License Definition Input XML Templates

Introduction

>License Definition XML Template Introduction

Specifying License Attributes

>How to specify the enforcement type

>How to specify a Product

>How to specify the Features in a Product

>How to select the minimum RTE/API version

>How to allow a Product to use the V-Clock in a Sentinel HL key

>How to specify the license type in a Feature

>How to specify the concurrency information in a Feature

>How to specify contract information in the license definition

>How to specify the acknowledgement request flag

>How to specify rehost information

>How to enable or disable the remote desktop accessibility flag in a Feature

>How to enable or disable the virtual machine accessibility flag in a Feature

>How to enable or disable enhanced security for SL-UserMode keys

Updating an Existing License

>How to modify the expiration date in a Feature

>How to modify the execution count in a Feature

>How to modify the remote desktop accessibility flag in a Feature

>How to modify the virtual machine accessibility flag in a Feature

>How to modify the concurrency information in a Feature

>How to specify new license properties for an existing Feature

>How to cancel a Feature or Product

>How to update and preserve an SL Legacy License

Enabling and Clearing Clone Detection

>How to specify clone protection for a Product

>How to specify clone protection for a Product (Deprecated)

>How to specify a custom clone protection scheme for a Product

>How to clear clone detection for a Product with a Sentinel SL license

Other Actions

>How to use the default memory areas of a protection key

>How to use the dynamic memory area of a Sentinel protection key

>How to clear the Sentinel protection key

>How to format the Sentinel protection key

>How to clear and update the Sentinel protection key

>How to format and update the Sentinel protection key

>How to generate an Unlocked License

>How to generate a readable license certificate

>How to decode the current state

>How to upgrade a Sentinel HL key to the Driverless configuration

>How to convert a Sentinel HL standalone key to support network licenses

>How to reset the V-Clock in a protection key

>How to set fallback to the V-Clock in a Sentinel HL key with RTC

>How to generate a Trusted Storage Authorization file

License Definition XML Template Introduction

License Generation API functions receive the license inputs in the form of XML templates. A license template is organized in following structure:

>Product. The template can contain multiple Products.

>Features belonging to each Product. Each Feature includes the relevant license properties.

>Protection key read-only (RO) and read/write (RW) memory areas.

Each template begins with the following specification:

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
</sentinel_ldk:license> 

>The first line is the XML declaration. It defines the XML version (1.0) and the encoding used (UTF-8 character set).

>The second line specifies the top-level license tag under the namespace of sentinel_ldk.

The second line also specifies the version of schema used to validate the XML template. Current version is "1.0".

>The third line specifies the namespace for the XML Schema Instance.

>The fourth line specifies the namespace for the Input License Definition Instance.

Return to Top

How to specify the enforcement type

Each license definition is locked to a specific enforcement type (also known as locking type).

Enforcement Type Syntax:

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>HL</enforcement_type>
</sentinel_ldk:license>

Return to Top

How to specify a Product

Each Product is identified by a unique numeric identifier.

NOTE   The "0" Product ID is a special value. It is used for Feature-based licensing without defining a Product. If the Product ID is "0", the name is ignored.

You can specify up to 65,471 Products.

Syntax for Product

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <cloud_licensing>No</cloud_licensing>
  <product>
     <id>9300</id>
     <name>Sample Product 9300</name>
  </product>
  <!-- You can specify as many Products as desired -->
  <product>
     <id>9400</id>
      <name>Sample Product 9400</name>
  </product>
</sentinel_ldk:license>

Return to Top

How to specify the Features in a Product

Each Feature is identified by a numeric identifier that is unique within a Product scope. Features that are not related and that exist in different Products can have the same Feature id.

NOTE   You can specify as many Features as desired in a Product. However, for Sentinel HL keys, each key can contain a certain maximum number of Features, depending on the type of HL key and the complexity of the license type defined in each Feature. For more information, see the Sentinel LDK Software Protection and Licensing Guide.

Syntax for Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9000</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
      </feature>
      <feature>
         <id>9302</id>
         <name>Sample Feature 9302</name>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to select the minimum RTE/API version

The level of security provided by Sentinel LDK for a protected application depends in part on the following components:

>Version of Sentinel LDK-EMS or of the License Generation API used to generate the license

>Version of Licensing API libraries used to protect the application (using the Licensing API, Envelope, or both)

>Version of the Run-time Environment (if any) used to manage and enforce the license (for SL licenses)

(The “security” referred to above consists of the security of the license and the protected application against vulnerabilities and disassembly.)

As a general rule, use of the latest version of each of the components above provides the most advanced and comprehensive security and reliability for the protected application.

However, providing your customers with a protected application and license that incorporates the latest version of all the components is not always practical. For example:

>Your existing customer base may include applications that were protected and licensed with Sentinel LDK 7.6. You now want to send a license update using Sentinel 8.0. However, the license update includes security features that are not supported by the original 7.6 license. As a result, the updated license may not be valid.

>When you are ready to issue an updated version of your protected application, you don’t necessarily want to force your customers to update the Run-time Environment at their site. However, you want the application to be protected with the most advanced clone protection schemes that can be supported by the existing RTEs at the customer sites.

You can balance the security and reliability of your applications against the convenience of your customers by choosing the appropriate value for the <minimum_rte_api_version> tag. The value that you choose determines:

>the minimum version of the RTE (for SL AdminMode licenses or HL keys with concurrency), and

>the minimum version of the Licensing API libraries (for SL UserMode licenses)

that must exist on the end users’ machines that will receive the license update.

As a result of the value that you choose:

>The licenses generated by the License Generation API are compatible with your existing customer base. Only newer security and reliability enhancements that can be supported on the end users’ machines will be implemented.

>For SL licenses that include the Platform Default option, Sentinel LDK will use the most advanced clone protection scheme that is supported by the value that you have selected. (For more information, see How to specify clone protection for a Product.)

For more information on the use of the minimum RTE/API version, see the Sentinel LDK Software Protection and Licensing Guide.

Syntax to set the minimum RTE/API version

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <minimum_rte_api_version>8.11</minimum_rte_api_version>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to allow a Product to use the V-Clock in a Sentinel HL key

A time-based license can be regulated using :

>The real-time clock in a Sentinel HL Time key or Sentinel HL NetTime key

>The V-Clock in a Sentinel SL key or Sentinel HL (Driverless configuration) key

V-Clock is not available for Sentinel HL Basic keys. To use V-Clock with Sentinel HL Pro keys, you must purchase the V-Clock module for your Sentinel Master key.

The use of the V-Clock in the Sentinel HL (Driverless configuration) key to regulate a time-based license must be specifically allowed for the Products to be licensed.

Blocking the use of V-Clock for a Product only prevents the introduction of new time-based licenses for that Product. If the use of the V-Clock is blocked for a Product after a time-based license has been applied to the key for that Product, the existing license continues to function correctly.

For more information, see the description of V-Clock in the Sentinel LDK Software Protection and Licensing Guide.

