CodeMeter for newcomers

You are about to release a new version of your software which contains innovative ideas and state-of-the-art technology. However your protection and license management system is old-fashioned and out of date. This is probably because you’re not sure whether your software can cope with a new security concept and you’ve no idea how long it will take and how much it will cost to implement.

A new year brings new challenges! Are you planning a new version of your software? Have you rewritten most of your code for .NET only to discover that your current protection technology can’t encrypt it? Are you annoyed that the intern working in Consulting needed only 30 minutes using Reflector and Reflexil to delete the code you painstakingly spent hours writing to check if the dongle is attached, even though you’ve spent even more money buying an obfuscator?

Do you want to give key customers a license with software activation, or send customers with notebooks a mini dongle or SD card? Or maybe you only expect a healthy long-term collaboration with your supplier? If so, it’s now time to fundamentally rethink your software protection concept.

Wibu-Systems concentrates on its core business of software protection and licensing. “We are always focused on the customer. Solutions must suit the customer, and the benefits must outweigh the costs otherwise we aren’t offering anything,” explains Rüdiger Kügler, Vice President Sales. “We help our customers to increase their profits by reducing losses from piracy and lowering licensing costs through the use of automation and integration. Our support of innovative sales and licensing models means they also gain new customer segments.”

The economic side

The main reason most people don’t implement new software protection models is the effort involved. It takes time to get used to a new system and define new processes, and it requires heavy investment in new dongles. But look at it another way. How much is it costing you to keep the old system going? How much money are you losing because of poor license management? Although customers may honestly claim not to do so, they are often unknowingly using illegal copies. They do not realize they are infringing license terms, duplicating licenses via terminal servers, or purchasing licenses from illegal resellers. The experience of a Germany company specializing in construction software illustrates the point perfectly. The company wanted to gain a foothold in the South American market prior to the World Cup in Brazil. They soon discovered though they were already market leaders there. Bad luck for them: The company didn’t know they had a reseller in Brazil. The outcome of the lawsuit is still pending.

How much money is wasted by non-optimal processes? Do you generate your licenses manually? An R&D engineer who spends 50% of his time programming dongles doesn’t run up any extra costs, of course. However a new R&D engineer hired to relieve the “dongle programmer” of his duties because he only has 50% of his time left to do his other work, generates expenditure which is theoretically fully attributable to licensing. And this doesn’t even take into account disgruntled customers in the USA or Asia who have to wait 24 hours for their licenses. Or is your “dongle programmer” on 24 hour standby?

How much potential business are you losing because you don’t offer innovative license models such as software rental or “lite” versions? If you were to add up all the costs, it would soon become apparent that every day of procrastination is a day of lost revenue. Generally speaking, it is good practice to review your processes every 10 years and adapt them to new requirements, circumstances and increasing globalization. This review would be the ideal opportunity to implement a new protection and licensing system, although of course it shouldn’t be the only reason for the review.

The technical view

But let’s look more closely at the business of dongle replacement. Is it worth the effort? What would new dongles cost, and does this include shipment and logistics costs? Wouldn’t it be better to keep the old dongles and let the new system run parallel to the old one? In other systems this would mean you would have to build an “if-then-else” construct into the software via the API to check which dongle type is attached and then start the software as soon as a valid license is detected in either the new or old system. This has two significant drawbacks though: even the smallest patch might destroy the protection, and you have to keep both license systems running.

Not so with CodeMeter is the only system available which lets you keep your old dongles while offering improved security and standardized license production. The solution is known as CodeMeter Binding Extension. You create a license file (CmActLicense) which your software and your licensing tool (CodeMeter License Central) handle like a virtual CmDongle which means you can use all the security functions of CodeMeter. For example, you can use AxProtector to automatically protect your software from reverse engineering and piracy, while IxProtector licenses individual functions which are decrypted at runtime to improve security. CodeMeter License Central provides you with a uniform tool for creating, managing and shipping licenses.

