UniKey User Manual

From SecuTech Wiki
Jump to: navigation, search

Contents

UniKey Manual

Version 8.5

Version 1.0 1.1 1.2 1.3 2.0 2.1 2.2 3.0 4.0 5.0 6.0 7.0 7.1 7.3 8.0 8.1 8.2 8.3 8.4 8.5
Date 2006.1 2006.8 2006.10 2006.12 2007.2 2007.4 2007.8 2008.5 2008.8 2009.3 2010.4 2010.6 2010.8 2010.9 2012.3 2012.4 2016.5 2016.7 2017.4 2018.2

The data and information contained in this document cannot be altered without the express written permission of SecuTech Solution Inc. No part of this document can be reproduced or transmitted for any purpose whatsoever, either by electronic or mechanical means.

The general terms of trade of SecuTech Solution Inc. apply. Diverging agreements must be made in writing.

Copyright SecuTech Solution Inc. All rights reserved.

WINDOWS is a registered trademark of Microsoft Corporation.

The WINDOWS-logo is a registered trademark (TM) of Microsoft Corporation.


Software License

The software and the enclosed documentation are copyright-protected. By installing the software, you agree to the conditions of the licensing agreement.


Licensing Agreement

SecuTech Solution Inc. (SecuTech for short) gives the buyer a simple, exclusive and non-transferable licensing right to use the software on one individual computer or networked computer system (LAN). Copying and any other form of reproduction of the software in full or in part as well as mixing and linking it with others is prohibited. The buyer is authorized to make one single copy of the software as backup. SecuTech reserves the right to change or improve the software without notice or to replace it with a new development. SecuTech is not obliged to inform the buyer of changes, improvements or new developments or to make these available to him. A legally binding promise of certain qualities is not given. SecuTech is not responsible for damage unless it is the result of deliberate action or negligence on the part of SecuTech or its aids and assistants. SecuTech accepts no responsibility for any kind of indirect, accompanying or subsequent damage.


Contact Information

Web: http://www.esecutech.com

Email: sales@esecutech.com

Please Email any comments, suggestions or questions regarding this document or our products to us at: sales@esecutech.com


CE Attestation of Conformity
CE Attestation.png
UniKey is in conformity with the protection requirements of CE Directives 89/336/EEC Amending Directive 92/31/EEC. UniKey satisfies the limits and verifying methods: EN55022/CISPR 22 Class B, EN55024: 1998.




FCC Standard
FCC.png
This device is in conformance with Part 15 of the FCC Rules and Regulation for Information Technology Equipment.
Operation of this product is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.




USB Logo.png
The equipment of UniKey is USB based.




Conformity to ISO 9001:2000
ISO 9001.png
The Quality System of SecuTech Solution Inc., including its implementation, meets the requirements of the standard ISO 9001:2000




ROHS
ROHS.png
All UniKey products are environmentally friendly with ROHS certificates.





About this guide

The UniKey manual is designed to help software publishers protect and license their software using the UniKey system. This manual provides details on how to operate the UniKey system and how it can best serve your protection and licensing requirements. This Manual is divided into these chapters:

Chapter 1 - Introduction

  • What is UniKey
  • Introduction to UniKey product range
  • The benefits of choosing UniKey

Chapter 2 - Protection strategies

  • How to use UniKey
  • Comparison between UniKey products
  • Technical specifications

Chapter 3 - Utilities

  • What tools are needed to use UniKey
  • How to use these tools
  • What these tools can be used for

Chapter 4 - License Modes

  • How UniKey works
  • What license/product is suitable for you
  • Controlling how UniKey works.

Introduction

UniKey Software Development Kit (SDK)

UniKey software protection developer's kit

The UniKey Software Protection Developer's Kit proves to be a powerful tool when implementing protection for all types of software. With this kit you receive a fully functional UniKey Hardware Key, Protection Kit Software CD, a Quick Start guide, a Brochure and a Data Sheet. We recommend that you get started with a UniKey Developer Kit before purchasing a sole UniKey hardware key.


buy UniKey driverless hardware key

UniKey Hardware Key

The UniKey Hardware Key enables you to efficiently protect your software.

protection kit software CD

Protection Kit Software CD

The Protection Kit Software CD contains the facilities and tools you need to apply UniKey protection and licensing.

UniKey quick start guide

Quick Start

The Quick Start is designed to guide you through the set-up and use of a UniKey, within a few minutes. More detailed information about UniKey is available in the SDK. This tutorial lays emphasis on the process of installing UniKey and protecting an application.

Error creating thumbnail: Unable to save thumbnail to destination

Brochure

The Brochure is designed to familiarize you with basic information about UniKey products including the concept of software protection, benefits to customers and UniKey License Models.

UniKey data sheet

Data Sheet

The Data Sheet is designed to give you a clear understanding of UniKey products, such as casing, identification number, dimensions, weight and so on.


Files within the SDK and installation

You do not have to install a driver since UniKey is a driverless dongle.

Installation of UniKey Hardware

Plug the UniKey dongle into one of the USB ports. It will automatically be detected and installed (you will not see the dongle icon).

