Professional Documents
Culture Documents
*Source: Frost & Sullivan World Content Protection and Digital Rights Management Markets Doc #N1AF-70, March 2007 and IDC Worldwide Hardware Authentication Token 2005-2009 Forecast & 2004 Vendor Shares Doc #34452, December 2005
v 3.10
A l a d d i n . c o m / H A S P
1.2
2.2
less protective of Aladdin's rights than such equivalent provisions contained herein. In addition, you shall make it abundantly clear to your distributors and/or end users, that Aladdin is not and shall not, under any circumstances, be responsible or liable in any way for the software and software licenses contained in your computer programs which you merge with the Aladdin Software and distribute to your distributors and/or end users, including, without limitation, with respect to extending license terms and providing maintenance for any software elements and/or computer programs which are not the Aladdin Software. Aladdin expressly disclaims any responsibility and liability with respect to any computer programs, software elements, and/or hardware elements which are not and do not form part of the Aladdin product. 2.3 Limited Warranty. Aladdin warrants, for your benefit alone, that (i) the Software, when and as delivered to you, and for a period of three (3) months after the date of delivery to you, will perform in substantial compliance with the HASP SRM Guide, provided that it is used on the computer hardware and with the operating system for which it was designed; and (ii) that the HASP key, for a period of twelve (12) months after the date of delivery to you, will be substantially free from significant defects in materials and workmanship. Warranty Disclaimer. ALADDIN DOES NOT WARRANT THAT ANY OF ITS PRODUCT(S) WILL MEET YOUR REQUIRMENTS OR THAT THEIR OPERATION WILL BE UNINTERRUPTED OR ERROR-FREE. TO THE EXTENT ALLOWED BY LAW, ALADDIN EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES NOT STATED HERE AND ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NO ALADDINS DEALER, DISTRIBUTOR, RESELLER, AGENT OR EMPLOYEE IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS, OR ADDITIONS TO THIS WARRANTY. If any modifications are made to the Software or to any other part of the Product by you during the warranty period; if the media and the HASP key is subjected to accident, abuse, or improper use; or if you violate any of the terms of this Agreement, then the warranty in Section 2.3 above, shall immediately be terminated. The warranty shall not apply if the Software is used on or in conjunction with hardware or program other than the unmodified version of hardware and program with which the Software was designed to be used as described in the HASP SRM Guide. Limitation of Remedies. In the event of a breach of the warranty set forth above, Aladdin's sole obligation, and your sole remedy shall be, at Aladdin's sole discretion: (i) to replace or repair the Product, or component thereof, that does not meet the foregoing limited warranty, free of charge; or (ii) to refund the price paid by you for the Product, or component thereof. Any replacement or repaired component will be warranted for the remainder of the original warranty period or 30 days, whichever is longer. Warranty claims must be made in writing during the warranty period and within seven (7) days of the observation of the defect accompanied by evidence satisfactory to Aladdin. All Products should be returned to the distributor from which they were purchased (if not purchased directly from Aladdin) and shall be shipped by the returning party with freight and insurance paid. The Product or component thereof must be returned with a copy of your receipt.
2.4
2.5
3.2
3.3
3.4
Limitation of Liability. Aladdins cumulative liability to you or any other party for any loss or damages resulting from any claims, demands, or actions arising out of or relating to this Agreement and/or the sue of the Product shall not exceed the license fee paid to Aladdin for the use of the Product/s that gave rise to the action or claim, and if no such Product/s is/are so applicable then Aladdin's liability shall not exceed the amount of license fees paid by You to Aladdin hereunder during the twelve (12) months period preceding the event. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE, SHALL ALADDIN OR ITS SUPPLIERS OR RESELLERS OR AGENTS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY TYPE INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, BUSINESS INTERRUPTION, COMPUTER FAILURE OR MALFUNCTION, LOSS OF BUSINESS PROFITS, LOSS OF BUSINESS INFORMATION, DAMAGES FOR PERSONAL INJURY OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF ALADDIN SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO YOU. No other Warranties. Except and to the extent specifically provided herein, Aladdin makes no warranty or representation, either express or implied, with respect to its Products as, including their quality, performance, merchantability or fitness for a particular purpose. Export Controls. You acknowledge that the Product is subject to certain export control laws, rules, and/or regulations, including, without limitation, to the United States and/or Israeli export control laws, rules, and/or regulations, and you therefore agree that the Product will not be shipped, transferred, or exported into any country or used in any manner prohibited by applicable law. Governing Law & Jurisdiction. This Agreement shall be construed and governed in accordance with the laws of Israel (except for conflict of law provisions) and only the courts in Israel shall have jurisdiction in any conflict or dispute arising out of this Agreement. The application of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.
3.6
3.7
3.8
3.10 Miscellaneous. If the copy of the Product you received was accompanied by a printed or other form of hard-copy End User License Agreement whose terms vary from this Agreement, then the hard-copy End User License Agreement governs your use of the Product. This Agreement represents the complete agreement concerning this license and may be amended only by a writing executed by both parties. THE ACCEPTANCE OF ANY PURCHASE ORDER PLACED BY YOU, IS EXPRESSLY MADE CONDITIONAL ON YOUR ASSENT TO THE TERMS SET FORTH HEREIN, COMBINED WITH THE APPLICABLE LICENSE SCOPE AND TERMS, IF ANY, SET FORTH IN YOUR PURCHASE ORDER. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.
IV.
V.
VI.
VII. Redistributions of any form whatsoever must retain the following acknowledgment: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). B. DISCLAIMER OF WARRANTY THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT ORITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISEDOF THE POSSIBILITY OF SUCH DAMAGE.
10
11
Patents
Aladdin has a corporate policy of identifying and protecting its intellectual property. Aladdin Knowledge Systems currently has the following granted patents. US 7,249,266 US 7,065,652 US 6,748,541 US 6,285,985 US 6,272,636 US 6,363,356 US 6,044,469 EP 1001329 EP 1387235 DE 60122033 DE 50101184 IL 0130944 RU 2267155 There are equivalent patents in other jurisdictions, other patents are pending. For an updated list of granted patents, consult http://www.aladdin.com/about/patents.asp. US 7,225,336 US 7,065,650 US 6,554,621 US 6,189,097 US 6,434,532 US 6,009,401 US 6,334,214 EP 1122932 EP 1318451 DE 50207195 DE 50104035 IL 111499 US 7,191,325 US 7,047,368 US 6,763,399 US 5,898,777 US 6,334,213 US 6,243,692 US 6,898,555 EP 1353259 EP 1318451 DE 50302771 DE 50201237 US 7,149,928 US 7,013,483 US 5,359,495 US 6,073,256 US 6,009,525 US 6,055,503 US 4,658,093 EP 1318646 EP 1220075 DE 60207515 DE 50100101
12
Certifications
CE Compliance
The HASP product line complies with the CE EMC Directive and related standards*. HASP products are marked with the CE logo and a HASP CE conformity card is included in every shipment or upon demand. *EMC directive 89/336/EEC and related standards EN 55022, EN 50082-1.
FCC Compliance
FCC authorities have determined that HASP is not a Class B Computing Device Peripheral and therefore does not require FCC regulation.
UL Certification
The HASP product line successfully completed UL 94 Tests for Flammability of Plastic Materials for Parts in Devices and Appliances. HASP products comply with UL 1950 Safety of Information Technology Equipment regulations.
Certificate of Compliance
Upon request, Aladdin Knowledge Systems, Inc. will supply a Certificate of Compliance to any software developer who wishes to demonstrate that the HASP product line conforms to the specifications stated. Software developers can distribute this certificate to the end user along with their programs.
Table of Contents
Familiarizing Yourself with HASP SRM Vendor Suite ...................... 21
Contents of your HASP SRM Kit............................................................................. 21 HASP SRM Developer Kit................................................................................... 21 HASP SRM Starter Kit ........................................................................................ 22 About this Guide ...................................................................................................... 22 Obtaining Support.................................................................................................... 24 Training................................................................................................................ 24 Technical Support................................................................................................ 24
14
Table of Contents
Customizing Your Unique Solution ..........................................................................35 Personalized Vendor and Batch Codes ..............................................................36 Selecting the Best Key for Your Requirements...................................................37 HASP SRM Vendor Keys ....................................................................................37 End-User Keys.....................................................................................................38 HASP SRM Protection Process ..........................................................................41 Obtaining Additional Information about HASP SRM ...............................................42
Part 2 Protection
3. Protecting Software ................................................................................59
HASP SRM Protection.............................................................................................59 Elements of HASP SRM Protection ....................................................................60 Selecting a Protection Method ............................................................................63
Table of Contents
15
Implementation ........................................................................................................ 73 Planning your Requirements............................................................................... 73 HASP SRM Run-time API Workflow................................................................... 74 HASP SRM Run-time API Login Function.......................................................... 75 HASP SRM Run-time API Functionality.................................................................. 77 Function Groups.................................................................................................. 77
6. Protection Strategies............................................................................101
Overview................................................................................................................ 101 General Protection Guidelines .............................................................................. 102 Types of Attack and their HASP SRM Defense.................................................... 104
16
Table of Contents
DataHASP Users............................................................................................... 110 HASP SRM Data File Handling......................................................................... 110 DataHASP Pre-requisites ...................................................................................... 111 Launching DataHASP ....................................................................................... 112 Supported Functionality..................................................................................... 112 Modifying Input .................................................................................................. 112
Part 3 Licensing
8. Introduction to HASP SRM Business Studio....................................115
HASP SRM Business Studio Overview................................................................. 115 HASP SRM Business Studio Major Workflows................................................. 116 HASP SRM Business Studio User Roles.............................................................. 119 Getting Started with HASP SRM Business Studio................................................120 Pre-requisites for the HASP SRM Administrator ..............................................120 HASP SRM Business Studio Window...............................................................122 Using the HASP SRM Business Studio Help....................................................123
Table of Contents
17
Managing Features................................................................................................ 139 Defining Features.............................................................................................. 139 Withdrawing a Feature...................................................................................... 140 Managing Products................................................................................................ 141 Defining New Products...................................................................................... 142 Defining Provisional Products........................................................................... 147 Product Status Values....................................................................................... 148 Duplicating a Product ........................................................................................ 148 Withdrawing a Product...................................................................................... 148 Maintaining Products and Licenses ...................................................................... 149 Managing Product Versions.............................................................................. 149 Canceling Product Licenses ............................................................................. 151
18
Table of Contents
Maintaining User Details....................................................................................179 Maintaining Batch Codes ..................................................................................180 Configuring System Settings.............................................................................181 Customer Services.................................................................................................182
Table of Contents
19
Customizing Admin Control Center Look and Feel .............................................. 206 Writing Templates.............................................................................................. 208 Configuring Admin Control Center to Use your Custom Template................... 211
Part 5 Appendices
A. Troubleshooting ....................................................................................215
Checklist ................................................................................................................ 216 Problems and Solutions ........................................................................................ 216
20
Table of Contents
22
HASP SRMVendorSuitesoftwareonasingleCDROM HASP SRMVendorkeys: HASP SRMDeveloperkeyforapplyingprotection HASP SRM Masterkeyfordefiningandapplyinglicenseterms HASP SRMSoftwareProtectionandLicensingQuickStartcard HASP SRMSoftwareProtectionandLicensingGuide(thisbook) HASP SRMSoftwareProtectionandLicensingTutorial HASP SRMBusiness StudioServerInstallationGuide HASP HLkeysfordistributiontoyourcustomers,accordingto yourorder
23
Part 2Protection ProvidesanindepthpresentationofHASP SRMprotection methods.Thispartincludesstrategiesformaximizingthe protectionofyoursoftwareusingHASP SRM.Thispartis specificallyforsoftwareengineerswhohavetheresponsibilityfor usingtheHASP SRMprotectionapplicationstoprotectsoftware. Part 3Licensing DiscussestheoptionsthatHASP SRMprovidestoenableyouto applyflexiblelicensingtermstoyoursoftwareandprovidescase studiesforyoutoexamine.Thispartisparticularlyrelevantto productandbusinessmanagerswhohavetomakedecisions abouthowtheirsoftwareislicensed.Thispartshouldalsoberead byoperationsstaffandothersinvolvedinproduction. Part 4Distributing HASP SRM Software DetailstheHASP SRMsoftwarethatcanbedeliveredtoendusers toensureoptimalperformanceofprotectedsoftware.Thispart alsodescribesthevariouswaysofeffectivelydeliveringthe HASP SRMsoftwarecomponents. Part 5Appendices Providesthefollowingsupplementaryinformation: Atroubleshootingsectionthatidentifiesvariousissuesthat youmayencounterandprovidessolutions Acomprehensiveglossarywithconciseexplanationsof HASP SRMterms TheHASP SRMRuntimeAPIreference,whichprovidesalist offunctionsandtheirparameters,andtheirreturnvalues
24
Obtaining Support
AladdinKnowledgeSystemshasbothinternationalofficesandmany localdistributorsprovidingsupportforHASP SRMvirtually wheneverandwhereverrequired.Tofindthenameofyournearest officeordistributor,gotothefollowingURL:
http://www.aladdin.com/how/how.asp?selectproduct=hasp&header_type=support
andenteryourlocalityintheappropriatefield.
Training
ForadditionalinformationandtrainingaboutHASP SRM implementationissues,contactourteamofinternationalconsultants attheURLprovidedabove.Theconsultantscanprovideyouwith tailoredtrainingsessionsonthefollowing:
Technical Support
Youcandownloadupdates,executables,anddocumentationusing thefollowingURL:
http://www.aladdin.com/support/hasp.aspx.
26
Chapter 1
In this chapter:
Fundamentals of Protection Major Protection Solutions Fundamentals of Licensing Flexible and Secure Licensing Solutions Principles of HASP SRM Customizing Your Unique Solution
28
Fundamentals of Protection
Thissectionexaminesthenatureofprotection,andidentifiesthetwo typesofprotectionthatyouneedtoconsider.
What is Protection?
Protectionistheprocessofsecuringanapplicationorintellectualproperty byincorporatingautomatedandcustomizedsecuritystrategies. Protectionisachievedbyimplementingspecificsecuritystrategies, suchaswrappingyourapplicationinasecurityenvelope,and incorporatingvarioussecuritymeasureswithintheapplicationscode duringdevelopment.Thegreaterthenumberofsecuritymeasures incorporated,andthehighertheleveloftheircomplexity,themore secureyourapplicationbecomes. Itisnotsufficienttoprotectonlyyoursoftwareyoumustalso protectyourintellectualproperty.Yourprofessionalexpertiseandthe secretsthatyouuseindevelopingyoursoftware,forexample algorithms,mustalsobeprotected.
Copy Protection
Copyprotectionistheprocessofencryptingyoursoftwareand incorporatingvarioussecuritymeasuresthroughoutthecodeand bindingittoakeysothatitcanonlybeaccessedbyauthorizedusers whoareinpossessionofthekey.Themorecomplexthecopy protectionappliedtoyoursoftware,thelesslikelyitistobe compromised.
29
Hardware-based Solutions
Inhardwarebasedsolutions,yousupplyanexternalhardwaredevice togetherwithyoursoftware.Thefunctioningofyoursoftwareis dependentonthedevicebeingconnectedtotheenduserscomputer. Atruntime,yoursoftwarecommunicateswiththehardwaredevice, andonlyfunctionscorrectlyifitreceivesanauthenticresponsefrom thedevice. HASP SRMprovidesavarietyofhardwaredevicesintheformof HASP HLkeys.YoucanselectthetypeofHASP HLkeythatbestsuits yourrequirements.FormoreinformationaboutHASP HLkeys,see HASP HLKeysonpage 38.
Software-based Solutions
Insoftwarebasedsolutions,followingtheinstallationofyoursoftware onanenduserscomputer,theprotectionandlicensingisbondedto thatspecificmachine.YoursoftwarewillonlyfunctionafteraProduct Keyhasbeenenteredbytheuser.Atruntime,theserverchecksthat thesoftwareisonthemachineonwhichitislicensedtorunandthatit isbeingusedinaccordancewiththeuserslicenseterms. HASP SRMprovidesarobustsoftwarebasedsolutionusingHASP SL keys.AHASP SLkeyresidesinthesecurestorageofaspecific computerandispatternedonthefunctionalityofaHASP HLkey. FormoreinformationaboutHASP SLkeys,seeHASP SLKeyson page 39.
30
Hardwarebased
**** **** ** **** ** ***
Softwarebased
*** ** **** * **** ****
31
Fundamentals of Licensing
Inadditiontoprotectingyoursoftwareandintellectualproperty,you needtoprotecttherevenuefromsalesofyourproduct.Youwantto ensurethatyoursoftwareisonlyavailabletotheappropriateusers, accordingtothetermsthatyoudefine.Thisprocessiscontrolledby licensing. Licensingprovidesyouwiththeflexibilitytoimplementyour businessstrategiesforyoursoftwaredistribution.Whenyoudefine thelicensingtermsonwhichyoursoftwareisdistributedorsold,you selectthetermsthatarecommerciallybeneficialtoyourcompany. Forexample,youmaydecidethatyouinitiallywanttodistributeyour softwarefreeofcharge,sothatuserscantryitbeforepurchasing. You willwanttoensurethatuserscanuseitforonlyalimitedtime beforeitmustbepurchased.
32
Understanding HASP SRM Software Protection and Licensing Alternatively,youmaypublishverycomplex,expensivesoftware. You maydecidetomakespecificcomponentsofthatsoftware availableforalowerprice,thusmakingpartsofitaccessibletousers whocannotaffordthefullyfeaturedversion.Suchadecisioncreates anadditionalrevenuesource. Toobtainthemaximumbenefitfromyourcompanyslicensing strategy,youneedasoftwarelicensingsystemthatprovidesyouwith theflexibilitytotailorlicensingtermstofityourbusinessstrategies, andtoadaptquicklytochangesinthemarketandinyourbusiness needs.Yourlicensingsystemmustalsobeabletoenforceyourdefined usagetermswithsecurelicensingmethods.
33
Youcaneasilydefinecustomlicensingmodelsandusagetermsusing thefunctionalityprovidedbyHASP SRM.Forexample,this functionalityenablesyoutoutilizesecurereadonlyandread/write memorystorage,flexiblecounters,andarealtimeclockincorporated intheHASP SRMprotectionkey. Theseparationoftheengineeringandlicensingprocessesembodied inHASP SRMmakesitpossibletomodifythecompanyslicensing strategyasnecessarywhencircumstanceschange,andtoimplement thesechangesquicklyandefficiently.
34
Cross-locking
CrosslockingistheHASP SRMprocessthatenablesyoutochoosethe devicetowhichyourprotectedapplicationandlicensewillbelocked eithertoaHASP HLkeyor,viaaHASP SLkey,toaspecificcomputer. ThedecisionaboutthetypeofHASP SRMprotectionkeytowhich yoursoftwareislockedisdeterminedafterprotectionhasbeen implementedyouchoosetheoptionsthatbestsuityourcurrent businessstrategies.
35
HASP SRMEnvelopeenablesyoutowrapyoursoftwareina protectiveshieldatthetouchofabuttonwithouthavingto adjustyoursourcecode.Itestablishesalinkbetweenyour protectedsoftwareandaHASP SRMprotectionkey,eventhough theselectionofkeyisdeterminedatalatertime. HASP SRMToolBoxandtheHASP SRMRuntimeAPIenableyou toenhancetheprotectionofferedbyHASP SRMEnvelope,by incorporatingcomplexprotectionmechanismsintoyoursource code. HASP SRMBusinessStudioenablesyoutocreatelicensesandlock themtoHASP SRMprotectionkeys,towritespecificdatatothe memoryofaHASP SRMprotectionkey,andtoupdatelicenses alreadydeployedinthefield.Theseprocessesareperformed independentlyoftheprotectionprocess. CustomizedHASP SRMVendorkeysareusedinhousebyyour staff,togetherwithHASP SRMstateoftheartsecurity applications.
36
Vendor Code
TheVendorCodeisauniqueconfidentialcodeassignedtoyouby AladdinKnowledgeSystemswhenyouplaceyourfirstorderfor HASP SRMprotectionkeys.ItisintegratedintoyourHASP SRM Vendorkeys.Whenyouareprotectingyoursoftwareandlicensesto HASP SRMprotectionkeysfordistribution,theVendorCodeis extractedfromyourHASPSRMVendorkeys.
Batch Code
ABatchCodeconsistsoffivecharactersthatrepresentyour companysuniqueVendorCode.WhenyouorderHASP SRM protectionkeysfromAladdin,youspecifyyourBatchCode,whichis thenwrittentothekeysbeforedispatch.Inordertoeasilyidentifythe batchtowhichaHASP HLkeybelongs,theBatchCodeiswrittenon theoutsideofeachkey.
37
38
End-User Keys
TwotypesofHASP SRMprotectionkeysareavailableHASP HL keys,whicharephysicalUSBkeysthatconnecttoacomputer,and HASP SLkeys,whicharevirtualkeysthatlockyoursoftwaretoa specificmachine.Yoursoftwareandtheuserlicenseislockedtothe HASP SRMprotectionkeythatyouselect. AllHASP HLkeyswiththeexceptionofHASP HLBasickeys containinternalread/writememory.Youcanusethememorytodo anyofthefollowing:
HASP HL Keys
HASP HLkeysaredistributedwithyoursoftwaretoendusers.The keysconnecttotheenduserscomputers.AvarietyofHASP HLkeys areavailabletosuityourrequirements. HASP HLkeysofferthehighestlevelofsecurity.Inorderforauserto accessyoursoftware,andforittofunctioncorrectly,thekeymustbe accessiblebytheapplication.Furthermore,HASP SRMuses LicenseOnChiptechnologytoprotectHASP HLkeysagainstlicense tampering. HASP HLkeysalsohavetheadvantageofportability.Thismeansthat thekeycanbemovedfromonecomputertoanother.Softwaremay thereforebeinstalledonmultiplecomputersbutwillonlyrunifthe keyisconnectedandauthenticatedbythesoftware. ForinformationabouttheavailableHASP HLkeys,seeAvailable HASP SRMProtectionKeys,onpage 39.
39
HASP SL Keys
HASP SLkeysarevirtual,softwarebasedkeysthatresideinthe securestorageofaspecificcomputer.HASP SLkeysprovidethesame functionalityasHASP HLkeys,withoutrequiringphysical distribution. Afteryoursoftwareisinstalledonacomputer,theendusertypically entersaProductKeythatissent,viatheInternetorbyfiletransfer,to theHASP SRMBusiness StudioServer,togetherwiththefingerprint ofthemachine.HASP SRMBusinessStudiovalidatesthattheProduct Keyhasnotbeenusedtoactivatethesoftwareonmorethanthe permittednumberofmachinesasdeterminedbyyouthensends backtheHASP SLkey,whichisinstalledontheendusersmachine. Thisprocessisalsousedforupdatinglicenseterms. ForinformationabouttheattributesofHASP SLkeys,seeAvailable HASP SRMProtectionKeys,onpage 39.
Note:
Forfulltechnicalspecificationsofthekeys,refertotherelevant productdatasheet. HASP SRM Protection Key HASP HL Basic Description Supported Automatic Licensing and License Terms
Perpetual
Hardware-based AES encryption for copy and IP protection. Hardware-based AES encryption for copy and IP protection. Supports automatic licensing for multiple applications/Features.
