cloud security - license and identity protection

Cloud Security Act One, Charismathics and Wibu-Systems

Oliver Winzenried

CEO

[email protected]

Cloud Security Act OneCloud Security Act One

License Protection & Identity ProtectionLicense Protection & Identity Protection

Joint Webinar of charismathics & Wibu-SystemsJoint Webinar of charismathics & Wibu-Systems


WIBU-SYSTEMS in short


1989...2013: 20+ years in business

WIBU-SYSTEMS AG Founded in 1989 By Oliver Winzenried and Marcellus Buchheit Headquarters in Germany (Karlsruhe) Focus on Protection, Licensing and Security Technological leader with int’l patents ISO 9001:2008 certified

WIBU-SYSTEMS worldwide Subsidiaries in Seattle, USA – Shanghai and

Beijing, China – France – Belgium – Netherlands – Portugal – Spain – UK – Ireland

Exclusive distribution partners in Russia – Japan – Korea and many more

100 employees worldwide Top 2 vendor in hardware based protection


Solutions

Technology(CmDongle /

CmActLicenses)

Software Integration

Backoffice Integration

Ax-/IxProtectorCodeMeter API

CodeMeterLicense Central

Dongles:CmDongle (USB, SD,

CF, µSD, …)

Soft licenses:CodeMeter SmartBind®

Flex License Models:Single user, demo,

floating, subscription, …

Development Tools

EmbeddedDevice


The solution: CodeMeter Technology

CF-CardCmCard/CF

SD-CardCmCard/SD

USBCmStick/C Basic

µSD-CardCmCard/µSD

USBCmStick

InternCmCard/I

Express-CardCmCard/E

ActivationCmActLicense

PC-CardCmCard

ChipCmASIC


Thousands of Customers, Millions of Dongles


Oliver Winzenried

CEO

[email protected]

Cloud SecurityCloud Security

Licensing and IP Protection in the CloudLicensing and IP Protection in the Cloud


Which security requires the Cloud?

SaaS / PaaS:Software as a Service / Platform as a Service ISV hosts software, user defined business logic

Protection Requirements Authentication, user management, encryption of data Protection of business logic at PaaS

IaaS: Infrastructure as a Service Software running in the “Cloud” by user

Protection Requirements Control software use, pay-per-use, modular licenses IP and copy protection of software


What does Wibu-Systems offer for the Cloud?

CmWAN License from the Cloud (no dongle, no activation) Software in the Cloud with local license at user side

Data Encryption CodeMeter API or SmartShelter SDL

CodeMeter License Central License creation, administration and deployment

Authentication using certificates CSSI middleware uses CmDongles as Tokens


CmWAN: License from the Cloud



CodeMeter license = CmContainer can be a … CmDongle with many different interfaces CmActLicense bound to the target system License from the cloud using CmWAN

License in the Cloud, Software in the Cloud Use protected software with license from the cloud Run software in the cloud accessing a cloud license Run software in the cloud using a license at user side Standard CodeMeter integration in protected software


License locally at User, Software in the Cloud

Client Computer

Protected Application in the Cloud

Client

Loc


Data Encryption

Data Protection using CodeMeter API or SmartShelter SDL


Data Encryption: CmAPI or SmartShelter SDL

Using CodeMeter API Highest flexibility, individual implementation Symmetric encryption Asymmetric signatures

Using SmartShelter SDL in own app Easy use with AxProtector Reliable solution thanks to knowledge

of own application

Using SmartShelter SDL with third party SW Best use with “read-only” applications


Data Encryption with CodeMeter API

Using CodeMeter API in application Highest flexibility, individual implementation Symmetric encryption Asymmetric signatures But: Implementation effort

cmCrypt.cmBaseCrypt.mflCtrl |= CM_CRYPT_AES;cmCrypt.cmBaseCrypt.mulEncryptionCodeOptions |= CM_CRYPT_ETCHECK;memcpy(cmCrypt.mabInitKey, initkey, CM_BLOCK_SIZE);memcpy(cmCrypt.mabDirectAesKey, DirectAesKey, CM_BLOCK_SIZE);cbDest = 16;res = CmCrypt2(hcmse, CM_CRYPT_DIRECT_ENC, &cmCrypt, pbDest, cbDest);if(0 != res){/* The number of en-/decrypted bytes was returned. */}


CodeMeter License Central

Create, Administrate and Deploy Licenses


License Central as hosted cloud solution

Ticket /Fingerprint

4

Use

r

ISV

Ticket3

License5

Ticket

2

SKU1

Online Activation Server



Reduce costs and time to market Fast integration into business processes Automation of license deployment Supports CmDongles and CmActLicenses

Hosting in Wibu Cloud: Managed server, OS updates and patches License Central configuration, updates, customizing Internet connection and high availability High security due to setup with multiple firewalls Daily database backup



Cloud

AS

WSi

Your Server /VMware image

ERP

CRM

DB FSB

Webdepot

Gateway

Connector eCommerce

CRM(Sales Force)

ActivationWizard

Browser

Connector

Webserverin DMZ

C

C

DB

CustomizedApplication

G

C

Wibu-Cloud


Authentication using certificates

Charismathics CSSI middleware uses CmDongles as Tokens


Authentication with certificates and CodeMeter

All-In-One: Token, Dongle and Memory Device CmDongle as Token using CSSI Middleware

Full implementation of Microsoft CSP and PKCS#11 Storage of private keys (16 X.509 certificates)


Certificates and CSSI Middleware

CSSI Middleware

PKCS #11 Microsoft CSP / KSP


Contact: www.charismathics.de:

Germany +49-89-30906700

USA +1-408-5736440 Contact: www.wibu.com:

Germany +49-721-931720

USA +1-425-7756900

cloud security - license and identity protection

Software

cloud license

cloud codemeter license

wibusystems wibusystems

wibusystems license

wibusystems cmwan

cloud client computer

cloud client loc

business wibusystems