Installation of UniKey Software

Copy the SDK onto a hard disk, open the SDK and the following files are displayed.

UniKey SDK file system

Introduction to UniKey models

There are five models in the UniKey family for customers to choose from. You can select the model that best fits your budget and protection requirements.

UniKey STD driverless software protection

UniKey STD

If you only require a standard software protection solution, with no network or real-time functions, then UniKey STD is the best choice for your project.

UniKey PRO driverless software protection

UniKey PRO

If your application can work over a LAN, and you need to control a number of concurrent users, then you should select UniKey PRO. The maximum number of concurrent remote clients can be set is 65535.

UniKey Time driverless software protection
The UniKey Time uses a battery that lasts for at least 3 years

UniKey Time

The UniKey Time is specially designed for software vendors who need to control and manage software rental and sales via subscription or maintenance, as it allows for a pay-per-use model. Because of this software vendors can completely control sales and usage by charging end users timely and/or periodically. This function is based on a real-time clock embedded inside the dongle indicating the specific time (hour, minute, and second) and date (day, month, and year). This clock is independent of the computer and thus is tamper resistant, with approximately 3 years of battery life, after which the UniKey Time defaults into a UniKey Pro dongle.

UniKey Drive driverless software protection

UniKey Drive

UniKey Drive is an innovative USB device that allows software vendors to protect, license and deliver their software applications, drivers and data to end users using a single USB key. As the first driverless dongle with mass storage and a smartcard built-in, UniKey Drive provides software vendors with flexibility to choose the level of protection, types of licensing, as well as providing 4 different types of drive emulation: a public, virtual CD-ROM, password protected, and hidden drive.


UniKey Ultra driverless software protection

UniKey Ultra Dual

UniKey Ultra Dual combining the features of UniKey Pro and USB Type-C port is available for protecting software running in a network environment. It is a new product containing all the features of UniKey Pro. A key connected to any machine in the network allows up to 65535 concurrent users. We provide console tools to monitor and manage your software’s users, and manage White\Black lists.The UniKey Ultra Dual is a solution for USB Type-C port for Mac OSX. It is flexible both for normal USB Type-A and USB Type-C, it supports Mac OSX easily. It can be used on MacBook without any converter.

What makes the UniKey system unique

The UniKey dongles you order from SecuTech contain unique information that is specific to your company. This information is used by the UniKey system to differentiate your keys from those belonging to other software vendors.

Driverless

UniKey is the first driverless dongle in the world. There is no need to install anything to get it started, nor do you need to mess around with any source code to activate the protection module.

Dual-port

The UniKey Ultra Dual is the first dual-port dongle in the world. It is flexible for connection to PC with a USB Type-A port, and MacBook with a USB Type-C port.

Unique Hardware ID

Every UniKey device has a globally unique hardware ID (HID for short). The HID is generated and fixed during the manufacturing process and thus cannot be modified. Providing a global identifier for each UniKey dongle, SecuTech Solution Inc. keeps the HID as a tracking number during the production process.

Protection

UniKey offers the highest level of software protection with the Enveloper and APIs to ensure proper safety of your software. You need not worry about problems such as sales models and how to license the protected application. UniKey provides you with the ability to maximize profits by using strong software protection methods over all stages of sale.

Licensing

Defining the sales models and licensing terms is an ongoing process that involves decisions on how the software is sold, licensed and distributed. This process is undertaken by product managers or sales and marketing managers, and does not influence or affect the process of protecting the software. With the UniKey system, product managers are completely independent of your development team. Whenever there is a need for a new license model, they can be defined and implemented without involving your development team. Product managers do not have to depend on the development team each time they need to introduce a new sales model. They can define how the application should be licensed by themselves, since SecuTech offers a range of licensing models according to current technologies and our own experience. Therefore, product managers have greater flexibility and freedom in defining new sales models and the ability to quickly respond to new business requirements.

How does UniKey work?

UniKey protected applications will search for, and communicate with the dongle connected to the USB port.

  • The protected application first determines whether or not the dongle connected to the USB port is the correct one.
  • If the dongle proves to be correct, then the application will respond by showing whether the application or feature is authorized to run.

The authorization is based on the terms of the license for the features of the application. After the dongle has been confirmed, the application(s) will continue to communicate with the dongle to check how many features are allowed or in what way the application(s) can be used and if it is still plugged in.

Example 1: UniKey PRO managing concurrent remote network end users

You can set any number to be the maximum number of concurrent end users. When the application starts and the pre-set number of authorized users reaches 0, the relevant error is displayed. Suppose you set 30 to be the limit, this means that the 31st user will not be able to use the application unless one of the other 30 concurrent users log off.

Example 2: UniKey Time managing expiration dates

The expiration date listed within the keys memory is checked first and then compared to the UniKey Times real-time clock. If the expiration date has passed, then the feature or application will stop working and prompt the user with an error message.


Recommended integration process

It is recommended for new users of UniKey products to conduct a testing phase before purchasing any UniKey dongles.

