Glossary

The process in which an SL key is locked to a specific computer or a license is burned to an HL key. Following activation, the protected software can be used on the end user's computer according to the activated license.

Licensing element that indicates the number of times that a Feature, which is licensed using Sentinel LDK, can be run.

Standalone License Manager that is implemented as a service in Windows or as a daemon in Mac and Linux Intel/ARM. The Admin License Manager handles communication between the protected application and the protection keys. The Admin License Manager is installed as part of Sentinel Run-time Environment, together with Sentinel Admin Control Center.

See also: License Manager

Advanced Encryption Standard (AES) algorithm that is the basis for the Sentinel LDK encryption and decryption.

Measures that are applied by the Sentinel LDK system to block potential attacks intended to undermine the protection scheme.

Sample applications that utilize the Sentinel Licensing API. A learning tool used for implementing the Sentinel Licensing API.

A protection functionality in Sentinel LDK Envelope that moves the execution of selected code fragments from the protected application to the Sentinel HL (Driverless configuration) key. This enhances the security of the protected application.

When you start to work with a protected application, a license can be automatically detached from the SL key and attached to your machine. The license is valid for the number of hours specified in Admin Control Center. This enables you to continue working even if your machine loses its connection to the SL key.

See also: Detach

Random checks executed by protected applications for a required Sentinel protection key.

Ability to share data or commands with applications protected with earlier versions. Sentinel LDK backward compatibility includes the ability to read and write data, set real-time clocks, and process other ‘legacy' commands.

An original Product that has been created from scratch from which other Products may be created. All Modification Products, Unlocked Products and Cancellation Products are created from Base Products.

Unique character string that represents a Vendor Code. The Batch Code is used in defining Features, Products and orders. It is also used for ordering Sentinel protection keys. With Sentinel HL keys, the code is printed on the Sentinel HL key label.

A program that you create that installs a V2C file containing one or more Unlocked Product licenses, your Vendor libraries and a customized Run-time Environment installer. When this package is installed together with your protected application or applications, the applications are ready for immediate execution; no additional processing is required to activate the licenses. Bundles are useful for installing trialware or for installing software that should be protected but does not have licensing requirements.

Customer-to-Vendor file. This is a file that is sent by the customer to the vendor, containing data about deployed Sentinel protection keys or data about the customer's computer. C2V files can be safely sent using regular email.

See also: V2C file

A Product that cancels the licensing details of another Product. A Cancellation Product can be used to revoke a deployed license, or to remove a license from a specified computer so that it can be transferred to another computer.

A company that partners with you to market and sell your products. Sentinel LDK-EMS enables you to allow your channel partners to access Sentinel LDK-EMS functionality to assist them in servicing their customers.

A Sentinel LDK-EMS user who is associated with a specific channel partner. This type of user can perform a limited range of activities for associated end-user customers.

A cloud-enabled SL AdminMode key (that is, when the SL key was generated, the vendor's Sentinel LDK Master license contained an active Cloud Licensing module). To use a CL key for cloud licensing, licenses must have concurrency enabled.

A licensing scheme that enables end users to access local software with a license hosted in the cloud. Cloud licensing uses identity-based access to give the vendor or the customer granular control over who can access a network seat from a license.

A licensing attribute that allows a single protection key to be used by one or more instances of a protected application running on different computers in a network.

In a Product, concurrency is defined for each Feature license type.

Each instance of the protected application that can be used simultaneously is referred to as a network seat (or a floating license).

Management of the license in the network is controlled using the Sentinel License Manager.

For more information about concurrency, see Specifying the License Terms for Features in a Product.

A Web portal in Sentinel LDK-EMS that can be accessed by customers. This portal is used to activate licenses or to automatically apply updates to the protection keys on the customer's machine.

Indicates that protection can be applied to both Sentinel HL and Sentinel SL keys.

Utility for encrypting and (optionally) licensing data files that are accessed by programs protected by Sentinel LDK Envelope. (Formerly DataHASP)

The process of decrypting data that has been encrypted.

A Feature (with Feature ID "0") that is always available in a Sentinel protection key and can be used to provide copy protection without the need to fulfill a Sentinel LDK license. This feature is always perpetual and cannot be modified to use other licensing terms.

