SmartKey User Manual v11.
© Copyright 2007 Eutronsec Spa - Via Gandhi, 12 - 24048 Treviolo (BG) – Italy. All rights reserved. The names of the other products mentioned are trademarks of their respective owners.
Index 1 2 3 INTRODUCTION .................................................................................................................................................... 8 1.1 OBJECTIVES OF THE MANUAL ................................................................................................................................ 8 1.2 TO WHOM THE MANUAL IS ADDRESSED ................................................................................................................. 8 1.
7 8 SMARTKEY'S INTERNAL STRUCTURE ........................................................................................................ 22 7.1 ID-CODE REGISTER: THE PERSONAL CODE ........................................................................................................... 22 7.2 LABEL REGISTER: THE IDENTIFICATION AND ACCESS LABEL ............................................................................... 22 7.3 PASSWORD REGISTER: THE DATA ACCESS DONGLE............................
9.10 PROGRAMMING MODE .................................................................................................................................... 37 9.10.1 9.11 COMPARING MODE ......................................................................................................................................... 38 9.11.1 9.12 Parameter transfer....................................................................................................................................
11.1 OPEN MODE .................................................................................................................................................... 60 11.2 ACCESS MODE ................................................................................................................................................ 60 11.3 USER NUMBER MODE ...................................................................................................................................... 61 11.
16.3 RESET DEFAULT PANEL .................................................................................................................................. 79 16.4 MAP PANEL .................................................................................................................................................... 80 16.5 SCRAMBLING PANEL ....................................................................................................................................... 81 16.
1 Introduction 1.1 Objectives of the manual The purpose of this manual is to provide a full overview of SmartKey's application environments and of the product's operational potential in general. This manual deals with the following subjects: • the importance of protecting software. • SmartKey's use methods for manual protection. • the use methods for automatic protection: this manual deals exhaustively with the techniques and instruments for automatic protection of software and data.
2 Why should I protect software? Illegal duplication of programs is a very widespread practice: it is very simple, cheap and does not require complex, costly equipment. The methods used to prevent or at least, make copying difficult, have not proved effective, as they could be overcome in a few months or even a few days. SmartKey approaches the problem in a different way: copying is not prevented, but use of the program by an unauthorized person. 2.
• Hard disk loading: unlawful installation on the hard-disk of personal computers, often as an incentive for endusers to buy hardware from a particular hardware dealer. • Hire: sale of unauthorized software for temporary use, as if one were hiring a video-cassette. There are also different types of IT pirates: 2.4 • Resellers selling hardware with illegally preinstalled software. • Companies using unauthorized copies of software for internal use.
3 Introducing SmartKey Just imagine being able to limit the execution of any PC program, so that you can decide on which and how many computers your software can be executed. SmartKey is a software protection dongle, i.e. a hardware device that performs this very function, with the aim of preventing illegal diffusion of the software.
Operating system Support Utilities Automatic Parallel protection SmartKey SmartKey SmartKey USB USB DL (Driver Less) Windows i386 Yes Yes Yes Yes Yes Windows x64 Yes No Yes Yes Yes Linux i386 No No Yes Yes Yes Mac OS X Intel/PowerPC No No No Yes Yes Table 1 Software available 3.1 Who needs SmartKey? SmartKey is mainly aimed at software houses, because they need to protect their software against diffusion and illegal copies.
• Protection of executable programs: the Global Security System (GSS) technology makes it possible to protect programs in executable format even without provision of source codes. • Interfacing with software: SmartKey can be used with leading development environments and operating systems, including DOS, Windows 3.1, Windows98, Windows ME, Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista, Linux, Mac OS X, Novell, and AutoCAD.
As concerns GSS, this program does not just protect your other programs, but encrypts the software, using the values of the registers stored in SmartKey as a coding dongle. When the program protected by GSS is commanded into execution mode, it instantly decodes itself using the registers in SmartKey. Without SmartKey, the program will never be decoded. 3.
