KEY - WIBU-Systems AG
Transcription
KEY - WIBU-Systems AG
No.10 | Fall 2005 KEY n n o o t t e e W I B U - M a g a z i n e CodeMeter is the most innovative software protection technology available today. You don’t need a detailed lab study to understand CodeMeter’s unique features. Compare and check for yourself: A Good Move for Security. Absolute Highest Security p Private Key or Secret Key chosen by vendor p Encrypted communication and latest and strongest algorithms p Locking of the hardware when crack attemps occur p Public Hacker’s Contests Incredible Flexibility p More than 1000 licenses can be stored in one CM-Stick, even from different vendors p Works for low cost products, too, excellent alternative to software-based activation schemes p All license options coexistent in one CM-Stick p One CM-Stick for single stations and network systems Actual User Benefits p The CM-Stick/M is the first, up to now unique and smallest dongle worldwide with up to 2 GByte Flash Disk built in p No special drivers required, no installation, no administrative rights and very simple usage Utmost Reliability p WIBU-SYSTEMS is certified according to ISO 9001:2000 p CM-Stick/M USB listed, UL and VDE listed, conforms with CE, FCC, VCCI und RoHS regulations Activation with CodeMeter p For vendors: better protection security level and highly secure user registration p For users: mobility of licenses and license backup included CONTENT These are only a few, brief hard facts. Learn more about the advantages of CodeMeter based activation from page 2. Page 2/3 Activation with CodeMeter Page 4/5 News | What’s new? Page 7 IxProtector | Future of software protection Page 8/9 AxProtector.Net | Secure protection for .NET applications Page 10/11 CM-FAS | Re-programming from a distance Page 12 Huge-Licence-Management in a Box Page 14/15 xCOMPOSER.office | Setting multimedia wave rolling KEY t E R n D I o T O knowhow e I A Activation with CodeMeter L What is software activation? Dear Customers and Partners, p No cost for dongles. But there are “hidden costs” for the activation process development and installation as well as manual activations through technical support. Software activation is a method for software license management in which the user installs the software by entering a serial number. This serial number plus some hardware attributes are used to calculate an “ID” in the application. Disadvantages of software based software activation This “ID” is sent to the software vendor. In the next step, the vendor generates a corresponding activation code and returns it to the user. This code enables the user to use this software on exactly this PC that it has been generated for. The PC hardware is more or less used like a simple dongle. is our new company slogan. We know that one hundred percent completely perfect solutions are impossible. That said, our slogan expresses our goal to offer you extraordinary solutions that are as close to perfection as is possible. This means extraordinary security, ease of use, flexibility, reliability and new business opportunities with new license models and sales models. Furthermore, our award-winning solutions offer unique benefits for your customers and will guarantee customer satisfaction. p The license is bound to a specific PC. The user cannot transfer the license easily. He needs a new activation code from the vendor in case of a PC defect or when he replaces his aging PC with a new faster one. This needs manual support from the vendor. Today, software is often used longer than the PC’s lifetime. So this inconvenient situation happens quite often. Normally this process is handled over the Internet, fully automated on the vendor site. In case of any problems and for activation on PCs not connected directly on the Internet, telephone or email support is necessary. This makes it inconvenient for users and vendors alike. Security leaks p Key Generators are offered all over the Internet. They are used to generate the necessary activation code at the user site without using the official activation process. Many vendors claim that it is very difficult to offer a key generator if the algorithm is complex enough. This is simply not true, because it is easy for experienced crackers to extract the algorithm from the protected application. p The registration allows the vendor to collect the user data. This is valuable for marketing purposes, update or upgrade information and information about new products. This makes sense and is a benefit for vendors and users. Figure 1: Structur of software activation Lic en sor Please visit us at one of the trade shows or conferences this fall, at one of our Software Protection Days or simply call us and tell us your requirements. We will answer immediately with solutions designed for you. Cu sto me r So ftw ne ge are es t ra ln de co ria Se ion at tiv Ac Sincerely yours Oliver Winzenried be um r Ha ID e- r wa rd ies rif ve 2 p Patching the application. Normally, only a few bytes need to be patched: the code where the application checks to see if the activation has been done successfully. Patch tools on the Internet make it easy even for inexperienced users to apply a patch and bypass the activation process. This begs the question, is it possible to improve this activation process with simple, cheap dongles? To be honest, it is not! Simple dongles still allow the following attacks: Different attack schemes: Advantages of software based software activation p Simulation of the PC hardware: The easiest way is to install a virtual machine, like VM-Ware. Then install and activate the software here and duplicate the virtual machine. On any number of PCs, one activation is all that is required! p Record the dongle’s communications with the application