Try the UniKey SDK

Before making plans on whether a software vendor should use UniKey dongles, it is a good idea to try before you buy. This can be done by taking out an evaluation kit, to help you get a feel of how it works and observe the UniKey's suitability with your project requirements.

Design protection and license schemes

Please test and implement the protection schemes you have created for your customers in a desired environment with a sample group of UniKey dongles. This is to ensure a good degree of quality and also allow you to test the effectiveness of UniKeys solutions. By first creating your desired licensing and protection scheme, you can implement and test an updating system to provide a remote update service for your customers if they wish to renew/upgrade their purchase.

Purchase UniKey dongles

Once you have set up an effective licensing scheme you can easily batch create UniKey dongles to have the same settings quickly and effectively.

Distribute UniKey dongles

With your designed and tested protection scheme, fully formatted UniKey dongles, and the ability to maintain updates for your clients, software vendors can distribute their products safely with the knowledge that they have used the most effective means of security.

Protection strategies

Comparison between models

We offer our customers a range of UniKey products with different functions to meet any unique requirement.

Compatibility

4 models of UniKey (STD, PRO, Time, Ultra Dual) use the same library and tools. You can easily shift from one model to another, without changing any software details. They are all compatible with each other, hence migrating from one model to another is a seamless operation.

Features table

Below is a table of features for the different UniKey models.

UniKey Security Keys Drive Time PRO Ultra Dual STD
Security
Unique ID 32-bit
User-defined algorithms 128 instructions
Hardware ID/SN Globally unique hardware ID
Password Convenient password generation scheme
Software ID User-defined
Update Tag 32-bit tag for remote update
Network capability Yes No
Protection Enveloper protection, API protection
Utilities Remote Update
Assist Tool
UniKey Burner
Console
Network Server
Enveloper
Number of supported license modules 256 64
Perpetual Yes
Feature-based Yes
Pay-per-use Yes
Custom Yes
Real-time clock Yes
Secure flash memory 2 ~ 32 GB
Virtual CD-ROM with auto-run Yes
Public drive Yes
Password protected drive Yes
Encrypted and hidden drive Yes
Supported Platforms (Software Vendor)
Supported programming languages VB, VC, VFP, Delphi, BCB,
PowerBuilder, LabView, WinDEV, Java,
FileMaker, Clarion, Java, VS,
Net, Fortran, Visual DataFlex
and many more
Development platforms supported Server 2003, 2008 and 2012
Windows 2000, XP, Vista, 7, 8, 8.1 and

10
Linux 2.2 and 2.4
CentOS 7.0
Ubuntu 8.04, 10.04, 12.04 and 14.04
Mac OS X
Free

BSD...
Supported Platforms (End User)
Operating Systems supported Server 2003, 2008 and 2012
Windows 2000, XP, Vista, 7, 8, 8.1 and

10
Linux 2.2 and 2.4
CentOS 7.0
Ubuntu 8.04, 10.04, 12.04 and 14.04
Mac OS X
Free

BSD...
Integrated memory 4k
Memory cell rewrites At least 1,000,000
Memory data retention At least 30 years
Max number of features/
applications enabled per key
256 64
Driver Driverless (HID device)


UniKey protection methods

UniKey offers two different protection methods:

  1. The UniKey Enveloper
  2. The UniKey Application Programming Interface (API)

UniKey Enveloper

UniKey Enveloper is the fastest way to protect your executable files, by adding a protective shield around executable files such as .exe or .dll. UniKey Enveloper is an automatic software protection solution, you do not need to edit source code or perform any additional coding. By simply using the mouse, you can implement different software protection schemes. At the same time, it provides a high level of protection, making it virtually impossible to debug or reverse engineer your protected software.

UniKey Enveloper workflow diagram

After protecting your application with the UniKey Enveloper, it cannot run without the correct UniKey dongle. You can protect applications either by a local UniKey or a remote UniKey on a network.

UniKey Application Programming Interface (API)

We provide abundant APIs to operate the UniKey dongle, all the APIs are implemented in a SDK/Libraries. In the SDK, you can find samples in various programming languages. Please refer to the relevant API reference guide in SDK/Documents/Manual for more details.

UniKey API is easy, secure and portable. If a library is required for your development language, you can copy the appropriate library file(s) to the same directory as your sample source code. With the help of the UniKey APIs, you can easily achieve strong software protection and produce complete software protection schemes via various combinations of the UniKey APIs.


Libraries inside in the SDK/Libraries folder are used for development. Sample usage is provided in SDK/Samples.

UniKey Architecture

UniKey is a versatile dongle with an abundant set of features. There are several types of storages within each UniKey dongle, and each type is for a specific task.

UniKey architecture, on-board cryptography, user-defined algorithms, etc

Passwords

UniKey consists of 4 passwords, with each password being 2 bytes (16 bits) long. We define pw1 and pw2 as the basic-level (user) passwords and can be offered to end users. Conversely, pw3 and pw4 are advanced (vendor) passwords that should be kept for use at the software developer side, and not be made available to end users. All 4 passwords are needed to obtain full permissions and access to the UniKey dongle for configuration.

