=Spica Shui=

SecureDongle is the market's most wanted Software License and Copyright Protection dongle that offer Maximum Security but Minimum Learning and Investment.

SecureDongle was built based on advanced microprocessor smart chip which has been certified by EAL4+ and ITSEC. The smart chip based hardware architecture ensures complete security against risk of Dongle hardware being cloned or duplicated. In addition to hardware advantage, SecureDongle was also built with a very user friendly interfaces on its bundled firmware and utilities. Unlike many other competing products where their shortcomings are summarized as below:

• Non-Smart Chip based
  Usually based on common low cost EEPROM where the main protection algorithms rely more on the firmware that is bundle together rather than on the hardware. This type of hardware architecture can easily be duplicated by many Dongle Duplication Experts.
• Smart Chip based
  There are few smart chip based dongles available on the market and most of them is very complicated to integrate; a fresh dongle user might need to spend weeks to months in order to be able to come up with a good protection.

Maximum Security
SecureDongle offers a combination of advanced smart card level hardware security together with advanced software protection firmware with is also integrated with advanced anti-cracking algorithms and mechanisms.

Minimum Learning
SecureDongle SDK offers comprehensive but user friendly tools, utilities, tutorials and API samples where even a fresh developer can master it within days.

Minimum Investment
SecureDongle offer the most cost effective option in the industry, so why pay more!

SecureDongle Feature Highlights:-

• HID Driverless
  As HID driverless, SecureDongle requires no external device driver installation thus minimize common technical issue arise from device driver. No driver needed and as long as a USB thumb drive can work on the computer, so do SecureDongle!
• Smart Chip based
  Advanced EAL4+ and ITSEC certified microprocessor smart chip that enable algorithms execution on chip with built-in support for RSA, DES, 3DES security algorithms. Microprocessor smart chip prevent hardware cloning and duplication attack.
• Built-in RSA, DES and 3DES Encryption Algorithms
  Smart chip is preloaded with RSA/DES/3DES security algorithms which ready to provide powerful encryption/decryption perform on hardware. Developers can make use of those ready security algorithms to perform advanced challenge-response authentication in their SecureDongle software protection.
• Security Password
  Valid 2-level 64-bit password is required in order to gain access into SecureDongle. Developers can set and change their own security password which ensures higher privacy. Moreover, SecureDongle have built-in advanced password protection system that can prevent Brute-Force attack.
  
• Globally Unique Hardware ID
  32-bit pre-burnt and unchangeable globally unique hardware ID provides unique reference on each individual SecureDongle. Even us – the manufacturer do not have the privilege to change it.
  
• Module Zone
  Up to 64 secure protected Module Zones which facilitate unreadable memory and can also be used as the validity flags to protect up to 64 software modules, provides easy licensing management.
• Self Definable Security Algorithms
  Up to 128 self definable security algorithms that will be executed on-board when called by protected software which will then be authenticated using the popular Challenge Response Authentication to maximize the security level of the protection.
• Data Zone
  Up to 1,000 bytes data zone which developer can use it as an external memory for some selected variables or constants accessed by the protected software as an additional security measure.
  
• Onboard Seed Code and Random Number Generation
  Supports on-board proprietary Seed Code and true Random Number generation which developer can apply it into their protection to strengthen the security and to make the protection more complicated to crack.
• Software Enveloper
  Provide Envelop encryption program to encrypt executables with easy-to-use protection facility.
• Soft Timer
  Built-in with innovative soft timer that requires no battery but still support protection using expiry time or date.
• Remote Update
  Supports secure remote update for developer to amend the SecureDongle settings which enables secure software license update and upgrade.
• Secure Communication
  Built-in with advanced encryption/decryption on communication together with time gate between firmware and hardware to prevent debugging and emulator attacks.
• Multi Levels Access Right Management
  Supports multi level access right management to facilitate different access rights for the development team.

1. Combining API and Envelope
   Most Software License Protection Dongle will come with API (Application protocol interface such as DLLs and Object files), where there are various libraries files provided for software vendors to include protection function calls into their source codes. Envelope is whereby the software vendor can make use of the provided shell program to encrypt their application without the need to modify their source code. The best protection will be Envelope after completed the API protection, a combination of both. 
    
2. Updating Protection
   As the best protection now might no longer secure few years later, it is very important that the software vendors will keep updating their protection more often. The best practice is to change their protection strategy for different versions or product, do not use the same strategy once for all. 
    
3. Object vs DLL Links
   In order to gain higher security, a software vendor should link their applications to the Software License Protection Dongle’s objects instead of DLLs. This is because link by objects will be compiled and integrated as part of the protected application of which will make simulating attacks more difficult. 
    
4. Intelligent use of API Calls
   A smart protection should include multiple API calls with different security function calls from various program points. Protection with more various different API calls will definitely harder to trace than protection with few almost similar API calls. Try to make your API Calls more sophisticate. 
    
5. Dummy API Calls
   One simple ways to make your protection even harder to hack is to include some dummy API Calls, i.e. some API or security checks that will not have any legitimate reaction. Such method will be able to confuse hackers who will need to spend more effort on analyzing such dummy API calls that they will never know this is not the “real” one. 
6. Delay Reaction
   Most software vendors practice direct reaction in their implementation should the API calls found no dongle or invalid return, thus hackers are able to back trace the security checking points and then bypassing it. To make your protection even harder to back trace, perhaps you can delay some of your reactions to confuse the hackers, means if detected no dongle or invalid return then keep a validity flag in your program then at later program point only suspend the program. 
    
7. Manipulate Functionalities
   Many software vendors include standard response such as displaying error message and suspending program should there is no dongle found or invalid return. Another better ways to make hacking harder is to alter the program functionalities should the dongle not found, such as disable printing report features until a valid dongle is attached. Hacker might not realize there is security check point that restricted the program functionalities. 
    
8. Authenticate instead of compare
   Direct comparing value is just too easy to understand, should the dongle product chosen provide possible features to allow software vendors to perform certain authentication such as Checksum after performing predefine security algorithms, use it. Some dongle products provide more advanced security features such as onboard encryption, seed code or random code generation, onboard security algorithms, of which it will maximize protection if we utilize it in the right manner.

Source : http://www.securemetric.com/articles-d.php?id=4