Software protection dongle: Difference between revisions

File:Serial-port-dongle.jpg

Chained parallel port copy prevention dongles.

Matrix USB dongles in two case sizes

File:Tiny-USB-port-dongle.jpg

Senselock Genii USB port dongle

A dongle is a small piece of hardware that connects to a computer.^[1] The usual function of a dongle is to authenticate a piece of software. Without the dongle, the software will run only in a restricted mode, or not at all. Dongles are used by some proprietary vendors as a form of copy prevention or digital rights management, because it is much harder to copy a dongle than to copy the software it authenticates. Despite being hardware, however, dongles are not a complete solution to the trusted client problem.

Vendors of software-protection dongles (and dongle-controlled software) often use terms such as hardware key, hardware token, or security device instead of dongle, but the term "dongle" is much more common in day-to-day use. The term has been somewhat generalized, so it may also refer to a connector that translates one type of port to another—for example, an 8P8C modular jack that plugs into the edge connector on a PC card Ethernet adapters—or may even mean simply a small device such as a USB flash drive or a wireless networking adapter. Douglas Adams, in a 1990s column for the US edition of MacWorld magazine, used the term "little dongly things" to describe converters for adapting US power cables to international plugs.^[2] However, these broader usages are not universally accepted.

Efforts to introduce dongle copy-prevention in the mainstream software market have met stiff resistance from users. Such copy-prevention is more typically used with very expensive packages and vertical market software, such as CAD/CAM software, MICROS Systems hospitality and special retail software, Digital Audio Workstation applications, and some translation memory packages. The vast majority of printing and prepress software, such as CtP workflows, requires dongles.

In cases such as prepress and printing software, the dongle is encoded with a specific, per-user license key, which enables particular features in the target application. This is a form of tightly controlled licensing, which allows the vendor to engage in vendor lock-in and charge more than it would otherwise for the product. An example is the way Creo licenses Prinergy to customers: When a computer-to-plate output device is sold to a customer, Prinergy's own license cost is provided separately to the customer, and the base price contains little more than the required licenses to output work to the device. In order to access the advertised features in the application, the customer must pay a significant price for a special dongle.

Well-known software-protection dongle manufacturers include Matrix (Matrix Dongle) Matrix Software License Protection System, SafeNet (Rainbow before an acquisition), Feitian Technologies, Aladdin, Microcosm Ltd (Dinkey Dongles), WIBU-SYSTEMS, SG-Lock, UniKey (or SecuTech), Senselock (or Sense), and MARX (CRYPTO-BOX). In the digital audio world, some versions of Pro Tools and many plugins use the Pace iLok Smart Key USB dongles.

The term 'mobile broadband dongle' is also sometimes used to refer to the USB plug-and-play device that enables PCs and laptops to use Mobile Broadband.^[3] It consists of a USB modem, which downloads necessary operating software to the computer, and a small transmitter/receiver which connects the computer to the mobile phone company’s data transfer network.

USB dongles are also a big part of Steinberg's audio production and editing systems, such as Cubase, Wavelab, Hypersonic, HALion, and others. The dongle used by Steinberg's products is also known as a Steinberg Key. The Steinberg Key can be purchased separately from its counterpart applications and generally comes bundled with the "Syncrosoft License Control Center" application, which is cross-platform compatible with both Mac OS X and Windows.

History

A typical PCMCIA card dongle

Dongle has been used as a placeholder name since the 1970s. Its origin is unknown. The American Heritage Dictionary, 4th edition, says it is "probably [an] arbitrary coinage." A 1992 advertisement for Rainbow Technologies (now SafeNet—a dongle vendor in the U.S) claimed the word was derived from the name "Don Gall"—though untrue, this has given rise to an urban myth.

Dongle as the name of a device was used well before 1980 in the telecom industry to refer to BNC cable joiners of either gender.

WORDCRAFT was the first program to use a software protection dongle, in 1980. Its dongle was a simple passive device that supplied data to the pins of a Commodore PET's external cassette port in a pre-determined manner. This was possible because the PET cassette port supplied both power and data connections through a proprietary edge connector. It did, however, make the cassette port unusable for its intended purpose.

