License Definition Input XML Templates

Introduction

>License Definition XML Template Introduction

Specifying License Attributes

>How to specify the enforcement type

>How to specify a Product

>How to specify the Features in a Product

>How to select the minimum RTE/API version

>How to allow a Product to use the V-Clock in a Sentinel HL key

>How to specify the license type in a Feature

>How to specify the concurrency information in a Feature

>How to specify contract information in the license definition

>How to specify the acknowledgement request flag

>How to specify rehost information

>How to enable or disable the remote desktop accessibility flag in a Feature

>How to enable or disable the virtual machine accessibility flag in a Feature

>How to enable or disable enhanced security for SL-UserMode keys

Updating an Existing License

>How to modify the expiration date in a Feature

>How to modify the execution count in a Feature

>How to modify the remote desktop accessibility flag in a Feature

>How to modify the virtual machine accessibility flag in a Feature

>How to modify the concurrency information in a Feature

>How to specify new license properties for an existing Feature

>How to cancel a Feature or Product

>How to update and preserve an SL Legacy License

Enabling and Clearing Clone Detection

>How to specify clone protection for a Product

>How to specify clone protection for a Product (Deprecated)

>How to specify a custom clone protection scheme for a Product

>How to clear clone detection for a Product with a Sentinel SL license

Other Actions

>How to use the default memory areas of a protection key

>How to use the dynamic memory area of a Sentinel HL (Driverless configuration) key

>How to clear the Sentinel protection key

>How to format the Sentinel protection key

>How to clear and update the Sentinel protection key

>How to format and update the Sentinel protection key

>How to generate an Unlocked License

>How to generate a readable license certificate

>How to decode the current state

>How to upgrade a Sentinel HL key to the Driverless configuration

>How to convert a Sentinel HL standalone key to support network licenses

>How to reset the V-Clock in a protection key

>How to set fallback to the V-Clock in a Sentinel HL key with RTC

>How to clear the "disabled" state for a Sentinel HL key

License Definition XML Template Introduction

License Generation API functions receive the license inputs in the form of XML templates. A license template is organized in following structure:

>Product. The template can contain multiple Products.

>Features belonging to each Product. Each Feature includes the relevant license properties.

>Protection key read-only (RO) and read/write (RW) memory areas.

Each template begins with the following specification:

<?xml version="1.0" encoding="utf-8"?> <sentinel_ldk:license schema_version="1.0"         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk"> </sentinel_ldk:license> 

>The first line is the XML declaration. It defines the XML version (1.0) and the encoding used (UTF-8 character set).

>The second line specifies the top-level license tag under the namespace of sentinel_ldk.

The second line also specifies the version of schema used to validate the XML template. Current version is "1.0".

>The third line specifies the namespace for the XML Schema Instance.

>The fourth line specifies the namespace for the Input License Definition Instance.

Return to Top

How to specify the enforcement type

Each license definition is locked to a specific enforcement type (also known as locking type).

Type

Description

HL

Indicates that licenses can only be locked to HL keys.

SL-AdminMode

Indicates that licenses can only be locked to SL-AdminMode keys.

SL-UserMode

Indicates that licenses can only be locked to SL-UseModer keys.

HL or SL-AdminMode

Indicates that licenses can only be locked to HL keys or SL-AdminMode keys.

HL or SL-AdminMode or SL-UserMode

Indicates that licenses can only be locked to HL keys or SL-AdminMode keys or SL-UserMode keys.

Enforcement Type Syntax:

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>HL</enforcement_type>
</sentinel_ldk:license>

Return to Top

How to specify a Product

Each Product is identified by a unique numeric identifier.

Field

Description

id

The ID value must be in the range of 0-65471.

name

Name of the Product. Maximum length is 50 characters.

cloud_licensing

Optional. Whether the SL key supports cloud licensing (Yes or No):

If not specified: For a new SL key, cloud licensing is not supported. For an existing SL key, the Product is unchanged.

For information on cloud licensing, see the Sentinel LDK Software Protection and Licensing Guide.

NOTE   The "0" Product ID is a special value. It is used for Feature-based licensing without defining a Product. If the Product ID is "0", the name is ignored.

You can specify up to 65,471 Products.

Syntax for Product

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <cloud_licensing>No</cloud_licensing>
  <product>
     <id>9300</id>
     <name>Sample Product 9300</name>
  </product>
  <!-- You can specify as many Products as desired -->
  <product>
     <id>9400</id>
      <name>Sample Product 9400</name>
  </product>
</sentinel_ldk:license>

Return to Top

How to specify the Features in a Product

Each Feature is identified by a numeric identifier that is unique within a Product scope. Features that are not related and that exist in different Products can have the same Feature id.

Field

Description

id

The id value must be in the range of 1-65471.

name

Name of the Feature. Maximum length is 50 characters.

NOTE   You can specify as many Features as desired in a Product. However, for Sentinel HL keys, each key can contain a certain maximum number of Features, depending on the type of HL key and the complexity of the license type defined in each Feature. For more information, see the Sentinel LDK Software Protection and Licensing Guide.

Syntax for Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9000</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
      </feature>
      <feature>
         <id>9302</id>
         <name>Sample Feature 9302</name>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to select the minimum RTE/API version

The level of security provided by Sentinel LDK for a protected application depends in part on the following components:

>Version of Sentinel EMS or of the License Generation API used to generate the license

>Version of Licensing API libraries used to protect the application (using the Licensing API, Envelope, or both)

>Version of the Run-time Environment (if any) used to manage and enforce the license (for SL licenses)

(The “security” referred to above consists of the security of the license and the protection application against vulnerabilities and disassembly.)

As a general rule, use of the latest version of each of the components above provides the most advanced and comprehensive security and reliability for the protected application.

However, providing your customers with a protected application and license that incorporates the latest version of all the components is not always practical. For example:

>Your existing customer base may include applications that were protected and licensed with Sentinel LDK 7.6. You now want to send a license update using Sentinel 8.0. However, the license update includes security features that are not supported by the original 7.6 license. As a result, the updated license may not be valid.

>When you are ready to issue an updated version of your protected application, you don’t necessarily want to force your customers to update the Run-time Environment at their site. However, you want the application to be protected with the most advanced clone protection schemes that can be supported by the existing RTEs at the customer sites.

You can balance the security and reliability of your applications against the convenience of your customers by choosing the appropriate value for the <minimum_rte_api_version> tag. The value that you choose determines:

>the minimum version of the RTE (for SL AdminMode licenses or HL keys with concurrency), and

>the minimum version of the Licensing API libraries (for SL UserMode licenses)

that must exist on the end users’ machines that will receive the license update.

As a result of the value that you choose:

>The licenses generated by the License Generation API are compatible with your existing customer base. Only newer security and reliability enhancements that can be supported on the end users’ machines will be implemented.

>For SL licenses that include the Platform Default option, Sentinel LDK will use the most advanced clone protection scheme that is supported by the value that you have selected. (For more information, see How to specify clone protection for a Product.)

NOTE     

>Regardless of the value you select for this parameter, users will need to upgrade their RTE or Licensing API libraries if the protected application uses specific functionalities that require a later version of the RTE.

>If you choose the value 8.11 for the <minimum_rte_api_version> tag, RTE version 8.11 must exist on the end users' machines.

>If you are using the <rehost> tag, it should appear after the <minimum_rte_api_version> tag.

For more information on the use of the minimum RTE/API version, see the Sentinel LDK Software Protection and Licensing Guide.

Syntax to set the minimum RTE/API version

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type> <minimum_rte_api_version>8.11</minimum_rte_api_version>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to allow a Product to use the V-Clock in a Sentinel HL key

A time-based license can be regulated using :

>The real-time clock in a Sentinel HL Time key or Sentinel HL NetTime key

>The V-Clock in a Sentinel SL key or Sentinel HL (Driverless configuration) key

V-Clock is not available for Sentinel HL Basic keys. To use V-Clock with Sentinel HL Pro keys, you must purchase the V-Clock module for your Sentinel Master key.

The use of the V-Clock in the Sentinel HL (Driverless configuration) key to regulate a time-based license must be specifically allowed for the Products to be licensed.

Blocking the use of V-Clock for a Product only prevents the introduction of new time-based licenses for that Product. If the use of the V-Clock is blocked for a Product after a time-based license has been applied to the key for that Product, the existing license continues to function correctly.

