Software Protection Dongles and Its Technologies

Software License Dongles or Locks are usually provided by third party suppliers who specialized on software copy protection solution. Software License Dongles or Locks are categorized under hardware based software copy protection.
By: Softkey E-Solution Sdn. Bhd.
 
 
Software Protection Dongle
Software Protection Dongle
 
Sept. 23, 2007 - PRLog -- Nowadays, it is very common when someone purchase a software application, the package come together with a small device that the user is require to attach it onto the relevant port of the computer, in order to execute the application. That small device is popularly called Software License Dongle or Software License Lock.

Software License Dongles or Locks are usually provided by third party suppliers who specialized on software copy protection solution. Software License Dongles or Locks are categorized under hardware based software copy protection. The Software License Dongles or Locks suppliers usually offer their devices together with protection methods or tools in a package in order for software developers to integrate it into their software application. After the integration, the protected application will be distributed together with the Software License Dongles or Locks.

Software License Dongles or Locks started become popular since late 90’s as computer system become more and more common. After more than 20 years of technology evolution, you will find today Software License Dongles or Locks are built with far more advanced anti-cracking technology, some are even built based on complete smart card platforms. The devices itself are in various port options, the common one are such as PCMCIA, Serial, Parallel, and USB models.

With so many competing products available in today competitive market, choosing the RIGHT product require proper evaluation and careful evaluation. Below are some of the Tips or consideration criteria of which are very crucial while making such decision:-

The Product
•Security Technology
Is the chosen product provides acceptable protection against foreseen threats, what are the core security features to prevent hackings?
•Pricing
What is the initial cost to acquire such product and how much will be the per license cost (cost of each additional Dongle)?
•Supported Platforms
What platforms or operating systems the product is supported, does it meet your targeted implementation platforms?
•User Friendliness
How easy to master the product and whether it come with adequate tools and resources to ease the implementation process?
•Flexibilities
How flexible the product can incorporate into your various licensing models such as demo version, leasing or time restricted version, multiple module licenses, pay per use license, specific customer or user license, concurrent user licenses, etc?
•Quality
How good the product quality is, what is the failure rate and whether there is any quality assurance from the provider on the product?

The Company
•Company Background
How long does the company exist in the market and what is the corporate background of the company? Does the company show it is a serious player in the industry and commitment to stay in the business?
•Pre and Pro Sales Support
How efficient their sales person attend your sales enquiry and how easy the ordering process when you make an order? Did their technical support attend your technical support request on time and how will be the warranty process if the dongle spoilt?
•References or Track Records
Who are their existing customers in your region and whether the product posted good and strong reputation in the market?
•Third Party Awards or Certifications
Does the company received any third party awards or certification as to prove their products passing any neutral certification or testing?
•Product R&D
Does the company show its commitment on continuously product R&D and improvement in order to make sure their product is always stay on the line to combat latest hacking threats?

Tips and Tricks on optimizing Software License Protection Dongle

To achieve maximum security of Software License Protection Dongle, one must first understand the core protection concept of the chosen Dongle and plan ahead on how to utilize the provided security features into their protection before actual integration. Below are some useful tips and tricks on optimizing protection in Software License Protection Dongle.

1.Combining API and Envelope
Most Software License Protection Dongle will come with API (Application protocol interface such as DLLs and Object files), where there are various libraries files provided for software vendors to include protection function calls into their source codes. Envelope is whereby the software vendor can make use of the provided shell program to encrypt their application without the need to modify their source code. The best protection will be Envelope after completed the API protection, a combination of both.

2.Updating Protection
As the best protection now might no longer secure few years later, it is very important that the software vendors will keep updating their protection more often. The best practice is to change their protection strategy for different versions or product, do not use the same strategy once for all.

3.Object vs DLL Links
In order to gain higher security, a software vendor should link their applications to the Software License Protection Dongle’s objects instead of DLLs. This is because link by objects will be compiled and integrated as part of the protected application of which will make simulating attacks more difficult.

4.Intelligent use of API Calls
A smart protection should include multiple API calls with different security function calls from various program points. Protection with more various different API calls will definitely harder to trace than protection with few almost similar API calls. Try to make your API Calls more sophisticate.

5.Dummy API Calls
One simple ways to make your protection even harder to hack is to include some dummy API Calls, i.e. some API or security checks that will not have any legitimate reaction. Such method will be able to confuse hackers who will need to spend more effort on analyzing such dummy API calls that they will never know this is not the “real” one.

6.Delay Reaction
Most software vendors practice direct reaction in their implementation should the API calls found no dongle or invalid return, thus hackers are able to back trace the security checking points and then bypassing it. To make your protection even harder to back trace, perhaps you can delay some of your reactions to confuse the hackers, means if detected no dongle or invalid return then keep a validity flag in your program then at later program point only suspend the program.

7.Manipulate Functionalities
Many software vendors include standard response such as displaying error message and suspending program should there is no dongle found or invalid return. Another better ways to make hacking harder is to alter the program functionalities should the dongle not found, such as disable printing report features until a valid dongle is attached. Hacker might not realize there is security check point that restricted the program functionalities.

8.Authenticate instead of compare
Direct comparing value is just too easy to understand, should the dongle product chosen provide possible features to allow software vendors to perform certain authentication such as Checksum after performing predefine security algorithms, use it. Some dongle products provide more advanced security features such as onboard encryption, seed code or random code generation, onboard security algorithms, of which it will maximize protection if we utilize it in the right manner.

To know more about software protection, software licensing protection, software dongle, please visit http://www.rockey.com.my

# # #

Softkey specialized on providing digital security devices and solutions since 1998. Successful business alliances with our foreign technology partners together with our established business networking,  Softkey is proudly to be the leading digital security provider in this region. Our business focus on providing digital security devices to our solution partners together with the device last mile integration.

Website: www.rockey.com.my
End



Like PRLog?
9K2K1K
Click to Share