Wibu-Systems Blog

Software licensing: it's all about flexibility and security

Posted by Terry Gaul on Dec 14, 2015 11:23:11 AM

Licensing-Blog_Post-USA.jpg

IDC recently released their annual top 10 software licensing and pricing predictions for 2016 and I think they are right on target based upon feedback from organizations who are using our CodeMeter secure licensing platform.  I believe a few of the predictions will have an immediate impact on software developers:

  • Software subscription revenues will continue its rapid growth trajectory
  • Software license complexity will indirectly cost organizations an average of 25% of their software license budgets in 2016
  • At least three software vendors will announce in 2016 the intent to end all perpetual licensing

There are many more details outlined in the report, but the bottom line for me was that the licensing environment is rapidly evolving and software publishers, now more than ever, need to have the flexibility to roll out new licensing models to meet their customer’s needs as well as achieving their own software monetization goals. Let’s take a brief look at some of the license models that are currently in play, ranging from single user/network licenses to modern consumption and user-based models:

  • Single user license: the license is stored on a local PC or dongle plugged into the local PC.
  • Single user license in a virtual machine: the license is bound to a virtual machine and when the virtual machine is copied, the license becomes invalid.
  • Network license: the license is stored on a license server in the network.
  • Feature-on-Demand license: individual licenses are used to activate specific product features and modules.
  • Perpetual license: the license never expires.
  • Demo/Trial license: the user can only access specified features for a limited time.
  • Rental, Leasing, Subscription License: the developer specifies how long the licensee is valid.
  • Pay-per-Use license: billing is based on the number of units used.
  • License with software assurance: a perpetual license with a maintenance agreement that includes automatic updates.
  • License with downgrade-right: the license provides the right to optionally use older versions of the program.
  • License with upgrade-right: the license covers the right to optionally use a newer version of a program.
  • Grace period license: software can used for a limited time without activation.
  • Volume licensing: the customer is sent a large number of licenses to cover the required number of seats.

This is just a short list of licensing options (read an expanded list of licensing options here) which could possibly double in size by next year. Whether you are using your own, home grown licensing solution or you’ve outsourced to licensing professionals, it is imperative that you have the flexibility to adjust your model as the market dictates.

 Finally, let’s go back to the IDC report. One surprising note was that there was no mention of license security. No doubt, secure software licensing is at the forefront of the discussion, particularly in the rapidly growing IoT sector. We’ve covered IoT security in this blog frequently and will continue to post more thoughts in the coming months as the market emerges.

Topics: License Management, CodeMeter, secure licensing, software licensing

How Much is Your IP Worth?

Posted by Terry Gaul on Oct 28, 2015 5:18:17 AM

Erfolgsgeschichte_Belsim_EN

The intellectual property gained during the development of an ISV’s flagship software product most likely represents an investment in hundreds and hundreds of man hours. 

The majority of that time is spent on developing features and functionality, refining, and testing to assure that the final product addresses the needs of the customers in the most effective way possible – that’s the core strength of the software engineers. The business end of the development process is in software monetization – implementing creative licensing strategies and protection against piracy to assure that the company achieves the maximum revenue it deserves. However, that capability may not be the core strength of the software engineer and the reason why many ISVs are looking for help from licensing and security specialists to protect their IP investment and monetize their software.

For example, consider the case of Belsim, a spin-off company of University of Liège in Belgium. Belsim’s VALI-suite is the leading worldwide solution for Data Validation and Reconciliation (DVR) software. The VALI-suite is the result of many years of R&D and it represents the centerpiece of Belsim’s intellectual property.

According to Christophe Pirnay, Belsim’s Development Manager, "When we decided to develop VALI’s newest version in Microsoft .NET, it was clear that we also needed a partner to support the solution’s license management and to protect it against software piracy."

"We never really knew if our software was copied or used illegally", says Christophe. "We were a bit suspicious at times, but we never were sure if it was really happening. In those days, we were handling license management and software protection ourselves," he added.

Belsim recognized that license management and software protection were not part of their core business and they began to search for a security partner. Their search steered them toward Wibu-Systems’ CodeMeter software protection, licensing and security solution. CodeMeter protects VALI against unauthorized use, but also against anyone who tries to take a peek at the code. This way, CodeMeter also keeps Belsim’s competitors at a safe distance, as well as others who might try to build their own solution based on Belsim’s code.