4 SmartKey models The software protection requirements include both simple programs for low-cost packages and costly sophisticated programs requiring maximum security and flexibility. There's a cost-effective SmartKey model for every situation. All models have been implemented to ensure high-to-low compatibility: if a program operates with a SmartKey, it will surely also operate with a more complex one. For example, a program written for SmartKey FX will operate with all other SmartKeys.
SmartKey EP 's second special characteristic is the option for freezing passwords and data after they are programmed: This means one can irreversibly fix the codes and data programmed in the dongle by the software-house. Any subsequent manipulation of the dongle for fraudulent purposes is prevented, e.g. to modify one's access rights to databanks or the operational limits of the supplied software.
• Counter of fraudulent access attempts (Fail Counter) • Freezing of programmed data. • User-programmable Security algorithms • Protection of programs on a local network by means of just one protection dongle. • The number of users simultaneously enabled to use the protected program and the number of its executions is all programmable. 4.6 A comparison of SmartKey models If we compare SmartKey to a safe, this will help us to better understand the difference between the various SmartKeys.
In this connection, it is well to remember that protecting software entails problems and decisions similar to those of theft insurance policies (" For what sum should I insure?", "What additional guarantees should I include in the insurance package?", "What is the probability of theft?"). Here are some general considerations providing pointers to choosing an appropriate SmartKey model. SmartKey FX is simple, rapidly implemented, and low-cost.
5 Protecting a program with SmartKey To protect a program with SmartKey, you have to implement execution control, i.e. modify the program so that its execution depends on the presence of a dongle to protect the software. SmartKey has two methods for implementing protection: 5.
The GSS version is available for Windows only, and, therefore, only Windows programs can be automatically protected. 5.3 Should I use manual or automatic protection? Before you begin the software protection operation, you must define the technique to be used.
6 Protection in a local network When several computers are connected in a local network, the network software can be protected in one of the following ways: • Fit a standalone protective dongle (FX, PR, EP, SP, XM) on each of the computers enabled to execute the program. In this case, there is no need for any modification of the software, which is already protected for the standalone mode. • Fit only one NET type protective dongle with the relevant SmartKey server software.
7 SmartKey's internal structure The structure of SmartKey dongles entails the use of some internal registers, each with a particular protection function: 7.1 • Id-Code register • Label register (16 bytes) • Password register (16 bytes) • Secure Data register (64 / 128 / 416 / 896 / 8192 bytes) • Fail Counter register (2 bytes) Id-Code register: the personal code Id-Code is a register programmed in the factory as each dongle is tested, and cannot be modified any more.
The Password can also be re-programmed, even if you do not know the previous one. In this case, however, the contents of the data memory (Secure Data) are automatically reset. 7.4 Secure Data register: the data of the non-volatile memory The Secure Data register is a non-volatile memory inside the dongle, which can be accessed only if you know the Password. If you control the contents of the register, you are shown if an attempted 'break-in' is concerned, or lawful installation of the software.
8 Automatic protection The Global Security System (GSS) program protects the program automatically without having to write any code lines and without having the program's source files. Starting from the program's executable file, GSS generates a protected program. The protected program obtained in this way has the same functions as the original one, but can operate solely with the SmartKey for which it was generated, and with the SmartKeys with the same configuration as the generated program.
• Optional encryption of data files associated with the protected programs • Protection based on Label, Password and Memory • Periodic control of SmartKey presence • Selection of the message to be displayed 8.2 Protection of Windows platforms with GSS Global Security System can protect all executable files created for the following platforms: Windows 9x, Windows ME, Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista and later programs.
In the case of Windows-based programs, cryptography makes it possible to avoid exporting and unlawful copying of one's resources. This is necessary, because there are many Windows-based programs that allow extraction of their resources (icons, cursors, dialogues, menus, bitmaps, toolbars, etc.) and also the copying and reuse of such resources. 8.3.4 Parameter-based protection SmartKey users can use a protection based on a multiplicity of parameters in addition to that offered by cryptography.
