Webinar Part 2 - wibu-systems ag
Webinar Part 2 - wibu-systems ag
Webinar Part 2 - wibu-systems ag
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CodeMeter<br />
Product Overview<br />
Rüdiger Kügler<br />
VP Sales | Security Expert<br />
rk@<strong>wibu</strong>.com<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 1
Involved <strong>Part</strong>ies:<br />
Vendor<br />
• Protects Software<br />
• Issues Licenses<br />
User<br />
• Uses protected and<br />
licensed software<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 2
View of the User<br />
LICENSE ACTIVATION<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 3
Dongle based licensing<br />
Vendor<br />
User<br />
Dongle with license<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 4
Software based licensing<br />
Vendor<br />
User<br />
Fingerprint<br />
Individual License File<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 5
Features on Demand<br />
Vendor<br />
License Request<br />
Same Process for CmDongle<br />
and CmActLicense<br />
User<br />
or<br />
Update File<br />
Update File fits only to one<br />
CmDongle or one CmActLicense<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 6
Process Automation<br />
• User gets his ticket<br />
with order confirmation<br />
or delivery note<br />
• User starts activation<br />
client software<br />
• Activation takes place<br />
in background<br />
• Customer Portal Integration<br />
• File exchange between Embedded Device and<br />
Vendor’s Development Tools<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 7
1) User gets Order Confirmation<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 8
2) User starts Activation Client<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 9
2) User starts Activation Client II<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 10
2) User starts Activation Client III<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 11
2) User starts Activation Client IV<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 12
3) Software is activated<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 13
View of the Vendor<br />
OVERVIEW<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 14
CodeMeter for the Vendor<br />
Development<br />
Tools<br />
Embedded<br />
Device<br />
Software Integration<br />
Technology<br />
(CmDongle /<br />
CmActLicenses)<br />
AxProtector<br />
CodeMeter API<br />
Dongles:<br />
CmDongle (USB, SD,<br />
CF, µSD, …)<br />
Softlicenses:<br />
CodeMeter SmartBind ®<br />
License Models:<br />
Single User, Trial,<br />
Network, ….<br />
Backoffice Integration<br />
CodeMeter<br />
License Central<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 15
View of the Vendor<br />
CODEMETER TECHNOLOGY<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 16
Realizing license models<br />
Single User License<br />
Text<br />
Floating Network Licenses<br />
License Quantity<br />
Software Renting<br />
Expiration Time<br />
License Models<br />
Pay-Per-Use<br />
Modular Licensing<br />
Trial Licenses<br />
Downgrade License<br />
Us<strong>ag</strong>e Period<br />
Unit Counter<br />
Feature Map<br />
Product Code<br />
Product Item Options<br />
Software Assurance<br />
Maintainance Period<br />
High Availability Licenses<br />
Customer Own License Information<br />
…<br />
…<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 17
Secure license stor<strong>ag</strong>e<br />
• CmActLicense<br />
• CodeMeter SmartBind ®<br />
• Dynamic fingerprint<br />
• Tolerance level<br />
• Trial license mode<br />
• Binding Extension<br />
• Individual binding to<br />
embedded device<br />
• CmDongle<br />
Software<br />
CodeMeter License Server<br />
CmActLicense<br />
CmDongle<br />
• Hardware with secure Smartcard chip<br />
• Secure license stor<strong>ag</strong>e (no unauthorized copying)<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 18
View of the Vendor<br />
SOFTWARE INTEGRATION<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 19
Integration into the Software<br />
• Wrapper (Automatic Protection)<br />
• AxProtector<br />
• Standard Systems: Windows 32-bit / 64-bit, Mac OS<br />
X, Linux, .NET Assemblies, Java J2SE, J2EE<br />
• Embedded Systems: VxWorks, Windows CE,<br />
Windows Embedded, Embedded Linux<br />
• CodeMeter Core API<br />
• Getting license information<br />
• Encrypting data via Secret Key in CmDongle or<br />
CmActLicense<br />
• Signature API (sign, verify)<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 20
Application with simple API calls (.NET)<br />
.Net (and Java) code can be<br />
disassembled very easily<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 21
