More and more software-driven machines, systems and devices are increasingly exposed to the risk of product piracy and know-how theft. The VDMA's latest "Product Piracy Study 2018" reveals that 71% of machinery and plant manufacturers in Germany are affected by product or brand piracy. The estimated damage amounts to around 7.3 billion euros per year.

The technical-preventive protection CodeMeter from Wibu-Systems offers automation engineers, designers and developers all protection measures and more. CodeMeter uses encryption and digital signatures to provide protection against copying and reverse engineering, licensing, tampering and cyber-attacks. The software is encrypted and remains protected from the eyes of plagiarists. Reverse engineering, i.e. the extraction of valuable processes and algorithms, for example by decompiling, is not possible with encrypted program code. This prevents the reproduction of entire machines or devices, as the necessary knowledge is lacking. The appropriate protection tools are available for the software in microcontrollers, embedded systems and control systems for machines, systems and devices, as well as in standard PCs. This also applies to data and documents such as service documentation. In addition, manufacturers can use licensing to measure and bill the use of their devices securely and flexibly, but also sell further upgrades and thus generate additional revenue.

How the technology works

To protect the know-how in the software, the executable application is encrypted before delivery. The software as a whole or just individual functions can be individually encrypted. All users then receive the same protected software with full functionality. However, each customer receives an individual authorization or license with the necessary keys at the time of purchase, which defines exactly which functions the user can use and according to which model this is billed. It can be a one-off sale that entitles the user to unlimited use, or a pay-per-use model in which the use of individual functions is measured and billed. Subscription models with regular renewals are also possible, as are time-based licenses.

CodeMeter License Central generates, delivers and manages licenses for protected software. © Wibu-Systems

The keys and license parameters required for decryption are securely stored in the CmDongle protection hardware or a CmActLicense activation file, which is linked to the hardware properties of the target system. The CmDongles are available for industrial use in various designs for interfaces such as USB, SD, microSD, CFast, CF or as a chip in a small VQFN housing, whereby each protection hardware contains a SmartCard chip with modern cryptography. Thanks to the various standard interfaces and industrial properties such as extended temperature and humidity range, increased EMC resistance and mechanical robustness, machines, systems and devices can be easily retrofitted. This is important because, for example, machines are often in use for 15 years or more, but protective mechanisms often have to be adapted to the state of the art.

Modern and secure encryption methods such as symmetric encryption AES (Advanced Encryption Standard) and asymmetric encryption ECC (Elliptic Curve Cryptography) or RSA ensure a high level of security with CodeMeter. The CodeMeter protection methods are published so that experts can see for themselves which protection goals are achieved. The "Blurry Box" software protection method, developed by Wibu-Systems, KIT and FZI, won first place in the most highly endowed German IT security prize awarded by the Horst Goertz Foundation at Ruhr University Bochum and was not broken by over 300 participants in a public competition in 2017. CodeMeter uses certificates and digital signatures to prevent tampering. The digital code signatures are verified with the public key before and during runtime so that modified or manipulated code can be reliably detected and only code from authorized issuers is executed.

Licensing integrated into business processes

CodeMeter License Central facilitates the creation, management and delivery of authorizations or licenses and supports product management in modeling the products. Orders are created as usual from the leading ERP or CRM system, which automatically triggers the creation of the associated licenses via an interface on the license management system. If users subsequently activate device functions in app store-like portals on the Internet, additional revenue can be generated for the device manufacturer - i.e. through the sale of additional functions, fee-based upgrades, but also time- or quantity-controlled use. This is known as software monetization. The existing CmDongle or CmActLicense protection is used for this purpose by adding the corresponding parameters for additional authorizations or licenses. The more secure, better and more versatile the licensing options are, the more business opportunities arise for the manufacturer. Software monetization will only be efficiently usable, accepted and successful if the logistics for licensing and logistics are transparently integrated into the processes of the manufacturer and the user.