Re: Application Security Options--USB Dongle?

Paul Pluzhnikov wrote:

"jaylucasaustin.rr.com" <jaylucas@xxxxxxxxxxxxx> writes:

I was wondering if anyone had any positive experiences with USB dongles
or hardware devices for securing Linux applications.

I do not have any personal experience with dongles, but from previous
discussions of copy-protection on Linux, I have an impression that
this is a loosing battle: with the user in complete control of the
kernel, a skilled adversary will quickly figure out where the license
checks are, and how to disable them.

I am developing on the
2.6 kernel and am looking for a method that allows for my application to
run on a single system at a time, but will have the ability to run on
multiple systems assuming the hw security is in place.

If these systems are network-connected, your best bet is to simply
have the app "phone home" to request the authorization to run.

If they aren't, you could just license each machine (using some
combination of disk model and serial number, memory size, processor
model, network card HW address, etc.) These aren't any more secure
then dongles, but they aren't significantly less secure either,
and are much cheaper :)

Cheers,

Hello Paul,

I agree with your points here. From my research on this topic (mot very
indepth mind you though), these hasp keys are pretty good. But I'm not
implying they are the best. The dongle has an encryption engine built into
the hardware. So, the theory is, your program with send encrypted data to
the dongle. The dongle would decrypt the data and send it back to the app.
The app would then determine if the response (the decrypted data) is
correct and then take the appropriate action. It reminds me of GPG keys
(public being your app and the private key would be the dongle).

I'm not advocating for this company, I just found that this approach makes
sense. I haven't tried it, so I can't really be sure though. But the theory
is sound.

Alvin
.

Relevant Pages

  • Re: Using Dongles with Access
    ... I have experienced dongles from the user end, and also had no issues or ... product WITHOUT the dongle over one with the dongle, ... Using Tom's $8K per seat app, well, maybe we should have stayed in the ... because it behaves like one of those copier keys that tracks how ...
    (comp.databases.ms-access)
  • Re: Looking for information on dongle checks
    ... >I am looking for information on the use of dongle checks. ... Its more up to the App programmer what level of API they want to use ... stashing data on the dongle devices. ...
    (comp.lang.asm.x86)
  • how to crash an app
    ... I am looking for ways to crash a Delphi 7 application to reinforce its copy ... The app is dongle-protected, and I want to crash it when I detect ... that the dongle was removed after the app was launched. ... I do not want to discuss if copy protection is good or bad: ...
    (borland.public.delphi.language.basm)