For more information, see the description of V-Clock in the Sentinel LDK Software Protection and Licensing Guide.

Syntax to allow a Product to use the V-Clock in a Sentinel HL (Driverless configuration) key

<?xml version="1.0" encoding="utf-8"?> 
 <sentinel_ldk:license schema_version="1.0" 
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk"> 
 <enforcement_type>HL</enforcement_type> 
 <product> 
    <id>9300</id>
 <!-- Specify "Yes" or "No" -->
    <use_vclock>Yes</use_vclock> 
    <feature>
       <id>123</id>
       <name>Feature Name</name>
       <license_properties>
          <expiration_date>2020-12-31</expiration_date>
       </license_properties>
    </feature> 
 </product> 
 </sentinel_ldk:license>

The <use_vclock> tag is ignored for Sentinel SL keys and Sentinel HL (HASP configuration) keys.

Return to Top

How to specify the license type in a Feature

You can select from the license types in the table that follows.

License Type

Description

perpetual

Indicates that license can be used for an unlimited number of times and for an unlimited period of time.

expiration_date

Specifies the date on which the license expires. The value must be a date in the range of 1980-01-01 to 2038-01-18, in the format YYYY-MM-DD.

Note: Thales recommends that you ensure that the system clock on the machine used to generate SL licenses is correct (whether you use Sentinel EMS or Sentinel License Generation API). The time from the system clock is used to ensure the security of the license generated.

execution_count

Specifies that the license can be used up to a specified number of times. The value must be a positive integer in the range of 1-16777215.

days_to_expiration

Specifies the number of days until the license expires, counted from first time the licensed Feature is used. The value must be a positive integer in the range of 1-3650.

NOTE   Limitations exists on license types for unlocked Products. For more information, see How to generate an Unlocked License .

The syntax listed below demonstrates how to specify the license type for a given Feature. In this example, license types other than perpetual are commented. You can uncomment them based on the chosen license type. You can specify only one license type for a given Feature.

Syntax for License Type

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- Specify only one of the license models below. -->
            <perpetual/>
            <!-- <expiration_date>2020-12-31</expiration_date> -->
            <!-- <execution_count>333</execution_count> -->
            <!-- <days_to_expiration>90</days_to_expiration> -->
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to specify the concurrency information in a Feature

You can specify the concurrency information as described in the table that follows.

NOTE    Concurrency is supported for:

> SL-AdminMode keys

>Net HL keys

>All HL (Driverless configuration) keys (except HL Basic keys)

Field

Description

count

You can specify the number of concurrent instances allowed in a Feature.
For unlimited concurrent instances, specify "Unlimited" as the value.

Key Type

Allowed count

HL Net 10

1-10

HL Net 50

1-50

HL Net 250+

Unlimited, 1-4080

HL Net Time 10

1-10

HL Net Time 50

1-50

HL Net Time 250+

Unlimited, 1-4080

HL (Driverless configuration) Unlimited, 1-4080

SL-AdminMode

Unlimited, 1-32752

Note:

>If this tag is missing, the default value 'Unlimited' will be used for a new Feature OR when the action "set" is specified in the license properties tag.

>Only keys that support concurrency can have a non-zero count.

>When unlimited concurrency is specified, the allowed concurrency is the maximum concurrency supported by the relevant protection key type.

count_criteria

You can also specify the count criteria for the concurrency count field.

Enumeration

Description

Per Login

Each login request is counted as a different instance.

Per Process

All login requests from the same process are counted as a single instance.

Per Station

All login requests from the same machine are counted as a single instance.

Note: For information on how SSH shells are counted, click here.

Note: If this tag is missing, the default value "Per Station" is selected.

network_access

You can specify the network accessibility for a given Feature. Possible values are "Yes" or "No".

Note:

>If this tag is missing, the default value "No" is selected.

>The "Yes" value is allowed only for keys that support concurrency.

detachable

You can specify the detachable flag for a given Feature. Possible values are "Yes" or "No".

Note:

>This tag is not applicable for HL keys or SL-UserMode keys.

>If this tag is missing, the default value "No" is selected.

>"Yes" value is allowed only when network_access is marked as "Yes".

>Detachable flag cannot be specified as "Yes" with license type 'execution_count' or 'days_to_expiration'.

Syntax for Concurrency

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <perpetual/>
            <concurrency>
               <!-- 'Unlimited' text value means unlimited count -->
               <count>23</count>
               <!-- Possible values for count criteria are "Per Station", "Per Login", "Per Process" -->
               <count_criteria>Per Station</count_criteria>
               <!-- Possible values are "Yes" or "No" -->
               <network_access>Yes</network_access>
            </concurrency>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

NOTE   If the <concurrency> tag is missing, the default concurrency shown below is used.

 <concurrency>
   <count>Unlimited</count>
   <count_criteria>Per Station</count_criteria>
   <network_access>No</network_access>
 </concurrency>
 

Return to Top

How to enable or disable the remote desktop accessibility flag in a Feature

You can specify whether access to the protected application from a remote desktop is supported. Possible values are "Yes" or "No".

NOTE   When remote desktop is supported and the count criteria for concurrency is specified as "Per Station", every SSH shell counts as a single station, even if multiple SSH shells originate from the same client machine. For example, two SSH shells that originate from the same client machine count as two stations.

Multiple instances of the protected application executed in a single SSH shell count as a single station. For example:

>executing the applications with "&"

>multiple screens (for example, using the Linux screen command)

>multiple jobs from PowerShell


Syntax for remote desktop accessibility flag

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <perpetual/>
            <!-- Possible values are "Yes" or "No" --> 
            <remote_desktop_access>Yes</remote_desktop_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to enable or disable the virtual machine accessibility flag in a Feature

You can specify whether the protected application can run on a virtual machine. Possible values are "Yes" or "No.

NOTE    This property is not applicable for HL keys.

Syntax for Virtual machine accessibility flag

 <?xml version="1.0" encoding="utf-8"?>  <sentinel_ldk:license schema_version="1.0"          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"          xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">    <enforcement_type>SL-AdminMode</enforcement_type>    <product>       <id>9300</id>       <name>Sample Product 9300</name>       <feature>          <id>9301</id>          <name>Sample Feature 9301</name>          <license_properties>             <perpetual/>             <!-- Possible values are "Yes" or "No" -->             <virtual_machine_access>Yes</virtual_machine_access>          </license_properties>       </feature>    </product>  </sentinel_ldk:license>

Return to Top

How to enable or disable enhanced security for SL-UserMode keys

You can specify whether a generated or updated SL-UserMode key should use enhanced security. Possible values are "Yes" or "No".

By default, enhanced security is used. However, enhanced security is not compatible when the V2C file from the end user machine is created with a Licensing API library or RUS utility from a version of Sentinel LDK earlier than v.7.0. In such instances, the Sentinel License Generation API issues an SNTL_LG_INVALID_FINGERPRINT error when you attempt to generate an SL-UserMode update.

Syntax to disable enhanced security for an SL-UserMode key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-UserMode</enforcement_type>
  <enforce_secure_storage_id>No</enforce_secure_storage_id>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to modify the expiration date in a Feature

You can generate an update to an existing license, to add or subtract a given number of days from the original expiration date.

Action

Description

add

The value specified in <expiration_date> is added to the expiration date specified in the base license to produce the new expiration date.

Note: The value must be a positive integer in the range of 1 to 3650 days. If the resulting expiration date is later than the maximum allowed value, the license generation will fail.

If the base license model is not expiration date, this action results in an expiration date that is equivalent to "current date" plus "number of days specified". For example: Given that the base license is based on execution count, and the number of days specified in <expiration_date> is 4. If the current date is 2020-12-11, the resulting expiration date will be 2020-12-15.

sub

The value specified in the <expiration_date> is subtracted from the expiration date specified in the base license to produce the new expiration date.

Note: The value must be positive integer in the range of 1 to 3650 days. If the resulting expiration date is earlier than the minimum allowed value, the license generation will fail.

If the base license model is not expiration date, this action results in an expiration date that is equivalent to "current date" minus "number of days specified".

For information on minimum and maximum allowed dates, see How to specify the license model.

Syntax to modify the expiration date in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- "sub" action will reduce the number of days from the base expiration date -->
            <expiration_date action="add">90</expiration_date>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to modify the execution count in a Feature

You can generate an update to an existing license, to add or subtract the execution count from the original execution count.

Action

Description

add

The value specified in the <execution_count> is added to the execution count specified in the base license.

