The future of the industry is digital and intelligent, powered by know-how expressed in software that enables collaborative robotics, Big Data and analytics, IIoT and M2M, augmented and virtual reality, and 3D printing. Collaboration between the makers of innovative solution and manufacturing companies promotes the dissemination of the Automation 4.0 culture, the understanding of its implications for competitiveness, and the implementation of successful use cases. At the core of the new infrastructure, we find Cyber Security 4.0 and Digital Business 4.0, both facilitated by CodeMeter Embedded 2.0.
The brand new generation of CodeMeter Embedded provides a broad spectrum of new features:
- An extremely compact footprint: the technology is modular, so it’s your choice how to combine the modules you need and build a fully customized solution for your project.
- Established compatibility with embedded systems and PLCs to cover the complete gamut of intelligent devices you intend to deploy.
- Wider compatibility with platforms and operating systems; if you use a mainstream system, including ARM, Intel, and PPC, we deliver the corresponding libraries to you; if you use more exotic platforms, the source code is directly available to you.
- Compatibility with the complete array of Wibu-Systems’ hardware and software secure elements: CmDongles, CmActLicenses, and CmLAN (License Server in a Network).
- Compatibility with CodeMeter Runtime: no need to pick different solutions for complex architectures; CodeMeter covers all options at once.
- Compatibility with CodeMeter Protection Suite, because top notch encryption is the starting point of all communication.
- Compatibility with CodeMeter License Central: once security is in place, you can get on with creating, distributing, and managing your embedded software licenses and start monetizing your business.
Watch the webinar:
https://youtu.be/-eTiIwlejtY
Application of Residue Theorem to evaluate real integrations.pptx
Dominating Industrie 4.0 with Secure Software Licensing
1. Dominating Industrie 4.0 with
Secure Software Licensing
Guenther Fischer | Consulting & Professional Services
WIBU-SYSTEMS AG
guenther.fischer@wibu.com
John Battista | Head of Support
WIBU-SYSTEMS USA
john.battista@wibu.us
CodeMeter Embedded
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 1
3. Delivery to the user
Integration with processes
Integrate Once – Deliver Many
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 3
Integration in the software
Software Software
CodeMeter
Protection Suite
Integrate Once Deliver Many
ERP/CRM
e-commerce
Software
License Portal
License
Central
License
Central
4. CodeMeter Licensing Systems
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 4
CmDongle
Hardware-based
security
License Server
License Server
in LAN / WAN
CmCloudContainer
User-based
license in the cloud
CmActLicense
Computer-bound
license file
5. License Entries
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 5
License entry = Firm Code | Product Code
Firm Code: issued by Wibu-Systems
Product Code:
Defined by the software vendor
Per Option / Module / Feature
4 bn. Product Codes (UInt32)
Product Item Options: Each license can include
combinable options
Up to 2,000 Product Items per CmContainer
Firm Code: 10
…
Product Item Options
Product Code: 201.000
Product Item Options
Product Code: 201.001
Product Item Options
Product Code: 201.002
10. CodeMeter
Embedded
Personal Computer
Industrial PC
Embedded System
Mobile Device / Tablet
PLC
Microcontroller
Field Programmable Gate Array
Scalable Variants of CodeMeter
High Power
Small Size
CodeMeter
Runtime
CodeMeter
µEmbedded
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 10
11. Scalable Variants of CodeMeter
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 11
Same CodeMeter Technology for all Platforms
12. CodeMeter Variants in Detail
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 12
Feature
CodeMeter
µEmbedded
CodeMeter
Embedded
CodeMeter
Runtime
CmDongle | CmActLicense | CmCloudContainer - | x | - x | x | - x | x | x
LAN client | LAN server - | - x | - x | x
Time-based licenses | Counter-based licenses x* | - x* | x* x | x
Feature-based licenses | Version-based licenses x | x x | x x | x
License transfer master | License transfer endpoint - | x - | x x | x
File-based license update x x x
Terminal server detection | Remote desktop detection - | - - | - x | x
Secure key storage x x x
Virtual CodeMeter clock - x x
14. CodeMeter Embedded
Alternative to CodeMeter Runtime
Direct access to one or multiple CmDongles / CmActLicenses
As static library or source code
Modular structure
Compact footprint (ca. 90 kByte .. 300 kByte)
Compatible Subset of CodeMeter Core API functions
No local counting of licenses
Mainly for embedded operating systems
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 14
15. CodeMeter Embedded Architecture
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 15
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle
CmActLicense CmLAN Runtime Bridge
License Cache
Multi-Application Access
License Transfer
Encrypted Storage Encrypted CommunicationEncrypted Communication
Host-ID CodeMeter License Server CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
16. Module in Detail
CodeMeter Embedded Core
License Cache