• The path of the protected file (DESTINATION_DIR) to be produced by GSSLINE, must differ from the path where the original file (EXE_FILE|DATA_FILE) is located. • Clearly indicate the extension of each file (.CFG and .EXE). 8.4 Rapid implementation of the program's protection In this chapter, we have up to now deal, in detail, with automatic protection of software. We shall now describe a set of key steps for rapidly implementing your program's application.
9 Manual protection Manual protection is based on the use of the functions of the library of the development kit supplied by Eutronsec. The functions for SmartKey or API are implemented both as static libraries and as dynamic libraries (DLL, in the case of Windows). From a functional point of view, there is no difference between the two types of library. The dynamic libraries offer a lower degree of security because an expert hacker could understand when the protected program uses the dynamic library.
Use of each field can vary according to the executed command, but is generally as follows. lpt Parallel or USB port identifier where the SmartKey dongle is located command Code of the command to be executed label The SmartKey's LABEL: The label is necessary for all commands. password The SmartKey's PASSWORD.
Output LABEL Label LPT Port STATUS Status ==0 SmartKey dongle found !=0 SmartKey dongle not found Table 7 Parameters for the LOCATING MODE command 9.2.1 Parameter transfer Parameters to be transferred to execute a LOCATING operation, including search on all parallel and USB ports, for a dongle with a Label named "SMARTKEY".
LPT 01 00 Port COMMAND 53 00 Scrambling ("S") LABEL 53 4D 41 52 54 4B 45 59 Label ("SMARTKEY") 00 00 00 00 00 00 00 00 DATA XX XX XX XX XX XX XX XX Data to be scrambled (8 bytes) Table 10 Exchange of information for the SCRAMBLING command At the end of the operation, the first 8 bytes of the Data field are replaced by the Scrambled Data that depend on both the sent Original Data and on the dongle's Id-Code. In this case, the LPT field must be initialized according to the port concerned.
PASSWORD 45 55 54 52 4F 4E 00 00 Password ("EUTRON") 00 00 00 00 00 00 00 00 Table 12 Exchange of information for the READING MODE command If the dongle found on the indicated port, with correct Label and Password values, the Data field will count the first 64 bytes of the read Secure Data, and in the case of dongles SP, XM and NET , the ExpData field will count the remaining 352 bytes. 9.5 Writing mode If the Password is known, the Secure Data can be written in the same way specified for reading.
9.6 Block Reading mode The BLOCK READING mode enables reading portions of the Secure Data, for example, one, two or a few words rather than the entire field. This saves a few fractions of a second compared to full reading with the READING MODE. The BLOCK_READING command is the only reading command which gives access to all the dongle memory.
Output LPT Port LABEL Label PASSWORD Password DATA[0,1] Pointer at the first word to be written (from 0 to 31 for models with 64 bytes of memory, from 0 to 63 for 128 bytes, from 0 to 207 for 416 bytes, from 0 to 447 for 896 bytes) (2 bytes) DATA[2,3] Number of words to be written (from 1 to 16) (2 bytes) DATA[4,…] Values to be written in the area indicated by the two previous parameters (2 - 32 bytes) STATUS Status ==0 Success !=0 Error Table 17 BLOCK WRITING MODE command parameters If the P
The exchange of information is organized like this: Models EP, SP, XM, NET Input COMMAND ‘F’ LPT Port LABEL Label PASSWORD Password DATA Data contained in the dongle EXP_DATA Extended data contained in the dongle (for models SP, XM and NET only). STATUS Status Output ==0 Success !=0 Error Table 19 FIXING MODE command parameters Memory fixing is executed only if the sent parameters - Label, Password and Secure Data - coincide with the contents of the respective registers. 9.8.
Contrary to the SCRAMBLING mode, the algorithm is programmed in the dongle with SmartKey's ENCRYPTING function and occupies the Expanded Secure Data register, in reverse order, starting from the last byte of the field. The ENCRYPTING mode is certainly the most versatile and secure function of the SmartKey dongles. However, this is also the most complex function calling for a good knowledge of logical operators.