In this case, with the help of CodeMeter, Belsim can fully concentrate on its core business – the development and implementation of software – while CodeMeter guarantees the protection that is needed at the heart of their solution.

download Belsim case studyRead the full case study and see how CodeMeter protects Belsim’s invaluable intellectual property.

Topics: CodeMeter, secure licensing, Anti-piracy, Copy Protection

Anti-Piracy, Flexible Licensing and software monetization

Posted by Terry Gaul on Sep 17, 2015 11:03:39 AM

We’ve all seen the disturbing software piracy statistics released by BSA | The Software Alliance in their Global Software Survey:

  • 43 percent of the software installed on personal computers globally in 2013 was not properly licensed
  • The global rate at which PC software was installed without proper licensing rose from 42 percent in 2011 to 43 percent in 2013 as emerging economies where unlicensed software use is most prevalent continued to account for a growing majority of all PCs in service.
  • The commercial value of unlicensed PC software installations totaled $62.7 billion globally in 2013.

These trends are sure to put a dent into any ISVs bottom line. In their blueprint for reducing software piracy, the BSA points to increased public education and awareness, modernization of IP laws, and stepped-up enforcement with dedicated resources as important steps towards thwarting piracy.

Of course, a more immediate approach to preventing piracy is to integrate copy protection directly into the application with a robust software protection solution like Wibu-Systems’ CodeMeter. It takes just minutes to protect software from illegal copying, reverse engineering or tampering without having to change a single line of source code.

In addition to preventing software piracy and hacking, a sound monetization strategy will serve to maximize ISV revenues as well. With secure, flexible licensing capabilities, ISVs and device manufacturers can effectively implement creative licensing strategies to meet the dynamic market requirements of their end users. The days of the perpetual software license are long gone and ISVs need the ability to introduce various pricing schemes based on pay-per-function, pay-per-use, subscription, or other possible licensing options. A representative example of a flexible licensing system is CodeMeter License Central, which enables ISVs to create, manage and distribute all types of licenses in a secure, straightforward manner.

Industry analyst firm, Frost and Sullivan, concluded in a white paper that “customers experience best long-term value in terms of both top-line revenue realization bottom-line costs and efficiency when license management solutions inherently provide comprehensive functionality and robust security.”

Download Frost and Sullivan Whitepaper

I invite you to download the full whitepaper, entitled Best Practices in Software Monetization: A Customer-Centric View of Secure License Management. The White Paper sheds light on various aspects of successful software monetization strategies, ranging from business-enabling licensing architectures to resilience against hacking. The document demonstrates how changing times demand that ISVs implement customer-centric business models and customer-friendly enforcement in order to increase their top line software revenues while controlling bottom line costs.

   

Topics: License Management, software protection, CodeMeter, secure licensing, software piracy, CodeMeter License Central

Monetizing IoT Devices

Posted by Terry Gaul on Jul 31, 2015 7:59:31 AM

Aside from the widespread attention and hype surrounding the prolific growth expectations of the Internet of WP-integrityprotection-cov_Things (IoT), industry focus has been on potential (IoT) device vulnerabilities and cybersecurity. The recent well publicized cyberattack demonstration on an automobile adds more fuel to the fire. However, industry analyst firm Gartner adds another interesting topic to the IoT discussion. They point out that with software at the core of embedded systems, manufacturers of IoT devices will soon be consumed with understanding the importance of software monetization.

In a recent news release, Laurie Wurster, research director at Gartner, said: "By monetizing the software on their devices, these (IoT) vendors will be able to increase and drive recurring revenue streams, creating billions of dollars of additional value. For example, with an estimated 25-plus billion 'things' in the marketplace, and if manufacturers are able to collect an average of $5 for software from each of these installed units, that translates to additional revenue estimated at $130 billion."

While software monetization strategies were an ongoing focus for successful ISVs of conventional PC applications for the past decade or more, it is a novel concept for this new breed of embedded system manufacturers. But once they have a full understanding of the financial benefits of a solid software monetization strategy, these IoT “software vendors” will be heading down the same path to maximize revenues.

