software protection dongle
A dongle is a small hardware device that connects to a computer to authenticate a piece of software. When the dongle is not present, the software runs in a restricted mode or refuses to run. Dongles are used by some proprietary vendors as a form of copy prevention or digital rights management because it is much harder to copy the dongle than to copy the software it authenticates. Vendors of software protection dongles (and dongle-controlled software) often use terms such as hardware key, hardware token, or security device in their written literature. In day-to-day use however, the jargon word "dongle" is much more commonly used.
Dongle
A dongle is a small hardware device that connects to a computer to authenticate an item of software.[1]
Dongle may also refer to something that plugs into a computer and converts a small (often proprietary) port or plug into a larger standard plug. Dongles tend to consist of two connectors that are attached to one another by a length of cable that that hangs (dangle) from a laptop computer. For example:
* A jack wired to a small edge connector on a Type I or II PCMCIA card, typically an 8P8C modular connector for an Ethernet cable or RJ11 jack for a telephone cable. This type of dongle has no copy prevention purpose. PCMCIA card dongles are notoriously fragile and unreliable. They are falling out of favour as more laptops include built-in Ethernet and modem sockets.
* USB adapters, such as for memory cards.
* Other USB devices, primarily flash memory drives, used only for data storage (as opposed to USB Hardware Token Devices).
* The word has also been applied to Bluetooth, Wi-Fi antennas and Infrared transceivers.
* It is also been used to refer to ATI CrossFire Interconnects
Copy protection
Copy protection, also known as copy prevention or copy restriction, is a system for preventing the unauthorized reproduction of copyrighted media like movies, video games and music.
Copy protection for computer software
Copy protection for early home computer software, especially for games, started a long cat-and-mouse struggle between publishers and crackers. These were (and are) programmers who as a hobby would defeat copy protection on software, add their alias to the title screen, and then distribute the cracked product to the network of warez BBSes or Internet sites that specialized in distributing unauthorized copies of software.
Software copy protection schemes for early computers such as the Apple II and Commodore 64 computers were extremely varied and creative because most of the floppy disk reading and writing was controlled by software, not by hardware. The first copy protection was for cassette tapes and consisted of a loader at the beginning of the tape, which read a specially formatted section which followed.
The first protection of floppy disks consisted of changing the address marks, bit slip marks, data marks, or end of data marks for each sector. For example, Apple?s standard sector markings were:
D5 AA 96 for the address mark. That was followed by track, sector, and checksum.
DE AA EB concluded the address header with what are known as bit slip marks.
D5 AA AD was used for the data mark and the end of data mark was another DE AA EB.
Changing any of these marks required changing the software which read the floppy disk, but produced a disk that could not be copied. Some systems used complicated systems that changed the marks by track or even within a track.
By 1980 the first nibble copier, Locksmith, was introduced. These copiers reproduced copy protected floppy disks an entire track at a time, ignoring how the sectors were marked. This was harder to do than it sounds, because Apple disks did not use the index hole to mark the start of a track. Tracks could start anywhere. Nevertheless, Locksmith copied Apple II disks by taking advantage of the sync fields between sectors, which consisted of a long string of FF (hex) bytes between each sector. It found the longest string of FFs, which occurred between the last and first sectors on each track, and began writing the track in the middle of that.
Ironically, Locksmith would not copy itself. The first Locksmith measured the distance between sector 1 of each track. Copy protection engineers quickly figured out what Locksmith was doing and began to use the same technique to defeat it. Locksmith countered by introducing the ability to reproduce track alignment and prevented itself from being copied by embedding a special sequence of nibbles, that if found, would stop the copy process. A graduate student in computer science at the University of South Carolina reverse engineered Locksmith, found the sequence and distributed the information to some of the 7 or 8 people producing copy protection at the time.
For some time, Locksmith continued to defeat virtually all of the copy protection systems in existence. The next advance came from the previously mentioned graduate student?s thesis on software copy protection, which devised a way of replacing Apple?s sync field of FFs, with random appearing patters of bytes. Because the graduate student had frequent copy protection discussions with Apple?s copy protection engineer, Apple developed a copy protection system which made use of this technique.
Of course a competitor of Locksmith, Back It UP, devised several methods for defeating that, and ultimately a method was devised for reading self sync fields directly, regardless of what nibbles they contained.
The back and forth struggle between copy protection engineers and nibble copiers continued until the Apple II became obsolete and was replaced by the IBM PC and its clones.
Floppy disks were replaced by CDs as the preferred method of distribution, and companies like Macrovision and Sony providing copy protection schemes that work by writing data to places on the CD-ROM where a CD-R drive cannot normally write. Such a scheme has been used for the Sony PlayStation and cannot be circumvented easily without the use of a modchip.