and simulate it. p Simulate the dongle’s device driver or dynamic link library (DLL): Normally, dongle hardware is accessed using specific device drivers which can be simulated. Further, a DLL is mostly used as an interface between the protected application and the device driver. p Patching the application: This might be more complicated than in the case of software based activation. But even this is relatively easy and experiences hackers can be quickly successful with simple dongles or in case of poor security integration into the application’s code. Software activation using CodeMeter: How does it work? CodeMeter offers protection of applications with a very high security level and a registration using secure authentication with public key schemes from the vendor to the CM-Stick connected at the users computer. The steps necessary from the software installation, registration, activation and offline use are shown below: 1. Connect the CM-Stick on the user’s PC. A CM-Stick may already be available at the user’s side, supplied by a vendor or bought directly by the user in a retail store. 4. Encrypted backup of the licenses at the user’s side are automatically stored on the user’s hard disk and safeguard the user in case of CM-Stick loss or defect. 2. To activate the software, the installer is started and the unique serial number is entered. This serial number will be checked over the Internet, if previously used for registration. If it is new, the user enters his registration data and the CM-Stick will be registered. This is secured by public key encryption using Elliptic Curve Cryptography. 6. Transfer of licenses from one CM-Stick into another one is possible. It requires an online connection to the vendor. These steps can be done completely automatically. The new user is registered immediately. The CM-Stick can not be simulated or emulated by another hardware device or software process. In the last step, the license for the product is stored in the CM-Stick. The CM-Stick can store thousands of licenses even from different vendors, so that one CM-Stick at the client side is enough. 3. The application software itself is partially encrypted. During runtime, it is decrypted on the fly if the corresponding license is available in the CM-Stick. The communication between the CMStick and the protected application is also encrypted and the application is further protected by integrity checks, anti-debugging schemes and code obfuscation. Cracking is not impossible but it’s a very difficult and time consuming task even for specialists with good knowledge and good tools. A simple byte patch would simply not work. 5. Secure return of software licenses. In summary: Software-only based software activation schemes do not offer reasonable options for license backups and license transfers, nor do they offer good security for vendors. In addition, they do not offer any real mobility for the user. CodeMeter offers a “Win-Win-Solution“ for vendors and users. The user benefits from additional personal security functions and may buy the CM-Stick himself. In this way, the vendor costs are not any higher than with software-only based activation schemes, and the benefits are much higher. Application Static Library Dynamic Library Device Driver Advantages of software activation with CodeMeter 1. Due to a highly secure protection, use of the application without registration is more or less impossible. 2. The registration process is absolutely secure by using public key cryptography from the vendor to the user’s CM-Stick Dongle Figure 2: Structure of communication with the dongle 3. License mobility for the user. The user can install the application on multiple PCs for his convenience, but he can only use it on the PC that has the CM-Stick with the corresponding license connected. No.10 | Fall 2005 3 KEY n o t news e News | What’s new? The autumn of 2005 brings a lot of new features for WIBU-KEY and CodeMeter. You can read all about the improvements big and small in the following article. WIBU-KEY goes 64 Moving with the current trend to 64 bit high-end applications and systems, especially in the field of CAD, WIBU-KEY components for Windows XP x64 Edition for the EM64T/AMD64 and IA64 platforms are available now. Components for different Linux variants (SuSE, Debian, …) will follow in the next steps. The good news is that the 32 bit version can be used on 64 bit operating systems with no limitations. As before, there’s an installer for 64 bit environments that installs all WIBU-KEY components, including multilingual support, in an easy and secure way. An installer speaks a lot of languages The variety of WIBU-KEY runtime installers was simplified to one common version a short time ago. Now this modification makes its way to the Development Kit installer, too. In the past there was a separate version for the English and German languages, but now there’s only one version that covers both. This affects not only the WIBU-KEY components, but also the interface of the installer as well. The language used for the installation is determined by the language used by the operating system. If the current OS language is not supported by the installer, the English language will be used by default. Uniform tools For Windows, in addition to the driver there is also a corresponding control panel applet, as well as updated header files and libraries for the Classic API, an updated Java library and an updated COM control available. All components provide the same features as the current 32 bit product including all API functions, support for all WIBU-BOX variants and subsystems (local and WkLAN). The one exception is the WIBU-KEY server process, which is still available in 32 bit only. 4 WIBU-KEY is being used by more and