Note: If the base license model is not execution count, this action changes the license model to execution_count with the value specified in the tag.

sub

The value specified in the <execution_count> is subtracted from the execution count specified in the base license.

Note: If base license model is not execution_count or the resulting value is less than zero, the license generation will fail.

Syntax to >modify the execution count in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- "sub" action will subtract execution count from the base execution count -->
            <execution_count action="add">99</execution_count>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to modify the remote desktop accessibility flag in a Feature

You can generate an update to an existing license, to enable or disable remote desktop accessibility flag. It is not necessary to specify an action when you modify the remote desktop accessibility flag.

Syntax to modify the remote desktop accessibility flag in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- -->
            <remote_desktop_access>No</remote_desktop_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to modify the virtual machine accessibility flag in a Feature

You can generate an update to an existing license, to enable or disable the virtual machine accessibility flag. It is not necessary to specify an action when you modify the virtual machine accessibility flag.

Syntax to modify the virtual machine accessibility flag in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- -->
            <virtual_machine_access>No</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to modify the concurrency information in a Feature

You can modify the concurrency information as described in the table that follows.

NOTE   Network seats that are reduced or erased from a Product license are not returned to the pool of seats on the Master key. For more information, see the description of networks seats in Appendix A in the Sentinel LDK Software Protection and Licensing Guide.

Field

Allowed Action

concurrency

Action

Description

cancel

Disables the concurrency. Its effect is equivalent to the following:

<concurrency>

  <count>Unlimited</count>

  <count_criteria>Per Station</count_criteria>

  <network_access>No</network_access>

</concurrency>

count

Action

Description

add

The value specified in the <count> is added to the concurrency count specified in the base license.

sub

The value specified in the <count> is subtracted from the concurrency count specified in the base license.

Note: If the subtract action results in concurrency count of zero, the generation of an update license will fail.

 

If no action is specified, the value specified in the <count> is set as the new concurrency count value.


Notes:

>An attempt to add to unlimited concurrency or subtract from unlimited concurrency is ignored; concurrency will remain unlimited.

>To convert from limited concurrency to unlimited concurrency, do not specify an action.

>To convert from unlimited concurrency to limited concurrency, do not specify an action.

count_criteria

It is not necessary to specify an action when you modify the count criteria. The value specified in the <count_criteria> is set as the new value for the count criteria field.

network_access

It is not necessary to specify an action when you modify the network accessibility flag. The value specified in the <network_access> is set as the new value for the network accessibility flag.

detachable

It is not necessary to specify an action when you modify the detachable flag. The value specified in the <detachable> is set as the new value for detachable flag.

Syntax to modify the concurrency information in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <perpetual/>
            <concurrency>
               <!-- Possible action is "add" or "sub". No action means set the new value -->
               <count action="add">15</count>
               <!-- no action means setting the new value -->
               <count_criteria>Per Login</count_criteria>
               <!-- no action means setting the new value -->
               <network_access>No</network_access>
               <!-- no action means setting the new value -->
               <detachable>No</detachable>
            </concurrency>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Syntax to convert from limited concurrency to unlimited concurrency

 <concurrency>
   <count>Unlimited</count>
 </concurrency> 

Syntax to convert from unlimited concurrency to limited concurrency

(For example: 30 seat count).

 <concurrency>
   <count>30</count>
 </concurrency> 

Return to Top

How to specify new license properties for an existing Feature

You can generate an update license to overwrite the license properties rather than modifying the existing values. For example: An initial license was generated based on the Initial License Input template that follows. You want an update to change the license model from execution count to expiration date. This can be achieved by "set" action over the <license_properties> tag.

NOTE    When calling the "set" action over the license properties, no information is retained from the original license. To retain the concurrency information, you must specify the concurrency information again.

Initial License Input template

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <execution_count>300</execution_count>
            <concurrency>
               <count>23</count>
               <count_criteria>Per Station</count_criteria>
               <network_access>Yes</network_access>
            </concurrency>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>
 

This example demonstrates how to update an installed Feature in a key by generating an update license.
The template above used to generate the input license definition. Install the license on the key.
To update the installed Feature in the key with new license properties: Use the Update License Input template below to generate an update license. Next, install the update license on the key.

Update License Input template

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <feature>
         <id>9301</id>
         <license_properties action="set">
            <expiration_date>2020-12-31</expiration_date>
            <!-- Even to retain the old values of concurrency, you must specify the concurrency information again. -->
            <concurrency>
               <count>23</count>
               <count_criteria>Per Station</count_criteria>
               <network_access>Yes</network_access>
            </concurrency>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license> 

Return to Top

How to cancel a Feature or Product

You can either cancel a complete Product or a specific Feature. If you cancel a Product, all the Features for that Product are deleted.

Syntax to cancel a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <feature action="cancel">
         <id>9301</id>
      </feature>
   </product>
 </sentinel_ldk:license> 

Syntax to cancel a Product

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product action="cancel">
      <id>9300</id>
   </product>
 </sentinel_ldk:license> 

Return to Top

How to update and preserve an SL Legacy License

By default, when you update an existing SL Legacy license, the license is automatically upgraded to an SL-AdminMode license. However, to support SL-AdminMode licenses, the end user must install a more recent version of the Run-time Environment (from Sentinel LDK 6.3 or later).

If you want to avoid the requirement to re-install the Run-time Environment when you update an existing SL Legacy license, you can prevent the upgrade of the license to an SL-AdminMode license. This is accomplished by adding the tag:

<enable_sl_legacy_support>Yes</enable_sl_legacy_support>

If the tag is not specified or is set to No, an SL Legacy license is upgraded to SL-AdminMode when the license is updated.

The following functionality in Sentinel LDK is not supported by SL Legacy licenses:

>Transfer of a license by the end user to a different computer

>Readable license certificates

>Disallow format of a protection key when a Product is detached from the key

>Advanced clone protection schemes. For more information, see How to specify clone protection for a Product.

NOTE   If you enable any of this functionality in the license update, an SL Legacy license is automatically upgraded to SL-AdminMode regardless of the value specified for <enable_sl_legacy_support>.

Syntax to preserve an SL Legacy license when updating the license

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <enable_sl_legacy_support>Yes</enable_sl_legacy_support>
   <product>
      <id>2000</id>
      <name>Sample Product 2000</name>
      <clone_protection>Yes</clone_protection>
      <feature>
         <id>2005</id>
         <name>Sample Feature 2005</name>
         <license_properties>
            <perpetual />
         </license_properties>
      </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to specify clone protection for a Product

Clone protection protects Products that are licensed with SL protection keys against machine cloning. This topic describes how to enable or disable clone protection for a Product, and how to specify a clone protection scheme.

A clone protection scheme defines which factors are considered by the Sentinel License Manager in order to determine whether a given Sentinel SL key has been cloned.

Sentinel LDK offers several different clone protection schemes to protect applications that execute on physical machines and on virtual machines. The schemes are designed to accommodate a variety of circumstances. For example, schemes are available for applications that run on PCs or on Microsoft Azure virtualization platforms. (For advanced users, the clone protection schemes are described in detail in the Sentinel LDK Software Protection and Licensing Guide.)

Sentinel LDK License Generation API allow you to specify a scheme called PlatformDefault instead of entering a specific clone protection scheme for a Product.

When you specify PlatformDefault as the scheme for a virtual machine or a physical machine (or both), Sentinel LDK automatically applies the most appropriate clone protection scheme for each end user based on the following parameters:

>the environment in which the protected application is installed.

>the earliest version number in use by the vendor's customer base from among the following:

For SL AdminMode keys: the earliest version number of the Run-time Environment (RTE) in use by the vendor's customer base.

For SL UserMode keys: the earliest version of Sentinel LDK used to provide the External or Integrated License Manager (LM) in use by the vendor's customer base.

NOTE   If you plan to ensure that each customer receives the latest RTE or LM when you deliver a Product license, you can assume that the earliest version number for your customer base is the current version.

The environment is determined automatically by Sentinel LDK. However, it is the responsibility of the vendor to specify the appropriate version number for the customer base.

Specifying a later version number results in the selection of a more advanced clone protection scheme. However, the selected version number must not be higher than the version numbers that exist where the Product will be installed.

The version is specified in the <minimum_rte_api_version> tag in the Product definition. For more information on the minimum RTE/API version, see How to select the minimum RTE/API version.

