Elements of Sentinel LDK Protection
The Sentinel LDK protection system is based on the following:
>Protecting programs and data files
>Identifying the Sentinel protection key
>AES encryption
>Confidential protection parameters
>Utilizing Protection Key memory
>Anti-debugging and reverse engineering measures
Protecting Programs and Data Files
Sentinel LDK provides two primary protection methods:
>Sentinel LDK Envelope
>Sentinel Licensing API
When you protect your software using either of these methods, you are essentially forming an inherent link between the protected application and a specific Sentinel protection key.
What Can Be Protected
Sentinel LDK enables you to protect a variety of applications and data files. You can apply protection directly to:
>Compiled executables, DLLs and .NET assemblies
>Specific functions or entire programs. Sentinel LDK protects all levels of software from function level to entire programs
>Sensitive data and intellectual property
All the above are protected against any attempt at reverse engineering.
For additional information about the available protection parameter options, see the following sections:
>Sentinel Licensing API Protection
Availability of the Sentinel Protection Key
The Sentinel protection key, or to be more precise—the intelligence contained within the Sentinel protection key—is the primary component of the Sentinel LDK protection system.
The main factor governing Sentinel LDK protection is whether a deployed program can identify and access the intelligence contained in a specific Sentinel protection key at run-time. This factor is unambiguous—the Sentinel protection key is either available or is not available!
Regardless of the protection method adopted, protected applications only function when they can access the required information contained in a specific Sentinel protection key.
Sentinel protection keys, and their ‘intelligence’ cannot be cloned to replicate the link between them and the protected application.
AES Encryption
A protected application relies on the ‘intelligence’ in the memory of a specific Sentinel protection key in order to function. In addition to the checks for the Sentinel protection key, data can be encrypted and decrypted using the intelligence available in the Sentinel protection key.
AES Encryption and Decryption
The encryption engine in the Sentinel protection key is based on the AES algorithm. Sentinel LDK encryption uses a set of confidential 128-bit encryption keys that remain in the Sentinel protection key.
Your protection schemes should always involve greater sophistication than merely confirming the presence of the required Sentinel protection key. However, verifying the required Sentinel protection key through data encryption and decryption requires forward planning. First, encrypted data must be available. This data must then be sent to the Sentinel protection key, where it is decrypted.
If the data is correct, the Sentinel protection key is considered to be “present.” For additional information, see Time Functions.
Confidential Protection Parameters
The essence of software protection is confidentiality. Without confidential elements, any software security system is vulnerable to attack.
Vendor Code
Each software vendor who uses Sentinel LDK is assigned a unique Vendor Code.
The Vendor Code forms an integral part of the protection parameters that constitute the link between the protected applications and the Sentinel protection key. However, the Vendor Code is only part of the link. The code merely provides the protected software with access to the Sentinel protection key and its resources. The Vendor Code is required in order to call Encrypt and Decrypt API functions, call memory read/write API functions, and consume licenses.
Access to the Vendor Code does not allow an attacker to create licenses, remove Envelope protection, or perform activities that would typically be regarded as license abuse. Therefore, while the Vendor Code should be kept confidential, the code on its own is not sufficient to enable unauthorized use of the protected software.
All Sentinel LDK protection applications require the Vendor Code. For information on how to access the code, see Extracting the Vendor Code from Sentinel Vendor Keys.
Utilizing Protection Key Memory
The secure memory on Sentinel protection keys can be utilized (read and write) as a component of the protection scheme for the software. Confidential data can be stored in the Protection Key memory, including snippets of program code, the customer name, or any other data.
Use the memory editors included in Sentinel LDK ToolBox to read or write data in the Protection Key memory. For additional information, see Memory Functions.
In your production environment, use Sentinel EMS to handle Protection Key memory.
Anti-Debugging and Reverse Engineering Measures
Sentinel LDK protects intellectual property and provides the functionality to combat anti-debugging and reverse engineering. Anti‑debugging and reverse engineering usually try to unravel the protection scheme of protected software by tracing a compiled application to its source code. Sentinel LDK Envelope implements contingency measures to ward off such attacks and prevent crackers from uncovering algorithms used inside protected software.