more Linux and Mac OS developers, and often in environment in which there are not also Windows computers handy. In order to best support our customers in these environments, the WIBU-KEY developer tools are now available for all supported platforms. We use the Qt programming environment from Trolltech to achieve a uniform look-and-feel across all platforms. Existing WibuKey.TextData WibuKey.WkNetEncryptSequence WibuKey.StockData WibuKey.ExtendedMemory.Signature WibuKey.BoxEntry.Signature WibuKey.AddedEntry.Signature WibuKey.Encryption.IndirectInitData WibuKey.RemoteProgramming.OriginalContext Data WibuKey.RemoteProgramming.UpdateData WibuKey.RemoteProgramming.ContextData Stable, more stable, the most stable The WIBU-KEY server process has always been one of the most stable network licensing solutions in the copy protection industry, but we were able to improve it again! Small modifications with a big effect improve the performance and qualify the process to be a reliable solution for systems with highest demands for continuous availability. WIBU-KEY COM Control (ActiveX) – New features Visual Basic and similar programming languages offer a lot of advantages. But some peculiarities are hard to deal with and it is sometimes difficult to use every desired feature of a component or programming technique. The same goes for the WIBU-KEY COM control with regard to UNICODE, too. The WIBU-KEY COM control uses string values for some properties. With other programming languages or with projects that are running on operating systems using a non-UNICODE language, that’s no problem. But with UNICODE languages the internal transformation and use of UNICODE strings, like what happens with Visual Basic, the output data will be modified. That means that every correct character is followed by a blank character. These new methods were implemented as modified copies of existing ones. These new functions use arrays of byte instead of strings. The following methods are new: New Additions WibuKey.ByteArrayData WibuKey.WkNetEncryptSequenceByteArray WibuKey.StockDataByteArray WibuKey.ExtendedMemory.SignatureByteArray WibuKey.BoxEntry.SignatureByteArray WibuKey.AddedEntry.SignatureByteArray WibuKey.Encryption.IndirectInitDataByteArray WibuKey.RemoteProgramming.OriginalContextDataData ByteArray WibuKey.RemoteProgramming.UpdateDataByteArray WibuKey.RemoteProgramming.ContextDataByteArray The functionality of these new methods is same as the previous string-based versions. The Password Manager Last but not least, here are a few words about a small but useful application that comes with the CodeMeter package for free: The CodeMeter Password Manager. Extended automatic protection The new automatic encryption tool AxProtector has replaced the traditional automatic encryption tool, WkCrypt. Automatic encryption has always provided an easy and secure way to protect software against illegal copying, and now with AxProtector the security has been enhanced even further. The biggest historical limitation with WkCrypt was the fact that it only worked on Windows. This useful tool was enhanced, too. It now has the capability to learn Web forms and multiple fields in addition to the specific password field. Daemon on Linux Just like the CodeMeter context menu on Windows all important functions can be accessed at this graphical interface including the status message window and the WebAdmin app to manage the CodeMeter settings. This platform limitiation will soon be over, the next version of AxProtector supports Mac OS X applications. AxProtector on Mac OS X supports all of the features such as auto runtime check and network licensing. No go! – Blacklist The development of 64 bit WIBU-KEY components on Windows will also bring automatic protection of 64 bit applications to Windows. Your CM-Stick is lost or damaged? Don’t panic! CodeMeter provides a reliable architecture to avoid the use of lost licenses. The latest version of the AxProtector can protect .NET applications as well. Every CM-Stick can be listed on a central blacklist by WIBU-SYSTEMS that can be replicated on all installed CM time servers worldwide if the CM-Stick is marked as stolen or damaged. Automatic protection of Linux applications is scheduled to be released mid-2006. New options of the AxProtector include advances protection technologies against debugging with the possiblity of blocking the CM-Stick when crack attempts occur. CodeMeter flexibility Our newest product CodeMeter has been enhanced with a variety of new features and improvements. Here are the highlights: A daemon for (almost) all cases The current release of the CodeMeter Runtime on Mac OS X and Linux is implemented as a daemon that runs in the background, without the need for a logged-in user to start or stop it. The daemon is managed by a graphical interface that is implemented on both operating systems with the same look and feel. If a CodeMeter-protected application tries to get a time certificate or if the holder of the missing or stolen CM-Stick updates the certified time, the CM timeserver compares the serial number of the CMStick with its blacklist and locks the CMStick permanently if it’s on the list. SOFTWARE-PROTECTION-DAYS November November 3, 2005 November 8, 2005 Germany November 9, 2005 November 10, 2005 Schedule: 1 p.m. – 5 dinner Leipzig, Germany Düsseldorf, Karlsruhe, Germany München, Germany p.m., followed by a Experience your chances with new software protection solutions. This workshop shows how you can bundle high secure protection, new license and sales schemes plus user benefits. Register now on www.wibu.com The number of participants is limited. All licenses are locked out and worthless. CodeMeter: Not a cold coffee! Another important improvement in the range of