KEY - CodeMeter
KEY - CodeMeter
KEY - CodeMeter
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
No.11 | Spring 2006<br />
<strong>KEY</strong> n o t e<br />
CONTENT<br />
CeBIT HANOVER<br />
March 9-15 | 2006<br />
Hall 7 | Booth A21<br />
Page 2 | Jump-start with <strong>CodeMeter</strong> | 10 good reasons<br />
Page 4 | AxProtector | Automatic integration of <strong>CodeMeter</strong><br />
Page 6 | <strong>CodeMeter</strong> Producer | Trouble-free programming of CM-Stick<br />
Page 8 | <strong>CodeMeter</strong> API Guide | Integration into the source code<br />
Page 10 | Secure integration with WibuKey<br />
Page 12 | CM Password Manager | New features<br />
Page 15 | CA Computer Associates available in the CM-Shop<br />
n o t e<br />
WIBU-Magazine<br />
Jump-start<br />
with <strong>CodeMeter</strong><br />
More and more software vendors are<br />
deciding to switch their software protection<br />
to <strong>CodeMeter</strong>. There are many different<br />
reasons for this. Here you’ll find<br />
the top ten reasons:<br />
WIBU-SYSTEMS is a well<br />
known international company<br />
Over 3,500 customers worldwide, with<br />
more than one million hardware keys in<br />
the field, have made WIBU-SYSTEMS one<br />
of the top three vendors of hardware<br />
based software protection. WIBU-SYS-<br />
TEMS has subsidiaries and distributors all<br />
over the world.<br />
Stability and reliability<br />
WIBU-SYSTEMS is the first provider of<br />
hardware-based software protection, to<br />
be certified by ISO 9001:2000 – ever since<br />
1997. Our products fulfill all important<br />
international standards like CE, FCC, UL,<br />
ROHS, WEEE, VCCI or VDE.<br />
Continuous backwards<br />
compatibility since 1989<br />
Any software, which was protected with<br />
WibuKey version 1 in 1989, is running<br />
smoothly today with the latest type of<br />
hardware without any modification in<br />
the software.<br />
Today’s WibuKey customers can use<br />
<strong>CodeMeter</strong> and WibuKey simultaneously<br />
to protect a single executable.<br />
Please read on the next page
2<br />
<strong>KEY</strong> n o t e<br />
E D I T O R I A L<br />
Dear Customers and Partners,<br />
Many decisions are based on price.<br />
But what is the true price? It’s not the<br />
cost of purchase, for sure. What has<br />
to be added and what is your returnon-investment?<br />
Cheap prices do not<br />
always make sense. The “It is wiser to<br />
be a miser” mentality is often selfdeception.<br />
We invest continuously in our<br />
products, e.g. ROHS conforming<br />
production and better software<br />
enabling you easier and more rapid<br />
implementation with higher level of<br />
security and first class support. Some<br />
of our latest developments include<br />
perfect software protection without<br />
source code modification for Win 64bit,<br />
Java, .NET or MacOS X Universal<br />
together with protection of PDF<br />
documents and multimedia content<br />
are some of our latest developments.<br />
Our products are constantly winning<br />
awards for concept, security, design<br />
and handling. Have a look and decide<br />
yourself!<br />
Hope this edition will provide you<br />
with a few new ideas for your<br />
applications.<br />
Sincerely yours<br />
Oliver Winzenried<br />
Easiest implementation<br />
with <strong>CodeMeter</strong><br />
With AxProtector you can protect your<br />
unsecured application (Windows 32-bit,<br />
64-bit, MS .Net, Mac OS X) without any<br />
access to the source code automatically –<br />
at your fingertips.<br />
Additionally to the AxProtector the CM<br />
API-Guide supplies the automatic creation<br />
of flexible source code fragments (in<br />
C, C++, C#, VB6, VB.NET, Delphi and Java),<br />
ready to be integrated into the source<br />
code or your own application.<br />
Last but not least the CM-Producer is a<br />
full database solution to create and manage<br />
your licenses.<br />
Highest security with<br />
<strong>CodeMeter</strong><br />
WIBU-SYSTEMS is so far the only supplier<br />
of hardware based software protection,<br />
which has proven the security of its protection<br />
method in three public hacker’s<br />
contests with more than 1000 hackers in<br />
the field.<br />
With 128-bit AES and 224-bit ECC Code-<br />
Meter is based on internationally accepted<br />
encryption standards.<br />
Application<br />
dynamic<br />
Jump-start with <strong>CodeMeter</strong> | 10 good reasons<br />
With AxProtector you can select the bestsuitable<br />
anti-debugging strategy for your<br />
purposes. The CM-Stick can be locked<br />
immediately during a detected attack.<br />
Don’t give a cracker a second chance!<br />
Since 1989 WIBU-SYSTEMS has implemented<br />
a flexible encryption system.<br />
When accessing the hardware, you can<br />
change the keys used during the execution<br />
of your software.<br />
One hardware type for all<br />
purposes<br />
With <strong>CodeMeter</strong>, CM-Stick is the only<br />
multipurpose hardware design. You can<br />
use the same hardware device at single<br />
workstations and for managing licenses<br />
in a network.<br />
Each CM-Stick has several features,<br />
including the ability to accommodate<br />
more than 1000 different counters for<br />
pay-per-use; a certificate-controlled clock<br />
for time-limited licenses and Feature<br />
Maps for securely protecting more than<br />
100,000 individual modules. You can combine<br />
all these features in any way.<br />
You exclusively decide with the programming<br />
of the CM-Stick how your software<br />
licenses will be managed. To make things<br />
simple, the protected executable is identical<br />
for all licensing variants.<br />
One CM-Stick can be used simultaneously<br />
by more than 500 totally independent<br />
licensors to protect more than 1500 applications.<br />
Extensive multi platform<br />
support<br />
<strong>CodeMeter</strong> is available for Windows,<br />
Linux and Mac OS and can be used in<br />
heterogeneous networks – for example a<br />
license server running on Linux and the<br />
client systems running on Windows and<br />
Mac OS.<br />
Flexible licensing of<br />
<strong>CodeMeter</strong><br />
Windows Mac OS Linux<br />
Application<br />
static<br />
WibuCm32static.lib libwibucmmac.a<br />
WibuCm32.dll WibuCmNet.dll<br />
WibuCmmacX.<br />
framework<br />
<strong>CodeMeter</strong> Runtime Service<br />
You will already have noted the flexible<br />
application of <strong>CodeMeter</strong>. The product<br />
also has flexible licensing available:<br />
p You purchase <strong>CodeMeter</strong> like classic<br />
protection hardware (“dongle”).<br />
p You license <strong>CodeMeter</strong> as pay-per-use<br />
product: You get the CM-Stick up to<br />
50% cheaper but pay a small amount of<br />
fee to transfer (“program”) the license<br />
into the CM-Stick.<br />
Mass storage device driver USB storage device driver USB storage device driver<br />
CM-Stick<br />
Application<br />
.Net<br />