By default, UniKey (STD, PRO ,Time and Ultra Dual) passwords are:
  • pw1 = 1234
  • pw2 = 1234
  • pw3 = 1234
  • pw4 = 1234
UniKey Drive passwords are:
  • pw1 = 12345678
  • pw2 = 12345678
  • pw3 = 12345678
  • pw4 = 12345678
Password Permissions
pw1 + pw2
(user mode)
pw1 + pw2 + pw3 + pw4
(vendor mode)
UniKey_Read_Memory(4K)
UniKey_Write_Memory(2K)
UniKey_Write_Memory(4K)
UniKey_Random
UniKey_Seed
UniKey_Read_SoftID
UniKey_Write_SoftID
UniKey_Get_Module
UniKey_Check_Module
UniKey_Module_Decrease
UniKey_Calculate1
UniKey_Calculate2
UniKey_Calculate3
UniKey_Encrypt
UniKey_Decrypt
UniKey_Read_UpdateTag
UniKey_RSA_Generate_KeyPair
UniKey_RSA_Export_Public_Key
UniKey_RSA_Sign
UniKey_RSA_HashEncrypt
UniKey_RSA_DecryptSignedValue
UniKey_RSA_Verify
UniKey_RSA_Delete_KeyPair
UniKey_RSA_Generate_Key
UniKey_RSA_Encrypt
UniKey_RSA_Decrypt
UniKey_Set_Module
UniKey_Write_Arithmetic
UniKey_Generate_New_Password
UniKey_Generate_Key
UniKey_Generate_Key_Via_Seed
UniKey_Write_UpdateTag
UniKey_Set_Com_Size
UniKey_RSA_Import_Public_Key
UniKey_Write_CD_ROM

UniKey Drive

UniKey Drive is a variation of the UniKey PRO model and has all the same functions, with the addition of being the first driverless dongle with mass storage and high security, it can support up to 32 end users with different levels of permission.

UniKey Drive arms software vendors with the ability to easily deliver fully-licensed and protected software; greatly reduce installation steps and woes for end-users using the licenses stored inside the smartcard. UniKey Drive enables software publishers to grow their business through software protection, IP protection and secure licensing.

With UniKey Drive, vendors can use partitioning software to provide mass storage for their end users. This provides significant flexibility, which allow software vendors to partition the key in numerous ways. It also consists of a designated space for the software (read-only memory) and mass storage for the end user, so they can store their own application data files. Additionally, UniKey Drives auto-run software setup capabilities allow end users to run the protected application directly from the UniKey Drive, providing extra convenience for end-users.

License modules

UniKey Drive has 256 license modules empowering software vendors with the flexibility to choose the licensing option that best fit their business needs.

High security

UniKey Drive has two more powerful encryption algorithms, onboard 3DES and RSA with support for 1024- and 2048-bit key lengths.

Multiple partitions

With UniKey Drive, vendors can use partitioning software to provide mass storage to end users. This provides significant flexibility, allowing software vendors to partition the key to their own requirements, designated space for the software (CD-ROM), and mass storage for the end user.

The UniKey Drive storage is divided into four partitions:

  • Virtual CD
  • Public Drive
  • Password Protected Drive
  • Hidden Drive


Virtual CD ROM

This partition offers an ideal space for storing tools since the information in this partition is read-only and cannot be modified. To store tools in this partition, software vendors can save the prepared image files to this partition. An application DriverPWAgent.exe contained in the Virtual CD-ROM is used for logging on to the Password Protected Drive.

Public Drive

This partition enables you to store all sorts of documents, files, etc. It can be accessed and modified normally without requiring any form of authentication, which functions like a regular memory flash drive.

Password Protected Drive

Without the correct password to log on, there is no way to perform any operation in the Password Protected Drive. After logging on to the partition by using DriverPWAgent.exe, a new window to access the secured partition named Secu Drive will pop up on the computer. This partition allows users to store information of high importance and confidentiality, which cannot be accessed nor modified without the correct authentication.

Hidden Drive

As the name suggests, users cannot see or access data stored on this partition, but there is a storage space along with a file system. To ensure the safety of the data stored in the Hidden Drive, a password with high level security is implemented. In order to utilize the Hidden Drive, users have to obtain the correct password to log on and call a range of APIs that are provided to customers for creating, finding, reading and writing files, as well as tools for formatting and so on.

Network Function

UniKey PRO, Time, Ultra Dual and Drive posses network functions and have no small limitation on the maximum number of concurrent remote clients. You can set any reasonable number necessary (the maximum value is 65535 or 216-1).

UniKey PRO, Time, Drive network functions

Intelligent Library

If no rule is set for the UniKey Library (UniKey.dll), the protected software will attempt to search for and connect to a UniKey on the Network. If the software vendor is not clear about the settings at the end-user side, simply let the UniKey library follow its default rule. This smart search can be done without any configuration, allowing the UniKey to operate on the network.

