New Features, Enhancements, and Changes
NOTE If you are upgrading from a version of Sentinel LDK that is earlier than 9.0, be sure to review the release notes for all intervening versions. Significant enhancements and changes are introduced in each version of Sentinel LDK. Download a ZIP file that contains all Sentinel LDK release notes to see the changes.
Service Pack: 10.0.200
>Licensing API Now Supports Detaching a License to an SL UserMode Key
>A Detached License for Cloud Licensing Can Now Be Limited to One Machine
>A Cloud License Can Now Support Multiple Sessions for an Identity on Multiple Machines
>The License Manager Access and Error Log Files Now Support JSON Format
>Sentinel Licensing API Now Supports Alpine Linux
>User-Based Licensing Now Supports an Embedded Browser
>Enhancements and Changes for Sentinel LDK Envelope
Licensing API Now Supports Detaching a License to an SL UserMode Key
You can now use the native Sentinel Licensing API to detach a license from an SL AdminMode key or CL key to an SL UserMode key. As a result:
>A license can be detached for a UBL user.
>A license can be detached from a SL AdminMode key on a local network or from a Thales-hosted or vendor-hosted cloud license.
>A license can be detached to any of the following platforms: Linux Docker, Linux, Windows
>The machine to which a license is detached does not require the Run-time Environment.
>Both auto-detach and on-demand detach are supported.
To use the detached license under these circumstances, an application must be protected using a vendor-specific API version 10.13 or later.
NOTE To enable an application protected with Envelope to run using an SL UserMode key that was automatically detached, the following limitation applies: When protecting the application, the LOCKING_TYPE protection parameter must be set to HL or SL (AdminMode or UserMode) . (The default setting for this parameter is HL or SL-AdminMode.)
For details, see Sentinel Licensing API C Reference.
A Detached License for Cloud Licensing Can Now Be Limited to One Machine
By default, a license that is detached automatically from a cloud license on a vendor-hosted license server is now be limited to usage on a single machine.
You can remove this limitation by changing a configuration parameter in the INI file for the License Manager service. For details, see Sentinel Admin API C Reference.
A Cloud License Can Now Support Multiple Sessions for an Identity on Multiple Machines
A cloud license consumed by an identity can be shared by multiple sessions on multiple machines. This enables, for example, multiple Docker containers on a given machine or on multiple machines to use the same identity.
You can configure the License Manager service (LMS) hosted in trusted storage to allow multiple machines to log in to the cloud-enabled SL key using a single identity. For details, see Sentinel Admin API C Reference.
The License Manager Access and Error Log Files Now Support JSON Format
You can now configure Admin License Manager to generate log messages in JSON format. This can be configured by assigning the value 1 to the parameter jsonlog in the License Manager configuration file. For example:
jsonlog = 1
Sentinel Licensing API Now Supports Alpine Linux
Sentinel Licensing API is now compatible with software that uses Docker and Alpine Linux on Linux Intel x86_64 platform.
User-Based Licensing Now Supports an Embedded Browser
For user-based (cloud) licensing, the Sentinel LDK Authentication Runtime can now be configured to use an embedded browser.
For details, see Sentinel LDK Software Protection and Licensing Guide for Sentinel EMS.
Enhancements and Changes for Sentinel LDK Envelope
Sentinel LDK Envelope has been modified as described below:
>Script Envelope for Python applications (under Windows or Linux) now supports protecting model files for Pytorch and TensorFlow models.
>Sentinel LDK Envelope Now Builds a Protected Runtime and LDK Licensing API.
The V3 protection engine used in Sentinel LDK Envelope for Windows now contains a dynamic runtime that embeds a secured version of Sentinel LDK Licensing API. As a result, the security of the licensing check at runtime has been significantly enhanced.
NOTE The first time that a developer performs the protection process for a given Batch Code on their machine, the new dynamic runtime is compiled from bitcode. This procedure adds 2 to 4 minutes to the protection process. Once compiled, the dynamic runtime is cached on the developer's machine. The compilation process is only repeated once for each Batch code and for each new version of Sentinel LDK Envelope.
>The V3 protection engine used in Sentinel LDK Envelope for Windows now supports Periodic Background Checks and Allow grace period after failed checks.
>When using Java method-level protection and background checks, Envelope now supports JDK 20 and JDK 21.
>Sentinel LDK Envelope now supports protecting applications for .NET 9.
Service Pack: 10.0.100
Support for Usage Data Collection
Usage data collection refers to the information collected about how users interact with your applications or services and is supported only for vendors who are working with cloud licensing and Sentinel LDK CL Service.
The applications or services must be licensed using Sentinel LDK cloud licensing and hosted by Thales. The usage data, which is retrieved from client devices, provides valuable information that often cannot be retrieved in any other way.
Your organization might collect usage data for many reasons, such as to:
>Gain insight into how end users use your applications and services.
>Identify upsell opportunities. For example:
•If the limit of network seats is reached frequently, that might indicate that your customer needs more seats.
•If a license based on the Time from First Use License Model is about to expire, you can contact users to extend the license.