Syntax to allow a Product to use the V-Clock in a Sentinel HL (Driverless configuration) key

<?xml version="1.0" encoding="utf-8"?> 
 <sentinel_ldk:license schema_version="1.0" 
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk"> 
 <enforcement_type>HL</enforcement_type> 
 <product> 
    <id>9300</id>
 <!-- Specify "Yes" or "No" -->
    <use_vclock>Yes</use_vclock> 
    <feature>
       <id>123</id>
       <name>Feature Name</name>
       <license_properties>
          <expiration_date>2023-12-31</expiration_date>
       </license_properties>
    </feature> 
 </product> 
 </sentinel_ldk:license>

The <use_vclock> tag is ignored for Sentinel SL keys and Sentinel HL (HASP configuration) keys.

Return to Top

How to specify the license type in a Feature

You can select from the license types in the table that follows. For more information, see Sentinel LDK Software Protection and Licensing Guide.

<expiration_date>endDate</expiration_date>
<expiration_date>endDateTime</expiration_date>
<expiration_date start_date=”startDate”>endDate</expiration_date>
<expiration_date start_date=”startDateTime”>endDateTime</expiration_date>

<expiration_date start_date="2024-01-05T09:30:00">2024-12-31T17:59:59</expiration_date>

NOTE   Limitations exists on license types for unlocked Products. For more information, see How to generate an Unlocked License .

The syntax listed below demonstrates how to specify the license type for a given Feature. In this example, license types other than perpetual are commented. You can uncomment them based on the chosen license type. You can specify only one license type for a given Feature.

Syntax for License Type

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- Specify only one of the license models below. -->
            <perpetual/>
            <!-- <expiration_date >2024-12-31T21:59:59</expiration_date> -->
            <!-- <expiration_date start_date="2024-06-01">
            <!-- <expiration_date start_date="2024-06-01">2024-12-31</expiration_date> -->
            <!-- <execution_count>333</execution_count> -->
            <!-- <days_to_expiration>90</days_to_expiration> -->
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to specify the concurrency information in a Feature

You can specify the concurrency information as described in the table that follows.

Syntax for Concurrency

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <perpetual/>
            <concurrency>
               <!-- 'Unlimited' text value means unlimited count -->
               <count>23</count>
               <!-- Possible values for count criteria are "Per Station", "Per Login", "Per Process" -->
               <count_criteria>Per Station</count_criteria>
               <!-- Possible values are "Yes" or "No" -->
               <network_access>Yes</network_access>
            </concurrency>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

NOTE   If the <concurrency> tag is missing, the default concurrency shown below is used.

 <concurrency>
   <count>Unlimited</count>
   <count_criteria>Per Station</count_criteria>
   <network_access>No</network_access>
 </concurrency>
 

Return to Top

How to enable or disable the remote desktop accessibility flag in a Feature

You can specify whether access to the protected application from a remote desktop is supported. Possible values are "Yes" or "No".

Syntax for remote desktop accessibility flag

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <perpetual/>
            <!-- Possible values are "Yes" or "No" --> 
            <remote_desktop_access>Yes</remote_desktop_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to enable or disable the virtual machine accessibility flag in a Feature

You can specify whether the protected application can run on a virtual machine. Possible values are "Yes" or "No.

NOTE    This property is not applicable for HL keys.

Syntax for Virtual machine accessibility flag

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <perpetual/>
            <!-- Possible values are "Yes" or "No" --> 
            <virtual_machine_access>Yes</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to enable or disable enhanced security for SL-UserMode keys

You can specify whether a generated or updated SL-UserMode key should use enhanced security. Possible values are "Yes" or "No".

By default, enhanced security is used. However, enhanced security is not compatible when the V2C file from the end user machine is created with a Licensing API library or RUS utility from a version of Sentinel LDK earlier than v.7.0. In such instances, the Sentinel License Generation API issues an SNTL_LG_INVALID_FINGERPRINT error when you attempt to generate an SL-UserMode update.

Syntax to disable enhanced security for an SL-UserMode key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-UserMode</enforcement_type>
  <enforce_secure_storage_id>No</enforce_secure_storage_id>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to modify the expiration date in a Feature

You can generate an update to an existing license, to add or subtract a given number of days from the original expiration date. You can perform one of the following actions:

For information on minimum and maximum allowed dates, see How to specify the license model.

NOTE   You cannot modify the start date for the Feature.

Syntax to modify the expiration date in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- "sub" action will reduce the number of days from the base expiration date -->
            <expiration_date action="add">90</expiration_date>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to modify the execution count in a Feature

You can generate an update to an existing license, to add or subtract the execution count from the original execution count.

Syntax to >modify the execution count in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- "sub" action will subtract execution count from the base execution count -->
            <execution_count action="add">99</execution_count>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to modify the remote desktop accessibility flag in a Feature

You can generate an update to an existing license, to enable or disable remote desktop accessibility flag. It is not necessary to specify an action when you modify the remote desktop accessibility flag.

Syntax to modify the remote desktop accessibility flag in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- -->
            <remote_desktop_access>No</remote_desktop_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to modify the virtual machine accessibility flag in a Feature

You can generate an update to an existing license, to enable or disable the virtual machine accessibility flag. It is not necessary to specify an action when you modify the virtual machine accessibility flag.

Syntax to modify the virtual machine accessibility flag in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <!-- -->
            <virtual_machine_access>No</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Return to Top

How to modify the concurrency information in a Feature

You can modify the concurrency information as described in the table that follows.

NOTE   Network seats that are reduced or erased from a Product license are not returned to the pool of seats on the Master key. For more information, see the description of networks seats in Appendix A in the Sentinel LDK Software Protection and Licensing Guide.

Syntax to modify the concurrency information in a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <perpetual/>
            <concurrency>
               <!-- Possible action is "add" or "sub". No action means set the new value -->
               <count action="add">15</count>
               <!-- no action means setting the new value -->
               <count_criteria>Per Login</count_criteria>
               <!-- no action means setting the new value -->
               <network_access>No</network_access>
               <!-- no action means setting the new value -->
               <detachable>No</detachable>
            </concurrency>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>

Syntax to convert from limited concurrency to unlimited concurrency

 <concurrency>
   <count>Unlimited</count>
 </concurrency> 

Syntax to convert from unlimited concurrency to limited concurrency

(For example: 30 seat count).

 <concurrency>
   <count>30</count>
 </concurrency> 

Return to Top

How to specify new license properties for an existing Feature

You can generate an update license to overwrite the license properties rather than modifying the existing values. For example: An initial license was generated based on the Initial License Input template that follows. You want an update to change the license model from execution count to expiration date. This can be achieved by "set" action over the <license_properties> tag.

NOTE    When calling the "set" action over the license properties, no information is retained from the original license. To retain the concurrency information, you must specify the concurrency information again.

Initial License Input template

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <execution_count>300</execution_count>
            <concurrency>
               <count>23</count>
               <count_criteria>Per Station</count_criteria>
               <network_access>Yes</network_access>
            </concurrency>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license>
 

This example demonstrates how to update an installed Feature in a key by generating an update license.
The template above used to generate the input license definition. Install the license on the key.
To update the installed Feature in the key with new license properties: Use the Update License Input template below to generate an update license. Next, install the update license on the key.

Update License Input template

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <feature>
         <id>9301</id>
         <license_properties action="set">
            <expiration_date start_date=”2024-06-01”>2024-12-31</expiration_date>
            <!-- Even to retain the old values of concurrency, you must specify the concurrency information again. -->
            <concurrency>
               <count>23</count>
               <count_criteria>Per Station</count_criteria>
               <network_access>Yes</network_access>
            </concurrency>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license> 

Return to Top

How to cancel a Feature or Product

You can either cancel a complete Product or a specific Feature. If you cancel a Product, all the Features for that Product are deleted.