HASP HL Pro
Read/write
112 bytes
ROM 112 bytes
by counters
40
Understanding HASP SRM Software Protection and Licensing Description Supported Automatic Licensing and License Terms
Perpetual Feature-based Per-use Demo License terms determined
Hardware-based AES encryption for copy and IP protection. Supports automatic licensing for multiple applications/Features. Hardware-based AES encryption for copy and IP protection. Supports automatic licensing for multiple applications/Features. Hardware-based AES encryption for copy and IP protection. Supports automatic licensing for multiple applications/Features. Contains internal real-time clock.
by counters
HASP HL Drive
Flash memory
512 MB/2 GB
Read/write 4 KB ROM 2 KB
by counters
HASP HL Time
Read/write 4 KB ROM 2 KB
HASP HL Net
Hardware-based AES encryption for copy and IP protection. Supports automatic licensing for multiple applications/Features.
Customizing Your Unique Solution HASP SRM Protection Key Description Supported Automatic Licensing and License Terms
Perpetual Feature-based Rental Subscription Floating Per-use Demo License terms determined
41
encryption for copy and IP protection. Supports automatic licensing for multiple applications/Features. Contains internal real-time clock.
HASP SL
Software-based AES encryption for copy and IP protection. Supports automatic licensing for multiple applications/Features.
Perpetual Feature-based Rental Subscription Floating Per-use Demo Volume License terms determined
Read/write 4 KB ROM 2 KB
42
http://www.aladdin.com/support/hasp-srm/vendor.aspx.
Chapter 2
In this chapter:
Supported Platforms HASP SRM Software Package Installing the HASP SRM Vendor Suite Software on a Windows Machine Installing HASP SRM Run-time Environment on a Mac Machine Installing the HASP SRM Run-time Environment Extracting Vendor Codes
Supported Platforms
ThissectionliststhesupportedplatformsforWindowsandMac operatingsystems. ThefollowingWindowsoperatingsystemsaresupported: HASP SRMRuntimeEnvironment:(32and64bit) Windows XP,WindowsServer2003,WindowsVista,and Windows 2008;andWindows XPEmbeddedandWindows 2000 (32bitonly) HASP SRMVendorTools:(32bitonly)Windows XPwith ServicePack 2,WindowsServer2003,andWindowsVista
44
HASP SRMBusinessStudioServer:(32and64bit) Windows XPwithServicePack 2,WindowsServer2003with ServicePack 1,andWindowsVista Database:SQLServer2005,andSQLServer2005ExpressEdition ThefollowingMacoperatingsystemsaresupported: HASP SRMRuntimeEnvironment:MacOSX10.4.x10.5.x
Note:
Currently,onlytheHASP SRMRuntimeEnvironmentis supportedforMacoperatingsystems.Thisenvironmentcanbe usedinconjunctionwithotherHASP SRMcomponentson Windowsbasedoperatingsystems.
HASP SRM Envelope Appliessecuritytoyoursoftwareexecutablefileswithina protectiveshield. HASP SRM ToolBox EnablesyoutofamiliarizeyourselfwiththeHASP SRMRuntime APIandtogeneratecodetoincludeinyoursoftwaressourcecode. HASP SRM Business Studio Aserverapplicationthatenablesyoutodefine,produceand updateyoursoftwarelicenses,andtoinitializememoryin HASP SRMprotectionkeys. HASP SRM Run-time API Samples Enablesyoutointegrateprotectionintoyourownsoftwareusing avarietyofprogramminglanguages. HASP SRM Run-time Environment TheHASP SRMRuntimeEnvironmentisthemainlinkbetweena HASP SRMprotectionkeyandtheprotectedapplicationfollowingits deploymentatacustomerssite.EndusersmusthavetheRuntime Environmentinstalledinordertoruntheprotectedapplication. YoucanalsointegratetheHASP SRMRuntimeEnvironment Installerintotheinstallationofyourprotectedapplication.
45
HASP SRM Run-time API TheHASP SRMRuntimeAPIenablesyoutoprotectyour applicationbyinsertingcallstotheHASP SRMprotectionkey throughoutyoursourcecode. TherootdirectoryontheHASP SRMinstallationCDisdivided accordingtooperatingsystems,andeachsystemfoldercontainsa Samplefolderthatprovidessamplesforvariouscompilersand programminglanguages:Eachsampleincludes: Librariesthatmustbelinkedtoyourapplication AsampleapplicationthatdemonstratestheuseoftheAPI HASP SRM Admin Control Center HASP SRMAdminControlCenterisacustomizable,Webbased, enduserutilitythatenablescentralizedadministrationof HASP LicenseManagersandHASP SRMprotectionkeys. UseHASP SRMAdminControlCentertomonitorlicensesand sessionswhenaprotectedapplicationisoperating,andtomanage detachablelicenses.
46
Note:
Ifforanyreasontheinstallationdoesnotstartautomatically,run setup.exefromtheWindowsdirectoryontheCD.
HASP SRMprogramfilesareplacedinfoldersunderthe \Program Files\Aladdin\HASP SRM\directory,asdetailedinHASP SRM Subfoldersonpage 47 FilesthataregeneratedusingHASP SRMapplicationswillbe locatedinfoldersunderthe foldersonpage 47 ThisincludesfilessuchasVendorCodes;HASP SRMEnvelope Projects,andprotectedapplications;C2VandV2Cfiles;generated APIsandsamples;andsoon. Note:ForWindowsVistausers,thedirectorypathis
\Users\[logged_in_user_name]\Documents\Aladdin\HASP SRM[version]\
47
API:ContainstheAPIlibraries Docs:Containsadigitalversionofthisguideplussupplementary
documentationforusingHASP SRM. Redistribute:Containsthesoftwaretobedeployedattheendusers site.Foradditionalinformation,seeHASP SRMSoftwareforEnd Usersonpage 191. Runtime Environment:ContainstheHASP SRMRuntimedrivers.For additionalinformation,seethefollowingsection. Samples:Containssampleapplicationsforvariousprogramming languagesandinterfaces. VendorCodes:ContainstheBatchCodesthatrepresentyour confidentialVendorCodeforyourHASP SRMprotectionkeys. VendorTools:ContainsHASP SRMVendorSuiteandrelatedutilities.
Note:
Thesetupstructuredescribedabovemirrorsthesetupofthe HASP SRMinstallationCDundertheWindows/Installeddirectory.
48
Post-installation Check
Beforeyouusethedaemons,checkthatthefollowingitemshavebeen correctlyinstalled:
Installed Files
Afteryouruntheinstallation,thefollowingfilesarelocatedonyour harddrive. WhenusingMacOSX10.4.x,orlater,theinstallerautomatically selectstherecommendedstartupmechanismfortheoperating system.Ifanolderversionofthemechanismisdetected,oldfileswill becleaned. Thefollowingfilesarecommonlyinstalled: OS X Version
All supported versions
Installed Files
daemon)
/Library/Receipts/HASP SRM RTE Installer.pkg.Thefileis createdbyInstaller.app(default) /Library/LaunchDaemons/com.aladdin.aksusbd.plist Library/LaunchDaemons/com.aladdin.hasplmd.plist /Library/StartupItems/Aladdin/Aladdin /Library/StartupItems/Aladdin/Startuparameters.plist
49
To stop the daemons: 1. IfyouareusingMacOSX10.3.9,orearlier: a. EnsurethatyouhaveAdministratorprivileges. b. Launch/Applications/Utilities/ActivityMonitor. c. e. Selecttheall processesview. SelectaksusbdfromthelistandclickTerminate. d. SelecthasplmdfromthelistandclickTerminate. Thedaemonsstoprunning. IfyouareusingMacOSX10.4.x,orlater: a. EnsurethatyouhaveAdministratorprivileges. b. Launch/Applications/Utilities/Terminal. c. Typesudo launchctl unload com.aladdin.hasplmd.plist andconfirm. Typesudo launchctl unload com.aladdin.aksusbd.plist andconfirm. Ifprompted,reenteryourAdministratorpassword.
d. Whenprompted,enteryourAdministratorpassword. e. f.
Thedaemonsstoprunning.
50
Command
-f -h, --help -l <level>
Description
Forces the daemon to work in the foreground. Required for launchd startup. Displays a list of available commands Specifies the level of log messages. The values are: 0 - Errors only 1 - Normal 2 - Verbose 3 - Ultra verbose Displays aksusbd and API versions Specifies the delay after connecting a HASP HL key, before it can be accessed the first time Specifies the length of the work queue (default 64) Specifies the permission bits for the special socket file. Default is 666 (access for all users) Starts the HASP License Manager daemon Launches daemon with owner as user to enhance security
To start the daemons to test your changes: 1. 2. Openashellwindowusing/Applications/Utilities/Terminal. Startaksusbd(withyourmodificationsincluded)bytyping sudo /usr/libexec/aksusbdatthecommandlineprompt.
Note:
Ensurethatyoudonotincludethe-fswitch. EnteryourAdministratorpasswordwhenprompted.
Installing HASP SRM Run-time Environment on a Mac Machine 3. Starthasplmd(withyourmodificationsincluded)bytyping sudo /usr/libexec/hasplmd -satthecommandlineprompt. The-sswitchisrequiredtostartthelocalHASP License Manager.
51
Note:
Ensurethatyoudonotincludethe-f switch. Themodificationswillbeignoredatthenextcomputerstartup. To save your modifications: 1. DependingontheMacoperatingsystemthatyouareusing,do oneofthefollowing: a. IfyouareusingMacOSX10.3.9,orearlier,addyour modificationstotheshellscriptlocatedinthe /Library/StartupItems/Aladdin/volume. Ensurethatthe-fswitchisnotincludedineitherdaemon. b. IfyouareusingMacOSX10.4.x,orlater,eitheredittheXML sourceusingatexteditor,orusethe/Developer/Applications/Utilities/ Property List Editor(partoftheXcodeDeveloperTools)todothe following:
Addthemodificationsforaksusbdto Addthemodificationsforhasplmdto
/Library/LaunchDaemons/com.aladdin.aksusbd.plist
/Library/LaunchDaemons/com.aladdin.hasplmd.plist Ensurethatthe-fswitchisincludedinbothdaemons.
52
Note:
AdministratorprivilegesarerequiredtoinstalltheHASP SRM RuntimeEnvironment.
HASPUserSetup.exe Utility
HASPUserSetup.exeisaGUIbasedinstallationprogramto
Tolaunchtheutility,doubleclickHASPUserSetup.exeandfollowthe onscreeninstructions.
haspdinst.exe Utility
haspdinst.exeisacommandlineutilitythatinstallstheHASP SRM
RuntimeEnvironment.Followinginstallation,thefileislocatedin
53
Description
Displays the installation status Displays a list of the available commands Enables the installation program to kill all processes accessing the drivers Sets the installation program to only display critical messages (e.g. instructions to reboot) Sets the installation program to remove driver by force, or removes the HASP SRM Run-time Environment, leaving the drivers in a nonfunctioning state Sets the installation program to ignore other running Windows processes Sets program to display no messages
-fi -nomsg
54
HASP SRM Installation TheHASP SRMVendorkeyscontainyouruniqueVendorCodeand otherimportantinformationthatisrequiredwhenusingHASP SRM toprotectandlicensesoftware.FormoreinformationaboutBatch Codes,seePersonalizedVendorandBatchCodesonpage 36. To extract Vendor Code information from the HASP SRM Vendor keys: 1. ConnectyourHASP SRMDeveloperkeytoyourcomputer,and verifythattheHASP SRM Masterkeyisconnectedtothemachine whereHASP SRMBusiness StudioServerisinstalled. StartHASP SRMEnvelopeorHASP SRMToolBox.Afteryoulog intotheapplication,theapplicationdetectsthenewHASP SRM VendorkeyandlaunchestheHASP SRMMasterHASPWizard. Alternatively,in\Program Files\Aladdin\HASP SRM\VendorTools\VendorSuite, doubleclickmasterhasp.exe.TheMasterHASPWizardlaunches, detects,andlistsallnewHASP SRMVendorkeys. EnteranameforthefileinwhichtheVendorCodeinformation willbesaved.ItisrecommendedthatyoustorealltheVendor CodesintheVendorCodesfolder.OnmostWindowsinstallations,the directoryislocatedin:
\Documents and Settings\[logged_in_user_name]\My Documents\ Aladdin\HASP SRM[version]\VendorCodes
2.
3.
4.
Bydefault,theHASP SRMVendorSuiteapplicationssearchthis directoryfortheVendorCode. IntheSpecifyAPISettingswindowofthewizard,selectthe librariesforwhichyouwanttogenerateAPIs.Ifyouwantto mergeAPIsofmultipleBatchCodesintoasinglelibrary,click Advanced.YoucanmergeuptofourAPIstoasinglelibrary.When youmergeAPIs,individuallibrariesaregeneratedinadditionto themergedones. ThegeneratedAPIsarelocatedinthefollowingdirectories,as appropriate:
\Documents and Settings\[logged_in_user_name]\My Documents\ Aladdin\HASP SRM[version]\API\Runtime\C \Documents and Settings\[logged_in_user_name]\My Documents\ Aladdin\HASP SRM[version]\API\Runtime\COM \Documents and Settings\[logged_in_user_name]\My Documents\ Aladdin\HASP SRM[version]\API\Runtime\CPP \Documents and Settings\[logged_in_user_name]\My Documents\ Aladdin\HASP SRM[version]\API\Runtime\DotNet
55
Thenameofthefileis[Batch Code].hvc.Forexample,ifyour BatchCodeisW3FLY,thefilenamewillbeW3FLY.hvc.(TheBatch CodeisarepresentationofyourconfidentialVendorCode.)Your HASP SRMVendorkeysandallyourHASP HLkeysarelabeled withyourBatchCode. Bydefault,HASP SRMVendorSuiteapplicationssearchthe VendorCodesfolderforyourVendorCodeinformation.
56
Part 2 Protection
In this section:
58
Chapter 3
Protecting Software
ThischapterprovidesanoverviewofHASP SRMsoftwareprotection, includingitsfundamentalelements,asummaryofhowitworks,and anintroductiontoHASP SRMprotectionmethods.
In this chapter:
60
Protecting Software
Alltheaboveareprotectedagainstanyattemptatreverse engineering. Foradditionalinformationabouttheavailableprotectionparameter options,seeHASP SRMRuntimeAPIProtectiononpage 67; HASP SRMEnvelopeProtectiononpage 81;andWorkingwiththe DataHASPEncryptionUtilityonpage 109.
61
AES Encryption
Aprotectedprogramreliesontheintelligenceinthememoryofa specificHASP SRMprotectionkeyinordertofunction.Inadditionto thechecksfortheHASP SRMprotectionkey,datacanbeencrypted anddecryptedusingtheintelligenceavailableintheHASP SRM protectionkey.
62
Encryption/Decryption of Data
Vendor Code
EachHASP SRMcustomerisassignedauniqueVendorCodethatmust bekeptconfidential.TheVendorCodeformsanintegralpartofthe protectionparametersthatconstitutetheinherentlinkbetweenthe protectedprogramsandtheHASP SRMprotectionkey.However,the VendorCodeisonlypartofthelink.Thecodeonitsownis insufficienttopreventillegaluseofthesoftware.Itmerelyprovides theprotectedsoftwarewithaccesstotheHASP SRMprotectionkey anditsresources. AllHASP SRMprotectionapplicationsrequiretheVendorCode.For informationonhowtoaccessthecode,seeExtractingtheVendorCode fromHASP SRMVendorKeysonpage 70.
63
Theseissuesarediscussedinthefollowingsections.
64
Protecting Software
What to Protect
WhenprotectingsoftwarewithHASP SRM,therearevariousoptions forapplyingprotection.HASP SRMRuntimeAPIisusedtoprotect thesoftwarebeforeitiscompiled.Protectioncanalsobeappliedafter thesoftwareiscompiledusingHASP SRMEnvelope.Youcanchoose whethertoapplyprotectiontoanentireprogram,asubprogram,or simplytoaFeature. YoumayopttouseeithertheHASP SRMRuntimeAPIorthe HASP SRMEnvelopeprotectionmethod,orboth,dependingonyour specificrequirements.Usethefollowingtabletodeterminewhich methodbestmeetsyourspecificrequirements. HASP SRM Envelope
Quick, automatic protection process
security. The strength of protection is proportional to the degree to which the HASP SRM Run-time APIs functionality is invested in implementation.
Source code must be available Maximum flexibility
65
66
Protecting Software
Chapter 4
In this chapter:
Overview HASP SRM Run-time API Pre-requisites Learning the HASP SRM Run-time API Implementation HASP SRM Run-time API Functionality
Overview
TheHASP SRMRuntimeapplicationprogramminginterface(API)is arobustmethodofsoftwareprotection,thestrengthofwhichis whollydependentonitsimplementation. TheextenttowhichthefunctionalityaffordedbytheHASP SRM RuntimeAPIisutilized,determinestheoveralllevelofsoftware security.TofullyutilizetheprotectionofferedbytheHASP SRM RuntimeAPI,strivetomaximizethecomplexityandsophisticationof yourimplementation. Itisessentialthat,beforeprotectingyourapplication,youarefamiliar withtheoverallfunctionalityoftheHASP SRMRuntimeAPI.
68
HASP SRM Run-time API Protection TheHASP SRMRuntimeAPIReferenceonpage 225detailsthe functionsthatcomprisetheHASP SRMRuntimeAPI.Seethis referenceforinformationonspecificfunctions. ToprotectyoursoftwareusingtheHASP SRMRuntimeAPI,you insertcallstoaHASP SRMprotectionkeythroughoutyour applicationssourcecode.Youcanaddcallstoyourapplicationthat checkforthepresenceofaHASP SRMprotectionkeyatanypoint duringruntime,andyoucandesignateresponsestothesechecks. For example,iftherequiredHASP SRMprotectionkeyisnotfound, youmightspecifythattheprotectedapplicationsuspendorterminate itself. YourapplicationcanalsocheckthememoryofaHASP SRM protectionkeyforspecificdata.Inaddition,youcanusethe HASP SRMRuntimeAPItoencryptordecryptdata. Tofacilitateaspeedylearningcurve,werecommendthatyou familiarizeyourselfwithandtestspecificHASP SRMRuntimeAPI functionsusingHASP SRMToolBox.HASP SRMToolBoxisaGUI basedapplicationthatinterfaceswiththeHASP SRMRuntimeAPI. Foradditionalinformation,seeLearningtheHASP SRMRuntimeAPI onpage 71. HASP SRMalsoincludesHASP SRMRuntimeAPIsamplefoldersfor specificcompilers.EachHASP SRMinterfaceincludesasample applicationdemonstratingAPIusageandaspecificheaderfile.The sampleapplicationsarelocatedintheSamplesfolderintheWindows directoriesontheHASP SRMinstallationCD.
69
Vendor Code
ItisnecessarytoprovidetheVendorCodeinordertoaccessa HASP SRMprotectionkeyanditsresources,includingmemory. VendorCodesareusuallystoredintheVendorCodesfolder.Onmost Windowsinstallations,thedirectoryislocatedat:
\Documents and Settings\[logged_in_user_name]\My Documents\ Aladdin\HASP SRM[version]\VendorCodes
Note:
DonotdistributesoftwareprotectedwithaHASP HL Demokey.This HASP SRMprotectionkeyisonlyforevaluationpurposes. ThefirsttimeyouorderHASP SRMprotectionkeys,youalsoreceive twoHASP SRMVendorkeysaHASP SRMDeveloperkeyanda HASP SRM Masterkeythatcontainyourcompanysunique confidentialVendorCode.TheHASP SRMDeveloperkeyisusedby engineersforaddingprotectiontoyoursoftware.The HASP SRM Masterkeyisusedforproducinglicensesandorders. HASP SRMVendorSuiteapplications(HASP SRMEnvelope, HASP SRMToolBox,andHASP SRMBusinessStudio)mustrecognize andhaveaccesstotheuniqueVendorCodethatwasassignedtoyou whenyourfirstorderwassuppliedbyAladdinKnowledgeSystems. TheVendorCodeisstoredinsideyourHASP SRMVendorkeys. HASP SRMVendorkeysareintroducedusingtheMasterHASP Wizard,asdescribedinthefollowingsection.
Note:
IfyouhavealreadyintroducedyourHASP SRMDeveloperkey,itis notusuallynecessarytoreintroduceit.
70
2. 3.
4.
5.
Bydefault,theHASP SRMVendorSuiteapplicationssearchthis directoryfortheVendorCode. IntheSpecifyAPISettingswindowofthewizard,selectthe librariesforwhichyouwanttogenerateAPIs.Ifyouwanttomerge APIsofmultipleBatchCodesintoasinglelibrary,clickAdvanced. YoucanmergeuptofourAPIstoasinglelibrary.Whenyoumerge APIs,individuallibrariesaregeneratedinadditiontothemerged ones. ThegeneratedAPIsarelocatedinthefollowingdirectories,as appropriate:
\Documents and Settings\[logged_in_user_name]\My Documents\ Aladdin\HASP SRM[version]\API\Runtime\C \Documents and Settings\[logged_in_user_name]\My Documents\
71
6.
Followtheremaininginstructionsinthewizardtointroducethe keyintoHASP SRMandextractyourVendorCode. By default, your Vendor Code information is saved on the Business Studio Server, and in this directory:
\Documents and Settings\[logged_in_user_name]\My Documents\ Aladdin\HASP SRM[version]\VendorCodes
Thenameofthefileis[Batch Code].hvc.Forexample,ifyour BatchCodeisW3FLY,thefilenamewillbeW3FLY.hvc.(TheBatch CodeisarepresentationofyourconfidentialVendorCode.)Your HASP SRMVendorkeysandallyourHASP HLkeysarelabeled withyourBatchCode. Bydefault,allHASP SRMVendorSuiteapplicationssearchthe VendorCodesfolderforyourVendorCodeinformation.
HASP SRMToolBox:Autilitywithagraphicuserinterfacethat ispartofHASP SRMVendorSuite.Foradditionalinformation, seeHASP SRMToolBoxonpage 72. HASP SRMRuntimeAPISamples:Asetofexamplesfor implementingtheHASP SRMRuntimeAPI.Foradditional information,seeHASP SRMRuntimeAPISamplesonpage 73.
72
API-related Functionality
HASP SRMToolBoxactslikeatutorialfortheHASP SRMRuntime API.Itsfunctionalityenablesyouto:
Display the source code generated for each function call This generatedsourcecodecanbecopiedandpastedintoyour applicationsourcecode. Evaluate manual implementation of the HASP SRM Run-time API Every HASP SRMRuntimeAPIfunctionincludedinHASP SRM ToolBoxisdisplayedonaseparatescreen.Toexecuteafunction call,youprovidespecificinformationrelatedtotheselected function. Transfer memory buffers to the AES encryption engine in a HASP SRM protection key Theprogramcanalsobeusedtodecryptdatabuffers. Create multiple programming language interfaces for the HASP SRM Run-time API.
Implementation
73
Note:
SeetheAladdinWebsiteandtheHASP SRMInstallationCDfor informationonavailablesamplesforspecificprogramming languages.
Implementation
Thissectiondescribesthepreimplementationissuesyoushould consider,andtheworkflowforimplementingtheHASP SRM RuntimeAPI.Italsoprovidesanoverviewofhowtologintoandout ofasession.
