Glossary
Activation |
The process in which an SL key is locked to a specific computer or a license is burned to an HL key. Following activation, the protected software can be used on the end user's computer according to the activated license. |
Activation counter |
Licensing element that indicates the number of times that a Feature, which is licensed using Sentinel LDK, can be run. |
Admin License Manager |
Standalone License Manager that is implemented as a service in Windows or as a daemon in Mac and Linux Intel/ARM. The Admin License Manager handles communication between the protected application and the protection keys. The Admin License Manager is installed as part of Sentinel Run-time Environment, together with Sentinel Admin Control Center. See also: License Manager |
AES |
Advanced Encryption Standard (AES) algorithm that is the basis for the Sentinel LDK encryption and decryption. |
Anti-debugging |
Measures that are applied by the Sentinel LDK system to block potential attacks intended to undermine the protection scheme. |
API samples |
Sample applications that utilize the Sentinel Licensing API. A learning tool used for implementing the Sentinel Licensing API. |
AppOnChip |
A protection functionality in Sentinel LDK Envelope that moves the execution of selected code fragments from the protected application to the Sentinel HL (Driverless configuration) key. This enhances the security of the protected application. |
Automatic Detach |
When you start to work with a protected application, a license can be automatically detached from the SL key and attached to your machine. The license is valid for the number of hours specified in Admin Control Center. This enables you to continue working even if your machine loses its connection to the SL key. See also: Detach |
Background checks |
Random checks executed by protected applications for a required Sentinel protection key. |
Backward compatibility |
Ability to share data or commands with applications protected with earlier versions. Sentinel LDK backward compatibility includes the ability to read and write data, set real-time clocks, and process other ‘legacy' commands. |
Batch Code |
Unique character string that represents a Vendor Code. The Batch Code is used in defining Features, Products and orders. It is also used for ordering Sentinel protection keys. With Sentinel HL keys, the code is printed on the Sentinel HL key label. In Sentinel EMS, this is known as Namespace. Namespaces are also used to segregate data in the Sentinel EMS database. |
Bundle (of Unlocked Products) |
A program that you create that installs a V2C file containing one or more Unlocked Product licenses, your Vendor libraries and a customized Run-time Environment installer. When this package is installed together with your protected application or applications, the applications are ready for immediate execution; no additional processing is required to activate the licenses. Bundles are useful for installing trialware or for installing software that should be protected but does not have licensing requirements. |
C2V file |
Customer-to-Vendor file. This is a file that is sent by the customer to the vendor, containing data about deployed Sentinel protection keys or data about the customer's computer. C2V files can be safely sent using regular email. See also: V2C file |
Channel Partner |
A company that partners with you to market and sell your products. Sentinel EMS enables you to allow your channel partners to access Sentinel EMS functionality to assist them in servicing their customers. |
Channel Partner user |
A Sentinel EMS user who is associated with a specific channel partner. This type of user can perform a limited range of activities for associated end-user customers. |
CL key |
A cloud-enabled SL AdminMode key (that is, when the SL key was generated, the vendor's Sentinel LDK Master license contained an active Cloud Licensing module). To use a CL key for cloud licensing, licenses must have concurrency enabled. |
Cloud licensing |
A licensing scheme that enables end users to access local software with a license hosted in the cloud. Cloud licensing uses identity-based access to give the vendor or the customer granular control over who can access a network seat from a license. |
Concurrency |
A licensing attribute that allows a single protection key to be used by one or more instances of a protected application running on different computers in a network. In a Product, concurrency is defined for each Feature license Each instance of the protected application that can be used simultaneously is referred to as a network seat (or a floating license). Management of the license in the network is controlled using the Sentinel License Manager. For more information about concurrency, see Specifying the License Terms for Features in a Product. |
Customer Portal |
A Web portal in Sentinel EMS that can be accessed by customers. This portal is used to activate licenses or to automatically apply updates to the protection keys on the customer's machine. |
Cross-locking |
Indicates that protection can be applied to both Sentinel HL and Sentinel SL keys. |
Data Protection utility |
Utility for encrypting and (optionally) licensing data files that are accessed by programs protected by Sentinel LDK Envelope. (Formerly DataHASP) |
Decryption |
The process of decrypting data that has been encrypted. |
Default Feature |
A Feature (with Feature ID "0") that is always available in a Sentinel protection key and can be used to provide copy protection without the need to fulfill a Sentinel LDK license. This feature is always perpetual and cannot be modified to use other licensing terms. When you protect an application with Envelope, Feature ID 0 is applied by default if you do not choose any other Feature ID for licensing the application. To license a specific Feature, always apply the relevant Feature ID. If your application will be distributed with Sentinel HL Basic keys, you can use only the default Feature (Feature ID 0) to protect your program. |