programming languages is the new Java API, which is now available cross-platform. A detailed online help file and sample applications exist to assist the developer. If you are looking for a specific sample implementation, please let us know. No.10 |Fall 2005 5 product e SmartShelter supports native PDF A version for the free Acrobat Reader will soon be available. However the current limitation is margina, because the target group for highquality protected documents often uses the complete Adobe Acrobat environment. The second method to protect PDF files consists of a plug-in for the Acrobat environment. This plug-in is to be installed in Acrobat and can be used like any other plug-in in Acrobat. p Service manuals in the automotive industry p Market surveys p Training material p E-books, magazines, subscriptions... With automatic protection it is possible to integrate strong anti debugging and protection measures with very limited effort. Automatic protection methods can not take the structure of the application itself into account. Using IxProtector, this integration is usable for WIBU-KEY as well as for CodeMeter and is significantly simplified and unified. This structure makes it possible to create a simple specification by encrypting several ranges with the same area. But it is also possible to specify complex scenarios where different program modules are licensed differently and thus enforce complex licensing schemes using encryption (see figure 2). At the same time the efficiency of the mechanism has also been increased. On the other hand, ensuring that the complete application will never reside totally unencrypted in memory requires detailed knowledge of structure and execution paths. Having part of the software encrypted in memory all the time is one of the most essential prerequisites of achieving the very highest security levels. The IxEngine inserts the correct encryption and decryption calls into the completely assembled application. This procedure is shown in figure 1. Address Lenght Range Product Code Unit Counter Delta Range Area CodeMeter FC/PC Range Area Engine U ru npr co nn ote de ing ct ed Fig. 2: Structur of IxEncryption U ru npr co nni ote de ng ct e d The WIBU-KEY or CodeMeter protection hardware is used to generate the encryption key, so that there is no access to the protected document without the hardware. P ru rote co nn cte de ing d Co & mp Lin ile k C So /C+ ur + ce IX ta AP bl es Just select the security system ‘WIBU CodeMeter Security’ or ‘WIBU WIBU-KEY Security’; the plug-in is completely embedded in the Adobe security handler and provides a full and secure alternative to the standard Acrobat security schemes. 6 The description of the encrypted ranges is done in a structured way. Using different abstraction layers it is specified what is to be encrypted (range) and how it is to be encrypted (area). To integrate the IxProtector into an application, a structure describing which ranges of the application are to be encrypted with which parameters has to be specified. It must also be specified when the ranges have to be decrypted or subsequently encrypted. After the installation, the plug-in can be found in the document properties in the ‘Security’ section. The plug-in currently supports the CodeMeter hardware platform and will be extended to include WIBU-KEY support soon. Integration of encrypted code into an application has been standard procedure with WIBU products for several years. AXAN set forth a standard that has rarely been reached up to now. or A modification of the Acrobat interface with version 7.x temporarily prevented the use this method. An update to Acrobat 7.0.2 and the use of the current release of SmartShelter solves this problem. Due to legal license reasons the use of the plug-in currently is limited to the professional Adobe Acrobat environment. SmartShelter protects documents that have one publisher and many readers, for example: While AxProtector raises the bar for automatic protection of software, the aim of IxProtector is the individual protection of software with source level integration. This kind of protection is useful to satisfy very high protection requirements. r Older versions already provided the possibility to protect PDF by embedding the documents in HTML pages, which are used as a kind of start-up page for the document, which is encrypted in the SmartShelter binary and loads the encrypted PDF file. A check of an existing Limit Counter or an Expiration or Activation date (CodeMeter) as well as the use of WIBU-KEY or CodeMeter in the network can be specified here, too. Why document protection? to The current version of SmartShelter supports two different ways to protect documents in the Acrobat PDF format. The necessary parameters like Firm and User/Product Code can be specified in the input mask. ot ec t The new SmartShelter version now supports the protection of native PDF documents as well as PDF embedded in HTML. IxProtector: Future of software protection Pr t Ix o Ix En cr yp n Ix En gi ne KEY At the same time with the decryption and re-encryption of the code, additional security mechanisms are introduced so that the protection mechanisms can not be circumvented by eavesdropping on the communication and replaying the content at a later time. To achieve this unprecedented level of security, probabilistic encryption and decryption requests are sent to the hardware during runtime. Because of the constant change of these requests and subsequent checking of the answers, replay attacks are rendered unfeasible. Fig. 1: Structur of IxProtection SmartShelter plug-in for Adobe Acrobat No.10 |Fall 2005 7 KEY n o t knowhow e AxProtector.Net | Secure protection for .NET applications WIBU & Intel Macs WIBU-SYSTEMS AG has been