FAQs - Sealed Content

Accessing sealed content

Distributing sealed content

Security

General

  • Q. What is a sealed document?

  • A. A sealed document has three key attributes:

    • It is encrypted
    • It is has a digital signature
    • Its usage is subject to a set of rules

    Encryption ensures that a sealed document cannot be read by unauthorized users. Users need SealedMedia software, typically the SealedMedia Desktop, to decrypt a sealed document.

    Digital signing protects a sealed document against tampering.

    Most importantly, a set of rules define which users are authorized to open and print and edit and search sealed documents. The SealedMedia software enforces these rules. The rules can be changed at any time and apply to all copies of a sealed document - regardless of where those copies are or how they got there. Different rules can apply to different documents and to different users.

  • Q. What do I need to access a sealed document?

  • A. The following:

    • The sealed document itself
    • The
    • The rights to access the document
    • A network (Internet) connection
    • The application that is normally associated with the format of the document. For example, you need Microsoft Office to open sealed Office documents and Adobe Reader to open sealed PDF.

    You need a network connection because your rights are managed on a server - a License Server. Your computer needs to be able to access that server to request your rights - at least initially.

  • Q. Do I have to be online to access sealed content?

  • A. You must be online when you open your first sealed file, so that you can send a rights request to the server. After that, your rights are usually cached on your PC so that you can open sealed files without necessarily being online. Your cached rights will expire, typically after a few days, at which point you need to refresh your rights. The Unsealer automatically connects to the server to refresh your rights if you are online when they expire.

    SealedMedia recommends that you set up a rights synchronization task that automatically refreshes all of your rights for you. This allows for seamless offline working. For further information, see the Unsealer help.

  • Q. Can I use sealed content remotely from a location outside the Oracle Corporation corporate network?

  • A. Yes. The caching of your rights means that you can disconnect from your corporate network and keep working. In most cases, you can also connect to your corporate License Server from external networks so that you can refresh your rights while working remotely. The Unsealer handles the necessary connections automatically.

  • Q. What if I use a proxy when connecting to the Internet?

  • A. As long as you can access the Internet using your browser, the Unsealer should not have a problem using your current proxy settings.

  • Q. What if I want to use a different browser instead of Internet Explorer?

  • A. Internet Explorer does not need to be your default browser, but it does need to be present on your system. Most Windows systems have Internet Explorer as part of the operating system even if you do not use it for browsing the web.

  • Q. I have forgotten my login/password

  • A. Please use the password reset page.

  • Q. How can I deliver sealed content? Are there any restrictions?

  • A. Sealed files are just like any other file. They can be copied onto a floppy disk, CD, network file share, downloaded from a web server, sent as an email attachment, and so on. The only restrictions to the distribution methods are those set down by the Oracle Corporation classification policy.

  • Q. Can I distribute sealed content on a CD-ROM?

  • A. Yes, you can. Sealed files are persistently protected and the rights to open them are held separately. Therefore the content can be stored or distributed in any way that you choose: via a file server, document management system, web site, ftp server, floppy disk, CD, email attachment, peer to peer network, flash RAM, infra-red transfer, whatever. Anyone attempting to a open sealed file  needs a valid license, regardless of how they obtained the file in the first place.

  • Q. How do you protect a document if someone has burnt it onto a CD?

  • A. All sealed documents are persistently protected. A user always needs a valid license on the server to open a sealed document, regardless of the document's physical location. Quite simply, if the user does not have a license, they will not be able to use the content.

    Any time after a sealed document has been released into a user's hands, the content owner can revoke access to that content, by simply removing the user's rights. There is no need to locate and delete old copies of a document or re-issue a document - the rights defined on the server apply to all copies of a sealed document even if the rights definition changes after the document is sealed.

  • Q. How safe is sealed content?

  • A. Content is sealed using a combination of industry standard encryption and digital signatures to protect it from unauthorised access and tampering. Once sealed content has been decrypted and rendered by the Unsealer, it is protected against unauthorised use by the following mechanisms:

    • Unsealed HTML and PDF content is never cached in the local file system, so unsealed content is never accessible to other applications
    • The Unsealer prevents unauthorized screen grabbing of sealed content
    • A trusted clock runs independently of the system clock and prevents users from subverting time based licensing rules
    • Your rights cache cannot be copied to another computer and used to open documents. Your rights cache is locked to your particular machine.
    • Rights management is handled within the core of the SealedMedia software so that rights are never exposed in communications between the server and the Unsealer.
  • Q. Are the communications between the Unsealer and License Server components secure?

  • A. Yes. All SealedMedia components communicate using a secure protocol.

  • Q. Does adjusting my system clock affect a time-based license?

  • A. Time based licensing uses a trusted and tamper-proof clock, so you cannot subvert license rules by adjusting your system clock.

  • Q. Does SealedMedia prevent password sharing?

  • A. Passwords should not be shared between users. Please refer to your local Username and Password Security Policy. The SealedMedia product prevents multiple users accessing sealed content with the same user credentials. This effectively means that if someone else is using your SealedMedia account, you will not be able to access sealed content yourself.

  • Q. What sealed file formats are supported?

  • A. SealedMedia supports a wide range of media formats and file types, including:

    • Microsoft Office ®
      - Word
      - Excel
      - PowerPoint
    • Email
    • PDF
    • HTML (web pages)
    • Images - gif, jpg, png, tiff
    • MP3 audio
    • CAD formats - CSF, 3DF
    • Video - QuickTime, MPEG-1, MPEG-4
    • XML
    • RTF
    • TXT

    In addition to supporting sealed email for any email client, SealedMedia provides seamless integration with the most popular email applications - Microsoft Outlook, Novell GroupWise, Lotus Notes, and RIM BlackBerry.

  • Q. Can I search a sealed file?

  • A. Yes, provided you have been granted the necessary rights. Many of our enterprise customers use sealed documents for a wide range of business purposes. If authorized users could not search sealed documents in the same way as they search other documents, users would quickly get frustrated.

  • Q. Can I unseal a sealed file?

  • A. Yes, provided you have been granted the necessary rights. Most users will not have the right to unseal documents, but some of our enterprise customers use SealedMedia to control workflows that are sensitive until a publication date after which sealing is no longer required. Others use sealing to protect work-in-progress, but allow authorized individuals to unseal the final, approved versions of documents. Others use SealedMedia as a secure delivery format, ensuring that files that go astray during distribution are protected, but that authorized users can unseal on receipt.

  • Q. When I seal an existing file, does the original get modified?

  • A. When you seal an existing file a new sealed copy is created alongside the original file. The original file is not modified in any way. The process of sealing encrypts the original content, adds a small header, and wraps the result with digital signatures to prevent tampering. The resulting sealed file is approximately 1% larger than the original file. You can decide whether it is appropriate to delete the unsealed original. Note that SealedMedia provides several ways to create new sealed documents without ever needing an unsealed original. For example, you can create a new blank sealed document in Office or Explorer, and you can create documents from sealed Office templates.

  • Q. Who should I contact to find out more about this product?

  • A. Go to http://www.sealedmedia.com/