New Features, Enhancements, and Changes

>Release: 10.3  

NOTE   If you are upgrading from a version of Sentinel LDK that is earlier than 10.2, be sure to review the release notes for all intervening versions. Significant enhancements and changes are introduced in each version of Sentinel LDK. Download a ZIP file that contains all Sentinel LDK release notes to see the changes.

Release: 10.3  

>Ability to Configure LDK REST API Session Timeout Using KeepAliveTimeout

>Custom Clone Protection Scheme with Custom Fingerprint Library

>License Revocation by End Users (Client-Side)

>Envelope Plus for Windows Applications

>Java Resource Protection for Windows

>Improved Performance for .NET Method-Level Protection

>IPv6 Link-Local Address Support

>Static Build Requirement for Linux Systems with Older glibc Versions

Ability to Configure LDK REST API Session Timeout Using KeepAliveTimeout

REST API session duration can now be configured using the KeepAliveTimeout parameter in Sentinel License Manager.

This enhancement enables vendors to reserve a license seat for client applications that use the REST API for a defined period of time without requiring the client to refresh the logged-in session.

The session timeout can be specified as part of the REST API login request, allowing the seat to remain reserved for the client for the configured period. The minimum timeout is 900 seconds (15 minutes, default), and the maximum timeout is 9,000,000 seconds.

Custom Clone Protection Scheme with Custom Fingerprint Library

The Custom Fingerprint Library enhances Sentinel LDK clone protection by allowing you to add proprietary identifiers to the standard Sentinel LDK fingerprint. You can configure a custom clone protection scheme that uses vendor-defined identifiers for both physical and virtual machines. This requires the vendor to implement logic in the custom fingerprint library to retrieve and return the data for those proprietary identifiers whenever the Sentinel LDK runtime requests fingerprint information. This enhancement provides greater flexibility for hardware-based or environment-based license locking scenarios.

During fingerprint generation, the library collects vendor-defined identifiers and includes them in the system fingerprint. During runtime validation, Sentinel License Manager compares the generated fingerprint with the reference fingerprint stored in the license. This process improves machine identification accuracy and strengthens clone protection. A maximum of two custom fingerprint identifiers per machine can be included as part of clone detection.

For details on using the custom fingerprint library, see the Sentinel LDK Software Protection and Licensing Guide.

For details on how to configure and apply a custom clone protection scheme for your product, see the Sentinel LDK ToolBox User Guide.

For details on using the Fingerprint Generator API to input a custom identifier value and generate the fingerprint, see the Sentinel LDK Software Protection and Licensing Guide.

License Revocation by End Users (Client-Side)

Sentinel LDK now supports client-side license revocation for Sentinel SL AdminMode keys and Sentinel SL UserMode keys, enabling end users to revoke licenses directly from the machine where they are installed. This enhancement allows end users to return unused licenses or rehost them to a different machine without vendor intervention. Vendors can provide a custom revocation tool built using the Transfer API, offering flexibility in how revocation is initiated.

The process includes generating a C2V file on the client machine and synchronizing it with Sentinel EMS through the Customer Portal. Upon validation, Sentinel EMS recredits the license capacity, making it available for reuse or reassignment.

For more details, see the Sentinel LDK Software Protection and Licensing Guide.

For more details on the Customer Portal, see the Guide to the Sentinel EMS Customer Portal.

Envelope Plus for Windows Applications

Envelope Plus is an add-on option for Sentinel LDK Envelope that provides advanced code obfuscation, anti-tamper protection, and anti-trace protection for native 32-bit and 64-bit Windows applications. Envelope Plus identifies functions in the application and enables selection of the functions to protect, with no source code changes or build process modifications required. After selection, the functions are lifted from the binary, additional protection is applied, and the functions are then recompiled and embedded back into the original application.

In this release, Envelope Plus is available for evaluation in demo mode. To unlock full functionality, contact your Thales customer representative to request a full evaluation or a subscription license.

For more details, see the Sentinel LDK Envelope for Windows Guide.

Java Resource Protection for Windows

Sentinel LDK Envelope now supports the protection of Java resource files inside JAR applications on Windows, enabling encryption-based protection for non-class resource files within Java JAR applications. This enhancement encrypts sensitive assets such as configuration files, embedded JAR files, and property files.

For more details, see the Sentinel LDK Envelope for Windows Guide.

Improved Performance for .NET Method-Level Protection

Runtime performance is improved for applications that use .NET method-level protection, reducing execution overhead.

IPv6 Link-Local Address Support

IPv6 link-local addresses are now supported when specifying machines for remote Sentinel License Managers, providing compatibility with modern network environments.

Static Build Requirement for Linux Systems with Older glibc Versions

Starting with Sentinel LDK 10.3, when building a client application in static mode on Linux systems that use glibc versions earlier than 2.34, you must explicitly include the -ldl flag during the build process.