The two-cubic-inch (33 cm³) resin-potted first generation device was called a "dongle" by the inventor as there was no other suitable term to hand on the day. The distributor, Dataview Ltd., then based in Colchester, UK, then went on to produce a derivative dongle, which became their core business.

Dongles rapidly evolved into active devices that contained a serial transceiver (UART) and even a microprocessor to handle transactions with the host. Later versions adopted the USB interface in preference to the serial or parallel interface. Currently, the USB interface is gradually becoming dominant.

Interestingly, modern smart cards present the same feature set as modern dongles. Given this, the dongle market may be overtaken by smart cards, as smart cards are more secure and powerful by design than traditional MCU based dongles. Some dongle vendors are producing one-chip dongles, which combine the smart card and the smart card reader in the same chip. This structure makes a smart card dongle easy and stable.

Problems with software-protection dongles

There are potential weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. It requires considerable cunning to make this hard to crack. For example, a naive implementation might simply define a function to check for the dongle, returning "true" or "false" accordingly—thus reducing the prevention scheme to a single bit value at one point in the program.

Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — key parts of the software may actually be stored and executed on the dongle. Thus dongles have become secure cryptoprocessors that execute inaccessible program instructions that may be input to the cryptoprocessor only in encrypted form. The original secure cryptoprocessor was designed for copy protection of personal computer software (see US Patent 4,168,396, Sept 18, 1979) to provide more security than dongles could then provide. See also bus encryption.

However, security researchers warn that dongles still do not solve the trusted client problem: if you give a user the cryptographic ciphertext, the algorithm and the key, your cipher is likely to be breakable, even with the algorithm and key encoded in hardware.^[4]

Another problem is that if a counterfeit version of a program does not require a dongle, the counterfeit version may be easier to use and may seem preferable to the original.

Hardware cloning is also a lethal threat to traditional dongles. To thwart this, some dongle vendors adopted smart card product, which is widely used in extremely rigid security requirement environments such as military and banking, in their dongle products.

Dongle drivers brings problems for end-users. Most developers and software vendors want to get rid of the dongle driver headache. There are some driverless dongles on the market, which make the protection easy for both software vendors and end-users.

A more innovative modern dongle is designed with a code porting mechanism, meaning you can transfer part of your important program code or license enforcement into a secure hardware environment (such as in a smart card OS, mentioned above). An ISV can port thousands of lines of important computer program code into the dongle.

Game consoles

Some unlicensed titles for game consoles used dongles to connect to officially licensed cartridges, in order to circumvent the authentication chip embedded in the console.

Pop culture references

[Teen Girl Squad] #12, [Vamlumtimes Day], from Homestar Runner, includes a brief romance between Cheerleader and a teenage boy via text message. A Wireless Wizard appears and demands to know what Cheerleader's extremely complicated smiley is supposed to be. She insists it's a cupid, but the Wizard says it looks more like a dongle goblin, and summons an actual dongle goblin from the sky to kill Cheerleader and the teenage boy.

Manufacturers

• Aladdin
• Eutron Electronic Technologies
• Feitian Technologies Co., Ltd.
• Matrix Software Protection System
• Microcomputer Applications, Inc. (MAI) -- KEYLOK
• Microcosm Ltd.
• SafeNet
• SecuTech Solution Inc.
• Syncrosoft/Steinberg
• WIBU-Systems

References

1. Late 20th century. Origin uncertain: probably an arbitrary formation. Microsoft Encarta Premium Suite 2004.
2. DNA/Dongly Things
3. See "what_is_a_mobile_dongle?" [1]
4. Attacks on and Countermeasures for USB Hardware Token Devices (PDF) (Joe Grand, Grand Ideas Studio, Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation, Reykjavik, Iceland, October 12–13, 2000, pp 35–57, ISBN 9979-9483-0-2

Hasp

See also

• The trusted client model

External links

• Compare mobile broadband dongles from all providers
• Jargon File: dongle