Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ VB Linux
I'm new to this forum and want to ask if someone can help me explaining how the usb dongle hardware exactly works and protects a software? How much we can trust that hardware?
Posted 27-May-12 23:55pm
Festi19478
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

  Permalink  
Comments
losmac at 28-May-12 18:18pm
   
Succinct and to the point! My 5!
Sandeep Mewara at 29-May-12 1:15am
   
Thanks losmac.
CIDev at 29-May-12 9:42am
   
Good answer, +5
Sandeep Mewara at 29-May-12 10:41am
   
Thanks.
Stefan_Lang at 1-Oct-12 11:47am
   
Good link, but too general. I followed that particular link recently when looking for a dongle solution, but didn't find it to be very helpful for me as a developer.
 
I've shared my own experience in a separate solution.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

A common misconception is that USB dongles can simply be read via the file system, but that is not the case. These dongles come with specific libraries that allow reading and (restricted) writing access, and all these operations only work in conjunction with some key, so the library alone doesn't help.
 
I recently integrated dongle protection with our application and can say while it may take longer than the advertisements indicate, it isn't all that hard.
 
The dongle we use has several keys:
- one encodes our company, and that is useful to store licenses from applications of different companies on one dongle.
- three more are used for validation of the key, read access, and write access. If one key gets hacked, the dongle as a whole still won't be compromised.
- There is also a unique ID for each dongle itself, allowing us to easily identify a particular license.
- There's also a 'Remote Update Encrypt Key' and a User PIN, but we're not using them (yet)
 
There's even more, such as an independent cell for storing an expiration date, and a method to ensure there was no tampering with the system date-time.
 
Intercepting the access functions and interpreting the keys isn't easy since all commands get encrypted and contain additional dummy arguments with random values. Also, there really is only one function - the individual operations get encoded via the argument list. So someone watching calls will only ever see one function being called with random arguments and no apparent pattern.
 
It certainly isn't failsafe. There is no such system. But it sure is lot more difficult to hack. And it's more comfortable for a user who wishes to use the same software license on different machines.
 
Judging by the data sheets of different companies I've checked there isn't a lot of difference in functionality, only in diffculty to integrate, and pricing.
  Permalink  
Comments
Sandeep Mewara at 1-Oct-12 11:56am
   
Have my 5 for the answer. :thumbsup:
nv3 at 1-Oct-12 11:57am
   
Thanks for sharing that experience. I might be running into the same situation soon and found that experience very interesting.
CPallini at 21-Oct-14 7:08am
   
5.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 587
1 Sergey Alexandrovich Kryukov 519
2 Maciej Los 305
3 BillWoodruff 250
4 Mathew Soji 195
0 OriginalGriff 7,356
1 Sergey Alexandrovich Kryukov 6,777
2 DamithSL 5,461
3 Manas Bhardwaj 4,916
4 Maciej Los 4,475


Advertise | Privacy | Mobile
Web03 | 2.8.1411023.1 | Last Updated 21 Oct 2014
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100