Wibu-Systems Blog

How Much is Your IP Worth?

Posted by Terry Gaul on Oct 28, 2015 5:18:17 AM

Erfolgsgeschichte_Belsim_EN

The intellectual property gained during the development of an ISV’s flagship software product most likely represents an investment in hundreds and hundreds of man hours. 

The majority of that time is spent on developing features and functionality, refining, and testing to assure that the final product addresses the needs of the customers in the most effective way possible – that’s the core strength of the software engineers. The business end of the development process is in software monetization – implementing creative licensing strategies and protection against piracy to assure that the company achieves the maximum revenue it deserves. However, that capability may not be the core strength of the software engineer and the reason why many ISVs are looking for help from licensing and security specialists to protect their IP investment and monetize their software.

For example, consider the case of Belsim, a spin-off company of University of Liège in Belgium. Belsim’s VALI-suite is the leading worldwide solution for Data Validation and Reconciliation (DVR) software. The VALI-suite is the result of many years of R&D and it represents the centerpiece of Belsim’s intellectual property.

According to Christophe Pirnay, Belsim’s Development Manager, "When we decided to develop VALI’s newest version in Microsoft .NET, it was clear that we also needed a partner to support the solution’s license management and to protect it against software piracy."

"We never really knew if our software was copied or used illegally", says Christophe. "We were a bit suspicious at times, but we never were sure if it was really happening. In those days, we were handling license management and software protection ourselves," he added.

Belsim recognized that license management and software protection were not part of their core business and they began to search for a security partner. Their search steered them toward Wibu-Systems’ CodeMeter software protection, licensing and security solution. CodeMeter protects VALI against unauthorized use, but also against anyone who tries to take a peek at the code. This way, CodeMeter also keeps Belsim’s competitors at a safe distance, as well as others who might try to build their own solution based on Belsim’s code.

In this case, with the help of CodeMeter, Belsim can fully concentrate on its core business – the development and implementation of software – while CodeMeter guarantees the protection that is needed at the heart of their solution.

download Belsim case studyRead the full case study and see how CodeMeter protects Belsim’s invaluable intellectual property.

Topics: CodeMeter, secure licensing, Anti-piracy, Copy Protection

Certificates for Authenticity, Authentication or both?

Posted by Terry Gaul on Apr 23, 2015 10:50:21 AM

CETRIFICATES-WEBINAR_PAGE_old_website_01_790c0b753e

Live Event:

Certificates for Authenticity, Authentication or Both?
April 28, 2015
9 - 10 am PST

Register

Software developers have an affinity for encryption methods, but not all have quite mastered certificate management. Digital certificates are often seen in relation to authentication practices such as single sign-on, email signature, and file encryption, but they are also a key pillar in software protection.

This crash course will navigate you from theory to practice, illustrating basic principles and best application uses. Whether your goal is protecting a computer or embedded software, there are techniques that you can implement and requirements you should follow to achieve greater effectiveness in shielding your application from piracy and tampering.

Through the integrated use of certificates, CodeMeter serves a dual scope: authenticity and authentication. While mechanisms like Authenticode offer authenticity for the software user, CodeMeter offers authenticity for the software developer. If an application consists of more than one executable, small and easy to use proprietary certificates are used by CodeMeter to check the integrity of the whole application. In case of an embedded system such as VxWorks, the integrity of the entire embedded device can also be verified: the authenticity of each module from the bootloader and the operating system, up to each software running on this system is validated.

Additionally, with authentication, you can make sure only users with entitled credentials can use or maintain your software or can log in to cloud-based solutions.

Get familiar with the terminology and become a proficient user of certificates. Register Here

Topics: CodeMeter, software copy protection, Anti-piracy, Copy Protection

Addressing Secure, Flexible Software Licensing in a Complex Environment

Posted by Terry Gaul on Feb 17, 2015 11:05:48 AM

WireFrame_Head_515

ISVs today must address many questions in your product development and delivery strategies as the software licensing landscape has become increasingly complex. Let’s take a look at some of these questions you face:

  • Should the product be sold as one unit or should several variants be created, each with different features?
  • Is the license perpetual or should it be sold in time-limited subscriptions or usage-based units?
  • Should limited trial licenses be made available?
  • Is the license bound to a specific PC or can it float in my customer’s LAN?
  • Which system platforms should be supported?
  • Is the license safe on virtual machines?
  • What about cloud or mobile apps in the future?

