This topic contains the following information:

The goal of content encryption is to provide an obscured transfer of data from the PCC Services to the client website, preventing unauthorized agents to discern the content being transmitted. Additional security can be enabled by configuring the client and server to communicate over the Secured Socket Layer (SSL), https protocol, rather than standard non-secure http protocol. In cases where this is not viable or enough protection, the content encryption adds a strong measure of privacy to the document content. When content encryption is enabled, the web data images and document text strings sent to the client will be encrypted and then decrypted by the Viewer.

This feature is not supported in IE8.

Overview of Enabling Content Encryption

Content encryption must be enabled in the Prizm Responsive Viewer and in the Prizm Services; it is disabled by default. Enabling content encryption in the viewer is straightforward and performed by an option passed to the viewer constructor or jQuery plugin. This process is documented below.

There are two options for enabling content encryption on the server:

1. Enable content encryption via the ServiceHost pcc.config file: this enables content encryption for all viewing sessions.
2. Toggle (enable or disable) content encryption via viewing session property: this enables or disables content encryption per viewing session, overriding the option set in the ServiceHost pcc.config file.

These options are both documented below.

For the security conscious, toggling content encryption per viewing session is not permitted in the out of box product configuration. It must be explicitly allowed via the ServiceHost pcc.config file.

Finally, it’s important to note it must be enabled or disabled on both the client and server, or unexpected behavior will occur. If encryption is enabled on the server but not for the viewer, then the content will not be rendered correctly. If encryption is enabled for the viewer but not on the server, then the content will not be encrypted during transit, however, it will be rendered correctly in the viewer.

In summary:

• Content encryption is disabled out of the box.
• It must be enabled in the viewer and services.
• It can be enabled or disabled on the server via the config file.
• If permitted, enabling or disabling content encryption can be overridden when creating a viewing session.

Enabling Content Encryption in Prizm Services via ServiceHost pcc.config

To enable Content Encryption follow the steps below:

1. Open the configuration file, pcc.config, for the Main Conversion Service in your favorite editor. The pcc.config file is located at: {installation directory}/Prizm/PCCIS/ServiceHost folder.
2. Find the EncryptPageContent tag and change the value to true.

Encrypted Transmission:	Copy Code
<!-- Indicates whether to encrypt pages which are sent to the client. --> <EncryptPageContent>true</EncryptPageContent>

3. Save the changes to the file. 
4. Restart the Prizm Services for the changes to take effect.
5. Continue by enabling the encryption option for the Viewer as described in the section below.

Enabling Content Encryption in Prizm Services via ViewingSession Property

1. Open the configuration file, pcc.config, for the Main Conversion Service in your favorite editor. The pcc.config file is located at: {installation directory}/Prizm/PCCIS/ServiceHost folder.
2. Find the ViewingSessionPropertyPageContentEncryption tag and change the value to any.

Encrypted Transmission	Copy Code
< ViewingSessionPropertyPageContentEncryption>any</ ViewingSessionPropertyPageContentEncryption>

3. Save the changes to the file.
4. Restart the Prizm Services for the changes to take effect.
5. Update your web-tier code to set the value of pageContentEncryption to "enabled" when creating the viewing session. The example below is for a .NET web tier:

Example	Copy Code
viewingSessionProperties.pageContentEncryption = "enabled"; .... // Serialize document properties as JSON which will go into the body of the request string requestBody = serializer.Serialize(viewingSessionProperties); requestStream.Write(requestBody);

6. Continue by enabling the encryption option for the viewer as described in the section below.

Enabling Content Encryption in the Viewer

To enable encryption in the Viewer, provide encryption option in the viewerControlOptions parameter as follows so that the client can handle encrypted data:

var viewerControlOptions = {documentIdentifier: ‘xxxx... ‘
               imageHandler:’pcc.ashx’,
               . . .
               encryption : true
             };            
$("#mydiv").pccViewer(viewerControlOptions); // returns PCCViewer.ResponsiveViewer instance with encryption enabled.

Enabling the encryption will not work without setting the configuration parameter as described above. Also, if the Prizm Services configuration setting is either not set or the Prizm Services is not restarted, the data will arrive unencrypted.

How to Start & Stop the Prizm Service

Refer to these topics for additional information:

• Windows:  Installation Guide > Starting & Stopping the Prizm Service > Windows 
• Linux:  Installation Guide > Starting & Stopping the Prizm Service > Linux  

Disabling Content Encryption in the Prizm Services

To disable Content Encryption in the Prizm Services, follow the steps below:

1. Open the configuration file, pcc.config, for the Main Conversion Service in your favorite editor. The pcc.config file is located at: {installation directory}/Prizm/PCCIS/ServiceHost folder. 
2. Find the EncryptPageContent tag and change the value to true.

Unencrypted Transmission:	Copy Code
<!-- Indicates whether to encrypt pages which are sent to the client. --> <EncryptPageContent>false</EncryptPageContent>

3. Save the changes to the file. 
4. Restart the Prizm Services for the changes to take effect.

Disabling Content Encryption in the Viewer

To disable encryption in the Viewer, use the Viewer's default behavior without providing the encryption option. By default, the Viewer sets the encryption value to 'false'. Should you wish to use the encryption in the viewerControlOptions parameter, set the encryption option to false as shown below:

var viewerControlOptions = {documentIdentifier: ‘xxxx... ‘
               imageHandler:’pcc.ashx’,
               . . .
               encryption : false
             };  

Enabling/disabling the encryption will not work without appropriately setting the Prizm Services configuration.

©2015. Accusoft Corporation. All Rights Reserved.