Note:
FeatureprotectionishandledthroughtheFeatureIDparameter. Foradditionalinformation,seehasp_login_scope()onpage 248.
74
Willencrypteddatabeincludedinmyimplementationscheme? Ifyouplantouseencrypteddataatruntime,useHASP SRM ToolBoxtoencryptthedata.Inserttheencrypteddatawhen implementingtheHASP SRMRuntimeAPI.Thedatais decryptedatruntimebytheHASP SRMprotectionkey. IsdatagoingtobestoredintheHASP SRMprotectionkey memory? IfthesoftwareisprotectedbyaHASP SRMprotectionkeywith memoryfunctionality,sensitivedatacanbestoredinthe HASP SRMprotectionkey.TheHASP SRMRuntimeAPIenables accesstoReadorWritetoHASP SRMprotectionkeymemory. Use HASP SRMToolBoxtowritedatabufferstoHASP SRM protectionkeymemory.
Note:
Thesessionidentifierisselfgeneratedandappliestoasingle loginsession.Foradditionalinformation,seehasp_login_scope()on page 248. 3. Afteraloginsessionisestablished,youcanuseotherHASP SRM RuntimeAPIfunctionstocommunicatewiththeHASP SRM protectionkey.Forexample,youcanusethehasp_decrypt functiontodecryptimportantdatausedbyyourapplication. You canalsoreaddatastoredintheHASP SRMprotectionkey memory,settimestamps,andsoon. UsingtheoutputgeneratedinStep3,checkforpotential mismatchesandnotifytheuseraccordingly.
4.
75
Note:
Afteryouhavecompiledthesourcecode,useHASP SRM Envelopetoaddanextralayerofprotectiontoyoursoftware. This processalsopreventsreverseengineeringofprotectedcode.
76
Login Options
WhenusingHASP SRMRuntimeAPIimplementation,logincallsare notdependentonspecificHASP SRMprotectionkeys.However, whenperforminglogincallsyoumustspecifywhatitisthatyouare actuallylogginginto.Whenlogginginyoumustdeclare:
Search Options
Thedefaultsearchsettingenablesaprotectedapplicationtosearch boththelocalcomputerandthenetworkfortherequiredHASP SRM protectionkey.YoucanlimittheHASP SRMprotectionkeysearch option,asfollows:
77
Login Counter
Bydefault,whenaHASP SRMlicenseisaccessedinaHASP HL Net key,licenseusageisdeterminedperworkstation.Youcanoverride thisconditionsothatlicenseusageiscountedperprocess.This impliesthatthelicensecounterisdecrementedperprocess.
Note:
EveryHASP SRMprotectionkeyloginsessionmustbeterminated withacorrespondinglogoutcall.
Function Groups
HASP SRMRuntimeAPIfunctionsarecategorizedintofivegroups, basedoncommonfunctionalityandlinkage.
Sessionfunctions Encryption/Decryptionfunctions
78
Session Functions
Asessioniscreatedbyexecutingasuccessfullogincalltoalicense residinginaspecificHASP SRMprotectionkey.Formoreinformation aboutloggingin,seeLoginOptionsonpage 76.Attheendofasession, usethelogoutfunctiontoclosethesession.
Encryption Functions
YoucanencryptordecryptdatabuffersusingtheAESbased encryptionengineintheHASP SRMprotectionkey.Theencryption engineusessymmetricencryption.Thismeansthatthesame encryptionkeyisusedlatertodecryptthedatabuffer.
Memory Functions
Usethememorytostoredatatobeusedbytheapplicationat runtime,andinformationthatcanbeusedlatertoverifyandidentify anenduser.Controlofaccesstosensitivedataformsanintegralpart ofyourprotectionscheme. TheHASP SRMRuntimeAPIcanbeusedto:
79
Time Functions
IfyouareusingaHASP HL TimekeyorHASP HL NetTimekey,the HASP SRMRuntimeAPIcanbeusedtoaccesstherealtimeclockin thekey.Thisfunctionalityenablesyoutoreadthetime.Twodateand timeconversionfunctionsareincludedintheHASP SRMRuntime API.
Management Functions
TheHASP SRMRuntimeAPIincludesfunctionsthatenableyouto retrieveinformationonthesystemcomponents,thecurrentlogin session,thestatusofadeployedHASP SRMprotectionkey,and licenseupdates. ThedetachfunctionenablesyoutodetachProductsandtheirlicenses fromapoolofnetworklicenseswhenusingHASP SLkeys. Youcanalsousetheupdatefunctiontoinstallupdates.Youdonot needtobeloggedintoasessioninordertoperformthisfunction.For additionalinformation,seehasp_update()onpage 253.Thisfunctionis themainfacilitatorofHASP SRMRemoteUpdateSystem.
80
Chapter 5
In this chapter:
Functionality HASP SRM Envelope Pre-requisites Running HASP SRM Envelope HASP SRM Envelope Protection Parameters Protecting Win32 Programs Accessing and Encrypting Data Files for Win32 Programs Protecting .NET Assemblies Code and Symbol Obfuscation in .NET Assemblies
Functionality
HASP SRMEnvelopeisawrappingapplicationthatprotectsyour applicationswithasecureshield.Thisapplicationoffersadvanced protectionfeaturestoenhancetheoveralllevelofsecurityofyour software. HASP SRMEnvelopeprotectsbothWin32and .NETexecutablesand DLLs,providingameanstocounteractreverseengineeringandother antidebuggingmeasures.
82
HASP SRM Envelope Protection ByusingHASP SRMEnvelopetoprotectyoursoftware,youestablish alinkbetweentheprotectedsoftwareandaHASP SRMprotection key.Thislinkisbrokenwhenevertheprotectedsoftwarecannot accesstherequiredHASP SRMprotectionkey. ImplementingHASP SRMEnvelopeprotectionisthefastestwaytosecure yoursoftwarewithoutrequiringaccesstoyoursoftwaresourcecode. HASP SRMEnvelopeisoperatedusingagraphicaluserinterface. The userinterfaceenablesyouto:
ProtectWin32and .NETexecutablesandDLLfiles Enhancetheprotectionof .NETassembliesbydefining Methodlevelprotection Defineavarietyofglobalprotectionparametersforyourprogram SpecifyaVendorCodetoauthenticatethepresenceofaspecific HASP SRMprotectionkey Customizetheruntimemessagesthatwillbedisplayedtoend usersrunningprotectedprograms
Note:
Therandommultilayerwrappingofprotectedapplicationsby HASP SRMEnvelopeensuresthatimplementedprotectionstrategies differfromoneprotectedprogramtoanother.
83
HASP SRMRuntimeEnvironment HASP SRMVendorSuite AvalidVendorCodestoredintheVendorCodesfolder. For additionalinformation,seeExtractingtheVendorCodefrom HASP SRMVendorKeysonpage 70 dfcrypt.exe,ifyouareplanningtoencryptdatafilesbymeansof acommandline TheWin32or .NETexecutablesorDLLsthatyouwanttoprotect Ifyouareprotecting .NETassemblies, .NETFramework2.0,orlater
84
Note:
HASP SRMEnvelopedoesnotaffectthefilesbeingprotected. However,youmustdesignateaseparateoutputfolderforthe protectedapplicationinordertodistinguishbetweensource (unprotected)andoutput(protected)files. HASP SRMEnvelopeprotectioninvolvestheapplicationofprotection parametersthatarecontrolledbytheenginesrunningHASP SRM Envelope.Youapplytheseparameterstoanunprotectedsource. HASP SRMEnvelopedoesnotaffecttheoriginalfilesorthewaya protectedapplicationactuallyworks.Theonlymodificationisthat useraccessisconditionalonthepresenceofarequiredHASP SRM protectionkey.IftheHASP SRMprotectionkeyispresent,the protectedfileruns. ThelogicofHASP SRMEnvelopeprotectionisillustratedinthe followingdiagram.NotethattheoriginalfilecanbeaWin32 executableorDLL,ora .NETassemblyexecutableorDLL.
Note:
Toensurethehighestlevelofsecurityforyoursoftware,HASP SRM Enveloperemovesdebuggingdatafromtheprogramsthatitis protecting.
85
Note:
ThecommandlineversionofHASP SRMEnvelopeisprimarilyused forautomatedprocesses.Beforerunningthecommandlineutility, createandsaveprotectionprojectstogetherwiththeirconfiguration filesusingenvelope.exe. ToaccessthecommandlineversionofHASP SRMEnvelope,goto
\Program Files\Aladdin\HASP SRM\VendorTools\VendorSuite\envelope.com
Command-line Options
ThefollowingparametersareavailableforusewiththeHASP SRM Envelopecommandlineversion: Command
-h /--help
Description
Displays the list of command-line parameters. Press Enter to return to the command-line console. The command-line utility uses the specified project as input data for the application-wrapping processall the files included in the project are protected. The command-line version starts the GUI version with the specified project running as the current project. Specifies the access code for the connected HASP Vendor key. This switch is only required if an access code has been specified using the MasterHASP wizard.
-p /--protect <project>
<project>
-a / -accesscode <code><project>
86
AllparametersaredetailedintheHASP SRMEnvelopeHelp documentation. ThissectionprovidesanoverviewoftheHASP SRMEnvelope protectionsettingsthatarecommontobothWin32programs and .NETassemblies.Mandatoryparametersthatarerequiredin ordertoprotectaprogramaredescribeinMandatoryParameterson page 87.OtherparametersthatarecommontobothWin32programs and .NETassembliesaredescribedinGeneralCustomizableParameters onpage 87. HASP SRMEnvelopealsoprovidessettingsthatarespecifictothe typeofprogramprotected.Foradditionalinformationaboutsettings forWin32programs,seeProtectingWin32Programsonpage 89,and AccessingandEncryptingDataFilesforWin32Programsonpage 90. For additionalinformationaboutsettingsfor .NETassemblies,see Protecting .NETAssembliesonpage 94,andCodeandSymbolObfuscation in .NETAssembliesonpage 99.
87
Mandatory Parameters
Thefollowinginformationmustbeprovidedinordertoprotect softwareusingHASP SRMEnvelope:
Thisinformationissufficienttoprotectaprogram.
Feature ID:YoucanselectauniqueFeaturetoprotectyour program.ForadditionalinformationaboutFeatures,seeUsing FeaturestoProtectProgramsonpage 88. HASPsearchmode:Youcandeterminewhereaprotected programsearchesfortheHASP SRMprotectionkey.For additionalinformation,seeSearchingforaHASP SRMProtection Keyonpage 88.
88
Localandremote:Theprotectedapplicationfirstsearchesthe localmachineforarequiredHASP SRMprotectionkey(default), andthenthenetwork. Localonly:Theprotectedapplicationsearchesonlythelocal computerforarequiredHASP SRMprotectionkey. Remoteonly:Theprotectedapplicationsearchesonlythe networkforarequiredHASP SRMprotectionkey.
AglobalFeaturethatrelatestotheentire .NETassembly.For additionalinformation,seeGlobalFeaturesin .NETAssemblieson page 95. MethodspecificFeatures.Foradditionalinformation,seeMethod specificFeaturesandParametersin .NETAssembliesonpage 97. Atruntime,aprotected .NETassemblysearchesforallFeaturesin theHASP SRMprotectionkey.
89
ThefrequencyatwhichrandomqueriesaresenttoaHASP SRM protectionkey.Thesequeriescompriserandomencryptionand decryptionprocedures. Thetimeintervalbetweenchecksforthepresenceofarequired HASP SRMprotectionkey. Whethersupportforprogramsthatrequireoverlaystoexecute correctlyshouldbeenabled. Thelengthoftimethattheprotectedapplicationwaitsforthe HASP SRMRuntimeEnvironmenttoload.
Protection Attributes
YoucandefinespecificsecurityattributesforprotectedWin32 programsincludingparametersfor:
90
Note:
Increasingthenumberofprotectivemodulesincreasesthestartup timeforaprotectedapplication,andtheresultantfilesize.Thereis alsoatradeoffbetweenencryptionlevelandprotectedfilesize andstartupspeed.Ahigherencryptionlevelcausesaslower startup,andincreasesthesizeoftheprotectedapplication.
91
Note:
Usethesameencryptionkeywhenmultipleapplicationsaccess thesamedocumentset. HASP SRMEnvelopeincludesthedatafiltersandencryptionkey informationaspartoftheprotectionschemeappliedtotheprotected application.TheencryptionofdatafilesishandledbytheDataHASP utility.Foradditionalinformation,seeWorkingwiththeDataHASP EncryptionUtilityonpage 109.Alternatively,youcanuseacommand lineutility.Foradditionalinformation,seeUsingdfcrypt.exeonpage 92.
92
Using dfcrypt.exe
InsteadofusingtheDataHASPutility,youcanuseacommandlineto encryptdatafiles.Thedfcrypt.exeutilitygeneratesdatafilesthatcan beprocessedbyexecutablesprotectedbyHASP SRMEnvelope. The commandlineutilityrequiresaspecificsetofinputparametersto function.Aftertheseparametershavebeenappliedtoadefinedsetof datafiles,theencryptedfilescanbeaccessedbyHASP SRMEnvelope. Thefollowingfigureillustratestheworkflowfordatafilehandling usingdfcrypt.exe.Afterdatafilesareencrypted,applications protectedwithHASP SRMEnvelopecandecryptandaccessthefiles. Thisisonlypossibleif,atprotectiontime,youspecifytheencryption keyinHASP SRMEnvelope.
93
Forexample:
dfcrypt -c:demoma.hvc -k:4873Asdb data.txt data_crypt.txt
Action
Encrypts data, available by default Decrypts data Specifies a Vendor Code file (mandatory) Specifies an encryption key to be used to encrypt data files. Must contain 8 printable characters. (mandatory) Overwrites destination files Enables recursive handling of subdirectories Displays the help screen, listing dfcrypt.exe commands Suppresses output by excluding copyright information and the progress indicator. Only error messages are displayed. This is particularly useful in Makefile integration.
-q, --quiet
94
.NET Considerations
Whenprotecting .NETassemblies,considerthefollowingissues:
Youmustprotectyourassembliesinadevelopmentenvironment. HASP SRMEnveloperequireslibrariesthatarenotpartofthe .NET framework,butareincludedinthedevelopmentenvironment. HASP SRMEnvelopefor .NETrequiresaccesstoallassemblies andtheirdependencies. HASP SRMEnvelopebreaksthestrongnamesignatureofsigned assemblies.YoucanchoosetoresigntheassemblyinHASP SRM Envelope,aspartoftheprotectionprocess. Whenyouprotecta .NETFramework 1.xassembly,the HASP SRMEnvelopeoutputisinFramework 2.0,requiring Framework 2.0tobeinstalledontheendusermachine.
95
Afteryouhaveprotecteda .NETassembly,theassemblyrequires aHASP SRMDLLtofunctionatruntime.Usehaspdnert.dllfor programsthatrunon32bitoperatingsystemsand haspdnert_x64.dll forprogramsthatrunon64bitoperating systems. YoucannotuseHASP SRMEnvelopefor .NETtoprotect individualdatafiles.
Method-level Protection
Whenyouselecta .NETassemblyforprotection,HASP SRM EnvelopeautomaticallydeterminestheProtection typethatwillprovide thebestprotectionforyourprogram,dependingonwhetheryouare protectinganexecutableoraDLL.TheProtection typedeterminesthe methodsthatareavailableforindividualprotection.
Note:
ItisrecommendedthatyoudonotchangetheautomaticProtection type settings. Thissectiondescribeshowyouselectindividualmethodsandthe behaviorofdifferentmethodtypes,inadditiontotheparametersyou canselectforthemethods.
96
Description
The class constructor icon represents all .ctor methods for this class. Instance, static and entry point methods included in the class are nested under the class constructor.
Note:
Underlying .ctor methods are not displayed in the list as
separate methods
If a class does not include a .ctor method, the class
constructor name is displayed, but the item cannot be selected. This does not affect nested methods, which can still be protected individually.
Protection or settings defined for a class constructor do
97
Description
A method that does not include a static modifier The entry point for a .NET executable A method that includes a static modifier
Note:
Selectingorclearingthecheckboxofahigherlevelitemdoesnot affectnesteditems.Forexample,ifyouclearthecheckboxofa classconstructor,methodsnestedunderitremainselected. Whenamethodnameisgrayedout,itcannotbeselectedfor protection IftheProtection typeisWin32 Shell only,youcannotprotectindividual methodsinthat .NETassembly ADLLcannotbeprotectedwhenthecheckboxesforallitemsin thelisthavebeencleared
98
HASP SRM Envelope Protection Youcandeterminehowoftentheprotectedprogramlogsintoeach Feature IDintheHASP SRMprotectionkeyandperformsdecryption usingthatFeature IDbyspecifyingtheFrequencyforspecificmethods.
Note:
YoucanonlyspecifytheFeature ID andFrequencyformethodsthat havebeenselectedforprotection IftheProtection typeisWin32 Shell only,youcannotspecifyaFeature ID orFrequencyforindividualmethods YoucanselectmultiplemethodsandspecifythesameFeature ID andFrequencyforallselecteditems
constructor, the check is performed the first time the .ctor method is run.
If the same Feature ID is used in other classes, the check
Every time
Recommendations:
UsetheOnce per Application defaultsetting.TheOnce per Instanceand Every timesettingsmayslowtheperformanceofyourprogram. Ifacounterbasedlicenseisbeingdefined,usetheEvery timesetting onlyforthemethodthatdetermineslicensing,asthecounteris decrementedeverytimethemethodiscalled.
99
Chapter 6
Protection Strategies
Chapter Title
In this chapter:
Overview General Protection Guidelines Types of Attack and their HASP SRM Defense
Overview
Parallelwithadvancesinsoftwareandsoftwaresecurity development,softwarecrackersaredevelopingmoresophisticated meansofdeconstructingsoftwareprotectionmeasuresinorderto duplicateanddistributeillegalcopiesofunlicensedsoftwareandto reverseengineercodeinordertostealintellectualproperty. Tomaintaintherightstoyourrevenuestream,itisessentialthatyou remainvigilantaboutthestrategiesofyourenemies,andthatyou continuallyandwiselyimplementthelatestandstrongesttechniques forprotectingyoursoftware.
Thereisnosoftwareprotectionthatisabsolutelyuncrackable. However,ifyouconstantlyimplementuptodatestrategiesusingthe strongestsoftwareprotectionmethods,yousignificantlydecrease yourvulnerabilitytosuchattacks. Thischapterdescribesgeneralprotectionstrategiesforsoftware vendors.Itthenoutlinessomeofthemethodsthatsoftwarecrackers employinordertoidentifyandnegatesoftwareprotectionand security,andrecommendsHASP SRM measuresthatyoucanuseto enhanceyoursoftwaresecurity. Inadditiontotheinformationdescribedinthismanual,ourteamof AladdinConsultantsprovidespersonalizedassistancein strengtheningsoftwaresecurityandprotection.Theycanprovide helponawiderangeofissues,includingadditionalprotection strategiesandimplementationtechniques. ForinformationonconsultationservicesofferedbyAladdin KnowledgeSystems,contactyourlocalAladdinrepresentative.
103
105
107
Clock Tampering
Clocktamperingrelatestoeitherthesystemclockofthemachineon whichtheprotectedsoftwareisrunning,ortoarealtimeclock containedinkeys.Thesoftwarecrackerresetsthetimetoenable extended,unlicenseduseofthesoftware.
Use Both the HASP SRM Run-time API and HASP SRM Envelope
MaximizesecuritybyusingtheHASP SRMRuntimeAPIto implementcallstoaHASP SRMprotectionkey,andprotectthe applicationwithHASP SRMEnvelope.Usingoneprotectionmethod doesnotprecludetheuseoftheother.
Chapter 7
In this chapter:
Introduction
TheHASP SRMEnvelopeDataHASPencryptionutilityenhancesthe defaultHASP SRMEnvelopeprotectionbyinjectingaprotected programwiththeabilitytoencryptanddecryptspecifieddatafiles. Decryptionandencryptioncanbeappliedtofilesthathavebeen preencrypted,andtonewfilescreatedbyyourprotectedapplication. Decryptionoccurswhenadatafileisopenedandencryptionoccurs whenadatafileissaved. TheabilitytoimplementDataHASPfunctionalityisenabledwhenthe executablefileisbeingprotectedusingHASP SRMEnvelope.The typesoffilesthataretobeencryptedanddecryptedarealsospecified atthesametime.
Note:
ItisimportantthatyouuseDataHASPtopreencryptanydatafiles thatyouintendtodistributewithyourprotectedprogram.
110
DataHASP Users
Anyoneinvolvedintheproductionormaintenanceofdatafilesforyour protectedsoftwareshoulduseDataHASP.Thiscouldincludepeoplein rolessuchasgraphicartists,informationdevelopers,oraccountants.
DataHASP Pre-requisites
111
DataHASP Pre-requisites
InordertouseDataHASP,youmusthavethefollowingcomponents installed.Inaddition,youneedtoknowthelocationofthe appropriateHASP SRMEnvelopeproject,andthefilesthatyouwant toencrypt.
HASP SRMprotectionkeys:EnsurethattheHASP SRM protectionkeythatisusedtoprotecttheprogramisaccessible whenprotectingdata. Whileencryptionanddecryptionofdataisperformedinthe protecteddevicedriver,theHASP SRMprotectionkeygenerates theencryptionkey.Thismethodensuresmaximumprotection whilemaintainingthehighperformancethatisrequiredwhen largevolumesofdataaredecrypted. RuntimeEnvironment:BeforeusingtheDataHASPutility, ensurethattheappropriateruntimeenvironmentisinstalledon yourmachine. Input:TouseDataHASPcorrectly,thefollowingmustbereadily availableinknowndirectories: AsavedHASP SRMEnvelopeprojectcontainingaprogram orprogramswithenableddatafilters Datafilesyouwanttoencrypt.Thesefilesmustsatisfythefile filtersspecifiedfortheprogram(s)
112
Launching DataHASP
YoucanlaunchDataHASPdirectlyfromHASP SRMEnvelopeafter youhavedefineddatafilters.Alternatively,youcanclickthe datahasp.exefile,locatedinthefollowingdirectoryonyoursystem:
\Program Files\Aladdin\HASP SRM\VendorTools\VendorSuite
Supported Functionality
TheDataHASPutilityhasaconvenientlydesignedinterfacethat managesallaspectsofdataencryptionprojects.Theinterfaceenables youto:
OpenHASP SRMEnvelopeprojectsandlisttheprogramsthey contain EditexistingDataHASPprojects Addfilesordirectoriesfordataencryption Encryptdatafilesanddirectoriesforspecificprogramsprotected byHASP SRMEnvelope Viewandsaveencryptionprocesslogs AccessallHASP SRMVendorSuiteapplicationsandtheAladdin Website
Modifying Input
Datafilesaresubjecttoregularmodification.DataHASPsdesign anticipatestherequirementtoregularlyupdatedatafilecontent.After youhaveencryptedmodifieddatafiles,theycanonlybeaccessedifa specificHASP SRMprotectionkeyisdetected.
