KEY - WIBU-Systems AG

Transcription

KEY - WIBU-Systems AG
No.10
|
Fall 2005
KEY
n
n
o
o
t
t
e
e
W I B U - M a g a z i n e
CodeMeter is the most innovative software protection technology available today. You don’t need a detailed lab study to
understand CodeMeter’s unique features. Compare and check
for yourself:
A Good Move
for Security.
Absolute Highest Security
p Private Key or Secret Key chosen by vendor
p Encrypted communication and latest and
strongest algorithms
p Locking of the hardware when crack attemps occur
p Public Hacker’s Contests
Incredible Flexibility
p More than 1000 licenses can be stored in one CM-Stick,
even from different vendors
p Works for low cost products, too, excellent alternative to
software-based activation schemes
p All license options coexistent in one CM-Stick
p One CM-Stick for single stations and network systems
Actual User Benefits
p The CM-Stick/M is the first, up to now unique and smallest
dongle worldwide with up to 2 GByte Flash Disk built in
p No special drivers required, no installation, no administrative
rights and very simple usage
Utmost Reliability
p WIBU-SYSTEMS is certified according to ISO 9001:2000
p CM-Stick/M USB listed, UL and VDE listed, conforms with CE,
FCC, VCCI und RoHS regulations
Activation with CodeMeter
p For vendors: better protection security level
and highly secure user registration
p For users: mobility of licenses and license
backup included
CONTENT
These are only a few, brief hard facts. Learn more about the
advantages of CodeMeter based activation from page 2.
Page 2/3
Activation with CodeMeter
Page 4/5
News | What’s new?
Page 7
IxProtector | Future of software protection
Page 8/9
AxProtector.Net | Secure protection for .NET applications
Page 10/11 CM-FAS | Re-programming from a distance
Page 12
Huge-Licence-Management in a Box
Page 14/15 xCOMPOSER.office | Setting multimedia wave rolling
KEY
t
E
R
n
D
I
o
T
O
knowhow
e
I
A
Activation with CodeMeter
L
What is software activation?
Dear Customers and Partners,
p No cost for dongles. But there are
“hidden costs” for the activation process development and installation as
well as manual activations through
technical support.
Software activation is a method for software license management in which the
user installs the software by entering a
serial number. This serial number plus
some hardware attributes are used to
calculate an “ID” in the application.
Disadvantages of software
based software activation
This “ID” is sent to the software vendor.
In the next step, the vendor generates a
corresponding activation code and
returns it to the user. This code enables
the user to use this software on exactly
this PC that it has been generated for.
The PC hardware is more or less used like
a simple dongle.
is our new company slogan.
We know that one hundred percent
completely perfect solutions are
impossible. That said, our slogan
expresses our goal to offer you extraordinary solutions that are as close
to perfection as is possible. This
means extraordinary security, ease
of use, flexibility, reliability and new
business opportunities with new
license models and sales models.
Furthermore, our award-winning
solutions offer unique benefits for
your customers and will guarantee
customer satisfaction.
p The license is bound to a specific PC. The
user cannot transfer the license easily.
He needs a new activation code from
the vendor in case of a PC defect or
when he replaces his aging PC with a
new faster one. This needs manual support from the vendor. Today, software is
often used longer than the PC’s lifetime.
So this inconvenient situation happens
quite often.
Normally this process is handled over the
Internet, fully automated on the vendor
site. In case of any problems and for
activation on PCs not connected directly
on the Internet, telephone or email support is necessary. This makes it inconvenient for users and vendors alike.
Security leaks
p Key Generators are offered all over the
Internet. They are used to generate the
necessary activation code at the user
site without using the official activation
process. Many vendors claim that it is
very difficult to offer a key generator if
the algorithm is complex enough. This is
simply not true, because it is easy for
experienced crackers to extract the
algorithm from the protected application.
p The registration allows the vendor to
collect the user data. This is valuable for
marketing purposes, update or upgrade
information and information about
new products. This makes sense and is a
benefit for vendors and users.
Figure 1: Structur of software
activation
Lic
en
sor
Please visit us at one of the trade
shows or conferences this fall, at one
of our Software Protection Days or
simply call us and tell us your requirements. We will answer immediately
with solutions designed for you.
Cu
sto
me
r
So
ftw
ne
ge
are
es
t
ra
ln
de
co
ria
Se
ion
at
tiv
Ac
Sincerely yours
Oliver Winzenried
be
um
r
Ha
ID
e-
r
wa
rd
ies
rif
ve
2
p Patching the application. Normally, only
a few bytes need to be patched: the
code where the application checks to
see if the activation has been done successfully. Patch tools on the Internet
make it easy even for inexperienced
users to apply a patch and bypass the
activation process.
This begs the question,
is it possible to improve this
activation process with simple,
cheap dongles?
To be honest, it is not! Simple dongles still
allow the following attacks:
Different attack schemes:
Advantages of software
based software activation
p Simulation of the PC hardware: The
easiest way is to install a virtual machine, like VM-Ware. Then install and
activate the software here and duplicate
the virtual machine. On any number of
PCs, one activation is all that is required!
p Record the dongle’s communications
with the application and simulate it.
p Simulate the dongle’s device driver or
dynamic link library (DLL): Normally,
dongle hardware is accessed using specific device drivers which can be simulated. Further, a DLL is mostly used as an
interface between the protected application and the device driver.
p Patching the application: This might be
more complicated than in the case of
software based activation. But even this
is relatively easy and experiences
hackers can be quickly successful with
simple dongles or in case of poor security integration into the application’s
code.