developing an extension to its software forIntel-based Macintosh computers. The latest WIBU-KEY driver – version 5.00a – can already be used for local key access. Network support and CodeMeter support have to be finalized, which will happen before the release of the new Mac hardware. Along with this new Intel Mac support, the next software version will require Mac OS X version 10.3 (Panther) or 10.4 (Tiger) The next generation of automatic application protection, AxProtector, is available now. A new preview release is out that also protects and obfuscates .NET applications. There’s a preview release of the AxProtector for .NET available now, and the next release of CodeMeter and WIBU-KEY will provide a version that supports all features. In addition to the pure protection of non-authorized applications, the protection of knowledge such as programming know-how or special techniques is another aim of copy protection. The AxProtector.NET protects console as well as GUI applications by a complex mechanism with varying encryption of the executable code (EXE and DLL), which is partly decrypted directly before it is used. It’s hard to re-engineer ‘normal’ executable code and to re-write it to a readable source code, but with .NET this no problem due to the intermediate MSIL code. It doesn’t matter which programming language originally was used to develop the application. A lot of tools can be found on the Internet that can re-engineer back to any other .NET language. The AxProtector for .NET can prevent this re-engineering. The MSIL code is encrypted, which avoids disassembling of the code. While there are a lot of tools on the market that provide some sort of source code obfuscation, these systems can’t compete with the various techniques that can be used with CodeMeter and WIBU-KEY, such as implementation of pay-per-use models and modular protection. Both product lines, WIBU-KEY CodeMeter, are supported. and Of course there will be support for all features of these product lines, like network access and customized message dialogs. A small sample demonstrates what’s possible up to now. The real proof of performance and security can be understood only if you try it out yourself. Now for a sample: The popular sample ‘Hello World!’ is our target. Here we used it implemented in C#. class MyTest { public void Verify() { } } // MyTest Now the program will be compiled in the command line: D:\TEST>csc hello.cs Microsoft (R) Visual C# .NET Compiler version 7.10.6001.4 for Microsoft (R) .NET Framework version 1.1.4322 Copyright (C) Microsoft Corporation 2001-2002. All rights reserved. But if the entry or the whole CM-Stick is missing, the following message will be displayed: The result is a file of 3,072 bytes, which now will be protected by AxProtector.NET (axpnet.exe): D:\TEST>axpnet /f10 /p100 /o:protected.exe hello.exe axpnet - Automatic Protection of Microsoft .NET executables. Version 1.00 of 2005-Aug-14 (Build 1) for Win32. Copyright (C) 2005 by WIBU-SYSTEMS AG. All rights reserved. ---- hello.exe ---------------------------------------------------------------Used Firm Code = 10, used Product Code = 100. D:\TEST\protected.exe created: 18448 bytes written. ------------------------------------------------------------------------------1 file converted. The result of the protection with its 19,472 bytes is bigger than the original due to the added protection engine, but it still can used on all .NET frameworks (32/64 bit, compact framework), provided that the framework is supported by CodeMeter (32 bit only at the moment). We hope that we were able to arouse your curiosity with this short preview. News about the AxProtector.NET tool can be found in our publications or on our website. www.wibu.com If a properly configured CM-Stick is connected (Firm Code 10 / Product Code 100), the small program can be started. D:\TEST>protected Hello WIBU-SYSTEMS protected World. Enter a character to continue: WIBU-SYSTEMS as a sponsor WIBU-SYSTEMS sponsors the youth soccer (age-group 1991/1992) of the soccer club FTSV-Kuchen, Germany. class Hello { public static void Main() { Console.WriteLine("Hello WIBU-SYSTEMS protected World."); // wait for next entered character Console.Write("Enter a character to continue: "); Console.Read(); Console.WriteLine(); } } // Hello 8 No.10 |Fall 2005 9 KEY n o t product e C M - FA S | R e - p ro g r a m m i n g f ro m a d i s t a n c e Beginning with version 2.11, CodeMeter now supports file-based Remote Programming, called CM-Field Activation Service or CM-FAS. The file-based re-programming of copy protection hardware was traditionally a unique feature of WIBU-KEY, but now CodeMeter also provides a file-based solution – in addition to the CodeMeter protocol CM-Talk – the CodeMeter Field Activation Service (CM-FAS). The functionality is comparable with WIBU-KEY: there is an interactive method as well as the ability to execute the Remote Programming process through API functions. Let’s start with the creation of the context information. The Remote Context file contains necessary information about the connected CM-Stick. To create this file on Windows, select the Explorer context menu option “New/WIBU Control File” using the right mouse button. Because the Explorer extension behind this option also supports WIBU-KEY and the WKCRYPT tool, different options will be available. At the moment we are interested in the “CM-Stick Remote Programming Context File” option. Now a selection of Firm Codes that are programmed in the CM-Stick is displayed. Either all or individual Firm Codes can selected, which will be written to the context file. If there are a lot of Firm Codes and /or licenses in the CM-Stick it’s useful to select only the specific Firm Code that is to be modified in order to