Disabling HL Keys When Tampering Is Detected

A native Windows application that is protected with Sentinel LDK Envelope and licensed with a Sentinel HL (Driverless configuration) key can provide protection against tampering. The Envelope run-time module in the application can disable the key if the module determines that the user has attempted to tamper with the key or with the protected application. Once the key is disabled, the protected application will no longer execute. The application will fail or will display an error message, depending on the type of tampering detected.

If the customer's HL key has a Firmware version earlier than 4.54, key disabling is not supported. If tampering is detected, the protected application will fail or will continue to operate, depending on the type of tampering detected. In either case, the customer can continue to use the application afterward.

In Sentinel LDK Envelope, tamper detection functionality can be enabled in a protected application by selecting the parameter Disable key for attempted tampering in the Protection Settings screen.

The "disabled" state of a key can be determined at the customer site by the get_info function in Sentinel Licensing API and can be viewed in Sentinel Admin Control Center.

You have the option to re-enable a disabled HL key. Obtain a C2V file from the customer and do one of the following:

  • Check the C2V file into Sentinel EMS. Click the Enable key function to generate a V2CP (vendor-to-customer package) file. This file will contain all pending V2C license updates from Sentinel EMS for the HL key, including a special V2C that re-enables the key. Your customer can apply this file in the same manner that any V2C file is applied.

    If you want to determine the reason that the Sentinel HL key was disabled, send the reason code displayed when you checked in the C2V file to Thales Technical Support.

  • Use the C2V file in Sentinel License Generation API to generate a license update with the SNTL_LG_LICENSE_TYPE_CLEAR_DISABLED_STATE license type. Your customer can apply the resulting V2C file to re-enable the key.

    To determine the reason that the Sentinel HL key was disabled, decode the C2V file and send the displayed reason code to Thales Technical Support.

The "disabled" state of the key does not affect your ability to send license updates to the key. Any updates that were applied to the key before or after the key was disabled will be in force if you re-enable the key.

Tamper detection functionality is not supported for the DEMOMA Batch Code.