Webinar Part 2 - wibu-systems ag

CodeMeter 

Product Overview 

Rüdiger Kügler 

VP Sales | Security Expert 

rk@wibu.com 

Wibu-Systems 2013 

Page 1

Involved Parties: 

Vendor 

• Protects Software 

• Issues Licenses 

User 

• Uses protected and 

licensed software 



View of the User 

LICENSE ACTIVATION 



Dongle based licensing 

Vendor 

User 

Dongle with license 



Software based licensing 

Vendor 

User 

Fingerprint 

Individual License File 



Features on Demand 

Vendor 

License Request 

Same Process for CmDongle 

and CmActLicense 

User 

or 

Update File 

Update File fits only to one 

CmDongle or one CmActLicense 



Process Automation 

• User gets his ticket 

with order confirmation 

or delivery note 

• User starts activation 

client software 

• Activation takes place 

in background 

• Customer Portal Integration 

• File exchange between Embedded Device and 

Vendor’s Development Tools 



1) User gets Order Confirmation 



2) User starts Activation Client 



2) User starts Activation Client II 



2) User starts Activation Client III 



2) User starts Activation Client IV 



3) Software is activated 



View of the Vendor 

OVERVIEW 



CodeMeter for the Vendor 

Development 

Tools 

Embedded 

Device 

Software Integration 

Technology 

(CmDongle / 

CmActLicenses) 

AxProtector 

CodeMeter API 

Dongles: 

CmDongle (USB, SD, 

CF, µSD, …) 

Softlicenses: 

CodeMeter SmartBind ® 

License Models: 

Single User, Trial, 

Network, …. 

Backoffice Integration 

CodeMeter 

License Central 




CODEMETER TECHNOLOGY 



Realizing license models 

Single User License 

Text 

Floating Network Licenses 

License Quantity 

Software Renting 

Expiration Time 

License Models 

Pay-Per-Use 

Modular Licensing 

Trial Licenses 

Downgrade License 

Usage Period 

Unit Counter 

Feature Map 

Product Code 

Product Item Options 

Software Assurance 

Maintainance Period 

High Availability Licenses 

Customer Own License Information 

… 

… 



Secure license storage 

• CmActLicense 

• CodeMeter SmartBind ® 

• Dynamic fingerprint 

• Tolerance level 

• Trial license mode 

• Binding Extension 

• Individual binding to 

embedded device 

• CmDongle 

Software 

CodeMeter License Server 

CmActLicense 

CmDongle 

• Hardware with secure Smartcard chip 

• Secure license storage (no unauthorized copying) 




SOFTWARE INTEGRATION 



Integration into the Software 

• Wrapper (Automatic Protection) 

• AxProtector 

• Standard Systems: Windows 32-bit / 64-bit, Mac OS 

X, Linux, .NET Assemblies, Java J2SE, J2EE 

• Embedded Systems: VxWorks, Windows CE, 

Windows Embedded, Embedded Linux 

• CodeMeter Core API 

• Getting license information 

• Encrypting data via Secret Key in CmDongle or 

CmActLicense 

• Signature API (sign, verify) 



Application with simple API calls (.NET) 

.Net (and Java) code can be 

disassembled very easily 



Hacker removes license check 



Cracked application 

License check 

is removed 



AxProtector/IxProtector .Net 

Compiled application 

Release version 

Header 

Code 

Definition 

of licenses 

and modules 

Ax/IxProtector 

Header 

Stub Code 

(without Intellectual 

Properties) 

AxEngine 

(Security Engine) 

Encrypted Code 

(original Code with 

Intellectual Properties) 



Perfect protected Code with AxProtector 

Code is no longer 

readable 



View of the Embedded Vendor 

CODEMETER FOR EMBEDDED 



CodeMeter for Embedded 

• Similar requirements (to PC software) 

• Intellectual Property Protection 

• Software Licensing 

• Features On Demand 

• New Challenges 

• Integrity Protection of whole device 

• Access Control to Embedded Device 

• Different Environments 

• OS is under control of vendor 

• Devices with low performance / low resources 



Wibu-Systems Offerings: 

• Wrapper for Embedded Devices 

• AxProtector VxWorks, Windows CE, Windows 

Embedded, Linux Embedded, … 

• CodeMeter Compact Driver 

• Modular (CmDongle, CmActLicense, CmLan, …) 

• Works in low resource environments 

• Library or Source Driver 

• Secure Storage of keys 

• Private Keys (Authentication) 

• Secret Keys (Encryption of data / software) 



Wibu-Systems Offerings 2: 

• Signing API 

• Used for integrity check of software on embedded 

device 

• Integration into Boot Process 

• Pre-Boot Loader checks Boot Loader 

• Boot Loader checks Operating System 

• Professional Services 

• Individual concepts and implementation 



Integrity Check on Embedded Device 



Integrity Check (Protection Process) 

Original 

Software 

AxProtector 

Encrypted 

Software 

Credentials 

Encrypted 

Encryption Key 

Signature of 

hash of original 

software 

Public key and 

public certificate 

Private key and 

public certificate 

License parameters 

(FSB) 



Integrity Check (Runtime) 

Encrypted 

Software 

Credentials 

VxWorks Loader 

(with AxEngine and 

current revokation list) 

Original 

Software 

Credentials 

Root Public Key 

License with Key 

for decryption 

Watch Dog 

RAM 



AxProtector for VxWorks 

• Encrypts application 

• DKM / RTP / VIP (VxWorks Image) 

• Checks integrity of application 

• Loader is integrated into VxWorks image 

• Certificate Chain for updates of whole image / 

single applications 

• Integration into Bootloader / Bios 

• Similar technology for Embedded Linux / 

Windows Embedded / QNX 




BACK OFFICE INTEGRATION 



Online Activation Server 

Online Activation 

Server 

SKU 

License 

Vendor 

1 

2 

Ticket 

5 

4 

Ticket / 

Fingerprint 

User 

Ticket 

3 



Many Backoffice Integration options 

ERP 

C 

License Central 

Connector 

eCommerce 

(Digital River) 

CRM 

C 

User Interface 

Connector 

CRM 

(Sales Force) 

Inhouse 

Application 

C 

Business 

Logic 

Gateway 

Activation 

Wizard 

G 

Webdepot 

Browser 

Database 

Webserver 

in DMZ 



Activation Wizard 

Wibu-Systems 2013 Page 37

License Portal 



License Portal II 



License Portal Customization 



Thank you 

FOR YOUR ATTENTION

Webinar Part 2 - wibu-systems ag

Create successful ePaper yourself

Delete template?

Save as template?