keep the file size to a minimum. If you want to program a new Firm Code into the CM-Stick via Remote Programming, the new value can be specified in the following dialog. d:\codemeter>CmBoxPgm /ra:MyCmStick.WibuCmRaC /f10 /p14 /ca Update successfully executed Started at 2005-09-12 12:59:52 CmBoxPgm has Version 2.10.0.500 *** Read Remote Activation Context data *** Add Product Item, CM-Stick 11035197, FC=10, PC=14 *** Write Remote Activation Update data, CM-Stick 1-1035197, FC=10 CmBoxPgm finished at 2005-09-12 12:59:52 This sample adds the new Product Code 14 to the existing Firm Item 10. The programming is re-directed to the Remote Update file (Remote Activation data) which can be seen in the output of CmBoxPgm. Firm Code list After pressing the “OK” button the context file will be created in the specified directory. The last function can be used to display the serial number of the expected CMStick, in order to avoid mistakes if the end user owns more than one. To create the update information the command line tool CmBoxPgm.exe is used. Just like the corresponding WIBUKEY tool, WKCRYPT, there’s a similar parameter list: Please note that there must be a Firm Security BOX (FSB) even if you just program the evaluation Firm Code 10! Now the resulting Remote Update file must be transferred to the end user. The end user executes the update by doubleclicking on the update file. Once applied, he or she can use the new license or the new credits. In addition to the above mentioned interactive method, there are also some API functions to implement the CodeMeter Remote Programming directly into your own application. Context File was created Extension of the context menu Graphical front-ends for Linux and Mac OS will follow soon. Keep your eye for the announcements on our website. License Request RU LR User Remote Update File So it’s possible to build license management features directly into the protected application so that the user never has to leave the application environment. The following API functions are available on Windows, Linux and Mac OS: RU CodeMeter FSB CodeMeter Hardware CmGetRemoteContext() Stores the context information in an encrypted and compressed file CmSetRemoteUpdate() Programs the CM-Stick according to the information stored in the update file CmListRemoteUpdate() Lists the serial numbers of all CM-Sticks stored in the Remote Update file Context menu entry of the Explorer Licensor D AT E O F FA I R S October ISDEF 13. - 16. October 2005 Moscow www.isdef.org SYSTEMS 24. - 28. October 2005 Munich B2.2 www.systems-world.de November ESWC 5. - 6. November 2005 Brüssel www.euroconference.info 10 No.10 |Fall 2005 11 KEY n o t knowhow e Huge-Licence-Management in a Box WIBU-BOXes with additional memory not only can be used for storing extensive data, but also for the convenient use of Huge License Management. Only a few steps are necessary to realize a network-based license management solution for your software with one WIBUBOX. This can be done either by the simple model using two entries per license in the WIBU-BOX or by the Huge License Management (HLM), which is essentially simpler and more flexible. HLM manages the licenses in an encrypted binary file that is updated by the WIBU-KEY server process. The encrypted HLM file normally is installed with the WIBU-KEY components and must be introduced to the WIBU-KEY server process by a registry entry. If a WIBU-BOX with extended memory is used, the HLM binary file can be copied directly into this memory, so it can be transported and installed easily. The WIBU-KEY server process reads this information at its start-up and provides all enabled licenses in the network. The WIBU-BOX entries With HLM the first entry in the WIBU-BOX must have a User Code that is higher than 15728640 (0xf00000). The second entry controls the enabling of the HLM licenses. It is realized by a Master entry whose User Code mask is combined using a binary AND combination with the User Code of the protected application. In following sample we’ll use the evaluation Firm Code 10 and the User Code 15728640 for the first entry and a Master Entry of 10:10 for the second: wkcrypt /pau /pi /f10 /u15728640 /pn Because the HLM information only can be programmed with the WKCRYPT command line tool, we will program the entries for this sample using the command line, too. So the programming of the WIBU-BOX – in this example we are using a WIBUBOX/U+ – and the creation of the HLM information is done in one command line. Now a part of the unprotected, extended memory must be formatted for HLM: wkcrypt /pau /pxmf:w30 This command line formats 30 pages of the memory. Now the various licenses must be created and transferred to the memory. Three licenses are defined: 1. Main program: Firm Code = User Code= Number of licenses = 10 2 1 2. ModulA Firm Code = User Code= Number of licenses = 10 4 5 3. ModulB Firm Code = User Code= Number of licenses = 10 8 10 wkcrypt /pau /net /f10 /u15728640 /n:"MemoryHLM" /gh /u2 /q1 /n:"Hauptprogramm" /gl /u4 /q5 /n:"ModulA" /gl /u8 /q10 /n:"ModulB" /gl /ph The decisive option is the last one. The /ph option transfers the HLM information into the WIBU-BOX extended memory instead of to a file. This is the output of the command line with the direct programming of the WIBU-BOX: wkcrypt - WIBU-KEY Encryption and Programming Tool. Version 5.00 of 2005-Apr-14 (Build 49) for Win32. Copyright (C) 1989-2005 by WIBU-SYSTEMS AG. All rights reserved. WIBU-BOX 1: Entry 1 (contents 10:15728640) new programmed. WIBU-BOX 1: Master Entry 2 (contents 10:10) new programmed. WIBU-BOX 1: ExtMem area (512 pages) formatted. WIBU-BOX 1: Start Writing ExtMem User WIBU page 0. WIBU-BOX 1: Start Writing ExtMem User WIBU page 1 to 6. HLM data of "MemoryHLM" into WIBU-BOX ExtMem written (3 licenses). If the WIBU-KEY server process is started now, the following output should appear: WkSvW32.exe - WIBU-KEY WkLAN/WkNet Network Server. Version 5.01Beta (Level 2) of 2005-Aug-25 for Win32. Copyright (C) 1989-2005 by WIBU-SYSTEMS AG. All rights reserved. 