Part 3 Licensing
In this section:
114
Chapter 8
In this chapter:
HASP SRM Business Studio Overview HASP SRM Business Studio User Roles Getting Started with HASP SRM Business Studio
Note:
ThischapterprovideshighlevelinformationonHASP SRMBusiness Studioprocesses.Fordetailedpracticalinstructionsforusingeach functioninHASP SRMBusinessStudio,seetheHASP SRMBusiness StudioHelpdocumentation.
116
Introduction to HASP SRM Business Studio HASP SRMseparatesthesoftwareprotectionprocess(implemented withHASP SRMRuntimeAPIorHASP SRMEnvelope)fromthe licensingandproductionprocesses(implementedwithHASPSRM BusinessStudio),enablingyoutomodifyyourcompanyslicensing strategyasnecessarywhencircumstanceschange,andtoimplement thesechangesquicklyandefficiently.
License Planning
BeforestartingtouseHASP SRMBusinessStudio,itisrecommended thatbusinessdecisionmakersinyourorganization,suchasproduct ormarketingmanagers,preparealicensingplanbasedonthe companyslicensingstrategy. Thelicensingplanidentifieseachindividualfunctionalcomponentin yoursoftwareapplicationsthatcanbeindependentlycontrolledbya license.InHASP SRM,thesecomponentsarereferredtoasFeatures. A Featuremaybeanentireapplication,amodule,oraspecific functionalitysuchasPrint,SaveorDraw.Over64,000Featurescanbe definedusingHASPSRMBusinessStudio. Inaddition,thelicensingplancanincludetheProductsthatyour companywantstoselland/ordistributeforevaluation.InHASP SRM, aProductisacollectionofoneormorelicensedFeaturesthatcanbe soldordistributedasanitem. Aftercompletingthelicensingplan,theFeaturesandProductscanbe definedinHASP SRMBusinessStudio.Theoutputofthisprocessisa repositoryofProductsthatarestoredintheHASP SRM Business StudioServerdatabasereadyforcustomerorders.
Note:
Youcanmakesubsequentchangestoyourlicensingplanandlicense modelsatanytime,addingFeaturesandProductsasrequired.
117
Foradditionalinformationonpreparingalicensingplanforusewith HASP SRM,seeChapter 9,PreparingYourHASP SRMLicensingPlan. ForadditionalinformationondefiningFeaturesandProductsin HASP SRMBusinessStudio,seeChapter 10,ImplementingYour HASP SRMLicensing Plan.
Orderprocessingpersonnelprocesstheorderdetailsusing HASP SRMBusinessStudio.ThelicensetermsofeachFeatureinthe orderedProductsmaybespecifiedwhentheProductisdefined,or whentheorderisprocessed. Whenallthedetailsofanorderhavebeendefined,theordercanbe produced.TheProductdetails,includingthelicensetermsand memorydata,arestoredinthespecifiedHASP SRMprotectionkeys attheproductionstageorwhentheProductisactivated,andcanbe updatedafterthekeyshavebeendeployed. Foradditionalinformationonprocessingandproducingordersin HASP SRMBusinessStudio,seeChapter 11,HASP SRMOrders, Production,and DevelopmentTasks.
118
Online Updates
Onlineupdatescanbeimplementedinthefollowingways: TheHASPUpdateinformationisstoredontheHASP SRM Business StudioServerforuseinsoftwarethatyouprovideto yourendusers.Theupdateisthenimplementedaspartofthe end usersinstallationprocess. AfilethatcontainstheHASPUpdateinformationisgenerated andsenttotheenduser.Thisfilecanthenbeusedwiththe HASP SRMRemoteUpdateSystem(RUS)utilitytoensuresecure, remoteupdatingofthedeployedHASP SRMprotectionkeys. ForadditionalinformationonRUS,seeChapter 13,HASP SRM RemoteUpdateSystem. AreceiptcanbegeneratedwhenaHASPUpdateisprocessed,to verifythattheupdatehasbeenapplied.
119
Available Tasks
Define and manage Features and Products
Order Management
Define, and manage customer orders; check in Customer-to-Vendor files and HASP SRM key data View and produce customer orders View and edit customer details; perform manual Product activation Perform development-related tasks, such as generating the HASP SRM Run-time Environment installer HASP SRM administration functions, including defining users and their roles, configuring system settings, and managing Batch Codes
Production
Customer Services
Development
Administration
Note:
HASP SRMpasswordsarecasesensitive,soensurethatyouuse uppercaseandlowercaseletterscorrectlywhenyoutypeyour password.
AvalidconnectiontotheHASP SRMBusiness StudioServermust exist.For additionalinformationoninstallingtheHASP SRM Business StudioServer,seetheHASP SRMBusiness StudioServer InstallationGuide. YoumusthaveaHASP SRM Masterkeythatcontainsyourlicense forHASP SRMandyourcompanysspecificVendorCode.If not previouslyintroduced,theHASP SRM Masterkeyisintroduced duringtheHASP SRMBusiness StudioServerinstallationprocess.
121
TheHASP SRM Masterkeymustremainconnectedtothe HASP SRMBusiness StudioServermachineinordertoenableyou toperformHASP SRMBusinessStudiofunctions.Ifthe HASP SRMBusiness StudioServerisinstalledonmorethanone servermachine,eachservermusthaveaseparate HASP SRM Masterkeylocallyconnected.
Note:
IfyouareevaluatingHASP SRMBusinessStudio,youcanusethe DEMOMABatchCodeprovided,whichdoesnotrequirea HASP SRM Masterkey.
Youmustdefineusernames,passwords,roles,andbatchaccess foreachHASP SRMBusinessStudiouser,andalsoforyourself. Foradditionalinformation,seeMaintainingUserDetailson page 179. AdefaultusernameandpasswordisprovidedwithHASP SRM toenableyoutologintoHASP SRMBusinessStudioasthe HASP SRMAdministrator.Thedefaultusernameandpassword isHASP. ForadditionalinformationontheHASP SRMadministrationtasks andoptionsinHASP SRMBusinessStudio,seeAdministrationTasks onpage 178.
OntheleftistheHASP SRMBusinessStudiofunctionpane.Thispane displaysthefunctiongroupsavailableforyouruse,dependingonthe userrolesassignedtoyou. Whenyouclickoneofthefunctionsinthefunctionpane,thewindow forthatfunctionisdisplayedinthemainpane.Thiswindowcontains: Informationrelevanttothefunctionyouselected Ataskpaneontherightsideofthewindow,containingtasksthat youcanperformwithintheselectedfunction Forexample,ifyouclickManage Features,theManageFeatureswindow isdisplayed.DetailsofcurrentlydefinedFeaturesaredisplayedinthe mainwindow.Thetaskpaneliststhetasksthatcanbeperformed, suchasdefininganewFeature,openinganexistingFeature,deleting aFeature,andsoon. Manyofthefunctionwindowsprovidefilterand/orsearchfieldsto enableyoutoquicklylocaterequireddata.
123
FromtheHelpmenuintheHASP SRMBusinessStudiowindow, selectHASP SRM Business StudioHelp.TheHASP SRMBusinessStudio Helpdocumentationisdisplayed. ToopenthecontextsensitiveHelpforthecurrenttaskorfunction, presstheF1keyorclickHelpinanyHASP SRMBusinessStudio windowordialogbox.TheHelptopicassociatedwiththecurrent taskorfunctionisdisplayed.
Chapter 9
In this chapter:
Licensing Overview Preparing Your Licensing Plan Choosing the Protection Level for Your Products Designating Products for Trial or Grace Period Use Assigning License Terms to Features Utilizing HASP Memory Using Your Licensing Plan with HASP SRM Business Studio
Note:
ThischapterprovideshighlevelinformationaboutHASP SRM licensingoptions.Fordetailedpracticalinstructionsforimplementing thelicensingoptionsinHASP SRMBusinessStudio,seethe HASP SRMBusinessStudioHelpdocumentation.
Licensing Overview
Part2ofthisGuide,Protection,explainedindetailhowtoprotectyour softwareandintellectualproperty.Inadditiontoprotectingthese valuableassets,itisessentialthatyouprotectyourcompanysrevenue byensuringthatyoursoftwareisavailableonlytotheappropriate users,accordingtothetermsthatyoudefine.Thisprocessis controlledbylicensing. Licensingprovidesyouwiththeflexibilitytoimplementyour businessstrategiesforthesaleanddistributionofyoursoftware products.Youdefinethelicensingtermswithwhichyoursoftwareis distributedorsoldaccordingtoyourdecisionsaboutwhatis commerciallybeneficialtoyourcompany. Forexample,youmaydecidethatyouinitiallywanttodistributeyour softwarefreeofcharge,sothatuserscantryitbeforepurchasing. You willwanttoensurethatuserscanuseitforonlyalimitedtime beforeitmustbepurchased. Alternatively,youmaypublishverycomplex,expensivesoftware. You maydecidetomakespecificcomponentsofthatsoftware availableforalowerprice,thusmakingpartsofitaccessibletousers whocannotaffordthefullyfeaturedversion. HASP SRMsversatilityenablesyoutoimplementawidevarietyof licensingmodels.RefertotheGainingaCompetitiveEdgewith HASP SRMLicensingguideforanoverviewofthemanymodelsyou canapplytoyoursoftwareofferings.
127
Youcandefineadditionallicensingmodelsandsoftwareusageterms tomeetyourcompanysindividualrequirements. Itisrecommendedthatyoupreparealicensingplanbeforeyoustart touseHASP SRMtostreamlinetheimplementationofyour companyslicensingstrategy.YourHASP SRMlicensingplanshould bebasedonthedetailedlicensingrequirementsthatyoudefineforall theprotectedsoftwareapplicationstobesoldbyyourcompany, and/ordistributedfortrialuse. TheprocessofpreparingaHASP SRMlicensingplancanincludethe followingsteps: 1. 2. 3. 4. Analyzingalltherelevantsoftwareapplicationsandidentifying eachfunctionalcomponentthatcanbelicensedindividually. Combiningthesecomponentsintolicensedentitiesthatcanbe offeredtocustomers. DecidingwhichHASP SRMprotectionkeysyouwanttosupply withyoursoftwareapplications. Specifyingthedetailedlicensingtermstobeapplied,accordingto yourlicensingstrategy.
Theoutputofsuchaprocessisacomprehensivelicensingplanthat canbeimplementedusingHASPSRMBusinessStudio.
Note:
Youcanmakesubsequentchangestoyourlicensingplanandlicense modelsatanytime.
Feature
DRAW VIEW SAVE PRINT DESIGNS PRINT REPORTS REPORT GENERATOR
129
AProductintendedforsmallofficecustomers,HQ Design Lite, offeringtheFeaturesincludedinHQ Design Demo,withtheaddition ofDRAWandSAVE AProducttargetedtowardslargercustomers,HQ Design Pro,that offersallavailableFeatures
Note:
TheREPORTGENERATORFeaturehasnotyetbeenfullydeveloped andisnotcurrentlyincludedintheHQ Design Pro Product.ThisFeature isplannedforafuturerelease.
HASP HL keys:Thehardwarebasedprotectionandlicensing
componentofHASP SRMthatprovidesthesafestandstrongest levelofprotection.Foradditionalinformation,seeHASP HLKeys onpage 38. HASP SL keys:Thesoftwarebasedprotectionandlicensing componentofHASP SRMvirtualHASP HLkeys.Foradditional information,seeHASP SLKeysonpage 39.
HASP HL locking only:hardwarebasedlevelofprotection HASP SL locking only: softwarebasedlevelofprotection HASP HL or HASP SL locking:softwarebasedlevelofprotection
131
Productactivationisinstantaneous.Enduserscanimmediately startusingthesoftwarewithitsfullylicensedfunctionality. Theactivationprocessforendusersisconvenientand transparent. Theonlineconnectionwithenduserscanenableuserregistration datatobecollectedandusedformarketingpurposes. WhenusinganetworklicensethatislockedtoaHASP SLkey, youcanspecifythatalicensecanbedetachedfromthenetwork andattachedtoaremoterecipientmachine.
WARNING!
AProductthatcanbedistributedwithbothHASP HLkeysand HASP SLkeysisalwayssuppliedwiththeHASP SLkeylevelof protection,evenwhenitisshippedwithHASP HLkeys.
133
Similarly,enduserswhopurchaseandinstallasoftwareapplication canuseitfora30daygraceperiodwithoutactivatingit.Duringthis graceperiod,theycanactivatethesoftwareremotelyandreceivea HASP SLkey,afterwhichthesoftwarewillrunaccordingtothe purchasedlicensetermsstoredinthekeys.Ifthegraceperiodexpires andthesoftwarehasnotbeenactivated,itwillstoprunninguntil activatedbytheenduser. InHASP SRM,aProductthatisintendedfordistributionastrialwareor foruseduringagraceperiodisreferredtoasaProvisionalProduct. HASP SRMlockingtypesarenotapplicabletoProvisionalProducts, sincetheseProductsaredistributedwithoutHASP SRMprotectionkeys. YourlicensingplancanincludealltheProvisionalProductstobe offeredbyyourorganization.
Perpetual:Indicatesthatthelicensecanbeusedanunlimited
134 Preparing Your HASP SRM Licensing Plan IftheFeatureisintendedtobeusedonanetworkorremotedesktop, youcanalsospecifythenumberofconcurrentinstancesallowed,and youcanspecifyhowconcurrentinstancesaretobecountedforthe purposeofthelicense.Inaddition,iftheFeaturewillbeusedin ProductsthatarelockedtoHASP SLkeys,youcanspecifythatthe Featureanditslicensemaybetemporarilydetachedfromthenetwork forattachmenttoaremoterecipientmachine.
followinglicensetermsforitsthreeProducts:
Atrialperiodof30daysforthePRINTandVIEWFeaturesinits HQ Design Demo Product AlowcostannualrentallicensefortheDRAWandSAVE FeaturesintheHQ Design Lite Product,withunlimitedusageforthe PRINTandVIEWFeatures Amorecostly,fullyfeaturedlicensefortheHQ Design Pro Product thatspecifiesunlimitedusageforallFeatures
HQ Design DemoisdefinedasaProvisionalProduct,toenableittobe distributedfreelyforevaluation HQ Design LiteissuppliedwithHASP SLkeyprotection,enabling electronicdistribution HQ Design ProissuppliedwithHASP HLkeyprotection,for maximumsecurity
ThefollowingprotectionlevelsaredefinedforeachoftheProducts:
135
HQ Design Demo
Provisional Trial
HQ Design Lite
HASP SL keys Rental
HQ Design Pro
HASP HL keys Unlimited
Storelicensesfromyourownlicensingschemes Savepasswords,programcode,programvariables,andotherdata
Chapter 10
In this chapter:
License Planning in HASP SRM Business Studio Managing Features Managing Products Maintaining Products and Licenses
Note:
Thischapterprovideshighlevelinformationonlicenseplanningand definitionprocesses.Fordetailedpracticalinstructionsforusingeach functioninBusinessStudio,seetheHASP SRMBusinessStudioHelp documentation.
ManagingFeatures ManagingProducts
Note:
AllHASP SRMFeaturesandProductsareassociatedwitha HASP SRMBatchCode.ForadditionalinformationonBatchCode, seePersonalizedVendorandBatchCodesonpage 36.
Managing Features
139
Managing Features
WhenyouselecttheManage FeaturesfunctionintheHASP SRM BusinessStudiowindow,youcanviewthedetailsofalldefined FeaturesassociatedwiththeselectedBatchCode.Youcanperformthe followingtasksusingtheManage FeaturesfunctioninHASP SRM BusinessStudio:
DefineFeatures WithdrawFeaturesfromuse
Defining Features
Ifyouhavepreparedalicensingplan,thefirststageinits implementationistouseHASP SRMBusinessStudiotodefineallthe Featuresthatyoulistedintheplan. BeforeyoubegintodefineFeatures,ensurethatyouhavethe followinginformationavailableforeachnewFeature:
Note:
LicensetermsareFeaturespecificinHASP SRM.However,theyarenot definedaspartoftheFeatureproperties.ThelicensetermsforaFeature arespecifiedwhentheFeatureisaddedtoaProduct,orwhenthe Productisaddedtoanorder.ThisisbecausethesameFeaturemaybe includedinanumberofProducts,andthelicensetermsfortheFeature mayvaryaccordingtotherequirementsoftheProductoroftheorder.
Feature Identification
Bydefault,HASP SRMBusinessStudiogeneratesauniqueFeature IDfor eachnewFeature.Youcanassignyourownnumericidentifiertothe Feature,forexample,tomaintainconsistencywithexistingFeaturedata. TheFeature IDthatyouspecifymustbeuniqueintheselectedbatch.
Withdrawing a Feature
Atsomestage,youmaywanttowithdrawaselectedFeaturefromuse andspecifythatitcannolongerbeincludedinProducts,forexample, ifthefunctionalcomponentassociatedwiththeFeatureisbeing replacedbyamoresophisticatedcomponent. IftheFeaturehasnotbeenincludedinanyProduct,youcandeleteit. AFeaturecannotbedeletedonceithasbeenincludedinatleastone Product.Youcan,however,withdrawtheFeaturefromuseby markingitasObsolete. AnObsoleteFeaturecannotbeaddedtoProducts,butitsdetailsare maintainedinHASP SRMBusinessStudiofortrackingpurposes,and itcontinuestobefunctionalinexistingProducts.
Managing Products
141
Managing Products
WhenyouselecttheManage ProductsfunctionintheHASP SRM BusinessStudiowindow,youcanviewthedetailsofalldefined ProductsassociatedwiththeselectedBatchCode.
Note:
YoucannoteditordeleteaProductthathasalreadybeenincludedin anorder(withtheIn Use status).
TheBatchCodeassociatedwiththeProduct AProductNamethatidentifiestheProductandisuniqueinthe selectedbatch(mandatory).ThemaximumlengthforaProduct Nameis50characters. Afreetextdescriptionthatprovidesadditionalinformationabout theProduct,forexample,thefunctionalityitincludes(optional) ProductreferenceinformationthatcanidentifytheProductina differentsystem,forexample,aproductcodeinyourcompanys ERPsystem(optional) Thelevelofprotection(lockingtype)thatyouwanttoapplytothe Product TheFeaturestobeincludedintheProduct ThelicensetermsforeachFeaturetobeincludedintheProduct ThedatatobestoredinthememoryassociatedwiththeProduct
AfteraProducthasbeendefined,itcanbeincludedinorders. For additionalinformationonprocessingorders,seeDefiningOrders onpage 158. UntiltheProductisincludedinanorder,youcanchangetheProduct properties,Features,andmemorycontentsinHASP SRMBusiness Studio.AftertheProducthasbeenincludedinatleastoneorder,you canopentheProducttoviewitsdetails.However,youcannotmake anychanges.
Managing Products
143
Product Types
ThebasicunitonwhichallProductsarebuiltistheBaseProduct.A BaseProductcancontainalltheProductattributessuchasFeatures, licensingdataandmemoryandcanbeusedasaProductthatyou offerforsale,and/orasashellonwhichotherProducttypesare built. YoucandefineProvisionalProductsforuseduringagraceperiodoras trialware.ThepropertiesforProvisionalProductsarenotidenticalto thoseforstandardProducts.Foradditionalinformation,seeDefining ProvisionalProductsonpage 147. YoucancreateDuplicateProducts,whichineffectcopyandpaste existingProductdetailsintoanewProduct.Foradditional information,seeDuplicatingaProductonpage 148. YoucanalsodefineModificationProductsandCancellationProductsto caterforchangesinyourProductrangeandinyourcustomers requirements.Foradditionalinformation,seeMaintainingProductsand Licensesonpage 149.
protectionandcanbeshippedandactivatedwithHASP HLkeys only.ForadditionalinformationonHASP HLlocking,see HASP HLKeyProtectionandActivationonpage 130. HASP SL locking only:TheProductcanbeshippedandactivatedwith HASP SLkeysonly.ForadditionalinformationonHASP SL locking,seeHASP SLKeyProtectionandActivationonpage 131. HASP HL or HASP SL locking: ThedecisiononthetypeofHASP SRM protectionkeytobeshippedwiththeProductismadewheneach orderisprocessed.
WARNING!
AProductthatcanbedistributedwithbothHASP HLkeysand HASP SLkeysisalwayssuppliedwiththeHASP SLkeylevelof protection,evenwhenitisshippedwithHASP HLkeys. ThedefaultlockingtypecanbespecifiedusingtheSystemSettings function.
Managing Products
145
InordertospecifytherequiredlicensetermsfortheFeature,youcan:
Selectadifferentlicensetype: ExpirationDate Executions Time Period Assignavaluefortheselectedlicensetype: Theexpirationdate Thenumberofexecutions Thenumberofdaysuntilthelicenseexpires,fromthedateof firstuse
Station:Eachloginrequestforasinglemachineiscountedasan
146 Implementing Your HASP SRM Licensing Plan Ifrequired,youcanspecifythatauserworkinginRemoteDesktop (terminalmachine)modecanaccessthelicense.Similarly,youcan specifythatthelicenseforaFeatureinaProductthatwillbelockedto aHASP SLkeycanbeenabledtorunonaVirtualMachine.
WARNING!
Alicensethathasbeenenabledtorunonavirtualmachinecanbe activeonanyvirtualmachine,withoutlicensecontrol. Youcanleavethevalueforthelicensetypeundefinedatthisstage, andspecifythattheexactvaluewillbedefinedwheneachorderfor theProductisprocessed. Similarly,youcanspecifythatthenumberofconcurrentinstanceswill bedefinedwhenanorderfortheProductisprocessed.
Note:
TheabovelicensetermoptionsdonotapplytoProvisionalProducts. Foradditionalinformation,seeDefiningProvisionalProductson page 147.
Managing Products
147
Youcanselectthememorytypeforeachsegmentthatyoudefine, accordingtothetypeandpurposeofthedatayouwanttostore: Read/Write Memory:Datathatcanbeupdatedwhenthedeployed, protectedprogramisrunning,suchasdynamicvaluesforcounters, orinformationretrievedduringinteractionwiththeuser. Read-Only Memory:Datathatcanbereadwhentheprotected programisrunningbutcannotbechanged,suchastheProduct versionnumber,texttobeusedinaWelcomemessage,fixed thresholdvaluesforcounters,andsoon.
Note:
Youcanuseeitherorbothtypesofmemorytostoreandcontrol licensesfromyourownlicensingschemes. Thedatadefinedinmemoryiswrittentothesecurestorageofthe HASP SRMprotectionkeystogetherwiththeFeatures,licenseterms andotherdatadefinedfortheProduct.
Locking Type:ProvisionalProductsdonotrequirealockingtype,
sincetheycanbeactivatedandusedforalimitedperiodwithout a HASP SRMprotectionkey. License Terms:EachFeatureinaProvisionalProductis automaticallyassignedaTime Periodvalueof30days.Thisvalue canbechangedtoavaluewiththerangeof190days. ForadditionalinformationonthepurposeanduseofProvisional Products,seeDesignatingProductsforTrialorGracePeriodUseonpage 132. ProvisionalProductsarenotavailableforinclusionincustomer orders.UsersauthorizedtoperformDevelopmenttaskscanbundle ProvisionalProductsfordistribution.Foradditionalinformation,see GeneratingBundlesofProvisionalProductsonpage 170.