Use the table below to determine which version value you should specify, as follows:

1.Determine which column in the table is consistent with the earliest version number of the RTE and LM in use for your customer base as described above.

2.From the column that you selected, use the specified version in the <clone_protection_ex> tag.

For example:

> If the earliest version of the RTE in use by your customer base is 7.70, but the earliest LM for SL UserMode keys is from Sentinel LDK v.7.5, use the version "7.5" for the <minimum_rte_api_version> tag.

>If you plan to update to RTE version 8.11 or to the LM from Sentinel LDK 8.0 with each new license or license update, use the version "8.11".

The table that follows indicates which clone protection scheme Sentinel LDK selects based on the various factors that Sentinel LDK examines in order to determine the optimum scheme for a given scenario.

  Operating System and Environment For RTE 6.40–7.4x or Sentinel LDK 6.4–7.4x For RTE 7.5x or Sentinel LDK 7.5x For RTE 7.60- 7.9x or Sentinel LDK 7.6-7.9x For RTE 7.10x and later or Sentinel LDK 7.10x For RTE 8.11x and later or Sentinel LDK 8.0x and later
Version to specify in the <minimum_rte_api_version> tag:
version "6.40" version "7.50" version "7.60" version "7.100" version "8.11"
Windows, Linux, Mac
(Excluding Docker Containers)
PM: PMType1
VM: VMType1
PM: PMType2
VM (SL AM): VMType2
VM (SL UM): VMType1
Windows, Linux
(Docker Containers)
VM: VMType1 VM (SL AM): VMType2
VM (SL UM): VMType1
VM: VMType4*
Android PM: PMType3
VM: Disable
PM: PMType4
VM: Disable
Table Legend:
PM - physical machine
VM - virtual machine
SL AM - SL AdminMode key
SL UM - SL UserMode key
*VMType4 is used if the license is activated inside the Docker container. If the license is activated by the host machine, the clone protection scheme is one of the other types, depending on the host machine.

To disable clone protection for SL-AdminMode and SL-UserMode licenses, the License Manager (LM) on the end user machine must be from Sentinel LDK v.7.0 or later.

NOTE   The V2C file for a Product cannot be used to install the Product on any physical machine other than the physical machine for which the V2C file was issued.

Syntax to set clone protection using the latest schemes for Sentinel LDK 7.5

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name> <minimum_rte_api_version>7.50</minimum_rte_api_version>
     <clone_protection_ex>        <physical_machine>PlatformDefault</physical_machine>        <virtual_machine>PlatformDefault</virtual_machine>     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to disable all clone protection for a Product (LM from Sentinel LDK 7.0 or later)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <!-- Specify "Yes" or "No" to enable or disable clone protection -->
     <clone_protection>No</clone_protection>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to disable or set the clone protection scheme for a Product (LM from Sentinel LDK 7.1 or later)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name> <clone_protection_ex>
    <!-- Specify "PMType1", "PMType2", "FQDN", or "Disable" for clone protection scheme for physical machines -->
        <physical_machine>PMType1</physical_machine>
    <!-- Specify "VMType1", "VMType2", "FQDN", or "Disable" for clone protection scheme for virtual machines -->
        <virtual_machine>Disable</virtual_machine>
     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to specify clone protection for a Product (Deprecated)

NOTE   The method described in this topic continues to be supported. However, it cannot be used to implement any enhancements to clone protection that were added after Sentinel LDK version 7.10. For the latest clone protection, see How to specify clone protection for a Product.

Clone protection protects Products that are licensed with SL protection keys against machine cloning. This topic describes how to enable or disable clone protection for a Product, and how to specify a clone protection scheme.

A clone protection scheme defines which factors are considered by the Sentinel License Manager in order to determine whether a given Sentinel SL key has been cloned.

Sentinel LDK offers several different clone protection schemes to protect applications that execute on physical machines and on virtual machines. The schemes are designed to accommodate a variety of circumstances. For example, schemes are available for applications that run on PCs or on Microsoft Azure virtualization platforms. (For advanced users, the clone protection schemes are described in detail in the Sentinel LDK Software Protection and Licensing Guide.)

Sentinel LDK License Generation API allow you to specify a scheme called PlatformDefault instead of entering a specific clone protection scheme for a Product.

When you specify PlatformDefault as the scheme for a virtual machine or a physical machine (or both), Sentinel LDK automatically applies the most appropriate clone protection scheme for each end user based on the following parameters:

>the environment in which the protected application is installed.

>the earliest version number in use by the vendor's customer base from among the following:

For SL AdminMode keys: the earliest version number of the Run-time Environment (RTE) in use by the vendor's customer base.

For SL UserMode keys: the earliest version of Sentinel LDK used to provide the External or Integrated License Manager (LM) in use by the vendor's customer base.

NOTE   If you plan to ensure that each customer receives the latest RTE or LM when you deliver a Product license, you can assume that the earliest version number for your customer base is the current version.

The environment is determined automatically by Sentinel LDK. However, it is the responsibility of the vendor to specify the appropriate version number for the customer base.

Specifying a later version number results in the selection of a more advanced clone protection scheme. However, the selected version number must not be higher than the version numbers that exist where the Product will be installed.

The version is specified as part of the <clone_protection_ex> tag in the Product definition.

Use the table below to determine which version value you should specify, as follows:

1.Determine which column in the table is consistent with the earliest version number of the RTE and LM in use for your customer base as described above.

2.From the column that you selected, use the specified attribute value in the <clone_protection_ex> tag.

For example:

> If the earliest version of the RTE in use by your customer base is 7.70, but the earliest LM for SL UserMode keys is from Sentinel LDK v.7.5, use the attribute version = "7.5" for the <clone_protection_ex> tag.

>If you plan to update to RTE version 7.10 or to the LM from Sentinel LDK v.7.10 with each new license or license update, use the attribute version="7.10".

The table that follows indicates which clone protection scheme Sentinel LDK selects based on the various factors that Sentinel LDK examines in order to determine the optimum scheme for a given scenario.

  Operating System and Environment Up to RTE 7.4x or
Sentinel LDK 7.4x
For RTE 7.5x or
Sentinel LDK 7.5x
For RTE 7.60-7.9x or
Sentinel LDK 7.6x-7.9x
For RTE 7.10x and later or
Sentinel LDK 7.10x and later
Attribute to add to the <clone_protection_ex> tag
None version="7.5" version="7.6" version="7.10"
Windows, Linux, Mac
(Excluding Docker Containers)
PM: PMType1
VM: VMType1
PM: PMType2
VM (SL AM): VMType2
VM (SL UM): VMType1
Windows, Linux
(Docker Containers)
VM: VMType1 VM (SL AM): VMType2
VM (SL UM): VMType1
VM: VMType4
Android PM: PMType3
VM: Disable
PM: PMType4
VM: Disable
Table Legend:
PM - physical machine
VM - virtual machine
SL AM - SL AdminMode key
SL UM - SL UserMode key

To disable clone protection for SL-AdminMode and SL-UserMode licenses, the License Manager (LM) on the end user machine must be from Sentinel LDK v.7.0 or later.

NOTE   The V2C file for a Product cannot be used to install the Product on any physical machine other than the physical machine for which the V2C file was issued.

Syntax to set clone protection using the latest schemes for Sentinel LDK 7.5

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <clone_protection_ex version="7.5">        <physical_machine>PlatformDefault</physical_machine>        <virtual_machine>PlatformDefault</virtual_machine>     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to disable all clone protection for a Product (LM from Sentinel LDK 7.0 or later)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <!-- Specify "Yes" or "No" to enable or disable clone protection -->
     <clone_protection>No</clone_protection>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to disable or set the clone protection scheme for a Product (LM from Sentinel LDK 7.1 or later)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <clone_protection_ex>
    <!-- Specify "PMType1", "PMType2", "FQDN", or "Disable" for clone protection scheme for physical machines -->
        <physical_machine>PMType1</physical_machine>
    <!-- Specify "VMType1", "VMType2", "FQDN", or "Disable" for clone protection scheme for virtual machines -->
        <virtual_machine>Disable</virtual_machine>
     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to define a license for an Android Product

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-UserMode</enforcement_type>
  <product>
     <id>2000</id>      <name>Sample Product 2000</name>      <clone_protection_ex>         <physical_machine>PMType3</physical_machine>         <virtual_machine>Disable</virtual_machine>      </clone_protection_ex>      <feature>         <id>2005</id>         <name>Sample Feature 2005</name>         <license_properties>            <perpetual />         </license_properties>      </feature>   </product> </sentinel_ldk:license>

Return to Top

How to specify a custom clone protection scheme for a Product

A custom clone protection scheme checks for the criteria that you select from a list of available criteria. You specify separate custom clone protection schemes for physical machines and for virtual machines.