Demo Vendor Code |
See DEMOMA. |
DEMOMA |
Batch Code |
Detach |
Temporarily remove a license from a network pool on a host machine for attachment to a remote recipient machine. See also: On-demand Detach, Automatic Detach |
Developer key |
A special-purpose Sentinel HL key that contains the confidential codes assigned to you by Thales and, optionally, certain Sentinel LDK Master license modules for advanced Sentinel LDK features. The key is used by the software engineers when protecting applications or data files using Sentinel LDK. |
EID |
Entitlement ID. A string that is supplied to the end user as proof of purchase. The end users uses the EID to begin the Product activation process on the Customer Portal. |
Encryption |
Translation of data into a confidential code. To read an encrypted file, you must have the correct encryption engine for decrypting the file. |
Encryption engine |
Encryption engine in a Sentinel protection key—based on the AES algorithm. |
Encryption key |
Key used with Sentinel Envelope to encrypt a data file. |
Encryption level |
Number of iterations that the Sentinel Envelope executes with the Sentinel protection key for each interaction. |
Entitlement |
A request for items to be shipped to a customer. The entitlement specifies one of the following: >One or more Product licenses to be applied to Sentinel protection keys. >An update to a protection key, specifying changes to be made to the license terms or data stored in one or more deployed Sentinel protection keys. |
Envelope | |
Expiration date |
Date after which a protected application or Feature stops running. |
External License Manager |
License Manager that can be provided for each protected application (to replace the Integrated License Manager). Handles communication between the application and the protection key. This License Manager can be upgraded by simply replacing a standalone file. See also: License Manager |
Feature |
For software applications: An identifiable functionality that can be independently controlled by a license. In Sentinel LDK, a Feature may be an entire application, a module or a specific functionality such as Print, Save or Draw. For data files: A specific Feature can be assigned to an individual data file or to a collection of data files. This enables the vendor to easily manage the licensing of data files. |
Feature ID |
Unique identifier for a Sentinel LDK-protected Feature. See also Default Feature. |
Feature ID 0 |
See Default Feature. |
File filter |
File mask that is defined in Sentinel LDK Envelope for a protected application. The file filter is used by the protected application do determine which data files should be handled as encrypted files. |
Grace period |
An initial period of time (typically 30 to 90 days) or number of executions (typically 30) during which a Product can be used without a Sentinel protection key. See also: Unlocked Trialware Product |
H2H file |
Host-to-Host file. This file is used to rehost (transfer) a protection key from one end user's machine to another end user's machine. |
H2R file |
Host-to-Recipient file. This file contains one or more detached Product licenses for temporary attachment to a recipient machine. |
Handle |
Unique identifier for accessing the context of a Sentinel LDK login session. |
HASP |
A legacy term that is used to refer to Sentinel protection keys in the HASP and LDK family of products. This term is used in the following contexts: > HASP HL keys. Legacy hardware protection keys, now replaced by Sentinel HL keys. > HASP SL keys. Previous name for the software-based Sentinel SL Legacy keys. > HASP_ prefix / namespace. Used in the Sentinel Licensing API. > HASPUserSetup.exe. GUI-based Run-time installer that supports multiple key types (Sentinel HL, HASP HL, HASP4, and Hardlock). > haspdinst.exe. Command-line based Run-time installer similar to HASPUserSetup.exe. |
HASP ID |
See Key ID. |
HL key | See the various entries for Sentinel HL key |
Integrated License Manager |
License Manager that is integrated into each protected application. Handles communication between the application and the protection key. See also: License Manager |
Key | |
Key ID |
Unique identification number for a Sentinel protection key. |
License |
A logical entity (file or data) that enables the user to access a protected application (or part of it). The digital representation of a license is stored in a Sentinel protection key. |
License Manager |
A component of Sentinel LDK that enables the protected application to locate and query the protection key that provides licensing authorization for the protected application to operate. The following types of License Managers exist: Admin License Manager, Integrated License Manager, External License Manager |
License Model |
A set of license terms for a Feature. Each license model defines the conditions that control the use of a Feature in a Product. |
License Terms |
Detailed conditions and terms of usage contained in a license. |
Locked Product |
A Product that is protected using Sentinel LDK and is locked to a specific machine or HL key. An Unlocked Trialware Product becomes a Locked Product after the customer activates an entitlement for the Product. |
Locking Type |
Which types of protection keys can be used to license the Product. This determines the level of protection for a Product. |
Market Group |
Used to specify a Namespace when creating an entitlement and when performing some administrative tasks, such as defining a customer. Each market group is mapped to a single namespace and vice versa. For more details, see Market Groups. |