The default port for the UniKey network is 5680, this can be changed in the configuration file


Floating License Model

UniKey stores software licenses on itself. In some cases, you may want to store the license on a network server or local workstation. Because of the settings in UniKey, you can easily implement a floating license model, i.e. you can store the license info on UniKey and the client will try to find both licenses over the network. All these features will also work without any configuration, where the client will search for the license that is on the local network.

UniKey software copy protection system is a powerful solution, and it offers flexible software protection schemes. UniKey PRO, Time and Drive can work on a network and they all support a floating license. The network can be LAN or across the internet. Network functions can also work across different subnets. Please ensure that the NetUniKey server is added to the exception/trusted list of your anti-virus software, otherwise it may block communication between the NetUniKey server and client.

Network features

  • No artificial limitation of concurrent users (no more than 65535-1024, which is the max number available from the socket).
  • Black and whitelist support. Blacklisted IPs will be unable to access the UniKey.
  • Working mode set by developers. For example a developer can set it to search for a local key first and then search for a key on the network or vice versa. (floating license)
  • Assign the server an IP address or let clients find the server automatically via broadcast.
  • UniKey can work with different networks, even over the Internet or through different subnets.
  • UniKey automatically adds itself to the WinXP SP2 firewall for ease of use. No changes between all the APIs.
  • The Network DLL can work with UniKey (the local/standard key).
  • When no configuration is necessary, just remove the .ini file and you are ready to go.
  • Network key drivers are not necessary. UniKey is a completely green software and keeps the same tradition as the driverless dongle. Just copy the .exe and run it.

Utilities

Console

The UniKey Console manual can be found in the SDK/Utilities folder located in the SDK, or can be read at: UniKey Console Tool.

Enveloper

The UniKey Enveloper manual can be found in the SDK/Utilities folder located in the SDK, or can be read at: UniKey Envelop Tool.

UniKey Drive Init

The UniKey Drive Init manual can be found in the Drive SDK/Utilities folder located in the SDK, or can be read at: UniKey Init Tool.

UniKey Drive Entry

The UniKey Drive Entry manual can be found in the SDK/Utilities folder located in the SDK, or at: UniKey Entry Tool.

UniKey Assist

The UniKey Assist manual can be found in the SDK/Utilities folder located in the SDK, or at: UniKey Assist Tool.

UniKey Burner

The UniKey Burner manual can be found in the SDK/Utilities folder located in the SDK, or at: UniKey Burner Tool.

Remote Updater

The UniKey Remote Updater manual can be found in the SDK/Utilities folder located in the SDK, or at: UniKey Updater And Generator Tool.

UniKey Generator

The UniKey Generator manual can be found in the SDK/Utilities folder located in the SDK, or at: UniKey Updater And Generator Tool.

Network tools

UniKey network service and console

The UniKey network service is an application that runs in the system background. It enables users to connect to a UniKey dongle over the network. This works in conjunction with the UniKey Network Server Console to monitor client connections, set up servers, manage black and white IP lists and other useful functions.

Installation, usage and setup details are provided with the SDK in the SDK/Network/Quick Setup for UniKey Network Feature.pdf folder.

Monitor

UniKey Network Server Console monitor tab
The 2 red dots at the bottom represent the status of the service/network respectively; if they are green then they are functioning.

In the Monitor tab, users can see the currently connected users to the UniKey network. They can sort the list of connected users by IP address or by UniKey HID. Administrators can disconnect users by using the Kill and Kill All buttons.

Manage services

UniKey Network manage network services tab
Port 5680 is the default network port for the UniKey network services.

By clicking on the "Service Manage" tab, you can check the servers status and configure the settings. The service and network can be enabled/disabled by using the "Start"/"Stop" buttons and the network can be configured. Time limit (seconds) defines the interval of time the client has to respond to a connection attempt. If the client does not respond in the set amount of time, the server will close the connection. Auto Start sets the service to run whenever the server starts.

Black and White IP list

UniKey blacklist and whitelist IP addresses
The blacklist has priority over the whitelist, if an IP address conflict occurs between both lists, that IP address will be blocked.

Enabling the black and/or white IP list blocks/allows users from the specified IP addresses respectively. IP addresses are added in ranges. When a user clicks on "Add" the following window appears:

server start and end IP address

This allows administrators to input the range of desired IP addresses to block/allow to connect to the server.

More information can be found at UniKey Network Monitor Tool.

Technical Support

SecuTech offers 24/7 technical support on the website: https://www.esecutech.com/support/.

Resource Vault

The Resource vault provides software vendors and end users the ability to download the latest software, documents and tools as well as examples and other useful data such as cook books for using the UniKey API. These can be accessed via https://esecutech.com/downloads/.

FAQ

Frequently asked questions about SecuTechs products can be found at https://esecutech.com/wiki/index.php?title=Category:UniKey_FAQ/. The user friendly navigation to filter through the multitude of different solutions and answers helps you to solve any issues you may be experiencing with UniKey.

Ticketing service

The ticketing service is used to create support requests for any issues that you may have when using SecuTechs products, by using the ticketing service you can track the progress of your ticket and expect a response time of 24 hours. You will be notified of any responses by mail. It can be accessed via https://esecutech.com/support/.

