Illegal software distribution is not always limited to end user piracy. Software is often distributed through a chain of partners and dealers. It is not always possible to arrange prompt delivery of licenses without making license generation functionality available to partners. This creates opportunities for fraud by unscrupulous dealers.
Even when partners can be fully trusted, however, there is a need to collect reports and sales statistics using reliable technical methods. The following example might interest developers of apps intended for smartphones and other mobile devices. Suppose you are preparing to sell software products for mobile devices. This involves delivering products to OEM partners that replicate the applications via “untrusted” workstations.
How can developers protect themselves against unscrupulous partners? One way is to issue serial numbers for each copy of the application and monitor the issuance of licenses centrally. In this case, the developer may want to be sure that the same serial number is not issued to several users at once. When hardware protection keys cannot be used, one can implement a highly flexible and reliable mechanism providing protection against virtually all threats. A possible protection scenario is described below.
The developer creates an application that installs a certain software product on mobile devices. The application “binds” the software product to the hardware parameters of the mobile device and keeps a log of installations inside the non-volatile memory of the dongle. Each copy of the software product is made unique using the features of a dongle — hardware algorithm (encryption and digital signature) and transfer of a portion of the distro initialization code to the dongle (available for all modifications of Guardant Code). The OEM partner receives the application along with a dongle with a programmed usage period and number of application copies.
This kind of technical protection eliminates multiple problems at once. If several workstations are being used for replication, as many “fiscal” dongles as there are workstations are issued. If a partner is not too reliable, dongles can be issued with a short life span in addition to requiring the partner to pay fees in advance.
This protection mechanism is suitable for many other scenarios:
- Installation of software on machines and industrial equipment;
- Loading of applets to smart cards;
- Replication of any software distributed through removable drives;
- Installation of software by service companies on computers of end users (database updates in the manner prescribed by law, and the like).
Dongles with a real time clock make it possible to configure these “fiscal registers” to work for a certain period of time as a way to control partners based on calendar time (for example, the ability to install software products expires at the end of a quarter).