When you protect an application with Envelope, Feature ID 0 is applied by default if you do not choose any other Feature ID for licensing the application. To license a specific Feature, always apply the relevant Feature ID.

If your application will be distributed with Sentinel HL Basic keys, you can use only the default Feature (Feature ID 0) to protect your program.

See DEMOMA.

Batch Code used for evaluation purposes with any Sentinel LDK application. Its corresponding Vendor Code is available in the VendorCodes folder of your Sentinel LDK installation.

Temporarily remove a license from a network pool on a host machine for attachment to a remote recipient machine.

See also: On-demand Detach, Automatic Detach

A special-purpose Sentinel HL key that contains the confidential codes assigned to you by Thales and, optionally, certain Sentinel LDK Master license modules for advanced Sentinel LDK features. The key is used by the software engineers when protecting applications or data files using Sentinel LDK.

Translation of data into a confidential code. To read an encrypted file, you must have the correct encryption engine for decrypting the file.

Encryption engine in a Sentinel protection key—based on the AES algorithm.

Key used with Sentinel Envelope to encrypt a data file.

Number of iterations that the Sentinel Envelope executes with the Sentinel protection key for each interaction.

A request for items to be shipped to a customer. The entitlement specifies one of the following:

>One or more Product licenses to be applied to Sentinel protection keys.

>An update to a protection key, specifying changes to be made to the license terms or data stored in one or more deployed Sentinel protection keys.

See Sentinel LDK Envelope.

Date after which a protected application or Feature stops running.

License Manager that can be provided for each protected application (to replace the Integrated License Manager). Handles communication between the application and the protection key. This License Manager can be upgraded by simply replacing a standalone file.

See also: License Manager

For software applications: An identifiable functionality that can be independently controlled by a license. In Sentinel LDK, a Feature may be an entire application, a module or a specific functionality such as Print, Save or Draw.

For data files: A specific Feature can be assigned to an individual data file or to a collection of data files. This enables the vendor to easily manage the licensing of data files.

Unique identifier for a Sentinel LDK-protected Feature.

See Default Feature.

File mask that is defined in Sentinel LDK Envelope for a protected application. The file filter is used by the protected application do determine which data files should be handled as encrypted files.

An initial period of time (typically 30 to 90 days) or number of executions (typically 30) during which a Product can be used without a Sentinel protection key.

See also: Unlocked Trialware Product

Host-to-Host file. This file is used to rehost (transfer) a protection key from one end user's machine to another end user's machine.

Host-to-Recipient file. This file contains one or more detached Product licenses for temporary attachment to a recipient machine.

Unique identifier for accessing the context of a Sentinel LDK login session.

A legacy term that is used to refer to Sentinel protection keys in the HASP and LDK family of products. This term is used in the following contexts:

> HASP HL keys. Legacy hardware protection keys, now replaced by Sentinel HL keys.

> HASP SL keys. Previous name for the software-based Sentinel SL Legacy keys.

> HASP_ prefix / namespace. Used in the Sentinel Licensing API.

> HASPUserSetup.exe. GUI-based Run-time installer that supports multiple key types (Sentinel HL, HASP HL, HASP4, and Hardlock).

> haspdinst.exe. Command-line based Run-time installer similar to HASPUserSetup.exe.

See Key ID.

License Manager that is integrated into each protected application. Handles communication between the application and the protection key.

See also: License Manager

See Sentinel protection keys.

Unique identification number for a Sentinel protection key.

A logical entity (file or data) that enables the user to access a protected application (or part of it). The digital representation of a license is stored in a Sentinel protection key.

A component of Sentinel LDK that enables the protected application to locate and query the protection key that provides licensing authorization for the protected application to operate.

The following types of License Managers exist: Admin License Manager, Integrated License Manager, External License Manager

Detailed conditions and terms of usage contained in a license.

A set of license terms for a Feature. Each license model defines the conditions that control the use of a Feature in a Product.

A Product that is protected using Sentinel LDK and is locked to a specific machine or HL key. An Unlocked Trialware Product becomes a Locked Product after the customer activates an entitlement for the Product.

Which types of protection keys can be used to license the Product. This determines the level of protection for a Product.