4 ports scanned: 2 WIBU-BOXes at 2 ports found. HLM file <8-10001978 block 0> successfully read: 2 of 3 licenses accepted. Table of supported clusters: Cluster 1: 10:2 (Hauptprogramm), 1 slot - HLM controlled by file <8-10001978 block 0> and entry 2 of WIBU-BOX 8-10001978 at USB Cluster 2: 10:8 (ModulB), 10 slots - HLM controlled by file <8-10001978 block 0> and entry 2 of WIBU-BOX 8-10001978 at USB Used WkLAN server name: COMPUTER - port: 22347. Used IP address: default IP address. ### WkLAN server is active. General WkLAN timeout set to 1440 minutes. X.XX XX:XX:XX:XXX: WkSvW32.exe is running. As you can see the licenses are read automatically. Because the User Code mask of the Master Entry doesn’t cover Module A (User-Code = 4, 5 licenses /10 AND 4 <> 4), this module isn’t enabled. Lockzone | Keeping your privacy The Lockzone Mobile Security Applications are based on a unique technology for eliminating spying on email communications and Unified Messaging applications to the point of Voice over IP. It is accomplished by preventing the creation of readable tracks on the computer in the first place. This is the technical USP (Unique Selling Proposition) of the Lockzone Mobile Security Applications technology. The Lockzone technology works at the critical weak point of today’s security solutions for the global Internet standard software market – the missing synergies of communication software, anti-virus solutions and encryption technologies, such as Microsoft Outlook, Norton Anti-Virus and PGP. The Lockzone technology combines these three security components in a completely closed technical environment – on a USB Stick. Lockzone GmbH, located in Germany, offers communication software such as Voice over IP, email clients, communication servers and other products that are linked to security topics for the Internet. The solutions are platform independent (Mac OS and PC) just like web browsers, but they have two important advantages: identification at the system and the difficult public key encryption of emails. The embedded Flash Disk stores the data and the program files. through the CM-Stick. Everything is contained on the CM-Stick, so a previous installation is not necessary. All applications developed by Lockzone can be used in a mobile environment p Access to all emails, data and attachments, on- or offline p No tracks are created, as opposed to web browsers, so data can’t be read by a third party at the same workstation, including stored passwords, correspondence, attachments and so on The public key email client mailclad communicator PRO uses the CM-Stick with Flash Disk in a very special way. The CMStick’s security chip is used for both the The WIBU-BOX we’re using in the sample now could be connected to any workstation or server in the network and the WIBU-KEY server would provide the licenses without any further installation. 12 No.10 |Fall 2005 13 KEY n o t hotspot e Case study Intelligent Data Systems xCOMPOSER.office | Setting the multimedia wave rolling! Companies providing products or services in need of explanation are often confronted with the task of presenting the features of their offer in a vivid, meaningful way. The revolution for job-related PC users Printed options – even if they are extensively designed – often don’t contain all important information. In such cases multimedia presentations are more helpful. The combination of video, sound, spoken information, pictures, charts, textes, animations, 3D pictures and others make it possible to explain each concept better, easier and faster. Multimedia presentations are digital presentations that include all types of digital data (video, sound, pictures, music) running independently and allowing interaction. Multimedia presentations can’t be confused with lectures because the mentioned items don’t apply in part or in whole. For companies, the possibilities and advantages of multimedia presentations are nearly unlimited, especially for marketing and sales purposes. For example it is possible to offer data sheets on a CDROM as a supplement for a product video which can be printed. A pure video doesn’t allow this. Other possiblities of a multimedia presentation are access to the Internet or the integration of shops. Many companies have already created digital media about the company and products. And today’s PCs can be used as multimedia machines. So these companies have all the requirements for using multimedia presentations. Why then is the creation of multimedia presentations predominantly the business of graphic artists, designers, programmers and multimedia experts? The Steigenberger hotel in Radebeul, Germany uses a presentation CD that provides information about the hotel and also the tourism highlights in the surroundings via video, music and text. The mail-order market garden plantasia.de profits from the multimedia presentation on CD for presenting the company and the products as well as the catalogue that allows the customer to order directly. For years plantasia.de has not used printed sheets and this has lead to positive experiences. They can save on production costs for printing and they have a more intensive customer communication. Dirk Mann, responsible for the multimedia presentations at plantasia.de, says: “Our customers have accepted the multimedia presentations very well. In the meantime they are asking for a new version of the multimedia CD. Now we are able to provide objective and non verbal information. And we can present