1) Will all the readers be connected to Rights Management Server. (I saw all the policies listed out in 'Manage Security Policies' in a example demo). How this is happening?
ANSWER: Reader does not require any configuration to "connect" it to a particular Rights Management server. A rights managed PDF contains the "Base URL" of the RM server that was used to protect the PDF. This url lets Reader connect to the correct RM server.
2) Will all the documents also be stored in the Rights Management Server? If not, how the latest version of the document is being retrieved when the user tries to open older version document?
ANSWER
Rights Management does not store any documents, it manages the policy information, encryption keys, audit information etc... When a user attempts to open a Rights Managed document, a connection is established (assuming the document is not being viewed offline) and assuming the user is able to authenticate properly and the document has not been revoked, the document will open. If an older (revoked) version is attempted to be opened, there is an option when a document is revoked to configure a message to infornm the user the document hase been revoked, and optionally a URL can be specified to re-direct the user to a newer version.
3) Audit trail - I read that the secured documents will be kept in track always (i.e) whatever action is done on the document will be logged in server. Does it mean that the reader will keep on sending information to server? What will be the case if the user if offline?
ANSWER
When a Rights Managed document is viewed "online", the audit events are sent to the RM server immediately. If the policy allows for "Offline" access, and the document is being viewed offline, then the audit events are stored locally on the client system. When a connection is establised in the future, the "offline" audit events are sent to the RM server.
4) I read that the supported formats are Ms word, excel, etc... Should all these formats be converted to pdf before applying security policy? If not, will Microsoft Office contact the Rights Management Server for applying policies?
ANSWER
The native Office formats can be RM proitected, there is no need to convert to PDF first. There is a free plugin for MS Office (available for download from Adobe.com) that enables the various office products to apply policies to the Office documents.
5) User is Offline - I read that whenever a policy is applied to a document, the document key will be encrypted and when the user is opening the document, the server will provide the document key for decryption. How this case will happen when the user is offline?
ANSWER:
When a document has been protected with a policy that allows that user to view the document offline, the "document encryption key" is itself encrypted with a "Principal Key (256 bit AES), and embedded in the PDF. The Principal Key is downloaded to the client machine and stored in Acrobat\Readers microsafe (an encrypted local data store). When the user opens the PDF offline, the Principal Key is accessed from the microsafe, it is used to decrypt the document key, and the document key is in turn used to decrypt the document.
Regards
Steve
It was really helpful.
