Activating Licenses on Embedded Devices
Industry 4.0 and the Internet of Things are a vision of all embedded devices being interconnected in the future. In this future reality, the security that our devices ensure is key: when everything is connected with everything else, entirely new forms of threats will arise. Hackers could hijack trains from the safety and comfort of their living rooms or even sabotage the power supply of entire countries. CodeMeter’s® encryption and identity / permission checking mechanisms provide the backbone for the right response.
Apart from security concerns, the ability to unlock features on demand is becoming increasingly sought-after. However, different devices might operate with similar hardware. Their features and price only differ as a result of software settings or additional software modules loaded onto the devices. CodeMeter goes beyond security functions and offers a complete system for software protection and license management. But how would a license reach an embedded device?
A Connected World
The connected world of the future needs no complicated solutions: the manufacturer of the device simply provides a CmContainer alongside it, which can be empty or already equipped with activated licenses. Hardware dongles like the CmDongle are simply hooked up to the device in the form of CF, SD, or uSD cards or USB dongles. Purely software-based solutions have CmActLicenses integrated in the system by means of the CodeMeter API.
To activate a license, the manufacturer creates a ticket in the CodeMeter License Central (coming in the form of a sequence of characters: FGSX-VWNYJ-T74CD-48H5B-7NEEJ) via SAP or a similar ERP system. The relevant licenses are married to the ticket and stored for retrieval in the CodeMeter License Central, which is hosted either by the device manufacturer or by Wibu-Systems. The end user receives his or her ticket by mail or with a physical delivery slip.
Once the end user has received the ticket, he or she enters it on the embedded device as planned by its manufacturer. A remote context file is created by the CmContainer, which includes the serial number of the dongle or a fingerprint of the device in the case of soft licenses. The ticket and the remote context file are transmitted to the CodeMeter License Central.
The CodeMeter License Central checks whether the ticket is still valid and whether it has not been used before. If the answer is positive, a remote update file is created with the waiting licenses. CodeMeter uses cryptographic means to make sure that this remote update file can only be placed in the CmContainer it was meant for. The network sends the remote update file back to the embedded device. Creating and uploading the remote context and update files is done with CodeMeter’s own API functions.
If the CodeMeter License Central is not used, the remote update file can also be created by means of the CodeMeter API or a command line tool. This option is meant in particular for trial and integration scenarios.
The Offline World
The remote context and remote update files can also be transported by offline means. For the purpose, the maker of the embedded device integrates the necessary processes in a PC-based development or support tool, which can be hooked up to the embedded device. The embedded device is prompted to create a remote context file (or this file is created automatically in the background), which is then transferred to the PC. The PC connection means that this route is possible even if the embedded device has no display or entry devices of its own.
The PC tool then contacts the CodeMeter License Central at a later point, even after the connection with the embedded device has been removed. The tool requests the ticket from the end user, before sending the ticket and the remote context file to the CodeMeter License Central and receiving the remote update file in return.
In the next step, the PC is reconnected to the embedded device, with no internet access required anymore. The PC tool transfers the remote update file to the embedded device, either initiating the update itself or relying on the embedded device scanning regularly for updates and launching them automatically in the background.
If an internet connection is available, the remote context file can also be transferred from the embedded device to the PC and sent as a receipt to the CodeMeter License Central.
Offline without Uplink Channel
In certain use cases, the maker of embedded devices prohibits the establishment of uplink connections. In such instances, the remote context file can be simulated in the CodeMeter License Central by way of the serial number, fingerprint, original remote context file, and completed updates. This simplifies the process: The user starts the PC tool, enters the ticket, selects the serial number of the embedded device, and downloads the remote update file. The rest of the process proceeds as described above.
In these cases, the maker of the embedded device cannot ascertain which licenses were actually activated on the device in question. If a fingerprint changes, e.g. because the hardware has changed or a new CmDongle is being used, a new remote context file is required.
Activating a license on embedded devices via CodeMeter uses the same process as online activation on PCs. A ticket is used to authorize the right licenses for retrieval. The ticket is a 25-character code created by the device’s manufacturer. In offline scenarios, a PC can be used as a bridge between the embedded device and CodeMeter License Central. The request is transferred as a Remote Context file, and the license as a Remote Update file.
KEYnote 28 – Edition Fall 2014