Licensing and Dongles − Still a Perfect Marriage

While ISVs and embedded systems engineers transform their businesses with new software licensing strategies, like subscriptions and consumption-based licensing, their ongoing concerns with software piracy, code tampering, reverse engineering and counterfeiting remain very real. Licensing and protection mechanisms are evolving as consumers become more comfortable with the convenience of software-based license activations as well as a move toward cloud-based licensing considerations, particularly to accommodate the hybrid work environment. Despite these transformations in consumer preferences, dongles (aka hardware-based license containers) remain a tried-and true protection solution for many customers, both software publishers and embedded systems engineers.

The benefits of secure hardware dongles remain the same today as they did decades ago when these devices were first developed:

• License Portability – The license is on the dongle and is easily moved from one system to another.
• License Recovery – In case of a machine crash, the end user can easily move the dongle and the associated license to the new computer.
• License Borrowing – Licenses can be lent out (to travelling engineers and salespeople, for example)
• License Redundancy – Important in “Mission Critical” applications (Ex: Hot and Cold Stand-by licenses).
• License Security – Prevents employees or others to use software illegally, even if it is unintentional.

Secure hardware elements provide the advanced industrial-grade protection features necessary to address the new wave of cyber threats in connected industry and provide the integrity of data, applications, and communication. For these purposes, let’s take an in-depth look under the hood at the CodeMeter dongle (CmDongle) with integrated flash memory that has been the industry standard-bearer since its introduction in the early 2,000’s.

Smart Card Chip

CmDongles incorporate a smart card chip, which includes a microcontroller with a secure storage area for cryptographic keys and firmware. ISVs can independently encrypt and decrypt data using symmetric or asymmetric algorithms like AES, RSA, and ECC and sign data or verify the signature. Smart cards use Infineon Technologies’ chips that are EAL 5+ evaluated and provide protection against side channel attacks, making it virtually impossible to copy the firmware. This combination provides the highest levels of protection.

Abundant License Storage

Each CmDongle offers 328 kB of memory that can accommodate up to 2,000 licenses with different license models. Each of these licenses may be a multi-user license with thousands of concurrent seats. Because all licenses are contained in secure memory of the smart card chip, users can easily transfer a license from one computer to another without requiring additional license files. Additionally, each CmDongle can store licenses from different vendors in separate areas, allowing management of multiple vendors from a single CmDongle.

Additional Mass Storage

CmDongles are also optionally available with up to 64 GB of mass storage (flash memory). This architecture allows the delivery of software and data directly via the CmDongle. In addition, software can run from the CmDongle itself, without any driver installation (zero footprint) for a complete mobile experience. CmDongles typically use industrial-grade SLC memory (Single-Level Cell). This memory can be overwritten more frequently, is faster, and works in a wider temperature range. The more cost-effective MLC memory (Multi-Level Cell) is alternatively available upon request.

Software vendors can partition the storage space into different areas, with a choice of the following types:

• Public: Free area for reading and writing data
• Private: Protected area; it requires a password for reading and writing data
• Hidden: Secret area, accessible only via API and password
• CD-ROM: Read-only area

Secure Field Updates

Licenses can be securely activated, upgraded, and deactivated directly in the field. The user sends the software publisher a remote context file that identifies the desired CmDongle. In turn, the software vendor creates a remote update file that can be imported only once to that specific CmDongle. With a tamper-proof receipt, CodeMeter automatically ensures that the action was performed successfully.

Choice of Form Factors

CmDongles are available in a wide array of form factors, from compact and standard USBs to microSD's and ASICs, accommodating most PC or embedded devices.

If dongles continue to be your protection method of choice, be sure to read more about why CodeMeter dongles are the industry standard. Watch our pre-recorded Webinar, The Dongle is Dead – Long Live the Dongle, or download our whitepaper, CmDongle with Flash Memory in Practice, to learn more about security functions and several specific use cases across a variety of industries.