AfteraProducthasbeenincludedinanorder,itsstatuschangesto
Duplicating a Product
AfteryouhavedefinedaProduct,youcaneasilydefineadditional Productswithsimilardetails,usingtheDuplicate Productoptionin HASP SRMBusinessStudio.ThisoptioncreatesanewProductusing thedefinedproperties,Features,andmemorycontentsoftheoriginal Product,andenablesyoutomakeanychangesyourequire,withthe exceptionofchangingtheBaseProductortheProductlockingtype.
Note:
IfyouduplicateaBaseProduct,youcangiveitanewname.
Withdrawing a Product
Atsomestage,youmaywanttowithdrawaselectedProductfrom useandspecifythatitcannolongerbeincludedinorders,for example,ifitisbeingreplacedbyanupdatedversion. IftheProducthasnotbeenincludedinanyorder,youcandeleteit. A Productcannotbedeletedonceitisincludedinatleastoneorder.You can,however,withdrawtheProductfromusebymarkingitasObsolete. AnObsoleteProductcannotbeaddedtoorders,butitsdetailsare maintainedinHASP SRMBusinessStudiofortrackingpurposes,andit continuestobefunctionalwhenalreadyattheenduserssite.
149
ManageProductversions CancelProductlicenses
Note:
YoucanalsodefineModificationProductsbasedonanexisting ModificationProduct.
ThenameoftheProductthatisbeingmodified TheBatchCodeassociatedwiththeProductthatisbeingmodified AProductNamethatidentifiestheModificationProductandis uniqueintheselectedbatch(mandatory).Themaximumlength foraProductNameis50characters. Adescription(freetext)thatprovidesadditionalinformation abouttheModificationProduct,forexample,thechangesit includes(optional) Thedetailsoftherequiredchanges,includingFeaturestobe addedorremoved,and/ormemoryandlicensetermupdates
151
REPORTGENERATORFeaturewasnotyetavailable. ThisFeaturehasnowbeendeveloped,tested,andprotected,andhas beenincludedinanenhancedversionofHQ Design Pro (v.2.0).This versionoftheProductisreadyforsaletonewcustomers,andcanalso beissuedtocustomerswhoholdcurrentlicenses. Accordingly,theProductManagerforHQ SoftwaredefinesaModification ProductfortheHQ Design ProProduct,namedHQ Design Prov.2.0. WhentheModificationProductisdefined,theREPORTGENERATOR FeatureisaddedtotheProduct,withthesamelicensetermsasforthe otherFeatures.
152 Implementing Your HASP SRM Licensing Plan ACancellationProductcanbedefinedfortheProduct,withvaluesthat cancelpreviouslicenseterms.ThisCancellationProductcanbeused wheneverthelicensetermsoftheoriginalProductneedtobecancelled. Theprocessofcancelingthelicensetermsofaspecificinstanceofa Productcanincludethefollowingstages: 1. WhentheoriginalProductneedstobecancelled,aCustomerto Vendor(C2Vfile)isrequestedfromthecustomer,containingthe requiredlicenseinformation. 2. AnorderfortheCancellationProductisdefinedandproduced. 3. IftheProductlicenseisbeingmovedtoanothercomputer,aneworder fortheoriginalProductisproducedwiththeappropriatedetails. 4. Thechangedlicenseinformationissenttothecustomer. 5. Anacknowledgementreceiptisreturnedbythecustomerwhen thechangehasbeenimplemented. ForadditionalinformationonC2Vfilesandondefiningand producingorders,seeChapter 11,HASP SRMOrders,Production, and DevelopmentTasks.
153
customerwantstocancelthelicenseandreceivearefund. HQ SoftwaredefinesaCancellationProductfortheHQ Design Lite Product,withthelicensetermscancelledforalltheFeaturesinthe Product.ThisCancellationProductisonlydefinedonceitcan subsequentlybeusedwheneverrequiredinsimilarcircumstances. TOP ConstructionisaskedtosendaCustomertoVendor(C2V)file. ThefileisreceivedandprocessedinHASP SRMBusinessStudio. AHASPUpdateorderisdefinedandproducedfortheHQ Design Lite CancellationProduct.TheresultingVendortoCustomer(V2C)file containingthechangedlicensedetailsissenttoTOPConstruction. TOP ConstructionappliestheV2Cfile,thengeneratesandreturnsa C2Vfile,confirmingthatthelicensecancellationhasbeenapplied. HQ Softwarethenissuesarefund. ForadditionalinformationonC2VandV2Cfiles,andondefiningand producingorders,seeChapter 11,HASP SRMOrders,Production, and DevelopmentTasks.
Chapter 11
Thefinalpartofthischapterisintendedforusersassignedthe
performdevelopmentrelatedtasks,includinggeneratingbundlesof ProvisionalProductsandHASP SRMRuntimeEnvironmentinstaller files,andexportingdefinitionfiles. ForanoverviewofHASP SRMBusinessStudioandforinformation onstartingtousetheapplication,seeChapter 8,Introductionto HASP SRMBusinessStudio.
In this chapter:
HASP SRM Order Processing and Production Managing Orders Producing Orders Performing Development-related Tasks Enabling Trial Use and Grace Periods
Note:
Thischapterprovideshighlevelinformationontheordermanagement, production,anddevelopmentrelatedprocessesinHASP SRMBusiness Studio.Fordetailedpracticalinstructionsforusingeachfunction,see theHASP SRMBusinessStudioHelpdocumentation.
Managing Orders
157
Managing Orders
ThissectionisintendedforusersassignedtheOrder Managementrole. WhenyouselecttheManage OrdersfunctionintheHASP SRMBusiness Studiowindow,youcanviewthedetailsofallcustomerorders associatedwiththeselectedBatchCode.
Note:
ForadditionalinformationonBatchCodes,seePersonalizedVendorand BatchCodesonpage 36. YoucanperformthefollowingtasksusingtheManage Ordersfunction:
Defining Orders
BeforeyoustarttodefineanorderforacustomerinHASP SRM BusinessStudio,ensurethatyouhavethefollowinginformation available:
Detailsofthecustomerwhoplacedtheorder(optional) TheProductstobeincludedintheorder Therequiredvaluesforanylicensetermsthathavenotyetbeen specifiedfortheProductsintheorder Theproductionrequirements,accordingtotheordertype: OrderforHASP HLkeys OrderforProductKeys OrderforHASPUpdate Additionalorderinformation(optional)
Note:
HASP SRMBusinessStudiogeneratesauniqueOrderIDforeachnew order.
Note:
YoucanalsodefineanewcustomerusingtheCustomerServices function.
Managing Orders
159
Note:
ProvisionalProducts(Productsdefinedforuseduringagraceperiod orastrialware)arenotavailableforinclusioninorders.The processof generatingfilescontainingProvisionalProductsisaDevelopment task.Foradditionalinformation,seeGeneratingBundlesofProvisional Productsonpage 170. EachProductisassignedalockingtypewhenitisdefined.Thelocking typedeterminesthelevelofHASP SRMprotectionandthetypeof HASP SRMprotectionkeythatcanbesuppliedwiththeProduct. ThelockingtypeassignedtoaProductmaydeterminethetypeof orderthatcanbeproduced:
ProductsdefinedwiththeHASP HL onlylockingtypecanbe includedinordersforHASP HLkeys,ProductKeys,orforHASP Updates. ProductsdefinedwiththeHASP SL only lockingtypecanbe includedonlyinordersforProductKeysorforHASPUpdates. ProductsdefinedwiththeHASP HL and HASP SL lockingtypecanbe includedinordersforHASP HLkeys,ProductKeys,orforHASP Updates
Managing Orders
161
Note:
BeforeaHASP SLkeycanbeusedonanend userscomputer,a ProvisionalProductmusthavebeeninstalledonthecomputer. When theProvisionalProductisinstalled,itinitializestheHASP SRM RuntimeEnvironment,whichisrequiredforcommunication betweentheHASP SLkeyandthesoftware. TheprocessofgeneratingfilescontainingProvisionalProductsisa Developmenttask.Foradditionalinformation,seeGeneratingBundles ofProvisionalProductsonpage 170.
ForadditionalinformationonRUS,seeChapter 13,HASP SRM RemoteUpdateSystem. AreceiptcanbegeneratedduringtheHASPUpdateprocess,enabling youtoverifythattheupdatehasbeenapplied. WhenyoudefineaHASPUpdateorder,youmustspecifythetotal numberofHASP SRMprotectionkeystobeupdatedasaresultofthis order.YoumayalsoneedtoselectthespecificHASP SRMprotection keystobeupdated.
Note:
YoucannotselectmoreHASP SRMprotectionkeysthanthetotal numberofkeysspecifiedintheOrder DetailsareaintheProduction Orderdialogbox.
Managing Orders
163
Managing Orders
165
Customer: ABC Design Product:HQ Design Pro Order type:HASP HL keys Number of keys:20
TheHQ Design Lite ProductisdefinedwithHASP SLkeyprotectionand anannualrentallicense.Inordertoensurethatthecustomerenjoysa fullyearslicenseduse,theexpirationdateneedstobespecifiedwhen theorderisplaced. Thedetailsforthisorderaredefinedasfollows: Customer: JL Optics Product:HQ Design Lite Expiration date for DRAW and SAVE:March 15, 2008 Order type:Product Key-based Number of Product Keys:1 Number of Activations per Product Key:2
Note:
ThisexampleassumesthatJLOpticshasinstalledandusedthe HQ Design Demo ProvisionalProductonthetwocomputersbefore orderingtheHQ Design LiteProduct.Asaresult,theHASP SRM RuntimeEnvironmentforHASP SLhasalreadybeeninitializedon thosecomputers. Whenthisorderisproduced,afileisgeneratedcontainingaProduct Key.HQ SoftwaresendsthisfiletoJLOpticsbyemail.
166 HASP SRM Orders, Production, and Development Tasks TwoendusersatJLOpticsopenthefileandentertheProductKeyas requiredontheHQ SoftwareWebsite.TheHQ Softwarecustomer interfaceapplicationsendstheProductKeytotheHASP SRM Business StudioServer,whichverifiestheProductKeyandreturnsa HASP SLkeytothecustomer. TheHASP SLkeyisinstalledonthetwocomputersatJL Opticswith thelicenseinformation,andtheHQ Design LiteProductcanbeactivated underthetermsofthelicense.
HQ SoftwarehasdefinedaModificationProductforthenewversion,
BeforedefiningtheHASPUpdateorder,HQ Softwareneedsto receiveC2VfilesforthefiveHASP HLkeystobeupdated. ABC DesignusesRUStogeneratetherequiredC2Vfilesandsends themtoHQ Software. AftertheC2Vfileshavebeenreceivedandcheckedin,HQ Software definesaHASPUpdateorderfortheModificationProduct. Thedetailsforthisorderaredefinedasfollows:
Customer: ABC Design Product:HQ Design Pro v2.0 Order type:HASP Update Number of HASP SRM protection keys to be updated:5.
Duringtheorderdefinitionprocess,thefiveHASP HLkeystobe updatedareselectedfromallthekeysissuedtoABC Design, accordingtotheC2V filesreceived. Whenthisorderisproduced,aV2Cfileisgeneratedforeachselected HASP HLkeyandsenttothecustomer. TheselectedfiveendusersinstalltheupdateontheirHASP HLkeys, usingRUS.Theyarethenabletoactivatetheupgradedversionof HQ Design Proandtogeneratetailoredreports.
Producing Orders
167
Producing Orders
ThissectionisintendedforHASP SRMBusinessStudiousers assignedtheOrder ManagementorProductionrole. WhenyouselecttheProduce OrdersfunctioninHASP SRMBusiness Studio,youcanviewthedetailsofallordersawaitingproduction.
YoucanperformthefollowingtasksusingtheProduce Ordersfunction:
ProduceOrders ViewOrders
Note:
IfyouhavebeenassignedtheOrder Managementrole,youcanchooseto produceanorderimmediatelyafteryoufinishdefiningit.
Whileproducinganyorder,youcanopentheorderandviewitsdetails.
Forexample,ifthelicensetermsforaProductintheorderarebased onanumberofdaysoranexpirydate,theordercanbeproducedonly onHASP HLkeyswithdateandtimemonitoringcapabilities,suchas HASP HLTime. Similarly,ifthelicensetermsforaProductintheorderspecifya numberofconcurrentinstancesinanetworkenvironment,theorder canbeproducedonlyonHASP HLkeyswithnetworkmonitoring capabilities,suchasHASP HL Net. ForadditionalinformationaboutHASP HLkeytypesandtheir capabilities,seeAvailableHASP SRMProtectionKeysonpage 39.
Producing Orders
169
Note:
AdefaultfilelocationforV2Cfilesmayhavebeenspecifiedbythe HASP SRMAdministrator.
Note:
Softwarethathasbeensuppliedwithatriallicenseorforagrace periodcanbeactivatedafteravalidlicenseispurchased,witheithera HASP HLkeyoraHASP SLkey. ForadditionalinformationonthepurposeanduseofProvisional Products,seeDesignatingProductsforTrialorGracePeriodUseon page 132.
171
TheprocessofgeneratingabundleofProvisionalProductsinvolves:
SelectingtheProvisionalProductstobeincludedinthebundle ProducingafilecontainingtheProvisionalProductlicenseand VendorDLL.Thisfilecanbe: AnEXEfilecontainingV2Cdata AV2CfilethatcanbeusedwiththeHASP SRMRUSutility. ForadditionalinformationonRUS,seeChapter 13, HASP SRMRemoteUpdateSystem.
Theoutputfilefromthisprocessmustbeinstalledoneachendusers machineinorderto:
Note:
WhenabundleofProvisionalProductsisinstalledonanendusers computer,aprovisionalHASPIDisgenerated.Thisisreplacedbya HASP SRMprotectionkey IDwhenafullylicensedProductis installedonthatcomputer. Tosimplifytheinstallationprocessatenduserssites,itis recommendedthatyougenerateaHASP SRMRuntimeEnvironment installerexecutable.You canembedtheRuntimeEnvironment installerinyoursoftwaresetuptocreateareadytorunHASP SRM protectedandlicensedapplication. InordertogenerateaHASP SRMRuntimeEnvironmentinstaller executable,youneedtospecifytheV2Cfilegeneratedwhena ProvisionalProductbundleisproduced.AnEXEfilecontainingV2C datacannotbeusedtogenerateaHASP SRMRuntimeEnvironment installer.
Generating a HASP SRM Run-time Environment installer for Running a Product with a Detachable License
Inorderforarecipientmachinetorunanapplicationusinga detachedlicense,theHASPSRMRuntimeEnvironmentandvendor librariesmustbeinstalled.Thisconditionisachievedbycreatinga RuntimeEnvironmentInstallerthatautomaticallyinstallsthese components.Foradditionalinformation,refertoWorkingwith DetachableLicensesintheHASPSRMBusinessStudioHelp documentation.
173
Forexamplesoftheoutputfilecontents,seetheHASP SRMBusiness StudioHelpdocumentation. BeforeyouexporttheFeatures,youmustselecttherequiredBatch Code,specifytherequiredfiletype,anddefinethenameandlocationfor thefile. AsyoursoftwaredevelopsandadditionalFeaturesaredefined,you canusetheExport Definitionsfunctionwheneveryouwanttoretrievethe datadefinitionsfromHASP SRMBusinessStudio.
TodistributeaProductforuseonatrialbasisforalimitedperiod ToenableuseofalicensedProductduringagraceperiod
30 days. Whentheoriginallicensingplandefinitionswereimplemented,the HQ Design DemoProductwasdefinedasaProvisionalProduct. ThelicensetermsforthetwoFeatureswereautomaticallysetto Time Period withavalueof30days. ThesoftwaredeveloperatHQ Softwaredefinesabundleof ProvisionalProductsthatcontainstheHQ Design DemoProduct,and generatesthebundleasaV2Cfile. AHASP SRMRuntimeEnvironmentinstalleristhengeneratedasan EXEfile,usingthisV2Cfileasinput. TheHQ SoftwareWebmasteraddstheEXEtotheWebsite,with downloadinstructionsforpotentialtrialusers.
175
HQ SoftwareneedstoenableXYZConstructiontoactivateanduse theHQ Design ProProductduringagraceperiod,untiltheHASP HL keysarriveandaredistributedtotheendusers. Forthispurpose,aversionoftheHQ Design ProProductisdefinedasa ProvisionalProduct,withtheProductnameHQ Design Pro Grace.The PRINTREPORTSFeatureisremovedfromthisversion.Thelicense termsfortheremainingfourFeaturesareautomaticallysetto Time Period withavalueof30days. AbundleofProvisionalProductsisdefinedcontainingtheHQ Design Pro GraceProduct,andgeneratedasaV2Cfile. AHASP SRMRuntimeEnvironmentinstalleristhengeneratedasan EXEfile,usingthisV2Cfileasinput. TheEXEfileissenttothecustomer,fordistributiontotheendusers. EnduserscanruntheEXE,whichinstallstheHASP SRMRuntime EnvironmentandtheHQ Design Pro Grace Productontheircomputers. Theycanthenusetheprogramfor30daysuntiltheyreceivetheir HASP HLkeysandcanactivatethefullProduct.
Chapter 12
In this chapter:
Note:
ThischapterprovideshighlevelinformationontheAdministration andCustomerServicesprocessesinHASP SRMBusinessStudio.For detailedpracticalinstructionsforusingeachfunctioninHASP SRM BusinessStudio,seetheHASP SRMBusinessStudioHelp documentation.
Administration Tasks
AfteryoufirstinstallHASP SRMBusinessStudioinyour organization,youcanlogintoHASP SRMusingthedefaultuser nameandpassword(HASP)providedforyourusebyAladdin KnowledgeSystems.Bydefault,thisuserisauthorizedtoperformall tasksinHASP SRMBusinessStudio,includingAdministrationtasks. AfterloggingintoHASP SRMBusinessStudiothefirsttime,itis recommendedthatyouselecttheUsersfunctionandchangeyouruser passwordassoonaspossible.Ifyouwant,youcanchangetheroles assignedtoyou,butitisimportantthatyouretaintheAdministration roleorassignthisroletoanotheruser. InordertobeabletouseHASP SRMwithyourcompanyspecific BatchCodes,youmustfirstintroducetheHASP SRM Masterkeys providedforyourusebyAladdinKnowledgeSystems. ForadditionalinformationonHASP SRMVendorkeys,see PersonalizedVendorandBatchCodesonpage 36. ForadditionalinformationonintroducingHASP SRMVendorkeys, seeMaintainingBatchCodesonpage 180. ToensureyouruninterrupteduseofHASP SRM,HASP SRMBusiness Studiosendsautomaticemailreminderspromptingyoutorenew yourHASP SRMBusiness StudioServerlicensepriortoitsexpiry. You canspecifytheemailrecipientstowhomyouwantremindersto besent,andwhenyouwantthereminderstobeginbeingsent.For additionalinformation,refertotheHASP SRMBusinessStudioHelp documentation.
Note:
IfyouareevaluatingHASP SRMBusinessStudio,youcanusethe providedDEMOMABatchCode,whichdoesnotrequirea HASP SRM Masterkey. YoucannowdefineadditionalHASP SRMusersinyourcompany, includingassigningtheuserstheappropriaterolesandauthorizing accesstobatches.Foradditionalinformation,seeMaintainingUser Detailsonpage 179.
Administration Tasks
179
Note:
Nonadministratoruserscanchangethesesettingsfortheirownuse.
Note:
Userscanchangetheirownpasswordsafterlogginginto HASP SRMBusinessStudio.
Administration Tasks
181
Connection details:Bydefault,thedetailsoftheportandserverused
displayedasthedefaultwhenaProductisdefined. File locations:Youcanspecifythedefaultlocationforfilesofthe followingtypes: C2V files:Thesefilescontaincustomertovendorinformation andaregeneratedbytheenduserwiththeHASP SRM RemoteUpdateSystem(RUS)utility.Foradditional information,seeProcessingC2VInformationonpage 164. V2C files:Thesefilescontainvendortocustomerinformation relatedtoordersforHASPUpdates.Foradditional information,seeSpecifyingaHASPUpdateOrderonpage 162. Vendor Code files:ThesefilescontainVendorCodeinformation. ForadditionalinformationonHASP SRMVendorkeysand codes,seePersonalizedVendorandBatchCodesonpage 36. Export files:Thesefilescontaindefinitiondetailsexportedfor variouspurposes.Foradditionalinformation,seeExporting DefinitionDataonpage 172.
Customer Services
IfyouhavebeenassignedtheCustomer Servicesrole,youcanviewalist ofdefinedcustomersandyoucaneditthedetailsforaselected customer. IfacustomerisunableforanyreasontoactivateaProductremotely, youcanactivatetheProductmanuallyforthecustomer,usingthe ProductKeyandaCustomertoVendor(C2V)fileforthecustomers HASP SRMprotectionkey. TheoutputofthemanualactivationprocessisaVendortoCustomer (V2C)filethatcanbesenttothecustomer.Youcanrequestthatthe customerreturnsaC2VfiletoconfirmthattheProducthasbeen activated. ForadditionalinformationonC2Vfiles,seeProcessingC2VInformation onpage 164.
Chapter 13
Note:
YoucanalsoapplyupdatestodeployedHASP SRMprotectionkeys usingtheHASP SRMRuntimeAPI,bycallingthehasp_update function.Foradditionalinformation,seetheHASP SRMRuntime APIHelpdocumentation.
In this chapter:
RUS Overview
RUSisanadvancedutilitythatenablessecure,remoteupdatingofthe licenseandmemorydataofHASP SRMprotectionkeysafterthey havebeendeployed.AspartofthebasicconceptunderlyingHASP SRM, RUSfacilitatesongoinglicensingwellafterprotectionhasbeen implemented.ForadditionalinformationonHASP SRMconcepts,see ProtectOnceDeliverManyonpage 34. RUSprovidesasimpleandsecuremethodofupdatingyourlicenses remotely,afteryouhavedeliveredyourprotectedsoftwaretogether withtheHASP SRMprotectionkeys.Yousimplyneedtoupdatethe licenseanddeliverupdatefilestoyourcustomers.
184 HASP SRM Remote Update System RUSenablesyoutoreceiveinformationonthecurrentstatusof HASP SRMlicensesatyourcustomerssites,andtosecurelyextendor reducethefunctionalityoftheselicenses,withoutrecallingthe HASP SRMprotectionkeys.
Note:
AllHASP SRMprotectionkeysexcepttheHASP HL Basickeycanbe updatedusingRUS. RUSisanexecutableutility(hasprus.exe)thatcanbedistributedto enduserswithyoursoftware. ItisimportantthatyoucustomizeRUSwiththeBatchCode associatedwiththeHASP SRMprotectionkeysthatyouproducefor yourcustomers,beforeyoudistributetheexecutabletothem.For additionalinformationonBatchCodes,seePersonalizedVendorand BatchCodesonpage 36. YoucanuseHASP SRMBusinessStudiotocustomizeRUSwiththe requiredBatchCode,andalsotobrandtheGUItodisplayyour vendorspecificinformationtoendusers.Foradditionalinformation, seeCustomizingandBrandingRUSonpage 173.