Right Rotate Rotate to the right > NOT Logical negation ~ AND Logical product & OR Logical sum | XOR Exclusive logical sum ^ Add Module 256 sum + Move Shift M Assign Assignment A End End of processing E Table 23 Table of logical operators The operands on which the operators can act are each of the 8 bytes of the Original Data and two temporary variables named X and Y.
The PROGRAMMING facility allows you to set up your own program dedicated to preconfiguring the dongles, usually connected to a database, in order to associated the content of each dongle with a customers and/or products list. To program new Labels and Passwords, you do not have to know the previous Password (whereas you must know the current Label), because the operation automatically resets the set Secure Data field (it is filled with 00 hex).
This is the simplest mechanism for using the stand-alone programmable SmartKeys dongles, i.e. models PR, EP, SP and XM. It enables automatic verification, on all the system's ports, of the presence of a protection dongle with Label, Password and Secure Data assigned, to find out if the dongle is present and on which door. COMPARING mode is therefore an extension of the LOCATING MODE, valid for programmable dongles only.
Models ALL Input COMMAND ‘M’ LPT Port LABEL Label DATA[0] SmartKey model Output = '1', FX = '2', PR = '3', EP = '9', SP = 'A', NET = 'D', XM DATA[1] Memory available on the dongle = '0', 0 bytes = '1', 64 bytes = '2', 128 bytes = '3', 416 bytes = '4', 896 bytes = '8', 8192 bytes STATUS Status ==0 Success !=0 Error Table 29 MODEL READING MODE command parameters 9.12.
STATUS Status ==0 Success !=0 Error Table 31 SERIAL NUMBER READING MODE command parameters 9.14 Ext model reading mode This command reads the extended information on the SmartKey dongle.
Models EP, SP, XM, NET Input COMMAND ‘X’ LPT Port LABEL Label PASSWORD Password DATA[0] = 1, SmartKey Fixed Output = 0, SmartKey not Fixed STATUS Status ==0 Success !=0 Error Table 33 FIX READING MODE command parameters 9.16 Fail counter reading mode Reads the value of the Fail Counter register. This is the same value obtained with the READING_MODE command. With this command, you can obtain the register's value without reading all the memory.
• the cryptography utilization allows only at the application to correctly interpret the serial number • the application can verify the serial exactness by setting beforehand part of this number equal to a fixed value. Example: having a 16 byte serial, 8 of these 16 bytes can be set to '0' for all the serial numbers. If these 8 bytes are equal to '0' after the decryption, the application is sure that the answer received from the key is really valid.
Output DATA[16] AES Key to use. The first key has index 0. The last key has index 19. DATA[0-15] Protocol result. Table 36 AES SCRAMBLE MODE command parameters 9.20 Errors After a command, in the status entry in the communication may assume one of the following values: Nome Valore Descrizione ST_OK 0 Operation completed with success. ST_NONE_KEY -1 Device not found. This error is due by: ST_SYNT_ERR -2 • SmartKey not correctly inserted in the Parallel or USB port.
10 Program protection techniques and examples By using the SmartKey protection dongles, you have put in place a powerful deterrent against attempts to abusively duplicate software. However, remember that a principle typical of all security systems applies to the software protection battle too.
Example Let's suppose that you have identified three important points of the execution, where you wish to control presence of SmartKey: start of program, the saving function and the print function. Moreover, you want control to be performed on a monthly basis, to obtain 12 different time inputs. Lastly, you want 100 different random controls. Therefore, this table is necessary: 3 x 12 x 100 = 3600 couples. 10.1.
Abort(); All accesses to the KeyPresent variable must be executed on different levels of the function calls. 10.1.7 Encrypt the required data with the Scrambling operation Some values required for correct execution of your operation can be encrypted with the Scrambling operation. The Scrambling operation is only a one-way function. Nevertheless, it can be used for encrypting data by using the XOR operator. You just have to select an initialization value, saved in your program, as an input of Scrambling.
