Categorie: Protection
Universal Firm Code
The all-new Universal Firm Code provides the groundwork for the secure transfer of licenses without any involvement of the original software vendor. The licenses for Universal Firm Codes are created by way of certificates, which use a completely new process. It paves the way for transferring licenses between CmDongles and CmActLicenses or, soon, CmCloud.
Need for Transfer
The thinking behind the introduction of Universal Firm Codes was to provide an answer to the oft-voiced wish of software vendors for a simpler way to transfer or lend and borrow licenses. Up to now, the permanent transfer of a license was impossible without direct contact between the user and the software vendor. There is already a certain solution for temporary transfers that works without this contact, although it needs considerable preparation on both sides, which has to be done all over again whenever anything changes in the license. In the end, this is a messy and complicated process that is impractical and too costly in terms of implementation and support.
Before we take a look at the new ways to transfer licenses, it helps to consider the mechanisms and the differences of current Firm Codes.
One Firm Code per Developer
A Firm Code is the top entry level in a CmContainer, either a CmDongle (hardware) or a CmActLicense (software-based license). The Firm Code is allocated to a specific ISV who has the exclusive right to change anything at the lower levels. This allocation is guaranteed by the Firm Code that each software vendor is assigned by Wibu-Systems.
Up to now, the Firm Codes >100,000 were available for hardware and >5,000,000 for software-based activation. The new Universal Firm Codes use the >6,000,000 range and can be programmed for both CmDongles and CmActLicenses. As soon as the CmCloud is fully available, the licenses can be managed just as easily from there.
No Compromise on Security
One of the reasons behind the old strict distinction between Firm Codes for hardware and software concerns security. The secure environment of CodeMeter hardware represents a safer vessel for licenses and cryptographic keys than software solutions. By its very nature, anything working on a computer can be reproduced and extracted, even if it requires massive efforts. That is why software vendors are still allowed to define exactly which CmContainers are allowed with the new Universal Firm Codes. They can also determine whether and where licenses can be transferred. This is done by the CmActId that is split into defined areas for CmDongles (1***), CmActLicenses (2***), and CmCloudLicenses (3***). With these settings, the licenses on the CmDongle can be kept at the old level of security.
Software vendors can choose in which environments their licenses and keys are available. This also enables them to set different levels of protection for different applications. While licenses for expensive premium products might be limited to CmDongles, leaner demo versions can be operated with software trial licenses that can simply be downloaded from the Internet.
Certificates for Secure Transfers
We are taking a completely new path for creating licenses. Licenses are produced as certificates under the X.509 standard. All keys are stored with asymmetric encryption so that only the CmContainer for which the license was created can decrypt them again. The queries and certificates are transmitted in the established fashion via context and update files (*.WibuCmRac / *.WibuCmRaU).
The features of licenses with the new Universal Firm Code cover everything that software vendors can already do today: A license can be given a set expiry date, a flexible usage period, or a maintenance interval; it can contain additional data, or it can come with a usage counter. All of this and much more is possible today and will continue to be possible with the Universal Firm Code. There is now also the opportunity to nest product items in each other (see the article on page 10).
Local Multiple Licenses
One change affects the way multiple licenses are handled. Universal Firm Codes allow a set of licenses to be flagged as “local use only”. For instance, four licenses can be created that are only available for local use (e.g. reflecting the number of copies of an application that can be run concurrently). This ends the old convention of treating a license number of 0 as a local license.
To prevent general hacks for software-based licenses, CmActLicenses use an additional key for encrypting different licenses (different product codes). This key (the Product Item Secret Key - PISK) is calculated by the Firm Security Box (FSB) when the license is created. The same principle now also works in hardware scenarios to maintain the high level of security of CmDongles even in mixed use with CmActLicenses. There is also the option for software vendors to change the Firm Key in their FSB to stop Wibu-Systems from creating licenses with the same key; this option is now also available for CmActLicenses.
Requirements
The new method of license creation via certificates needs substantial changes in the CodeMeter License Server and in all other components. Using Universal Firm Codes therefore needs CodeMeter 6.0 or later. The new technique is also the reason why Universal Firm Codes are only supported by the new generation of CmDongles with 3-xxxxxx serial numbers. Previous models simply lack the space in the firmware to store the new processes. Beginning with firmware version 2.06, CmDongles 3-xxxxxx can handle Universal Firm Codes. The firmware update will be rolled out in Q1/2016 alongside CodeMeter 6.10.
CodeMeter 6.10 will, of course, work just as well with the old CmActLicense (>5,000,000), just as CmDongle 3-xxxxxx can contain both the new Universal Firm Code and the old Firm Codes (>100,000). Everything remains downward compatible. The multiple variants of AxProtector used to protect your software can also handle multiple Firm Codes and the latest release is ready for working with the new Universal Firm Codes.
Product Item Option | CmDongles | CmActLicenses | Universal Licenses |
---|---|---|---|
Text | YES | YES | YES |
License Quantity | YES | YES | YES |
Activation Time | YES | YES | YES |
Expiration Time | YES | YES | YES |
Usage Period | YES | YES | YES |
Unit Counter | YES | YES | YES |
Feature Map | YES | YES | YES |
Maintenance Period | >= Firmware 1.18 | >= Firmware 1.18 | YES |
Linger Time | >= Runtime 4.40 | >= Runtime 4.40 | YES |
Minimum Runtime Version | >= Runtime 5.20 | >= Runtime 5.20 | YES |
User Data | YES | YES | YES |
Protected Data | YES | YES | YES |
Extended Protected Data | YES | YES | YES |
License Information | YES | YES | YES |
Hidden Data | YES | YES | YES |
Secret Data | YES | YES | YES |
Module Items |
|
| YES |
KEYnote 30 – Edition Fall 2015