Summary of Clone Protection Schemes

Several schemes exist in Sentinel LDK to create fingerprints for physical and virtual machines. These schemes provide different levels of protection to satisfy the various sets of requirements that may exist in your organization.

The lists below summarizes the various clone protection schemes available. A more detailed description of each clone protection scheme is provided later in this appendix.

Summary of Schemes for Physical Machines

>Platform Default: Instructs Sentinel LDK to automatically apply the most appropriate clone protection scheme for each end user based on various parameters. For details, see Using the "Platform Default" Scheme.

>PMType1: Uses two components to verify fingerprints: hard drive serial number and motherboard ID. For details, see PMType1 Scheme.

>PMType2: Uses various components such as CPU, ethernet card, optical drive, and PCI card slot peripherals, along with the hard drive serial number and motherboard ID to verify fingerprints. This scheme provides enhanced reliability against false positive clone detection and maintains the inherent security of the scheme. For details, see PMType2 Scheme.

>PMType3: For Android applications. Uses three components to verify fingerprints: CPU model, CPU serial number, and internal storage serial number. For details, see PMType3 Scheme.

>PMType4: For Android applications. Uses up to five components to verify fingerprints. Additionally, this scheme allows the end user to uninstall and reinstall the protected application in many instances without vendor assistance. For details, see PMType4 Scheme.

>FQDN: Uses only the machine’s FQDN (Fully Qualified Domain Name) to verify fingerprints. For details, see FQDN Scheme.

NOTE   On MAC machines, FQDN licenses are bound to LocalHostName, and the value of LocalHostName should not be empty.

>Custom: You can define your own clone protection scheme that includes criteria that you select from a list. You also specify the minimum number of the selected criteria that must match when validating the license. For details, see Custom Scheme.

Summary of Schemes for Virtual Machines

>Platform Default: Instructs Sentinel LDK to automatically apply the most appropriate clone protection scheme for each end user based on various parameters. For details, see Using the "Platform Default" Scheme.

>VMType1: Uses three components to verify fingerprints: Virtual MAC address, CPU characteristics, and UUID. For details, see VMType1 Scheme.

>VMType2: Uses four components to verify fingerprints: Virtual MAC address, CPU characteristics, UUID, and Snapshot Rollback Detection. This scheme has additional restrictions that are described in Clone Detection for Virtual Machines. This scheme prevents attacks (again a protected application) that are based on virtual machine rollback snapshots. For details, see VMType2 Scheme.

>VMType3: Provides strong and reliable clone protection for cloud computing services such as Amazon EC2 and the Microsoft Azure virtualization platform. For details, see VMType3 Scheme.

>VMType4: Provides strong and reliable clone protection for Docker containers. For details, see VMType4 Scheme.

>FQDN: Uses the machine’s FQDN (Fully Qualified Domain Name) to verify fingerprints. This scheme provides increased reliability and provides flexibility of operation in a server virtualization environment. For details, see FQDN Scheme.

>Custom: You can define your own clone protection scheme that includes criteria that you select from a list. You also specify the minimum number of the selected criteria that must match when validating the license. For details, see Custom Scheme.