For software publishers, a less expensive method of copy protection is to write the software so that it requires some evidence from the user that they have actually purchased the software, usually by asking a question that only a user with a software manual could answer (for example, "What is the 4th word on the 6th line of page 37?"). This approach can be defeated by users who have the patience to copy the manual with a photocopier, and it also suffers from the fact that once crackers circumvent the copy protection on a piece of software, the resulting cracked product is more convenient than the original software, creating a disincentive to buying an original. As a result, user-interactive copy protection of this kind has mostly disappeared.
Other software copy protection techniques include:
* A dongle, a piece of hardware containing an electronic serial number that must be plugged into the computer to run the software. This adds extra cost for the software publisher, so dongles are uncommon for games and are found mostly in expensive high-end software packages. iLok (Copy Protection) and Synchrosoft are two popular dongle protection schemes utilizing a USB "Smart Key". For even stricter anti-piracy requirement, dongle product that supports code porting mechanism is a good choice for software developers.
* Bus encryption and encrypted code for use in Secure cryptoprocessors. This prevents copying and tampering of programs used in high security environments such as ATMs. This hardware solution is based on the fact that unlike music, video, and text that must eventually be revealed to users to be heard, viewed, or read, program instructions are needed only by the cryptoprocessor that decrypts and executes them.
* A registration key, a series of letters and numbers that is asked for when running the program. Many computer games use registration keys. The software will refuse to run if the registration key is not typed in correctly, and multiplayer games will refuse to run if another user is online who has used the same registration key.
* Name & Serial, a name and serial number that is given to the user at the time the software is purchased, and is required to install it.
* Keyfile, which requires the user to have a keyfile in the same directory as the program is installed to run it.
* A phone activation code, which requires the user to call a number and register the product to receive a computer-specific serial number.
* Internet product activation, which requires the user to connect to the Internet and type in a serial number so the software can "call home" and notify the manufacturer who has installed the software and where, and prevent other users from installing the software if they attempt to use the same serial number. Microsoft's Windows Genuine Advantage system is a far-reaching example of this.
* Protection by code morphing or code obfuscation. The Code Morphing is multilevel technology containing hundreds of unique code transformation patterns. In addition this technology includes the special layer that transforms some commands into Virtual Machine commands (like P-Code). Code Obfuscation turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code.
Copy protection methods usually tie the installed software to a specific machine by involving some unique feature of the machine. Some machines have a serial number in ROM, while others do not, and so some other metric, such as the date and time (to the second) of initialisation of the hard disk can be used. On machines with Ethernet cards, the MAC address, which is unique and factory-assigned, is a popular surrogate for a machine serial number; however, this address is programmable on modern cards.
These schemes have all been criticized for causing problems for validly licensed users who upgrade to a new machine, or have to reinstall the software after reinitialising their hard disk. Some Internet product activation products can allow replacement copies to be issued to registered users or multiple copies to the same licensee.
Like all software, copy-protection software sometimes contains bugs, whose effect may be to deny access to validly licensed users. Most copy protection schemes are easy to crack, and the resulting cracked software is perceived as being more valuable than the uncracked version, because users can make additional copies.
In his 1976 Open Letter to Hobbyists, Bill Gates complained that "most of you steal your software." However, Gates initially rejected copy protection and said "It just gets in the way."
There is also the tool of software blacklisting that is used to enhance certain copy protection schemes.
Software protection
Copy protection
smart card
A smart card, chip card, or integrated circuit card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information. This implies that it can receive input which is processed - by way of the ICC applications - and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting.
security token
A security token (or sometimes a hardware token, authentication token or cryptographic token[1]) may be a physical device that an authorized user of computer services is given to aid in authentication. The term may also refer to software tokens.
Hardware tokens are typically small enough to be carried in a pocket or purse and often are designed to attach to the user's keychain. Some may store cryptographic keys, such as a digital signature, or biometric data, such as a fingerprint. Some designs feature tamper resistant packaging, other may include small keypads to allow entry of a PIN.
digital signature
In cryptography, a digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature."
Digital signatures, like written signatures, are used to provide authentication of the associated input, usually called a "message." Messages may be anything, from electronic mail to a contract, or even a message sent in a more complicated cryptographic protocol. Digital signatures are used to create public key infrastructure (PKI) schemes in which a user's public key (whether for public-key encryption, digital signatures, or any other purpose) is tied to a user by a digital identity certificate issued by a certificate authority. PKI schemes attempt to unbreakably bind user information (name, address, phone number, etc.) to a public key, so that public keys can be used as a form of identification.
Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature[1], but not all electronic signatures use digital signatures.[2][3][4][5] In some countries, including the United States, and in the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear their applicability towards cryptographic digital signatures, leaving their legal importance somewhat unspecified.
cryptography
In modern times, cryptography is considered to be a branch of both mathematics and computer science, and is affiliated closely with information theory, computer security, and engineering. Cryptography is used in applications present in technologically advanced societies; examples include the security of ATM cards, computer passwords, and electronic commerce, which all depend on cryptography.
|