What can IoT device manufacturers learn from the past experiences of ISVs about monetizing their IoT devices? I see three key areas of note:

  1. license lifecycle management
  2. software protection for the ISV and security for the user of the IoT device
  3. security implementation

Let’s take a closer look:

License Lifecycle Management

Device manufacturers will need to learn how embedded software can be leveraged to create product differentiation and provide competitive advantages. An agile licensing schema will facilitate software monetization techniques that will enable them to quickly adjust product functionalities, pricing and compliance needs and enable new business models – such as Pay-Per-Use or Features on Demand - to adapt to the ever changing market requirements. A comprehensive license lifecycle management strategy will not only provide a flexible licensing component, but also help to increase revenue growth through operational and logistical cost reductions and efficiency optimization.

Software Protection and Security

Flexible licensing models paint only half of the license lifecycle management picture. The other half relates to the protection and security of the device and the software itself. Without fool-proof protection, it is all too easy for unscrupulous hackers to attack embedded devices by tampering with unprotected software code, disabling insecure license management systems, or extracting proprietary code to reverse engineer and build counterfeit products. ISVs have learned the hard way how this rampant criminal activity adversely affects bottom line revenues. And, this is just as true for IoT device manufacturers. But it’s not all about ISVs. Users of IoT devices also benefit from these security mechanisms.

Security Implementation

Finally, many ISVs learned over the years that licensing and security are complex and not necessarily a core strength of their developers. Some of those ISVs who struggled to build their own licensing systems often overburdened their development resources and took them away from their strength – developing application code. Other ISVs turned to commercial licensing solutions and security experts, and partnered with them. This is an important lesson for IoT device manufacturers as well. I’ve already seen many solutions where the access to a device or the activation of a feature was protected by a simple password. Once hacked over the Internet these features became available to anyone. Cryptographic methods are only one part of the equation; their implementation is as important as the technology itself. With the growing concerns over connected device vulnerabilities and cyberattacks, security is one area that needs to be considered as early as possible in the device development process together with security professionals.

I hope I have conveyed the importance of license lifecycle management. If you would like to learn more about license lifecycle management, I invite you to review our white paper Integrity Protection for more information.

Topics: License Management, secure licensing, software monetization, embedded security, Internet of Things, cybersecurity

Important Considerations in Choosing a 3rd Party Licensing Platform

Posted by Terry Gaul on Mar 26, 2015 5:42:57 AM

If you have decided to integrate a 3rd party licensing solution for your software application, you’ve made the right choice. By doing so, you’ve freed up your developers to do what they do best — write code; you’ve given your marketing team the ability to deliver the software in a manner that is most desirable for the customers in discrete market segments; and, you’ve protected and monetized your software so that you generate the revenues that you deserve from your development and commercialization efforts.CodeMeter License Central

But now the question is which 3rd party solution should you choose? There are several options out there and each solution offers a different approach to licensing. In making your decision, there are several key factors to consider:

Licensing Flexibility — the licensing platform of choice should enable you to create, deliver, activate, update and manage licenses using the business model that’s optimum for your customers without compromise, whether it is single user licenses, network licenses, feature on-demand licenses, demo/trial licenses, pay-per-use licenses, or whatever license model you dream up. This licensing flexibility gives your marketing team the tools they need to define and deliver the product in the optimal manner for each unique market segment and generate the most revenue.

License Security — the licensing platform should provide mechanisms to securely store and deliver licenses, whether it is via a hardware device (Dongle) or PC-bound soft license file. Dongles offer the highest security and portability from PC to PC while soft licenses offer the fastest delivery and activation. Either way, the licensing system should ensure that only authenticated, licensed users can activate and utilize the software.

Easy Integration into Your Business Processes — for ease-of-use and to reduce costs, the licensing solution should integrate seamlessly into your existing ERP, CRM, eCommerce or other business processes using industry standard tools such as SOAP. It should also be capable of accessing your existing databases, such as Oracle, MySQL, and MS-SQL. And, it should have a customer facing portal that can be branded and customized to support your end-users.

License Activation Options — the solution should provide activation options that are best suited for your business model. You should have the flexibility to activate licenses online from within the software application or via an internet web portal; or offline via file transfer from the computer with the software application to another computer with access to the portal.

Hosting Flexibility —the solution should provide you with the option to host your license server on a local web server or host and manage in the cloud of the provider of the licensing system.