Software activation using
CodeMeter: How does it
work?
CodeMeter offers protection of applications with a very high security level and a
registration using secure authentication
with public key schemes from the vendor
to the CM-Stick connected at the users
computer. The steps necessary from the
software installation, registration, activation and offline use are shown below:
1. Connect the CM-Stick on the user’s PC. A
CM-Stick may already be available at the
user’s side, supplied by a vendor or
bought directly by the user in a retail
store.
4. Encrypted backup of the licenses at the
user’s side are automatically stored on
the user’s hard disk and safeguard the
user in case of CM-Stick loss or defect.
2. To activate the software, the installer is
started and the unique serial number is
entered. This serial number will be
checked over the Internet, if previously
used for registration. If it is new, the
user enters his registration data and the
CM-Stick will be registered. This is secured by public key encryption using
Elliptic Curve Cryptography.
6. Transfer of licenses from one CM-Stick
into another one is possible. It requires
an online connection to the vendor.
These steps can be done completely
automatically. The new user is registered
immediately.
The CM-Stick can not be simulated or
emulated by another hardware device
or software process. In the last step, the
license for the product is stored in the
CM-Stick. The CM-Stick can store thousands of licenses even from different
vendors, so that one CM-Stick at the client side is enough.
3. The application software itself is partially encrypted. During runtime, it is
decrypted on the fly if the corresponding license is available in the CM-Stick.
The communication between the CMStick and the protected application is
also encrypted and the application is
further protected by integrity checks,
anti-debugging schemes and code
obfuscation.
Cracking is not impossible but it’s a very
difficult and time consuming task even
for specialists with good knowledge and
good tools. A simple byte patch would
simply not work.
5. Secure return of software licenses.
In summary: Software-only based software activation schemes do not offer reasonable options for license backups and
license transfers, nor do they offer good
security for vendors. In addition, they do
not offer any real mobility for the user.
CodeMeter offers a “Win-Win-Solution“
for vendors and users. The user benefits
from additional personal security functions and may buy the CM-Stick himself.
In this way, the vendor costs are not any
higher than with software-only based
activation schemes, and the benefits are
much higher.
Application
Static
Library
Dynamic
Library
Device Driver
Advantages of software
activation with CodeMeter
1. Due to a highly secure protection, use of
the application without registration is
more or less impossible.
2. The registration process is absolutely
secure by using public key cryptography
from the vendor to the user’s CM-Stick
Dongle
Figure 2: Structure of communication with the
dongle
3. License mobility for the user. The user
can install the application on multiple
PCs for his convenience, but he can only
use it on the PC that has the CM-Stick
with the corresponding license connected.
No.10 | Fall 2005
3
KEY
n
o
t
news
e
News | What’s new?
The autumn of 2005 brings a lot of new
features for WIBU-KEY and CodeMeter.
You can read all about the improvements big and small in the following
article.
WIBU-KEY goes 64
Moving with the current trend to 64 bit
high-end applications and systems, especially in the field of CAD, WIBU-KEY components for Windows XP x64 Edition for
the EM64T/AMD64 and IA64 platforms
are available now. Components for different Linux variants (SuSE, Debian, …) will
follow in the next steps.
The good news is that the 32 bit version
can be used on 64 bit operating systems
with no limitations.
As before, there’s an installer for 64 bit
environments that installs all WIBU-KEY
components, including multilingual support, in an easy and secure way.
An installer
speaks a lot of languages
The variety of WIBU-KEY runtime installers was simplified to one common version a short time ago. Now this modification makes its way to the Development
Kit installer, too.
In the past there was a separate version
for the English and German languages,
but now there’s only one version that
covers both. This affects not only the
WIBU-KEY components, but also the
interface of the installer as well.
The language used for the installation is
determined by the language used by the
operating system. If the current OS language is not supported by the installer,
the English language will be used by
default.
Uniform tools
For Windows, in addition to the driver
there is also a corresponding control
panel applet, as well as updated header
files and libraries for the Classic API, an
updated Java library and an updated
COM control available.
All components provide the same features as the current 32 bit product including all API functions, support for all
WIBU-BOX variants and subsystems (local
and WkLAN). The one exception is the
WIBU-KEY server process, which is still
available in 32 bit only.
4
WIBU-KEY is being used by more and
more Linux and Mac OS developers, and
often in environment in which there are
not also Windows computers handy. In
order to best support our customers in
these environments, the WIBU-KEY developer tools are now available for all supported platforms. We use the Qt programming environment from Trolltech to
achieve a uniform look-and-feel across all
platforms.
Existing
WibuKey.TextData
WibuKey.WkNetEncryptSequence
WibuKey.StockData
WibuKey.ExtendedMemory.Signature
WibuKey.BoxEntry.Signature
WibuKey.AddedEntry.Signature
WibuKey.Encryption.IndirectInitData
WibuKey.RemoteProgramming.OriginalContext
Data
WibuKey.RemoteProgramming.UpdateData
WibuKey.RemoteProgramming.ContextData
Stable, more stable,
the most stable
The WIBU-KEY server process has always
been one of the most stable network
licensing solutions in the copy protection
industry, but we were able to improve it
again! Small modifications with a big
effect improve the performance and qualify the process to be a reliable solution for
systems with highest demands for continuous availability.