Master key |
A special-purpose Sentinel HL required for issuing licenses when the vendor works with Sentinel LDK-EMS on-premises. In these cases, the Master key contains the Sentinel LDK Master license. The Master key must be connected to the machine where Sentinel LDK-EMS runs. For Sentinel EMS or Sentinel LDK-EMS hosted by Thales, Master key is not required. In this case, Thales recommends that you store the Master key in a secure location to prevent misuse. |
Memory data |
Vendor-defined data (for example: passwords, values used by the software) that is specified in memory for a Product and transferred to the Sentinel protection key. |
Namespace |
Unique character string that represents a Vendor Code. The namespace is used in defining Features, Products and orders. It is also used for ordering Sentinel protection keys. With Sentinel HL keys, the code is printed on the Sentinel HL key label. In Sentinel LDK, a namespace is known as Batch Code. Namespaces are also used to segregate data in the Sentinel EMS database. |
On-demand Detach |
You can manually detach a license from an SL key and attach it to your machine for a specified number of days. This is useful if you want to work with a protected application and expect to be disconnected from your company’s network for an extended period. See also: Detach |
Order |
A request for a Product entitlement to be shipped to a customer. |
Product |
(Written with an uppercase "P") A licensing entity that represents one of a vendor’s marketable software products or data files. The Product is coded into the memory of a Sentinel key and contains one or more Features. License terms are defined for each Feature in a Product. |
Production |
The implementation of an order for Products. |
Protect Once—Deliver Many—Evolve Often |
The concept of separation between engineering and business processes, on which Sentinel LDK is designed. |
Protection key | |
Protection Key Memory |
Secure memory that resides within a Sentinel protection key (HL or SL), for use by the protected software. Protection Key memory can be accessed or modified using the Sentinel Licensing API. The memory can be initialized when the key is generated, using data entered when defining the Product or when entering an order for a Product. |
Provisional Product | See Unlocked Trialware Product. |
R2H file |
Recipient-to-Host file. This file is used to re-attach a cancelled detachable license to the host machine. |
Real-time Clock (RTC) |
A battery-powered clock that is available in the Sentinel HL Time key and Sentinel HL NetTime key. This clock is independent of the clock in the machine where the key is attached. See also: V‑Clock (Virtual Clock) |
Recipient machine |
Remote machine to which a license that has been detached from a network pool on a host machine is temporarily attached. |
Rehost |
Transfer a Sentinel SL key from one end user computer to another. The rehost process is performed entirely by the end user, with no interaction with the vendor. |
Reverse Engineering |
Software attacks that are intended to unravel the algorithms and execution flow of a target program by tracing the compiled program to its source code. Sentinel Envelope protection implements contingency measures to repel such attacks and prevent crackers from discovering algorithms used inside protected software. |
RUS utility |
Sentinel Remote Update System (referred to as RUS) is an executable utility that the vendor can send to their end users to enable secure, remote updating of the license and memory data of Sentinel protection keys after they are deployed. See Sentinel Remote Update System (RUS). |
RUS Generator |
Tool that generates a RUS utility executable that is associated with the vendor's Batch Code and that is optionally branded and customized with additional text. |
Script Envelope |
Standalone tool for applying Envelope protection to Python applications. See also Sentinel LDK Envelope. |
Secure Storage |
Area reserved by Sentinel LDK on a computer’s local hard drive when one or more Sentinel SL protection keys are installed on the computer. The keys are installed in the secure storage area. This area can only be accessed or modified by Sentinel LDK components. |
Secure Storage ID |
A globally unique identifier of Secure storage on every machine. |
Sentinel Admin API |
API that enables administration of License Managers and Sentinel protection keys. Provides all the functionality that is available in Admin Control Center. See also: License Manager |
Sentinel Admin Control Center |
Customizable, Web-based, end-user utility that enables centralized administration of Admin License Managers and Sentinel protection keys. See also: License Manager,Admin License Manager |
Sentinel EMS |
Role-based application used to generate licenses and lock them to Sentinel protection keys, write specific data to the memory of a Sentinel protection key, and update licenses already deployed in the field. |
Sentinel EMS Server |
Computer on which Sentinel EMS is installed and the Sentinel EMS Service is active. |
Sentinel HL key |
The hardware-based protection and licensing component of Sentinel LDK. One of the Sentinel protection key types. |
Sentinel HL Basic key |
Standard Sentinel HL local key that is used to protect software, and has a perpetual license. This key: >does not have any memory functionality. >does not support concurrency or remote desktops. >does not support V‑Clock. |
Sentinel HL network key |
Any Sentinel HL key that supports concurrency. This includes the following keys: >Sentinel HL Net key >Sentinel HL NetTime key >Any Sentinel HL (Driverless configuration) key except for Sentinel HL Basic keys |
Sentinel HL (Driverless configuration) key |