Syntax to cancel a Feature

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product>
      <id>9300</id>
      <feature action="cancel">
         <id>9301</id>
      </feature>
   </product>
 </sentinel_ldk:license> 

Syntax to cancel a Product

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <product action="cancel">
      <id>9300</id>
   </product>
 </sentinel_ldk:license> 

Return to Top

How to update and preserve an SL Legacy License

By default, when you update an existing SL Legacy license, the license is automatically upgraded to an SL-AdminMode license. However, to support SL-AdminMode licenses, the end user must install a more recent version of the Run-time Environment (from Sentinel LDK 6.3 or later).

If you want to avoid the requirement to re-install the Run-time Environment when you update an existing SL Legacy license, you can prevent the upgrade of the license to an SL-AdminMode license. This is accomplished by adding the tag:

<enable_sl_legacy_support>Yes</enable_sl_legacy_support>

If the tag is not specified or is set to No, an SL Legacy license is upgraded to SL-AdminMode when the license is updated.

The following functionality in Sentinel LDK is not supported by SL Legacy licenses:

>Transfer of a license by the end user to a different computer

>Readable license certificates

>Disallow format of a protection key when a Product is detached from the key

>Advanced clone protection schemes. For more information, see How to specify clone protection for a Product.

NOTE   If you enable any of this functionality in the license update, an SL Legacy license is automatically upgraded to SL-AdminMode regardless of the value specified for <enable_sl_legacy_support>.

Syntax to preserve an SL Legacy license when updating the license

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <enable_sl_legacy_support>Yes</enable_sl_legacy_support>
   <product>
      <id>2000</id>
      <name>Sample Product 2000</name>
      <clone_protection>Yes</clone_protection>
      <feature>
         <id>2005</id>
         <name>Sample Feature 2005</name>
         <license_properties>
            <perpetual />
         </license_properties>
      </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to specify clone protection for a Product

Clone protection protects Products that are licensed with SL protection keys against machine cloning. This topic describes how to enable or disable clone protection for a Product, and how to specify a clone protection scheme.

A clone protection scheme defines which factors are considered by the Sentinel License Manager in order to determine whether a given Sentinel SL key has been cloned.

Sentinel LDK offers several different clone protection schemes to protect applications that execute on physical machines and on virtual machines. The schemes are designed to accommodate a variety of circumstances. For example, schemes are available for applications that run on PCs or on Microsoft Azure virtualization platforms. (For advanced users, the clone protection schemes are described in detail in the Sentinel LDK Software Protection and Licensing Guide.)

Sentinel LDK License Generation API allow you to specify a scheme called PlatformDefault instead of entering a specific clone protection scheme for a Product.

When you specify PlatformDefault as the scheme for a virtual machine or a physical machine (or both), Sentinel LDK automatically applies the most appropriate clone protection scheme for each end user based on the following parameters:

>the environment in which the protected application is installed.

>the earliest version number in use by the vendor's customer base from among the following:

•For SL AdminMode keys: the earliest version number of the Run-time Environment (RTE) in use by the vendor's customer base.

•For SL UserMode keys: the earliest version of Sentinel LDK used to provide the External or Integrated License Manager (LM) in use by the vendor's customer base.

NOTE   If you plan to ensure that each customer receives the latest RTE or LM when you deliver a Product license, you can assume that the earliest version number for your customer base is the current version.

The environment is determined automatically by Sentinel LDK. However, it is the responsibility of the vendor to specify the appropriate version number for the customer base.

Specifying a later version number results in the selection of a more advanced clone protection scheme. However, the selected version number must not be higher than the version numbers that exist where the Product will be installed.

The version is specified in the <minimum_rte_api_version> tag in the Product definition. For more information on the minimum RTE/API version, see How to select the minimum RTE/API version.

Use the table below to determine which version value you should specify, as follows:

1.Determine which column in the table is consistent with the earliest version number of the RTE and LM in use for your customer base as described above.

2.From the column that you selected, use the specified version in the <clone_protection_ex> tag.

For example:

> If the earliest version of the RTE in use by your customer base is 7.70, but the earliest LM for SL UserMode keys is from Sentinel LDK v.7.5, use the version "7.5" for the <minimum_rte_api_version> tag.

>If you plan to update to RTE version 8.11 or to the LM from Sentinel LDK 8.0 with each new license or license update, use the version "8.11".

The table that follows indicates which clone protection scheme Sentinel LDK selects based on the various factors that Sentinel LDK examines in order to determine the optimum scheme for a given scenario.

To disable clone protection for SL-AdminMode and SL-UserMode licenses, the License Manager (LM) on the end user machine must be from Sentinel LDK v.7.0 or later.

NOTE   The V2C file for a Product cannot be used to install the Product on any physical machine other than the physical machine for which the V2C file was issued.

Syntax to set clone protection using the latest schemes for Sentinel LDK 7.5

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>    
  <minimum_rte_api_version>7.50</minimum_rte_api_version>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <clone_protection_ex>
        <physical_machine>PlatformDefault</physical_machine>
        <virtual_machine>PlatformDefault</virtual_machine>
     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to disable all clone protection for a Product (LM from Sentinel LDK 7.0 or later)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <!-- Specify "Yes" or "No" to enable or disable clone protection -->
     <clone_protection>No</clone_protection>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to disable or set the clone protection scheme for a Product (LM from Sentinel LDK 7.1 or later)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <clone_protection_ex>
    <!-- Specify "PMType1", "PMType2", "FQDN", or "Disable" for clone protection scheme for physical machines -->
        <physical_machine>PMType1</physical_machine>
    <!-- Specify "VMType1", "VMType2", "FQDN", or "Disable" for clone protection scheme for virtual machines -->
        <virtual_machine>Disable</virtual_machine>
     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to specify clone protection for a Product (Deprecated)

NOTE   The method described in this topic continues to be supported. However, it cannot be used to implement any enhancements to clone protection that were added after Sentinel LDK version 7.10. For the latest clone protection, see How to specify clone protection for a Product.

Clone protection protects Products that are licensed with SL protection keys against machine cloning. This topic describes how to enable or disable clone protection for a Product, and how to specify a clone protection scheme.

A clone protection scheme defines which factors are considered by the Sentinel License Manager in order to determine whether a given Sentinel SL key has been cloned.

Sentinel LDK offers several different clone protection schemes to protect applications that execute on physical machines and on virtual machines. The schemes are designed to accommodate a variety of circumstances. For example, schemes are available for applications that run on PCs or on Microsoft Azure virtualization platforms. (For advanced users, the clone protection schemes are described in detail in the Sentinel LDK Software Protection and Licensing Guide.)

Sentinel LDK License Generation API allow you to specify a scheme called PlatformDefault instead of entering a specific clone protection scheme for a Product.

When you specify PlatformDefault as the scheme for a virtual machine or a physical machine (or both), Sentinel LDK automatically applies the most appropriate clone protection scheme for each end user based on the following parameters:

>the environment in which the protected application is installed.

>the earliest version number in use by the vendor's customer base from among the following:

•For SL AdminMode keys: the earliest version number of the Run-time Environment (RTE) in use by the vendor's customer base.