Application<br />
dynamic<br />
Application<br />
static<br />
Application<br />
dynamic<br />
libwibucmlin.so<br />
CM-Stick CM-Stick<br />
Application<br />
static<br />
libwibucmlin.a<br />
knowhow<br />
32.000 Modules<br />
p You can reuse any existing CM-Stick at<br />
user site by the small pay-per-use fee.<br />
Complete reprogramming<br />
of a CM-Stick via file transfer<br />
or Internet<br />
1.000 Products<br />
Any CM-Stick, which is already at user site,<br />
can be reprogrammed by transferring a<br />
file or via the CM-Talk Internet protocol.<br />
This also includes storing totally new<br />
licenses or updating a single workstation<br />
license to a multi-user network license.<br />
It is guaranteed that the data for such a<br />
programming operation can be used only<br />
for one specific CM-Stick and even then<br />
only once!<br />
Possibly the best solution is to integrate<br />
<strong>CodeMeter</strong> into your current online shopping<br />
solution. An option for such an integration<br />
is to use the existing infrastructure<br />
of www.codemeter.com without any<br />
initial cost.<br />
<strong>CodeMeter</strong> is available for Windows, Linux<br />
and Mac OS<br />
1.000 Expiration Date<br />
1.000 Network Counter<br />
1.000 Pay-Per-Use Counter<br />
1.000 Activation Date<br />
Readily accepted by your<br />
customer<br />
<strong>CodeMeter</strong> uses the Mass Storage Driver,<br />
which is already provided by the operating<br />
system. In practice your user just plugs<br />
the CM-Stick into the PC; it will be detected<br />
automatically without installation of<br />
any additional driver and can be immediately<br />
used.<br />
Beyond this simple installation, CM-Stick<br />
provides users with a neat password management<br />
tool and an ability to encrypt<br />
data on the hard disk via a virtual drive.<br />
Optionally, a CM-Stick is available with<br />
additional Flash memory – up to 2 GByte.<br />
Due the possibility of sharing licenses<br />
from different licensors on one CM-Stick,<br />
a customer needs only one CM-Stick for<br />
all his or her licensed applications.<br />
Please read on the next pages:<br />
p Automatic integration with AxProtector<br />
p API Integration with the <strong>CodeMeter</strong><br />
API-Guide<br />
p Programming of CM-Sticks with the<br />
CM-Producer<br />
No.11 | 2006<br />
3
<strong>KEY</strong><br />
n o t e product<br />
How memory dumping<br />
works<br />
The cracker analyses the software<br />
(typically automatically using tools)<br />
to find the OEP of a software. At this<br />
location, the execution of the software<br />
will be interrupted and the<br />
content of the RAM will be written<br />
back to the hard disk (dumped).<br />
Another tool then reconstructs the<br />
IAT (Import Address Table) in this<br />
memory dump. As result, the software<br />
can be executed without<br />
checking for a dongle.<br />
In practice, an experienced cracker<br />
can complete such a dongle remove<br />
in less than 15 minutes.<br />
4<br />
PE Header Link to new OEP<br />
Code section<br />
Data section<br />
Resource section<br />
Security section<br />
PE Header Link reconstruction to OEP<br />
Code section<br />
Data section<br />
Resource section<br />
Security section<br />
OEP<br />
OEP<br />
Security code<br />
Anatomy of a wrapper<br />
Dumping und reconstruction<br />
IAT<br />
IAT redirect<br />
IAT<br />
(reconstrution)<br />
April 4 | 2006 | Wien<br />
April 6 | 2006 | Graz<br />
You will find further dates and more<br />
information on www.wibu.com<br />
IAT<br />
Operating<br />
System<br />
Operating<br />
System<br />
AxProtector | Automatic inte gration of <strong>CodeMeter</strong><br />
The AxProtector is a powerful tool, which<br />
automatically protects your ready-to-execute<br />
application for <strong>CodeMeter</strong> without<br />
requiring any source code access.<br />
AxProtector encrypts the code of your<br />
software and adds the AxEngine. This<br />
decrypts the code after starting in the<br />
RAM and continues the execution at the<br />
Original Entry Point (OEP).<br />
Security against memory<br />
dumping<br />
Frequently we have to answer following<br />
question: “Is it not possible to bypass the<br />
CM-Stick access by a memory dump?”<br />
No, this is not possible! The AxProtector is<br />
supplied with the security options<br />
Resource Encryption, Static Modification<br />
and Dynamic Modification which are<br />
three methods against memory dumping.<br />
Additionally AxProtector makes it difficult<br />
for the tools used by crackers to find the<br />
OEP. This is done by complex but configurable<br />
debugging detection methods.<br />
The AxProtector checks if your software<br />
was started within a debugging process<br />
and terminates it in such an environment.<br />
You can decide to lock the CM-Stick.<br />
Don’t be worried about this option, as<br />
you always can unlock again via Remote<br />
Access. By additional integration of the<br />
CM-API (and encryption of single code<br />
areas in your application) you can further<br />
increase the security level against memory<br />
dumping.<br />
Compatibility with WibuKey<br />
As a WibuKey customer you can protect<br />
an executable file, which will automatically<br />
accept either WibuKey or <strong>CodeMeter</strong><br />
as hardware protection.<br />
Just select the desired hardware variant<br />
or select both!<br />
Supported platforms<br />
The AxProtector is available on following<br />
platforms:<br />
p Windows 32-bit<br />
p Windows 64-bit<br />
p .Net 1.1 and 2.0<br />
p Mac OS X (Power<br />
PC, Intel and<br />
Universal Binaries)<br />
p Java<br />
Further platforms – for example Linux –<br />
are under development.<br />
Error messages –<br />
as you want them<br />
In the previous <strong>KEY</strong>note we wrote about<br />
CmUserMsgXx.dll which gives you the<br />
ability to customize your own error messages.<br />
This interface also offers other<br />
advantages:<br />
p Try Before You Buy<br />
In AxProtector you set the threshold value<br />
of the Expiration Date to the end of the<br />
test period plus one day (default is 100).<br />
Then you show in your warning message<br />
how many days the user has until the<br />
evaluation expires.<br />
p Demo versions<br />
Your application is protected with Ax-<br />
Protector. When the matching AxProtector<br />
is not available, CmUserMsg.dll will<br />
be called. However, this does not show its<br />
own dialog but starts the demo version<br />
instead of the full version.<br />
p Server in the background<br />
If your application is a service, displaying<br />
a message box (or another dialog box) is<br />
difficult. Again CmUserMsg.dll shows its<br />
power: You can handle the error, write it<br />
into a log file or send the error “to home”<br />
and have full control of how you handle<br />
the error (retry, terminate etc.)<br />
First steps with the<br />
AxProtector<br />
After selecting the project type you will<br />