WIBU-KEY COM Control
(ActiveX) – New features
Visual Basic and similar programming languages offer a lot of advantages. But
some peculiarities are hard to deal with
and it is sometimes difficult to use every
desired feature of a component or programming technique. The same goes for
the WIBU-KEY COM control with regard
to UNICODE, too.
The WIBU-KEY COM control uses string
values for some properties. With other
programming languages or with projects
that are running on operating systems
using a non-UNICODE language, that’s no
problem. But with UNICODE languages
the internal transformation and use of
UNICODE strings, like what happens with
Visual Basic, the output data will be modified. That means that every correct character is followed by a blank character.
These new methods were implemented as
modified copies of existing ones. These
new functions use arrays of byte instead
of strings.
The following methods are new:
New Additions
WibuKey.ByteArrayData
WibuKey.WkNetEncryptSequenceByteArray
WibuKey.StockDataByteArray
WibuKey.ExtendedMemory.SignatureByteArray
WibuKey.BoxEntry.SignatureByteArray
WibuKey.AddedEntry.SignatureByteArray
WibuKey.Encryption.IndirectInitDataByteArray
WibuKey.RemoteProgramming.OriginalContextDataData
ByteArray
WibuKey.RemoteProgramming.UpdateDataByteArray
WibuKey.RemoteProgramming.ContextDataByteArray
The functionality of these new methods
is same as the previous string-based
versions.
The Password Manager
Last but not least, here are a few words
about a small but useful application that
comes with the CodeMeter package for
free: The CodeMeter Password Manager.
Extended
automatic protection
The new automatic encryption tool
AxProtector has replaced the traditional
automatic encryption tool, WkCrypt.
Automatic encryption has always provided an easy and secure way to protect
software against illegal copying, and now
with AxProtector the security has been
enhanced even further. The biggest historical limitation with WkCrypt was the
fact that it only worked on Windows.
This useful tool was enhanced, too. It now
has the capability to learn Web forms and
multiple fields in addition to the specific
password field.
Daemon on Linux
Just like the CodeMeter context menu on
Windows all important functions can be
accessed at this graphical interface including the status message window and
the WebAdmin app to manage the CodeMeter settings.
This platform limitiation will soon be over,
the next version of AxProtector supports
Mac OS X applications. AxProtector on
Mac OS X supports all of the features such
as auto runtime check and network licensing.
No go! – Blacklist
The development of 64 bit WIBU-KEY
components on Windows will also bring
automatic protection of 64 bit applications to Windows.
Your CM-Stick is lost or damaged?
Don’t panic! CodeMeter provides a reliable architecture to avoid the use of lost
licenses.
The latest version of the AxProtector can
protect .NET applications as well.
Every CM-Stick can be listed on a central
blacklist by WIBU-SYSTEMS that can be
replicated on all installed CM time servers
worldwide if the CM-Stick is marked as
stolen or damaged.
Automatic protection of Linux applications is scheduled to be released mid-2006.
New options of the AxProtector include
advances protection technologies against
debugging with the possiblity of blocking
the CM-Stick when crack attempts occur.
CodeMeter flexibility
Our newest product CodeMeter has been
enhanced with a variety of new features
and improvements. Here are the highlights:
A daemon for (almost) all cases
The current release of the CodeMeter
Runtime on Mac OS X and Linux is implemented as a daemon that runs in the
background, without the need for a
logged-in user to start or stop it. The daemon is managed by a graphical interface
that is implemented on both operating
systems with the same look and feel.
If a CodeMeter-protected application tries
to get a time certificate or if the holder of
the missing or stolen CM-Stick updates
the certified time, the CM timeserver
compares the serial number of the CMStick with its blacklist and locks the CMStick permanently if it’s on the list.
SOFTWARE-PROTECTION-DAYS
November
November 3, 2005
November 8, 2005
Germany
November 9, 2005
November 10, 2005
Schedule: 1 p.m. – 5
dinner
Leipzig, Germany
Düsseldorf,
Karlsruhe, Germany
München, Germany
p.m., followed by a
Experience your chances with new software protection solutions. This workshop
shows how you can bundle high secure
protection, new license and sales schemes
plus user benefits.
Register now on www.wibu.com
The number of participants is limited.
All licenses are locked out and worthless.
CodeMeter: Not a cold coffee!
Another important improvement in the
range of programming languages is the
new Java API, which is now available
cross-platform. A detailed online help file
and sample applications exist to assist the
developer.
If you are looking for a specific sample
implementation, please let us know.
No.10 |Fall 2005
5
product
e
SmartShelter supports native PDF
A version for the free Acrobat Reader will
soon be available.
However the current limitation is margina, because the target group for highquality protected documents often uses
the complete Adobe Acrobat environment.
The second method to protect PDF files
consists of a plug-in for the Acrobat environment. This plug-in is to be installed in
Acrobat and can be used like any other
plug-in in Acrobat.
p Service manuals in the automotive
industry
p Market surveys
p Training material
p E-books, magazines, subscriptions...
With automatic protection it is possible
to integrate strong anti debugging and
protection measures with very limited
effort. Automatic protection methods
can not take the structure of the application itself into account.
