Click here to Skip to main content
13,046,176 members (69,515 online)
Rate this:
Please Sign up or sign in to vote.
See more:
I'm new to this forum and want to ask if someone can help me explaining how the usb dongle hardware exactly works and protects a software? How much we can trust that hardware?
Posted 27-May-12 22:55pm
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

losmac 28-May-12 18:18pm
Succinct and to the point! My 5!
Sandeep Mewara 29-May-12 1:15am
Thanks losmac.
CIDev 29-May-12 9:42am
Good answer, +5
Sandeep Mewara 29-May-12 10:41am
Stefan_Lang 1-Oct-12 11:47am
Good link, but too general. I followed that particular link recently when looking for a dongle solution, but didn't find it to be very helpful for me as a developer.

I've shared my own experience in a separate solution.
Rate this: bad
Please Sign up or sign in to vote.

Solution 3

A common misconception is that USB dongles can simply be read via the file system, but that is not the case. These dongles come with specific libraries that allow reading and (restricted) writing access, and all these operations only work in conjunction with some key, so the library alone doesn't help.

I recently integrated dongle protection with our application and can say while it may take longer than the advertisements indicate, it isn't all that hard.

The dongle we use has several keys:
- one encodes our company, and that is useful to store licenses from applications of different companies on one dongle.
- three more are used for validation of the key, read access, and write access. If one key gets hacked, the dongle as a whole still won't be compromised.
- There is also a unique ID for each dongle itself, allowing us to easily identify a particular license.
- There's also a 'Remote Update Encrypt Key' and a User PIN, but we're not using them (yet)

There's even more, such as an independent cell for storing an expiration date, and a method to ensure there was no tampering with the system date-time.

Intercepting the access functions and interpreting the keys isn't easy since all commands get encrypted and contain additional dummy arguments with random values. Also, there really is only one function - the individual operations get encoded via the argument list. So someone watching calls will only ever see one function being called with random arguments and no apparent pattern.

It certainly isn't failsafe. There is no such system. But it sure is lot more difficult to hack. And it's more comfortable for a user who wishes to use the same software license on different machines.

Judging by the data sheets of different companies I've checked there isn't a lot of difference in functionality, only in diffculty to integrate, and pricing.
Sandeep Mewara 1-Oct-12 11:56am
Have my 5 for the answer. :thumbsup:
nv3 1-Oct-12 11:57am
Thanks for sharing that experience. I might be running into the same situation soon and found that experience very interesting.
CPallini 21-Oct-14 7:08am

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170713.1 | Last Updated 21 Oct 2014
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100