•For SL UserMode keys: the earliest version of Sentinel LDK used to provide the External or Integrated License Manager (LM) in use by the vendor's customer base.

NOTE   If you plan to ensure that each customer receives the latest RTE or LM when you deliver a Product license, you can assume that the earliest version number for your customer base is the current version.

The environment is determined automatically by Sentinel LDK. However, it is the responsibility of the vendor to specify the appropriate version number for the customer base.

Specifying a later version number results in the selection of a more advanced clone protection scheme. However, the selected version number must not be higher than the version numbers that exist where the Product will be installed.

The version is specified as part of the <clone_protection_ex> tag in the Product definition.

Use the table below to determine which version value you should specify, as follows:

1.Determine which column in the table is consistent with the earliest version number of the RTE and LM in use for your customer base as described above.

2.From the column that you selected, use the specified attribute value in the <clone_protection_ex> tag.

For example:

> If the earliest version of the RTE in use by your customer base is 7.70, but the earliest LM for SL UserMode keys is from Sentinel LDK v.7.5, use the attribute version = "7.5" for the <clone_protection_ex> tag.

>If you plan to update to RTE version 7.10 or to the LM from Sentinel LDK v.7.10 with each new license or license update, use the attribute version="7.10".

The table that follows indicates which clone protection scheme Sentinel LDK selects based on the various factors that Sentinel LDK examines in order to determine the optimum scheme for a given scenario.

To disable clone protection for SL-AdminMode and SL-UserMode licenses, the License Manager (LM) on the end user machine must be from Sentinel LDK v.7.0 or later.

NOTE   The V2C file for a Product cannot be used to install the Product on any physical machine other than the physical machine for which the V2C file was issued.

Syntax to set clone protection using the latest schemes for Sentinel LDK 7.5

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <clone_protection_ex version="7.5">
        <physical_machine>PlatformDefault</physical_machine>
        <virtual_machine>PlatformDefault</virtual_machine>
     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to disable all clone protection for a Product (LM from Sentinel LDK 7.0 or later)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <!-- Specify "Yes" or "No" to enable or disable clone protection -->
     <clone_protection>No</clone_protection>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to disable or set the clone protection scheme for a Product (LM from Sentinel LDK 7.1 or later)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-AdminMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <clone_protection_ex>
    <!-- Specify "PMType1", "PMType2", "FQDN", or "Disable" for clone protection scheme for physical machines -->
        <physical_machine>PMType1</physical_machine>
    <!-- Specify "VMType1", "VMType2", "FQDN", or "Disable" for clone protection scheme for virtual machines -->
        <virtual_machine>Disable</virtual_machine>
     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
   </product>
</sentinel_ldk:license>

Syntax to define a license for an Android Product

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
  <enforcement_type>SL-UserMode</enforcement_type>
  <product>
     <id>2000</id>
     <name>Sample Product 2000</name>
     <clone_protection_ex>
        <physical_machine>PMType3</physical_machine>
        <virtual_machine>Disable</virtual_machine>
     </clone_protection_ex>
     <feature>
        <id>2005</id>
        <name>Sample Feature 2005</name>
        <license_properties>
           <perpetual />
        </license_properties>
     </feature>
  </product>
</sentinel_ldk:license>

Return to Top

How to specify a custom clone protection scheme for a Product

A custom clone protection scheme checks for the criteria that you select from a list of available criteria. You specify separate custom clone protection schemes for physical machines and for virtual machines.

You also specify how many of the selected criteria must match when the License Manager validates the license (using the minimum attribute). For example, you can select six criteria from the table, but specify that only three of the six must match in order to validate the license.

NOTE   The reference fingerprint for the machine where the Product license will be installed must contain at least the number of selected criteria specified by the minimum attribute. Otherwise, installation of the Product license will fail.

For protection keys that require Sentinel LDK Run-time Environment, version 7.90 or later of the Run-time Environment must be present on the computer where the protected application executes.

Custom clone protection schemes are specified using the following tags:

The available criteria for custom clone protection schemes for physical machines and for virtual machines are described in the table below.

To specify a custom clone protection scheme for a Product

<?xml version="1.0" encoding="utf-8"?>

<sentinel_ldk:license schema_version="1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
    <enforcement_type>SL-AdminMode</enforcement_type>
    <product>
        <id>1</id>
        <name>Product Name</name>
        <clone_protection_ex>
            <!--<physical_machine>PMType1</physical_machine>-->
            <physical_machine_custom>
               <enforce_all_available_identifiers>No</enforce_all_available_identifiers>
               <name>PM Custom</name>
                <criteria minimum="2">
                    <name>machine_id</name>
                    <name>ethernet_address</name>
                    <name>hard_disk</name>
                    <name>cpu</name>
                    <name>fqdn</name>
                    <name>ip_address</name>
                    <name>sid</name>
                </criteria>
            </physical_machine_custom>
            <!--<virtual_machine>VMType1</virtual_machine>-->
            <virtual_machine_custom>
               <enforce_all_available_identifiers>Yes</enforce_all_available_identifiers>
               <name>VM Custom</name>
                <criteria minimum="2">
                    <name>machine_id</name>
                    <name>ethernet_address</name>
                    <name>cpu</name>
                    <name>fqdn</name>
                    <name>ip_address</name>
                    <name>vm_generation_id</name>
                    <name>sid</name>
                </criteria>      
            </virtual_machine_custom>
        </clone_protection_ex>
        <feature>
            <id>1</id>
            <name>Feature Name</name>
            <license_properties>
                <perpetual/>
                <virtual_machine_access>No</virtual_machine_access>
            </license_properties>
        </feature>
    </product>
</sentinel_ldk:license>

Return to Top

How to clear clone detection for a Product with a Sentinel SL license

If a Product with an SL license (SL-AdminMode, SL-UserMode, or SL-Legacy) is detected as cloned, you can clear the clone-detected state of the Product by specifying the license type as “SNTL_LG_LICENSE_TYPE_CLEAR_CLONE” in the sntl_lg_start() function. The code snippet below demonstrates how to clear clone detection.

Note the following:

> To clear clone detection, a license definition is not required. You only require the current state of the cloned Product license.

>To clear clone detection for a Product with a custom clone protection scheme, at least one of the selected clone protection criteria must match in the reference and system fingerprints.

Function calls to clear clone detection for any Product

sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the Vendor Code
 char *current_state; // put the current state of the key.
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned Vendor Code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_CLEAR_CLONE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Return to Top

How to use the default memory areas of a protection key

Most protection keys contain a default memory area that is divided into read-only (RO) and read/write (RW) memory areas. You can generate an update license to write data in the RO/RW memory areas of a key. Each memory segment is specified by the offset (in the key memory area) and the content. The content must be base-64 encoded stream.
Refer to RFC-2045 for the base-64 encoded scheme. XSD standard defines that the base-64 encoded should be based on RFC-2045. Therefore, most of the standard XML parsers such as Xerces provide the function for base-64 encoding.

