Selecting the Version-Enforcement Option

API libraries that are customized for your Batch Code are used by Sentinel LDK Envelope and Sentinel Licensing API to protect your applications. These libraries are generated by Thales specifically for your Batch Code. You download these customized vendor libraries using the Master Wizard when you introduce your Vendor keys.

The Master Wizard offers you a choice of two types of libraries, each incorporating one of the options described below. The option that you select determines how protected applications interact with the Run-time Environment (the RTE). The available options are:

>Version-restricted option (Recommended for best security and reliability in the protected application)

For protected applications that require the RTE: With the version-restricted option, the applications will require a minimum version of the RTE (the earliest version that contains the latest important security and reliability enhancements). Use of the version-restricted option ensures that end users cannot downgrade to an earlier version of the RTE and that they use a version of the RTE that provides the best quality together with all the latest security and reliability fixes. This restriction applies both for local deployment of the RTE and for deployment of the RTE on a remote license server machine.

For each new release of Sentinel LDK, the required minimum version number is updated only if the RTE for that release contains significant security and reliability enhancements.

Example: The required minimum version of the RTE for applications protected with versions 7.9 through 8.0 of the customized vendor libraries remains as RTE version 7.90, because this version of the RTE contains the latest significant security and reliability enhancements. Later versions of the RTE contain less important enhancements and fixes.

NOTE   The version-restricted option is only relevant for the static Licensing API because the user can replace the new version of the dynamic Licensing API with an older version.

Example: Given that the dynamic Licensing API version 8.1 has a security issue. The vendor downloads the version-restricted dynamic Licensing API 8.2 using the Master Wizard, and then releases the new version of the dynamic Licensing API. However, a user can bypass any new security enhancements in the new version if they can obtain the old version of the dynamic Licensing API and replace the new version.

>Version-unrestricted option (For compatibility with all versions of the RTE)

For protected applications that require the Run-time Environment: The applications will not check the version number of the RTE. Applications protected with this option can be used with all versions of the RTE. Select this option only if you want to avoid upgrading the RTE at end user sites. This option simplifies deployment, especially when network license servers are used, but does not guarantee that security and reliability fixes in later RTE versions are employed.

NOTE   With either option, users will need to upgrade their RTE if the protected application uses specific functionalities that require a later version of the RTE.

The diagram that follows illustrates how this process operates.

For more information, see “Required Version of the Run-time Environment” in the Sentinel LDK Software Protection and Licensing Guide.