User's Manual

ManualsBrandsEUTRONSEC ManualsElectronicsUSB SMART KEY

5 Protecting a program with SmartKey

To protect a program with SmartKey, you have to implement execution control, i.e. modify the program so that its

execution depends on the presence of a dongle to protect the software.

SmartKey has two methods for implementing protection:

•

Manual protection

by intervening on the sources of the original program and using software drivers

• Automatic protection

by intervening directly on the executable file of the original program

5.1 Manual protection

Manual protection means that the programmer has to intervene on the source of the program to be protected, to add the

functions supplied by Eutronsec. These functions enable interfacing between the program and SmartKey via its drivers

(from now on we shall use the term “Application Programming Interface” or API when referring to the set of all these

functions).

This is the appropriate software protection method, which makes it possible to independently define one's own

protection strategy (how many calls to make in order to verify presence of the dongle, in which points of the program

and when to make them, which actions to take if the dongle is absent, etc.).

Although this method calls for considerable effort by the programmer, if you have the sources of the programs to be

protected, manual protection is the mechanism allowing for maximum flexibility and security.

The atomic functions of API are explained in chapter 9. However, a simplistic use of API is not sufficient to guarantee

that the programs protected with SmartKey reach an adequate level of security. One should also make use of the

protection techniques described in chapter 10, which suggest powerful protection strategies. We strongly advise you to

read chapter 10: even a small, apparently harmless structuring of the code may frustrate all the protection work if it

contains security-critical elements. Here is a simple example: the password must not be saved in non-encrypted form on

the hard disk or must not be transmitted non-encrypted between server and client.

APIs are available Linux, Mac OS X and Windows and have an identical syntax for all three operating systems. This

speeds up and simplifies porting of the code portions for protecting your program from one operating system to another.

5.2 Automatic protection

Automatic protection means the possibility of fully automating the procedure for protecting an executable file without

having to manually intervene on the structure of the original program, thus relieving the programmer from what is

sometimes a difficult job.

The Global Security System (GSS) proprietary technology is used to this end. It implements the automatic protection by

transforming a program so that it cannot operate without the presence of a suitable protection dongle.

By using the supplied GSS software, you don't have to worry either about modifying the program you wish to protect, or

possessing the source: starting from the original file in executable format, a second executable file is generated. It

performs the same functions as the original file, providing the correct SmartKey is inserted in the system.

GSS operates in an extremely sophisticated manner, because it does not just add the call to SmartKey to the program

being protected. It also actually encrypts the original program. The encrypting can be decrypted if the program is

executed in the presence of the correct SmartKey.

When the program treated with GSS is commanded to execute, it immediately decrypts itself automatically. The

program cannot be decrypted without SmartKey. The encrypting operation does no slow down execution of the

protected program.

It is virtually impossible to analyze a file encrypted by GSS, because the software's reverse engineering has no

significance until it is decoded in run-time. All the messages in text format in the original executable file (e.g.

containing the name of the software house, the customer's name, serial number, the value of some constants) are also

transformed into a sequence of indecipherable characters, thus preventing alterations by the utilities that act directly on

the hard-disk sectors.

The automatic protection performed by GSS also makes use of a set of optional mechanisms that make it possible to

solve the specific requirements of every applicative situation, e.g. periodic control of dongle presence.

A detailed description of how to automatically protect a program by using GSS can be found in chapter 8.