Syntax to assign values to default memory segments

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <memory>
      <ro_memory_segment>
         <offset>10</offset>
         <content>QVBQTEU=</content>
      </ro_memory_segment>
      <ro_memory_segment>
         <offset>20</offset>
         <content>TUFOR08=</content>
      </ro_memory_segment>
      <rw_memory_segment>
         <offset>10</offset>
         <content>QkFOQU5B</content>
      </rw_memory_segment>
      <rw_memory_segment>
         <offset>16</offset>
         <content>T1JBTkdF</content>
      </rw_memory_segment>
      <rw_memory_segment>
         <offset>22</offset>
         <content>R1JBUEU=</content>
      </rw_memory_segment>
   </memory>
 </sentinel_ldk:license> 

Return to Top

How to use the dynamic memory area of a Sentinel protection key

Sentinel SL keys and Sentinel HL (Driverless configuration) keys (with the exception of HL Basic keys and HL Pro keys) contain 25 KB of dynamic memory that can be shared between storage of application licenses and vendor usage. The memory for application licenses is managed automatically by the License Manager. You can generate an update license to create, modify, or delete dynamic memory files in the unused portion of the dynamic memory. On the end user computer, you can use Sentinel Licensing API to access existing dynamic memory files on the protection key.

Dynamic memory files are managed using the following tags:

NOTE   Most protection keys have additional default memory that you can use.

You can perform the following actions:

>Create dynamic memory files.

>Modify dynamic memory files. You can do the following:

•Modify existing data.

•Modify file size.

•Modify the file attribute (for example, from "ro” to “rw”).

•Write new data and erase existing data.

>Delete dynamic memory files.

Syntax to create dynamic memory files

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <dynamic_resource>
      <isv_memory attribute="ro">
         <file_id>1</file_id>
         <segment>
            <offset>0</offset>
            <content>cmVhZCBvbmx5IGR5bmFtaWMgcmVjb3VyY2U=</content>
         </segment>
      </isv_memory>
      <isv_memory attribute="rw">
         <file_id>2</file_id>
         <size>200</size>
      </isv_memory>
      <isv_memory attribute="rwo">
         <file_id>3</file_id>
         <segment>
            <offset>0</offset>
            <content>cmVhZCB3cml0ZSBvbmNlIGR5bmFtaWMgcmVjb3VyY2U=</content>		
         </segment>
      </isv_memory>
   </dynamic_resource>	
</sentinel_ldk:license>

Syntax to modify specific data in a dynamic memory file

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
    <enforcement_type>HL</enforcement_type>
    <dynamic_resource>
       <isv_memory>
          <file_id>1</file_id>
          <segment>
            <offset>100</offset>
            <content>cmVhZCB3cml0ZSBkeW5hbWljIHJlY291cmNl</content>          
          </segment>
       </isv_memory>
    </dynamic_resource> 
</sentinel_ldk:license>

Syntax to completely replace existing data with new data in a dynamic memory file

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <dynamic_resource>
      <isv_memory action = "set" attribute="rw">
         <file_id>1</file_id>
         <segment>
            <offset>10</offset>
            <content>cmVhZCB3cml0ZSBkeW5hbWljIHJlY291cmNl</content>        
         </segment>
         <segment>
            <offset>200</offset>
            <content>cmVhZCB3cml0ZSBkeW5hbWljIHJlY291cmNlIGZyb20gMjAwIG9mZnNldA==</content>     
         </segment>
      </isv_memory>    
   </dynamic_resource>
</sentinel_ldk:license>

Syntax to modify the file size in a dynamic memory file

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
    <enforcement_type>HL</enforcement_type>
    <dynamic_resource>
       <isv_memory>
          <file_id>1</file_id>
          <size>500</size>
       </isv_memory>
    </dynamic_resource>    
</sentinel_ldk:license>

Syntax to modify the file attribute of a dynamic memory file

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <dynamic_resource>
      <isv_memory attribute="rw">
         <file_id>1</file_id>
      </isv_memory>
   </dynamic_resource>    
</sentinel_ldk:license>

Syntax to delete a dynamic memory file

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
    <enforcement_type>HL</enforcement_type>
    <dynamic_resource>
      <isv_memory action = "cancel">
         <file_id>1</file_id>
      </isv_memory>
    </dynamic_resource> 
</sentinel_ldk:license>

Return to Top

How to specify the acknowledgement request flag

You can specify the acknowledgement request flag. When the acknowledgement request flag is "Yes", then after an update is applied, an acknowledgement C2V is generated. The end user will be requested to send that C2V back to the ISV as an acknowledgement. (This feature is also referred to as "prompting for confirmation.")

Possible values are "Yes" or "No". If this tag is not specified, it is equivalent to specifying the value "No".

Syntax to specify the acknowledgement request flag

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <!-- Possible values are "Yes" or "No"-->
   <acknowledgement_request>Yes</acknowledgement_request>
   <enforcement_type>HL</enforcement_type>
 </sentinel_ldk:license> 

Return to Top

How to specify rehost information

This topic describes how to enable or disable the ability to rehost (transfer) a protection key without any intervention by the vendor.

You can specify the following information in the <rehost> tag to enable the rehost of a protection key.

Syntax to enable rehost of a protection key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
      <rehost>
         <type>EndUserManaged</type>
      </rehost>
</sentinel_ldk:license>

You can disable the ability to rehost a protection key by specifying the "cancel" action for the <rehost> tag.

Syntax to disable re-host of a protection key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
<enforcement_type>SL-AdminMode</enforcement_type>
<!-- Disable Rehosting --> 
   <rehost action="cancel"></rehost>
</sentinel_ldk:license>

Return to Top

How to clear the Sentinel protection key

You can clear the protection key by specifying the license_type as SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE in the sntl_lg_start() function. The following code snippet demonstrates how to clear an HL key.

Function calls to clear an HL key

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the Vendor Code
 char *current_state; // put the current state of the key.
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned Vendor Code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Return to Top

How to format the Sentinel protection key

You can format the Sentinel protection key by specifying the license_type as SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE in the sntl_lg_start() function. The following code snippet demonstrates how to format the Sentinel protection key.

NOTE    The Format key operation deletes all the existing Features in a Sentinel protection key. The operation also erases the key memory area.

You can set a flag in the license definition that prevents the formatting of the Sentinel protection key in the event that a Product is currently detached from the protection key. For more information, see How to format and update the Sentinel protection key .

Function calls to format a Sentinel protection key

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the Vendor Code
 char *current_state; // put the current state of the key.
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned Vendor Code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Return to Top

How to clear and update the Sentinel protection key

You can clear the protection key and specify the new or modified Features in single license by specifying the license_type as SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE in the sntl_lg_start() function. The following code snippet demonstrates how to clear and how to update an HL key in a single license.

NOTE   The Clear key operation deletes all the existing Features (except Features that are modified as part of license/update) in a protection key. Key memory areas are not affected.

You can set a flag in the license definition that prevents the formatting of the Sentinel protection key in the event that a Product is currently detached from the protection key. For more information, see How to format and update the Sentinel protection key .

Function calls to clear and update a Sentinel protection key

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the Vendor Code
 char *current_state; // put the current state of the key.
 char *license_definition; // put the license definition here
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned Vendor Code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'license_definition' variable with the input license definition
 status = sntl_lg_apply_template(handle, license_definition);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Return to Top

How to format and update the Sentinel protection key

You can format the protection key and specify the new/modified Features and memory area in single license by specifying the license_type as SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE in the sntl_lg_start() function. The following code snippet demonstrates how to format and how to update a Sentinel protection key in a single license.