A special-purpose Sentinel HL required for issuing licenses when the vendor works with Sentinel LDK-EMS on-premises or with Sentinel License Generation API. In these cases, the Master key contains the Sentinel LDK Master license. The Master key must be connected to the machine where Sentinel LDK-EMS or the License Generation API runs.

For Sentinel EMS or Sentinel LDK-EMS hosted by Thales, Master key is not required. In this case, Thales recommends that you store the Master key in a secure location to prevent misuse.

Vendor-defined data (for example: passwords, values used by the software) that is specified in memory for a Product and transferred to the Sentinel protection key.

A modified version of an existing Product.

You can manually detach a license from an SL key and attach it to your machine for a specified number of days. This is useful if you want to work with a protected application and expect to be disconnected from your company’s network for an extended period.

See also: Detach

A request for a Product entitlement or protection key updates to be shipped to a customer.

(Written with an uppercase "P") A licensing entity that represents one of a vendor’s marketable software products or data files. The Product is coded into the memory of a Sentinel key and contains one or more Features. License terms are defined for each Feature in a Product.

A string that is generated by Sentinel LDK-EMS and supplied to the end user for use as proof of purchase for Product Activation or Update Activation.

The implementation of an order for Products or protection key updates.

The concept of separation between engineering and business processes, on which Sentinel LDK is designed.

See Sentinel protection keys.

Secure memory that resides within a Sentinel protection key (HL or SL), for use by the protected software. Protection Key memory can be accessed or modified using the Sentinel Licensing API. The memory can be initialized when the key is generated, using data entered when defining the Product or when entering an order for a Product.

File containing update information for deployed Sentinel protection keys.

See also: V2C file

Recipient-to-Host file. This file is used to re-attach a cancelled detachable license to the host machine.

A battery-powered clock that is available in the Sentinel HL Time key and Sentinel HL NetTime key. This clock is independent of the clock in the machine where the key is attached.

See also: V‑Clock (Virtual Clock)

Remote machine to which a license that has been detached from a network pool on a host machine is temporarily attached.

Transfer a Sentinel SL key from one end user computer to another. The rehost process is performed entirely by the end user, with no interaction with the vendor.

Software attacks that are intended to unravel the algorithms and execution flow of a target program by tracing the compiled program to its source code. Sentinel Envelope protection implements contingency measures to repel such attacks and prevent crackers from discovering algorithms used inside protected software.

Sentinel Remote Update System (referred to as RUS) is an executable utility that the vendor can send to their end users to enable secure, remote updating of the license and memory data of Sentinel protection keys after they are deployed. See Sentinel Remote Update System (RUS).

Tool that generates a RUS utility executable that is associated with the vendor's Batch Code and that is optionally branded and customized with additional text.

Standalone tool for applying Envelope protection to Python applications. See also Sentinel LDK Envelope.

Area reserved by Sentinel LDK on a computer’s local hard drive when one or more Sentinel SL protection keys are installed on the computer. The keys are installed in the secure storage area. This area can only be accessed or modified by Sentinel LDK components.

A globally unique identifier of Secure storage on every machine.

API that enables administration of License Managers and Sentinel protection keys. Provides all the functionality that is available in Admin Control Center.

See also: License Manager

Customizable, Web-based, end-user utility that enables centralized administration of Admin License Managers and Sentinel protection keys.

See also: License Manager,Admin License Manager

Role-based application used to generate licenses and lock them to Sentinel protection keys, write specific data to the memory of a Sentinel protection key, and update licenses already deployed in the field. Sentinel LDK-EMS is installed as a service (Sentinel LDK-EMS Service) under Windows.

Computer on which Sentinel LDK-EMS is installed and the Sentinel LDK-EMS Service is active.

The hardware-based protection and licensing component of Sentinel LDK. One of the Sentinel protection key types.

Standard Sentinel HL local key that is used to protect software, and: has a perpetual license. This key:

>does not have any memory functionality.

>does not support concurrency or remote desktops.

>does not support V‑Clock.

Any Sentinel HL key that supports concurrency. This includes the following keys:

>Sentinel HL Net key

>Sentinel HL NetTime key

>Any Sentinel HL (Driverless configuration) key except for Sentinel HL Basic keys

Type of Sentinel HL key that does not require the Run-time Environment in order to protect an application or data file on a Windows machine.