• Names of data files, DLL. • Names of functions called on the other DLLs. 10.3 Examples of implementation This chapter contains some examples of C implementation of the guidelines we have described. Furthermore, they can be found in the archive: SmartKeyProtectionGuidelinesExample.zip. In all the examples, we suppose that you are working with a SmartKey Demo with Label “SMARTKEY” and Password “EUTRON” as default. 10.3.1 Example 1 – Basic Use This example shows the basic use of SmartKey.
unsigned char scrambling_out[SCRAMBLE_LENGTH] = { 0x98, 0xab, 0x22, 0x24, 0xbb, 0xe6, 0x61, 0x8f }; int main() { KEY_NET k; /* Scrambling */ k.net_command = NET_KEY_ACCESS; k.command = SCRAMBLING_MODE; memcpy(k.data,scrambling_in,SCRAMBLE_LENGTH); smartlink(&k); if (k.status != ST_OK) { printf("Error in SCRAMBLING_MODE\n"); exit(EXIT_FAILURE); } if (memcmp(k.data,scrambling_out,SCRAMBLE_LENGTH)!=0) { printf("Wrong SCRAMBLING\n"); exit(EXIT_FAILURE); } printf("Scramble ok\n"); } 10.3.
/* Preventive use of the functions to prevent collateral effects through optimisation of the compiler.*/ my_func(1,1); my_func_end(); /* Compute the function size */ size = (char*)my_func_end - (char*)my_func; printf("Function size %d\n", size); if (size > DATA_LENGTH + EXTENDED_DATA_LENGTH) { printf("Function size %d too big\n", size); exit(EXIT_FAILURE); } /* Copy of function on the dongle*/ if (size > DATA_LENGTH) { memcpy(k.data,((char*)my_func),DATA_LENGTH); memcpy(k.
/* Read the function */ k.net_command = NET_KEY_ACCESS; k.command = READING_MODE; smartlink(&k); if (k.status != ST_OK) { printf("Error in READING_MODE\n"); exit(EXIT_FAILURE); } /* Copy data in buffer */ memcpy(my_func_data,k.data,DATA_LENGTH); memcpy(my_func_data + DATA_LENGTH,k.ext_data,EXTENDED_DATA_LENGTH); /* If the function pointer */ my_func_ptr = (my_func_t*)my_func_data; /* Calls function */ result = my_func_ptr(2,3); if (result != 6) { printf("Error in function result\n"); exit(EXIT_FAILURE); } p
printf("DLL checksum %08X\n",checksum); if (checksum != 0x007ffcf1) { printf("Error invalid checksum\n"); exit(EXIT_FAILURE); } return EXIT_SUCCESS; } 10.3.5 Example 6 – Hiding Label and Password information This example shows how to hide the Label and Password information, by using a simple masking algorithm. This algorithm must be used to prevent the possibility of discovering the Label and Password from the executable file, thus frustrating all SmartKey's protections. #include "skeylink.
return EXIT_SUCCESS; } 10.3.6 Example 7 – Scrambling confidential data This example shows how to hide confidential data with the Scrambling operation. In the example the pi value is stored as follows: #include "skeylink.h" #include #include #include #include
#include #include #include #define SCRAMBLE_MAX 1024 void scramble_in(unsigned char* dst, unsigned src) { unsigned i; for(i=0;i> i) * (i + 0x13)) ^ 0x3e; } int main() { KEY_NET k; unsigned i; FILE* f; srand(time(0)); f = fopen("table.h","wt"); if (!f) { printf("Error opening the file table.h\n"); exit(EXIT_FAILURE); } fprintf(f,"void scramble_in(unsigned char* dst, unsigned src) {\n"); fprintf(f,"\tunsigned i;\n"); fprintf(f,"\tfo
/* Close */ k.net_command = NET_KEY_CLOSE; smartlink(&k); if (k.status != ST_OK) { printf("Error in NET_KEY_CLOSE\n"); exit(EXIT_FAILURE); } return EXIT_SUCCESS; } Using the Scrambling table This example uses the generated file to control the presence of the SmartKey dongle. #include "skeylink.h" #include #include #include #include #include "table.
printf("Wrong SCRAMBLING\n"); exit(EXIT_FAILURE); } printf("Scramble ok\n"); /* Close */ k.net_command = NET_KEY_CLOSE; smartlink(&k); if (k.status != ST_OK) { printf("Error in NET_KEY_CLOSE\n"); exit(EXIT_FAILURE); } return EXIT_SUCCESS; } The “table.h” generated file This is the table.