see the file selection dialog. Just choose<br />
the file which you want to protect. The<br />
destination file is created by default –<br />
with your freedom to change this.<br />
In the next window you choose the protection<br />
hardware type. You can protect<br />
your application with <strong>CodeMeter</strong>, with<br />
WibuKey or with both (only one type<br />
must be available at user site).<br />
The Firm Code is assigned by WIBU-SYS-<br />
TEMS: Only you have the permission to<br />
program CM-Sticks or WIBU-BOXes with<br />
your individual Firm Code. For this you<br />
need a master key, the Firm Security Box<br />
(FSB).<br />
You can freely choose the Product Code<br />
respectively the User Code. Most of our<br />
customers assign one code per product or<br />
module.<br />
With <strong>CodeMeter</strong> you have the option of<br />
protecting specific modules of your application<br />
via the 32-bit Feature Map. For this<br />
the Feature Code in AxProtector should<br />
be set to 0 and each individual protected<br />
module has a specific power-of-2 value (1,<br />
2, 4, 8 etc.).<br />
We recommend choosing Firm Code 10<br />
and Product Code 13 for a first test. This<br />
license item is already stored in the CM-<br />
Stick shipped in the <strong>CodeMeter</strong> SDK.<br />
All other settings you can set on default<br />
for a first test.<br />
Go then to the summary page of the<br />
AxProtector, verify that the FSB master<br />
key of the SDK is plugged and click<br />
Create: Now you have protected your first<br />
software with <strong>CodeMeter</strong>! For further<br />
settings, for example network and security<br />
options please refer to the Developer’s<br />
Guide.<br />
AxProtector also supports the non-interactive<br />
(batch) encryption of your software<br />
(for example in a make file). For this we<br />
have an additional command line tool.<br />
The corresponding command line options<br />
of a specific dialog setting can be easily<br />
found in the AxProtector itself.<br />
You can also find the output of the<br />
encryption in the same dialog. You can<br />
easily check whether your application was<br />
correctly encrypted with the set options<br />
or viewing the issued warnings.<br />
No.11 | 2006<br />
5
6<br />
<strong>KEY</strong> n o t e<br />
Your <strong>CodeMeter</strong> protected software only<br />
can be started when the matching license<br />
item is stored in a connected CM-Stick. In<br />
our example this is Firm Code 10 with<br />
Product Code 13. This item is already<br />
stored in the CM-Stick of the SDK.<br />
You have several choices when programming<br />
your own license items into a CM-<br />
Stick. You can modify existing items or<br />
add them with additional options using<br />
any of the methods below:<br />
p Manual programming via CmBoxPgm,<br />
p With a web shop via CM-Talk<br />
p Using the <strong>CodeMeter</strong>-API out of your<br />
application source code<br />
p Easily and efficiently with the CM-<br />
Producer<br />
In all these cases you will need a Master<br />
CM-Stick, the Firm Security Box (FSB). The<br />
FSB contains your Firm Code and guarantees,<br />
that only you can program a license<br />
based on your Firm Code, into a CM-Stick.<br />
The CM-Stick of the SDK is also by default<br />
a FSB for the Test Firm Code 10.<br />
CM-Producer | Trouble-free programming of CM-Sticks<br />
Process orientation<br />
The CM-Producer is process orientated:<br />
p Defining the product and the module<br />
by product management and software<br />
development.<br />
p Definition of sales packages by product<br />
management or sales department.<br />
p Definition of order templates by the<br />
sales department.<br />
p Order management and correspondent<br />
CM-Stick programming by the sales<br />
department.<br />
Definition of products<br />
The Products are your atoms, the smallest<br />
units within your software licensing.<br />
These atoms are defined by:<br />
p Firm Code: This is assigned by WIBU-<br />
SYSTEMS to you. Only you with your<br />
unique FSB can program CM-Sticks with<br />
your Firm Code.<br />
p Product Code: A 32-bit value, which can<br />
be freely assigned by you.<br />
p Feature Map: Another 32-bit value,<br />
which can be assigned by you. Such a<br />
map will be analyzed by their binary<br />
bits – for example a Feature Map of 9<br />
includes automatically Feature Codes 0,<br />
1 and 8 but not 2 or 4.<br />
Products are mapped directly with Firm<br />
Code, Product Code and Feature Code to<br />
protected applications – maybe by the<br />
setting of AxProtector or by the parameters<br />
used when calling the <strong>CodeMeter</strong><br />
API.<br />
Definition of packages<br />
Packages are used to map the defined<br />
products into your business and sales<br />
model. Several products can be combined<br />
and license options can be assigned so<br />
these products.<br />
Usage Units can be used for pay-per-use<br />
models. If a Unit Counter is available in<br />
the CM-Stick, it is reduced automatically<br />
by 1 each time a software product starts,<br />
which had been protected by AxProtector<br />
with the appropriate option set. (see<br />
advanced license settings in AxProtector).<br />
You can also reduce a Unit Counter by the<br />
<strong>CodeMeter</strong>-API explicitly.<br />
CM-Producer lets you define whether a<br />
Unit Counter is set to a fixed new value or<br />
a delta value is added to an existing Unit<br />
Counter. It is also possible to convert a<br />
pay-per-use license into an unlimited full<br />
version just by deleting the Unit Counter<br />
in the CM-Stick by the CM-Producer.<br />
Activation and Expiration Time defines<br />
the time frame of a valid license. This is<br />
useful for creating demonstration, renting<br />
or leasing licenses.<br />
For example, CM-Producer allows you to<br />
set such times to fixed dates, add a delta<br />
to an existing time, or just delete such<br />
dates for an unlimited-time license<br />
access.<br />
The Network Counter defines the maximum<br />
of simultaneously available licenses<br />
in a network from any workstation<br />
(floating licenses).<br />
By setting the Network Counter to 0, the<br />
license can be used only locally at that PC<br />
were the CM-Stick is plugged. The<br />
default value is 1. Such a license can not<br />
only be used locally but alternatively also<br />
in the local network from another PC.<br />
The Product Item Text gives your license a<br />
specific name. This text is not securityrelated<br />
and may be changed later by the<br />
user too.<br />
Furthermore you can decide whether<br />
available license items should be deleted:<br />
p Don’t delete: a possibly available item<br />
with matching Firm Code, Product<br />
Code and Feature Map will be modified.<br />
Please note that the checking of<br />
the Feature Map interprets this as a<br />
bitmap.<br />
p Delete Product Item: a possibly available<br />
license item will be deleted.<br />