Using IxProtector, this integration is usable for WIBU-KEY as well as for
CodeMeter and is significantly simplified
and unified.
This structure makes it possible to create
a simple specification by encrypting
several ranges with the same area. But it
is also possible to specify complex scenarios where different program modules are
licensed differently and thus enforce
complex licensing schemes using encryption (see figure 2).
At the same time the efficiency of the
mechanism has also been increased.
On the other hand, ensuring that the
complete application will never reside
totally unencrypted in memory requires
detailed knowledge of structure and execution paths.
Having part of the software encrypted in
memory all the time is one of the most
essential prerequisites of achieving the
very highest security levels.
The IxEngine inserts the correct encryption and decryption calls into the completely assembled application. This procedure is shown in figure 1.
Address
Lenght
Range
Product Code
Unit Counter Delta
Range
Area
CodeMeter
FC/PC
Range
Area
Engine
U
ru npr
co nn ote
de ing ct
ed
Fig. 2: Structur of IxEncryption
U
ru npr
co nni ote
de ng ct
e
d
The WIBU-KEY or CodeMeter protection
hardware is used to generate the encryption key, so that there is no access to
the protected document without the
hardware.
P
ru rote
co nn cte
de ing d
Co
& mp
Lin ile
k
C
So /C+
ur +
ce
IX
ta AP
bl
es
Just select the security system ‘WIBU
CodeMeter Security’ or ‘WIBU WIBU-KEY
Security’; the plug-in is completely
embedded in the Adobe security handler
and provides a full and secure alternative
to the standard Acrobat security schemes.
6
The description of the encrypted ranges
is done in a structured way. Using different abstraction layers it is specified what
is to be encrypted (range) and how it is to
be encrypted (area).
To integrate the IxProtector into an application, a structure describing which
ranges of the application are to be
encrypted with which parameters has to
be specified. It must also be specified
when the ranges have to be decrypted or
subsequently encrypted.
After the installation, the plug-in can be
found in the document properties in the
‘Security’ section.
The plug-in currently supports the
CodeMeter hardware platform and will
be extended to include WIBU-KEY support soon.
Integration of encrypted code into an
application has been standard procedure
with WIBU products for several years.
AXAN set forth a standard that has rarely
been reached up to now.
or
A modification of the Acrobat interface
with version 7.x temporarily prevented
the use this method. An update to
Acrobat 7.0.2 and the use of the current
release of SmartShelter solves this problem.
Due to legal license reasons the use of the
plug-in currently is limited to the professional Adobe Acrobat environment.
SmartShelter protects documents
that have one publisher and many
readers, for example:
While AxProtector raises the bar for
automatic protection of software, the
aim of IxProtector is the individual protection of software with source level
integration. This kind of protection is
useful to satisfy very high protection
requirements.
r
Older versions already provided the possibility to protect PDF by embedding the
documents in HTML pages, which are
used as a kind of start-up page for the
document, which is encrypted in the
SmartShelter binary and loads the encrypted PDF file.
A check of an existing Limit Counter or an
Expiration or Activation date (CodeMeter)
as well as the use of WIBU-KEY or
CodeMeter in the network can be specified here, too.
Why
document protection?
to
The current version of SmartShelter supports two different ways to protect documents in the Acrobat PDF format.
The necessary parameters like Firm and
User/Product Code can be specified in the
input mask.
ot
ec
t
The new SmartShelter version now supports the protection of native PDF documents as well as PDF embedded in
HTML.
IxProtector: Future of software protection
Pr
t
Ix
o
Ix
En cr
yp
n
Ix
En gi
ne
KEY
At the same time with the decryption
and re-encryption of the code, additional
security mechanisms are introduced so
that the protection mechanisms can not
be circumvented by eavesdropping on
the communication and replaying the
content at a later time.
To achieve this unprecedented level of
security, probabilistic encryption and
decryption requests are sent to the hardware during runtime.
Because of the constant change of these
requests and subsequent checking of the
answers, replay attacks are rendered
unfeasible.
Fig. 1: Structur of IxProtection
SmartShelter plug-in for Adobe Acrobat
No.10 |Fall 2005
7
KEY
n
o
t
knowhow
e
AxProtector.Net | Secure protection for .NET applications
WIBU & Intel Macs
WIBU-SYSTEMS AG has been developing an extension to its software
forIntel-based Macintosh computers.
The latest WIBU-KEY driver – version
5.00a – can already be used for local
key access.
Network support and CodeMeter support have to be finalized, which will
happen before the release of the new
Mac hardware.
Along with this new Intel Mac support,
the next software version will require
Mac OS X version 10.3 (Panther) or 10.4
(Tiger)
The next generation of automatic application protection, AxProtector, is available now. A new preview release is out
that also protects and obfuscates .NET
applications.
There’s a preview release of the AxProtector for .NET available now, and the
next release of CodeMeter and WIBU-KEY
will provide a version that supports all
features.
In addition to the pure protection of
non-authorized applications, the protection of knowledge such as programming
know-how or special techniques is
another aim of copy protection.
The AxProtector.NET protects console
as well as GUI applications by a complex
mechanism with varying encryption
of the executable code (EXE and DLL),
which is partly decrypted directly before
it is used.