0x57, 0x4b, 0x21, 0x94, 0x82, 0x38, 0x68, 0xf8, 0xf8, 0x54, 0x38, 0xa1, 0x6d, 0x05, 0x70, 0x39, }; int main() { SKEY_DATA key; printf("SmartKey AES example\n"); memset(&key, 0, sizeof(key)); strncpy(key.label, "SMARTKEY", LABEL_LENGTH); key.command = LOCATING_MODE; msclink(&key); if (key.status != 0) { MessageBox(NULL, "SmartKey not found", "Error", MB_ICONERROR | MB_SYSTEMMODAL); exit(1); } key.command = EXT_MODEL_READING_MODE; msclink(&key); if (key.
#include #include #include
key.data[16] = key_index; key.command = AES_SCRAMBLE_MODE; msclink(&key); if (key.status != 0) { MessageBox(NULL, "Error using the AES key", "Error", MB_ICONERROR | MB_SYSTEMMODAL); exit(1); } aes_set_key(aes, aeskey + key_index*16, 16); aes_decrypt(aes, key.
11 Manual protection in a network SmartKey NET supports the standard commands of the SP model and a set of commands slaved to the network: OPEN, ACCESS, CLOSE and USER NUMBER. All the functions explained in the following paragraphs were used in the Windows program smartdem.c, which is located in directory Sdk\Manual_Protection\Client_Windows_Libraries_And_Examples\GenericWin32Dll e Sdk\Manual_Protection\Client_Windows_Libraries_And_Examples\GenericWin32Obj. The program can be compiled with any C compiler.
… Output … STATUS Status ==0 Success !=0 Error Table 38 Exchange of information for ACCESS MODE Apart from this, the same methods - already analyzed for manual protection with a standalone program - apply. 11.3 User number mode This command is used to obtain the number of users connected to the dongle specified in the Label field. This command works only if a net protocol is used and not with the LOCAL protocol. If used with the LOCAL protocol the error –2 (SYNT_ERR) is returned.
function is completely transparent to user and developer alike, and is managed by the dongle's software drivers. There is therefore no need to carry out periodic dongle access operations to ensure timeout is refreshed. 11.6 Errors In addition of the errors returned with the Standalone driver, the status entry may assume one of the following values: Nome Valore Descrizione ST_NET_ERROR -5 Generic error on the Lan communication. ST_USER_ERROR -8 Maximum number of user and license reached.
12 Protecting several programs with SmartKey In the Lan environment, you can use a single SmartKey NET to protect several software programs. The technology used is named Map – Multi Application Protection and enables you to: • Protect more than one program in a standalone or network environment. For local networks, a different number of enabled licenses can be defined for each protected program. • Limit the number of executions of each of the protected programs.
• First program: 23 licenses, unlimited executions. • Second program: 4 licenses, 4000 executions. • Third program: 12 licenses, 100 executions.
= 1, IPX = 2, ANP = 3, TCPIP STATUS Status ==0 Success !=0 Error Table 44 Exchange of information for OPEN MODE with Map In the first byte of the Data field is reported the type of the protocol used in the connection. If you want to prevent the use of the Local protocol, you can check this byte. Generally this is useful to force the use of the SmartKey server for license management.
13 Installing SmartKey The installation of the SmartKey drivers is executed by application SmartKey Driver Installer (SDI). SDI makes it possible to install and uninstall all the drivers needed for correct operation of SmartKey: the drivers for SmartKey Parallel, those for SmartKey USB and those for Global Security System (GSS), the automatic protection program. Note that if you are using a SmartKey USB DL (Driver Less) no driver installation is required.