NOTE   The Format key operation deletes all the existing Features (except Features that are modified as part of license/update) in a Sentinel protection key. It also erases the Key memory areas before it applies the updates in the memory area.

You can set a flag in the license definition that prevents the formatting of a Sentinel protection key in the event that a Product is currently detached from the protection key. This is applicable for SL-AdminMode keys only. For more information, see the license definition later in this topic.

Function calls to format and update a Sentinel protection key

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the Vendor Code
 char *current_state; // put the current state of the key.
 char *license_definition; // put the license definition here
 char *license = NULL;
 char *updated_state = NULL;
 
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with the key's current state
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned Vendor Code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE, NULL, current_state);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'license_definition' variable with the input license definition
 status = sntl_lg_apply_template(handle, license_definition);
 if (status)
 {
   // some error occurred.
 }
 status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_free_memory(updated_state);
 sntl_lg_cleanup(&handle); 

Syntax to prevent formatting of an SL-AdminMode protection key if a detached Product exists

The license definition that follows will prevent the License Manager from formatting the Sentinel protection key in the event that a Product is currently detached from the protection key.

If this option is used, end users are prevented from applying a V2C file that formats a Sentinel SL key in the event that a Product is currently detached from the key. This prevents users from taking advantage of a planned format action to detach and continue working with a Product license that should have been returned to the vendor.

The tag <check_detached_license_before_format_key> is applicable for license_types SNTL_LG_LICENSE_TYPE_FORMAT_AND_UPDATE and SNTL_LG_LICENSE_TYPE_CLEAR_AND_UPDATE.

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
<check_detached_license_before_format_key>Yes</check_detached_license_before_format_key>
   <product>
      <id>2000</id>
      <name>Sample Product 2000</name>
      <feature>
         <id>2005</id>
         <name>Sample Feature 2005</name>
         <license_properties>
            <perpetual />
         </license_properties>
      </feature>
   </product>
</sentinel_ldk:license>

Return to Top

How to generate an Unlocked License

Unlocked License can be generated by specifying the license type as SNTL_LG_LICENSE_TYPE_PROVISIONAL in the sntl_lg_start() function.

Unlocked licenses are not bound to any machine. You can only specify the following license properties for unlocked licenses.

>Number of executions
OR
Duration of the license, using one of the following:

•Time Period (starting from date of first use)

•Expiration Date (absolute date)

•Perpetual

>Remote Desktop Access

>Virtual Machine Access

>RO and RW Memory

The maximum duration or maximum number of executions that you can specify for an unlocked license depend on the modules present on your Sentinel Master key. See the table that follows.

Sample syntax for an unlocked license based on time period

<?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <days_to_expiration>45</days_to_expiration>
            <remote_desktop_access>No</remote_desktop_access>
            <virtual_machine_access>Yes</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license> 

Sample function calls to define an Unlocked license

sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the Vendor Code
 char *license_definition; // put the license definition here
 char *license = NULL;
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Pass the 'current_state' variable as NULL because Unlocked licenses are not tied to any machine.
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned Vendor Code
 status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_PROVISIONAL, NULL, NULL);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'license_definition' variable with the input license definition
 status = sntl_lg_apply_template(handle, license_definition);
 if (status)
 {
   // some error occurred.
 }
 // *** Pass the 'updated_state' variable as NULL as Unlocked licenses are unmanaged.
 status = sntl_lg_generate_license(handle, NULL, &license, NULL);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(license);
 sntl_lg_cleanup(&handle);

Return to Top

How to generate a readable license certificate

A readable license certificate is a V2C license file in which the license terms are presented in human-readable format. To generate a readable license certificate, use the readable_license tag as described below.

Sample syntax for a readable license

<?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <readable_license>Yes</readable_license>
   <acknowledgement_request>Yes</acknowledgement_request>
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <execution_count>45</execution_count>
            <remote_desktop_access>Yes</remote_desktop_access>
            <virtual_machine_access>Yes</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license> 

A readable license will contain all the information including the license term as provided in the license definition template. The readable license will contain an additional tag called "description".

Sample readable license

 <?xml version="1.0" encoding="utf-8" ?>
 <hasp_info>
    <description/>
    <!--DO NOT MODIFY ANY INFORMATION BELOW HERE, YOUR LICENSE WILL BECOME INVALID-->
    <haspscope>
       <vendor id="37515">
          <hasp id="989391375062415304"/>
       </vendor>
    </haspscope>
    <v2c_content>
       <enforcement_type>SL-AdminMode</enforcement_type>
       <update_counter>0</update_counter>
       <v2c_readable>
          <product>
             <id>9300</id>
             <name>Sample Product 9300</name>
             <feature>
                <id>9301</id>
                <name>Sample Feature 9301</name>
                <license_properties>
                   <execution_count>45</execution_count>
                   <remote_desktop_access>Yes</remote_desktop_access>
                   <virtual_machine_access>Yes</virtual_machine_access>
                </license_properties>
                <detach_license_count>0</detach_license_count>
                <locked>Yes</locked>
             </feature>
          </product>
          <product>
             <id>0</id>
             <name/>
             <feature>
                <id>0</id>
                <name/>
                <license_properties>
                   <perpetual/>
                   <concurrency>
                      <count>Unlimited</count>
                      <count_criteria>Per Station</count_criteria>
                   </concurrency>
                </license_properties>
                <detach_license_count>0</detach_license_count>
                <locked>Yes</locked>
             </feature>
          </product>
       </v2c_readable>             
       <signature>
          YHvFDogjPdtl2/py5iRqiODdTY3ev5nA1hW7zbHD/EmC+SPtGFlRCrKyJssf3yXKwTJCO0S4
          SuJxxHXPsFU7VSP5wB/gN4wqU2E0mmF4nQc2dAl8ngYB6ngsiaXQAA/uyXRFMm/eweA6Z5uV
          7acrfs2QXlz5T6iVf92FADB3oJW0yjzU3oB9XiqCFrVDmp3ruw/LwptGbn/K5yPHdhWfEZDC
          P6MwvmS9UuHPwVwUJdK0AHy8fDpt91PJJ0N24mcIgXr7VYQXkWcqfTM7IzRmalwCRsd1w3t0
          TqubgMXLbCsTv24ANqiv4EzddRQD6lMhPMqSh4OruonRo5SEXL+yaA==
       </signature>                
    </v2c_content>
    <v2c>
       YoIGNqCCBi2ABHZ0YzKBggImlN5e89nLxr0WMRCE9IBSfu8axezbdJpY8L2DURZ4ATdMovT4BUKe
       6DgRh51Cw3/xsVGa5RSIcH5ZIPSxt2uoq8A895P+bNSSqRrocR4fXzlq96Te7GTvxA97wYpbOE3U
       C9bwYGMdMdXUKbdxdbVnX5B7sWYzJf2/FWVWcemjDbE9oslr7kRIhPOcuO+GMyd7c4l/gZtB7sSh
       U5LjMHOo80z9Lm/L3o9Tx6lW6kKFKEvkfJh6sAbcDXyMjS2VCmC0ZlM8U3nZeX9ZwbQQQIVx/nAA
       Mb+IFbc/AWuuXggWnBpyLYj/Dwu9WwcuV7T5RWdofvHNpSYo0qdvgNqzJCzu9mwKA6JkFnEHy841
       VMJZHzl081MTTbb+XjgV6qRNBmc6FeB3oUcUEbTJTpHVLgYstP2BqhIl8g9EytNYGXTJKegsHo==
     </v2c>
  </hasp_info> 

Return to Top

How to specify contract information in the license definition

You have the option to include the contract information shown below in a license definition. If the contract information is provided, it will appear as part of the readable information in the generated license.