It’s hard to re-engineer ‘normal’ executable code and to re-write it to a readable
source code, but with .NET this no problem due to the intermediate MSIL code.
It doesn’t matter which programming
language originally was used to develop
the application.
A lot of tools can be found on the
Internet that can re-engineer back to any
other .NET language. The AxProtector for
.NET can prevent this re-engineering. The
MSIL code is encrypted, which avoids disassembling of the code.
While there are a lot of tools on the market that provide some sort of source code
obfuscation, these systems can’t compete
with the various techniques that can be
used with CodeMeter and WIBU-KEY, such
as implementation of pay-per-use models
and modular protection.
Both product lines, WIBU-KEY
CodeMeter, are supported.
and
Of course there will be support for all
features of these product lines, like
network access and customized message
dialogs.
A small sample demonstrates what’s
possible up to now.
The real proof of performance and
security can be understood only if you try
it out yourself.
Now for a sample: The popular sample
‘Hello World!’ is our target.
Here we used it implemented in C#.
class MyTest
{
public void Verify()
{
}
} // MyTest
Now the program will be compiled in the command line:
D:\TEST>csc hello.cs
Microsoft (R) Visual C# .NET Compiler version 7.10.6001.4
for Microsoft (R) .NET Framework version 1.1.4322
Copyright (C) Microsoft Corporation 2001-2002. All rights reserved.
But if the entry or the whole CM-Stick is
missing, the following message will be
displayed:
The result is a file of 3,072 bytes, which now will be protected by AxProtector.NET
(axpnet.exe):
D:\TEST>axpnet /f10 /p100 /o:protected.exe hello.exe
axpnet - Automatic Protection of Microsoft .NET executables.
Version 1.00 of 2005-Aug-14 (Build 1) for Win32.
Copyright (C) 2005 by WIBU-SYSTEMS AG. All rights reserved.
---- hello.exe ---------------------------------------------------------------Used Firm Code = 10, used Product Code = 100.
D:\TEST\protected.exe created: 18448 bytes written.
------------------------------------------------------------------------------1 file converted.
The result of the protection with its 19,472 bytes is bigger than the original due to the
added protection engine, but it still can used on all .NET frameworks (32/64 bit, compact framework), provided that the framework is supported by CodeMeter (32 bit only
at the moment).
We hope that we were able to arouse
your curiosity with this short preview.
News about the AxProtector.NET tool can
be found in our publications or on our
website.
www.wibu.com
If a properly configured CM-Stick is connected (Firm Code 10 / Product Code 100), the
small program can be started.
D:\TEST>protected
Hello WIBU-SYSTEMS protected World.
Enter a character to continue:
WIBU-SYSTEMS as a sponsor
WIBU-SYSTEMS sponsors the youth
soccer (age-group 1991/1992) of the
soccer club FTSV-Kuchen, Germany.
class Hello
{
public static void Main()
{
Console.WriteLine("Hello WIBU-SYSTEMS protected World.");
// wait for next entered character
Console.Write("Enter a character to continue: ");
Console.Read();
Console.WriteLine();
}
} // Hello
8
No.10 |Fall 2005
9
KEY
n
o
t
product
e
C M - FA S | R e - p ro g r a m m i n g f ro m a d i s t a n c e
Beginning with version 2.11, CodeMeter
now supports file-based Remote
Programming, called CM-Field Activation
Service or CM-FAS.
The file-based re-programming of copy
protection hardware was traditionally a
unique feature of WIBU-KEY, but now
CodeMeter also provides a file-based
solution – in addition to the CodeMeter
protocol CM-Talk – the CodeMeter Field
Activation Service (CM-FAS).
The functionality is comparable with
WIBU-KEY: there is an interactive method
as well as the ability to execute the
Remote Programming process through
API functions.
Let’s start with the creation of the context
information. The Remote Context file
contains necessary information about the
connected CM-Stick. To create this file on
Windows, select the Explorer context
menu option “New/WIBU Control File”
using the right mouse button. Because
the Explorer extension behind this option
also supports WIBU-KEY and the
WKCRYPT tool, different options will be
available. At the moment we are interested in the “CM-Stick Remote Programming
Context File” option.
Now a selection of Firm Codes that are
programmed in the CM-Stick is displayed.
Either all or individual Firm Codes can
selected, which will be written to the context file. If there are a lot of Firm Codes
and /or licenses in the CM-Stick it’s useful
to select only the specific Firm Code that
is to be modified in order to keep the file
size to a minimum.
If you want to program a new Firm Code
into
the
CM-Stick
via
Remote
Programming, the new value can be specified in the following dialog.
d:\codemeter>CmBoxPgm
/ra:MyCmStick.WibuCmRaC /f10 /p14 /ca
Update successfully executed
Started at 2005-09-12 12:59:52
CmBoxPgm has Version 2.10.0.500
*** Read Remote Activation Context data
*** Add Product Item, CM-Stick 11035197,
FC=10, PC=14
*** Write Remote Activation Update data,
CM-Stick 1-1035197, FC=10
CmBoxPgm finished at 2005-09-12 12:59:52
This sample adds the new Product Code
14 to the existing Firm Item 10. The programming is re-directed to the Remote
Update file (Remote Activation data)
which can be seen in the output of
CmBoxPgm.
Firm Code list
After pressing the “OK” button the context file will be created in the specified
directory.