Figure 3 Pop-up log and error number of operating system Normally, only the Install and Uninstall functions need be used. The Eliminate function must be used only if problems occur in executing other functions. The Eliminate function removes all reference to the system's SmartKey drivers, thus making it possible to recover all the error conditions that may occur during installation of a driver. When using Eliminate, the system must always be rebooted. 13.
To create installation and uninstallation scripts, we strongly urge you not to use functions SkeyForceUnInstallUSB, SkeyForceUnInstallPar and SkeyForceUnInstallGSS2. These functions were implemented only for solving abnormal situations, and not for normal use. We advise you to use the SkeyLogFile function, because, thanks to the log file, one can understand where the installation script or program is inhibited.
• using the root privileges, start the skinstall program located in the directory that was just created. The program copies the module in the current directory and configures the system so that the module is downloaded to the memory when SmartKey is used for the first time. To uninstall the driver, you must start the skuninstall program, as ever with the root privileges.
14 Installing SmartKey on a network SmartKey NET can be used with any type of local network, thanks to the supplied support software. In particular, the software is designed for two different types of network: • Network: Novell Netware 3.x, 4.x, 5.x, 6.x. In this case SmartKey NET is located on the server of the network on which the appropriate SmartKey NLM (Novell Loadable Module) driver must be loaded. • Non Novell Netware.
• Install and correctly configure both the sever and the SmartKey clients for using the TCPIP protocol, specifying the SmartKey server's address and the TCPIP port to be used. If possible, it is always best to use the TCPIP protocol in preference to the other protocols. 14.2 IPX protocol The IPX protocol can only be used on Novell networks and, for this protocol, the SmartKey server must also be the network server. No special operations are necessary for using the protocol.
14.5 Installation of Novell server with IPX protocol The IPX server for Novell can be used on a Novell Netware network 3.x/4.x/5.x/6.x. This is the installation procedure: • Connect the SmartKey NET dongle on any parallel port of the network server. • Carry out a login operation as a SUPERVISOR user from any client computer of the network. If, for security reason, you do not have the password to access as a SUPERVISOR user, contact your network administrator and ask him to install the software.
COPY A:\NSKTCPIP.NLM X:\SYSTEM From the server console, edit file AUTOEXEC.NCF with the following command LOAD EDIT AUTOEXEC.NCF or through system utility LOAD INSTALL Add the NLM module loading instruction at the bottom of the file: LOAD NSKTCPIP –p: and save the modifications by exiting the editor. In this way, the NLM module will be automatically loaded in the memory whenever the server is powered up. On the string, replace the number of the TCPIP port to be used. Make sure that the NSPDNS.
15 SmartKey Configuration Central (SCC) SmartKey Configuration Central (SCC) is a program with a graphic interface that facilitates configuring the server where SmartKey NET is located, and the client where the program to be protected is located. SCC operates in the Windows environment and enables configuration of client and server on networks with ANP, TCPIP and IPX protocols for the Novell network. 15.
Figura 5 SmartKey Configuration Central: server configuration Figure Figura 5 shows the SCC panels used for the configuration of the Smartkey server. To configure the service version set the protocol you want to use and press Apply. The Smartkey service will be automatically installed and started. The service will also start automatically at each system reboot. For the Executable version set the protocol you want to use and press Apply. Then press Start to run the Executable Server.
Figure 6 SmartKey Configuration Central: client mode The Multilan Client window provides the following options: • Program type: enables selection of the type of program to be protected: Windows, Windows 3.1 (16 bits) and DOS (16 bits). • Use Local protocol…: if enabled, it always searches the SmartKey in local protocol even if this protocol is not explicitly input. • Display a message…: if enabled, it shows - in a window - all the errors occurring during communication with the SmartKey.
