Overview
The material contained in a data file can represent a significant investment in time, effort, and money. For example, a data file may contain valuable text-based, audio, or video courseware for a training program.
Sentinel LDK provides you with a Data Protection facility to encrypt and (optionally) add licensing protection to the contents of data files, similar to the licensing protection that is available for software applications.
The Data Protection facility consists of the following components:
>Sentinel LDK Data Protection utility
This utility is used to protect data files that will be delivered together with a protected application or as separate files. The utility can be invoked from within Envelope (under Windows and Mac) or as a standalone application. The utility does the following:
•The utility encrypts the data file. Once encrypted, the file can only be accessed by one of the modules described below.
•The utility optionally assigns a Feature ID to the data file. If this is done, the data file can only be accessed if an appropriate protection key is available.
The utility is available as a GUI-based application (for Windows and Mac) or as the command-line utility dfcrypt (for Windows and Linux).
This module is (optionally) inserted into the protected application by Sentinel LDK Envelope. This enables the protected application to access the data in a protected data file. If the data file has been protected using the Version 2 protection mode (described below), the data file can only be accessed if an appropriate protection key is available.
The Data File Protection module can only be inserted into a protected executable file or DLL file. The module cannot be inserted into any other library file.
A protected application with the Data File Protection module can work with both protected data files and regular data files.
Both the Sentinel LDK Data Protection utility and the Data File Protection module provide two distinct modes of operation:
>Version 1 (previously DataHASP)
In this mode, data files that are created by or accessed by a protected application can be encrypted and decrypted by the Data File Protection module in the protected application. However, there are no specific license requirements to access the data files.
If you want to deliver data files together with the protected application, you can use the Sentinel LDK Data Protection utility to encrypt these files.
The protected data files that can be accessed by a protected application are managed by setting up the following controls in Sentinel LDK Envelope:
•Data filters - File masks that set rules to determine the names and file types of protected files that the protected application can access.
•Data encryption key - An eight-character key used to add an extra layer of encryption for protected data files. The same key must be provided in Sentinel LDK Envelope for each protected application that will access a given protected data file or collection of protected data files. This key is also used by the Data Protection utility to encrypt the data files.
Version 1 is supported for data files to be accessed under Windows, .NET (Windows shell), or Mac.
In this mode, you can both encrypt and license data files with the Sentinel LDK Data Protection utility. Each data file or group of data files is assigned a specific Feature ID. To access the data file, the end user requires a protection key with a license for the relevant Feature ID. By distributing the relevant Feature IDs among various Products, you can easily manage the licensing of a large collection of data files.
This mode is especially suited for educational data and courseware. Data files protected in this mode are protected against video capture software that runs on the machine where the user is viewing the protected video file.
The data file can be accessed and modified by a protected application with the Data File Protection module (Version 2). The application and the data file must be protected with the same Batch Code.
With Version 2 mode, the protected application cannot create a new protected data file. However, you can manually create an empty data file, protect it with the Sentinel LDK Data Protection utility, and deliver the file together with the protected application. The protected application can add content to the protected data file.
NOTE Under Linux, files protected with Version 2 data protection mode are read-only.
For protected data files that are accessed using a protected application, the locking type for the data files is identical to the locking type for the application.
Version 2 is supported for data files to be accessed under Windows, .NET (Windows shell), or Linux (Intel or ARM).