IMG STYLE 2
Post-Quantum Cryptography: Future-Proofing Your Software Licenses
Quantum computers pose a fundamental challenge to IT security. In the long term, they threaten the commonly used asymmetric encryption methods such as RSA and ECC. To ensure that the licensing and protection of your software remain secure in the future, Wibu-Systems is working closely with technology partners like Infineon on a smooth, compatible, and crypto-agile transition to post-quantum-capable methods.
SECURITY
Why Quantum Computers Pose a Risk
The asymmetric algorithms used today, such as RSA or ECC, are the cornerstone for signatures, authentication, and license management. However, once powerful quantum computers become available, private keys could be derived from existing public keys. At that point, entire authorization systems would be compromised, as attackers would be able to generate counterfeit but formally valid licenses. The exact timeline of this transformation remains uncertain. But one thing is clear: anyone who begins the migration too late will face the consequences.
Crypto-Agility as a Strategic Principle
The international research community is working intensively on quantum-resistant methods. However, whether today’ s frontrunners will prevail in the long run cannot be predicted with certainty. Systems therefore need to be crypto-agile, meaning they must have the ability to replace cryptographic algorithms during ongoing operation. Only then can new methods be integrated quickly and seamlessly in the future. As an additional safeguard, classical and quantum-resistant methods will be used in combination. Only if both were to be broken simultaneously could the protected secrets be compromised.
New Libraries and Hardware
Post-quantum cryptography introduces new mathematical methods that require specialized libraries. For CmDongles, this also means that a new chip generation is necessary. In close collaboration with Infineon, the long-standing supplier of current CodeMeter chips, starting in 2027, Wibu-Systems will receive new hardware with certified libraries for postquantum algorithms. Building on this foundation, Wibu-Systems will continue to develop its own firmware that provides the specific CodeMeter functions and can be updated in the field. This ensures that newly certified algorithms can be retrofitted in the future – a decisive factor for crypto-agility.
Implications for Licensing and CodeMeter
Issuing, transferring, and managing licenses with the Universal Firm Code is based on asymmetric cryptography. This makes these mechanisms equally vulnerable to the threats posed by future quantum computers and in need of timely replacement with post-quantum methods. All types of Cm- Containers are affected – CmDongles, CmActLicenses, and CmCloudContainers – along with every level of the Code- Meter ecosystem, from CodeMeter Embedded to the license server and all the way up to CodeMeter License Central. Instead of a sudden cutover, the transition will unfold gradually over several years. In this process, Wibu-Systems is redeveloping parts of CodeMeter, creating the framework for even greater efficiency, reliability, and performance.
Authenticated API as a Security Anchor
Another central element of the new architecture will be an authenticated API that ensures secure, end-to-end communication from the application to the CmContainer. The basis will be standardized algorithms that provide effective protection against eavesdropping and manipulation of transmitted secrets. To make use of this API, all participating components must support the new cryptographic standard. This includes re-encrypting the application with the current version of Code-
6 WIBU-SYSTEMS AG