Figure 8 Panel for configuring the ANP protocol Figure 9 Panel for configuring the TCPIP protocol 77
16 SmartKey Programming Central (SPC) SmartKey Programming Central (SPC) can program SmartKey, i.e. input the data that determine the SmartKey's configuration. The number of fields to be set varies according to the SmartKey model. SPC makes it possible also to read the SmartKey configuration, modify it, save it on a file, restore it from a file and, lastly, to write it on the SmartKey. The SPC window has two parts, as shown in Figure 10.
• Memory: the size of SmartKey 's programmable memory • Serial (dec): serial number in decimal format • Serial (Hex): serial number in hexadecimal format • Fail counter: the number of times that somebody has input either the incorrect label or the incorrect password. • Fix: indicates if the configuration can be modified • o Fixed: cannot be modified o Not Fixed: can be modified Scrambling: shows an example of scrambling: In is the input value and Out is the output value.
Figure 12 Reset Default panel of SmartKey 16.4 Map panel The Map panel is used to associate, with each program, the number of possible executions and licenses. Figure 13 shows an example of a Map panel used for the configuration of a NET type SmartKey. The panel has a table with three columns: • Program No., the program's identification number, • No. of executions; maximum number of executions • No. of licenses, maximum number of licenses, i.e.
• After dealing with all the programs, press the Write push-button to write the configuration values on SmartKey. Figure 13 Map panel of a NET type USB SmartKey The data required for configuring with Map are input in the SmartKey memory and, therefore, the number of programs that can be protected depends on memory capacity. Two bytes are required to enable the Map service, and three bytes for each program to be protected.
Figure 14 Scrambling panel of a NET type USB SmartKey 16.6 Contents panel The Contents panel is used for reading and writing SmartKey's internal memory. The values can be displayed in decimal forma, by selecting the Dec key, or in ASCII format, by selecting the ASCII key, or in hexadecimal format, by selecting the Hex key. The values to be input should be written directly in the table in the middle. Each cell of the table corresponds to one of SmartKey's memory cells.
Figure 15 Contents panel of a NET type USB SmartKey ATTENTION: Access to the SmartKey memory is direct and without a filter. We advise you not to input data in the memory if you wish to use SmartKey to limit the number of multi-user licenses or the number of maximum executions of a program, because you would run the risk of writing over memory cells needed for these two types of service. 16.7 Fixing panel The Fixing panel makes SmartKey non-rewritable.
• Write: writes the selected configuration in the SmartKey. (In the case of figure 17 the configuration for client INFO is written). If the FIX value of the configuration is 1, the writing is irreversible (in case of error, SmartKey can no longer be used). If it is 0, the SmartKey values can be modified (writing irreversibility increases the degree of security). Figure 17 Programming panel of a NET type USB SmartKey Figure 18 shows the Client Data field.
Figure 18 Client Data panel The panel for writing the configuration 16.9 Diagnostic panel By using SPC, you can analyze SmartKey's entire memory, performing reading and writing cycles to diagnose if SmartKey is correctly installed and operating. Figure 19 shows the Diagnostics panel for a SmartKey NET. Three reading and writing cycles were selected on this panel. Reading and writing are selected with the Writing Test and Reading Test options. The number of cycles is set with Number of cycles.
Figure 19 Diagnostic panel. Panel for diagnosing the SmartKey 16.10 Report panel The Report panel is used for running tests on SmartKey's drivers, the devices, the system and SmartKey itself, and it generates a report file. The report file - a normal text file - can then be sent to the Eutronsec's customer servicing department (helpdesk@eutronsec.it) to obtain a detailed explanation about the causes of the problem and information on how to solve it.
Figure 20 Report panel. The panel generates report files.
17 Technical specifications 17.1 Warnings • Fit SmartKey Parallel between the PC and the printer when both are OFF. • SmartKey is sensitive to electrostatic charges. Do not touch the pins of the SmartKey connectors. • Do not expose SmartKey to high temperatures or high temperature ranges. • Any electrical faults on the computer or on its peripheral units, may irreversibly damage SmartKey.
Interconnection: USB 2.