Software Monetization — in addition to licensing flexibility, the solution should provide data mining, analytics and reporting capabilities to give you the ability to make sound business decisions and the agility to shift your marketing strategy as market requirements change.

Vendor Reliability — choose a 3rd party licensing partner that you can trust. How long have they been in business? What is their business strategy — are they dedicated to licensing or do they have other interests? Who are their key customers? How good is their support?

At Wibu-Systems, we have focused solely on software protection and secure licensing for more than 25 years and we remain committed to innovation and continuity for the future. Our ongoing mission is to accompany the growth of your business with stability, expertise, and long-term vision. Learn more about CodeMeter License Central, our comprehensive solution that enables you to easily create, manage and distribute your licenses.  I invite you to contact us to discuss your licensing needs, or try our licensing solution with the CodeMeter Evaluation System.

Request a CodeMeter Evaluation System

Topics: License Management, secure licensing, Wibu-Systems news, CodeMeter License Central, software monetization

Considering an Automated License Management System Hosted in the Cloud?

Posted by Terry Gaul on Mar 23, 2015 4:00:00 AM

With today’s cloud or virtual solutions, there are many available license management options to evaluate and even more questions to consider – what about security? Service levels? Architecture? Server location? Support? Cost and fees?

If you are you considering an automated license management system hosted in the cloud, you won't want to miss this upcoming Webinar:

High Availability for License Creation - Technical and Human Factors
March 31, 2015
12:00 pm - 1 pm EDT
RegisterCmLicenseCentral_120

Wibu-Systems Support and Cloud Consulting Experts will review the key factors involved in selecting a reliable hosted license management platform and present several options available for hosting CodeMeter License Central with our Wibu Operating Services (WOPS), from the cost-effective Datacenter Edition to high performance and high availability services.

During this one-hour event we will present:

  • Overview of available license management packages
    • Datacenter Edition
    • Dedicated Server
    • High Performance Edition
    • High Availability Package
  • Security requirements:
    • DMZ and security area in the Wibu-Systems datacenter
    • Security monitoring
    • Available access options and access protection measures
  • Hosting or operation, what is the difference?
    • Hardware components and overall infrastructure
    • System updates
    • Application updates
    • Application maintenance
    • Availability monitoring
  • Service Levels
    • Basic availability

Let us help you pick the optimum solution and protect your business profitability.

Webinar

High Availability for License Creation - Technical and Human Factors
March 31, 2015
12:00 pm – 1 pm EDT

Register for the Webinar

Topics: License Management, CodeMeter, secure licensing, Virtualization, Cloud License Management

Addressing Secure, Flexible Software Licensing in a Complex Environment

Posted by Terry Gaul on Feb 17, 2015 11:05:48 AM

WireFrame_Head_515

ISVs today must address many questions in your product development and delivery strategies as the software licensing landscape has become increasingly complex. Let’s take a look at some of these questions you face:

  • Should the product be sold as one unit or should several variants be created, each with different features?
  • Is the license perpetual or should it be sold in time-limited subscriptions or usage-based units?
  • Should limited trial licenses be made available?
  • Is the license bound to a specific PC or can it float in my customer’s LAN?
  • Which system platforms should be supported?
  • Is the license safe on virtual machines?
  • What about cloud or mobile apps in the future?

Because of these increasing complexities, many ISVs are turning to 3rd party licensing security experts for help in developing a secure licensing strategy that meets their needs not only for today but also provides the flexibility to enable them to adapt their product to meet new customer requirements as they evolve in the future.

For example, take a look at one of our customers, Faceware Technologies, Inc. Faceware is the pioneer in video-based facial animation. Their hardware and software represent complete solutions for the interactive entertainment, film, video game, television, and commercial markets. Their products were used to deliver exceptional facial recognition in Forbes list of top ten grossing games in 2014.

They turned to our CodeMeter secure licensing and protection platform for several reasons. First, they wanted to protect their revenues by eliminating counterfeit copies from hitting the market and protect their intellectual property from reverse engineering. They knew that CodeMeter protected software had never been compromised in global hacker’s contests.

They also were looking to introduce new business models that would enable trial licensing and pay for time and features. This licensing flexibility enabled them to introduce a “lite” version of their product which allowed them sell their software to independent filmmakers and smaller studios that typically couldn’t afford the high end, fully featured version. And with confidence in security, they were able to launch into new markets, including Russian and China, where they previously had concerns.

