Sentinel Hardware Keys Developer's Guide - Customer Connection ...

More documents

Recommendations

Info

Chapter 7 – Implementing Secure Licensing Contents Glossary Index Troubleshooting Tip: The query/response table is written into the design header file when you build a license template containing an AES feature. 1 Query Frequently If you rely on a single call at the beginning of your code, it is relatively easy for a skilled hacker to isolate the call and defeat your protection. Another potential problem with querying only once is that a user could remove the Sentinel Key after starting the application. The key could then be used to run another copy of the application. 2 Query Randomly 174 Sentinel Hardware Keys Developer’s Guide You must design the protection strategy to have the application pick the challenge from the query/response table randomly. This makes it difficult to anticipate what the challenge will be. Once you choose a challenge, use this one challenge repeatedly for some period of time (such as each time the program is run, or once a day). If your application uses a different challenge every time, then it will cycle through all available challenges in a faster time frame. This speeds up the time it takes to listen to every possible challenge. Add Noise to your Query Checks Generate random queries and then dismiss the results. This generates a large amount of unused data among the useful data. Anyone trying to record your communications with the key will need to record large amounts of data and have trouble deciphering what is meaningful. Generate New Tables Frequently Each time you create an update to your application, regenerate the query/ response table. If an attacker has been able to record all the challenges used 1. The query/response table will be generated for a CodeCover feature when you select the Include CodeCover features check box under the Build Options tab. 2. To address this, you may also like to use the SFNTSetHeartbeat API function which will release the license after specified idle period.
Tips and Tricks Contents Glossary Index Troubleshooting by your program, the update will suddenly require this work to be repeated. If you have used the tips discussed above, it will likely be time consuming so the illegitimate user is stuck using outdated software. Specify Cheat Counter Value You can specify a cheat counter value only for non-RTC Sentinel Keys. The cheat counter value is global to the Sentinel Key. It applies to all the features having lease attribute enabled. You can specify a the cheat counter value right before programming hardware keys in the License Manager screen. If desired, you can use the Secure Update process to increment the cheat counter in the field. Note: You should call the SFNTQueryFeature function in your application code to detect time tampering. In addition, the SFNTEncrypt, SFNTDecrypt, SFNT- Sign, and SFNTGetDeviceInfo functions also check for system time tampering. Use AES Algorithm to Encrypt Data You can use the AES algorithm present in the Sentinel Key for encrypting 16-byte data blocks. AES has withstood intense scrutiny from the cryptography experts and is adopted by National Institute of Standards and Technology (NIST) as US FIPS PUB 197 in November 2001 (after a 5-year standardization process). It is trusted by many organizations and has a proven track record. It provides an impenetrable security check because the AES algorithm and the 128-bit randomly generated secret key it uses are embedded in the Sentinel Key—not accessible to any debugging or memory dumping program. You need to: Call the SFNTEncrypt API function to send the plain data and have it encrypted. Sentinel Hardware Keys Developer’s Guide 175
Page 2 and 3:
Copyright © 2009, SafeNet, Inc. Al
Page 4 and 5:
Certifications European Community D
Page 6 and 7:
FCC Compliance FC Sentinel Hardware
Page 8 and 9:
Contents Sentinel Keys Server .....
Page 10 and 11:
Contents Sending Group Files to Dis
Page 12 and 13:
Contents xii Sentinel Hardware Keys
Page 14 and 15:
Conventions Used in This Guide You
Page 16 and 17:
Technical Support Technical Support
Page 18 and 19:
We Welcome Your Comments Export Con
Page 21 and 22:
Chapter 1 Introduction In this chap
Page 23 and 24:
Sentinel Keys Protect Against Softw
Page 25 and 26:
Sentinel Keys Offer Sophisticated P
Page 27 and 28:
Sentinel Keys Offer Sophisticated P
Page 29 and 30:
The Business Layer API Functions Se
Page 31 and 32:
Programming Utility Sentinel Keys T
Page 33 and 34:
Frequently Asked Questions Contents
Page 35 and 36:
Page 37 and 38:
Chapter 2 Sentinel Hardware Keys SD
Page 39 and 40:
Compiler Interfaces Sentinel Keys L
Page 41 and 42:
Distributor Key Distributor Key Con
Page 43 and 44:
Sentinel Keys Contents Glossary Ind
Page 45 and 46:
Sentinel Keys Contents Glossary Ind
Page 47 and 48:
Sentinel Keys Server Contents Gloss
Page 49 and 50:
Sentinel System Driver Sentinel Sys
Page 51 and 52:
Backward-compatibility Information
Page 53 and 54:
Command-Line CodeCover Utility Cont
Page 55 and 56:
Key Programming APIs Contents Gloss
Page 57 and 58:
GCC a For Linux Compiler/Environmen
Page 59 and 60:
Sentinel Keys License Monitor Conte
Page 61 and 62:
Sentinel Protection Installer Conte
Page 63 and 64:
Secure Update API Frequently Asked
Page 65 and 66:
authentication.) Frequently Asked Q
Page 67 and 68:
Page 69 and 70:
Chapter 3 Planning Application Prot
Page 71 and 72:
About Features, Templates, and Grou
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Planning Application Protection and
Page 81 and 82:
Page 83 and 84:
Enabling License Sharing Planning A
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91:
Part 2 Designing and Implementing P
Page 94 and 95:
Chapter 4 - Protecting Applications
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143: Chapter 5 - Protecting Applications
Page 156 and 157: Chapter 6 - Secure Remote Updates C
Page 186 and 187: Chapter 7 - Implementing Secure Lic
Page 205 and 206: Chapter 8 License Grouping This cha
Page 207 and 208: Creating New Groups To create a new
Page 209 and 210: Duplicating Groups Sending Group Fi
Page 211 and 212: Creating New Feature Instances Cont
Page 213 and 214: Export-File Manager Export-File Man
Page 215 and 216: For a Loaded Group Frequently Asked
Page 217 and 218: Update Existing Licensing Values Fr
Page 219 and 220: Stand-alone License Manager Frequen
Page 221 and 222: Chapter 9 Programming Sentinel Hard
Page 223 and 224: Programming Sentinel Keys using Sen
Page 225 and 226: To create an .wps file: Programming
Page 227 and 228: Programming Sentinel Keys using the
Page 229 and 230: Programming Sentinel Keys using the
Page 231 and 232: Frequently Asked Questions Contents
Page 233 and 234: Utility/Executable developed out of
Page 239: Part 4 Distributing Protected Appli
Page 242 and 243:
Chapter 10 - Redistributables for C
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Appendix A - Troubleshooting Conten
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Appendix B - Glossary Contents Glos
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Appendix C - Sentinel Keys Hardware
Page 298 and 299:
Appendix D - Migration from SuperPr
Page 300 and 301:
Appendix D - Migration from SuperPr
Page 302 and 303:
Index Contents Glossary Index Troub
Page 304:
Index Contents Glossary Index Troub
show all

Sentinel Hardware Keys Developer's Guide - Customer Connection ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?