PROTECTION
CodeMeter Security
The blinds weren ’ t drawn and there was no bright light glaring right in my face . But it all still felt a bit like an interrogation . Here I was , sitting on one side of the table with two executives from a potential client facing me from the other side . After two hours of this , I heard those words I had hoped for : “ Mr Kuegler , I know that nothing is 100 % secure , but CodeMeter seems to be the best option on the market .”
Let ’ s go back two hours .
Mr X : So , tell us , Mr Kuegler : How exactly does AxProtector encrypt our software ?
That was easy for me to answer : With
CodeMeter Protection Suite , we have reached the optimum balance of performance and security . When you want to encrypt software , one or more pseudo-random software keys are created . These keys are used to encrypt your application or parts of it with AES 256-bit . The keys are then encrypted themselves and stored in the software with multiple CodeMeter keys that are contained in the Code- Meter license .
When the application is run or an encrypted part of it accessed , one of these several Code- Meter keys is picked to decrypt the software key and , in turn , the software . If the right license is missing , there is no way to get the necessary software key , and the software cannot be decrypted or executed .
Mr X : But is a CmActLicense not more secure than a dongle ? With a CmDongle , you are using a familiar USB interface , but a CmActLicense could use asymmetric procedures .
My answer : To encrypt large amounts of data like an application , you always need symmetric encryption , like AES 256-bit . And if you want one installer package to work for every client , the key has to be identical for all licenses . Whether you use a CmDongle or a CmActLicense , or indeed a CmCloudContainer , the symmetric keys are transferred into in the container in an asymmetric process . They are then stored there : in the case of a CmDongle , in a smart card chip ; in a CmActLicense , in the license file that is bound to certain properties of the device ; or in the cloud in the case of CmCloudContainers . If you are using a Cm- Dongle or a CmCloudContainer , the Code- Meter key never gets into the memory of the user ’ s device . This is not the case with CmAct- Licenses , which have to have the key in the memory , but only for a brief moment and pro- tected with additional anti-reverse engineering features . But you should remember : You cannot steal what was never there .
Mr X : But people could try wiretapping : Listen in on the USB interface and simulate a CmDongle .
My answer : Again , CodeMeter has several mechanisms in place : First , communication between CodeMeter Runtime and the CmDongle is always encrypted . And the license always contains an asymmetric key alongside the symmetric keys . The protected one creates a random challenge that the CmDongle has to respond to with the private key . The software then checks the challenge with the public key . You cannot fake that check without the private key . But that ’ s not all there is : As I said , we are using several CodeMeter keys to encrypt a software key . That creates a large number of possibilities , of which one is actually chosen when the software is launched . The selection process is designed to ensure that not all possible keys are used , even when the software is launched
10