Disabling Protection Keys When Tampering Is Detected
NOTE Tamper detection functionality is not supported for the DEMOMA Batch Code.
A native Windows application that is protected with Sentinel LDK Envelope can provide protection against tampering when licensed with one of the following keys:
>Sentinel HL (Driverless configuration) key with firmware version 4.54 or later.
>Sentinel CL key (Sentinel LDK Run-time Environment 8.51 or later is required on the user's machine)
The Envelope run-time module in the application can disable the key if the module determines that the user has attempted to tamper with the key or with the protected application. Once the key is disabled, the protected application will no longer execute. The application will fail or will display an error message, depending on the type of tampering detected.
In Sentinel LDK Envelope, tamper detection functionality can be enabled in a protected application by selecting the parameter Disable key for attempted tampering in the Protection Settings screen.
The "disabled" state of a key can be determined at the customer site by the get_info function in Sentinel Licensing API and can be viewed in Sentinel Admin Control Center.
You have the option to re-enable a disabled key. Obtain a C2V file from the customer and do
>Check the C2V file into Sentinel LDK-EMS. Click the Enable key function to generate a V2CP (vendor-to-customer package) file. This file will contain all pending V2C license updates from Sentinel LDK-EMS for the key, including a special V2C that re-enables the key. You or your customer can apply this file in the same manner that any V2C file is applied.
If you want to determine the reason that the key was disabled, send the reason code displayed when you checked in the C2V file to Thales Technical Support.
>Use the C2V file in Sentinel License Generation API to generate a license update with SNTL_LG_LICENSE_TYPE_CLEAR_DISABLED_STATE. Your customer can apply the resulting V2C file to re-enable the key.
To determine the reason that the key was disabled, decode the C2V file and send the displayed reason code to Thales Technical Support.
The "disabled" state of the key does not affect your ability to send license updates to the key. Any updates that were applied to the key before or after the key was disabled will be in force if you re-enable the key.