p Delete Firm Item: All License items with<br />
this Firm Code will be deleted.<br />
Each product in a package can be individually<br />
configured.<br />
Order templates<br />
In the next step you define your order<br />
templates. You can also summarize several<br />
packages to a single order template.<br />
Orders<br />
From an order template it’s easy to create<br />
your order. Just click at Execute.<br />
Additionally you can specify, who has created<br />
the order and for which customer<br />
(user) the CM-Stick was programmed<br />
(order number and name).<br />
CM-Producer permits local CM-Stick programming<br />
as well as the remote programming<br />
via CM-FAS. Just select the<br />
desired option Direct or Remote.<br />
After a successful programming the<br />
green light of the CM-Stick is on, while<br />
the programming the red light is on.<br />
To execute a CM-FAS programming you<br />
need a context file, which your customer<br />
product<br />
TIP FSB in the network<br />
To program a CM-Stick or to protect<br />
your software with AxProtector you<br />
will need your FSB. This can be either<br />
plugged at your local PC or any PC in<br />
the network.<br />
On both PC (the server with the<br />
plugged FSB and the client with the<br />
CM-Stick to be programmed) the<br />
CmFirm.wbc file with your Firm Code<br />
must be stored in the runtime\bin<br />
folder. Please restart <strong>CodeMeter</strong>.exe<br />
after copying this file to the two<br />
locations.<br />
Activate via <strong>CodeMeter</strong>-WebAdmin<br />
the <strong>CodeMeter</strong>-Server at your server<br />
system. To avoid the use of the FSB<br />
from other PCs in the network, you<br />
can define via the Codemeter-<br />
WebAdmin which client PCs have<br />
access rights to the server with the<br />
FSB.<br />
(user) has sent to you – just select then<br />
the desired file in the CM-Producer. If a<br />
context file or a local PC contains several<br />
CM-Sticks, you have to choose a specific<br />
CM-Stick via its serial number.<br />
Then the created CM-FAS update file can<br />
be just sent to the customer per email.<br />
Order history<br />
In the order history you will find all executed<br />
orders with the chosen options.<br />
No.11 | 2006<br />
7
8<br />
<strong>KEY</strong> n o t e<br />
Customer example<br />
Visual FoxPro (Extract)<br />
In this example the WibuCm32.dll is<br />
called directly from Visual FoxPro.<br />
Declaration<br />
Declare Long CmAccess IN<br />
"WibuCm32.dll"; Long FlCtrl,<br />
String @stCmAccess<br />
Declare Long CmRelease IN<br />
"WibuCm32.dll"; Long hcmse<br />
Declare Long CmGetLastErrorCode<br />
IN "WibuCm32.dll"<br />
Call (Firm Code 0, Product Code 0,<br />
Feature Map 0)<br />
stCmAccess = Repli(Chr(0), 176)<br />
flCtrl = CM_ACCESS_LOCAL<br />
hCmAccess = CmAccess(flCtrl,<br />
stCmAccess)<br />
iError = CmGetLastErrorCode()<br />
IF (hCmAccess 0)<br />
CmRelease(hCmAccess)<br />
ENDIF<br />
Many thanks to Mr. Walter Nix for<br />
providing this example!<br />
<strong>CodeMeter</strong> API-Guide | Integ ration into the source code<br />
AxProtector lets you protect your software<br />
easily and securely. However, if you<br />
want to further enforce this security or if<br />
you plan protect different parts of one<br />
single executable with different licenses<br />
(modular protection) then you have to<br />
use the Codemeter-API.<br />
The <strong>CodeMeter</strong>-API is identical for all CM-<br />
Stick variants and operating systems. It is<br />
available for following programming languages:<br />
p C, C++, C#<br />
p VB 6, VB.Net<br />
p Delphi<br />
p Java<br />
Is your favorite programming language<br />
missing? Please speak with our support<br />
team for an individual solution.<br />
The CM API-Guide<br />
The CM API-Guide gives you the ability to<br />
create the desired CM-API calls in your<br />
favorite programming language and also<br />
to test such calls.<br />
The CM API-Guide creates source code<br />
fragments, which you just transfer with<br />
Copy and Paste into to the source code of<br />
your application.<br />
Basic API Calls<br />
p CmAccess<br />
To access a CM-Stick you start with the<br />
CmAccess call: Here you specify via Firm<br />
Code, Product Code and Feature Map<br />
which license item you want to access.<br />
You can also setup the access options<br />
here.<br />
p CmRelease<br />
The handle, which was created and<br />
returned from CmAccess, can be released<br />
with a CmRelease call.<br />
p CmGetLastErrorCode<br />
CmGetLastErrorCode can be used to check<br />
any error which was returned from<br />
CmAccess or CmRelease.<br />
With these three commands you have<br />
implemented a very simple check of the<br />
CM-Stick.<br />
Of course, the security of such a simple<br />
checking is very restricted: The software<br />
protection is reduced to a simple Jump-<br />
Zero or JumpNotZero assembler instruction.<br />
A cracker only needs to modify the<br />
single byte of this instruction in the executable<br />
and the protection is dead. That’s<br />
why we always recommend the use of<br />
additional encryption.<br />
Basic API Call: CmCrypt<br />
The CmCrypt function is a powerful interface<br />
to encrypt or decrypt data within<br />
your application.<br />
To use CmCrypt, you need a handle which<br />
was previously returned by CmAccess to<br />
address a specific license item (Firm Code<br />
and Product Code).<br />
The actual used key for an encryption or<br />
decryption is calculated by a hash function<br />
from different parameters. These are:<br />
CM-Stick internal constants, your Firm<br />
Key, Firm Code and Product Code, the<br />
Feature Code and options which defines<br />
functions like reducing a Unit Counter or<br />
checking the Expiration Date .<br />
You can define additional parameters<br />
yourself:<br />
The Encryption Code, which you can also<br />
freely change while your program is running.<br />
Instead of the fixed Firm Key you<br />
can also get additional keys from Secret<br />
Data or Hidden Data items.<br />
Hidden Data items can be written into the<br />
CM-Stick with your FSB (also remote). This<br />
data can also read back from your application<br />
with a secret password.<br />
Secret Data items can be written into the<br />
CM-Stick with your FSB (also remote).<br />
However this data can never be read<br />
back, not even from WIBU-SYSTEMS.<br />
The Firm Key is your own secret key which<br />
you receive with your FSB. You can use<br />
the initial Firm Key or define your own<br />
(secret) Firm Key. Such an individual Firm<br />
Key should never be changed after the<br />
first delivery of licenses using this key.<br />
Otherwise encrypted data for this Firm<br />
Key can no longer be decrypted by the old<br />
Firm Key. You should save your Firm Key<br />
in a safe location. Alternatively you can<br />
use the initial Firm Key. This is cryptographically<br />
created and known only by<br />
you and WIBU-SYSTEMS. Firm Key, secret<br />