Because of these increasing complexities, many ISVs are turning to 3rd party licensing security experts for help in developing a secure licensing strategy that meets their needs not only for today but also provides the flexibility to enable them to adapt their product to meet new customer requirements as they evolve in the future.

For example, take a look at one of our customers, Faceware Technologies, Inc. Faceware is the pioneer in video-based facial animation. Their hardware and software represent complete solutions for the interactive entertainment, film, video game, television, and commercial markets. Their products were used to deliver exceptional facial recognition in Forbes list of top ten grossing games in 2014.

They turned to our CodeMeter secure licensing and protection platform for several reasons. First, they wanted to protect their revenues by eliminating counterfeit copies from hitting the market and protect their intellectual property from reverse engineering. They knew that CodeMeter protected software had never been compromised in global hacker’s contests.

They also were looking to introduce new business models that would enable trial licensing and pay for time and features. This licensing flexibility enabled them to introduce a “lite” version of their product which allowed them sell their software to independent filmmakers and smaller studios that typically couldn’t afford the high end, fully featured version. And with confidence in security, they were able to launch into new markets, including Russian and China, where they previously had concerns.

One of the key takeaways from their success story is that with a robust, flexible and secure licensing and protection platform like CodeMeter, they could focus on what they do best – create award winning products that could reach more markets.

If you would like to read the details about how CodeMeter helped Faceware to achieve their security and licensing goals, please download the case study. And, if you would like to try CodeMeter, just request a fully functional evaluation system.

Success-story-CTA

Topics: License Management, CodeMeter, software copy protection, secure licensing, software licensing, Copy Protection, software monetization

Unlicensed Software Usage Poses Multi-Billion Dollar Industry Problem

Posted by Terry Gaul on Nov 10, 2014 9:46:01 AM

 2013GlobalSurvey_Study_2

Source BSA 2013 Global Software Survey

Unlicensed software usage continues to pose a multi-billion dollar industry problem – did you know there is a solution?

The BSA 2013 Global Software Survey released earlier this year once again presented some alarming statistics on the financial and commercial impact of unlicensed software usage.

Conducted semi-annually by BSA | The Software Alliance (www.bsa.org), the survey found “that 43 percent of the software installed on personal computers around the world in 2013 was not properly licensed. That marked an uptick from 42 percent in BSA’s previous global study two years prior. The commercial value of this unlicensed software was estimated to be over $62 billion.

By geographic area, the unlicensed software usage rate cited some familiar statistics:

Area % Unlicencensed
Software Usage
Asia-Pacific 62%
Central and Eastern Europe 61%
Latin America 59%
Middle East and Africa 59%
Western Europe 29%
North America 19%
Source: BSA Global Software Survey

And, the magnitude of the problem is not simply a software monetization and piracy issue for ISVs, but a major security concern for enterprises as well.

Among the security risks associated with unlicensed software, the survey noted that 64 percent of users cited unauthorized access by hackers as a top concern and 59 percent cited loss of data. Topping the list of concerns for IT managers was the risk of losing data, followed by unauthorized access to company information, the time and costs involved in disinfecting, and loss of intellectual property or proprietary information.

The survey noted the importance of using genuine, properly licensed software remains critical — particularly as cyber security threats proliferate. Finally, the survey concluded that the global cyber security threat environment has in fact been worsening — and that trend has been exacerbated in part by vulnerabilities associated with illegitimate software.

So, what should software vendors make of this disheartening data?

Try this way of thinking: What if you could envision a solution where your software is protected by strong AES and ECC encryption and licenses were easily protected by the most secure hardware-based (dongles) or software-based measures? Only licensed, authenticated users could access your software. Then consider a licensing solution that is flexible enough to enable you to package your software to optimally meet the unique needs of each of your end-user market segments. Now, you have not only protected your software and secured its licensing, but also monetized your software business model to achieve greater revenues. And, you’ve also helped your customers to protect their data from cyber attacks.