The last function can be used to display
the serial number of the expected CMStick, in order to avoid mistakes if the end
user owns more than one.
To create the update information the
command line tool CmBoxPgm.exe is
used. Just like the corresponding WIBUKEY tool, WKCRYPT, there’s a similar parameter list:
Please note that there must be a Firm
Security BOX (FSB) even if you just program the evaluation Firm Code 10!
Now the resulting Remote Update file
must be transferred to the end user. The
end user executes the update by doubleclicking on the update file. Once applied,
he or she can use the new license or the
new credits.
In addition to the above mentioned interactive method, there are also some API
functions to implement the CodeMeter
Remote Programming directly into your
own application.
Context File was created
Extension of the context menu
Graphical front-ends for Linux and Mac
OS will follow soon. Keep your eye for
the announcements on our website.
License Request
RU
LR
User
Remote
Update
File
So it’s possible to build license management features directly into the protected
application so that the user never has to
leave the application environment.
The following API functions are available
on Windows, Linux and Mac OS:
RU
CodeMeter
FSB
CodeMeter
Hardware
CmGetRemoteContext()
Stores the context information in an
encrypted and compressed file
CmSetRemoteUpdate()
Programs the CM-Stick according to the
information stored in the update file
CmListRemoteUpdate()
Lists the serial numbers of all CM-Sticks
stored in the Remote Update file
Context menu entry of the Explorer
Licensor
D AT E O F FA I R S
October
ISDEF
13. - 16. October 2005
Moscow
www.isdef.org
SYSTEMS
24. - 28. October 2005
Munich
B2.2
www.systems-world.de
November
ESWC
5. - 6. November 2005
Brüssel
www.euroconference.info
10
No.10 |Fall 2005
11
KEY
n
o
t
knowhow
e
Huge-Licence-Management in a Box
WIBU-BOXes with additional memory
not only can be used for storing extensive data, but also for the convenient
use of Huge License Management.
Only a few steps are necessary to realize a
network-based license management solution for your software with one WIBUBOX. This can be done either by the simple model using two entries per license in
the WIBU-BOX or by the Huge License
Management (HLM), which is essentially
simpler and more flexible. HLM manages
the licenses in an encrypted binary file
that is updated by the WIBU-KEY server
process.
The encrypted HLM file normally is installed with the WIBU-KEY components
and must be introduced to the WIBU-KEY
server process by a registry entry. If a
WIBU-BOX with extended memory is
used, the HLM binary file can be copied
directly into this memory, so it can be
transported and installed easily. The
WIBU-KEY server process reads this information at its start-up and provides all
enabled licenses in the network.
The WIBU-BOX entries
With HLM the first entry in the WIBU-BOX
must have a User Code that is higher than
15728640 (0xf00000). The second entry
controls the enabling of the HLM licenses.
It is realized by a Master entry whose User
Code mask is combined using a binary
AND combination with the User Code of
the protected application.
In following sample we’ll use the evaluation Firm Code 10 and the User Code
15728640 for the first entry and a Master
Entry of 10:10 for the second:
wkcrypt /pau /pi /f10 /u15728640 /pn
Because the HLM information only can be
programmed with the WKCRYPT command line tool, we will program the
entries for this sample using the command line, too.
So the programming of the WIBU-BOX –
in this example we are using a WIBUBOX/U+ – and the creation of the HLM
information is done in one command line.
Now a part of the unprotected, extended
memory must be formatted for HLM:
wkcrypt /pau /pxmf:w30
This command line formats 30 pages of
the memory. Now the various licenses
must be created and transferred to the
memory. Three licenses are defined:
1. Main program:
Firm Code =
User Code=
Number of licenses =
10
2
1
2. ModulA
Firm Code =
User Code=
Number of licenses =
10
4
5
3. ModulB
Firm Code =
User Code=
Number of licenses =
10
8
10
wkcrypt
/pau
/net /f10 /u15728640
/n:"MemoryHLM" /gh
/u2 /q1 /n:"Hauptprogramm" /gl
/u4 /q5 /n:"ModulA" /gl
/u8 /q10 /n:"ModulB" /gl
/ph
The decisive option is the last one. The /ph
option transfers the HLM information
into the WIBU-BOX extended memory
instead of to a file.
This is the output of the command line
with the direct programming of the
WIBU-BOX:
wkcrypt - WIBU-KEY Encryption and
Programming Tool.
Version 5.00 of 2005-Apr-14 (Build 49) for
Win32.
Copyright (C) 1989-2005 by WIBU-SYSTEMS AG.
All rights reserved.
WIBU-BOX 1: Entry 1
(contents 10:15728640) new programmed.
WIBU-BOX 1: Master Entry 2
(contents 10:10) new programmed.
WIBU-BOX 1: ExtMem area
(512 pages) formatted.
WIBU-BOX 1: Start Writing ExtMem User WIBU
page 0.
WIBU-BOX 1: Start Writing ExtMem User WIBU
page 1 to 6.
HLM data of "MemoryHLM" into WIBU-BOX
ExtMem written (3 licenses).
If the WIBU-KEY server process is started
now, the following output should appear:
WkSvW32.exe - WIBU-KEY WkLAN/WkNet Network
Server.
Version 5.01Beta (Level 2) of 2005-Aug-25
for Win32.