data items or Hidden Data items are programmed<br />
as part of a license into a CM-<br />
Stick.<br />
Typically the Firm Key is used as basis of<br />
an encryption. Due to the dependency of<br />
the actual used key from the Product<br />
Code by hash you will have for every different<br />
Product Code another encryption.<br />
It is recommended that you encrypt and<br />
decrypt the data with random-based<br />
encryption codes during the execution of<br />
your program (RED) and to store encrypted<br />
data with fixed encryption code (RID)<br />
into your source code. Mix RED and RID as<br />
much as possible! See also secure encryption<br />
with WibuKey on the next page.<br />
Runtime check<br />
knowhow<br />
You have got with CmAccess a handle to a<br />
license. Now you want to check at frequent<br />
time intervals whether the handle<br />
is still valid. For this you call a CM-API<br />
function with this handle and check the<br />
return value. In the case of an error call<br />
CmGetLastError too.<br />
For highest security implement an encryption<br />
with CmCrypt. At time critical locations<br />
the CmGetInfo call can be used<br />
instead. This API function returns information<br />
about the accessed CM-Stick. If<br />
the CM-Stick was unplugged, an error is<br />
returned.<br />
March<br />
August<br />
Complete function blocks<br />
In addition to the basic API calls you can<br />
find in the CM API-Guide complete function<br />
blocks. Such function blocks demonstrate<br />
the reading and writing of data<br />
into the CM-Stick, the implementation of<br />
several encryption variants and the<br />
addressing of the CM-Stick LEDs.<br />
History list<br />
CeBIT 2006, Hanover,<br />
Germany | March 9 - 15 | 2006<br />
Hall 7 | Booth A 21<br />
www.cebit.de<br />
GAMES CONVENTION<br />
DEVELOPER CONFERENCE, Leipzig<br />
Germany | August 21 - 23 | 2006<br />
www.gcdc.de<br />
You can also execute CM-API calls interactively.<br />
You can find in the history list all<br />
executed commands and the corresponding<br />
source code.<br />
TRADE SHOWS<br />
Lectures CeBIT Forum | H5 B48<br />
PC-Security for business and users<br />
March 12th | 15:20 - 15:40<br />
March 15th | 10:15 - 10:35<br />
No.11 | 2006<br />
9
<strong>KEY</strong> n o t e<br />
The WibuKey hardware has demonstrated<br />
in three seperate Hacker’s Contest its<br />
powerful security. However, you can still<br />
sometimes find on the Internet available<br />
cracks of software which were protected<br />
with WibuKey.<br />
Such cracks attack the weakest location in<br />
the complete package – the interface<br />
between your software and our hardware.<br />
The following tips will provide you<br />
with hints, ideas and concepts on how<br />
you can significantly reduce this potential<br />
for weakness.<br />
With the selection code WibuKey supplies<br />
a powerful tool for modifying the encryption<br />
during your protected program runs.<br />
Take advantage of this!<br />
Encryption strategies<br />
Random Encryption Decryption<br />
Encrypt data at runtime with a random<br />
selection code. Decrypt it again if you<br />
need this data. Possibly use a checksum<br />
to validate the decrypted information but<br />
use it directly without further comparison.<br />
Instead of data you can also encrypt and<br />
decrypt a random number of sequences.<br />
Required Information Decryption<br />
Encrypt constants or tables while developing<br />
a software product and store these as<br />
binary sequence into the source of the<br />
program. Decrypt this data whenever you<br />
need it in your software at runtime using<br />
a fixed selection code, which is also stored<br />
in the source code. Encrypt the data after<br />
the use again.<br />
p Tip 1<br />
Use encryption. Mix RED and RID sequences<br />
in your application.<br />
p Tip 2<br />
Use code instead of data (AXAN, available<br />
for C/C++/Delphi under Windows).<br />
10<br />
Secure integration of WibuKey News<br />
p Tip 3<br />
Store for the same data different RID<br />
sequences with different encryption<br />
codes.<br />
p Tip 4<br />
Don’t show any error messages directly<br />
after the failure of an encryption.<br />
Otherwise a cracker can easily find via<br />
two or three jumps back the relevant<br />
location in the source code.<br />
p Tip 5<br />
Integrate the encryption and decryption<br />
at different locations into your software.<br />
If possible, duplicate the source code and<br />
insert small modifications. Use this for<br />
locations which are both frequently called<br />
and also rarely called.<br />
AxProtector<br />
In addition to the use of encryption methods<br />
in the WibuKey-API, the software for<br />
Windows and Mac OS X can be protected<br />
with the AxProtector.<br />
The AxProtector supplies extensive anti<br />
debugging methods and the ability to<br />
lock the hardware as result of a cracker<br />
attack. This can be achieved by setting a<br />
Limit Counter to 0. You program into the<br />
WibuBox your Firm Code with the desired<br />
User Code. Additionally you set the limit<br />
counter to the number of permitted<br />
cracker attacks (for example 1). With each<br />
detecting of a cracker attack by the<br />
AxEngine this counter will be decreased<br />
by 1. After the counter has reached 0, no<br />
more encryption is possible and your software<br />
cannot be started any more. Now<br />
the cracker has to wait until you (if ever)<br />
reactivate the WibuBox by a remote programming<br />
update.<br />
If you want to also use a Limit Counter for<br />
pay-per-use, then use a second entry with<br />
another user code for this operation. This<br />
Limit Counter is then reduced by explicitly<br />
calling the WibuKey-API.<br />
Static versus dynamic<br />
Another weak point is the wkwin32.dll.<br />
This link library provides the WibuKey-API<br />
functions for you.<br />
To avoid a crack replacing this library, you<br />
can also use a static driver, providing the<br />
same API for MS Visual C. The disadvantage<br />
is that you loose the flexibility of the<br />
DLL-API, for example the support of<br />
future WibuKey hardware variants. To<br />
support this, you have to recompile your<br />
software again.<br />
For all other programming languages,<br />
which do not support static link libraries,<br />
you can check the validity of the<br />
wkwin32.dll. Load the library module<br />
dynamically via LoadLibrary and read<br />
back the entry point addresses via<br />
GetProcAddress. Compare these addresses<br />
with those which you stored previously<br />
into your protected application. Also,<br />
here you have to update your software to<br />
future versions of the wkwin32.dll.<br />
Win one<br />
Software Development Kit<br />
<strong>CodeMeter</strong> and WIBU-BOX<br />
together in one CardBus card<br />
The new <strong>CodeMeter</strong> card is coming! As a<br />
CardBus card, it combines the functionality<br />
of a WIBU-BOX/+ and a CM-Stick/M<br />
with a Flash Disk and it can be used for all<br />