The solution I am referring to, of course, is Wibu-Systems’ CodeMeter all-in-one licensing, security, and copy protection platform for desktop, SaaS, and cloud-based applications. CodeMeter employs proven  technologies and is designed to provide the ultimate in software protection and secure licensing while being very easy to use. Thousands of ISVs and industrial manufacturers around the world use CodeMeter to protect their software, digital assets and Intellectual property.

I invite you to learn more about CodeMeter, view our short video, or download our free Evaluation System and see for yourself how easy it is to license and protect your software. Together, perhaps we can change the next survey data for the better.

Topics: CodeMeter, software copy protection, Copy Protection

Are Those Storm Clouds Ahead?

Posted by Terry Gaul on Oct 30, 2013 11:40:00 AM

storm clouds on the horizon
Adobe may have raised some eyebrows last year when they announced they were moving their packaged Creative Suite PC software to the cloud, but most industry analysts predicted this day was coming – it was just a matter of how soon. Microsoft is moving in the same direction with their Office 365 cloud offering and other enterprise application developers are sure to follow suit. However, after the story came out recently that hackers broke into Adobe's network and stole personal information, including an estimated 2.9 million credit card numbers, the cloud may be darkening a bit.

Skeptics have pointed at data security from day one as the most serious drawback to cloud computing and Adobe's misfortune makes their case. But is that enough to break the momentum of the roll out of subscription based model to software delivery? I don't think so because the cost advantages to cloud-based software applications are too great, for both the ISV and the end user. And, end users want access to their apps from any device, from anywhere, and the cloud is the most effective way to fulfill that need.

Nonetheless, it is incumbent upon the software developer and hosting vendor to keep the data out of the wrong hands. There are three types of cloud computing scenarios that exist:

  • Application (SaaS): Independent software vendors (ISV) host their applications in the cloud from where the ISV customers (end users) store their data which is accessed by those applications. The ISV manages the cloud space. Example: salesforce.com.
  • Platform (PaaS): ISVs host their applications in the cloud but, in contrast to SaaS, the user has more flexibility in usage of the stored data by accessing development tools, databases, or web services. The ISV still manages the cloud space. Examples: force.com, windowsazure.com.
  • Infrastructure (IaaS): Users lease the infrastructure (a virtual computer) in the cloud, store their data there, and install, host and run applications. The cloud space is managed by the user rather than the ISV. Example: amazon.com.

Each approach has its unique security strengths and vulnerabilities and requires a strong user authentication and data encryption strategy to protect the cloud-based application. Moving from conventional perpetual licenses to subscription based licensing in the cloud also requires ISVs to consider new licensing strategies to secure the process and protect against license sharing.

In the IaaS environment, traditional software licensing control through a machine binding or a dongle is not possible and new licensing methods must be addressed.

As a provider of software protection and secure licensing solutions for over 25 years, we've been able to apply our experience to the development of the tools that our customers need to secure their software in the cloud and provide their users with the peace of mind that their data is safe.

You can learn more about our proven cloud security techniques by watching this 1-hour pre-recorded webinar, in cooperation with our partner, charismathics. We demonstrate how we protect ISVs' data and business logic in SaaS, PaaS and IaaS schemes against license counterfeiting and duplication. With the integration of charismathics CSSI, we can also guarantee user's secure access based on PKI two-factor authentication for SaaS and PaaS. Explore our complete offering for cloud security during the webinar or go to our web page for more information.

Photo by longhorndave

Topics: CodeMeter, Copy Protection, CmAct, CodeMeter License Central

Integrity Protection for Embedded Systems

Posted by Terry Gaul on Oct 21, 2013 9:51:00 AM

In their book, Embedded Systems Security, David and Michael Kleidermacher point out some all-to-real scenarios about the consequences of malicious threats to embedded systems.

Consider that for every PC in the world, there are hundreds of embedded systems, interconnected over various communication channels, like WiFi, Bluetooth and RFID. And nothing has become more computerized faster than the modern automobile. Computers, in the form of self-contained embedded systems, have been integrated into virtually every aspect of a car's operation and diagnostics, including throttle control, transmission, brakes speedometer, climate and lighting controls, external lights and entertainment systems.

