Access Protection

CodeMeter^® Identity provides secure access to web applications and Software-as-a-Service solutions.

The private key is a unique 'finger print' of the user. It is securely stored in the CmDongle or locally on the customer's PC in encrypted format. Asymmetric cryptography guarantees maximum security. The user can use the CmDongle he already uses for licenses or other access.

Your benefits

• Password sniffing and phishing made impossible
• Maximum security using asymmetric cryptography
• Flexible and mobile use
• Easy handling by multi-functional devices

How does CodeMeter^® access protection work?

The CmDongle or a PC-specific encrypted CmActLicense contains a private 224 bit ECC (Elliptic Curve Cryptography) key. From a technical point of view, a 224 bit ECC key corresponds to a 2048 bit RSA key. The corresponding public key is stored in a database on the server.

When the user logs on, the server creates a random challenge. The client signs this challenge with the private key and sends back his signature to the server as the response. The server uses the public key in the database to check the user's identity. Storing the public key on the server means an attacker - even if he is able to get a hold on the public key in the database - cannot pretend to be the user as the private key is located on the user's PC.

Authentication