our company as an innovative one.” Today the access to digital content – prefabricated and self produced – is easier than ever. Everybody can create digital content with digital cameras and video cameras. And scanners are very common in these days as well. The reason is that most of the programs for creating multimedia presentations are very complex. They can only be used with extensive training and a long period of vocational adjustment. Most programs, but not all! The xCOMPOSER.office is a program for multimedia presentations that can be used by any PC user. With it the German company Intelligent Data Systems has created a new category for office software as reported by a test report of the Media Design Centers of the Technical University Dresden. This is the first, brand-new standard application for multimedia presentations for normal PC users in the PC area. nes video, sound and text in one multimedia presentation for explaining the complex possibilities of their products. An exhaustless data source par excellence is the Internet. It offers any material such as texts, pictures, videos or sounds for almost any topic. The increase of a quick Internet access (e.g. DSL) encourages the willingness of users to download bigger data files via the Internet. For example, the German company bürkert, the worldwide market leader for industrial control systems on the basis of hydraulic and pneumatic systems, combi- The existance and availability of digital media in different types begs for a software application that can use these different content pieces easily and comprehensively. CM-Crossword This program is xCOMPOSER.office. For Intelligent Data Systems and all other software manufacturers there is the very importent question how to keep the digital rights of use. The combination of two innovative products adds the CodeMeter Digital Rights Management solution by WIBU-SYSTEMS AG. Intelligent Data Systems uses the state-of-the-art CM-Stick USB key by WIBU-SYSTEMS AG. “The CM-Stick combines the easy handling for the user and the one hundred percent keeping of the rights of use for software manufactures in a perfect way”, says Martin Glück, C.E.O. of Intelligent Data Systems. “Furhermore“, continues Martin Glück, “WIBU-SYSTEMS offers with the CodeMeter shop an advanced sales platform that complements our other sales activities perfectly.” Price of xCOMPOSER.office, single user license, in the CodeMeter shop is 149,00 €. valid till December 31, 1005. Then the price is 179,00 € instead of 199,00 € maker’s price. Win one of 10 CodeMeter Special Editions! We are raffling 10 CM-Sticks with 256 MB flash disk. More information about the CM-Stick is available on the last page of this magazine. Complete the puzzle above and transfer the solution from the green squares into the following squares: Horizontal Vertical 1 2 8 9 10 11 12 3 4 5 6 7 DRM solution of WIBU-SYSTEMS? What is available in the CodeMeter shop at a reduced rate? Feature of the CM-Stick for secure administration of passwords? Interface of the CM-Stick? Size of the virtual drive in the CM-Stick? Feature within the CM-Stick for password creation? Access control for the PC? Heart of CodeMeter? Encryption method of CodeMeter? Manufacturer of Safe 7 Lite? Manufacturer of the CM-Sticks? Name of the communication protocol for licenses? 13 Optionally available in the CM-Stick? I Please e-mail the solution to: crossword@codemeter.com M P R E S S KEYnote U M 10. Edition, Fall 2005 Publisher: WIBU-SYSTEMS AG Rueppurrer Strasse 52-54 · D-76137 Karlsruhe Phone: +49-721-93172-0 · Telefax: +49-721-93172-22 Email: info@wibu.de · www.wibu.de Responsible for the content: Oliver Winzenried Editors: Martin Glück, Rüdiger Kügler, Daniel Ortiz, Elke Spiegelhalter, Stephan Süptitz, Peer Wichmann, Oliver Winzenried Letters are welcome at any time. They are protected by the secret of the editorial staff. Articles identified by name don’t absolutely reflect the opinion of the editors. 14 No.10 | 2005 15 D I G I T A L R I G H T S M A N A G E M E N T S Y S T E M CodeMeter: a perfect giveaway Mobile CM Password Manager and Firefox The mobile CM Password Manager allows you to be free with your passwords and access data using a certain browser, computer or operating system. You can easily store your passwords, PINs and TANs via the CM Password Manager and the portable Firefox on the CM-Stick/M. So you are able to have access to your passwords from any computer and you can login to Internet accounts. Data encryption CodeMeter is a Digital Rights Management solution that protects software and content against illegal use. The heart of the system is the CM-Stick, an encryption and storage device in the form factor of a small USB device. The CM-Stick is based on a micro chip, developed by WIBUSYSTEMS, that can encrypt and decrypt data as well can store the necessary keys in the chip. www.codemeter.de Steganos Safe Lite allows you to store your data encrypted in a virtual drive with 128 MByte. The CodeMeter edition for 9,95 E offers you an additional memory of 64 GB and a portable safe. Secure PC login SecuriKey Lite and the CM-Stick allows you a secure PC login on Windows 2000 and Windows XP. WIBU-SYSTEMS AG Rueppurrer Strasse 52-54 D-76137 Karlsruhe Phone: +49-721-93172-0 Fax: +49-721-93172-22 info@wibu.com www.wibu.com Flash disk up to 2 GB The CM-Stick is additionally available with flash disk in the sizes of 128 MB, 256 MB, 1 GB and 2 GB. One part of the flash disk can be protected with the CodeMeter password. The CM-Stick supports Windows, Linux, Mac OS X and USB interfaces 2.0 and 1.1. CodeMeter FPP Special Edition All CM-Sticks are available in a premium alu case including neck strap, software, manual and additional 5 coloured cases. Ex 49,95 € including VAT.