When it comes to software protection, CmDongles provide the highest level of security. The core of every CmDongle is a smart card chip, which includes a microcontroller with a secure storage area for cryptographic keys and the firmware.
Wibu-Systems currently uses smart card chips from Infineon Technologies, which are EAL 5+ evaluated and provide protection against side channel attacks, such as DPA (Differential Power Analysis). Reading keys and copying the firmware is therefore practically impossible.
With CmDongles, software publishers can independently encrypt and decrypt data using symmetric or asymmetric algorithms like AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adleman), and ECC (Elliptic Curve Cryptography) and sign data or verify the signature.
Larger License Storage
Each CmDongle offers 328 kByte of memory for your licenses, which can accommodate up to 2,000 licenses with different license models. Each of these licenses may be a multi-user license with thousands of concurrent seats.
All on a CmDongle
A CmDongle contains all the licenses in the secure memory of its smart card chip. Thus, users can easily transfer licenses from one computer to another by plugging the CmDongle into the machine they need. There are no additional license files needed.
Additional Mass Storage (Flash Memory)
CmDongles are also optionally available with up to 64 GB of mass storage (flash memory). This architecture allows the delivery of your software and data directly via a CmDongle. In addition, your software can run from the CmDongle itself, without any driver installation (zero footprint) for a complete mobile experience. CmDongles typically use industrial-grade SLC memory (Single-Level Cell). This memory can be overwritten more frequently, is faster, and works in a wider temperature range. The more cost-effective MLC memory (Multi-Level Cell) is alternatively available upon request.
Software vendors can partition the storage space into different areas, with a choice of the following types:
Public: Free area for reading and writing data
Private: Protected area; it requires a password for reading and writing data
Hidden: Secret area, accessible only via API and password
CD-ROM: Read-only area
CmDongles are enabled with two communication interfaces: Mass Storage Device (MSD) or Human Interface Device (HID). Thus, no additional drivers are required, and the user can connect to a PC and use a CmDongle without having administrator privileges. Software vendors can make a choice before delivering the units, and set HID or MSD themselves or leave the choice open to their customers.
Multiple Vendors – One CmDongle
Each CmDongle can store licenses from different vendors in separate areas. Thus, the user needs only a single CmDongle to manage multiple vendors’ licenses. This feature is particularly attractive to suppliers of plug-ins and extensions.
Software vendors that make use of CmDongles can update licenses directly in the field. The update is based on data exchange. In practice, the user sends the software publisher a remote context file that identifies the desired CmDongle. In turn, the software vendor creates a remote update file that can be imported only once to that specific CmDongle.
This process allows the activation, upgrading, and deactivation of licenses. With a tamper-proof receipt, CodeMeter automatically ensures that the action was performed successfully. The license update can be transmitted automatically by means of CodeMeter License Central.
Secure Firmware Update
Also the firmware of CmDongles can be updated in the field. Software vendors can use functions that were not yet available at the time of delivery. The firmware update is signed by Wibu-Systems and can be distributed online or offline. A fake or homemade firmware update would therefore be detected and rejected by CmDongle.
Secure Internal Clock
Each CmDongle is equipped with an internal clock. All time-based licenses are automatically checked on the CmDongle against the internal clock. This clock is located in the smart card chip and is protected against tampering. It provides an intelligent synchronization mechanism, is available for all form factors, and needs no battery, meaning an unlimited running time.
Optionally, CmSticks/T come with an extra battery-operated clock that is used as an additional reference for synchronization for the virtual clock. This specific CmStick is highly recommended if the software is time limited and rarely used.
CmDongles are available in a complete array of form factors.