Document password protection is a common practice. Ordinary document protection is atomic. Once the password is known by a reader, he can open the document at any place in any time.
Document under SyncOffice password protection add an extra scheme layer of authorization. If the SyncOffice failed pass the authorization, the document cannot be opened even its password is correctly input.
Authorization can be carried out remotely by RAS/RSS, or done locally by SyncOS/SyncOffice component auditing against local copy of certificate. The latter situation normally happens when network connection is unavailable.
The authorization process even can let staff manually intervene. In this case, administrator need manually generates a real time passcode and issues it to the end-user via phone, SMS or other means.
Authorization audit covers many conditions including make-break depend on time of day window, or IP address locations.
In best practice, customer should provide his own remote authorization server (RAS) to his end-users. This is best for security. Teleon provide a simple free use utility SyncOffice Authenticator (SOA) for this purpose. Customer can run it on a Windows PC or on a smart-phone/tablet if he ordered the custom mobile edition. This simple RAS should be constantly online with a static IP address, WAN or LAN. Once the RAS set up done, all certificates under the same realm should be configured to use its IP and port within the certificate.
The authorization request from end-user device will be sent in a sequence: first to RAS, if no RAS is available then request will be sent to Teleon RSS server if use-RSS attribute is activated in the certificate. Teleon remote support service (RSS) is an auxiliary service and it's not a guaranteed service. Teleon do not suggest customer to use RSS. But customer still can select to use it as an fallback option in case of his own RAS connection is not stable.