Type of Sentinel HL key that does not require the Run-time Environment in order to protect an application or data file on a Windows machine. |
Sentinel HL (HASP configuration) key |
Type of Sentinel HL key that is fully compatible with protected applications that require the older HASP HL keys. |
Sentinel LDK-EMS (Thales Hosted) or LDKaaS |
Sentinel LDK-EMS hosted and managed by Thales. (This can be used instead of a local, on-premises Sentinel LDK-EMS installation.) |
Sentinel LDK - Demo Kit |
Kit containing software, hardware and documentation for evaluating the Sentinel LDK system. |
Sentinel LDK Envelope |
Application that wraps an application in a protective shield, ensuring that the protected application cannot run unless a specified Sentinel protection key is accessible by the program. |
Sentinel LDK Run time Environment (RTE) |
System component that enables communication between a Sentinel protection key and a protected application or data file. The Run-time Environment also contains Sentinel Admin Control Center. |
Sentinel LDK ToolBox |
GUI application designed to facilitate software engineers’ use of various Sentinel LDK APIs and to generate source code. |
Sentinel License Manager |
See License Manager. |
Sentinel Licensing API |
Interface for inserting calls to a Sentinel protection key |
Sentinel LDK Master license |
The license issued to you by Thales to work with Sentinel LDK. The Sentinel LDK Master license contain the modules that you purchased or subscribed to, as well as other license components. The Master license resides in your instance of Sentinel EMS hosted by Thales. |
Sentinel protection keys |
Sentinel HL keys and Sentinel SL keys. |
Sentinel Remote Update System (RUS) |
Utility that enables licenses in deployed Sentinel protection keys to be securely, remotely updated, or the contents of the keys to be modified. |
Sentinel SL key |
The software-based protection and licensing component of Sentinel LDK—a virtual Sentinel HL key. |
Developer keys |
The Master key and Developer key that contain your unique and private Vendor Codes. These keys enable you to apply protection to your programs, to program the Sentinel protection keys that you send to your end users, and to specify the license terms under which your software can be used. |
Status code |
Error or status message returned by the Thales system. |
Technology Preview Release |
Technology Preview features offer early access to upcoming product innovations for testing and feedback, but are not fully supported or intended for production use. They may be incomplete, unstable, and may not allow seamless upgrades. Thales will attempt to address issues but cannot guarantee that these features will meet commercial standards or be fully supported in future releases. Some features may be limited to specific hardware. Bug reports from customers are forwarded to Thales Engineering for consideration in future releases. |
Trialware |
Software or data files that can be distributed with an integrated Sentinel protection key for end-user evaluation during a limited time period. See also: Unlocked Trialware Product |
Unlocked license |
A license that does not lock a protected entity (application or data file) to a specific machine and does not necessarily impose any licensing restrictions on the use of the protected entity. The protected entity can be installed on any number of machines. The vendor can use Sentinel LDK to protect the entity, and can either use a different mechanism to license the entity or can impose no license restrictions on the entity. |
Unlocked Product |
A Product that is distributed with an Unlocked license. |
Unlocked Trialware Product |
A Product that can be distributed as trialware, or during a grace period. Unlocked trialware Products are not locked to a specific machine and do not require activation for a limited period. Unlocked trialware Products typically have a duration of 30 to 90 days. This period can be set to begin either from the date of first use of the application or from the date that the license was generated. |
Unlocked Unlimited Product |
A Product that does not lock a protected application to a specific machine and does not necessarily impose any licensing restrictions on the use of the protected application. The Product can be granted a perpetual license or can be limited to any length of time that you choose. This enables the vendor to use Sentinel LDK to protect the application, but use a different mechanism to license the application (or impose no license restrictions on the application). |
UTC |
Coordinated Universal Time—the standard time common to every place in the world. |
V‑Clock (Virtual Clock) |
Virtual clock that is available in Sentinel SL keys and Sentinel HL (Driverless configuration) keys. See also: Real-time Clock (RTC) |
V2C file |
Vendor-to-Customer file. This file is sent by the vendor to a customer. This file is generated See also: C2V file |
V2CP file |
Vendor-to-Customer package file. This file is generated only by Sentinel EMS. This file contains one or more V2C updates to a Sentinel protection key on the end user's computer. The License Manager breaks down a V2CP file to its component V2C files and then applies each update in sequence. V2CP files can be safely sent using regular email. See also: V2C file |
Vendor Code |
A unique vendor-specific code that enables access to the vendor's Sentinel protection keys. |
Vendor ID |
A unique number that is associated with a given Vendor Code and Batch Code |
Vendor libraries (Vlib) |
Vendor-specific API libraries. These libraries are built and customized on Thales servers. In this process, the libraries are customized differently for every vendor. These libraries are downloaded when you introduce one of your Vendor keys. |
Vendor keys |
Collective term used to refer to the Master key and the Developer key. |