current notebooks. It is even possible if<br />
the present PCMCIA cards don’t work.<br />
There are no additional drivers necessary<br />
because it will be recognised as a USB hub<br />
including both functions. Now there is a<br />
highest level of flexibility and a guaranteed<br />
future.<br />
Your feedback is important<br />
Dear readers. Now you have been<br />
reading the eleventh issue of our<br />
<strong>KEY</strong>note magazine and now we would<br />
like to ask for your feedback. Just fill<br />
out our survey and you can win one<br />
<strong>CodeMeter</strong> Software Development Kit<br />
with CM-Stick/M. Please visit our<br />
homepage www.wibu.com/keynote.<br />
It will take you just five minutes.<br />
<strong>CodeMeter</strong> 2.20b<br />
There are many improvements and extensions<br />
for the <strong>CodeMeter</strong> software. The<br />
AxProtector protects applications without<br />
changes to the source code for 32-bit<br />
Windows and 64-bit Windows, Java, .NET<br />
and Mac OS X Universal. These are<br />
Macintosh computers with PPC or Intel<br />
processor. To ease individual integration,<br />
the CM API-Guide generates the source<br />
code for the most important applications<br />
in C, C++, C#, Java, Delphi, VB6 and<br />
VB.NET. The CM-Producer makes delivery<br />
of your CM-Sticks a walk-over! First you<br />
have to define your products, then your<br />
sales department can easily create licenses,<br />
even for CM-Sticks that have been<br />
delivered to your customers. All actions<br />
will be stored in a data base so that you<br />
always have an overview. A new<br />
Developer’s Guide helps you understanding<br />
and integrating <strong>CodeMeter</strong>. You can<br />
read more about the tools and the integration<br />
with <strong>CodeMeter</strong> in this issue of<br />
the <strong>KEY</strong>note magazine.<br />
Soon all WIBU-BOXes will be<br />
available with a „+“<br />
For two years now, WIBU-BOXes have<br />
been available with an additional<br />
memory of 16 kByte. It is helpful for storing<br />
extensive configuration data or<br />
license data in addition to the Firm<br />
Code/User Code that is required for secure<br />
protection. Because of the big demand<br />
we have decided to deliver all WIBU-<br />
BOXes with a “+” in the future and to<br />
reduce the prices. While stock lasts, the<br />
versions without “+” can be ordered. The<br />
OEM version will be unchanged. The version<br />
with the “+” are 100% backward<br />
compatible and are another example of<br />
the way we continue to improve our<br />
products. It is not necessary to change<br />
your applications – just the WibuKey drivers<br />
version 4.0 (available since autumn<br />
2003) or higher have to be used.<br />
Mac OS X Universal Support<br />
In good time for the availability of the<br />
new Apple Macintosh computers with<br />
Intel CPU, WibuKey and <strong>CodeMeter</strong> will<br />
support them. Our automatic encryption<br />
even supports Mac OS X Universal Binaries<br />
running on PPC and Intel and of course it<br />
protects both executable code resources.<br />
news<br />
SmartShelter PDF Media<br />
Since February 2006 our new Smart-<br />
Shelter PDF plug-in for the free Adobe<br />
Acrobat Reader is available – free of<br />
charge and officially licensed by Adobe.<br />
Create and protect your documents with<br />
Adobe Acrobat. You can just choose the<br />
protection type <strong>CodeMeter</strong> Security via<br />
document options. The protected document<br />
can be read with both Adobe<br />
Acrobat and the free reader if our plug-in<br />
is in the directory and a CM-Stick with the<br />
right license is connected.<br />
Furthermore in February we are starting<br />
the first projects with a media player. Now<br />
you can easily protect videos and sounds<br />
with <strong>CodeMeter</strong>. Are you interested in it?<br />
Ask for your Development Kit.<br />
Design Award 2006 in the<br />
Federal Republic of Germany<br />
The CM-Stick/M was awarded<br />
with the iF Design Award in<br />
Hanover and Shanghai and<br />
now it has been nominated<br />
for the German design prize.<br />
This is a sign for the compatibility<br />
of function, aesthetics<br />
and manageability. Special thanks goes to<br />
our designer “Design Team Quer” in<br />
Gelnhausen (Germany) and the employees<br />
involved.<br />
WEEE registration<br />
WIBU-SYSTEMS is enrolled in<br />
the German electronic waste<br />
register EAR via WEEE-Reg.-<br />
No. DE 90465365.<br />
It includes all CM-Sticks and<br />
WIBU-BOXes.<br />
No.11 | 2006 11
<strong>KEY</strong> n o t e<br />
SIIA Codie Awards 2006 Finalist<br />
Best security software<br />
At SIIA Codie Awards 2005, Code-<br />
Meter has been selected as finalist<br />
in the category “Best Digital Rights<br />
Management Solution: Software”<br />
by an international jury and now at<br />
the SIIA Codie Awards 2006 in the<br />
category “Best Security Software”.<br />
It shows that with <strong>CodeMeter</strong> there<br />
is a product with benefits for both<br />
the vendors of software and digital<br />
content by a unique solution providing<br />
the highest level of security<br />
and flexibility. Users get a superior<br />
DRM systems and additional PC<br />
security functions such as secure<br />
login and file encryption and a<br />
mobile password manager.<br />
SIIA Codie Award 2005 Finalist<br />
Best Digital Rights Management<br />
Solution: Software<br />
iF Product Design Award<br />
2005 CeBIT<br />
iF Design Award<br />
China CeBIT asia 2004<br />
CM Password Manager 2.20 | New features<br />
Every user should get assistance through<br />
the CM Password Manager while trying<br />
to manage his or her passwords and<br />
taking advantage of the new security<br />
features.<br />
The new version 2.20 memorizes new<br />
passwords using the Internet Explorer,<br />
Firefox, Mozilla and Netscape running<br />
under Windows. This helpful tool for<br />
password management recognizes the<br />
various fields required for access to<br />
Internet pages.<br />
Calling an Internet page typically requires<br />
mandatory entry of a user name and a<br />
password. This causes the password manager<br />
to check for the required field data<br />
stored on the CM-Stick and initiates the<br />
transfer and the insertion of the data<br />
available. If data is not present, the software<br />
asks the user for input and memorizes<br />
the required data. In addition fields<br />
and marked control fields of a template<br />
will be stored together with any state<br />
information coming from selected fields<br />
or check boxes.<br />
Also, multiple accounts can be setup for a<br />
single web page, i.e. if you have multiple<br />
Convenient and mobile<br />
access control<br />
You are using various user accounts?<br />
The CM Password Manager stores many<br />
different passwords and data in your CM-<br />
Stick. You can make use of them on any<br />