The authors gave one example of an industrial company that sells bearings that use a magnetic field to suspend a shaft. A Digital Signal Processor performs 15,000 calculations per second to keep operations running smoothly. The bearing controllers have Ethernet connections.  With a coordinated attack on the bearings, plant operations could be brought to a halt.

The authors also discuss the security issues brought on by non-malware bugs. As embedded systems become increasingly ingrained in our lives, any bug that compromises the reliability of a system can become a mission-critical security threat. For example, what would happen if automated jail control doors failed to close? A task that errantly consumes too many resources (like memory) or CPU cycles can prevent other activities from running: the traffic light fails to turn red, the railroad signal remains open, or the ATM’s bill counter fails to stop spewing money. 

The Department of Homeland security notes that our country’s reliance on cyber systems to run everything from power plants to pipelines and hospitals to highways has increased dramatically, and our infrastructure is more physically and digitally interconnected than ever. Yet for all the advantages interconnectivity offers, critical infrastructure is also increasingly vulnerable to attack from an array of cyber threats.

Most embedded systems developers have little training in security and are largely unaware of both the threats and the techniques and technologies needed to make their products secure. In order to develop effective methods aimed at preventing attacks, the potential threat scenarios need to be understood. Some of the possible attacks to embedded systems are listed here below:

  1. Attackers develop a "fake device," a device that looks just like the original, but whose functions have been altered for nefarious purposes, that could be installed, for example, as a replacement part during equipment service.
  2. Attackers develop their own software and run it by replacing the memory card in the embedded system.
  3. Attackers extract the memory card out of the embedded system, manipulate the software and plug the card back into the system.
  4. Attackers modify the software on the embedded system by controlling the communication interfaces from the outside.
  5. Attackers monitor an embedded system, while in use by the application, in order to analyze it and to develop avenues of attack.

Finally, the authors make one more important point. They say that one of the most important tenets of computer security is that it is difficult, unwise, and often financially and/or technically infeasible to retrofit security capability to a system that was not originally designed for it. Therefore, they conclude, the only hope for improving security across the world of embedded systems is to educate the developers, who must learn to think about security issues as much as they already think about functionality, memory footprint, and debugging.

And that's where Wibu-Systems comes in. For 25 years, we have delivered the tools needed by software developers to protect their software against piracy, IP theft, and manipulation.  We continue to incorporate state-of-the-art security technologies into our software protection tools for embedded systems and PC software as well as cloud services and mobile apps.

Download the White Paper: Integrity  Protection for Embedded Systems

The term "Integrity Protection" encompasses security measures, namely protection of system resources, programs and data against unauthorized manipulation, or at least identification and display of such modifications. The challenge consists in guaranteeing data integrity, and, if not possible, bringing the system to a safe mode and stopping the execution of any function. The best integrity protection solutions are based on cryptography and associated security mechanisms, such as digital signatures and message authentication. This 12-page white paper will describe these advanced encryption techniques.

Topics: CodeMeter, software copy protection, Copy Protection, Anti-piracy, embedded security, secure licensing

Software Licensing & Copy Protection – DIY or Buy?

Posted by Terry Gaul on Oct 3, 2013 8:01:00 AM

How do you protect your software gold?I stumbled upon an interesting Internet forum started by someone who posted the following question:

"As an ISV/software publisher, would you produce your own licensing/copy protection solution, or would you buy into a professional solution?"

Even though the discussion was started three years ago, I found the advice given by the participants is still very relevant today. Here a few of the comments I found interesting:

  • In general, time you spend developing and supporting your licensing system can be very steep, and it's non value add - it's taking time away from adding features and doing things your customers really want.
  • If you can fit your needs into an off the shelf system you are likely to be better off in the long run because they've already figured out that file permissions and encryption work differently on Windows XP Home than Windows Server 2008 or in Turkey or whatever. These aren't problems you want to take up your time.
  • There are some very good purchased systems. I'd recommend you seriously examine them before investing significantly in your own system. If you do invest in your own, have it be for a competitive advantage because it is going to occupy a sizable portion of your development budget if you're a small company, at least initially.
  • Your time is better spent making and marketing your product rather than wasting thousands of hours needed to make decent licensing in-house.
  • I would definitely consider using an off-the-shelf licensing product - developing a license scheme is not so easy and you are better off spending that time on developing your actual core product functionality.