RUS Workflow
WhenyoudeliveryourProductstoacustomer,youcanincludea customizedversionofRUSwiththeinstallationpackage.Youcanalso includetheinstructionsforusingRUS. Whenalicenseupdateisrequired,youhavetheoptionofeither retrievingcustomerlicensinginformationfromtheBusiness Studio Server,orofrequestingthatacustomerproducesandsendsyoua CustomertoVendor(C2V)filesfortheHASP SRMprotectionkeysto beupdated.C2Vfileshavea.c2vextensionandcontaininformationon thelicensingandmemorycontentoftheHASP SRMprotectionkeys. WhenyoureceiveC2Vfilesfromacustomer,youchecktheminusing HASP SRMBusinessStudio.Foradditionalinformation,see ProcessingC2VInformationonpage 164.
RUS Workflow
185
RegardlessofwhetheryouobtainthedatafromtheBusiness Studio Server,orintheformofaC2Vfilefromyourcustomer,thecollected dataenablesyoutoproduceanupdatemostsuitedtothecustomers needs.Atnopointinthisworkflowisitnecessarytoreconfigure securityorprotectionatthecustomerssite. YoudefinetherequestedlicenseupdatesinHASP SRMBusiness StudioasHASPUpdateordersfordeliverytothecustomer.Formore informationondefiningHASPUpdateorders,seeSpecifyingaHASP UpdateOrderonpage 162. TheprocessofproducingaHASPUpdateordergeneratesafilefor eachHASP SRMprotectionkeytobeupdated.Thiscanbeeithera VendortoCustomer(V2C)fileoranexecutablethatcontainsthe licenseupdatedata.FormoreinformationontheHASPUpdateorder productionprocess,seeProducingHASPUpdateOrdersonpage 169. Theoutputfileisthendeliveredtotheenduser,whoeitherrunsthe executableasinstructedbyyou,orusesRUStoapplythelicense updatedatacontainedintheV2Cfile. YoucanspecifyintheV2Cfilewhetheranupdateconfirmationis requiredtobereturnedtoyou,toenableyoutoverifythattheupdate hasbeenapplied.
customerisaskedtosendC2Vfilescontainingdetailsofthefive deployedHASP HLkeystobeupdated. ABC DesignusesRUStogeneratetheC2Vfilesandsendsthemto HQ Software.Thesefilescontainthecurrentstatusofthelicenseon thespecificHASP HLkeys. HQ SoftwarechecksintheC2Vfiles,definesaHASPUpdateorderfor theHQ Design Pro v.2.0 ModificationProduct,andproducesalicense updatecontainedinfiveV2Cfiles.Foradditionalinformationonthis exampleorder,seeOrderExample3:OrderforHASPUpdateon page 162. TheV2CfilesaresentbyemailtoABC Design.Eachofthefiveend usersappliestheupdatetotheirHASP HLkeyusingRUS,and returnsaC2Vfilecontainingaconfirmationreceipt.
Using RUS
TheRUSwindowconsistsofthefollowingtabs:
collectinformationonthecurrentstatusofthelicensesinthe HASP SRMprotectionkey.Theenduserspecifiesanameand locationforthegeneratedC2Vfile.IfmorethanoneHASP SRM protectionkeyisinstalled,theuserselectstherequiredkey. No privatecustomerdataisincludedintheC2Vfile. Apply License Update:Theparametersinthistabareusedtoapplya V2CfileandupdatelicensesinaHASP SRMprotectionkey.
Using RUS 5.
187
6.
Applying an Update
YoucanalsouseHASP SRMRUStoapplyanupdatetothelicenses storedinyourHASP SRMprotectionkeys. To update the licenses in HASP SRM protection keys: 1. LaunchRUS(hasprus.exe)ordoubleclicktheVendortoCustomer (V2C)filethatyouhavereceivedcontainingtheupdatedata.
Note:
Ifyouhavereceivedanupdateasanexecutable,doubleclickthe fileanditwillautomaticallylaunchRUS. 2. 3. 4. 5. ClicktheApply License Updatetab.(Thismightbetheonlytabdisplayed.) IftheUpdate file fieldisempty,browsetothedirectorywherethe updatefile(.v2cfile)islocatedandselectthefile. ClickApply Updatetoapplythenewlicensedatatothedeployed HASP SRMprotectionkey. Youmaybepromptedthatareceipthasbeenproducedtoconfirmthe update.Sendthisreceiptfiletothesoftwarevendorforprocessing.
190
Chapter 14
In this chapter:
HASP SRM Software for End Users Distributing HASP SRM Run-time Environment
Note:
Youdonotneedtodistributeallthesoftwarecoveredinthischapter.
Protection-related Software
Themostimportantsoftwarethatmustbeinstalledatyourcustomers siteistheHASP SRMRuntimeEnvironment,andthereareanumber ofwaysinwhichthiscanbeachieved.Thisapplicationisrequiredto enableHASP SRMprotectionkeystorunandcommunicatewiththe protectedapplication.Foradditionalinformation,seeDistributing HASP SRMRuntimeEnvironmentonpage 193. Ifyouaredistributingaprotected.NETassembly,youmustalso distributehaspdnert.dllforprogramsthatrunon32bitoperating systemsandhaspdnert_x64.dll forprogramsthatrunona64bit operatingsystems.ThesenativeWindowsDLLsenablea protected .NETassemblytocommunicatewiththeHASP SRM protectionkey
193
Note:
ForinformationaboutdistributingtheHASP SRMRuntime EnvironmentforMacoperatingsystems,seeDistributingHASP SRM RuntimeEnvironmentforMaconpage 197.
UseWindowsUpdatetodownloadtheHASP SRMRuntime Environment.Internetconnectionisrequiredforeitherofthese processes. IntegrateinstallationoftheHASP SRMRuntimeEnvironment intoyourapplicationsinstallerusingthetwooptionsbelow: Mergemodules HASP SRMRuntimeEnvironmentInstallationAPI DelivereitherofthefollowingHASP SRMRuntimeEnvironment installationutilitiestoyourendusers: HASPUserSetup.exe:AGUIbasedinstaller haspdinst.exe:Acommandlineutility
Windows Update
IfyourendusersarerunningtheprotectedsoftwareonWindowsXP orWindows2003platforms,andcanaccesstheInternet,theysimply needtoconnectaHASP SRMprotectionkeyontheirmachines.The HASP SRMRuntimeEnvironmentiscertifiedbyMicrosoftandis, therefore,automaticallydownloadedfromtheMicrosoftUpdatesite. WhenyourendusersconnectaHASP SRMprotectionkey: 1. 2. 3. Thesysteminformsthemthatanewcomponenthasbeen detected. TheHASP SRMRuntimeEnvironmentisautomaticallyinstalled. TheLEDontheHASP SRMprotectionkeylightsup,indicating thattheinstallationprocessiscomplete.
Merge Modules
TheHASP SRMRuntimeEnvironmentinstallationisavailableasthe haspds.msmmergemodule.Youcanusethemergemoduleto seamlesslyintegratetheHASP SRMRuntimeEnvironment installationinyourMSIinstallation.Mergemodulesdelivershared WindowsInstallercomponents,code,files,resources,registryentries andsetuplogicinasingle,compositefile.
Note:
Thehaspds.msmmergemodulecannotberunasastandaloneapplication. Ahaspds.msmintegratedwithyourMSIinstallercopiesthe haspds_windows.dll intotheWin32systemdirectoryoftheendusers computer.Thehaspds_windows.dlliscalledbytheMSImoduleto installoruninstalltheHASP SRMRuntimeEnvironment. ThebenefitsofusingtheHASP SRMinstallationmergemodulesina singleunifiedMSIinstallerinclude:
195
Asamplemergemoduleisprovidedin
Implementation Checklist
BeforeimplementingHASP SRMmergemodulesintoyourinstaller, reviewthefollowingchecklist:
Endusersrequireadministratorrightsinordertosuccessfully executetheRuntimeEnvironmentinstallation.Ensurethatthisis accountedforinyourinstallationscripts. HASP SRMmergemodulesrequireWindowsInstaller version 2.0,orlater. OpenprocessesthatrequiretheHASP SRMruntimeshouldnot runinthebackgroundwheninstallingtheRuntime Environment. Refertothe haspds.msmsampleforMSIforademonstrationof HASP SRMmergemodulesinaction.
Implementation
ImplementationofHASP SRMmergemodulesisastraightforward processthatsimplyrequiresyoutoaddthe.msmfilecontainingthe RuntimeEnvironmentinstallationtoyourMSIcompliantinstaller setup.AfteryouhavecreatedyourMSIinstaller,thewrappedfilewill automaticallyincludetheHASP SRMinstallationmergemodule.
haspdinst.exe
haspdinst.exeisacommandlineutilitythatinstallstheHASP SRM
HASPUserSetup.exe
HASPUserSetup.exeisaGUIbasedinstallationprogramto
independentlyinstalltheHASP SRMRuntimeEnvironment. Followinginstallation,thefileislocatedin \Program Files\Aladdin\HASP SRM\Redistribute\Runtime Environment\Setup. ThiseasytouseprogramhasanintuitiveGUIbasedwizard.After yourendusersrunthefile,theyshouldfollowtheonscreen instructionstocompletetheRuntimeEnvironmentinstallation.
197
InstallerDistributionUsingaMultipackager InstallerScripts
Installer Scripts
Installationscriptsareprovidedin/MacOS/RedistributeontheHASP SRM installationCD.OpenthedirectoryanddoubleclickHASP SRM RTE Installer Scripts.dmg.AnewvolumenamedHASP SRM RTE Installer Scripts ismountedonyourdesktop.Thevolumecontainsdinstanddunstfiles andthepayload/directory.
198 Distributing HASP SRM with Your Software Youcancopythefilesinthevolumeandintegratetheminyour customizedinstaller.Thescriptsarenotconfigurable. Foradditionalinformationonusingthescripts,seetheReadMe.htmlfile providedintheHASP SRM RTE Installer Scriptsvolume.
Chapter 15
Introduction to Admin Control Center Launching Admin Control Center Administrators Workflow Customizing Admin Control Center Look and Feel
HASPKeysenablesyoutoidentifywhichHASP SRMprotection keysarecurrentlypresentonthenetwork,includinglocally connectedkeys. ProductsenablesyoutoviewalistofalltheBaseProducts availableonallHASPLicenseManagers(localandnetwork).In addition,whenaProductcontainsFeatureswithdetachable licensesyoucanseethenumberoflicensesfortheProductthat arecurrentlyavailabletobedetachedfromthenetworkandthe maximumdurationforwhichtheymaybedetached.Thisoption alsoenablesyoutoaccesstheDetach/Extendfunctions.
201
FeaturesenablesyoutoviewalistoftheFeaturesthatarelicensed ineachoftheHASP SRMprotectionkeysthatarecurrently presentonthenetwork,includinglocallyconnectedkeys.In addition,youcanseetheconditionsofthelicense,andthecurrent activityrelatedtoeachFeature. Sessionslistsallthesessionsofclientsonthelocalmachine,and thoseremotelyloggedintoHASP LicenseManageronthelocal machine.Youcanviewsessiondataandterminatesessions. Update/Attachenablesyoutoupdateexistinglicensesona HASP SRMprotectionkeyinthefieldand,inthecaseofHASP SL keys,toattachadetachablelicensetoarecipientmachine.Italso enablesyoutoapplyidentificationdetailsofanofflinerecipient machinetoahostmachineinordertocreateafileforadetachable license. AccessLogenablesyoutoviewahistoryoflogentriesforthe serveronwhichHASP LicenseManagerisrunning. Configurationenablesyoutospecifycertainoperatingsettingsfor HASP SRMAdminControlCenterrunningontheconnected machine.Youcansetparametersrelatingtouseraccess,accessto remoteHASP LicenseManagers,andaccessfromremoteclients. Inaddition,youcancustomizelogtemplatefilesintermsofthe datatheyreturn. Diagnosticsenablesyoutoviewoperatinginformationforthe HASPLicenseManagertowhichyouarecurrentlyloggedin,to assistindiagnosingproblems.YoucangeneratereportsinHTML format.Thisoptionalsoenablesyoutoviewmiscellaneousdata relatingtotheuseoftheserveronwhichHASP LicenseManager isrunning. HelpdisplaystheHelpdocumentationforHASP SRMAdmin ControlCenter.ContextsensitiveHelpisavailablewithineachof thefunctionsdescribedabove,byclickingtheHelplinkatthe bottomofthepage. AboutprovidesinformationabouttheversionofHASP License Manager,andalinktotheAladdinKnowledgeSystemsWebsite.
Administrators Workflow
WhenyoufirstlaunchAdminControlCenter,theutilityis preconfiguredtorunautomatically.However,youmaywantto customizeittoyourrequirementsandtospecifyusersandtheiraccess permissions,andaccesspermissionsbetweenremotemachinesand localservers.ChangestotheconfigurationofAdminControlCenter aremadeintheConfigurationtaboftheapplication. Thebasicconfigurationchangesthatyoucanmakeinclude:
Specifyinganameforthelocalmachine EnablingaccessfromremotemachinestotheAdminControl Centeronthismachine Settingthedisplayrefreshtime Defininghowmanyrowsofdatawillbedisplayedonapage Specifyingthelogsthataretobecreatedandtheircontent,and customizinginformationthatwillbedisplayedinthelog SettinganAdminpassword Usersandtheiraccessprivileges AccessparameterstoremoteHASP LicenseManagers AccessprivilegesfromremoteclientmachinestoaHASP License Manageronthecurrentmachine
Followingtheconfigurationsetup,youcandefine:
Configuration Considerations
BeforeyoumakecertainconfigurationchangestoAdminControl Center,itisrecommendedthatyouconsidertheirimplications.This sectionprovidesaguidetoassistyouinthisprocess.
Basic Settings
ShouldyouchoosetohaveAdminControlCentercreateanaccesslog, considerthescopeoftheinformationthatyouwantrecordedinthelog. Itispossibletocustomizethelogtemplatetodefinewhatinformation youwantthelogtorecord.
Administrators Workflow
203
Users
Theuserrestrictionsthatyoudefineareevaluatedintheorderin whichtheyarespecified,andtheevaluationprocessstopswhenthe firstmatchisfound.Youthereforeneedtotakecarethatthe restrictionsarelistedinanorderthatsatisfiesthislogic. Thevalueallow=all@allisimplicitlyaddedtotheendofthelist. Accordingtothelogicjustdescribed,ifthisvaluewasatthebeginning ofthelist,allsubsequentrestrictionvalueswouldbeignored. Additionalinformationaboutdefiningrestrictionvaluesisprovided intherelevantHelppageinAdminControlCenter.
Administrators Workflow
205
Diagnostics
TheDiagnosticspageenablesyoutoviewandextractoperating informationfortheHASP LicenseManagertowhichyouarecurrently loggedin,toassistindiagnosingproblems.Youcangenerate diagnosticsreportsinHTMLformat.
206 HASP SRM Admin Control Center Occasionally,itisnecessarytocreateafilecontainingthemachine identitydetailsofaremoterecipientmachine.Thisinformationis requiredinorderforahostmachinetoidentifywhichmachinea detachedlicensewillbeattachedto.TheDiagnosticspageenablesyou tocreatethisfileforthelocalmachineonwhichAdminControl CenterisrunningbyusingtheCreate ID Filebutton. AdditionalinformationaboutthedataprovidedintheDiagnostics pageisavailableintherelevantHelppageinAdminControlCenter.
2.
3.
Customizing Admin Control Center Look and Feel To create a directory for a custom template: 1.
207
CreateadirectorynamedtemplatesinsidetheHASPbase directory. TheHASPbasedirectoryislocatedintheAladdinshareddirectory /Aladdin Shared/HASP insideacommonfilesdirectory.Determinethe preciselocationofthisdirectoryonyoursystemasfollows: OpenAdminControlCenteronyourlocalmachine (http://127.0.0.1:1947).UnderAdministrationOptions,click Configuration.Readthefullpathnameofhasplm.ini,whichis locatedatthebottomofthepage.TheHASPbasedirectoryis thedirectoryinwhichthehasplm.inifileresides. Ifthefolderisempty,clickSubmit.Thebasepathofhasplm.ini isupdatedatthebottomoftheConfigurationpage. Add\Aladdin Shared\HASP\templates\<your_template_name>tothe directory.Forexample,usinganEnglishversionofWindowsXP, thefullpathis
C:\Program Files\Common Files\ Aladdin Shared\HASP\templates\<your_template_name>
2.
Note:
Youcancreatemultipletemplatesinsideyourtemplates directory. EachtimeHASP LicenseManagerislaunched,the applicationreadsthefilesinallthedirectories(except.bak files).Toexpeditethelaunchtime,itisrecommendedthatyou keepthedirectoriesfreeofunrequiredfiles. Afteryouhavemodifiedatemplate,youmustrestart HASP LicenseManagerforthechangestotakeeffect.
3.
Toverifyyourcustomizedtemplate,fromabrowseronyourlocal machine,openhttp://127.0.0.1:1947/<your_template_name>.
Writing Templates
AtemplateisanASCIItextfile(maybeHTML,butalsoXML,CSV, andsoon)thatcontainsplaceholders(tags)forvariablesthatare insertedbytheHASP LicenseManagerwhenarequestismadevia HTTP. Inaddition,thefilemaycontainblocktagsthatsurroundablockof textandtags,andgenerallyiteratealist(ofHASP SRMprotection keys,Features,sessions,andsoon).Forexample,
{tagname}repeatingblock{/tagname}
Notalltagsworkineverycontext,andsomewillhavedifferentvalues dependingonhowtheyareused.Forexample,when{logincount}is usedinaglobalcontext,itreturnsthetotallogincountfortheserver. Whenlogincountisusedinside{devicelist}{/devicelist},itreturns thelogincountforthecurrentlyselectedHASP SRMprotectionkey. If logincountisusedinside{featurelist}{/featurelist},itreturns thelogincountforthecurrentlyselectedFeature. Aspecialincludetagisavailable{#include "filename.ext"}that willreturnthecontentsofaspecificfileinsteadofavalue.Includes (includedfiles)mustnotbenested,andmustnotincludeapath(meaning thatincludedfilesmustresideinthesamedirectoryasthetemplate). Ifatabledisplayedinabrowserpagereturns*** illegal tag: xxx ***, thetagiseitherunrecognized,orisillegalinthecurrentcontext. InJavaScript,{placeholders}arereplaced.Touseanopeningcurly bracket{,withoutitbeingreplacedorgeneratinganillegaltagerror, ensurethatawhitespace(space,CR,LF,ortab)followsthecurly bracket.Inthiscase,itwillbepassedwithoutmodification. Tooutputsomethingsuchas{this}withoutitbeingparsed,usethe HTMLnotationforacurlybracket{this}. Foradditionalassistance,refertothesampletemplatesin
\Program Files\Aladdin\HASP SRM\Docs\Manuals & Tutorials\ Admin Control Center Customization\templates.
209
sampleprovidesaverysimpleexampleofhowtousetemplates
andtags. csvprovidesanexampleforgeneratingacommaseparated(.csv) fileforimportingtoaspreadsheetordatabase,orforprocessing byyourownprogram.ItproducesaCSVlistofallavailable Features. enisthecompleteEnglishlanguageversionofAdminControl Center,asincludedintheHASP LicenseManagerapplication (hasplms.exe).ThetemplateusesAJAXtechnologiestoincrease easeofuse.Fortranslations,orcreatingaspecificcorporate identity,usethistemplatesetasastartingpoint. YoucanalsoincorporatesomeoralloftheHASP SRMAdminControl CenterfunctionalityintoyourownWebapplication,possiblywiththe useof(i)frames,andsoon.
Thefollowingoutputisproduced:
c:\>wget http://10.24.2.23:1947/csv/features.txt -Of.txt & type f.txt --17:23:44-- http://10.24.2.23:1947/csv/features.txt `f.txt' Connecting to 10.24.2.23:1947... connected! HTTP request sent, awaiting response... 200 OK Length: 1,411 [text/plain] 1, 0x335918F1, 0x00000000, "local", "L", 0, 0xFFCB, 0x0B, 0, 0, 0 2, 0x335918F1, 0x0000BEEF, "local", "LNS", 0, 0x1234, 0x0C, 0, 7, 0
211
URL Entered
[server name]:1947 Provides a shortcut to the main Admin Control Center page [server name]:1947/corporate.html Automatically switches to the internal template. (_ini_) is set when no template has been specified [server name]:1947/csv/devices.txt Doesnt change because the template (csv) and file name are specified [server name]:1947/sample Automatically redirects to the index.html file when no file name has been specified
URL Displayed
[server name]:1947/_int_/index.html
[server name]:1947/_int_/corporate.html
[server name]:1947/csv/devices.txt
[server name]:1947/sample/index.html
Note:
ItissufficienttotypeonlytheURLofHASP SRMAdminControl Center,itautomaticallyredirectstotheindexpage.
Part 5 Appendices
In this section:
Appendix A: Troubleshooting
Provides a checklist to help you solve some of the most common problems that your customers might encounter when using the HASP HLkeys. Also includes a list of specific problems you or your customers may experience, together with the solutions.
214
Appendix A
Troubleshooting
Thefirstpartofthisappendixprovidesachecklisttohelpyousolve someofthemostcommonproblemsthatyourcustomersmight encounterwhenusingtheHASP HLkeys.Thesecondpartlists specificproblemsyouoryourcustomersmayexperience,together withthesolutions. HASP HLkeysconformtothehigheststandardsofqualityassurance. However,likeanyotherPCperipheraldevice,aHASP HLkeymight notoperateoncertainPCconfigurationsbecauseoffaultyequipment orimproperinstallation.Thisappendixcanhelpyouinsucha situation. Inadditiontotheinformationinthisappendix,youcanaccessthe AladdinKnowledgeBaseat:
http://www.aladdin.com/kb2
216 Troubleshooting
Checklist
Ifacustomerreportsaproblem,checkthefollowing:
Whatthereturnederrorcodeormessagesays.Foradditional information,seeAPIStatusCodesonpage 257. WhetheraHASP HLkeyisconnectedcorrectlytotheUSBport Whetheryourcustomershardwareortheoperatingsystem indicatestechnicalmalfunction,suchasdevicemanager collisions,systemevents,bootlogfailures,andsoon WhetherHASP SRMAdminControlCentercanaccessthe HASP HLkey. Whethertheproblemoccurswhentheprotectedapplicationruns onanotherPCofthesamemodel
Problem Solution
You receive an error message when using haspdinst.exe to install the HASP HL key driver under Windows 2000/XP/2003/Vista. Review the haspdinst.exe installation instructions. For additional information, see haspdinst.exe Utility on page 52. Alternatively, try to install the drivers using the HASPUserSetup.exe. For additional information, see HASPUserSetup.exe Utility on page 52.
217
Does the HASP HL key LED light up? If not, this could be for one of the following
reasons: 1. The key is not connected properly to the USB port. Disconnect, then reconnect after a few seconds. If the LED lights, the application should be able to access the key. 2. The required HASP HL key drivers are not installed. If you are running HASP SRM on a Windows platform, check for an entry for HASP SRM in the Device Manager utility. If there is no entry, you must install the drivers using one of the methods in Installing the HASP SRM Run-time Environment on page 52. 3. Check if the USB port is functioning correctly. Disconnect all other USB devices from their respective ports. Connect the HASP HL key to a different USB port. Try using a different USB device in the port from which the HASP HL key was not accessible.
Open the Windows Services window and check that HASP License Manager is
running.
Check that the Batch Code on the HASP HL key matches the Batch Code of the
protected application.