You also specify how many of the selected criteria must match when the License Manager validates the license (using the minimum attribute). For example, you can select six criteria from the table, but specify that only three of the six must match in order to validate the license.

NOTE   The reference fingerprint for the machine where the Product license will be installed must contain at least the number of selected criteria specified by the minimum attribute. Otherwise, installation of the Product license will fail.

For protection keys that require Sentinel LDK Run-time Environment, version 7.90 or later of the Run-time Environment must be present on the computer where the protected application executes.

Custom clone protection schemes are specified using the following tags:

Tag Description
clone_protection_x Parent tag to contain a clone protection scheme
physical_machine_custom Tag that indicates that you are specifying a custom clone protection scheme for a physical machine
virtual_machine_custom

Tag that indicates that you are specifying a custom clone protection scheme for a virtual machine

name

Name that you assign to the custom clone protection scheme. When using Sentinel License Generation API, this name is for documentation purposes only.

criteria Tag that delimits the list of criteria that make up the custom clone protection scheme. The minimum attribute of this tag indicates how many of the specified criteria must match when the License Manager validates the license. The available criteria for physical machines and for virtual machines are described in the table that follows.
enforce_all_available_identifiers Tag that indicates whether all the criteria that were present when the license was generated must exist and must match when the License manager validates the license. Default value: No

The available criteria for custom clone protection schemes for physical machines and for virtual machines are described in the table below.

Physical Machines Virtual Machines Criteria Name Description
x x cpu CPU information. CPU ID is excluded
x x ethernet_address Ethernet (MAC) address
x x fqdn FQDN. Not supported for Android for physical machines
x x ip_address IP address
x x machine_id Motherboard (on a PC) or Android serial number (or Android first boot if serial number is not available)
x x sid Security Identifier (SID). Windows machine only
x   hard_disk Hard disk ID (on a PC) or SD card ID (Android device)
  x vm_generation_id VM generation ID

To specify a custom clone protection scheme for a Product

<?xml version="1.0" encoding="utf-8"?>

<sentinel_ldk:license schema_version="1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
    <enforcement_type>SL-AdminMode</enforcement_type>
    <product>
        <id>1</id>
        <name>Product Name</name>
        <clone_protection_ex>
            <!--<physical_machine>PMType1</physical_machine>-->
            <physical_machine_custom>
               <enforce_all_available_identifiers>No</enforce_all_available_identifiers>
               <name>PM Custom</name>
                <criteria minimum="2">
                    <name>machine_id</name>
                    <name>ethernet_address</name>
                    <name>hard_disk</name>
                    <name>cpu</name>
                    <name>fqdn</name>
                    <name>ip_address</name>
                    <name>sid</name>
                </criteria>
            </physical_machine_custom>
            <!--<virtual_machine>VMType1</virtual_machine>-->
            <virtual_machine_custom>
               <enforce_all_available_identifiers>Yes</enforce_all_available_identifiers>
               <name>VM Custom</name>
                <criteria minimum="2">
                    <name>machine_id</name>
                    <name>ethernet_address</name>
                    <name>cpu</name>
                    <name>fqdn</name>
                    <name>ip_address</name>
                    <name>vm_generation_id</name>
                    <name>sid</name>
                </criteria>      
            </virtual_machine_custom>
        </clone_protection_ex>
        <feature>
            <id>1</id>
            <name>Feature Name</name>
            <license_properties>
                <perpetual/>
                <virtual_machine_access>No</virtual_machine_access>
            </license_properties>
        </feature>
    </product>
</sentinel_ldk:license>

Return to Top

How to clear clone detection for a Product with a Sentinel SL license

If a Product with an SL license (SL-AdminMode, SL-UserMode, or SL-Legacy) is detected as cloned, you can clear the clone-detected state of the Product by specifying the license type as “SNTL_LG_LICENSE_TYPE_CLEAR_CLONE” in the sntl_lg_start() function. The code snippet below demonstrates how to clear clone detection.

Note the following:

> To clear clone detection, a license definition is not required. You only require the current state of the cloned Product license.

>To clear clone detection for a Product with a custom clone protection scheme, at least one of the selected clone protection criteria must match in the reference and system fingerprints.

Function calls to clear clone detection for any Product

sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the vendor code
 char *current_state; // put the current state of the key.
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned vendor code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_CLEAR_CLONE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Return to Top

How to use the default memory areas of a protection key

Most protection keys contain a default memory area that is divided into read-only (RO) and read/write (RW) memory areas. You can generate an update license to write data in the RO/RW memory areas of a key. Each memory segment is specified by the offset (in the key memory area) and the content. The content must be base-64 encoded stream.
Refer to RFC-2045 for the base-64 encoded scheme. XSD standard defines that the base-64 encoded should be based on RFC-2045. Therefore, most of the standard XML parsers such as Xerces provide the function for base-64 encoding.

NOTE     

>You can use the memory segment by itself - you are not required to define a Product/Feature for writing in RO/RW memory areas of a key.

>To write to the first byte of the memory area, use an offset of '0' (zero). The maximum offset that can be specified with memory is "maximum size minus one". For example: In "HL Max," the maximum size of RO memory is 2048. Therefore, the maximum offset that can be specified is 2047. In "HL Max," the maximum size of RW memory is 4032. The maximum offset that can be specified is 4031.

>Most Sentinel HL (Driverless configuration) keys have additional dynamic memory that you can use.

Key Type

RO Memory Maximum Size (in Bytes)

RW Memory Maximum Size (in Bytes)

HL Basic

0

0

HL Pro

112

112

HL Max

2048

4032

HL Max Micro

2048

4032

HL Max Express Card

2048

4032

HL Max Chip

2048

4032

HL Max Board

2048

4032

HL Time

2048

4032

HL Net

2048

4032

HL Net Time

2048

4032

HL Drive microSD

2048

4032

SL AdminMode

2048

4032

SL UserMode

2048

4032

Syntax to assign values to default memory segments

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <memory>
      <ro_memory_segment>
         <offset>10</offset>
         <content>QVBQTEU=</content>
      </ro_memory_segment>
      <ro_memory_segment>
         <offset>20</offset>
         <content>TUFOR08=</content>
      </ro_memory_segment>
      <rw_memory_segment>
         <offset>10</offset>
         <content>QkFOQU5B</content>
      </rw_memory_segment>
      <rw_memory_segment>
         <offset>16</offset>
         <content>T1JBTkdF</content>
      </rw_memory_segment>
      <rw_memory_segment>
         <offset>22</offset>
         <content>R1JBUEU=</content>
      </rw_memory_segment>
   </memory>
 </sentinel_ldk:license> 

Return to Top

How to use the dynamic memory area of a Sentinel HL (Driverless configuration) key

Sentinel HL (Driverless configuration) keys (with the exception of HL Basic keys and HL Pro keys) contain 25 KB of dynamic memory that can be shared between storage of application licenses and vendor usage. The memory for application licenses is managed automatically by the License Manager. You can generate an update license to create, modify, or delete dynamic memory files in the unused portion of the dynamic memory. On the end user computer, you can use Sentinel Licensing API to access existing dynamic memory files on the HL key.

Dynamic memory files are managed using the following tags:

Tag Description
dynamic_resource Parent tag to contain vendor-managed dynamic memory resources
isv_memory Parent tag for each dynamic memory file.
attribute

Dynamic memory attribute for the file. Specify this when you create a file or to change the attribute of an existing file. Possible values are:

ro - read-only memory

rw - read/write memory

rwo - read/write-once memory. This memory becomes read-only memory after it is written to successfully on the end user's computer.

action

Used to completely replace the data in a dynamic memory file or to delete a dynamic memory file. Possible values are:

set - Replace all the existing data in a file with the specified data.

cancel - Delete the specified files.

file_id ID used to identify the dynamic memory file. Use a value between 1 and 65471 (inclusive).
size The size of the dynamic memory file. Specify this when you create a file or to change the size of an existing file. If the size is not specified when you create a file, the file will take the size of the data that you assign at creation time.
offset When specifying data for a file: The offset from the beginning of the file at which to start writing the data. The first byte in the file is at offset 0.
content Base 64-encoded data to write to the file. Refer to RFC-2045 for the base-64 encoded scheme. XSD standard defines that the base-64 encoded should be based on RFC-2045. Therefore, most of the standard XML parsers such as Xerces provide the function for base-64 encoding.