PC very conveniently while maintaining<br />
your mobility.<br />
e-mail accounts using one provider. You<br />
choose your account before you enter<br />
your data. Learning forms on websites is<br />
another new feature. Changes in a website<br />
form will be updated automatically in<br />
your CM-Stick<br />
All access data is encrypted inside a<br />
SmartCard chip as an essential security<br />
component of the CM-Stick. Data would<br />
be kept safe and available as if they are<br />
memorized by someone’s excellent brain.<br />
Data therefore can be carried conveniently<br />
in your pocket or on a bunch of keys.<br />
Protection against phishing<br />
As the CM Password Manager checks for<br />
the exact URL or domain before fill in of<br />
access data, phishing attacks have no<br />
chance, even if your browser shows a<br />
counterfeited URL. Protection is assured,<br />
since Internet pages are either entered<br />
manually or are filled in automatically<br />
one time with the right address.<br />
In addition it can be made obligatory to<br />
select HTTPS for ensuring a higher level of<br />
security.<br />
Auto-Fill of web forms<br />
Upon detection of a form on a web page<br />
the password manger fills in the required<br />
data. The relevant access data will only be<br />
decrypted at the time of the data transfer.<br />
You can leave your computer unattended<br />
for a longer time without risking that<br />
unauthorized persons might get access to<br />
your accounts. The CM Password Manger<br />
allows you to determine that each automated<br />
fill in requires the input of your<br />
personal password. The same applies for<br />
accessing any data managed by the CM<br />
Password Manager.<br />
Identification of web pages<br />
Most of the URLs for web pages contain<br />
session IDs. On each visit of such a page a<br />
unique ID will be generated. Some of the<br />
password managers available can memorize<br />
the pages, but are unable to recognize<br />
them upon a next visit, since the<br />
stored session ID does not correspond to<br />
the one encountered.<br />
The contrary is the case with the CM<br />
Password Manager. You can determine on<br />
your own, whether a web page shall be<br />
identified by domain, by sub-domain or<br />
by the complete information of the URL.<br />
The portable Firefox 1.5<br />
The portable Firefox 1.5 is optimized for<br />
USB-Sticks and portable drives. It offers<br />
full browser capability and in addition<br />
supports themes and extensions. WIBU-<br />
SYSTEMS has developed a special plug-in<br />
for the portable Firefox to cooperate with<br />
the CM Password Manager. The plug-in is<br />
pre-installed and may be used together<br />
with CM Password Manager immediately.<br />
Having this stored in your CM-Stick/M,<br />
you can use it on any PC without need to<br />
install anything on this PC.<br />
Additional news<br />
There is a new category iTAN to store the<br />
new more secure indexed TAN-lists from<br />
many banks with upto 100 TAN numbers<br />
per list. You can check the quality of passwords<br />
or even generate good ones. The<br />
new utility dialog allows a secure deleting<br />
of all password data from your CM-Stick<br />
as well as writing to and reading from a<br />
file. Furthermore a new online help function<br />
offers useful hints.<br />
The CM Password Manager supports<br />
Windows, Linux and Mac OS X.<br />
Furthermore CM-Stick provides capabilities<br />
for personal security such as data<br />
product<br />
Easy to handle editing<br />
web forms<br />
encryption and data protection by access<br />
control. In addition there are options for<br />
advantageously purchasing software and<br />
the usage of a large flash storage capacity<br />
of up to 2 gigabytes.<br />
The CM-Stick or CM-Stick/M is a perfect<br />
gift for every PC user, for you, for your<br />
customer or your friends.<br />
www.codemeter.de<br />
12 No.11 | 2006 13
<strong>KEY</strong> n o t e<br />
The new <strong>CodeMeter</strong> Development Kit<br />
comes with two universal sample applications<br />
that cover the most common<br />
protection and licensing schemes.<br />
The <strong>CodeMeter</strong> Development Kit comes<br />
with sample applications in multiple programming<br />
languages. The current release<br />
covers the programming languages C++,<br />
C#, VB6, VB.NET, Delphi and Java.<br />
Additionally the <strong>CodeMeter</strong> API-Guide is<br />
a perfect tool to assist you with the<br />
<strong>CodeMeter</strong>-API. The <strong>CodeMeter</strong> .NET<br />
framework can be used with all .NET languages,<br />
so the samples implemented in<br />
C# or VB.NET can be adapted easily.<br />
CmDemo | A universal sample<br />
The CmDemo sample application is a universal<br />
project that demonstrates the<br />
implementation of the most common API<br />
functions. CmDemo is implemented in<br />
almost all of the programming languages<br />
that are supported by the <strong>CodeMeter</strong><br />
Development Kit.<br />
For a better clarity the API functions are<br />
used in self-contained subroutines that<br />
are accessed by thematically tabbed<br />
pages:<br />
p Basics<br />
This tab page demonstrates the accessing<br />
and reading of entries, as well as the<br />
encryption feature. So this section contains<br />
the code that is needed in most of<br />
all <strong>CodeMeter</strong> implementations.<br />
p Managing<br />
This tab pages demonstrates the listing of<br />
complete CM-Sticks, the reading of CM-<br />
Stick related information like runtime version,<br />
hardware version etc. The accessing<br />
of the LEDs is demonstrated as well as the<br />
network access and the error handling.<br />
p Programming<br />
Here the programming and deleting of<br />
different entry types is demonstrated. The<br />
code in this section can, for example, be<br />
used to develop your own programming<br />
tools.<br />
14<br />
p Remote Update<br />
This tab page demonstrates the CM-Field<br />
Activation Service (CM-FAS) feature,<br />
which allows you to re-program a CM-<br />
Stick from remote without shipping the<br />
CM-Stick itself.<br />
The event that corresponds to pushing<br />
the Run MyCode button executes code<br />
that can be entered in a separate subroutine<br />
to evaluate your own code fragments.<br />
CmCalculator | Modular<br />
protection and pay-per-use<br />
The CmCalculator example demonstrates<br />
the possibility of modular software protection<br />
combined with pay-per-use<br />
modality. The idea behind this is to send<br />
the user a protected application. In order<br />
to be able to use this program the user<br />
needs to have a predefined entry in his<br />
CM-Stick. For different modules he needs<br />
different additional entries; here in this<br />
sample this is implemented by the<br />
Feature Code of the license entry.<br />
Each mathematical operation of the<br />
CmCalculator decreases the tick counter,<br />
controlled by a Unit Counter, by a defined<br />