License mode

As more software is distributed electronically, license management is becoming an increasing concern for software developers. New marketing and licensing schemes have evolved to include the ability to try before you buy, pay by usage, software use for a limited period or to control what features can be used.

How do licenses work

The UniKey protected applications will search and communicate with the dongle connected to the local USB port or over the network. The protected application first determines whether or not the dongle connected is correct. If the dongle proves to be correct, then the application will respond by showing us if the application or feature is authorized to run. The authorization is based on the terms of the license for the feature or application. Once the application has started, it will continue to communicate with the dongle to check what features or in what way the application can be used.

How to choose a product

We advise you to choose the right UniKey model based on your project's technical requirements and budget: If you only need a standard software protection solution and do not require network or real time functions, then UniKey STD will be perfect. If your application can work over LAN, and you need to control the number of concurrent users, then you should select UniKey PRO. If you would like to use MacBook or any other computers with USB Type-C port, then you should select UniKey Ultra Dual.

Expiration, time-based leasing, and trial software should take advantage of UniKey Time's time constraining features. If you need to have mass storage space with high security, UniKey Drive will best serve your needs.

Remote update system

UniKey provides a flexible solution with software protection to meet the various requirements of software sales. It is a common need for end users to upgrade software if they purchase new functions, prolong the leasing period or remove limitations. UniKey provides a convenient remote update solution to minimize the cost of software upgrades. UniKeys Remote Update System allows end users to execute and load a UniKey remote update file, so updating UniKey becomes an automated process.

Popular License types

UniKey Security Keys support many different licensing models by giving you the power to ensure software license compliance, allowing you to choose how to grow your business:

  • Perpetual: Upfront one off payment for all functionality of the product.
  • Feature Based: Enables or disables product features according to customer needs and charges only for the functionality they use.
  • Rental: Offers software rentals and charges periodically for software applications, modules or features.
  • Subscription: Charges for software upgrades and new versions.
  • Floating: Charges by the number of network connections that use the software simultaneously in network environments.
  • Floating/Time-Based: Combines floating and rental/subscription pricing models.
  • Try Before You Buy: Offers limited trial versions free-of-charge.
  • Pay Per Use: Charges for the number of times software functionality is used over a period of time.
  • Volume Licensing: Offers volume pricing for multiple single-user copies operating in a network environment.
For example: if the software has functions A and B, but the customer only bought function A, the developer can attach a module to A=10 and a separate module to B=0

Licensing Modules

Each UniKey dongle has 64 license modules except for the UniKey Drive dongle which has 256 license modules. These license modules are 2-bytes long in storage. Developers can write a license module by taking full permission of the UniKey dongle. If a license module is non-zero, it means the license module is valid; otherwise, the license module is invalid. The contents of a license module cannot be read out, but the developer may check the validity of the license module. The conditions on how long a module lasts can be determined in many ways, for example, the non-zero number assigned to a module will decrease every time the software is used until it reaches 0, which will then disable the software functions until the license is being renewed.

Real-Time Function

UniKey Time has a real-time clock inside each dongle. We can implement more flexible real time functions/protection along with UniKey Time. Since the real-time clock inside UniKey Time is independent of the host computers clock, the timing function with UniKey Time is more secure and accurate than its competitors. Software vendors can set their current time to the real-time clock inside the UniKey Time, and can check software execution time.

How does the Real Time Function Work?

There are 16 real-time modules within each UniKey Time dongle. Real-time modules are only valid in a specific time period. Software vendors can set real-time modules to one of 2 types, i.e. static and duration.

Static Type

If a license module is set to static, then it is only valid between the start and end time (non-zero). For example, if we set a real-time module #0 as static, and then set the start time as 2012.8.1, 10:00:00, the end time as 2012.8.30, 22:00:00, then this real-time module is only valid within this period. If we check this real-time module beyond the time period, this module will be regarded as invalid. The time used is the clocks time inside the dongle itself, not the host computers time.

Duration Type

Software vendors can set a real-time module as a duration type. This means the real-time module is only valid for a specific period after the real-time module has been started for the first time. For example, we can set the real time module #1 as duration, and the duration is 90 days and 12 hours. If we then start this module right now, it will be valid for 90 days and 12 hours. After that has passed, the real time module becomes invalid.

Demo Software

In most cases, end users like to try a trial version of software before they buy the full version. For demo software, the functionality and execution count is limited. Software vendors can use a license module to limit the execution count, i.e. write 30 to module #0, and decrease this module each time the software is run, when it reaches 0 (invalid), the software cannot be run again.

Selling Per Function Model

A popular software sales model for end users is to only purchase one function of the software, i.e. the software has 5 functions, and an end-user may only want to purchase 3 of the 5 functions. With the UniKey dongle, the software vendor does not need to recompile the source code, and the function can be bounded to the UniKey dongle.

Software Leasing

It is common in software leasing to impose an expiry date. You can refer to the advanced usage portion of the UniKey APIs and the previous page about static and duration types.