NOTE   Most protection keys have additional default memory that you can use.

You can perform the following actions:

>Create dynamic memory files.

>Modify dynamic memory files. You can do the following:

Modify existing data.

Modify file size.

Modify the file attribute (for example, from "ro” to “rw”).

Write new data and erase existing data.

>Delete dynamic memory files.

 

 

 

 

 

Return to Top

How to specify the acknowledgement request flag

You can specify the acknowledgement request flag. When the acknowledgement request flag is "Yes", then after an update is applied, an acknowledgement C2V is generated. The end user will be requested to send that C2V back to the ISV as an acknowledgement. (This feature is also referred to as "prompting for confirmation.")

Possible values are "Yes" or "No". If this tag is not specified, it is equivalent to specifying the value "No".

NOTE     

>To get the C2V from the end user, you can generate an empty V2C that has only an acknowledgement request flag.

>You can generate a V2C that contains Product/Features/memory and also the acknowledgement request flag.

>This flag is applicable for the current license/update only.

>The license definition for an Unlocked license must not contain the <acknowledgement> tag.

Syntax to specify the acknowledgement request flag

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <!-- Possible values are "Yes" or "No"-->
   <acknowledgement_request>Yes</acknowledgement_request>
   <enforcement_type>HL</enforcement_type>
 </sentinel_ldk:license> 

Return to Top

How to specify rehost information

This topic describes how to enable or disable the ability to rehost (transfer) a protection key without any intervention by the vendor.

You can specify the following information in the <rehost> tag to enable the rehost of a protection key.

Field

Description

type

EndUserManaged - End user can rehost the key without any intervention by the vendor.

NOTE     

>Rehost is only supported for SL-AdminMode and SL-UserMode keys.

>If you are using the <minimum_rte_api_version> tag, it should appear before the <rehost> tag.

Syntax to enable rehost of a protection key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">    <enforcement_type>SL-AdminMode</enforcement_type>       <rehost>          <type>EndUserManaged</type>       </rehost> </sentinel_ldk:license>

You can disable the ability to rehost a protection key by specifying the "cancel" action for the <rehost> tag.

Syntax to disable re-host of a protection key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk"> <enforcement_type>SL-AdminMode</enforcement_type> <!-- Disable Rehosting -->    <rehost action="cancel"></rehost> </sentinel_ldk:license>

Return to Top

How to clear the Sentinel protection key

You can clear the protection key by specifying the license_type as SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE in the sntl_lg_start() function. The following code snippet demonstrates how to clear an HL key.

Function calls to clear an HL key

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the vendor code
 char *current_state; // put the current state of the key.
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned vendor code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Return to Top

How to format the Sentinel protection key

You can format the Sentinel protection key by specifying the license_type as SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE in the sntl_lg_start() function. The following code snippet demonstrates how to format the Sentinel protection key.

NOTE    The Format key operation deletes all the existing Features in a Sentinel protection key. The operation also erases the key memory area.

You can set a flag in the license definition that prevents the formatting of the Sentinel protection key in the event that a Product is currently detached from the protection key. For more information, see How to format and update the Sentinel protection key.

Function calls to format a Sentinel protection key

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the vendor code
 char *current_state; // put the current state of the key.
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned vendor code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Return to Top

How to clear and update the Sentinel protection key

You can clear the protection key and specify the new or modified Features in single license by specifying the license_type as SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE in the sntl_lg_start() function. The following code snippet demonstrates how to clear and how to update an HL key in a single license.

NOTE   The Clear key operation deletes all the existing Features (except Features that are modified as part of license/update) in a protection key. Key memory areas are not affected.

You can set a flag in the license definition that prevents the formatting of the Sentinel protection key in the event that a Product is currently detached from the protection key. For more information, see How to format and update the Sentinel protection key.

Function calls to clear and update a Sentinel protection key

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the vendor code
 char *current_state; // put the current state of the key.
 char *license_definition; // put the license definition here
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned vendor code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'license_definition' variable with the input license definition
 status = sntl_lg_apply_template(handle, license_definition);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Return to Top

How to format and update the Sentinel protection key

You can format the protection key and specify the new/modified Features and memory area in single license by specifying the license_type as SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE in the sntl_lg_start() function. The following code snippet demonstrates how to format and how to update a Sentinel protection key in a single license.

NOTE   The Format key operation deletes all the existing Features (except Features that are modified as part of license/update) in a Sentinel protection key. It also erases the Key memory areas before it applies the updates in the memory area.

You can set a flag in the license definition that prevents the formatting of a Sentinel protection key in the event that a Product is currently detached from the protection key. This is applicable for SL-AdminMode keys only. For more information, see the license definition later in this topic.

Function calls to format and update a Sentinel protection key

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the vendor code
 char *current_state; // put the current state of the key.
 char *license_definition; // put the license definition here
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned vendor code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'license_definition' variable with the input license definition
 status = sntl_lg_apply_template(handle, license_definition);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Syntax to prevent formatting of an SL-AdminMode protection key if a detached Product exists

The license definition that follows will prevent the License Manager from formatting the Sentinel protection key in the event that a Product is currently detached from the protection key.

If this option is used, end users are prevented from applying a V2C file that formats a Sentinel SL key in the event that a Product is currently detached from the key. This prevents users from taking advantage of a planned format action to detach and continue working with a Product license that should have been returned to the vendor.

The tag <check_detached_license_before_format_key> is applicable for license_types SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE and SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE.

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
<check_detached_license_before_format_key>Yes</check_detached_license_before_format_key>
   <product>
      <id>2000</id>
      <name>Sample Product 2000</name>
      <feature>
        <id>2005</id>
         <name>Sample Feature 2005</name>
        <license_properties>
            <perpetual />
         </license_properties>
      </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to generate an Unlocked License

Unlocked License can be generated by specifying the license type as SNTL_LG_LICENSE_TYPE_PROVISIONAL in the sntl_lg_start() function.

Unlocked licenses are not bound to any machine. You can only specify the following license properties for unlocked licenses.

>Number of executions
OR
Duration of the license, using one of the following:

Time Period (starting from date of first use)

Expiration Date (absolute date)

Perpetual

>Remote Desktop Access

>Virtual Machine Access

>RO and RW Memory

The maximum duration or maximum number of executions that you can specify for an unlocked license depend on the modules present on your Sentinel Master key. See the table that follows.

License Type Limitation Tag Modules on Master Key
Unlocked Trialware Unlocked Unlimited (With or Without Unlocked Trialware)
Maximum duration of Time Period license <days_to_expiration> 90 days from first execution 3,650 days from first execution
Maximum duration of Expiration Date license <expiration_date> 90 days from current date 18-Jan-2038
Maximum number of executions for Execution Count license <execution_count> 30 6,777,215
Availability of Perpetual license <perpetual/> Not available Available

Sample syntax for an unlocked license based on time period

<?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <days_to_expiration>45</days_to_expiration>
            <remote_desktop_access>No</remote_desktop_access>
            <virtual_machine_access>Yes</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license> 

Sample function calls to define a provisional license

sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the vendor code
 char *license_definition; // put the license definition here
 char *license = NULL;
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Pass the 'current_state' variable as NULL because provisional licenses are not tied to any machine.
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned vendor code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_PROVISIONAL, NULL, NULL);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'license_definition' variable with the input license definition
 status = sntl_lg_apply_template(handle, license_definition);
 if (status)
 {
   // some error occurred.
 }
 // *** Pass the 'updated_state' variable as NULL as provisional licenses are unmanaged.
 status = sntl_lg_generate_license(handle, NULL, &license, NULL);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_cleanup(&handle);

Return to Top

>How to generate a readable license certificate

A readable license certificate is a V2C license file in which the license terms are presented in human-readable format. To generate a readable license certificate, use the readable_license tag as described below.

Field

Description

readable_license

Specify this tag with value "Yes" to generate readable license. If you specify "No" for this tag or do not specify the tag, no readable information will be generated as a part of license.