Multiple Application Access
CmDongle
CmActLicenses
CmLAN
CmRuntimeBridge
API (subset of CodeMeter Core API)
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 16
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle
CmActLicense CmLAN Runtime Bridge
License Cache
Multi-Application Access
License Transfer
Encrypted Storage Encrypted CommunicationEncrypted Communication
Host-ID
CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
17. CodeMeter Embedded Core
Core Functions
All basic functions
Crypto libraries
Symmetric encryption
Asymmetric encryption
Handle management for accessing
CmDongles/CmActLicenses
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 17
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle CmActLicense CmLAN Runtime Bridge
License Cache
Multi-ApplicationAccess
License Transfer
Encrypted Storage Encrypted CommunicationEncrypted Communication
Host-ID CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
18. License Cache
License Cache
Cached information about the licenses
Quick access to licenses from the
cache instead of CmDongles and
CmActLicenses
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 18
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle CmActLicense CmLAN Runtime Bridge
License Cache
Multi-ApplicationAccess
License Transfer
Encrypted Storage Encrypted CommunicationEncrypted Communication
Host-ID CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
19. Multiple Application Access
Multiple Application Access
Concurrent access of multiple
applications or processes to a
CmDongle or CmActLicense
Used in the OPC UA reference
"Implementation for concurrent
access to the private key"
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 19
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle CmActLicense CmLAN Runtime Bridge
License Cache
Multi-Application Access
License Transfer
Encrypted Storage Encrypted CommunicationEncrypted Communication
Host-ID CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
20. CmDongle
CmDongle
Supported communication channels
I/O File (Mass Storage Device)
HID (Human Interface Device)
SPI (Serial Peripheral Interface)
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 20
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle
CmActLicense CmLAN Runtime Bridge
License Cache
Multi-Application Access
License Transfer
Encrypted Storage Encrypted CommunicationEncrypted Communication
Host-ID CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
21. CmActLicenses
Single implementation of the
binding to the device
Adapter for
Implementation of a fingerprint
Implementation of license storage
Implementation of dynamic file storage
Secure counter for return and dynamic data (recommended)
Activation for CodeMeter API (compatible with CodeMeter Runtime)
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 21
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle CmActLicense CmLAN Runtime Bridge
License Cache
Multi-Application Access
License Transfer
Encrypted Storage Encrypted CommunicationEncrypted Communication
Host-ID CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
22. Typical Binding Factors
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 22
Unchangeable serial number
Physical Uncloneable Function
Unchangeable IMEI
Unchangeable CID
Unchangeable CPU ID
Unchangeable GPU ID
SGX
Trust Zone
TPM 1.2 / 2.0
etc….
23. CmLAN
CmLAN
Supports the use of concurrent
network licenses
Compatible with a CodeMeter
License Server in the network
CmEmbedded as client of a
CodeMeter License Server
(i.e. to count licenses)
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 23
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle CmActLicense CmLAN Runtime Bridge
License Cache
Multi-Application Access
License Transfer
Encrypted Storage Encrypted Communication
Encrypted Communication
Host-ID CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
24. CmRuntimeBridge
CmRuntimeBridge
Coexhistence with CodeMeter Runtime
on the same computer
Designed for testing on development
computers that use CodeMeter Runtime
and CmEmbedded simultaneously
(development environment and device
simulation)
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 24
CodeMeter Embedded Core
Core Modules
API (Subset of CodeMeter Core API)
CmDongle CmActLicense CmLAN Runtime Bridge
License Cache
Multi-Application Access
License Transfer
Encrypted Storage
Encrypted Communication
Encrypted Communication
Host-ID CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
25. API (Subset of CodeMeter Core API)
API (Application Interface)
Necessary for embedded scenarios
Subset of CodeMeter Core API
Access to API
Authentication API
Encryption API
Error Management API
Management API
Compatible with CodeMeter API on desktop systems
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 25
CodeMeter Embedded Core Core Modules
API (Teilmenge von CodeMeter Core API)
CmDongle CmActLicense CmLAN Runtime Bridge
License Cache
Multi ApplicationAccess
License Transfer
Encrypted Storage Encrypted
Communication
Encrypted Communication
Host-ID CodeMeter License
Server
CodeMeter RuntimeTPM
ApplicationExEngineAxEngineOPC UA
HID SPIFile-I/O
28. Delivery Options of CodeMeter Embedded
As dynamic libraries (dll / so) for testing
CmDongles, Runtime Bridge
As static libraries
Module and operating system on demand
As source code (on demand)