Distributing Software

In some cases, the software vendor may want to control the distribution of the software. You can use the UniKey dongle to control which channel/customer the software is for. The software ID or module number can identify the distribution channel or end user.

Bind with Hardware

A type of software licensing is to bind the software with hardware, such as a network card, machine hardware ID, etc. UniKey offers the software vendor the ability to bind software to specific UniKey hardware IDs.

Serial Number/CD keys

Licensing software with a serial number is a widely used method, but if the computation is performed in memory, it can be easily cracked. We can move this computation into a UniKey dongle, taking advantage of User-Defined Algorithms and the MD5 hashing function. We suggest that serial numbers should work in addition to MD5 making cracking extremely difficult.

Distributing and protecting software

Software Protection Scheme

Making a good software protection scheme will extend the software protection life cycle and software vendors can benefit more from their software sales. Although UniKey is a powerful dongle, a weak software protection scheme will lead to an unacceptable result. Finding and making a suitable software protection scheme plays an important role in software protection.

Schedule

In general, software protection is the last step of software development, in order to achieve the best result, we should change this idea. The job of software protection should be started at least 1 month before the release of the software. The reason is simply that it needs time to be tested and verified to make sure that the software protection method is strong enough and works as expected. To derive the best software protection, software vendors should design their software protection schemes at the beginning of software development, and integrate the chosen UniKey dongle with their software seamlessly.

Dongle Functions

From a traditional viewpoint, the usage of a software protection dongle is to just check whether the dongle is attached and to read/write to the dongles memory. UniKey allows far more than just reading/writing memory. Taking advantage of various inbuilt functions of the UniKey can help to provide strong software protection. When integrating the UniKey functions with the software, saving software credentials in the UniKey dongle (e.g. store/encrypt AES key in/with the UniKey dongle and try to minimize the time of such key is in the memory) will increase the difficulty of hacker cracking the software. This is because a computer's memory is extremely easy to extract by seasoned hackers, which however is not the case for the UniKey: The UniKey dongle's memory is nearly impossibly to be extracted due to the complexity of algorithms used to protect the integrated software, and the extra protection in UniKey used to prevent malicious activities from intruding.

People

Only specific personnel should be entrusted with the software protection tasks. If the software protection source code is open to others or the public, the software protection is exposed and others can attempt to crack the protected software. Another solution is to divide the software protection into several parts and have each developer responsible for only part of the task. Since they do not communicate or share source code with each other, the software protection as a whole is harder to crack. However, SecuTech suggests that only trusted personnel have access to the code.

Dongle Passwords

SecuTech thinks from a customer viewpoint, by breaking the tradition of burning passwords at the dongle distributor side. Software vendors can burn their own passwords on their end and handle password storage by themselves, which is a far more secured solution. In order to burn a UniKey dongle's password, you need to input a seed value, and the password will be generated based on that seed.

The password generation algorithm is irreversible, i.e. no one can generate the same password without knowing your seed. When a new password is generated, a file containing the date, seed and newly generated password will be created in the working directory. Please keep this file in a safe place.

Please note that each UniKey dongle can only generate a new password twice. If this fails or you want to change the password, you will have to return the UniKey dongle to SecuTech for resetting.

Software Development

As discussed, the person who is developing the software protection code should be a trusted personnel. To avoid future problems, please refer to the source code in the UniKey SDK CD. In most cases, you do not need to compose a lot of code, you only need to modify the samples provided in the SDK, and then include that into your source code.

Programming Languages

The choice of programming language is important in software protection. A compiled programming language such as C++ and Delphi is highly recommended. When using these types of programming languages, you do not need to worry too much about decompiling the source code, resulting in better software protection. An interpreted programming language such as FoxPro is somewhat weak, since it can be decompiled to obtain the source code or semi-source code. Only calling UniKey APIs is not strong enough to protect your software, hence we offer 3 solutions:

  • Save software credentials in the UniKey dongle: Take advantage of user-defined and seed algorithms in UniKey, which is totally separate to reading/writing and checking the dongle attachment. Involving the UniKey dongle in computations will greatly strengthen your software protection.
  • Pack certain functions into a DLL file to enhance software protection: A DLL file is compiled and is difficult to decompile. We avoid the weaknesses of interpreted programming languages and take advantage of compiled programming languages via a DLL.
  • Make a stub/packer for the interpreter: The interpreter interprets high level code into machine code. In general, a compiled programming language compiles an interpreter. Making a stub/packer will add software protection codes into it and make the interpreter work with the UniKey dongles. This solution applies with Flash or e-Book etc.

Obfuscation

Anti-piracy is the war between hackers and software vendors. To make piracy difficult, we need to use many different techniques. In general, hackers like to use debugging tools to see the assembly (ASM) code of the targeted software. Therefore, we use some tricks to make the decompiled ASM code more complicated.

