Dongle Security and Copy Protection

Also known as hardware tokens, hardware keys or security devices, dongles are increasingly being used to protect software from illegal copying. This small piece of hardware achieves this by locking the software to the dongle; each time the protected program is executed, it will check for the presence of the USB dongle. The program will only run if the correct dongle is found. I some cases,.

Security Dongle Features

Some of the features offered by various different type of security dongle include:

• Ability to control the number of times the program is executed.
• Ability to set an expiry date for the program.
• Ability to control which parts of the program are usable.
• Ability to set the program to run for a limited number of days.
• Ability to remotely set the above parameters by issuing the customer with a unique, secure code.
• The use of strong encryption techniques (RSA encryption, strong 128-bit encryption or both).

Issues with Security Dongles

Modern security dongles include built-in strong encryption and utilise fabrication techniques that are designed to combat reverse engineering. They often contain non-volatile memory, so that key portions of the software can be stored and run on the dongle. However, some experts think that security dongles do not solve the trusted client problem: if the user is given the cryptographic ciphertext, the algorithm and the key, then it is though that the cipher is likely to be breakable, even if the key and algorithm are encoded in hardware.

Another serious threat to the security dongles is hardware cloning, where the dongle is emulated by a device driver. To combat this, a number of dongle manufacturers have brought in smart card OS products, which are often used in dongles for extremely rigid security requirement environments such as banking and the military. A more ground-breaking modern dongle is designed with a code porting mechanism, which means that the license enforcement or part of the important program code can be transferred into a secure hardware environment.

Attempts to introduce dongle copy-prevention in the mainstream software market have met stiff opposition from users, and the majority of devices are used with vertical market software and expensive packages, such as Digital Audio Workstation applications, CAD/CAM software, MICROS Systems hospitality and special retail software, translation memory packages and the vast majority of prepress and printing software. End-users particularly dislike the need for specific drivers for these dongles; however, there are a number of driverless dongles on the market, which make the protection simpler for both software vendors and end-users.

In counterfeit versions of a program, the code to check for a dongle is often circumvented or deleted, and consequently, the fake version may be easier to use and may therefore seem preferable to the original.