Hi!

Strange question:

does anyome know a tool or can somebody make a tool that injects info into a PDF file?
The idea is this:
You make a PDF, make it simple, reflowable but otherwise standard so it can be used with as many PDF viewers as possible. You put a password on it for edit protection so that nobody can extract text or change the contents.

You then add a page that contains the "Owner Information". Let's say Name and Address.

Would it be possible to automate a process like that?

What I'm thinking is this:
Wouldn't a "DRM" model like this disencourage casual piracy (who wants to put their name and address up on a p2p network???) while still making files compatible and easy to keep and to use?

Thanks.

give me your idea on the process and the whole scheme...it'll probably never get it's chance, but I'd just like to know.
There is no problem in making a PDF such as this, however the edit protection can be removed easily. Once you make it harder to remove the protection you risk losing viewer compatibility. Even casual users can download tools with easy to follow UI's that remove the current Adobe protection, and can thereby remove the offending owner information.

Thinking of it a little more I realized that you can of course make it a pain to remove this user info, by placing the info multiple times in the file, in somewhat random formats that make it harder for tools to automatically remove the information.
The point is not to make this protection unbreakable. It's just a "token" protection to prevent just anybody from putting the files on p2p.

Every protection can and will be broken.

I hope publishers and authors will learn some day...
I just made a sample file containing a sample of the "user information" at the end of the document.

If you like, grab it @ www.awde-sign.de/mobileread/sample.pdf

It's a public domain Gutenberg.org book, so it should be no problem if I put it up for download. I took the normal .txt file and converted it to PDF, added the info and the protection.

Try it and tell me:

1) does it work on your device?
2) could you remove the "owner information" and how easy was it?

Thanks.
Possible, but impractical. It seems useless to first add DRM, then remove it in order to add a page, and then add it back in again: you need to keep track of the first password. If it's just a dummy password, it will be less safe, but if it's a good password, further password management is required. Simpler to keep the unprotected document, do the 'add extra page, and finish off with encryption', as that means you don't have to keep the original password around: instead you can use a truly random password for the encryption, which you don't keep any record of. Possibly less safe, but simpler.

Depends. If you add that page in the wrong place, it may not be seen, and so have minimal impact. You really want the PDF file to open on that page, and that means altering the document configuration. A better approach would be, I think, to design the cover page so that it incorporates the owner's name, or, perhaps, the page header or footer to do so. That means that the document has to be designed, however, so that this information can be added in some document specific way -- probably as a special object with known contents that is replaced.

If tracing was the only purpose, it would perhaps be enough to add one or more custom document properties, or perhaps an embedded file, with the identity, though I'm not 100% certain yet if it can be done so that it cannot be removed without passing the encryption barrier. (It is possible to remove some things from an encrypted document: it just means that Reader will warn that the document has been changed. That's clearly not useful for this information -- removal must be very difficult.)

However, for best protection 1.5 or later should be used, as it includes encrypted object streams, along with the longer-than-40-bit keys from 1.4 -- but that lessens the portability of the document. The tradeoff need to be considered carefully.
That is exaclty the problem.

Putting this information at the beginning of the file (and maybe the end too) would be easy if you do it by hand.
But putting this info into every file by hand is pretty ridiculous.

One way would be to use a tool to inject the info into a .doc or .txt/.rft file, then make the PDF with the editing protection.

Has anyone tried to extract the info from my sample file yet? My program couldn't do it, but I only tried once. I couldn't extract contents either. So far it worked well. I haven't tried it on my PPC yet and have yet to receive my Iliad and try it there...
I tried removing the protection using off the shelf products. they remove the protection, but also remove the entire contents of the doc

Injecting the user info could be done at download time. I have made quite a few web sites that do this and have the PDF creation components on my server, however I have notlooked into copy protection usung this system as it never has been a requirement. For more info on the component I am using look at http://www.asppdf.com/
If you don't set a "user password" [needed for opening the pdf file] your security is very LOW. Software can decrypt it in milliseconds. After doing it your reader will have full controll of your document.

What you want to do is very easy with Adobe Acrobat - that is why it's so expensive. It's called "batching" or so [in my German version "Stapelverarbeitung"].
You can write scripts [adding pages, changing document information etc.,] & let it run on complete folder of files.

I don't know if other software like from foxit offers such features.
I have set a user password, but only for editing and or extracting/printing the file. The idea is, that the file should be easy to use and the protection should be unobtrusive but the information in the file should not be removable.
The master password could be generated randomly or something because nobody would have to have access to the editing features, not even the "seller" of the files.

The really difficult part for this procedure is, that you'd have to have a system like the one Pitchfork describes that uses the information the Purchaser provides when ordering and injects it into the PDF the user then downloads.
No. It needs Reader 7.0 to be read, and Reader for Pocket PC 2.0 is not up to that level. If you want portability, you better use 40-bit encryption.

Didn't even try. However ... as the document reads perfectly without password (once I fire up Reader 7.0), I doubt that it would be a serious problem.

Reader can clearly decrypt the information on it's own, and display it. When I try to do something that's not in the rights field (P), it's Reader, not the PDF file that implements the protection.

So I simply get my own reader (say, xpdf -- haven't checked if it does 1.5 decryption, though), remove the test for 'is this forbidden by DRM', if there is one, recompile it, run, open the file, save the file without encryption or compression, fire up a text editor, and remove the lines you've added manually. (There used to be a PostScript file around that could be used in GhostView that did much the same thing ... pdf_sec.ps. Don't know if it can be made to work for AES encryption) Once the PDF reader (or equivalent) decides to ignore the DRM specification in the file, you can do almost anything.

However ... once you require the user to enter a password before the document can be read, you get better protection. Then the password guessing and cryptanalysis starts in earnest.

I'm not entirely sure, but it may be possible simply to delete the
page the added text is on -- much rougher, but equally effective.

There's no security without passwords or equivalents: there's just obfuscation.