Sample syntax for a readable license

<?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <readable_license>Yes</readable_license>
   <acknowledgement_request>Yes</acknowledgement_request>
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <execution_count>45</execution_count>
            <remote_desktop_access>Yes</remote_desktop_access>
            <virtual_machine_access>Yes</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license> 

A readable license will contain all the information including the license term as provided in the license definition template. The readable license will contain an additional tag called "description".

Field

Description

description

This tag can be modified by the ISV or the end user to insert any useful information. Modifications to the contents of this tag do not invalidate the integrity of the license. The tag can also be left empty.

Sample readable license

 <?xml version="1.0" encoding="utf-8" ?>
 <hasp_info>
    <description/>
    <!--DO NOT MODIFY ANY INFORMATION BELOW HERE, YOUR LICENSE WILL BECOME INVALID-->
    <haspscope>
       <vendor id="37515">
          <hasp id="989391375062415304"/>
       </vendor>
    </haspscope>
    <v2c_content>
       <enforcement_type>SL-AdminMode</enforcement_type>
       <update_counter>0</update_counter>
       <v2c_readable>
          <product>
             <id>9300</id>
             <name>Sample Product 9300</name>
             <feature>
                <id>9301</id>
                <name>Sample Feature 9301</name>
                <license_properties>
                   <execution_count>45</execution_count>
                   <remote_desktop_access>Yes</remote_desktop_access>
                   <virtual_machine_access>Yes</virtual_machine_access>
                </license_properties>
                <detach_license_count>0</detach_license_count>
                <locked>Yes</locked>
             </feature>
          </product>
          <product>
             <id>0</id>
             <name/>
             <feature>
                <id>0</id>
                <name/>
                <license_properties>
                   <perpetual/>
                   <concurrency>
                      <count>Unlimited</count>
                      <count_criteria>Per Station</count_criteria>
                   </concurrency>
                </license_properties>
                <detach_license_count>0</detach_license_count>
                <locked>Yes</locked>
             </feature>
          </product>
       </v2c_readable>             
       <signature>
          YHvFDogjPdtl2/py5iRqiODdTY3ev5nA1hW7zbHD/EmC+SPtGFlRCrKyJssf3yXKwTJCO0S4
          SuJxxHXPsFU7VSP5wB/gN4wqU2E0mmF4nQc2dAl8ngYB6ngsiaXQAA/uyXRFMm/eweA6Z5uV
          7acrfs2QXlz5T6iVf92FADB3oJW0yjzU3oB9XiqCFrVDmp3ruw/LwptGbn/K5yPHdhWfEZDC
          P6MwvmS9UuHPwVwUJdK0AHy8fDpt91PJJ0N24mcIgXr7VYQXkWcqfTM7IzRmalwCRsd1w3t0
          TqubgMXLbCsTv24ANqiv4EzddRQD6lMhPMqSh4OruonRo5SEXL+yaA==
       </signature>                
    </v2c_content>
    <v2c>
       YoIGNqCCBi2ABHZ0YzKBggImlN5e89nLxr0WMRCE9IBSfu8axezbdJpY8L2DURZ4ATdMovT4BUKe
       6DgRh51Cw3/xsVGa5RSIcH5ZIPSxt2uoq8A895P+bNSSqRrocR4fXzlq96Te7GTvxA97wYpbOE3U
       C9bwYGMdMdXUKbdxdbVnX5B7sWYzJf2/FWVWcemjDbE9oslr7kRIhPOcuO+GMyd7c4l/gZtB7sSh
       U5LjMHOo80z9Lm/L3o9Tx6lW6kKFKEvkfJh6sAbcDXyMjS2VCmC0ZlM8U3nZeX9ZwbQQQIVx/nAA
       Mb+IFbc/AWuuXggWnBpyLYj/Dwu9WwcuV7T5RWdofvHNpSYo0qdvgNqzJCzu9mwKA6JkFnEHy841
       VMJZHzl081MTTbb+XjgV6qRNBmc6FeB3oUcUEbTJTpHVLgYstP2BqhIl8g9EytNYGXTJKegsHo==
     </v2c>
  </hasp_info> 

Return to Top

How to specify contract information in the license definition

You have the option to include the contract information shown below in a license definition. If the contract information is provided, it will appear as part of the readable information in the generated license.

NOTE   This information cannot be retrieved by Sentinel Licensing API or Sentinel Admin API.

Field

Description

issued_to

The name of the customer to whom the license was issued.

issuer

The name of the vendor who issued the license.

issued_on

The date in date-time format on which the license was issued.

agreement

End-user license agreement between the vendor and the customer.

 

Sample syntax for contract information

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <readable_license>Yes</readable_license>
   <contract_info>
      <issued_to>ABC Limited</issued_to>
      <issuer>XYZ Limited</issuer>
      <issued_on>2020-04-30T10:00:00+06:00</issued_on>
      <agreement>XYZ Ltd grants license.</agreement>
   </contract_info>
   <acknowledgement_request>Yes</acknowledgement_request>
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <execution_count>45</execution_count>
            <remote_desktop_access>Yes</remote_desktop_access>
            <virtual_machine_access>Yes</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license> 

Return to Top

How to decode the current state

You can call sntl_lg_decode_current_state() function to decode the current state to produce readable information in XML format. The current state can be a C2V file, the resultant state from license generation, or a fingerprint.

Sample function calls to decode the current state

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the vendor code
 char *current_state; // put the current state (c2v or resultant state or fingerprint).
 char *decoded_current_state; // It will contain the decoded current state
  
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with either c2v or resultant state or fingerprint.
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned vendor code
 status = sntl_lg_decode_current_state(handle, vendor_code, current_state, &decoded_current_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(decoded_current_state);
 sntl_lg_cleanup(&handle); 

Values returned for different categories of HL keys

The table below indicates how the different categories of HL keys are represented in the decoded current state of a given key.

Key

Description

HASP HL

<type>HL-keytype</type>

<configuration-info>

  <hasphl/>

</configuration_info>

Sentinel HL
(HASP configuration)

<type>Sentinel-HL-keytype</type>

<configuration-info>

  <sentinelhl/>

  <hasphl/>

</configuration_info>

Sentinel HL
(Driverless configuration)

<type>Sentinel-HL-keytype</type>

<configuration-info>

  <sentinelhl/>

  <driverless/>

</configuration_info>

Sample of decoded current state for a HL-NetTime-10 key

NOTE   For SL-AdminMode and SL-UserMode keys, the child tags under configuration_info will be different.

 <?xml version="1.0" encoding="utf-8" ?>
 <sentinel_ldk_info>
    <key>
       <id>1979968305</id>
       <type>HL-NetTime-10</type>
       <update_counter>66</update_counter>
       <vendor>
          <id>37515</id>
          <name/>
       </vendor>
       <configuration_info>          
          <firmware_revision>3.25</firmware_revision>
          <real_time_clock_present>Yes</real_time_clock_present>
          <manufacturing_date>2009-7-12</manufacturing_date>
          <flash_memory_size>No Flash</flash_memory_size>
          <hasphl/> </configuration_info> <product> <id>0</id> <name/> <feature> <id>0</id> <name/> <license_properties> <perpetual/> <concurrency> <count>10</count> <count_criteria>Per Station</count_criteria> <network_access>Yes</network_access> </concurrency> <remote_desktop_access>Yes</remote_desktop_access> </license_properties> </feature> </product> </key> </sentinel_ldk_info>

Return to Top

How to upgrade a Sentinel HL key to the Driverless configuration

You have the option to upgrade a Sentinel HL (HASP configuration) key to a Sentinel HL (Driverless configuration) key at the customer site. Licenses that existed in the HASP configuration key continue to exist in the Driverless configuration key.

For more information on upgrading Sentinel HL keys to Driverless configuration, see the Sentinel LDK Software Protection and Licensing Guide. Also see How to convert a Sentinel HL standalone key to support network licenses.

To upgrade a Sentinel HL (HASP configuration) key to a Sentinel HL (Driverless configuration) key, include the tag <upgrade_to_driverless> in the license definition XML template and set its value to yes.

The <upgrade_to_driverless> tag can be applied for the following enforcement types:

>HL

>HL or SL-AdminMode

>HL or SL-AdminMode or SL-UserMode

The <upgrade_to_driverless> tag is ignored if it occurs in a V2C file for HASP HL keys or Sentinel HL (Driverless configuration) keys. No error message is generated. Similarly, this tag is ignored if it occurs in a V2C file for a SL_Legacy key, SL-AdminMode key, or SL-UserMode key.