And finally, one software developer pointed out that "To really build an unhackable system takes some serious cryptographic and application structure." What's more, hackers continuously find new and more devious ways to unravel your software, and if copy protection is not your core business, it would be extremely difficult to gain the expertise needed to truly protect your software.

This is where companies like Wibu-Systems come in to play. Software protection and license management is our passion and we've been at it for more than 25 years. In fact, it's all we do. We are on our fifth generation of CodeMeter, our secure software licensing and copy protection platform, that is used by leading software vendors around the world.

Webinar: Hackers Reverse Engineering Uncovered

Join Wibu for Hackers Reverse Engineering UncoveredAnd on Wednesday, October 9, 2013, at 10 a.m. EDT, we'll demonstrate best practices in software protection during a two-hour webinar, entitled Hackers Reverse Engineering Uncovered.  If you are an Independent Software Vendor or Embedded System Manufacturer, you know how important it is to protect your intellectual property and business assets. We'll discuss how you can outsmart the hackers and protect your software from unauthorized license duplication, code manipulation, and reverse engineering. Here are a few of the technical details we'll cover:

  • Software protection API calls in .NET
  • Usage of Authenticode signatures
  • Obfuscation techniques
  • Code encryption
  • Performance vs. paranoia: how to fine-tune your application
  • Integration of features-on-demand
  • Examples of traps to lock the license

I hope you can join us.

Register now!

Topics: CodeMeter, License Management, Copy Protection

5 Reasons to Choose Software Copy Protection Dongles

Posted by John Poulson on Jan 29, 2013 9:55:00 AM

Dongles – The Historical “Bad Rap”

The WibuBox parallel port copy protection dongleWhen describing software protection dongles in a 2007 article appearing in PC Magazine, John C. Dvorak, a well-respected (but self-described curmudgeon) and award winning columnist said, “The dongle was a mostly failed copy-protection device that came into existence in the 1980s. It was also a point of controversy…”

The controversy mentioned by Mr. Dvorak boiled down to (1) The rights of software publishers to get paid for their efforts and (2) the rights of users to use the software they legally purchased without the inconvenience associated with plugging in a hardware dongle.

Activation Codes – The Compromise

In an effort to address the concerns of their users, software publishers rolled out a scheme of utilizing activation codes which bind a license to a PC. When companies like Microsoft and Adobe began requiring users to activate licenses, the practice became almost universal for software costing as little as $50.  In essence activation codes turn the whole PC into a “dongle”.

Dongles in the Twenty-first Century

It has been over five years since Mr. Dvorak’s comment. But more tellingly, it has been over twenty-five years since the first parallel port dongle appeared on a PC protecting the first CAD/CAM programs written for DOS.

Worldwide dongle sales have increased year over year since the late 1980s and any computer technology that has been around that long must have merit. And such software copy protection technology should be seriously investigated by any software publisher tasked with protecting Intellectual Property, controlling software usage via licensing, and preventing profit erosion due to wide-spread illegal use of software titles. If you are tired of seeing “free” versions of your products posted on bit-torrent sites; read on.

Why End-Users Prefer Dongles

The CodeMeter/C. All the benefits of CodeMeter and in a tiny package.Considering all the technologies that have come and gone in the last twenty-five years, it’s remarkable that dongles are not only still with us but are still undergoing improvement in both function and design. There are some things that an end user can do with a dongle that cannot be done with an activation code. In a recent survey of users who had software installed protected with a dongle, the following were the top five reasons they preferred this method of license enforcement over activation codes.

  • License Portability – The license is on the dongle and is easily moved from one system to another.
  • License Recovery – The end user can self-restore a license to an existing or replacement dongle.
  • License Borrowing – Licenses can be lent out (to travelling engineers and salespeople, for example)
  • License Redundancy – Important in “Mission Critical” applications (Ex:  Hot and Cold Stand-by licenses)
  • License Security – Conscientious companies do not want employees or others using software illegally.

Software Activation via activation codes can offer end-users the ability to recover licenses. This usually involves communicating with the software developer and convincing them that you need to move your legally purchased software to your new PC. This can be time consuming and problematic, especially if the activation code is protecting a 25 user license on a server where the hard drive just failed.