  • Fake access to dongle: For example, we use a random variable integer Access. Such that, when we access the dongle with the correct password, 3 other 'fake' passwords exist. this means that once we have accessed the UniKey dongle 3 times, only 1/3 of the time it contains the correct password.
  • Save a random number in the UniKey dongle: After a certain period, we read this number out of the UniKey dongle, and compare it with the number in memory. If they are the same, it means that the dongle is attached. Otherwise, no dongle is attached.
  • Save crucial variables into UniKey dongles: It is common for applications to remember some variables and save them in the registry. We can save such variables in the UniKey dongle and directly load it from the UniKey dongle. Without attaching a correct dongle, applications cannot retrieve the proper variables and hence protected software cannot be used.

Involving UniKey in Computation

Only checking the attachment of a UniKey dongle is not strong enough. In order to increase the strength of security protecting the software, we need to involve the UniKey dongle in a computation related to the software. Taking advantage of user-defined algorithms, you can create some simple computation to be executed within the UniKey dongle; such computations is critical to the software protection scheme. Since the input value of the user-defined algorithm is variable each time, it is difficult for a hacker to figure out the algorithms utilized in the UniKey dongle.

Encrypting/Decrypting data via UniKey dongles will make cracking much more difficult. Since the UniKey has its own processor, it can perform encryption/decryption inside the UniKey dongle, which provides the best security. The encryption/decryption key never leaves the UniKey dongle, and only users with full permission can generate a new key, so cracking the encryption of UniKey dongles becomes almost impossible.

Trouble shooting and FAQs

Q: Can I modify the password of a UniKey dongle?

Yes. Each UniKey dongle can only generate a new password TWICE. Dongle will have to be sent back to SecuTech for resetting if password has to be reset again.

Q: Can others duplicate my UniKey dongle?

No. Please keep the seed for your passwords in a safe place. Without knowing the seed, no one can generate the same password.

Q: What operating system does UniKey support?

Windows 98SE, ME, 2000, XP, 2003 (32- and 64-bit), Server 2012, Vista, 7, 8, 8.1 and 10; Mac OS X; Linux (2.2 and above); CentOS 7; Ubuntu 8.04, 10.04, 12.04 and 14.04; VMware machine; EXSi 6.0.

Q: What programming language does UniKey support?

C, Visual C++, Visual Basic, Visual FoxPro, Delphi, Power Builder, Java, Access, Real Basic, Fortran, etc; any compiler that works with DLL/LIBs.

Q; How can learn about using a UniKey?

In the SDK, you can find a Quick Start file, which gives you a quick guide of how to use the UniKey.

Q: What is driverless?

The UniKey software protection dongle is driverless, which means you do not need to install a driver on supported operating systems. The operating system embeds the driver and installs the driver automatically. Since the most frequent problems that occur at the end user side are driver installation, UniKey overcomes this problem perfectly. This feature is done via the HID protocol.

Q: Is the UniKey environmentally friendly?

Yes, UniKey dongle is environmentally friendly. All parts and the production process are lead-free and ROHS-compatible.

Q: What is the purpose of the light on the UniKey dongle?

If the light is flashing, it means that either the UniKey dongle is not working or the system did not install the driver properly. You can update/replace the driver manually. If the light is constantly on, it means the UniKey dongle is ready to use.

Q: Can I label the UniKey dongle with my logo?

Yes, please contact SecuTech Solution Inc. (sales@esecutech.com) or our distributor in your local area.

Q: Where can I get assistance when protecting my software?

We are happy to provide high-quality service to our customers. If you have any questions, please feel free to contact us at support@esecutech.com, our professional team will provide you instant help.



If you have any questions, please feel free to contact us at: http://www.esecutech.com/support or support@esecutech.com




Footer Logo List.png




About SecuTech

SecuTech Solution Inc. is a company specializing in data protection and strong authentication, providing total customer satisfaction in security systems & services for banks, financial institutions & other industries. Having extensive and in-depth experience within the information security market, SecuTech has drawn upon this experience to utilize today's cutting-edge technologies that are effective against increasingly sophisticated cyber attacks. Enabling enterprises, financial institutions, and government to safely adopt the economic benefits of mobile and cloud computing.

http://www.esecutech.com
SecuTech Solution Inc.

Contact Us:
North America China Asia-Pacific EMEA
Address 1250 Boulevard Ren-Lvesque Ouest, #2200, Montreal, QC, H3B 4W8, Canada Level 12, #67 Bei Si Huan Xi Lu, Beijing, China, 100080 Suite 5.14, 32 Delhi Rd, North Ryde, NSW, 2113, Australia 4 Cours Bayard 69002 Lyon, France
Phone +1 -888-259-5825 +8610-8288 8834 00612-9888 6185 +33-042-600-2810
Fax +1 -888-259-5825 ext.0 +8610-8288 8834 00612-9888 6185 +33-042-600-2810
Email info@esecutech.com cn@esecutech.com aus@esecutech.com europe@esecutech.com

Copyright 2012 SecuTech Solution Inc. All rights reserved. Reproduction in whole or in part without written permission from SecuTech is prohibited. SecuTech UniMate and the SecuTech logo are trademarks of SecuTech Inc. Windows and all other trademarks are properties of their respective owners. Features and specifications are subject to change without notice.

SecuTech Logo.png



TOP