NOTE   This information cannot be retrieved by Sentinel Licensing API or Sentinel Admin API.

Sample syntax for contract information

 <?xml version="1.0" encoding="utf-8"?>
 <sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <readable_license>Yes</readable_license>
   <contract_info>
      <issued_to>ABC Limited</issued_to>
      <issuer>XYZ Limited</issuer>
      <issued_on>2023-04-30T10:00:00+06:00</issued_on>
      <agreement>XYZ Ltd grants license.</agreement>
   </contract_info>
   <acknowledgement_request>Yes</acknowledgement_request>
   <enforcement_type>SL-AdminMode</enforcement_type>
   <product>
      <id>9300</id>
      <name>Sample Product 9300</name>
      <feature>
         <id>9301</id>
         <name>Sample Feature 9301</name>
         <license_properties>
            <execution_count>45</execution_count>
            <remote_desktop_access>Yes</remote_desktop_access>
            <virtual_machine_access>Yes</virtual_machine_access>
         </license_properties>
      </feature>
   </product>
 </sentinel_ldk:license> 

Return to Top

How to decode the current state

You can call sntl_lg_decode_current_state() function to decode the current state to produce readable information in XML format. The current state can be a C2V file, the resultant state from license generation, or a fingerprint.

Sample function calls to decode the current state

 sntl_lg_handle_t handle;
 sntl_lg_status_t status;
 sntl_lg_vendor_code_t vendor_code; // put the Vendor Code
 char *current_state; // put the current state (c2v or resultant state or fingerprint).
 char *decoded_current_state; // It will contain the decoded current state
  
 status = sntl_lg_initialize(NULL, &handle);
 if (status)
 {
   // some error occurred.
 }
 // *** Do not forget to initialize the 'current_state' variable with either c2v or resultant state or fingerprint.
 // *** Do not forget to initialize the 'vendor_code' variable with the assigned Vendor Code
 status = sntl_lg_decode_current_state(handle, vendor_code, current_state, &decoded_current_state);
 if (status)
 {
   // some error occurred.
 }
 sntl_lg_free_memory(decoded_current_state);
 sntl_lg_cleanup(&handle); 

Values returned for different categories of HL keys

The table below indicates how the different categories of HL keys are represented in the decoded current state of a given key.

Sample of decoded current state for a HL-NetTime-10 key

NOTE   For SL-AdminMode and SL-UserMode keys, the child tags under configuration_info will be different.

 <?xml version="1.0" encoding="utf-8" ?>
 <sentinel_ldk_info>
    <key>
       <id>1979968305</id>
       <type>HL-NetTime-10</type>
       <update_counter>66</update_counter>
       <vendor>
          <id>37515</id>
          <name/>
       </vendor>
       <configuration_info>          
          <firmware_revision>3.25</firmware_revision>
          <real_time_clock_present>Yes</real_time_clock_present>
          <manufacturing_date>2009-7-12</manufacturing_date>
          <flash_memory_size>No Flash</flash_memory_size>
          <hasphl/>
       </configuration_info>
       <product>
          <id>0</id>
          <name/>
          <feature>
             <id>0</id>
             <name/>
             <license_properties>
                <perpetual/>
                <concurrency>
                  <count>10</count>
                  <count_criteria>Per Station</count_criteria>
                  <network_access>Yes</network_access>
                </concurrency>
                <remote_desktop_access>Yes</remote_desktop_access>
             </license_properties>
          </feature>
       </product>
    </key>
</sentinel_ldk_info>

Return to Top

How to upgrade a Sentinel HL key to the Driverless configuration

You have the option to upgrade a Sentinel HL (HASP configuration) key to a Sentinel HL (Driverless configuration) key at the customer site. Licenses that existed in the HASP configuration key continue to exist in the Driverless configuration key.

For more information on upgrading Sentinel HL keys to Driverless configuration, see the Sentinel LDK Software Protection and Licensing Guide. Also see How to convert a Sentinel HL standalone key to support network licenses.

To upgrade a Sentinel HL (HASP configuration) key to a Sentinel HL (Driverless configuration) key, include the tag <upgrade_to_driverless> in the license definition XML template and set its value to yes.

The <upgrade_to_driverless> tag can be applied for the following enforcement types:

>HL

>HL or SL-AdminMode

>HL or SL-AdminMode or SL-UserMode

The <upgrade_to_driverless> tag is ignored if it occurs in a V2C file for HASP HL keys or Sentinel HL (Driverless configuration) keys. No error message is generated. Similarly, this tag is ignored if it occurs in a V2C file for a SL_Legacy key, SL-AdminMode key, or SL-UserMode key.

You can apply the upgrade operation together with other operations such as the application of new Products and Features, modification or cancellation of existing Features, clear and update of the key, format and update of the key. All these functions will operate as expected.

NOTE    When you upgrade a Sentinel HL key to the Driverless configuration, the Firmware on the key may be upgraded if it is not the latest version. (For more information on firmware updates, see the description of firmware in the Sentinel LDK Release Notes.) This upgrade can be prevented if necessary. However, if you block the upgrade of the Firmware, the key will not be upgraded to the Driverless configuration. For more information, see the relevant example below.

The samples that follow demonstrate how to upgrade a Sentinel HL (HASP configuration) key to a Sentinel HL (Driverless) key.

Sample to upgrade a key (and perform no other actions)

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <upgrade_to_driverless>Yes</upgrade_to_driverless>
</sentinel_ldk:license>

Sample to upgrade a key and add a new Product

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <upgrade_to_driverless>Yes</upgrade_to_driverless>
   <product>
      <id>1700</id>
      <name>HL1700</name>
      <feature>
         <id>1710</id>
         <name>ADD</name>
         <license_properties>
            <perpetual/>
         </license_properties>
      </feature>
   </product>
</sentinel_ldk:license>

Sample to prevent upgrade of the Firmware when upgrading a Sentinel HL key

The following example upgrades a Sentinel HL key to the Driverless configuration only if the key already contains the required version of the Firmware. If the key contains an earlier version of the Firmware, the Firmware is not upgraded and the key is not upgraded to the Driverless configuration. In this case, the function sntl_lg_start() or sntl_lg_apply_template() returns the error SNTL_LG_OLD_FIRMWARE.

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <upgrade_to_driverless auto_fw_update="No">Yes</upgrade_to_driverless>
</sentinel_ldk:license>

Return to Top

How to convert a Sentinel HL standalone key to support network licenses

You have the option to convert an existing standalone Sentinel HL key to serve as a network key. This is accomplished by upgrading the Firmware on the key.

NOTE   Automatic Firmware upgrades described in this section only occur if the existing Firmware on the key does not support the operation that you are attempting to perform.

