Software protection dongle
A software protection dongle (commonly known as a dongle or key) is an electronic copy protection and content protection device which, when attached to a computer or other electronic appliance, unlocks software functionality or decodes content. The hardware key is programmed with a product key or other cryptographic protection mechanism; it attaches via electrical connector to an external bus of the computer or appliance.
When used as a software protection device, dongles mostly appear as two-interface security tokens with transient data flow that does not interfere with other dongle functions and a pull communication that reads security data from the dongle. Without the dongle, the software may run only in a restricted mode, or not at all. When used as a device attached to a computer or TV or gaming console, dongles can enable functions that would not be present without it. For example, a dongle attached to a TV may receive an encoded video stream, decode it in the dongle, and then present this audio and video information to the TV.
In late 1970s/early 1980s, Wordcraft became the earliest program to use a software protection dongle. The dongle was passive using a 74LS165 8-bit shift register connected to one of the two tape cassette ports on the Commodore PET microcomputer. The tape cassette port supplied both power and bi-directional data I/O.
The requirements for security were identified by the author of the Wordcraft word processor, Pete Dowson, and his colleague Mike Lake. Through the network of PET users in the UK they made contact with Graham Heggie in Coventry and Graham's knowledge of electronics meant that they quickly arrived at the idea of a shift register connected to the tape cassette port. The shift register contained only 8 bits but with lines tied to ground or 5V at random it could provide a random number between 0 and 255 which was sufficient security for the software. Dowson wrote special self-modifying 6502 machine code to drive the port directly and to obfuscate the code when not in use.
The first device used a commercial potting box with black or blue epoxy resin. Wordcraft's distributor at the time, Dataview Ltd., then based in Colchester, UK, went on to produce dongles for other software developers. When Wordcraft International was formed in Derby, UK, responsibility for manufacture was transferred to Brian Edmundson who also produced the plastic moulding for the enclosure. One of the greatest regrets of Graham, Pete and Mike was that they did not patent the idea when they came up with it.
Versions of the Wordcraft dongle were later produced for Centronics parallel ports, 25 pin serial ports and 9 pin serial ports. Among the computers supported, before the arrival of the IBM PC, were Chuck Peddle's Sirius Systems Technology Victor 9000, the ACT Apricot Computers and the DEC Rainbow 100.
An early example of the term was in 1984, when early production Sinclair QLs were shipped with part of the QL firmware held on an external 16 KB ROM cartridge (infamously known as the "kludge" or "dongle"), until the QL was redesigned to increase the internal ROM capacity from 32 to 48 KB.
Dongles rapidly evolved into active devices that contained a serial transceiver (UART) and even a microprocessor to handle transactions with the host. Later versions adopted the USB interface in preference to the serial or parallel interface. The USB interface is gradually becoming dominant.
Efforts to introduce dongle copy-protection in the mainstream software market have met stiff resistance from users. Such copy-protection is more typically used with very expensive packages and vertical market software, such as CAD/CAM software, MICROS Systems hospitality and special retail software, Digital Audio Workstation applications, and some translation memory packages.
In cases such as prepress and printing software, the dongle is encoded with a specific, per-user license key, which enables particular features in the target application. This is a form of tightly controlled licensing, which allows the vendor to engage in vendor lock-in and charge more than it would otherwise for the product. An example is the way Kodak licenses Prinergy to customers: When a computer-to-plate output device is sold to a customer, Prinergy's own license cost is provided separately to the customer, and the base price contains little more than the required licenses to output work to the device. USB dongles are also a big part of Steinberg's audio production and editing systems, such as Cubase, Wavelab, Hypersonic, HALion, and others. The dongle used by Steinberg's products is also known as a Steinberg Key. The Steinberg Key can be purchased separately from its counterpart applications and generally comes bundled with the "Syncrosoft License Control Center" application, which is cross-platform compatible with both Mac OS X and Windows.
Some software developers use traditional USB flash drives as software license dongles that contain hardware serial numbers in conjunction with the stored device ID strings, which are generally not easily changed by an end-user. A developer can also use the dongle to store user settings or even a complete "portable" version of the application. Not all flash drives are suitable for this use, as not all manufacturers install unique serial numbers into their devices. Although such medium security may deter a casual hacker, the lack of a processor core in the dongle to authenticate data, perform encryption/decryption, and execute inaccessible binary code makes such a passive dongle inappropriate for all but the lowest-priced software. A simpler and even less secure option is to use unpartitioned or unallocated storage in the dongle to store license data. Common USB flash drives are relatively inexpensive compared to dedicated security dongle devices, but reading and storing data in a flash drive are easy to intercept, alter, and bypass.
There are potential weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. It requires considerable cunning to make this hard to crack. For example, a simple implementation might define a function to check for the dongle's presence, returning "true" or "false" accordingly, but the dongle requirement can be easily circumvented by modifying the software to always answer "true".
Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — essential parts of the software may actually be stored and executed on the dongle. Thus dongles have become secure cryptoprocessors that execute program instructions that may be input to the cryptoprocessor only in encrypted form. The original secure cryptoprocessor was designed for copy protection of personal computer software (see US Patent 4,168,396, Sept 18, 1979) to provide more security than dongles could then provide. See also bus encryption.
In cracked versions of a program, the code to check for a dongle is often deleted or circumvented. As a result, the cracked version may be easier to use and thus may be preferable to the original.
Hardware cloning, where the dongle is emulated by a device driver, is also a threat to traditional dongles. To thwart this, some dongle vendors adopted smart card product, which is widely used in extremely rigid security requirement environments such as military and banking, in their dongle products.
Dongle drivers bring problems for end-users. Most developers and software vendors want to get rid of the dongle driver headache. There are some driverless dongles on the market, which make the protection easy for both software vendors and end-users. Most of driverless dongles are based-on HID technology, which works like a mouse or keyboard.
A more innovative modern dongle is designed with a code porting process which transfers encrypted parts of the software vendor's program code or license enforcement into a secure hardware environment (such as in a smart card OS, mentioned above). An ISV can port thousands of lines of important computer program code into the dongle.
Some unlicensed titles for game consoles (such as Super 3D Noah's Ark or Little Red Hood) used dongles to connect to officially licensed ROM cartridges, in order to circumvent the authentication chip embedded in the console.
Some cheat code devices, such as the GameShark and Action Replay use a dongle. Typically it attaches to the memory card slot of the system, with the disc based software refusing to work if the dongle is not detected. The dongle is also used for holding settings and storage of new codes, added either by the user or through official updates, because the disc, being read only, cannot store them. Some dongles will also double as normal memory cards.
- Digital rights management
- Hardware restrictions
- License manager
- Lock-out chip
- Product activation
- Security token
- Trusted client
- Amos, S. W.; Amos, Roger S. (2002). Newnes Dictionary of Electronics (4th ed.). Newnes Press. p. 152. ISBN 0750643315. OCLC 144646016. Retrieved 4 July 2013.
- Stobbs, Gregory A. (2012). Software Patents (Third ed.). Wolters Kluwer. p. 2-90. ISBN 9781454811978. OCLC 802867781. Retrieved 4 July 2013.
- Ian Adamson; Richard Kennedy. "The Quantum Leap – to where?". Sinclair and the 'Sunrise' Technology. Retrieved 2006-12-15.
- Rick Dickinson (2007-07-16). "QL and Beyond". Flickr. Retrieved 2008-04-21.
- See advertisement in Byte Magazine, August 1992, p. 133
- US Patent 4,168,396