Copyright (C) 1989-2005 by WIBU-SYSTEMS AG.
All rights reserved.
4 ports scanned:
2 WIBU-BOXes at 2 ports found.
HLM file <8-10001978 block 0> successfully
read: 2 of 3 licenses accepted.
Table of supported clusters:
Cluster 1: 10:2 (Hauptprogramm),
1 slot - HLM controlled by file
<8-10001978 block 0> and entry 2
of WIBU-BOX 8-10001978 at USB
Cluster 2: 10:8 (ModulB),
10 slots - HLM controlled by file
<8-10001978 block 0> and entry 2
of WIBU-BOX 8-10001978 at USB
Used WkLAN server name:
COMPUTER - port: 22347.
Used IP address: default IP address.
### WkLAN server is active.
General WkLAN timeout set to 1440 minutes.
X.XX XX:XX:XX:XXX: WkSvW32.exe is running.
As you can see the licenses are read automatically. Because the User Code mask of
the Master Entry doesn’t cover Module A
(User-Code = 4, 5 licenses /10 AND 4 <> 4),
this module isn’t enabled.
Lockzone | Keeping your privacy
The
Lockzone
Mobile
Security
Applications are based on a unique technology for eliminating spying on email
communications and Unified Messaging
applications to the point of Voice over IP.
It is accomplished by preventing the creation of readable tracks on the computer
in the first place. This is the technical USP
(Unique Selling Proposition) of the
Lockzone Mobile Security Applications
technology.
The Lockzone technology works at the critical weak point of today’s security solutions for the global Internet standard software market – the missing synergies of
communication software, anti-virus solutions and encryption technologies, such as
Microsoft Outlook, Norton Anti-Virus and
PGP.
The Lockzone technology combines these
three security components in a completely closed technical environment – on a
USB Stick.
Lockzone GmbH, located in Germany,
offers communication software such as
Voice over IP, email clients, communication servers and other products that are
linked to security topics for the Internet.
The solutions are platform independent
(Mac OS and PC) just like web browsers,
but they have two important advantages:
identification at the system and the difficult public key encryption of emails. The
embedded Flash Disk stores the data and
the program files.
through the CM-Stick. Everything is contained on the CM-Stick, so a previous
installation is not necessary.
All applications developed by Lockzone
can be used in a mobile environment
p Access to all emails, data and attachments, on- or offline
p No tracks are created, as opposed to
web browsers, so data can’t be read by a
third party at the same workstation,
including stored passwords, correspondence, attachments and so on
The public key email client mailclad communicator PRO uses the CM-Stick with
Flash Disk in a very special way. The CMStick’s security chip is used for both the
The WIBU-BOX we’re using in the sample
now could be connected to any workstation or server in the network and the
WIBU-KEY server would provide the licenses without any further installation.
12
No.10 |Fall 2005
13
KEY
n
o
t
hotspot
e
Case study Intelligent Data Systems
xCOMPOSER.office | Setting the multimedia wave rolling!
Companies providing products or services in need of explanation are often
confronted with the task of presenting
the features of their offer in a vivid,
meaningful way.
The revolution
for job-related PC users
Printed options – even if they are extensively designed – often don’t contain all
important information.
In such cases multimedia presentations
are more helpful. The combination of
video, sound, spoken information, pictures, charts, textes, animations, 3D pictures and others make it possible to
explain each concept better, easier and
faster.
Multimedia presentations are digital presentations that include all types of digital
data (video, sound, pictures, music) running independently and allowing interaction. Multimedia presentations can’t be
confused with lectures because the mentioned items don’t apply in part or in
whole.
For companies, the possibilities and
advantages of multimedia presentations
are nearly unlimited, especially for marketing and sales purposes. For example it
is possible to offer data sheets on a CDROM as a supplement for a product video
which can be printed. A pure video
doesn’t allow this. Other possiblities of a
multimedia presentation are access to the
Internet or the integration of shops.
Many companies have already created
digital media about the company and
products. And today’s PCs can be used as
multimedia machines. So these companies
have all the requirements for using multimedia presentations.
Why then is the creation of multimedia
presentations predominantly the business
of graphic artists, designers, programmers
and multimedia experts?
The Steigenberger hotel in Radebeul,
Germany uses a presentation CD that provides information about the hotel and
also the tourism highlights in the surroundings via video, music and text.
The mail-order market garden plantasia.de profits from the multimedia presentation on CD for presenting the company and the products as well as the catalogue that allows the customer to order
directly. For years plantasia.de has not
used printed sheets and this has lead to
positive experiences. They can save on
production costs for printing and they
have a more intensive customer communication. Dirk Mann, responsible for the
multimedia presentations at plantasia.de,
says: “Our customers have accepted the
multimedia presentations very well. In the
meantime they are asking for a new version of the multimedia CD. Now we are
able to provide objective and non verbal
information. And we can present our
company as an innovative one.”
Today the access to digital content – prefabricated and self produced – is easier
than ever. Everybody can create digital
content with digital cameras and video
cameras. And scanners are very common
in these days as well.
The reason is that most of the programs
for creating multimedia presentations are
very complex. They can only be used with
extensive training and a long period of
vocational adjustment. Most programs,
but not all! The xCOMPOSER.office is a
program for multimedia presentations
that can be used by any PC user.
