The Truth About Dongles Protecting intellectual property and the end-user experience Contents Executive summary 3 A history of dongles 4 The problem with dongles 5 The alternative: software-based protection 6 Software-based protection problems 7 PRO-Tector Flash™: the best of both worlds 8 Combining hardware and software to solve the dongle problem 9 The customer proposition 10 Conclusion 11 2 About The Author Executive summary he world of computing is very cyclical. TOften, you will find concepts from yesteryear recycled and repackaged. The idea of centralized computing, for example, which emerged with the mainframe, lost favour when client/server developed, only to find fortune again in the era of thin client computing and shared applications. Facilities houses and computer bureaus were a thing of the past until Henry Roberts, CTO, Nalpeiron. someone coined the term ‘hosted services’ and the whole cycle began again. Henry Roberts helped develop one of the first general purpose And so it should be. The world of computing is computers at Monroe Calculator built on solid ideas that we should not forget, in the 1970s. The thesis for his MSc at the University of South but the real innovation comes with taking those Carolina's graduate school in old ideas and adapting them to add value and to Computer Science helped Apple adapt to modern conditions. The dongle is a Computer to adapt its own copy prime example of this. A technology from the protection system. Henry’s thesis early 1980s, it was clunky, expensive, and beset was responsible for defeating Locksmith, a technology that by many problems, limiting it to niche was known for being able to applications for very expensive software. But circumvent any copy protection there is an element of usefulness in physical technology on the Apple copy protection that we should not lose. platform. After obtaining his MSc in 1981, This, the latest in a series of white papers from Henry worked on further Apple Nalpeiron offering new insights into copy copy protection technology at protection concepts, explains how the concept Sensible Software. In 1983 he of physical protection is being modernized, started his own company, AST, fused with digital licensing technologies to to create custom copy protection solutions. create a whole new product category. This new product provides a dramatic reduction in In 2002 Henry devised a new operating overheads for software vendors copy protection technology that thanks to the use of inexpensive, industry led to the development of PRO- standard components, and gives new meaning Tector and its Protect-n-Forget (PnF) technology. AST and to the term 'copy protection'. Nalpeiron worked together to produce the new products until 2004, when Nalpeiron acquired AST. 3 A history of dongles Generally, copy protection technologies for computer software have fallen into two categories: the digital, and the physical. No matter how diligently you attempt to protect your computer software from piracy, protecting it using software algorithms will always introduce an element of vulnerability. Because software can be manipulated, hackers with enough skill can neutralise the detection algorithms or circumnavigate encryption mechanisms designed to keep your intellectual property under lock and key. Physical protection is by no means foolproof, and can be hacked by determined software crackers, but it represents another level of protection for software. This is why protecting software physically has always appealed to software developers. Getting physical Physical copy protection emerged in the early 1980s, and came in the form of a dongle. A dongle is a hardware device designed to plug into a computer's I/O port. The dongle provides verification that the software is valid, because it ships with the product and is very difficult to duplicate. A dongle solution normally consists of three separate components: • A custom processor containing the intelligence in the system along with the license credentials necessary to activate the software. • A physical interface to the main board (either a serial port, parallel port or USB port). • A device driver designed for installation on the PC that will talk to the dongle hardware. The critical thing here is the specialist processor on the physical device. This is what makes a USB dongle different from a standard USB flash drive. Ideally, the software program using the dongle to authenticate itself would perform multiple checks by querying the dongle through the I/O port. Badly implemented dongles may only reference the dongle when they start up, setting a single reference variable that will allow the program to run. Such devices leave themselves open to code tampering, and properly implemented dongle/software solutions will involve multiple reference checks to the dongle from different parts of the program, making it much more difficult for hackers to fake the dongle’s existence by tampering with the program code. 4 The problem with dongles The dongle sounds like an ideal solution, but it suffers from some underlying problems that affect the end user and the software developer alike. These can be collected together into a few categories: Using physical media causes physical problems Physical devices can be lost more easily, especially small form factor devices such as a dongle. A customer who loses the dongle will not be able to use the software until it is replaced. Supplying and replacing dongles is a problem for the vendor. One of the advantages of working in the software business is that inventory is less relevant because your product can be replicated and doesn’t take up any space. Conversely, dongles must be managed as physical stock, placing additional demands on your business. Replacing your customers’ lost dongles is yet another problem. Because dongles have not traditionally offered any value add for the customer, replacing a lost dongle is simply an inconvenience for the customer, especially if they have to pay for it. Dongles are also expensive to manufacture, meaning that suppliers must increase the price of their software to accomodate the extra up-front cost. Buying 1,000 traditional dongles at $30 each will result in a $30,000 inventory, which has to be held in stock until it is used, tying up badly needed capital that could be used elsewhere. Higher development costs Dongles are traditionally hard to upgrade, requiring you to send out a new device or new drivers. Users have to wait until these upgrades are issued before their software will work properly. Software protection that uses dongles is not as easy to develop for as non- physical technology. Apart from the universally accepted physical interfaces (serial port/parallel port/USB) there are no standards for dongles, meaning that each dongle solution works differently, using different ASICs and software drivers. They create support headaches Dongles can cause incompatibilities with hardware and software. A dongle that works perfectly well may suddenly experience problems following a major operating system upgrade or driver patch. Should a dongle suddenly begin locking up because of changes to its operating environment, the supplier will have to resolve the problem, often with considerable time delays waiting for new drivers. The costs could be significant. 5 The alternative: software-based protection While dongles evolved as a form of physical protection, a parallel development has taken place. Digital protection technology has evolved in various forms. Because of its reliance on software innovation rather than physical protection, the approaches to digital copy protection have evolved at a faster pace than dongle- based systems. Wrappers Evolving from the loader-based mechanisms found in some software protection systems, software wrappers are envelopes of code that encrypt your own application binary. Because the software wrapper has to decrypt the code before it can be run, it can be programmed to check for the existence of a software license before allowing access. SDKs An SDK is a piece of copy protection code that has been developed for a specific application environment. Unlike wrappers, which are designed to fit around your existing code like a shell, SDKs integrate more tightly with your application. You can make calls to the application programming interface (API) presented by the software development kit from within your own software. For example, whenever a particular function is called, it checks the details of your license using the SDK. In this way, it becomes more difficult for hackers to disassociate the copy protection from the application code. SDKs are stronger and harder to hack than wrappers and much cheaper and more flexible than dongles. They have more features and integrate with applications much more tightly, allowing for features such as custom screens, for example. 6 Software-based protection problems Generally, software-based copy protection technology has been seen as more vulnerable than dongle-based systems, because software is easier for third parties to manipulate then hardware-based systems. Wrappers Software wrappers are considered by many developers to be among the easiest products to use, because they are often designed to be easily integrated into any product. However, that ease of use comes at a price. Once cracked, a software wrapper can be countered with an unwrapper that is easy to distribute and run. Search the Internet to find cracks for some of the better-known software protection mechanisms, and you will be surprised at how quickly software crackers can neutralise code. It becomes profitable for them to do this, because once you have created a software patch neutralizing the protection provided by a single wrapper, you theoretically provide access to tens or hundreds of software applications protected using that product. Developers should also be wary of future operating system developments when using wrappers. Unless you are sure that your wrapper solution will survive Windows XP Service Pack 2 and future operating system upgrades, for example, you could find yourself with increasing support costs in the future.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages12 Page
-
File Size-