Dongle Software Protection

Question

1.92/5 (3 votes)

See more:

I'm new to this forum and want to ask if someone can help me explaining how the usb dongle hardware exactly works and protects a software? How much we can trust that hardware?

Posted 27-May-12 22:55pm

Festi19

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sandeep Mewara · Accepted Answer · 2012-05-27T23:31:00

Solution 1

Here: http://en.wikipedia.org/wiki/Software_protection_dongle[^]

Posted 27-May-12 23:31pm

Sandeep Mewara

Comments

Maciej Los 28-May-12 18:18pm

Succinct and to the point! My 5!

Sandeep Mewara 29-May-12 1:15am

Thanks losmac.

BillW33 29-May-12 9:42am

Good answer, +5

Sandeep Mewara 29-May-12 10:41am

Thanks.

Stefan_Lang 1-Oct-12 11:47am

Good link, but too general. I followed that particular link recently when looking for a dongle solution, but didn't find it to be very helpful for me as a developer.

I've shared my own experience in a separate solution.

Stefan_Lang · Accepted Answer · 2012-10-01T05:42:00

A common misconception is that USB dongles can simply be read via the file system, but that is not the case. These dongles come with specific libraries that allow reading and (restricted) writing access, and all these operations only work in conjunction with some key, so the library alone doesn't help.

I recently integrated dongle protection with our application and can say while it may take longer than the advertisements indicate, it isn't all that hard.

The dongle we use has several keys:
- one encodes our company, and that is useful to store licenses from applications of different companies on one dongle.
- three more are used for validation of the key, read access, and write access. If one key gets hacked, the dongle as a whole still won't be compromised.
- There is also a unique ID for each dongle itself, allowing us to easily identify a particular license.
- There's also a 'Remote Update Encrypt Key' and a User PIN, but we're not using them (yet)

There's even more, such as an independent cell for storing an expiration date, and a method to ensure there was no tampering with the system date-time.

Intercepting the access functions and interpreting the keys isn't easy since all commands get encrypted and contain additional dummy arguments with random values. Also, there really is only one function - the individual operations get encoded via the argument list. So someone watching calls will only ever see one function being called with random arguments and no apparent pattern.

It certainly isn't failsafe. There is no such system. But it sure is lot more difficult to hack. And it's more comfortable for a user who wishes to use the same software license on different machines.

Judging by the data sheets of different companies I've checked there isn't a lot of difference in functionality, only in diffculty to integrate, and pricing.