05-03
Medium Priority
Last Modified: 2012-05-11
I am working with two authors who have their books for sale in hard copy and also .epub and kindle formats. They want to sell their digital books on their own website. The digital versions do not come with any protection (copy or print) on them. When these types of digital ebooks are sold through major retailers (Barnes & Noble or Amazon) the protection is put on at that point. Is there any (cost effective) way to do that for these authors on thier own? If not, how vulnerable are their files and is it something they should be concerned about?
Question by:JustDuckyDesigns

Author Comment

ID: 35514878
That doesn't really answer my question. These books have been converted into .epub and kindle formats (not PDF). I need to know if there is anything I can do to protect them from being freely distributed once someone purchases one from the authors ecommerce website.
LVL 65

Accepted Solution

btan earned 2000 total points
ID: 35711003
I see that it sum up to the use of Digital Right Management (DRM) technology for control access of the eBook. Barnes & Noble announced it is adopting the open EPUB eBook Format, PDF and Adobe Content Server as the basis of its eBook distribution—including on nook, the Barnes & Noble eBook reader. Content Server will simply have two options for protecting EPUB content: identity-based authorization and ID and password-based authorization.

@ http://www.adobe.com/devnet/digitalpublishing/articles/barnes_noble_faq.html

So to implement it on author own can be quite tough as having implementating DRM solution would go for client and server (in adobe approach is Content Server, see link below) based deployment meaning you needed to have some sort of agent at client to start the streaming from server or for locally stored copy, agent need to enforce with licence deployed at client end. Certificate based would be the more secure DRM approach (then password based).

@ http://www.adobe.com/products/digitaleditions/pdfs/adobe_ebook_platform_whitepaper.pdf

I was looking at open community for supporting ebook type and chanced upon OpenPub, but it is not a direct EPUB format though it does strive to achieve the DRM and compatibility. Unless you are open to different format and hosting your services, this would just be another good reading only. In particular they can serve ePUB but indirectly. An OPDS provider would very rarely serve ACS4 DRM-wrapped epub files directly; the much more common scenario would be for the OPDS provider to generate and serve an acsm file (which the  client is then free to use to acquire the 'final' epub file).

@ http://code.google.com/p/openpub/wiki/AcquiringWithDRM

So I recommend to use the hosting DRM approach as ePUB and Kindle format are already supporting DRM. See the wiki information

There are four main ebook DRM schemes at present, one each from Adobe, Apple, Barnes & Noble and Amazon. Adobe's Adept DRM is applied to ePubs and PDFs, and can be read by several third-party ebook readers, as well as Adobe's Adobe Digital Editions software. Apple's Fairplay DRM is applied to ePubs,and can currently only be read by Apple's iBooks app on iOS devices. Barnes & Noble's DRM scheme is implemented by Adobe, and is applied to ePubs and the older Palm format ebooks. Amazon's DRM is an adaption of the original Mobipocket encryption, and is applied to Amazon's Mobipocket and Topaz format ebooks.

@ http://en.wikipedia.org/wiki/Digital_rights_management#E-books

Having said all these, DRM may not be fullproof as you queried on the vulnerability. There is open news that DRM based scheme for ePUB (including the service providers) were circumvented. The link is an active blog on all this - just look at all the title for a quick summary. Following properietary crypto is just security through obscurity, it is not true security as demonstrated in the blog: "...DRM systems ultimately depend not on the strength of their cryptography, but the complexity of their obfuscation."

It is just a matter of time and interest to break the obscured portion if it is not too deterring (esp if there is huge gain for free DRM ebook to share with more...).
@ http://i-u2665-cabbages.blogspot.com/

Hope it helps ...

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month16 days, 2 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question