One of the key takeaways from their success story is that with a robust, flexible and secure licensing and protection platform like CodeMeter, they could focus on what they do best – create award winning products that could reach more markets.

If you would like to read the details about how CodeMeter helped Faceware to achieve their security and licensing goals, please download the case study. And, if you would like to try CodeMeter, just request a fully functional evaluation system.

Success-story-CTA

Topics: License Management, CodeMeter, software copy protection, secure licensing, software licensing, Copy Protection, software monetization

Secure Your Licensing in Virtual Environments

Posted by Terry Gaul on Jan 23, 2015 4:00:00 AM

During the early 2000's, there was much skepticism about the value and viabilitDownload CodeMeter in Virtual Environments White Papery of virtualization. Today, however, there is no doubt that companies have embraced the efficiencies and expansion capabilities afforded by multiplying resources of a single machine across several different virtual machines. The cost effectiveness and increase in availability, performance and utilization of IT resources are all contributing factors to the success of virtualization, whether applied to desktops, data centers or applications.

While end users are reaping the economic benefits of virtualization, it has been challenging for ISVs to create flexible licensing schemes that are better suited for the virtual environment, are easy to manage on the end user side, and are protected against misuse of the license. Just think about the many ways software licenses can be misused when operating simultaneously on virtual machines and terminal servers. Take for example licensing threats within a virtual machine environment:

For dongle users:

  • Illicit use of a single license by using one dongle for several guest systems.

 For software based licenses:

  • Resetting time-limited or pay-per-use licenses by using a copy or snapshot.
  • Duplicating machine-bound licenses by cloning the allocated machine in its entirety.

And, consider these potential licensing threats on terminal servers:

  • Illicit use of a single license in multiple simultaneous sessions on the terminal server.
  • Use of a single-user license as a floating network license.

To help you identify and address these licensing complexities and security threats, we’ve developed a new white paper entitled CodeMeter in Virtual Environments: Make Your Software License Management More Agile.

This white paper illustrates the potential threats in various licensing scenarios and reviews how the CodeMeter secure licensing platform protects against each one of them. With CodeMeter, you can protect your software against any license abuse. No matter if your customers are using real or virtual systems, or a combination of both, you will have an accurate count of your licenses, and the interruption of the execution of the software if an attack is detected. CodeMeter provides the versatile licensing platform and mitigates the evolving security threats in a straightforward fashion.

Download the whitepaper.

Online Virtualization WP Flipping Book            Download Virtualization WP PDF

Topics: License Management, CodeMeter, secure licensing, software licensing, Virtualization

Removing the Complexity from Software Licensing and Activation

Posted by Terry Gaul on Mar 5, 2014 1:05:00 PM

The growing demand by consumers for flexible, scalable, and adaptable license management solutions challenges independent software vendors (ISV) to keep pace.

LicenseCentral customisation Website Colored 01According to International Data Corporation (IDC) Research Vice President, Amy Konary, as she noted in a TechNet Blog post, "customers are also calling for increased flexibility in software licensing — concurrent licensing, pay-per-use models, and licensing approaches that allow customers to take advantage of the benefits of virtualization — while at the same time that they are calling for increased simplicity."

However, the increasingly diverse licensing schemes ISVs require to meet the new software business models, like SaaS and PaaS, threaten to add unwanted complexity. For example, instead of just activating and binding a license to a PC or connecting a dongle, you now have to concern yourself with other details, such as preventing shared passwords by identifying the user logging in to an application in the Cloud, and measuring usage statistics for billing purposes.

Wibu-Systems is focused on providing ISVs with reliable licensing tools that can be integrated into your existing business processes and provide the flexibility needed to adapt to rapidly changing customer requirements. Our License Central system is the cornerstone of our CodeMeter software licensing and copy protection system. Flexibility in license activation is also an important component of a successful software delivery strategy. CodeMeter License Central enables activation of both software-based and dongle-based licenses directly via the internet or offline via file transfer.