You tie the license file to your old dongle. Of course, for your key customers, you may prefer to create a license file which is tied to their computer. In this case, CodeMeter SmartBind from Wibu-Systems delivers an intelligent automated solution. A fingerprint is created from a large set of computer parameters. The exact ingredients of the recipe used for the fingerprint (i.e. the weighting of each parameter on each system) is Wibu-Systems’ trade secret, and a patent application has been filed. You can select the tolerance level (Strict, Medium or Loose) to fix the sensitivity with which the system reacts to changes in the various hardware components. It is also possible to define configurations supporting virtual machines. In this case the recipe differs to the one used for real computers, as the significance of parameters depends on the environment in which they exist. CodeMeter SmartBind has an ingenious method for taking this into account. There are other methods beside CodeMeter SmartBind for tying your licenses to computers.

And the great thing is that, it doesn’t make any difference to your software how it is tied to your customer’s computer: you can give your customer a CmDongle, tie the software to the old dongle using Binding Extension, or use a CmActLicense tied in some other way. It’s up to you to decide what method you want to use. Wibu-Systems calls this maximum flexibility. But let’s look more closely at CodeMeter Binding Extension. You create a dll to fetch a unique feature from your old dongle such as the serial number. You probably already see the weak point here in the system. And the overall system is only as secure as its weakest link. You may have used AxProtector to protect your code from reverse engineering but if a full emulator of your old dongle exists on the black market, it would work here too. A further improvement in security is only achievable if each and every dongle is replaced. The decision to do so is yours and yours only. Wibu-Systems can only advise you. We leave it to you to choose.

You create a fingerprint of the unique feature. We recommend you use a secret “salt” value to create a HASH of the fetched feature and transfer this to CodeMeter as the fingerprint. You give the binding dll a name and sign it with a private key in your FSB. This ensures no tampering takes place when CodeMeter assigns the name, DLL and Firm Code.

Flexible license models

Before you can generate the license, you need to create a license information file. This file can be viewed as an empty cover for storing the subsequent CmActLicense. The most important information contained in the file is the name of your binding DLL and your Firm Code, and it has the same format for all customers. The CodeMeter Runtime accesses it during activation to get the name of the signed tamper-resistant bindling dll prior to loading it. Your fingerprint is now used to generate the remote context file from this CmActLicense. Of course only the public key is copied to the remote context file and not the fingerprint itself. This file is then used to generate a remote update file which contains information about the software module being activated. The fingerprint is used to decrypt the remote update file when the software is installed on the customer’s computer. The fingerprint is verified each time CodeMeter Runtime starts. You can retrigger a verification of the fingerprint at any time via a special API command (CmRevalidateBox).

All license types are handled in the same way by CodeMeter License Central. It doesn’t matter if you decide for a license file tied to the old dongle, a CmDongle or a CmActLicense with SmartBind. In all cases you have a standardized, well organized licensing system to manage your generated licenses.

Prior to changing protection systems, it’s often very important to consider those customers with maintenance contracts. Have you been generating large numbers of activation files to send to customers with maintenance contracts whenever new software was released? If so, you won’t need to do this anymore! With CodeMeter you just enter the maintenance period in the license, and whenever a release is available the license automatically recognizes whether a customer has a maintenance contract or not. A change to the license is only required when the customer buys or pays for something. The maintenance period in the license is updated whenever the customer extends the maintenance contract. And it makes no difference if you sell licenses on a calendar year basis in Germany or on a  twelve month basis in the USA. CodeMeter helps you to optimize your processes and saves you cold hard cash.  

Switch over to CodeMeter and enjoy the following benefits:

  • Many ways to switch over using Binding Extensions
  • Powerful development API
  • Flexible license models
  • Combination of dongles and software-based activation
  • Comprehensive license management
  • Diverse range of construction types

For further information, please call your country specific vendor   or vist our website - 


KEYnote 23 – Edition Spring 2012

To top