>For Sentinel HL (Driverless configuration) keys, the conversion is automatic and transparent. To support network functions, the Firmware on the key must be version 4.27 or later. The first time you assign concurrency to a license on the key, the Firmware on the key is automatically upgraded to the latest version, if necessary.

You have the option of preventing automatic Firmware upgrades for the HL key. Use the XML tag <disable_fw_update> as demonstrated below. This prevents Firmware upgrade. However, if the existing Firmware on the key does not support the attributes you are adding to the license, the update operation fails. The function sntl_lg_start() or sntl_lg_apply_template() returns the error SNTL_LG_OLD_FIRMWARE.

>Sentinel HL (HASP configuration) keys do not support network operations. However, you can upgrade the key to Driverless configuration and add network capability in the same update operation. To upgrade to Driverless configuration, include the XML tag <upgrade_to_driverless> (as described here). To add network capability, assign concurrency to a license on the key. The Firmware on the key is automatically upgraded to the latest version (4.27 or later) if necessary. (For more information on automatic firmware updates, see Sentinel LDK Release Notes.)

As described above, you have the option of preventing automatic Firmware upgrades for the HL key with the XML tag <disable_fw_update> set to Yes. Note that if <disable_fw_update> is set to Yes, this overrides the attribute auto_fw_update="Yes".

The sample that follows demonstrates how to do the following:

>Upgrade a Sentinel HL (HASP configuration) key to a Sentinel HL (Driverless) key.

>Add network capability to the key.

>Ensure that the Firmware on the key is not upgraded. (The operation will fail if the existing Firmware is earlier than version 4.27.)

Sample to upgrade a key to Driverless with network capability but prevent upgrade of the firmware

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <disable_fw_update>Yes</disable_fw_update>
   <upgrade_to_driverless>Yes</upgrade_to_driverless>
   <product>
      <id>2000</id>
      <name>Sample Product 2000</name>
      <feature>
         <id>2005</id>
         <name>Sample Feature 2005</name>
         <license_properties>
            <perpetual/> 
            <concurrency>
               <count>34</count>
               <count_criteria>Per Login</count_criteria>
               <network_access>Yes</network_access>
            </concurrency>
         </license_properties>
      </feature>
   </product>
</sentinel_ldk:license>  

Return to Top

How to reset the V-Clock in a protection key

You can reset the V-Clock in an HL, SL-AdminMode, or SL-UserMode key to a specific date and time, or to the date and time from the system clock on the machine where you are generating the V2C file. This may be required, under certain circumstances, to re-enable blocked Features in a license if time-tampering was detected.

NOTE   Before applying a V2C file to reset the V-Clock using the system clock, the user should ensure that the system clock is set to the current date and time.

Sample syntax to reset the V-Clock in a protection key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
    <enforcement_type>HL or SL (AdminMode or UserMode)</enforcement_type>
    <!-- Possible values are "YYYY-MM-DD" OR "YYYY-MM-DDTHH:MM:SS" -->
    <!-- OR "Use System Clock" -->
    <vclock_time>2023-07-31T12:59:59</vclock_time>
</sentinel_ldk:license>

Return to Top

How to set fallback to the V-Clock in a Sentinel HL key with RTC

If the battery for the real-time clock on a Sentinel HL (Driverless configuration) Time or NetTime key is depleted, the key is no longer accepted for time-based licenses.

You can configure a Sentinel HL Time or NetTime key to switch automatically to the V-Clock in the event that the battery becomes depleted. If the real-time clock on the Sentinel HL key stops operating, protected applications, including those with time-based licenses, with continue to run. You can implement fallback to V-Clock as described below.

When the RTC battery becomes depleted and fallback to the V-Clock is activated, V-Clock is automatically enabled for the protection key.

NOTE   After the real-time clock stops working, the Sentinel HL key must be disconnected and reconnected in order to switch over to the V-Clock.

Once you have enabled fallback to V-Clock for a Sentinel HL Time or NetTime key, this functionality can be disabled only if the battery is not yet depleted in the key. If you attempt to disable fallback to V-Clock after the battery is depleted, the update of the fallback parameter will be ignored. Changes to other license terms contained in the same update will be executed.

For more information, see the description of V-Clock in the Sentinel LDK Software Protection and Licensing Guide.

Sample syntax to set fallback to the V-Clock in a Sentinel HL key

<?xml version="1.0" encoding="utf-8"?>
<sentinel_ldk:license schema_version="1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:sentinel_ldk="http://www.safenet-inc.com/sentinelldk">
   <enforcement_type>HL</enforcement_type>
   <upgrade_to_driverless>Yes</upgrade_to_driverless>
   <!-- Valid values for fallback_to_vclock are "Yes" or "No" -->
   <fallback_to_vclock>Yes</fallback_to_vclock>
</sentinel_ldk:license>

If you do not want to enable fallback to the V-Clock for a Sentinel HL key, do not include the fallback_to_vclock tag in the license definition.

You can include the fallback_to_vclock tag with other license parameters. In the example above, the tag is included with the upgrade_to_driverless tag.

The fallback_to_vclock tag is ignored for all keys other than Sentinel HL (Driverless configuration) Time or NetTime keys.

Return to Top

How to generate a Trusted Storage Authorization file

A Trusted Storage Authorization file enables Admin License Manager on a license server machine to work with an external license storage database. Use of this file allows the software vendor to store protection keys for cloud licensing in a database over which they have full control.

You can also generate a Trusted Storage Authorization file using Sentinel LDK-EMS. For details, see Sentinel LDK–EMS Configuration Guide.

Use the procedure below for each Batch Code that will be used for cloud licenses in the external license storage database.

To generate a Trusted Storage Authorization file for a license server machine:

1.On the license server machine hosting an Admin License Manager, use Admin Control Center to generate a fingerprint of the machine.

2.Use Sentinel License Generation API to generate a Trusted Storage Authorization V2C file as described below.

Generating a Trusted Storage Authorization V2C file

Using the fingerprint file generated above, issue a license update with the SNTL_LG_LICENSE_TYPE_VENDOR_AUTHORIZATION license type in the sntl_lg_start() function.

The code snippet below demonstrates how to generate a Trusted Storage Authorization file for the license server machine.

NOTE    To generate the file, a license definition is not required. You only require the current state (fingerprint) from the machine.

Sample syntax to generate a Trusted Storage Authorization file

sntl_lg_handle_t handle;
sntl_lg_status_t status;
sntl_lg_vendor_code_t vendor_code; // put the Vendor Code
char *current_state; // put the current state of the machine.
char *license = NULL;
char *updated_state = NULL;

status = sntl_lg_initialize(NULL, &handle);
if (status)
{ 
   // some error occurred. 
}
// *** Do not forget to initialize the 'current_state' variable with the key's current state
// *** Do not forget to initialize the 'vendor_code' variable with the assigned Vendor Code
status = sntl_lg_start(handle, NULL, vendor_code, SNTL_LG_LICENSE_TYPE_VENDOR_AUTHORIZATION, NULL, current_state);
if (status)
{ 
   // some error occurred. 
} 
status = sntl_lg_generate_license(handle, NULL, &license, &updated_state);
if (status)
{ 
   // some error occurred. 
} 
sntl_lg_free_memory(license);
sntl_lg_free_memory(updated_state);
sntl_lg_cleanup(&handle); 

Return to Top

Related Topics

License Definition Example