Problem Solution
The application takes a long time to find the HASP SRM protection key on a large network. It is recommended that you customize the search mechanism. Use Admin Control Center configuration to specify a search criteria, and to define the server addresses to be searched. By doing so, the Admin Control Center searches for the HASP SRM protection key at a specific address, which is much faster. You receive an error message indicating that HASP License Manager was not found. The error message might be for one of the following reasons:
HASP License Manager was not loaded. Try restarting HASP License Manager in
Problem Solution
protection key is located. If you repeatedly receive the error message, try using a different search mechanism.
218 Troubleshooting
Problem Solution
You cannot add files when using the DataHASP utility. The problem may occur for one of the following reasons:
You are attempting to add a list that includes problematic files. Remove all
HASP SRM Envelope. You must protect your software again using the new file filter settings. For additional information about working with the DataHASP utility, see Working with the DataHASP Encryption Utility on page 109.
Problem Solution
When using DataHASP, you receive a message that no data filters were defined for a program in a HASP SRM Envelope project. The problem cannot be solved using the DataHASP utility. You need to use HASP SRM Envelope to protect your software again, and to specify file filter settings.
Appendix B
Base Product
Batch Code
C2V file
Demo Vendor Code Detach Encryption Encryption engine Encryption key Encryption level Envelope Envelope template Expiration date Feature
221 Grace period H2R file Handle HASP HL Basic key HASP HL Demo key HASP HL Drive
An initial period of time during which a Product can be used without a HASP SRM protection key. See also Provisional Product. Host-to-Recipient file that contains one or more detached Products and their licenses for temporary attachment to a recipient machine Unique identifier for accessing the context of a HASP SRM login session Standard HASP HL local key that is used to protect software, and has a perpetual license. It does not have any memory functionality. Sample HASP HL key provided for evaluating HASP SRM protection and licensing software. Always has the Batch Code DEMOMA. A HASP HL key that combines the copy-protection and licensing capabilities of the HASP HL Max key with the convenience of a mass storage drive The hardware-based protection and licensing component of HASP SRM. One of the HASP SRM protection key types. HASP HL local key with large storage capacity HASP HL network key HASP HL network key with a real-time clock HASP HL local key with moderate storage capacity HASP HL local key with a real-time clock Unique identity number for a HASP SRM protection key Acts as a server and monitors concurrent usage according to the licenses stored in a HASP HL Net key The software-based protection and licensing component of HASP SRMa virtual HASP HL key Software protection and licensing system Customizable, Web-based, end-user utility that enables centralized administration of HASP License Managers and HASP SRM protection keys
HASP HL key HASP HL Max key HASP HL Net key HASP HL NetTime key HASP HL Pro key HASP HL Time key HASP ID Number HASP License Manager HASP SL key HASP SRM HASP SRM Admin Control Center
HASP SRM Developer key HASP SRM Developer Kit HASP SRM Envelope
HASP SRM protection keys HASP SRM Remote Update System (RUS) HASP SRM Run-time API HASP SRM Run-time Environment HASP SRM ToolBox HASP Update
Key
223 License License Manager License terms Locking type Memory data
Digital permit stored in a HASP SRM protection key See HASP License Manager Detailed conditions contained in a license Determines the level of protection for a Product, according to the type of HASP SRM protection key supplied with the Product Data, such as passwords, values used by the software, and so on, that is specified in memory and transferred to the secure storage of the HASP SRM protection key A modified version of an existing Product A request for Products or HASP Updates to be shipped to a customer A sellable item that contains one or more Features, and/or data defined in memory for secure storage A string generated by HASP SRM Business Studio and supplied to the end user for use as proof of purchase for Product Activation or Update Activation A Product that can be used as trialware, or during a grace period. Provisional Products do not require a locking type, since they can be activated and used for a limited period without a HASP SRM protection key. The implementation of an order for Products or HASP Updates The concept of separation between engineering and business processes, on which HASP SRM is designed Clock available in the HASP HL Time key and HASP HL NetTime key Remote machine to which a license that has been detached from a network pool on a host machine is temporarily attached Software attacks intended to unravel the algorithms and execution flow of a target program by tracing the compiled program to its source code. HASP SRM Envelope protection implements contingency measures to repel such attacks and prevent hackers from discovering algorithms used inside protected software. See HASP SRM Remote Update System Error or status message returned by the HASP SRM system
Provisional Product
Production Protect Once Deliver Many Real-time Clock (RTC) Recipient machine Reverse Engineering
Vendor Code
Appendix C
API Samples
EachHASP SRMinstallationincludesAPIsamplesforvarious programminglanguages.UsethesesamplestointegrateHASP SRM protectionintoyourowncode. EverysamplefolderincludesaHASP SRMheaderfile.Refertothe AladdinKnowledgeSystemsWebsiteandtheHASP SRMinstallation CDforinformationonavailablesampleprogramsforspecific programminglanguages.
Note:
TheinformationinthisAppendixiswrittenfortheHASP SRM RuntimeAPI.If youareusinganolderversionoftheHASP API, refertotheappropriateAPIdocumentationfortheversionthatyou areusing.YoucandownloadtherelevantdocumentfromtheAladdin KnowledgeSystemsWebsite. ThefollowingtableliststheavailableHASP SRMRuntimeAPI functions. Function
hasp_datetime_to_hasptime() hasp_decrypt() hasp_detach
Description
Converts a date and time value to hasptime Decrypts a buffer using the AES encryption algorithm Detaches a Product and its license from a HASP SL key, according to customizable parameters Encrypts a buffer using the AES encryption algorithm Releases allocated memory resources Reads the current time from a HASP HL Time or HASP HL NetTime key Retrieves information regarding a session context
hasp_get_sessioninfo()
227
Description
Retrieves information according to customizable search parameters, and presents it according to customizable formats Retrieves the byte size of a memory file from a HASP SRM protection key Converts a time value into a date and time Logs in to a Feature, establishing a session context Retrieves login information according to customizable search parameters Logs out from a context or session Reads the memory of a HASP SRM protection key Writes an update for a HASP license Writes to the memory of a HASP SRM protection key
hasp_get_size()
hasp_datetime_to_hasptime()
Description
Convertsadateandtimevaluetohasptime(thenumberofelapsed secondssince01/01/1970).
Syntax
hasp_status_t HASP_CALLCONV hasp_datetime_to_hasptime( unsigned int unsigned int unsigned int unsigned int unsigned int unsigned int hasp_time_t * ) day, month, year, hour, minute, second, time
Parameters
day month year hour minute second time
Input for day value (range 1-31) Input for month value (range 1-12) Input for year value (range 1970+) Input for hour value (range 0-23) Input for minute value (range 0-59) Input for second value (range 0-59) Pointer to the resulting time value
Return Values
HASP_STATUS_OK HASP_INV_TIME
Request was successfully completed Passed time value is outside the supported value range
hasp_datetime_to_hasptime()
229
Usage Notes
Theconverteddateandtimevaluereflectsthenumberofelapsed secondssinceJanuary1,1970.Thisconversionfunctionisusedin conjunctionwiththeAPIfunctionsthatsetorretrievevaluesforthe realtimeclock(RTC)intheHASP HLTime,HASP HLNetTimeand HASP SLkeys.
Related Topics
hasp_encrypt() hasp_hasptime_to_datetime()
hasp_decrypt()
Description
Reversestheoperationofthehasp_encrypt()functionappliedona databuffer,returningthedatatoitsunencryptedstate.
Syntax
hasp_status_t HASP_CALLCONV hasp_decrypt( hasp_handle_t handle, void * buffer, hasp_size_t length )
Parameters
handle buffer length
Handle for the session Pointer to the buffer to be decrypted Size (in bytes) of the buffer to be decrypted16 bytes minimum required
Return Values
HASP_STATUS_OK HASP_INV_HND HASP_DEVICE_ERR HASP_TIME_ERR HASP_TOO_SHORT HASP_SCHAN_ERR HASP_ENC_NOT_SUPP
Request was successfully completed Invalid input handle Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error System time has been tampered with Encryption data length is too short Communications error in secure channel Hardware does not support encryption type
hasp_decrypt()
HASP_BROKEN_SESSION HASP_LOCAL_COMM_ERR HASP_REMOTE_COMM_ERR
231
Session was interrupted Communication error occurred between the application and the local HASP License Manager Communication error occurred between the local and remote HASP License Managers
Usage Notes
DecryptsdatausingtheencryptionengineintheHASPSRM protectionkey.ThespecificsessionhandledetermineswhichHASP SRMprotectionkeyandwhichFeatureIDencryptsthedatabuffer. TheencryptionkeyremainsintheHASPSRMprotectionkey.Ifthe decryptionfails,thedatabufferisnotmodified.
Related Topics
hasp_encrypt()
hasp_detach()
Description
DetachesaProductanditslicensefromaHASPSLkey,accordingto customizableparameters.AllFeaturesandmemoryfilesthatbelong totheProductaredetached.Youdonotneedtobeloggedintoa Featureinordertousethisfunction.
Syntax
hasp_status_t HASP_CALLCONV hasp_detach( const char *detach_action, const char *scope, hasp_vendor_code_t vc const char *recipient char **info )
Parameters
detach_action scope
Operation parameters, in XML format Search parameters for the Product that is to be detached. For more information, refer to the Scope XML Tags in the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation. Pointer to the Vendor Code Definition in XML format of the recipient machine to which the detached Product and its license will be attached. Use either hasp_get_info() or hasp_get_sessioninfo(), together with the HASP_RECIPIENT specifier, to retrieve the recipient information. For more information, refer to the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation. Pointer to the information that is retrieved as XML text. This information is a V2C, which can then be installed on the recipient machine using the hasp_update function. Use the hasp_free function to release the pointer after use.
vc recipent
info
hasp_detach()
233
Return Values
HASP_STATUS_OK HASP_INV_DETACH_ACTION HASP_INV_RECIPIENT HASP_TOO_MANY PRODUCTS HASP_INV_PRODUCT HASP_INSUF_MEMORY HASP_DEVICE_ERROR
Request was successfully completed Invalid XML detach_action parameter Invalid XML recipient parameter
hasp_detach scope does not specify a unique
Product Invalid Product information System out of memory Input/output error occurred in secure storage area of HASP SL key OR In the case of a HASP HL key, USB communication error occurred Communication error occurred between the application and the local HASP HASP License Manager Communication error occurred between the local and remote HASP License Managers
HASP_LOCAL_COMM_ERROR HASP_REMOTE_COMM_ERROR
Usage Notes The requisite Vendor Codes are stored in a VendorCodes directory in the system. You cannot run the function without the correct Vendor Codes being available. Related Topics
hasp_get_info() hasp_get_sessioninfo()
Additional information is also available in the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation.
hasp_encrypt()
Description
EncryptsabufferusingtheAESencryptionalgorithm.
Syntax
hasp_status_t HASP_CALLCONV hasp_encrypt( hasp_handle_t handle, void * buffer, hasp_size_t length )
Parameters
handle buffer length
Handle for the session Pointer to the buffer to be encrypted Size (in bytes) of the buffer to be encrypted16 bytes minimum required
Return Values
HASP_STATUS_OK HASP_INV_HND HASP_DEVICE_ERR HASP_TIME_ERR HASP_TOO_SHORT HASP_SCHAN_ERR HASP_ENC_NOT_SUPP HASP_HASP_NOT_FOUND HASP_LOCAL_COMM_ERR HASP_REMOTE_COMM_ERR
Request was successfully completed Invalid input handle Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error System time has been tampered with Encryption data length is too short Communications error in secure channel Hardware does not support encryption type Required HASP key not found Communication error occurred between the application and the local HASP License Manager Communication error occurred between the local and remote HASP License Managers
hasp_encrypt()
235
Usage Notes
EncodesdatausingtheencryptionengineintheHASP SRM protectionkey.The specifiedsessionhandledetermineswhich HASP SRMprotectionkeyperformstheencryptionofthedatabuffer. TheencryptionkeyremainsintheHASP SRMprotectionkey.Ifthe encodingoperationfails,thedatatargetedforencryptionisnot affected.Todecodethedatabuffer,usethehasp_decrypt()function.
Related Topics
hasp_decrypt()
hasp_free()
Description
ReleasesmemoryresourcesutilizedbyotherAPIfunctions.
Syntax
void HASP_CALLCONV hasp_free(char * info)
Parameters
info
Usage Notes
UsedonlyinCcodetoreleasememoryresourcesallocatedtostoring retrieveddatafromAPIcallsusingthehasp_get_sessioninfo()and hasp_update()functions.Thefunctionhasnoreturnvalues.
Related Topics
hasp_get_sessioninfo() hasp_update()
hasp_get_rtc()
237
hasp_get_rtc()
Description
ReadsthecurrenttimefromaHASP HL TimeorHASP HL NetTimekey.
Syntax
hasp_status_t HASP_CALLCONV hasp_get_rtc( hasp_handle_t hasp_time_t * ) handle, time
Parameters
handle time
Return Values
HASP_STATUS_OK HASP_INV_HND HASP_HASP_NOT_FOUND HASP_NO_BATTERY_POWER HASP_NO_TIME HASP_LOCAL_COMM_ERR HASP_REMOTE_COMM_ERR
Request was successfully completed Invalid input handle Required HASP SRM protection key not found Real-time clock has run out of power Real-time clock is not available Communication error occurred between the application and the local HASP License Manager Communication error occurred between the local and remote HASP License Managers
Usage Notes
Primarilyusedtoobtainreliabletimestampsthatareindependentof thesystemclock.Timevaluesarereturnedasthenumberofseconds thathaveelapsedsinceJan.0119700:00hoursUTC.Usethe hasp_hasptime_to_datetime()functiontoconverttheoutputtoUTC format.ThisfunctionreadstheHASP HL Netkeyand HASP HL NetTimekeytime,nottheexpirationdatetime.
hasp_get_sessioninfo()
Description
Retrievesinformationregardingasessioncontext.
Syntax
hasp_status_t HASP_CALLCONV hasp_get_sessioninfo( hasp_handle_t handle, char * format, char ** info )
Parameters
handle format
Handle for the session XML definition for the type of output data structure. There are three format options: 1. HASP_KEYINFO: For retrieving information on the HASP SRM protection key. 2. HASP_SESSIONINFO: For retrieving information on the session. 3. HASP_UPDATEINFO: For retrieving information on a license update usually contained in a C2V file. The retrieved information includes information on update counters, licenses and memory images currently available in a deployed HASP SRM protection key. For more information, refer to the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation.
info
Return Values
HASP_STATUS_OK HASP_HASP_NOT_FOUND HASP_INV_HND HASP_INV_FORMAT
Request was successfully completed HASP SRM protection key is no longer available Invalid input handle Unrecognized format
hasp_get_sessioninfo()
HASP_INSUF_MEM HASP_BROKEN_SESSION HASP_LOCAL_COMM_ERR
239
Out of memory Session has been interrupted Communication error occurred between the application and the local HASP License Manager Communication error occurred between the local and remote HASP License Managers Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error System time has been tampered with
HASP_REMOTE_COMM_ERR
HASP_DEVICE_ERR
HASP_TIME_ERR
Usage Notes
WhenusingtheHASP_UPDATEINFOparameter,theHASP SRM protectionkeymustbeaccessiblebythelocalmachine. Theretrievedsessioninformationappliesto:
Related Topics
hasp_free() hasp_get_info()
hasp_get_info()
Description
Retrievesinformationaboutsystemcomponents,accordingto customizablesearchparameters,andpresentsitaccordingto customizableformats.
Syntax
hasp_status_t HASP_CALLCONV hasp_get_info( char * scope, char * format, hasp_vendor_code_t vendor code, char ** info )
Parameters
scope
Definition of the data that is to be searched. For more information, refer to the Scope XML Tags in the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation. Definition of the format in which the data is to be displayed. For more information, refer to the Scope XML Tags in the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation. Pointer to the Vendor Code Pointer to the information that is retrieved
format
Return Values
HASP_STATUS_OK HASP_INV_FORMAT HASP_INV_SCOPE HASP_INSUF_MEM
Request was successfully completed Unrecognized format Unrecognized scope Out of memory
hasp_get_info()
HASP_BROKEN_SESSION HASP_LOCAL_COMM_ERR
241
Session has been interrupted Communication error has occurred between the application and the local HASP License Manager Communication error has occurred between the local and remote HASP License Managers Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error Invalid Vendor Code Vendor Code not recognized by API Scope string too long (maximum length 32 KB)
HASP_REMOTE_COMM_ERR
HASP_DEVICE_ERR
Usage Notes
YoudonotneedtobeloggedintoHASP VendorSuiteinordertouse thisfunction. Thisfunctionisusedtospecifyconditionsaboutwheretosearchfor information.Inaddition,itenablesyoutospecifyconditionsaboutthe formatinwhichtheretrievedinformationispresented.Ifretrieved informationisappropriatelyformatted,itcanbeusedasatemplatein thehasp_login_scope()function. TherequisiteVendorCodesarestoredinaVendorCodesfolderinyour system.WithoutthecorrectVendorCode,thefunctioncallcannot succeed.
Related Topics
hasp_get_sessioninfo() hasp_free()
hasp_get_size()
Description
RetrievesthebytesizeofamemoryfilefromaHASP SRMprotection key.
Syntax
hasp_status_t HASP_CALLCONV hasp_get_size( hasp_handle_t hasp_fileid_t hasp_size_t * ) handle, fileid, size
Parameters
handle fileid
Handle for the session Identifier for the file that is to be queried. Possible values are FILEID_RO or FILEID_RW for read only or read/write. Pointer to the resulting file size
size
Return Values
HASP_STATUS_OK HASP_INV_HND HASP_INV_FILEID HASP_TIME_ERR HASP_HASP_NOT_FOUND HASP_LOCAL_COMM_ERR
Request was successfully completed Invalid input handle Unrecognized file identifier System time has been tampered with HASP SRM protection key is no longer available Communication error occurred between the application and the local HASP License Manager Communication error occurred between the local and remote HASP License Managers
HASP_REMOTE_COMM_ERR
hasp_get_size()
243
Usage Notes
ThisfunctionisusedtodeterminethefilesizeoftheHASP SRM protectionkeymemory.Thefilesizeenablesyoutodeterminethe largestpossiblebytesizeoffset.Thisinformationisusefulwhen readingorwritingtothememoryofaHASP SRMprotectionkey. The firstbyteinafilehastheindex0.
Related Topics
hasp_read() hasp_write()
hasp_hasptime_to_datetime()
Description
Convertsatimevalue(elapsedsecondssinceJanuary 1,1970)intoa dateandtime.
Syntax
hasp_status_t HASP_CALLCONV hasp_hasptime_to_datetime( hasp_time_t unsigned int unsigned int unsigned int unsigned int unsigned int unsigned int ) time, * day, * month, * year, * hour, * minute, * second
Parameters
time day month year hour minute second
Pointer for placing time value Pointer for day value Pointer for month value Pointer for year value Pointer for hour value Pointer for minute value Pointer for second value
Return Values
HASP_STATUS_OK HASP_INV_TIME
Request was successfully completed Passed time value is outside the supported value range
hasp_hasptime_to_datetime()
245
Usage Notes
AllvaluesarebasedonCoordinatedUniversalTime(UTC). The converteddateandtimevaluereflectsthenumberofelapsed secondssinceJan.1,1970.Thisconversionfunctionisusedin conjunctionwiththeAPIfunctionsthatsetorretrievevaluesforthe realtimeclock(RTC)intheHASP HL TimeandHASP HL NetTime keys.
Related Topics
hasp_datetime_to_hasptime()
hasp_login()
Description
LogsintoaFeatureandtherebyestablishesasessioncontext.
Syntax
hasp_status_t HASP_CALLCONV hasp_login( hasp_feature_t feature_id, hasp_vendor_code_t vendor_code, hasp_handle_t * handle )
Parameters
feature id vendor code handle
Unique identifier for a specific Feature stored in a HASP SRM protection key. Pointer to the Vendor Code Pointer to the session handle
Return Values
HASP_HASP_NOT_FOUND HASP_STATUS_OK HASP_FEATURE_NOT_FOUND HASP_FEATURE_TYPE_NOT_IMPL HASP_TMOF HASP_INSUF_MEM HASP_INV_VCODE HASP_NO_DRIVER HASP_NO_VLIB HASP_INV_VLIB HASP_OLD_DRIVER HASP_UNKNOWN_VCODE
Required HASP SRM protection key not found Request was successfully completed Cannot find requested Feature Requested Feature type not available Too many open sessions Out of memory Invalid Vendor Code Driver not installed Vendor library cannot be found Vendor library cannot be loaded Old driver installed Vendor Code not recognized by the API
hasp_login()
HASP_FEATURE_EXPIRED HASP_TOO_MANY_USERS HASP_OLD_LM HASP_DEVICE_ERR HASP_TIME_ERR HASP_TS_DETECTED HASP_HARDWARE_MODIFIED
247
Feature has expired Too many HASP SRM protection keys currently connected HASP License Manager version out of date Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error System time has been tampered with Program is running remotely on a Terminal Server HASP SL key incompatible with machine hardware. HASP SL key locked to different hardware. OR In the case of a V2C file, conflict between HASP SL key data and machine hardware data. HASP SL key locked to different hardware. Communication error occurred between the application and the local HASP License Manager Communication error occurred between the local and remote HASP License Managers Vendor library too old
HASP_LOCAL_COMM_ERR HASP_REMOTE_COMM_ERR
HASP_OLD_VLIB
Usage Notes
ThisfunctionestablishesacontexttoaHASP SRMprotectionkey containingalicensefortherequestedFeature ID. WhenthedefaultFeature ID 0isused,theAPIsearchesonlyforthe HASP SRMprotectionkeyandignoresthelicensinginformation specifiedinthekey. TherequisiteVendorCodesarestoredinaVendorCodesfolderinyour system.WithoutthecorrectVendorCode,thefunctioncallcannot succeed.Youcanopenupto512simultaneousloginsessions.
Related Topics
hasp_logout() hasp_login_scope()
Additional information is also available in the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation.
hasp_login_scope()
Description
LogsintoaFunctiontoestablishasession,accordingtopredefined searchparameters.
Syntax
hasp_status_t HASP_CALLCONV hasp_login_scope( hasp_feature_t featureid, char * scope hasp_vendor_code_t vendor_code, hasp_handle_t * handle )
Parameters
feature id scope
Unique identifier for a specific Feature stored in a HASP SRM software protection key. Definition of the data that is to be searched for the licenses. For more information, refer to the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation. Pointer to the Vendor Code Pointer to the session handle
Return Values
HASP_STATUS_OK HASP_FEATURE_NOT_FOUND HASP_SCOPE_RESULTS_EMPTY HASP_HASP_NOT_FOUND HASP_TMOF HASP_INSUF_MEM HASP_INV_VCODE HASP_NO_DRIVER
Request was successfully completed Requested Feature no longer available Unable to locate a Feature matching the scope HASP SRM protection key is no longer available Too many open sessions System out of memory Invalid Vendor Code passed Required driver not installed
hasp_login_scope()
HASP_OLD_DRIVER HASP_UNKNOWN_VCODE HASP_INVALID_PARAMETER HASP_LOCAL_COMM_ERR HASP_REMOTE_COMM_ERR HASP_FEATURE_EXPIRED HASP_TOO_MANY_USERS HASP_OLD_LM HASP_DEVICE_ERR HASP_TIME_ERR HASP_FEATURE_TYPE_NOT_IMPL HASP_INV_SCOPE HASP_NO_VLIB HASP_INV_VLIB
249
Installed driver too old to execute function Vendor Code not recognized by API Scope string too long (max. length 32 KB) Communication error between application and local HASP License Manager Communication error between local and remote HASP License Managers Feature has expired Too many users currently connected HASP License Manager too old Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error System time has been tampered with Requested Feature type not implemented XML specification invalid Vendor library cannot be found Vendor library cannot be loaded Vendor library too old
HASP_OLD_VLIB
Usage Notes
Thisfunctionisusedtospecifyconditionsthatspecifywherelogin informationistobesearchedfor. TherequisiteVendorCodesarestoredinaVendorCodesfolderinyour system.WithoutthecorrectVendorCode,thefunctioncallcannot succeed.Youcanopenupto512simultaneousloginsessions.
