I'm hosting multiple AR models on my website. For iOS I've got the AR models (.usdz) set up so they can be accessed directly via the browser.
One of the problems I run into is security of the AR models. I want to prevent users from being able to download them:
Is there a way to protect the files so they can be accessed in AR Quick Look, but not downloaded in any way?
Ultimately, if the users device or browser will display the models then it needs to be able to download them.
This is a similar problem to protecting online videos. In that domain the usual approach is to encrypt the video so that even if it is downloaded it cannot be used without the decryption key.
That requires a secure way to share the decryption key with the device or browser and also a secure way to play the decrypted video without the user or other apps being able to access it. The standard approach to this is to use a DRM technology, although it may be possible to create custom solutions and share the keys separately by some other communication means.
At this time, there is no DRM that supports AR models and provides a secure display environment for them, AFAIK.
You could implement a solution where you encrypt the models and decrypt them just before you display them in your web app or browser, using a configured or hardcoded key. This might be enough to deter causal piracy, which may be enough for your needs - it won't deter a determined attacker for long, unfortunately.