With it the German company Intelligent
Data Systems has created a new category
for office software as reported by a test
report of the Media Design Centers of the
Technical University Dresden. This is the
first, brand-new standard application for
multimedia presentations for normal PC
users in the PC area.
nes video, sound and text in one multimedia presentation for explaining the
complex possibilities of their products.
An exhaustless data source par excellence
is the Internet. It offers any material such
as texts, pictures, videos or sounds for
almost any topic. The increase of a quick
Internet access (e.g. DSL) encourages the
willingness of users to download bigger
data files via the Internet.
For example, the German company bürkert, the worldwide market leader for
industrial control systems on the basis of
hydraulic and pneumatic systems, combi-
The existance and availability of digital
media in different types begs for a software application that can use these different content pieces easily and comprehensively.
CM-Crossword
This program is xCOMPOSER.office.
For Intelligent Data Systems and all other
software manufacturers there is the very
importent question how to keep the digital rights of use.
The combination of two innovative products adds the CodeMeter Digital Rights
Management solution by WIBU-SYSTEMS
AG. Intelligent Data Systems uses the
state-of-the-art CM-Stick USB key by
WIBU-SYSTEMS AG.
“The CM-Stick combines the easy handling for the user and the one hundred
percent keeping of the rights of use for
software manufactures in a perfect way”,
says Martin Glück, C.E.O. of Intelligent
Data Systems.
“Furhermore“, continues Martin Glück,
“WIBU-SYSTEMS
offers
with
the
CodeMeter shop an advanced sales platform that complements our other sales
activities perfectly.”
Price of xCOMPOSER.office, single user license, in the
CodeMeter shop is 149,00 €. valid till December 31,
1005. Then the price is 179,00 € instead of 199,00 €
maker’s price.
Win one of 10
CodeMeter Special Editions!
We are raffling 10 CM-Sticks with 256 MB
flash disk. More information about the
CM-Stick is available on the last page of
this magazine. Complete the puzzle
above and transfer the solution from the
green squares into the following squares:
Horizontal
Vertical
1
2
8
9
10
11
12
3
4
5
6
7
DRM solution of WIBU-SYSTEMS?
What is available in the CodeMeter shop at a
reduced rate?
Feature of the CM-Stick for secure administration
of passwords?
Interface of the CM-Stick?
Size of the virtual drive in the CM-Stick?
Feature within the CM-Stick for password
creation?
Access control for the PC?
Heart of CodeMeter?
Encryption method of CodeMeter?
Manufacturer of Safe 7 Lite?
Manufacturer of the CM-Sticks?
Name of the communication protocol for
licenses?
13 Optionally available in the CM-Stick?
I
Please e-mail the solution to:
crossword@codemeter.com
M
P
R
E
S
S
KEYnote
U
M
10. Edition, Fall 2005
Publisher: WIBU-SYSTEMS AG
Rueppurrer Strasse 52-54 · D-76137 Karlsruhe
Phone: +49-721-93172-0 · Telefax: +49-721-93172-22
Email: info@wibu.de · www.wibu.de
Responsible for the content: Oliver Winzenried
Editors:
Martin Glück, Rüdiger Kügler, Daniel Ortiz,
Elke Spiegelhalter, Stephan Süptitz, Peer Wichmann,
Oliver Winzenried
Letters are welcome at any time. They are protected by
the secret of the editorial staff. Articles identified by
name don’t absolutely reflect the opinion of the editors.
14
No.10
|
2005
15
D I G I T A L
R I G H T S
M A N A G E M E N T
S Y S T E M
CodeMeter:
a perfect giveaway
Mobile CM Password Manager
and Firefox
The mobile CM Password Manager allows
you to be free with your passwords and
access data using a certain browser,
computer or operating system. You can
easily store your passwords, PINs and
TANs via the CM Password Manager and
the portable Firefox on the CM-Stick/M.
So you are able to have access to your
passwords from any computer and you
can login to Internet accounts.
Data encryption
CodeMeter is a Digital Rights Management solution that protects software and
content against illegal use. The heart of
the system is the CM-Stick, an encryption
and storage device in the form factor of a
small USB device. The CM-Stick is based
on a micro chip, developed by WIBUSYSTEMS, that can encrypt and decrypt
data as well can store the necessary keys
in the chip.
www.codemeter.de
Steganos Safe Lite allows you to store
your data encrypted in a virtual drive
with 128 MByte. The CodeMeter edition
for 9,95 E offers you an additional
memory of 64 GB and a portable safe.
Secure PC login
SecuriKey Lite and the CM-Stick allows
you a secure PC login on Windows 2000
and Windows XP.
WIBU-SYSTEMS AG
Rueppurrer Strasse 52-54
D-76137 Karlsruhe
Phone: +49-721-93172-0
Fax: +49-721-93172-22
info@wibu.com
www.wibu.com
Flash disk up to 2 GB
The CM-Stick is additionally available
with flash disk in the sizes of 128 MB, 256
MB, 1 GB and 2 GB. One part of the flash
disk can be protected with the
CodeMeter password. The CM-Stick supports Windows, Linux, Mac OS X and USB
interfaces 2.0 and 1.1.
CodeMeter FPP Special Edition
All CM-Sticks are available in a premium
alu case including neck strap, software,
manual and additional 5 coloured cases.
Ex 49,95 € including VAT.