Dongles v Activations – Why not have both?

The CodeMeter License Platform from Wibu-Systems offers an ISV the option to seamlessly protect a product with a dongle and/or activation code. Either method has its pro and cons. We leave it up to you, your sales team and your customers to choose which method is best.

john poulsonJohn Poulson has worked in the software protection industry since 1988 and has been with Wibu-Systems since 2000. He is an expert in license authentication best practices and deep powder skiing.

Topics: CodeMeter, software copy protection, Copy Protection, dongles, software activation

Secure Software Licensing Part 2

Posted by John Browne on Aug 1, 2012 4:46:00 AM

In the last blog post, we talked about what is meant by "secure" in the phrase "secure software licensing." But what exactly do we mean by "software?"software

At first blush I think most of us think of "software" as a desktop application like Photoshop or perhaps an OS like Windows. And frankly this is the bulk of what we see people needing advanced secure software licensing for. But wait, as they say, there's more:

  • Executables: Anything in the PEF (portable executable file format) can be protected against license abuse or copying. 
  • DLLs: dynamic-link libraries (DLLs) and shared libraries on MacOS and Linux can be used to store a significant amount of protectable code. 
  • Data files: files associated with particular applications may need to be protected as well. For example, PDF files (used by Adobe Acrobat) are a popular format for distrubuting electronic documents, some of which can contain sensitive information. You might want to secure the availability of these to certain people or certain time frames. Additionally, if your application uses a database of proprietary data (perhaps industry benchmarks you have painstakingly collected over the years) you might want to prevent unauthorized access or copying of that data.
  • Media files: Both music and video have multiple DRM systems in place for commercial distribution. But what if you want to stream video from your website but limit its distribution to a set of license rules? This can be difficult without a secure software licensing system. 
  • Website access: As more and more applications move into the cloud, or are presented as Software as a Service (SaaS) like salesforce.com, access control and authentication become more and more important. Current systems like named users with passwords are ripe for abuse (sharing credentials among multiple users). 
In the next article I'll dig into the term "software licensing" to discuss what is arguably the most interesting part of this concept.

Topics: License Management, Copy Protection, Anti-piracy, software piracy

Secure Software Licensing

Posted by John Browne on Jul 31, 2012 9:39:00 AM

We talk a lot about copy protection in this space but what I want to focus on today is what is meant by the phrase "secure software licensing." Let's unpack the term and look at each component separately:

Secure

The sina qua non of all this is security. If your software isn't secure nothing else that follows matters. By "secure" we're talking about preventing a host of bad things you don't want to happen:

  • License piracy: your customers bought a certain right or entitlement to use your software. That entitlement needs to be secured in such a way that the customers can't accidentally or even deliberately use more copies than they have purchased. Addditionally, you need to be able to ensure that non-customers cannot use your software until they have a license (i.e., become a customer).
Locked briefcase
  • Code cracking: Modifying the executable code to circumvent or disable any license verification is pretty common these days, particularly for very popular applications. You can find these cracked versions on the usual Internet sites. But increasingly even niche-market B2B software is being cracked, particularly for use in the developing world. 
  • Reverse Engineering: Reverse engineering of the original IBM PC BIOS led to a slate of instant clones competing with IBM for the same market space. Reverse engineering of software is not illegal in the USA, since it's considered fair use under the copyright laws. Protecting your software against this is critical.
  • IP Theft: You're in the software business, and in software your most important assets are your IP--some of which probably exists as algorithms in your code base. Do you want your competitors to see how you solve tough problems and use that to their advantage? Of course not. 
  • Code Tampering: How do you know that the binary you have is the binary that was created originally? How can your users know? In some applications, this may be the most important question of all. For example, if you're selling applications to the military or healthcare industry, being able to assure them the there are robust internal safeguards against the code having been modified before they execute it can be vital.
  • Malicious attacks: similar to code tampering, but in this case you want to ensure that no malware payload has been inserted at any time. Further, you want to know that the code can't be modified on the user's machine. 
These are some of the more common areas for concern in secure software licensing. In the next blog post, I discuss the next part of this expression: "software."

Topics: Code Integrity, CodeMeter, License Management, Copy Protection, Anti-piracy