Module on demand
NDA necessary
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 28
29. Integration in the Software
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 29
30. Key Facts of CodeMeter
Symmetric Encryption
128-bit AES (Advanced Encryption Standard)
Used for software protection and data encryption
Asymmetric Encryption
224-bit ECC (Elliptic Curve Cryptography)
2048-bit RSA (Rivest Shamir Adleman)
Used for signatures, authentication, and Software-as-a-Service (SaaS)
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 30
31. Integration in the Software
Automatic Encryption
CodeMeter Protection Suite
AxProtector CmE
ExProtector
CodeMeter Core API
Use of encryption
Own license queries in the software
License activation/de-activation
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 31
32. CodeMeter Protection Suite
CodeMeter Protection Suite
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing
Automatic Protection
(IP Protection)
Anti-Debug Methods
CodeMeter
Variants Used
Encryption of
Individual Functions
Integrity Protection
(Tamper Protection)
Software Authenticity
(Secure Loader / Authenticity)
Java SE
Java EE
Embedded
Operating System
.NETPC (Windows,
Linux, macOS)
CodeMeter
Runtime
CodeMeter
Runtime
CodeMeter
Runtime
CodeMeter
Embedded
CodeMeter
Embedded
IxProtector
AxProtector
AxProtector .NET
AxProtector Java
AxProtector CmE
ExProtector
32
38. ExProtector
For embedded devices
ExEngine integrated in the operating system
Wind River VxWorks
3S CODESYS
Embedded Linux
Android
Protection against reverse engineering
Tamper protection
Protection against the use of unauthorized software
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 38
40. ExEngine integrated in the Operating System
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 40
Operating System
Protected Application
ExEngine
(Security Engine)
Integrity CheckStart
45. Key Features of CodeMeter Core API
CmAccess2 (access to license)
CmCrypt2 (encryption)
CmRelease (license release)
CmCalculateSignature (signature creation)
CmValidateSignature (signature check)
CmGetLastErrorCode (error handling)
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 45
46. What is CodeMeter Core API used for?
Encryption of your data
Configuration files / Data files
Secure data exchange
Logon process
With asymmetric encryption
With Challenge Response processes
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 46
47. Same API in all CodeMeter Implementations
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 47
CodeMeter Runtime CodeMeter Embedded
49. Supported Platforms – CodeMeter Embedded
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 49
Operating System CPU
CodeMeter
Runtime
DLL/SO
(Eval)
LIB
ANSI-C
Source
Windows Intel
Linux Intel
Windows Embedded Standard (WES) Intel
Windows Embedded Compact (WEC) Intel, ARM
Embedded Linux Intel, ARM
Android ARM
VxWorks Intel, ARM, PPC
QNX Intel, ARM
Other Operating System Any CPU
50. Supported Platforms – CodeMeter Protection Suite
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 50
Operating System
CodeMeter
Variant
AxProtector
AxProtector
Java
AxProtector
.NET
ExProtector
Windows Runtime -
Linux Runtime -
Windows Embedded Standard Runtime -
Windows Embedded Compact Embedded legacy - - -
Embedded Linux Embedded (CmE) 2018 -
Android Embedded (CmE) 2017 - 2018
VxWorks Embedded - - -
QNX Embedded - - - on request
Other Operating System Embedded on request on request - on request
52. License Creation
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 52
CodeMeter High Level Programming API (HIP)
CmBoxPgm
CodeMeter
License Editor
CodeMeter
License Central
Own
Application
53. End UserVendor
CodeMeter License Central – Ticketing System
08.03.2017 53
Ticket + Fingerprint
4
License
5
Ticket
2
Order
1
e-commerce
ERP/CRM Software
License Portal
Ticket:
ABCDE-FGHIJ-KLMNO-PQRST-UVWXY
3
Dominating Industrie 4.0 with Secure Software Licensing
54. WebDepot and Gateway / Software Activation Wizard
WebDepot
License activation from the web browser
Online over WebSockets
Offline via data transfer
Gateway / Software Activation Wizard
License activation from the protected application or via License Manager
Online over Gateways to CodeMeter License Central
Offline over RaC (Request) and RaU (Update) files
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 54
57. Summary
CodeMeter Embedded is multi-vendor
CodeMeter Embedded is a portable and modular ANSI-C library
Same API for CodeMeter Standard and CodeMeter Embedded
Same toolset
Same license management system
08.03.2017 Dominating Industrie 4.0 with Secure Software Licensing 57
58. Deutschland: +49-721-931720
USA: +1-425-7756900
China: +86-21-55661790
http://www.wibu.com
info@wibu.com
Germany: +49-721-931720
USA: +1-425-7756900
China: +86-21-55661790
http://www.wibu.com
info@wibu.com
Many thanks for your attention!
Editor's Notes
Je Modul mind. eine Folie
Diese Folie kommt hier so unvermittelt, um sagen zu können:
Eigentlich müssten Sie sich darum kümmern, wie Sie den Encryption Code sinnvoll variieren und einsetzen. AxProtector, IxProtetcor und Wupi nehmen Ihnen dies ab. Diese Tools erzeugen automatisch Arrays von Encryption Codes. Nur mit dem Core API müssen Sie dies manuell machen.
Animation Prüfen
Bilder neu machen (Runtime Sample mit Statischer Lib)