Do authcodes expire or do documents expire?

Both authorization codes (authcodes) and documents can have expiry dates, so there is potential for a confusion between documents expiry and code expiry. In the past authcodes never expired (i.e. have no expiry date) and some publishers worried that there were codes floating around that could still be used when they did not want this… so in 2015 we added a field to our Authcodes table in the database that provides an expiry date for unused codes which is 3 years from when they were created (e.g., 3 years from 20th Dec 2015). If a code from those generated has not been used after 3 years then when someone tries to use it they will find it will fail. However, as it is a field in the database, we can amend this for a publisher if they wish, and make the date expiry much later (or even sooner if required). Essentially this is a facility that some publishers felt in was important for them, which is why it was introduced.

Authcode expiry is completely separate from document expiry, which is set using Drumlin and the details of which are stored within the encrypted document (drmx or drmz file header block). If you set an expires after 365 days the file will say to the user that the file has expired 365 days after they have first authorized it. Because this is a counter variable with count of 365, if the file is then re-authorized the count will be reset to 365 again, so another year of usage would be permitted, otherwise the file will expire at that point. The count information is stored with the device, so in the case of a PC the count is stored in the registry and checked and if required amended each time the file is opened.