We recently hosted a one-hour webinar, entitled A Masterful Customization of your License Activation Process, and invite you to watch a recorded replay of the webinar on our website. While viewing this webinar, you will learn how to use License Central to:

  • Easily implement an online license activation system using an Activation Wizard integrated into your application
  • Opt for an online license activation system using the CodeMeter WebDepot portal
  • Employ a hybrid solution that combines online and offline license activation, while still using WebDepot

Additionally, you will see demonstrations on how to:

  • Customize License Central to meet your business demands
  • Adapt the WebDepot GUI to the look and feel of your brand
  • Incorporate the end-users license lists and available Trial Licenses within WebDepot

Given the importance of your licensing strategy, I encourage you to watch the webinar and see the benefits of using a fully featured, highly scalable, Web-service based license management system.

Topics: License Management, CodeMeter License Central, software licensing, secure licensing, license tracking, network licensing

Integrity Protection for Embedded Systems

Posted by Terry Gaul on Oct 21, 2013 9:51:00 AM

In their book, Embedded Systems Security, David and Michael Kleidermacher point out some all-to-real scenarios about the consequences of malicious threats to embedded systems.

Consider that for every PC in the world, there are hundreds of embedded systems, interconnected over various communication channels, like WiFi, Bluetooth and RFID. And nothing has become more computerized faster than the modern automobile. Computers, in the form of self-contained embedded systems, have been integrated into virtually every aspect of a car's operation and diagnostics, including throttle control, transmission, brakes speedometer, climate and lighting controls, external lights and entertainment systems.

The authors gave one example of an industrial company that sells bearings that use a magnetic field to suspend a shaft. A Digital Signal Processor performs 15,000 calculations per second to keep operations running smoothly. The bearing controllers have Ethernet connections.  With a coordinated attack on the bearings, plant operations could be brought to a halt.

The authors also discuss the security issues brought on by non-malware bugs. As embedded systems become increasingly ingrained in our lives, any bug that compromises the reliability of a system can become a mission-critical security threat. For example, what would happen if automated jail control doors failed to close? A task that errantly consumes too many resources (like memory) or CPU cycles can prevent other activities from running: the traffic light fails to turn red, the railroad signal remains open, or the ATM’s bill counter fails to stop spewing money. 

The Department of Homeland security notes that our country’s reliance on cyber systems to run everything from power plants to pipelines and hospitals to highways has increased dramatically, and our infrastructure is more physically and digitally interconnected than ever. Yet for all the advantages interconnectivity offers, critical infrastructure is also increasingly vulnerable to attack from an array of cyber threats.

Most embedded systems developers have little training in security and are largely unaware of both the threats and the techniques and technologies needed to make their products secure. In order to develop effective methods aimed at preventing attacks, the potential threat scenarios need to be understood. Some of the possible attacks to embedded systems are listed here below:

  1. Attackers develop a "fake device," a device that looks just like the original, but whose functions have been altered for nefarious purposes, that could be installed, for example, as a replacement part during equipment service.
  2. Attackers develop their own software and run it by replacing the memory card in the embedded system.
  3. Attackers extract the memory card out of the embedded system, manipulate the software and plug the card back into the system.
  4. Attackers modify the software on the embedded system by controlling the communication interfaces from the outside.
  5. Attackers monitor an embedded system, while in use by the application, in order to analyze it and to develop avenues of attack.

Finally, the authors make one more important point. They say that one of the most important tenets of computer security is that it is difficult, unwise, and often financially and/or technically infeasible to retrofit security capability to a system that was not originally designed for it. Therefore, they conclude, the only hope for improving security across the world of embedded systems is to educate the developers, who must learn to think about security issues as much as they already think about functionality, memory footprint, and debugging.

And that's where Wibu-Systems comes in. For 25 years, we have delivered the tools needed by software developers to protect their software against piracy, IP theft, and manipulation.  We continue to incorporate state-of-the-art security technologies into our software protection tools for embedded systems and PC software as well as cloud services and mobile apps.

Download the White Paper: Integrity  Protection for Embedded Systems

The term "Integrity Protection" encompasses security measures, namely protection of system resources, programs and data against unauthorized manipulation, or at least identification and display of such modifications. The challenge consists in guaranteeing data integrity, and, if not possible, bringing the system to a safe mode and stopping the execution of any function. The best integrity protection solutions are based on cryptography and associated security mechanisms, such as digital signatures and message authentication. This 12-page white paper will describe these advanced encryption techniques.

Topics: CodeMeter, software copy protection, Copy Protection, Anti-piracy, embedded security, secure licensing