Page 1 Cloud Security Act One, Charismathics and Wibu-Systems
Oliver Winzenried
CEO
Cloud Security Act OneCloud Security Act One
License Protection & Identity ProtectionLicense Protection & Identity Protection
Joint Webinar of charismathics & Wibu-SystemsJoint Webinar of charismathics & Wibu-Systems
Page 2 Cloud Security Act One, Charismathics and Wibu-Systems
WIBU-SYSTEMS in short
Page 3 Cloud Security Act One, Charismathics and Wibu-Systems
1989...2013: 20+ years in business
WIBU-SYSTEMS AG Founded in 1989 By Oliver Winzenried and Marcellus Buchheit Headquarters in Germany (Karlsruhe) Focus on Protection, Licensing and Security Technological leader with int’l patents ISO 9001:2008 certified
WIBU-SYSTEMS worldwide Subsidiaries in Seattle, USA – Shanghai and
Beijing, China – France – Belgium – Netherlands – Portugal – Spain – UK – Ireland
Exclusive distribution partners in Russia – Japan – Korea and many more
100 employees worldwide Top 2 vendor in hardware based protection
Page 4 Cloud Security Act One, Charismathics and Wibu-Systems
Solutions
Technology(CmDongle /
CmActLicenses)
Software Integration
Backoffice Integration
Ax-/IxProtectorCodeMeter API
CodeMeterLicense Central
Dongles:CmDongle (USB, SD,
CF, µSD, …)
Soft licenses:CodeMeter SmartBind®
Flex License Models:Single user, demo,
floating, subscription, …
Development Tools
EmbeddedDevice
Page 5 Cloud Security Act One, Charismathics and Wibu-Systems
The solution: CodeMeter Technology
CF-CardCmCard/CF
SD-CardCmCard/SD
USBCmStick/C Basic
µSD-CardCmCard/µSD
USBCmStick
InternCmCard/I
Express-CardCmCard/E
ActivationCmActLicense
PC-CardCmCard
ChipCmASIC
Page 6 Cloud Security Act One, Charismathics and Wibu-Systems
Thousands of Customers, Millions of Dongles
Page 7 Cloud Security Act One, Charismathics and Wibu-Systems
Oliver Winzenried
CEO
Cloud SecurityCloud Security
Licensing and IP Protection in the CloudLicensing and IP Protection in the Cloud
Page 8 Cloud Security Act One, Charismathics and Wibu-Systems
Which security requires the Cloud?
SaaS / PaaS:Software as a Service / Platform as a Service ISV hosts software, user defined business logic
Protection Requirements Authentication, user management, encryption of data Protection of business logic at PaaS
IaaS: Infrastructure as a Service Software running in the “Cloud” by user
Protection Requirements Control software use, pay-per-use, modular licenses IP and copy protection of software
Page 9 Cloud Security Act One, Charismathics and Wibu-Systems
What does Wibu-Systems offer for the Cloud?
CmWAN License from the Cloud (no dongle, no activation) Software in the Cloud with local license at user side
Data Encryption CodeMeter API or SmartShelter SDL
CodeMeter License Central License creation, administration and deployment
Authentication using certificates CSSI middleware uses CmDongles as Tokens
Page 10 Cloud Security Act One, Charismathics and Wibu-Systems
CmWAN: License from the Cloud
Page 11 Cloud Security Act One, Charismathics and Wibu-Systems
CmWAN: License from the Cloud
CodeMeter license = CmContainer can be a … CmDongle with many different interfaces CmActLicense bound to the target system License from the cloud using CmWAN
License in the Cloud, Software in the Cloud Use protected software with license from the cloud Run software in the cloud accessing a cloud license Run software in the cloud using a license at user side Standard CodeMeter integration in protected software
Page 12 Cloud Security Act One, Charismathics and Wibu-Systems
CmWAN: License from the Cloud
Page 13 Cloud Security Act One, Charismathics and Wibu-Systems
License locally at User, Software in the Cloud
Client Computer
Protected Application in the Cloud
Client
Loc
Page 14 Cloud Security Act One, Charismathics and Wibu-Systems
Data Encryption
Data Protection using CodeMeter API or SmartShelter SDL
Page 15 Cloud Security Act One, Charismathics and Wibu-Systems
Data Encryption: CmAPI or SmartShelter SDL
Using CodeMeter API Highest flexibility, individual implementation Symmetric encryption Asymmetric signatures
Using SmartShelter SDL in own app Easy use with AxProtector Reliable solution thanks to knowledge
of own application
Using SmartShelter SDL with third party SW Best use with “read-only” applications
Page 16 Cloud Security Act One, Charismathics and Wibu-Systems
Data Encryption with CodeMeter API
Using CodeMeter API in application Highest flexibility, individual implementation Symmetric encryption Asymmetric signatures But: Implementation effort
cmCrypt.cmBaseCrypt.mflCtrl |= CM_CRYPT_AES;cmCrypt.cmBaseCrypt.mulEncryptionCodeOptions |= CM_CRYPT_ETCHECK;memcpy(cmCrypt.mabInitKey, initkey, CM_BLOCK_SIZE);memcpy(cmCrypt.mabDirectAesKey, DirectAesKey, CM_BLOCK_SIZE);cbDest = 16;res = CmCrypt2(hcmse, CM_CRYPT_DIRECT_ENC, &cmCrypt, pbDest, cbDest);if(0 != res){/* The number of en-/decrypted bytes was returned. */}
Page 17 Cloud Security Act One, Charismathics and Wibu-Systems
CodeMeter License Central
Create, Administrate and Deploy Licenses
Page 18 Cloud Security Act One, Charismathics and Wibu-Systems
License Central as hosted cloud solution
Ticket /Fingerprint
4
Use
r
ISV
Ticket3
License5
Ticket
2
SKU1
Online Activation Server
Page 19 Cloud Security Act One, Charismathics and Wibu-Systems
License Central as hosted cloud solution
Page 20 Cloud Security Act One, Charismathics and Wibu-Systems
License Central as hosted cloud solution
Reduce costs and time to market Fast integration into business processes Automation of license deployment Supports CmDongles and CmActLicenses
Hosting in Wibu Cloud: Managed server, OS updates and patches License Central configuration, updates, customizing Internet connection and high availability High security due to setup with multiple firewalls Daily database backup
Page 21 Cloud Security Act One, Charismathics and Wibu-Systems
License Central as hosted cloud solution
Cloud
AS
WSi
Your Server /VMware image
ERP
CRM
DB FSB
Webdepot
Gateway
Connector eCommerce
CRM(Sales Force)
ActivationWizard
Browser
Connector
Webserverin DMZ
C
C
DB
CustomizedApplication
G
C
Wibu-Cloud
Page 22 Cloud Security Act One, Charismathics and Wibu-Systems
Authentication using certificates
Charismathics CSSI middleware uses CmDongles as Tokens
Page 23 Cloud Security Act One, Charismathics and Wibu-Systems
Authentication with certificates and CodeMeter
All-In-One: Token, Dongle and Memory Device CmDongle as Token using CSSI Middleware
Full implementation of Microsoft CSP and PKCS#11 Storage of private keys (16 X.509 certificates)
Page 24 Cloud Security Act One, Charismathics and Wibu-Systems
Certificates and CSSI Middleware
CSSI Middleware
PKCS #11 Microsoft CSP / KSP
Page 25 Cloud Security Act One, Charismathics and Wibu-Systems
Contact: www.charismathics.de:
Germany +49-89-30906700
USA +1-408-5736440 Contact: www.wibu.com:
Germany +49-721-931720
USA +1-425-7756900