Type of Sentinel HL key that is fully compatible with protected applications that require the older HASP HL keys.

Sentinel LDK-EMS hosted and managed by Thales. (This can be used instead of a local, on-premises Sentinel LDK-EMS installation.)

Kit containing software, hardware and documentation for evaluating the Sentinel LDK system.

Application that wraps an application in a protective shield, ensuring that the protected application cannot run unless a specified Sentinel protection key is accessible by the program.

System component that enables communication between a Sentinel protection key and a protected application or data file. The Run-time Environment also contains Sentinel Admin Control Center.

GUI application designed to facilitate software engineers’ use of various Sentinel LDK APIs and to generate source code.

See License Manager.

Interface for inserting calls to a Sentinel protection key

The license issued to you by Thales to work with Sentinel LDK. The Sentinel LDK Master license contain the modules that you purchased or subscribed to, as well as other license components. The Master license resides in your instance of Sentinel LDK-EMS hosted by Thales. If you installed Sentinel LDK-EMS on premises, your Master license resides in your Master key.

Sentinel HL keys and Sentinel SL keys.

Utility that enables licenses in deployed Sentinel protection keys to be securely, remotely updated, or the contents of the keys to be modified.

See also: C2V file, V2C file

The software-based protection and licensing component of Sentinel LDK—a virtual Sentinel HL key.

The Master key and Developer key that contain your unique and private Vendor Codes. These keys enable you to apply protection to your programs, to program the Sentinel protection keys that you send to your end users, and to specify the license terms under which your software can be used.

Error or status message returned by the Thales system.

Software or data files that can be distributed with an integrated Sentinel protection key for end-user evaluation during a limited time period.

See also: Unlocked Trialware Product

A license that does not lock a protected entity (application or data file) to a specific machine and does not necessarily impose any licensing restrictions on the use of the protected entity. The protected entity can be installed on any number of machines.

The vendor creates an unlocked product from a base product. The vendor can use Sentinel LDK to protect the entity, and can either use a different mechanism to license the entity or can impose no license restrictions on the entity.

A Product that is distributed with an Unlocked license. Unlocked Products are created from Base Products.

A Product that can be distributed as trialware, or during a grace period. Unlocked trialware Products are not locked to a specific machine and do not require activation for a limited period. Unlocked trialware Products typically have a duration of 30 to 90 days or 30 executions. This period can be set to begin either from the date of first use of the application or from the date that the license was generated. (The Unlocked trialware Product was formerly referred to as a provisional Product.)

A Product that does not lock a protected application to a specific machine and does not necessarily impose any licensing restrictions on the use of the protected application. The Product can be granted a perpetual license or can be limited to any length of time that you choose. This enables the vendor to use Sentinel LDK to protect the application, but use a different mechanism to license the application (or impose no license restrictions on the application).

Coordinated Universal Time—the standard time common to every place in the world.

Virtual clock that is available in Sentinel SL keys and Sentinel HL (Driverless configuration) keys.

See also: Real-time Clock (RTC)

Vendor-to-Customer file. This file is sent by the vendor to a customer. This file is generated either by Sentinel LDK-EMS or by other Sentinel LDK vendor tools. The file contains data to create or update a Sentinel protection key on the end user's computer. This data can include detailed changes to the license terms or data to be stored in the end users' Sentinel protection keys. V2C files can be safely sent using regular email. The naming convention for V2C files can be modified in Sentinel LDK-EMS.

See also: C2V file

Vendor-to-Customer package file. This file is generated only by Sentinel LDK-EMS. This file contains one or more V2C updates to a Sentinel protection key on the end user's computer. A V2CP file contains multiple V2C updates if Sentinel LDK-EMS determines that V2C transactions are pending at the time that it issues a new V2C transaction. The License Manager breaks down a V2CP file to its component V2C files and then applies each update in sequence. V2CP files can be safely sent using regular email.

See also: V2C file

A unique vendor-specific code that enables access to the vendor's Sentinel protection keys.

A unique number that is associated with a given Vendor Code and Batch Code.

Vendor-specific API libraries. These libraries are built and customized on Thales servers. In this process, the libraries are customized differently for every vendor. These libraries are downloaded when you introduce one of your Vendor keys.