Hacker removes license check<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 22
Cracked application<br />
License check<br />
is removed<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 23
AxProtector/IxProtector .Net<br />
Compiled application<br />
Release version<br />
Header<br />
Code<br />
Definition<br />
of licenses<br />
and modules<br />
Ax/IxProtector<br />
Header<br />
Stub Code<br />
(without Intellectual<br />
Properties)<br />
AxEngine<br />
(Security Engine)<br />
Encrypted Code<br />
(original Code with<br />
Intellectual Properties)<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 24
Perfect protected Code with AxProtector<br />
Code is no longer<br />
readable<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 25
View of the Embedded Vendor<br />
CODEMETER FOR EMBEDDED<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 26
CodeMeter for Embedded<br />
• Similar requirements (to PC software)<br />
• Intellectual Property Protection<br />
• Software Licensing<br />
• Features On Demand<br />
• New Challenges<br />
• Integrity Protection of whole device<br />
• Access Control to Embedded Device<br />
• Different Environments<br />
• OS is under control of vendor<br />
• Devices with low performance / low resources<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 27
Wibu-Systems Offerings:<br />
• Wrapper for Embedded Devices<br />
• AxProtector VxWorks, Windows CE, Windows<br />
Embedded, Linux Embedded, …<br />
• CodeMeter Compact Driver<br />
• Modular (CmDongle, CmActLicense, CmLan, …)<br />
• Works in low resource environments<br />
• Library or Source Driver<br />
• Secure Stor<strong>ag</strong>e of keys<br />
• Private Keys (Authentication)<br />
• Secret Keys (Encryption of data / software)<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 28
Wibu-Systems Offerings 2:<br />
• Signing API<br />
• Used for integrity check of software on embedded<br />
device<br />
• Integration into Boot Process<br />
• Pre-Boot Loader checks Boot Loader<br />
• Boot Loader checks Operating System<br />
• Professional Services<br />
• Individual concepts and implementation<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 29
Integrity Check on Embedded Device<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 30
Integrity Check (Protection Process)<br />
Original<br />
Software<br />
AxProtector<br />
Encrypted<br />
Software<br />
Credentials<br />
Encrypted<br />
Encryption Key<br />
Signature of<br />
hash of original<br />
software<br />
Public key and<br />
public certificate<br />
Private key and<br />
public certificate<br />
License parameters<br />
(FSB)<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 31
Integrity Check (Runtime)<br />
Encrypted<br />
Software<br />
Credentials<br />
VxWorks Loader<br />
(with AxEngine and<br />
current revokation list)<br />
Original<br />
Software<br />
Credentials<br />
Root Public Key<br />
License with Key<br />
for decryption<br />
Watch Dog<br />
RAM<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 32
AxProtector for VxWorks<br />
• Encrypts application<br />
• DKM / RTP / VIP (VxWorks Im<strong>ag</strong>e)<br />
• Checks integrity of application<br />
• Loader is integrated into VxWorks im<strong>ag</strong>e<br />
• Certificate Chain for updates of whole im<strong>ag</strong>e /<br />
single applications<br />
• Integration into Bootloader / Bios<br />
• Similar technology for Embedded Linux /<br />
Windows Embedded / QNX<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 33
View of the Vendor<br />
BACK OFFICE INTEGRATION<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 34
Online Activation Server<br />
Online Activation<br />
Server<br />
SKU<br />
License<br />
Vendor<br />
1<br />
2<br />
Ticket<br />
5<br />
4<br />
Ticket /<br />
Fingerprint<br />
User<br />
Ticket<br />
3<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 35
Many Backoffice Integration options<br />
ERP<br />
C<br />
License Central<br />
Connector<br />
eCommerce<br />
(Digital River)<br />
CRM<br />
C<br />
User Interface<br />
Connector<br />
CRM<br />
(Sales Force)<br />
Inhouse<br />
Application<br />
C<br />
Business<br />
Logic<br />
Gateway<br />
Activation<br />
Wizard<br />
G<br />
Webdepot<br />
Browser<br />
Database<br />
Webserver<br />
in DMZ<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 36
Activation Wizard<br />
Wibu-Systems 2013 P<strong>ag</strong>e 37
License Portal<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 38
License Portal II<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 39
License Portal Customization<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 40
Thank you<br />
FOR YOUR ATTENTION<br />
Wibu-Systems 2013<br />
P<strong>ag</strong>e 41