value. Different mathematical functions<br />
have different decrement values to implement<br />
pay-per-use with different costs for<br />
the multiple modules.<br />
p Basic functions will decrease the Unit<br />
Counter each time by one.<br />
p Power functions will decrease the Unit<br />
Counter each time by two.<br />
p Angle functions will decrease the Unit<br />
Counter each time by five.<br />
p Memory functions will not decrease the<br />
Unit Counter; this module is for free.<br />
p Factorial functions will decrease the<br />
Unit Counter each time by ten.<br />
For implementing the modular protection<br />
every module of the CmCalculator is represented<br />
by a bit in the Feature Code of<br />
the license entry of the CmCalculator. By<br />
re-programming the Feature Code, either<br />
directly, by CM-FAS or via CM-Talk, the<br />
modules can enabled or disabled. In the<br />
same way the tick counter can be reset to<br />
a new initial value.<br />
Antivirus solution combined with<br />
Digital Rights Management.<br />
CA and WIBU-SYSTEMS have started a<br />
strategical partnership in November.<br />
CA Computer Associates GmbH (CA), a<br />
German subsidiary of one of the worldwide<br />
leading companies for IT management<br />
software, and WIBU-SYSTEMS AG<br />
have been working together as partners<br />
since November. The aim is the creation of<br />
even more extensive levels of security for<br />
companies and users, combined with<br />
additional benefits such as password<br />
management and user friendliness. As a<br />
first product, CA provides the antivirus<br />
software eTrust Antivirus version 7.1 that<br />
is protected with <strong>CodeMeter</strong> (CM) of<br />
WIBU-SYSTEMS. The software can be purchased<br />
at a reduced rate via the shop<br />
www.codemeter.com by the users of the<br />
USB hardware CM-Stick.<br />
Birgit Bamberg, Channel Manager Indirect<br />
Sales at CA, explains: „Our customers<br />
are already aware of our security<br />
through our complete product portfolio.<br />
Therefore <strong>CodeMeter</strong> of WIBU-SYSTEMS<br />
is the perfect basis for our partnership.<br />
We can provide our customers with an<br />
optimal full service to eliminate dangers<br />
from the Internet with eTrust Antivirus.<br />
Now the users can use complex passwords<br />
via the CM Password Manager and so the<br />
level of security can be easily improved.<br />
We intend to offer other CA products<br />
<strong>CodeMeter</strong>-protected such as eTrust<br />
PestPatrol AntiSpyware via the online<br />
shop.“<br />
And Oliver Winzenried, C.E.O. of WIBU-<br />
SYSTEMS, adds: “Since its appearance, the<br />
well-known email worm “I love you” in<br />
2000 has increased awareness of virus<br />
dangers for many users. Securing the PC<br />
at work and at home needs correct handling<br />
of passwords. Especially helpful for<br />
the user is that the <strong>CodeMeter</strong> version of<br />
eTrust Antivirus combines both. It is<br />
important that security can be used easily<br />
and comfortably.”<br />
eTrust Antivirus<br />
eTrust Antivirus achieves protection for<br />
companies in real time against the most<br />
important attack – Viruses. The powerful<br />
virus protection software sniffs viruses out<br />
automatically and eliminates them. It<br />
combines the advanced use of virus<br />
removal and signature updates. The soft-<br />
hotspot<br />
New CM sample applications CA available in the CM-Shop<br />
ware secures the communication through<br />
the protection of critical mail servers and<br />
the IT infrastructure, starting with servers<br />
and desktops up to wireless end devices.<br />
CM-Stick<br />
The CM-Stick is a mobile device, which<br />
allows the user to store passwords securely<br />
and always have them at hand. The<br />
device can be used everywhere to encrypt<br />
files, purchase software at a reduced rate<br />
and to lock or unlock the computer.<br />
The CM Password Manager is an extremely<br />
helpful facility: it administrates a variety<br />
of different passwords and fills in the<br />
access data of required web sites automatically.<br />
All this information is of course<br />
stored in the CM-Stick. Additionally the<br />
CM-Stick stores the correct web sites and<br />
they will be checked automatically. Consequently,<br />
the user is protected against<br />
phishing attacks and spying through keyboard<br />
entries via trojan horses. The CM-<br />
Stick will be especially useful for online<br />
banking users. A serially numbered TAN<br />
list helps with the execution of all transactions.<br />
The CM-Stick is available with a<br />
memory of 128 MByte up to 2 GByte.<br />
www.codemeter.de<br />
I M P R E S S U M<br />
<strong>KEY</strong>note 11. Edition, Spring 2006<br />
Publisher: WIBU-SYSTEMS AG<br />
Rueppurrer Strasse 52-54 · D-76137 Karlsruhe<br />
Phone: +49-721-93172-0 · Telefax: +49-721-93172-22<br />
Email: info@wibu.com · www.wibu.com<br />
Responsible for the content: Oliver Winzenried<br />
Editors: Marcellus Buchheit · Norbert Geissler<br />
Rüdiger Kügler · Stefan Nikolaus · Elke Spiegelhalter<br />
Stephan Süptitz · Oliver Winzenried<br />
Letters are welcome at any time. They are protected by<br />
the secret of the editorial staff. Articles identified by<br />
name don’t absolutely reflect the opinion of the editors.<br />
No.11 | 2006<br />
15
<strong>CodeMeter</strong><br />
No. 1<br />
in Software and<br />
Document Protection<br />
p Highest security<br />
p Vendor selectable secret and private key<br />
p Strong encryption algorithms with AES 128 bit and ECC 224 bit<br />
p Best-in-class tools for automatic protection (envelope, no source modification)<br />
for Win32, Win64, .NET, Java and MacOS X Universal (PPC, Intel)<br />
p Best flexibility<br />
p More than 1000 independent licenses can be protected by one CM-Stick<br />
p One versatile hardware key for all license models including floating network licenses<br />
p Multi platform support including Windows, Mac OS X and Linux<br />
p New distribution channels<br />
p License transfer by SOAP based CM-Talk or file based Field Activation Service in eShops<br />
p Multiple purpose, including protecting low cost software and content<br />
p Unique end user advantages<br />
p First and smallest dongle with up to 2 GByte Flash Disk<br />
p No drivers necessary – can be used without administrator rights<br />
p CM Password Manager, secure virtual drive and secure login<br />
Order your free Software Development Kit now!<br />
Phone 1-800-6-GO-WIBU | testkit@wibu.com<br />
2005 | Best Digital Rights Management<br />
Solution: Software<br />
2006 | Best Security Software<br />
The very highest quality by<br />
WIBU-SYSTEMS!<br />
More than 3000 application developers<br />
and creators of intellectual<br />
property trust in WIBU-SYSTEMS<br />
solutions since 1989.<br />
WIBU-SYSTEMS USA Inc.<br />
2429 NW 197th Street<br />
Shoreline, WA 98177, USA<br />
www.wibu.com<br />
Tel: 1-206-546-4891<br />
Fax: 1-206-237-2644