Related Topics
Additional information is also available in the XML Tags section of the HASP SRM Run-time API Reference in the Help documentation.
hasp_logout()
Description
Logsoutfromacontextorsession.
Syntax
hasp_status_t HASP_CALLCONV hasp_logout( hasp_handle_t ) handle
Parameters
handle
Return Values
HASP_STATUS_OK HASP_INV_HND HASP_LOCAL_COMM_ERR
Request was successfully completed Invalid input handle Communication error occurred between the application and the local HASP License Manager Communication error occurred between the local and remote HASP License Managers
HASP_REMOTE_COMM_ERR
Usage Notes
UsethisfunctiontoendaconnectiontoanAPIobject.Oncelogged outfromasession,allmemoryallocatedforthesessionisreleased. TheconnectiontotheHASP LicenseManagerclosesiftheloggedout connectionwasthelastAPIsession.
Related Topics
hasp_login() hasp_login_scope()
hasp_read()
251
hasp_read()
Description
ReadsthememoryofaHASP SRMprotectionkey.
Syntax
hasp_status_t HASP_CALLCONV hasp_read ( hasp_handle_t handle, hasp_fileid_t fileid, hasp_size_t offset, hasp_size_t length, void * buffer )
Parameters
handle fileid
Handle for the session Identifier for the file that is to be queried. Possible values are FILEID_RO or FILEID_RW for read only or read/write. Byte offset for the file Number of bytes to be read from the file Pointer to the retrieved data
Return Values
HASP_STATUS_OK HASP_INV_HND HASP_BROKEN_SESSION HASP_INV_FILEID HASP_SCHAN_ERR HASP_MEM_RANGE
Request was successfully completed Invalid input handle Session has been interrupted Unrecognized file identifier Communication error in secure channel Out of memory
Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error System time has been tampered with HASP SRM protection key not found Communication error occurred between the application and the local HASP License Manager Communication error occurred between the local and remote HASP License Managers
HASP_REMOTE_COMM_ERR
Usage Notes
Usethehasp_get_size()functiontodeterminethesizeofthefileyou wanttoread.
Related Topics
hasp_get_size() hasp_write()
hasp_update()
253
hasp_update()
Description
WritesanupdateforaHASP SRMlicense.
Syntax
hasp_status_t HASP_CALLCONV hasp_update ( char * update_data, char ** ack_data )
Parameters
update_data ack_data
Pointer to the complete update data Pointer to a buffer to retrieve the acknowledge data
Return Values
HASP_INV_UPDATE_DATA HASP_INV_UPDATE_OBJ HASP_NO_ACK_SPACE HASP_KEYID_NOT_FOUND HASP_INV_UPDATE_NOTSUPP HASP_UNKNOWN_ALG HASP_INV_UPDATE_CNTR HASP_TOO_MANY_KEYS HASP_INV_SIG HASP_LOCAL_COMM_ERR HASP_DEVICE_ERR
Required XML tags not found, OR contents in binary data missing or invalid Binary data does not contain an update Acknowledge data requested by the update, however the ack_data input parameter is NULL HASP SRM license to be updated not found Update not supported by the HASP SRM protection key Unknown algorithm used in V2C file Update counter is set incorrectly Too many HASP SRM protection keys currently connected Signature verification failed Communication error occurred between the application and the local HASP License Manager Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error
System time has been tampered with Trying to install a V2C file with an update counter that is out of sequence with the update counter in the HASP SRM protection key. The values of the update counter in the file are lower than those in the HASP SRM protection key. Trying to install a V2C file with an update counter that is out of sequence with the update counter in the HASP SRM protection key. The first value in the file is more than 1 greater than the value in the HASP SRM protection key. HASP SL key incompatible with machine hardware. HASP SL key locked to different hardware. OR In the case of a V2C file, conflict between HASP SL key data and machine hardware data. HASP SL key locked to different hardware. Communication error occurred between the application and the local HASP License Manager
HASP_UPDATE_TOO_NEW
HASP_HARDWARE_MODIFIED
HASP_LOCAL_COMM_ERR
Usage Notes
Thisfunctionwritesupdateinformation.NotethattheHASP SRM protectionkeymustbeaccessiblebythelocalmachine. Theupdatecodecontainsallnecessarydatatoperformtheupdateon thedeployedHASP SRMprotectionkeyincluding: 1. 2. 3. Wheretheupdatedinformationistobewritten ThenecessaryaccessdataVendorCode Theactualupdateinformation
Thefunctionreturnsanacknowledgementcodethatis signed/encryptedbytheupdate.Thecodeisevidencethatanupdate hasbeenappliedtoalicense.Memoryfortheacknowledgedatais allocatedbytheAPIandmustbereleasedusing hasp_free(). ThisfunctionisanextensionofthemainHASP SRMRuntimeAPI andisutilizedbytheHASP SRMRemoteUpdateSystemutilityto updateHASP SRMprotectionkeylicenses.
Related Topics
hasp_free()
hasp_write()
255
hasp_write()
Description
WritestothememoryofaHASP SRMprotectionkey.
Syntax
hasp_status_t HASP_CALLCONV hasp_write( hasp_handle_t handle, hasp_fileid_t fileid, hasp_size_t offset, hasp_size_t length, void * buffer )
Parameters
handle fileid offset length buffer
Handle for the session Identifier for the file to write. Possible value is FILEID_RW for read/write. Byte offset for the file Number of bytes to be written to the file Pointer to the retrieved data
Return Values
HASP_STATUS_OK HASP_INV_HND HASP_BROKEN_SESSION HASP_INV_FILEID HASP_SCHAN_ERR HASP_MEM_RANGE HASP_TIME_ERR
Request was successfully completed Invalid input handle Session has been interrupted Unrecognized file identifier Communications error in secure channel Out of memory System time has been tampered with
Input/output error in HASP SL secure storage, OR, in the case of a HASP HL key, USB communication error Access to Feature is denied Required HASP SRM protection key not found Communication error occurred between the application and the local HASP License Manager
Related Topics
hasp_get_size() hasp_read()
257
Status Code
HASP_STATUS_OK HASP_MEM_RANGE HASP_INSUF_MEM HASP_TMOF HASP_ACCESS_DENIED HASP_INCOMPAT_FEATURE HASP_HASP_NOT_FOUND HASP_TOO_SHORT HASP_INV_HND HASP_INV_FILEID HASP_OLD_DRIVER HASP_NO_TIME HASP_SYS_ERROR HASP_NO_DRIVER HASP_INV_FORMAT HASP_REQ_NOT_SUPP HASP_INV_UPDATE_OBJ HASP_KEYID_NOT_FOUND HASP_INV_UPDATE_DATA HASP_INV_UPDATE_NOTSUPP HASP_INV_UPDATE_CNTR
Description
Request successfully completed Request exceeds the HASP SRM protection key memory range System out of memory Too many open sessions Access to Feature denied Legacy decryption function cannot work on the Feature HASP SRM protection key no longer available Encrypted/decrypted data length too short to execute function call Invalid handle passed to function Specified File ID not recognized by API Installed driver too old to execute function Real-time clock (rtc) not available Generic error from host system call Required driver not installed Unrecognized file format for update Unable to execute function in this context Binary data passed to function does not contain an update HASP SRM license you requested to update not found Required XML tags not found. Contents in binary data are missing or invalid. Update request not supported by HASP SRM protection key Update counter not set correctly
Status Code
HASP_INV_VCODE HASP_ENC_NOT_SUPP HASP_INV_TIME HASP_NO_BATTERY_POWER HASP_NO_ACK_SPACE HASP_TS_DETECTED
Description
Invalid Vendor Code passed HASP SRM protection key does not support encryption type Passed time value outside supported value range Real-time clock battery out of power Acknowledge data requested by the update ack_data parameter is NULL Program running remotely on a terminal server Unknown algorithm used in V2C file Signature verification operation failed Requested Feature no longer available Access log not enabled Communication error between program and local HASP License Manager Vendor Code not recognized by API Invalid XML specification Invalid XML scope Too many HASP SRM protection keys currently connected Too many users currently connected Session has been interrupted Communication error between local and remote HASP License Managers Feature expired HASP License Manager version too old Input/output error occurred in secure storage area of HASP SL key OR In the case of a HASP HL key, USB communication error occurred Update installation not permitted
HASP_FEATURE_TYPE_NOT_IMPL Requested Feature type not implemented HASP_UNKNOWN_ALG HASP_INV_SIG HASP_FEATURE_NOT_FOUND HASP_NO_LOG HASP_LOCAL_COMM_ERROR HASP_UNKNOWN_VCODE HASP_INV_SPEC HASP_INV_SCOPE HASP_TOO_MANY_KEYS HASP_TOO_MANY_USERS HASP_BROKEN_SESSION HASP_REMOTE_COMM_ERROR HASP_FEATURE_EXPIRED HASP_OLD_LM HASP_DEVICE_ERR
44
HASP_UPDATE_BLOCKED
259
Status Code
HASP_TIME_ERR HASP_SCHAN_ERR HASP_STORAGE_CORRUPT HASP_NO_VLIB HASP_INV_LIB HASP_SCOPE_RESULTS_EMPTY HASP_HARDWARE_MODIFIED
Description
System time has been tampered with Communication error occurred in secure channel Corrupt data exists in secure storage area of HASP SRM protection key Unable to find Vendor library Unable to load Vendor library Unable to locate any Feature matching scope HASP SL key incompatible with machine hardware. HASP SL key locked to different hardware. OR In the case of a V2C file, conflict between HASP SL key data and machine hardware data. HASP SL key locked to different hardware. Login denied because of user restrictions Trying to install a V2C file with an update counter that is out of sequence with update counter in the HASP SRM protection key. Values of update counter in file are lower than those in HASP SRM protection key. Trying to install a V2C file with an update counter that is out of sequence with the update counter in the HASP SRM protection key. First value in file is more than 1 greater than value in HASP SRM protection key Vendor library too old Unable to locate dynamic library for API Dynamic library for API is invalid Object incorrectly initialized Scope string too long (max. length 32 KB) Logging in twice to same object Logging out twice from same object Incorrect use of system or platform Requested Feature type not implemented Internal error occurred in API
53 54
HASP_USER_DENIED HASP_UPDATE_TOO_OLD
55
HASP_UPDATE_TOO_NEW
HASP_OLD_VLIB
HASP_NO_API_DYLIB HASP_INVALID_API_DYLIB HASP_INVALID_OBJECT HASP_INVALID_PARAMETER HASP_ALREADY_LOGGED_IN HASP_ALREADY_LOGGED_OUT HASP_OPERATION_FAILED HASP_NOT_IMPL HASP_INT_ERR
Index
Symbols
.NETassemblies considerations 94 globalFeature 95 Methodlevelprotection 95 methodspecificsettings 97 obfuscation 99 protecting 94 APIlibraries generating 54, 70 merging 54, 70 Attacks clocktampering 107 cloninghardwarekeys 106 defenseagainst 104 emulatingprotectionkeys 105 modifyingkeymemory 104 patchingexecutables 104 usingterminalservers 106
A
ActivatingProducts 161 about 118 manually 182 withHASP HLkeys 130, 144 withHASP SLkeys 131, 144 AdminControlCenter about 199 administratorsworkflow 202 configuration 202 interface 200 launching 200 Administration functions 120 role 119, 178 tasks 178 AESdecryption, SeeDecryption AESencryption, SeeEncryption
B
BaseProduct 143 BatchCodes about 36 DEMOMA 121, 178 forFeatures 139 fororders 157 forProducts 142 forRUS 173, 184 HASP SRMuseraccess 179 introducinginHASP SRM 178 maintaining 180 BrandingRUS 173, 184 Bundles, SeeProvisionalProducts
262 Index
BusinessStudio about 115 evaluating 121, 178 roles 119 window 122 BusinessStudioServer, SeeServer
D
Datafiles dfcrypt.exeencryption 92 encrypting 92 handling 91 DataHASP about 109 encryptingdatafiles 110 functionality 112 prerequisites 111 Decryption 61 about 42 Default lockingtype 144, 182 password 178 username 178 DEMOMA BatchCode 121, 178 Developerkey, SeeVendorkeys Developerkit 21 Development activities 170 functions 170 role 119, 157, 170 Distributing RUS 173 SeeEndusersoftware DLLforRuntimeEnvironment installer 172 Duplicating Products 148
C
C2V checkinginfiles 164 dataforcancellation 152 datainfiles 164 datainkeys 164 generatingfiles 164, 173, 184 storingdataonserver 164 viewingdata 164 Cancelinglicenses 152 CancellationProducts about 152 defining 152 example 153 CheckinginC2Vfiles 164 Comparingprotectionsolutions 30 Concurrentinstances changingsettings 150 counting 145 licenseterms 145 networkenvironment 145 perorder 146, 160 Connectiondetails 181 Crosslocking 34 CustomerServices function 157 role 119, 182 Customers CustomerID 158 defining 158 locating 158 orders 158 CustomizingRUS 173, 184
E
Encryption 61 about 42 datafiles 92 DataHASP 109 dfcrypt.exe 92
Index
Endusersoftware haspdinst.exe 196 HASPUserSetup.exe 196 mergemodules 194 Envelope .NETconsiderations 94 customizableparameters 87 Encryptingdatafiles 92 functionality 81 mandatoryparameters 87 prerequisites 83 protecting.NETassemblies 94 protectingWin32programs 89 runningfromcommandline 85 usingFeatures 88 workflow 83 Examples definingFeatures 128 definingProducts 129 graceperiod 174 licensecancellation 153 licenseterms 134 ModificationProduct 151 orderforHASP HLkeys 165 orderforHASP Update 166 orderforProductKeys 165 orderusingHASP SL 165 protectionlevels 134 ProvisionalProducts 174 remoteupdatewithRUS 185 trialuse 174 EXEfile Protecting,SeeEnvelope RuntimeEnvironmentinstaller 172 withV2Cdata 171, 185 Export AdminControlCenterformat 173 CPPstyleheader 173 Cstyleheader 173 CSVformat 173 Featuredata 140 XMLformat 173
263
F
Features about 116 BatchCodes 139 defining 139 detachablelicenses 145 example 128 exporting 140 FeatureID 140 Featurename 139 identifying 128 inEnvelope 88 inProducts 129, 142 licenseterms 133 statusvalues 140 transferringdata 140 withdrawing 140 Files C2V 152, 164 defaultlocations 182 EXEwithV2Cdata 162, 169, 171 Export 140 ProductKeys 161, 169 Protecting,SeeEnvelope ProvisionalProducts 171 RuntimeEnvironmentEXE 172 RuntimeEnvironmentinstallerDLL 172 V2C 162, 169, 171 FormattingHASPHLkeys 164
G
Graceperiods about 132 example 174 ProvisionalProducts 147
264 Index
H
HASPmemory, SeeMemory HASPsearchmode 88 HASPUpdates implementing 118 HASP HLkeys formatting 164 orderexample 165 orders 160, 168 Productactivation 130, 144 protection 130, 144 updatinglicenseswithRUS 186 HASP SLkeys orderexample 165 orders 161 Productactivation 131, 144, 161 protection 131, 144 RuntimeEnvironment 161, 171 updatinglicenseswithRUS 186 HASP SRMBusinessStudio, SeeBusinessStudio HASP SRMDeveloperkey, SeeVendorkeys HASP SRMEnvelope, SeeEnvelope HASP SRMMasterkey, SeeVendorkeys HASP SRMprotectionkeys, SeeProtectionkeys HASP SRMRemoteUpdateSystem, SeeRUS HASP SRMRuntimeEnvironment, SeeRuntimeEnvironment 193 HASP SRMRuntime API, SeeRuntime API HASP SRMToolBox, SeeToolBox HASP SRMusers, SeeUsers(HASP SRM) HASP SRMVendorkeys, SeeVendorkeys HASP Updates
about 162 applyingremotely 162 applyingwithRUS 185 locatingkeys 162 orderexample 166 orders 162 receipt 162 RUSexample 185 haspdinst.exe 196 HASPUserSetup.exe 196
I
ID customer 158 Feature 140 order 158 Installing ProvisionalProducts 171 RuntimeEnvironment 171 Server 120 IntroducingVendorkeys 120, 181
K
Key, SeeProtectionkeys SeeVendorkeys
L
Licenseterms about 133 assigningvalues 145 canceling 151152 concurrentinstances 145 example 134 ModificationProducts 150 networkaccess 145 remotedesktopusers 146 remoteupdates 162 revoking 151 selectinglicensetype 145
Index
specifying 145 transferring 151 updating 162 valuesperorder 146, 160 virtualmachine 146 Licensetypes about 133 assigningvalues 145 selecting 145 valuesperorder 146 Licensing about 126 fundamentals 31 models 126 planning 32, 116, 126 solutions 32 LicensingPlanfunctions 138 Locatingkeysforupdate 162 LockingHASP SRMusers 180 Lockingtypes about 130 default 144, 182 HASP HLonly 130, 144 HASP HLorHASP SL 132, 144 HASP SLonly 131, 144 Productsinorders 159 selecting 143 Mergemodules 194 ModificationProducts about 149 defining 150 example 151 licenseterms 150
265
N
Network accesstolicense 145 concurrentinstances 145
O
Obfuscationin.NETassemblies 99 ObsoleteProduct 148 OrderManagement functions 157 role 119, 157, 167 Orders about 117 customers 158 defining 158 examples 164 forHASP HLkeys 160, 168 forHASP SLkeys 161 forHASP Updates 162 forProductKeys 161, 169 holding 163 inproductionqueue 163 includingProducts 159 OrderID 158 priority 163 producing 168 Productlockingtypes 159 referencedata 163 savingdata 163 statusvalues 163
M
Mac distributingRuntimeEnvironment 197 installingRuntimeEnvironment 47 Masterkey, SeeVendorkeys MasterHASPWizard 70 Memory about 135 defining 146 read/write 135, 147 readonly 135, 147 storingdata 147 utilizing 63
266 Index
P
Passwords(HASP SRM) assigningtousers 180 changing 120 default 178 receiving 120 Productactivation 161 manual 182 withHASP HLkeys 130, 144 withHASP SLkeys 131, 144 ProductKeys about 161 files 161, 169 orderexample 165 orders 161, 169 Productactivation 182 proofofpurchase 161 serververification 161 usewithHASP SL 161 ProductManagementrole 119, 137 Production functions 156 ordersforHASP HLkeys 168 ordersforProductKeys 169 ordersinqueue 163 role 119, 157, 167 Products about 116 activation 118 BaseProduct 143 BatchCodes 142 CancellationProducts 152 defining 142 duplicating 148 example 129 grace,SeeProvisionalProducts inorders 159 includingFeatures 129, 142 lockingtypes 130, 143 memory 146 ModificationProducts 149 ObsoleteProducts 148 Productname 142
ProvisionalProducts 147 referencedata 142 statusvalues 148 trial,SeeProvisionalProducts types 143 withdrawing 148 ProtectOnceDeliverMany 34 Protection againstcopying 28 API,SeeRuntimeAPI attacktypes 104 DataHASP 109 defenseagainstattacks 104 elements 60 Encrypting/DecryptingwithHASP SRMprotectionkey 108 encryptionanddecryption 42 fundamentals 28, 102 insertingmultiplecalls 107 intellectualproperty 28 Methodlevel 95 options 64 programsanddatafiles 60 selectingmethod 63 solutions 29 solutions,combined 31 solutions,comparison 30 usingchecksumverification 108 usingRuntimeAPIandEnvelope 107 Protectionkeys attributes 39 fororders 159 HASP HLkeys 38 HASP SLkeys 39 locatingforupdate 162 locking 130 memory 147 searchingfor 88 selecting 37 updating 162
Index
Protectionlevels example 134 HASP HLkeys 130, 144 HASP SLkeys 131, 144 perorder 132, 144 ProvisionalProducts 174 defining 147 description 133, 170 example 174 generatingbundles 171 generatingV2Cfile 172 inorders 159 installing 161, 171 keyID 171 licenseterms 147, 171 outputfiles 171 properties 147 vendorlibrary 171
267
R
Remotedesktop accesstolicense 146 RemoteUpdateSystem, SeeRUS Roles Administration 119, 178 CustomerServices 119, 182 Development 119, 157, 170 forHASP SRMusers 179 OrderManagement 119, 157 ProductManagement 119 Production 119, 157 RTE, SeeRuntimeEnvironment RuntimeAPI about 67 functionality 77 loginfunction 75 planningrequirements 73 prerequisites 69 samples 73 ToolBox 72 workflow 74
RuntimeEnvironment commandlineinstaller 172 distributingforMac 197 distributingtoendusers 193 EXEfile 172 generatinginstaller 171172 initializing 161 installerAPI 172 installerDLL 172 Macinstallation 47 updating 194 RUS applyingHASP Updates 185 BatchCode 173, 184 branding 173, 184 customizing 173, 184 description 173, 183 distributing 173, 184 example 185 executable 184 generatingC2Vfiles 173, 184 instructionsforendusers 186 processingV2Cfiles 162, 169, 185 withHASP HLkeys 186 withHASP SLkeys 186
S
Server connectingMasterkey 120121 installing 120 storingC2Vdata 164 verifyingProductKeys 161 Solutions combinedprotection 31 customizing 35 protection 29 protection,comparison 30 Starterkit 22 Statusvalues Features 140 orders 163 Products 148
268 Index
Support technical 24 training 24 Systemsettings 181 VendorCode about 36 extracting 53, 70 MasterHASPWizard 53, 70 Vendorkeys Developerkey 37 extractingVendorCode 70 introducing 120, 181 Masterkey 37 Vendorlibrary 171 VendorSuite 120 VendortoCustomerfile, SeeV2C Virtualmachine accesstolicense 146
T
Technicalspecifications 39 ToolBox about 72 encryptingdata 74 Trialware about 132 example 174 ProvisionalProducts 147
U
Updates, SeeHASP Updates Updatingdeployedkeys 162 Userroles, SeeRoles Users(HASP SRM) accesstobatches 179 defaultusername 178 defining 179 locking 180 passwords 120, 180 preventingaccess 180 roles 179 usernames 120, 179 viewingdetails 179
W
Win32programs behaviorofprotectedprograms 89 datafileprotection 90 Withdrawing Features 140 Products 148
V
V2C datainEXE 162 defaultfilelocation 169 fileforProvisionalProducts 171 generatingfiles 162, 169, 185 inputtoRuntimeEnvironment 172 launchingfiles 173 processingwithRUS 162, 169