1 / 8

There currently are five different types of Lock Cores.

There currently are five different types of Lock Cores. Pass key in to decrypt Use built-in key to decrypt Pass key in to do initial decrypt then use built-in key to do reencrypt Pass key in to do initial decrypt then use built-in key combined with local info to do reencrypt

neveah
Download Presentation

There currently are five different types of Lock Cores.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. There currently are five different types of Lock Cores. • Pass key in to decrypt • Use built-in key to decrypt • Pass key in to do initial decrypt then use built-in key to do reencrypt • Pass key in to do initial decrypt then use built-in key combined with local info to do reencrypt • Pass key in to do initial decrypt then use passed in key combined with local info to do reencrypt

  2. All lock cores provide the same basic service. That is to encrypt and decrypt your assemblies. However we have made and continue to make different types of lock cores to offer the flexibility developers need in the real world to provide a perfect fit with the requirements of your projects. Features beyond encryption include various ways to get the decrypt key to the lock core, conditioning decryption on rules such as the name or version of the application requesting decryption, and re-encryption of assemblies using information unique to a PC such as network card MAC address. Some of these combinations of lock core abilities allow you to implement licensing schemes that incorporate the assembly encryption mechanism.

  3. Pass key in to decrypt • This type of lock core requires that you encrypt your assembly before shipping with an encrypt key and then provide your own secure way to pass that key into the AssemblyLockbox loader at runtime to decrypt the assemblies. • How you get the key to the application at runtime is entirely up to you as the developer. You can encrypt the key and pass it over the Internet and then decrypt it again on the PC or you might encode the key into a hardware device like a smart card that passes the key to your application with just a swipe. • You shouldn’t hard code the key directly into your unprotected .Net code that calls the AssemblyLockbox loader, because that just makes it easier for a would be hacker to get at your code.

  4. Use built-in key to decrypt • This type of lock core incorporates a key inside the lock core dll itself. This key is scrambled in such a way as to make it much more difficult for someone to reverse engineer out of the compiled C++ code in the lock core. • Because the key is included in the lock core dll a key does not need to be passed into the lock core at run time. However it is recommended that you pass a key in anyway to help trick any would be hacker into thinking you are using a different kind of lock core than you really are. • The down side to this type of lock core is that a good hacker could figure out how to call the lock core dll directly from their own application and trick the lock core into decrypting the assembly and pass back the image. So this is best used in situations where this type of activity is of minimum concern.

  5. Pass key in to do initial decrypt then use built-in key to do reencrypt • This type of lock core is a combination of the first two types. It has the pros and cons of both types as well. You encrypt your assemblies with one key and then ship your software. At runtime you pass this key in to do a decrypt only one time. Then before the assembly is given to .Net it is reencrypted with the built-in key and resaved so that only the built-in key will decrypt the lox file. • The main purpose of this variant is to give the same level of protection as the normal built-in key lock core, but with the added ability to require the user to enter a license key or some other token one time to get the software to work.

  6. Pass key in to do initial decrypt then use built-in key combined with local info to do reencrypt • This variant works very much like the previous lock core type except that when the reencrypt is performed local information from the PC it is installed on will be included as part of the reencryption key. This effectively locks the software to that PC if the local info you choose is unique to that computer…such as a MAC address. • The main purpose of this variant is to give the same level of protection as the normal built-in key lock core, but with the added ability to require the user to enter a license key or some other token one time to get the software to work. And to lock the software to that PC once the reencryption has occurred.

  7. Pass key in to do initial decrypt then use passed in key combined with local info to do reencrypt • This lock core provides the most protection of the 5 types currently available. Like the previous lock core type this lock core reencrypts the assembly by combining local information with the key. Unlike the previous lock core type however this type reencrypts with the key that is passed in the first time. • In addition this type of lock core also provides the same ability to lock the software to a particular PC depending on the local information that is combined with the passed in key … such as a MAC address.

  8. Why different types? The idea behind different types of lock cores is very much like the reason different types of lock cores are made for hardware locks. The more combinations of lock mechanisms there are the less likely a crook will know how to bust into your lock. Ideally each lock core made by each AssemblyLockbox developer would be very different from all others. Decrypt Verifiers (see Decrypt Verifiers in help) provide a way to make this possible. In addition as time goes on and as we get feedback from the developer community on ways to make more types of base lock cores and decrypt verifiers the number of possible hurdles a hacker will have to jump through to get at your code will only increase. Ultimately any system of protection can be hacked. The name of the game is trying to stay ahead of the attackers. By using different mechanisms for protecting different pieces of code it prevents a hacker from getting a universal key that gives easy access to all of your software.

More Related