Beginners Advanced(?) File Security questions

[timberwolf]

Ok. Please be patient with me as I am new to file security options. I know about password protection for files, but, I am in need of something a little more advanced. Here is the scenario that I am in and I would like to ask for any help you can give...

I am entering into a business arrangement with Adam. I would like to send him a confidentiality agreement (CA) that he then "signs" either in ink or digitally. With this signed CA, I would receive a certificate, i think, that would allow me to then send a prospectus to him and only him. If he were able to open it on a couple of computers that would be great. What I want to prevent is Adam sending it to Bob and Bob opening it and distributing it at will. If I just password protect it, Adam can send the password along with the file. What would be even better, is if when Bob tries to open it, it tells me that Bob has it, it is the same file that was sent to Adam and tells Bob that he is trying to open a file that was not intended for him.

Is there a security platform that would accomplish this and if so, where might I find it...

Thanks in advance,

Timberwolf

[weegillis]

Two, possibly dumb ideas:

1) If Adam is dumb enough to share a digital key with Bob, then don't send anything to Adam. If Bob is his lawyer, then issue a second key, and strict proviso as to confidentiality.

2) What if the key also included the MAC ADDRESS of the machine being authorized?


A look into how iTunes is able to identify machines, one from another might reveal your answer. I have no clue, but it looks similar, in a sense, to what you describe; am I even close?

Any authorization outside of the scope established by you and Adam, would have to come from you, being the 'super key holder' (my invented phrase).

[weegillis]

On the PDF front, you can lock down a file for eyes only, if I'm not mistaken. At least then you know it can't be copied or printed. Beyond that, I'm not sure how businesses do this sort of thing. Secure conferencing, maybe?

[claybutler]

I would never send a file that was that important to anyone. I would only show it in person. If you can't trust the people you work with there really is no level of protection that can help you.

One time I had a password protected PDF file that I needed to see and I just went online and uploaded to a PDF cracking site. A minute later I'm the proud owner of a cracked PDF. (BTW: the file was not proprietary and it wasn't a secret, it's just that no one remembered the password...Doh!)

[alphaomega]

What you ask for is impossible. As claybutler pointed out, don't send e-documments. If you enter into business full of distrust, don't do it. Or get an army of lawyers.

[Kristos]

years ago I installed "pgp desktop" on my org's computers. it worked well. it supported 4096 bit encryption. the NSA couldn't even break that back then.
symantec has since purchased them and i don't know the current stats on it.
you can check it out on their web site
http://www.symantec.com/theme.jsp?themeid=pgp

[weegillis]

years ago I installed "pgp desktop" on my org's computers. it worked well. it supported 4096 bit encryption. the NSA couldn't even break that back then.
symantec has since purchased them and i don't know the current stats on it.
you can check it out on their web site
http://www.symantec.com/theme.jsp?themeid=pgp

Securing the document, is one thing, but securing the end user, another thing all together, which is I believe what the OP is really questioning. All the best security in the world is only as good as the user group's diligence to support it. If they're giving out their passwords or encryption keys, there is no security.