20130115 ruediger embedded webinar - wibu …...2013/01/15  · wibu-systems 2013 page 20...

Page 1Wibu-Systems 2013

CodeMeter

Product Overview

Rüdiger KüglerVP Sales | Security Expert

rk@wibu.com

Page 2Wibu-Systems 2013

Involved Parties:

Vendor

• Protects Software• Issues Licenses

User

• Uses protected andlicensed software

Page 3Wibu-Systems 2013

LICENSE ACTIVATIONView of the User

Page 4Wibu-Systems 2013

UserVendor

Dongle based licensing

Dongle with license

Page 5Wibu-Systems 2013

UserVendor

Software based licensing

Individual License File

Fingerprint

Page 6Wibu-Systems 2013

UserVendor

Features on Demand

Update File

orSame Process for CmDongle

and CmActLicense

Update File fits only to oneCmDongle or one CmActLicense

License Request

Page 7Wibu-Systems 2013

User gets his ticketwith order confirmationor delivery note

User starts activationclient software

Activation takes placein background

Customer Portal Integration File exchange between Embedded Device and

Vendor’s Development Tools

Process Automation

Page 8Wibu-Systems 2013

1) User gets Order Confirmation

Page 9Wibu-Systems 2013

2) User starts Activation Client

Page 10Wibu-Systems 2013

2) User starts Activation Client II

Page 11Wibu-Systems 2013

2) User starts Activation Client III

Page 12Wibu-Systems 2013

2) User starts Activation Client IV

Page 13Wibu-Systems 2013

3) Software is activated

Page 14Wibu-Systems 2013

OVERVIEWView of the Vendor

Page 15Wibu-Systems 2013

CodeMeter for the Vendor

Technology(CmDongle /

CmActLicenses)

Software Integration

Backoffice Integration

AxProtectorCodeMeter API

CodeMeterLicense Central

Dongles:CmDongle (USB, SD,

CF, µSD, …)

Softlicenses:CodeMeter SmartBind®

License Models:Single User, Trial,

Network, ….

Development Tools

EmbeddedDevice

Page 16Wibu-Systems 2013

CODEMETER TECHNOLOGYView of the Vendor

Page 17Wibu-Systems 2013

Realizing license models

Single User License

Floating Network Licenses

Software Renting

Pay-Per-Use

Modular Licensing

Trial Licenses

Downgrade License

Software Assurance

High Availability Licenses

…

Text

License Quantity

Expiration Time

Usage Period

Unit Counter

Feature Map

Product Code

Maintainance Period

Customer Own License Information

…

Licen

se M

odels

Prod

uct It

em O

ption

s

Page 18Wibu-Systems 2013

Secure license storage

CmActLicense CodeMeter SmartBind®

Dynamic fingerprint Tolerance level Trial license mode

Binding Extension Individual binding to

embedded device

CmDongle Hardware with secure Smartcard chip Secure license storage (no unauthorized copying)

CmDongle

Software

CmActLicense

CodeMeter License Server

Page 19Wibu-Systems 2013

SOFTWARE INTEGRATIONView of the Vendor

Page 20Wibu-Systems 2013

Integration into the Software

Wrapper (Automatic Protection) AxProtector Standard Systems: Windows 32-bit / 64-bit, Mac OS

X, Linux, .NET Assemblies, Java J2SE, J2EE Embedded Systems: VxWorks, Windows CE,

Windows Embedded, Embedded Linux CodeMeter Core API Getting license information Encrypting data via Secret Key in CmDongle or

CmActLicense Signature API (sign, verify)

Page 21Wibu-Systems 2013

Application with simple API calls (.NET)

.Net (and Java) code can be disassembled very easily

Page 22Wibu-Systems 2013

Hacker removes license check

Page 23Wibu-Systems 2013

Cracked application

License checkis removed

Page 24Wibu-Systems 2013

AxProtector/IxProtector .Net

Compiled application Release version

Header

Code

Header

Stub Code(without Intellectual

Properties)

AxEngine(Security Engine)

Encrypted Code(original Code with

Intellectual Properties)

Ax/IxProtector

Definitionof licenses

and modules

Page 25Wibu-Systems 2013

Perfect protected Code with AxProtector

Code is no longer readable

Page 26Wibu-Systems 2013

CODEMETER FOR EMBEDDEDView of the Embedded Vendor

Page 27Wibu-Systems 2013

CodeMeter for Embedded

Similar requirements (to PC software) Intellectual Property Protection Software Licensing Features On Demand

New Challenges Integrity Protection of whole device Access Control to Embedded Device

Different Environments OS is under control of vendor Devices with low performance / low resources

Page 28Wibu-Systems 2013

Wibu-Systems Offerings:

Wrapper for Embedded Devices AxProtector VxWorks, Windows CE, Windows

Embedded, Linux Embedded, … CodeMeter Compact Driver Modular (CmDongle, CmActLicense, CmLan, …) Works in low resource environments Library or Source Driver

Secure Storage of keys Private Keys (Authentication) Secret Keys (Encryption of data / software)

Page 29Wibu-Systems 2013

Wibu-Systems Offerings 2:

Signing API Used for integrity check of software on embedded

device Integration into Boot Process Pre-Boot Loader checks Boot Loader Boot Loader checks Operating System

Professional Services Individual concepts and implementation

Page 30Wibu-Systems 2013

Integrity Check on Embedded Device

Page 31Wibu-Systems 2013

Integrity Check (Protection Process)

EncryptedSoftware

CredentialsSignature of

hash of original software

Public key andpublic certificate

OriginalSoftware

AxProtector

Private key andpublic certificate

License parameters(FSB)

EncryptedEncryption Key

Page 32Wibu-Systems 2013

RAM

Integrity Check (Runtime)

EncryptedSoftware

Credentials

OriginalSoftware

Root Public Key License with Keyfor decryption

VxWorks Loader(with AxEngine and

current revokation list)Credentials

Watch Dog

Page 33Wibu-Systems 2013

AxProtector for VxWorks

Encrypts application DKM / RTP / VIP (VxWorks Image)

Checks integrity of application Loader is integrated into VxWorks image Certificate Chain for updates of whole image /

single applications Integration into Bootloader / Bios Similar technology for Embedded Linux /

Windows Embedded / QNX

Page 34Wibu-Systems 2013

BACK OFFICE INTEGRATIONView of the Vendor

Page 35Wibu-Systems 2013

Ticket /Fingerprint

4

Use

r

Online Activation ServerVe

ndor

Ticket3

License5

Ticket2

SKU1

Online ActivationServer

Page 36Wibu-Systems 2013

Many Backoffice Integration options

BusinessLogic

User Interface

License CentralERP

CRM

Webdepot

Gateway

Connector eCommerce(Digital River)

CRM(Sales Force)

ActivationWizard

Browser

Connector

Webserverin DMZ

C

C

Database

InhouseApplication

G

C

Page 37Wibu-Systems 2013 Page 37

Activation Wizard

Page 38Wibu-Systems 2013

License Portal

Page 39Wibu-Systems 2013

License Portal II

Page 40Wibu-Systems 2013

License Portal Customization

Page 41Wibu-Systems 2013

FOR YOUR ATTENTIONThank you