Version Enforcement Options
When Sentinel Run-time Environment (referred to as RTE) is required for your protected application, it is always preferable to provide the most recent version of the RTE with the new or upgraded application. However, end users require administrator privileges in order to install or upgrade the RTE on their machines. Therefore, you may prefer to allow end users to continue to use an older version of the RTE when they upgrade to a new version of the protected application.
This section describes the options that are available to you for enforcing or disregarding the requirement for a minimum version of the RTE when the RTE is required for the protected application.
API libraries that are customized for your vendor code are used by Sentinel LDK Envelope and Sentinel Licensing API to protect your applications. These libraries are generated by Thales specifically for your Batch Code. You download these customized vendor libraries using the Master Wizard when you introduce one of your Vendor keys.
The Master Wizard offers you a choice of two types of libraries, each incorporating one of the options described below. The option that you select determines how protected applications interact with the Run-time Environment (the RTE). The available options are:
>Version-restricted option (Recommended for best security and reliability in the protected application)
For protected applications that require the RTE: With the version-restricted option, the applications will require a minimum version of the RTE (the earliest version that contains the latest important security and reliability enhancements). Use of the version-restricted option ensures that end users cannot downgrade to an earlier version of the RTE and that they use a version of the RTE that provides the best quality together with all the latest security and reliability fixes. This restriction applies both for local deployment of the RTE and for deployment of the RTE on a remote license server machine.
For each new release of Sentinel LDK, the required minimum version number is updated only if the RTE for that release contains significant security and reliability enhancements.
For example: The required minimum version of the RTE for applications protected with versions 7.9 through 8.0 of the customized vendor libraries remains as RTE version 7.90, because this version of the RTE contains the latest significant security and reliability enhancements. Later versions of the RTE contain less important enhancements and fixes.
NOTE The version-restricted option is only relevant for the static Licensing API because the user can replace the new version of the dynamic Licensing API with an older version.
For example: Given that the dynamic Licensing API version 8.1 has a security issue. The vendor downloads the version-restricted dynamic Licensing API 8.2 using the Master Wizard, and then releases the new version of the dynamic Licensing API. However, a user can bypass any new security enhancements in the new version if they can obtain the old version of the dynamic Licensing API and replace the new version.
>Version-unrestricted option (For compatibility with all versions of the RTE)
For protected applications that require the Run-time Environment: The applications will not check the version number of the RTE. Applications protected with this option can be used with all versions of the RTE. Select this option only if you want to avoid upgrading the RTE at end user sites. This option simplifies deployment, especially when network license servers are used, but does not guarantee that security and reliability fixes in later RTE versions are employed.
NOTE With either option, users will need to upgrade their RTE if the protected application uses specific functionalities that require a later version of the RTE.
The diagram that follows illustrates how this process operates.