You can apply the upgrade operation together with other operations such as the application of new Products and Features, modification or cancellation of existing Features, clear and update of the key, format and update of the key. All these functions will operate as expected.

NOTE    When you upgrade a Sentinel HL key to the Driverless configuration, the Firmware on the key may be upgraded if it is not the latest version. (Keys with Firmware version 4.23 will be upgraded to version 4.25 or later.) This upgrade can be prevented if necessary. However, if you block the upgrade of the Firmware, the key will not be upgraded to the Driverless configuration. For more information, see the relevant example below.

The samples that follow demonstrate how to upgrade a Sentinel HL (HASP configuration) key to a Sentinel HL (Driverless) key.

Sample to upgrade a key (and perform no other actions)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <upgrade_to_driverless>Yes</upgrade_to_driverless>
</sentinel_ldk:license>

Sample to upgrade a key and add a new Product

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <upgrade_to_driverless>Yes</upgrade_to_driverless>
   <product>
      <id>1700</id>
      <name>HL1700</name>
      <feature>
         <id>1710</id>
         <name>ADD</name>
         <license_properties>
            <perpetual/>
         </license_properties>
      </feature>
   </product>
</sentinel_ldk:license>

Sample to prevent upgrade of the Firmware when upgrading a Sentinel HL key

The following example upgrades a Sentinel HL key to the Driverless configuration only if the key already contains the required version of the Firmware. If the key contains an earlier version of the Firmware, the Firmware is not upgraded and the key is not upgraded to the Driverless configuration. In this case, the function sntl_lg_start() or sntl_lg_apply_template() returns the error SNTL_LG_OLD_FIRMWARE.

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <upgrade_to_driverless auto_fw_update="No">Yes</upgrade_to_driverless>
</sentinel_ldk:license>

Return to Top

How to convert a Sentinel HL standalone key to support network licenses

You have the option to convert an existing standalone Sentinel HL key to serve as a network key. This is accomplished by upgrading the Firmware on the key.

NOTE   Automatic Firmware upgrades described in this section only occur if the existing Firmware on the key does not support the operation that you are attempting to perform.

>For Sentinel HL (Driverless configuration) keys, the conversion is automatic and transparent. To support network functions, the Firmware on the key must be version 4.27 or later. The first time you assign concurrency to a license on the key, the Firmware on the key is automatically upgraded to the latest version, if necessary.

You have the option of preventing automatic Firmware upgrades for the HL key. Use the XML tag <disable_fw_update> as demonstrated below. This prevents Firmware upgrade. However, if the existing Firmware on the key does not support the attributes you are adding to the license, the update operation fails. The function sntl_lg_start() or sntl_lg_apply_template() returns the error SNTL_LG_OLD_FIRMWARE.

>Sentinel HL (HASP configuration) keys do not support network operations. However, you can upgrade the key to Driverless configuration and add network capability in the same update operation. To upgrade to Driverless configuration, include the XML tag <upgrade_to_driverless> (as describedhere). To add network capability, assign concurrency to a license on the key. The Firmware on the key is automatically upgraded to the latest version (4.27 or later) if necessary.

As described above, you have the option of preventing automatic Firmware upgrades for the HL key with the XML tag <disable_fw_update> set to Yes. Note that if <disable_fw_update> is set to Yes, this overrides the attribute auto_fw_update="Yes".

The sample that follows demonstrates how to do the following:

>Upgrade a Sentinel HL (HASP configuration) key to a Sentinel HL (Driverless) key.

>Add network capability to the key.

>Ensure that the Firmware on the key is not upgraded. (The operation will fail if the existing Firmware is earlier than version 4.27.)

Sample to upgrade a key to Driverless with network capability but prevent upgrade of the firmware

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <disable_fw_update>Yes</disable_fw_update>
   <upgrade_to_driverless>Yes</upgrade_to_driverless>
   <product>
      <id>2000</id>
      <name>Sample Product 2000</name>
      <feature>
         <id>2005</id>
         <name>Sample Feature 2005</name>
         <license_properties>
            <perpetual/> 
            <concurrency>
               <count>34</count>
               <count_criteria>Per Login</count_criteria>
               <network_access>Yes</network_access>
            </concurrency>
         </license_properties>
      </feature>
   </product>
</sentinel_ldk:license>  

Return to Top

How to reset the V-Clock in a protection key

You can reset the V-Clock in a protection key to a specific time and date, or to the time and date from the system clock on the machine where you are generating the V2C file.

Sample syntax to reset the V-Clock in a protection key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
    <enforcement_type>HL</enforcement_type>
    <!-- Possible values are "YYYY-MM-DD" OR "YYYY-MM-DDTHH:MM:SS" -->
   <!-- OR "Use System Clock" -->     <vclock_time>2020-07-31T12:59:59</vclock_time> </sentinel_ldk:license>

Return to Top

How to set fallback to the V-Clock in a Sentinel HL key with RTC

If the battery for the real-time clock on a Sentinel HL (Driverless configuration) Time or NetTime key is depleted, the key is no longer accepted for time-based licenses.

You can configure a Sentinel HL Time or NetTime key to switch automatically to the V-Clock in the event that the battery becomes depleted. If the real-time clock on the Sentinel HL key stops operating, protected applications, including those with time-based licenses, with continue to run. You can implement fallback to V-Clock as described below.

When the RTC battery becomes depleted and fallback to the V-Clock is activated, V-Clock is automatically enabled for the protection key.

NOTE   After the real-time clock stops working, the Sentinel HL key must be disconnected and reconnected in order to switch over to the V-Clock.

Once you have enabled fallback to V-Clock for a Sentinel HL Time or NetTime key, this functionality can be disabled only if the battery is not yet depleted in the key. If you attempt to disable fallback to V-Clock after the battery is depleted, the update of the fallback parameter will be ignored. Changes to other license terms contained in the same update will be executed.

For more information, see the description of V-Clock in the Sentinel LDK Software Protection and Licensing Guide.

Sample syntax to set fallback to the V-Clock in a Sentinel HL key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <upgrade_to_driverless>Yes</upgrade_to_driverless>
   <!-- Valid values for fallback_to_vclock are "Yes" or "No" -->
   <fallback_to_vclock>Yes</fallback_to_vclock> </sentinel_ldk:license>

If you do not want to enable fallback to the V-Clock for a Sentinel HL key, do not include the fallback_to_vclock tag in the license definition.

You can include the fallback_to_vclock tag with other license parameters. In the example above, the tag is included with the upgrade_to_driverless tag.

The fallback_to_vclock tag is ignored for all keys other than Sentinel HL (Driverless configuration) Time or NetTime keys.

Return to Top

How to clear the "disabled" state for a Sentinel HL key

Given the following situation:

>A protected application is licensed with a Sentinel HL (Driverless configuration) key.

>The Envelope run-time module in the protected application detects that a user is attempting to tamper with the application or with the key.

The Envelope run-time module will disable the HL key. Once the key is disabled, the Sentinel License Manager can no longer log in to the key and the protected application will no longer operate.

You have the option of re-enabling the HL key for the customer by clearing the "disabled" state for the key. You can accomplish this by issuing a license update with the SNTL_LG_LICENSE_TYPE_CLEAR_DISABLED_STATE license type in the sntl_lg_start() function.

The code snippet below demonstrates how to clear the "disabled" state for the key.

NOTE    To clear the "disabled" state for a key, a license definition is not required. You only require the current state from the disabled key.

Sample syntax to clear the "disabled" state for a Sentinel HL key

sntl_lg_handle_t handle;
sntl_lg_status_t status;
sntl_lg_vendor_code_t vendor_code; // put the vendor code
char *current_state; // put the current state of the disabled key.
char *license = NULL;
char *updated_state = NULL;

status = sntl_lg_initialize(NULL, &handle);
if (status)
{ 
   // some error occurred. 
}
// *** Do not forget to initialize the 'current_state' variable with the key's current state
// *** Do not forget to initialize the 'vendor_code' variable with the assigned vendor code
status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_CLEAR_DISABLED_STATE, NULL, current_state);
if (status)
{ 
   // some error occurred. 
} 
status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
if (status)
{ 
   // some error occurred. 
} 
sntl_lg_free_memory(license);
sntl_lg_free_memory(updated_state);
sntl_lg_cleanup(&handle); 

Return to Top

Related Topics

License Definition Example