>Identify churn risks. For example, if users do not use a particular licensed feature, they might consider the possibility of downgrading or canceling the license. For your organization, this might be an opportunity to offer training or highlight the benefits of that feature.
>Make informed decisions based on business intelligence. For example, your organization might want to determine which features are not used, so that you can phase them out over time to save resources and enable your organization to focus on more valuable features.
>Determine postpaid billing charges. Usage data can identify how many times specific features or concurrent process were used and for how long.
By creating data export reports and exporting the raw data using an application such as Microsoft PowerBI, you can analyze the usage data to help you make informed decisions
NOTE Usage data collection is currently available as a technology preview. In the next Sentinel LDK release, the design and functionality may change. As a result, certain data that is collected using the current version may not be accessible in the next version.
Copying usage data between environments (Dev, Stage or Production) is not supported.
We encourage you to contact your Thales representative and provide your feedback about the preview release so that we can consider it for upcoming releases.
For more information, see Sentinel LDK Software Protection and Licensing Guide.
Release: 10.0
>Support for User-Based Licensing
>Enhancement to the VMType3 Clone Protection Scheme
>Windows Shell-Protection Support for DLL Assemblies
>Sentinel LDK Envelope Creates OMAP Files for Use with LDK Exception Report Translator
>Enhanced Envelope Protection for Python Applications Under Linux
>Enhancements to the LoginScope Function in Sentinel Licensing API
>Added Support for HTTPS Protocol
>Enhancements and Changes for Sentinel LDK Envelope
Support for User-Based Licensing
Sentinel LDK now supports user-based licensing as part of its cloud licensing solution.
With user-based licensing, you provide login credentials to end users rather than installing client identities or product keys on their machines. A user can install protected applications on any machine and run the applications for which they are authorized by simply using the login credentials that you provide.
Using user-based licensing, there is no need to change your user management solution. You can use the Sentinel EMS Identity Provider service or your identity provider to manage user accounts.
The following limitations for user-based licensing apply in the current release:
>User-based licensing is supported for applications that run on Windows or Linux platforms.
> To implement user-based licensing, you must subscribe to Sentinel LDK CL service for hosting your cloud licenses.
>Detach of licenses is not supported.
For details, see Sentinel LDK Software Protection and Licensing Guide.
Enhancement to the VMType3 Clone Protection Scheme
The VMType3 clone protection scheme is now supported for the SL User Mode enforcement type for Linux platforms.
Windows Shell-Protection Support for DLL Assemblies
The V3 protection engine for Sentinel LDK Envelope has been enhanced as follows for .NET applications:
>For DLLs: DLL assemblies are now protected using the Windows shell-protection feature.
>For EXEs: The existing DFP-based Windows shell-protection continues to be used. This method can work for .NET Framework and .NET Core assemblies. The assemblies which have been protected using this feature will only work under Windows. The existing DFP-based protection will be used for EXE files.
Sentinel LDK Envelope Creates OMAP Files for Use with LDK Exception Report Translator
Envelope has been enhanced for using method-level protection for Java applications. You can now use the symbol obfuscation feature, but are still able to translate exception reports to a readable form that can help to analyze a crash.
Envelope now creates an OMAP file that contains the original and obfuscated names. The ERT (Exception Report Translator) tool is able to load the OMAP and display an exception trace with the original method names.
Enhanced Envelope Protection for Python Applications Under Linux
Script Envelope, which was recently released to protect Python applications under Windows, is now available for applying Sentinel LDK Envelope protection to Python applications on a Linux machine.
After you create a project file that contains protection parameters, you can protect the Python application simply by executing Script Envelope. No additional steps are required.
For details, see Sentinel LDK Envelope for Linux.
Enhancements to the LoginScope Function in Sentinel Licensing API
The LoginScope function in Sentinel Licensing API now provides more granular filtering capabilities for logging in to licenses. The Features that are accessed by LoginScope can be restricted to any of the following:
>A cloud license.
>A license that is detached or auto-detached from a cloud license.
>A non-cloud network license.
The GetInfo function can return attributes that differentiate between these license types.
In addition, the LoginScope function can specify that login should be limited to:
> A cloud license with specific Key ID.
>A license that is detached from a cloud license with a specific Key ID. (Users typically have multiple auto-detached keys from different CL keys.)
>A cloud license with a specific family (that is, a parent license with a specific Key ID or a license detached from that parent).
If a required detached license is not present, the LoginScope function can detach the required license if certain conditions are satisfied. For details, see Sentinel Licensing API C Reference.
Added Support for HTTPS Protocol
Communication between Licensing API or local license manager to vendor-hosted CL service or Thales-hosted CL service is now supporting using the HTTPS protocol.
Additional Enhancements/Changes to Sentinel LDK Envelope
Sentinel LDK Envelope has been modified as described below.
Enhancement for Java Applications
The number of classes/methods that can be protected in a Java application has been significantly increased.
Sentinel HL v.1.x Is No Longer Supported
Support for HL v.1.x has been discontinued. To protect an application that is licensed using HL v.1.x, use Sentinel LDK 9.0 or earlier.