Functional Differences Between HL, SL, and CL
This section describes the differences in functionality and benefits that are provided by HL (hardware licensing), SL (software licensing), and CL (SL with cloud licensing).
License Activation by User
| HL | The licenses on HL keys are available for immediate use. Once the HL key is connected to a machine, the protected application can be run. No Internet connection is required. |
| SL |
For online activation, requires Internet connection. For offline activation, requires exchange of files by email |
| CL |
No activation required on the user machine |
License Delivery
| HL |
Requires delivery of a physical HL key, with possible delays due to customs issues. |
| SL |
A product key for activating the license for a protected application can be delivered immediately to the customer by email or other means. Once the customer receives the product key, they can activate the license for the application online in a matter of seconds. |
| CL |
An identity string for running the protected application can be delivered immediately to the end user by email or other means. |
Rehosting
| HL |
An HL license can be moved to a different machine simply by reconnecting the HL key to the required target machine. |
| SL |
An SL license can be rehosted using the RUS tool (customized using Sentinel LDK-EMS) or calls to the Sentinel Licensing API. |
| CL | Rehosting keys from one machine to another is normally not needed with cloud licensing. |
AppOnChip Protection
| HL |
AppOnChip provide a very high level of protection against reverse-engineering of your application. |
| SL |
Not available |
| CL |
Not available |
| HL |
Provides expanded memory and ease-of-use. |
| SL |
Supported. |
| CL |
Supported. |
Real-Time Clock
| HL |
The HL Time key and HL NetTime key provide a tamper-proof real-time clock. Regular HID keys provide the V-Clock (a virtual clock). Note: V-Clock does not provide the same level of control as the real-time clock in HL Time keys and HL NetTime keys. However, V-Clock prevents the end user from setting the system time back to an earlier date and time. |
| SL |
SL keys provide the V-Clock (a virtual clock). |
| CL |
Cloud-enabled SL keys provide the V-Clock (a virtual clock). If detach is not enabled, the time source remains the remote vendor-hosted server, where the system clock is not exposed to user tampering. |
microSD Storage
| HL |
Both your software and the license can be stored on a Sentinel HL Drive microSD key, providing maximum mobility. The Sentinel HL Drive key contains up to 64 GB of flash memory on a microSD card in addition to the license data memory, enabling all of your software to reside on the key. This method is applicable for software that can be run from an external key without necessitating installation on a hard disk. |
| SL |
Not available. |
| CL |
Not available. |
Network License Detaching
| HL | Not available. |
| SL |
While both HL and SL licenses support network seats (concurrency), only SL licenses support detaching a network seat from a license. This enables a user to temporarily move a license from their company network to their local machine. This is useful, for example, if the user wants to work with the protected application offline or if the network connection is unreliable. |
| CL |
Cloud-enabled SL licenses support detaching multiple network seats from a license. This enables customers to set up second-level license servers in their networks. |
Tamper Protection (Key Disabling)
| HL |
Your protected application can be configured to automatically disable the HL key used for licensing in the event that attempted tampering with the key is detected. This provides an additional layer of protection by discouraging attempts to bypass the licensing and protection for the application. |
| SL |
Not available. |
| CL |
Key disabling is available. |
Additional Security Considerations
| HL |
The protection provided by Envelope can be enhanced by the use of AppOnChip to further encrypt the most mission-critical algorithms in your applications. |
| SL | The current generation of Sentinel SL key provide significant security against the misuse of protected applications. |
| CL | Cloud licensing provides an added level of protection for SL keys by enabling you to retain the SL keys within your own license server and, thus, out of the reach of any software crackers. |
Benefits of Cloud Licensing
Sentinel LDK provides an alternative for SL-based licensing called cloud licensing. This model is based on software-based protection keys, but it provides an extension to the traditional model. The cloud licensing model provides a simpler mechanism, both for you (the vendor) and for the end user, for distributing and managing licenses.
Using this licensing model, you generate an SL key that supports cloud licensing for each customer organization. The SL key is installed on a license server machine (with Internet access) that is controlled by you. You install an SL license with concurrency for each application that the customer is authorized to use.
For more information, see Sentinel LDK Software Protection and Licensing Guide.
Cloud licensing provides the following benefits:
>No need for end user to activate licenses
Each end user receives a unique "client identity" that they install on their machine. Once they install the client identity, they can immediately start to use the protected application. There is no requirement to activate a license or submit a device fingerprint to you.
>Real-Time control over client identities
You can immediately deploy licenses to a cloud-based license server. They can issue and distribute client identitiesto end users or to the customers' organizations for distribution to end users. Creation or disabling of client identities are effective immediately.
>Support of any cloud environment
You can deploy their license servers to any cloud infrastructure, such as AWS, MS Azure, GCP, AliCloud, or their own cloud infrastructure.
Users can easily switch between machines without the manual steps involved with detaching an SL key.
>High security
Cloud licensing provides a high level of security because the SL license is hosted on your license server (either in-house or in a cloud environment controlled by you), out of the reach of crackers.
Client application can run in a VM, Docker, or on users' machines, and consume the remote cloud license. There is no way for users to change the license (since the license is hosted on a server that software crackers cannot access) or to benefit from spoofing their client VM identifiers.
Cloud license provides secure licensing for applications hosted in VMs by untrusted customers. Users can spoof VM identifiers, but these are not used to lock the license (which is consumed from a remote cloud server).
In contrast, if an SL license is hosted by the customer, they can revert the machine to a previous state or, in the case of VMs, they can spoof identifiers.
>Cloud licensing server hosted by Thales
Thales offers a solution called Sentinel LDK CL Service. This is a hosted cloud licensing service for vendors who use Sentinel LDK and who subscribe to Sentinel EMS. When you subscribe to Sentinel LDK CL Service, Thales provides a high-availability license manager to serve cloud licenses to your customers, thus facilitating uninterrupted access to the cloud licenses that you push to the server.
Cloud licensing gives you the option of allowing customers to set up a second level of license servers to provide greater control over the distribution of network seats within an organization and to minimize the overhead of license administration.