By Daniela Previtali, Wibu-Systems
Everyone knows about the danger of a malicious cyber-attack upon their company’s data systems. While it is true that many such attacks are perpetrated upon what is commonly known as ‘front-end’ – that part of a software system that allows usage and interaction by an individual employee, many attacks and malicious misuse are just as focused upon the ‘back-end’ of such systems. These back-end systems are often part of a company’s digital delivery system for their products.
Figures published by HACKMAGEDDON in their latest June 2018 report(1), show an estimated 50% plus of cyber-attacks targeting the back-end of company’s data systems. Almost 85% of such attacks are credited to cyber-crime, the search for data or intent upon making money from such an attack.
But it’s not just data or money that malicious actors are after.In the world of industrial espionage, the focus is to steal proprietary software or valuable IP data that resides in these‘back-end’ systems. From industrial design algorithms to gaming software, there is a whole spectrum of assets that cyber-criminals can profit from.
That’s why there is a need for secure back-end processes that allow controlled access management to sensitive data and license issuance for software delivery: protecting the access equals protecting the assets from theft or tampering, and ultimately from considerable losses.
This sentiment was echoed by Frank Felten, Vice President of PTV Group in a recent interview (2) with Wibu-Systems, who said, “It’s important in our markets that we ensure that our software doesn’t get cracked and the IP taken without someone paying for it. The opportunity to use different license containers but all leading back into the same standardized back-end process is of high value to us.”
Reducing the human element for software license issuing
However, applying access and license control to secure acompany’s software solutions, that are in turn accessed from a back-end infrastructure, is best done with the minimum of human interaction where possible.
This is a best practice that is embraced by many companies whoare using or delivering digital products.
While there is a vital need for delivering software complete with its license, the requirement to make the actual issuing of said licenses and access to a company’s software products as painless as possible is a necessary step on the road to digital product delivery. And one that performs better when integrated within the company’s own back-end infrastructure.
“In our opinion, the best approach in such situations,” said Oliver Winzenried, CEO and Founder, Wibu-Systems, “is to ensure that the license is not created manually, but is automatically generated by the company’s back-end ordering system.”
License generation solution meets SAP
In this area, Wibu-Systems has been mindful to ensure that their licensing software solutions can be fully integrated into a customer’s ordering system. Probably the best known and most widely used example of a back-end ordering system is SAP; used in the majority of companies to facilitate a number of purchasing and accounting actions.
Giving an example of back-end integration into such a system, Rüdiger Kügler, Security Expert at Wibu-Systems said (3), “Most of our customers are using SAP to generate their orders. In partnership with Austrian-based INFORMATICS, Wibu-Systems built a license generation solution that is integrated into SAP. An employee of the customer generates the order in SAP (4). A connection between SAP and Wibu-Systems CodeMeter License Center creates the license in the license life-cycle system.The license travels first back to SAP as a ticket and is then delivered as an email or a printed activation code for the end user of our customers to activate the software product”.
The benefits for Wibu-Systems customers who opt for incorporating CodeMeter licensing into their SAP back-end purchasing systems are clear. As the company is already using SAP, it is easy to use the Purchase Order generator in the system for the creation of the required licenses. This integration reduces costs for the generation and delivery of the required license and reduces possible human errors and subsequent support costs.
However, the integration of Wibu-Systems CodeMeter software licensing solution into a customer’s back-end systems is not just bound to SAP. The company has gone to great lengths to ensure that they can integrate their license issuing services into a number of customers’ back-end systems, across a variety of industries and markets.
Securing medical IP through time-base licensing – Agfa Healthcare
Wibu-Systems’ secure back-end license and entitlement management system doesn’t just simplify the workflow, but also adds a number of monetization capabilities, by leveraging the full versatility of CodeMeter licensing models.
For instance, Wibu-Systems implemented a solution for time-based licensing that allowed healthcare providers to use a computed radiography package powered by Agfa HealthCare’s Easy Payment Scheme. The solution allows healthcare providers to pay as they go, with a fixed down-payment followed by equal and regular instalments, keeping upfront capital investment low and cost management easy.
When signing up for Agfa HealthCare’s digital imaging solution,the healthcare provider gets a full digital package upfront,including all necessary equipment and software.
Through a web-based interactive portal the healthcare provider is invited to pay regular instalments. Each payment ensures the use of the system through to the next instalment date. The affordable and predictable recurring pricing model allowed Agfa HealthCare to gain new market quota, especially with small businesses and in emerging areas.
The Easy Payment Scheme is based on a payment platform, where the end user pays for regular – typically monthly or quarterly – instalments. The payment platform is linked to an encryption platform. Upon completion of the payment, a ticket can be downloaded to renew the software license, releasing the software to be used until the next instalment is due.
Wibu-Systems proved to be the only company capable of implementing the encryption and time-based licensing solution on Agfa HealthCare’s proprietary operating system. Wibu-Systems’ CodeMeter Protection Suite combines strong protection functionality with ease of use. This way, CodeMeter acts as a deterrent against the illegal and fraudulent use of AgfaHealthCare’s Easy Payment Scheme. It offers Agfa Health Care an easy way to control the use of the software and to protect its intellectual property against illegal or fraudulent use.
Integrating CodeMeter with industrial back-end systems – Siemens
The integration of access control into a customer’s back-end system does not necessarily mean the integration of a singular licensing model. There is always the possibility of integrating multiple models within the back-end system in terms of both software and hardware-based licensing (such as incorporating a secure hardware or software element into the solution flow).
Industrial giant Siemens developed a Totally Integrated Automation Portal (TIA Portal®) that provides unrestricted access to their complete range of digitalized automation services, from digital planning and integrated engineering to transparent operation. With the TIA Portal, engineers can benefit from a shorter time-to-market thanks to innovative simulation tools, boost the productivity of their plants with additional diagnostic and energy management functions, and enjoy greater flexibility made possible with more coordinated teamwork.
Siemens customers rely on the TIA Portal to program their programmable logic controllers. To do so, they use programming languages that are compliant with the IEC 61131 standard. Part 3 of this standard relates to the use of ladder diagrams, function block diagrams, structured text, instruction lists, and sequential function charts. The building blocks can be any one of four different types:
- OB – Organization Block
- FB – Function Block
- FC – Function
- DB – Data Block
The first three types can be password protected. A generic password protection solution is usually not strong enough by nature. By comparison, the password management solution based on CodeMeter is extremely robust.
Wibu-Systems created a back-end solution that consisted of several intertwined software and hardware elements:
- CodeMeter License Central, the cloud and database-derived solution for license life-cycle management
- CodeMeter WebDepot, the user portal for license
- CodeMeter Password Manager, the tool for password and
- entitlement management
- CodeMeter Password Provider, the interface module
- between CodeMeter technology and the TIA Portal
- CodeMeter Sticks, the USB hardware secure elements where passwords are stored
Wibu-Systems developed a password provider for the Siemens Totally Integrated Automation (TIA) Portal V14 SP1 or higher based on their Password API. The engineering data that are stored in the TIA Portal are often very sensitive in nature. While online teamwork is highly effective, logical access controls are paramount to make sure that only entitled users can view and edit only those projects they have full rights to.
With Siemens’ Password API, Wibu-Systems created a password provider that streamline know-how and write protection and, in turn, increases the access control and engineering data protection measures. Rather than being susceptible to disclosure, passwords could be securely stored in Wibu-Systems’ CM Dongles, hardware secure repositories that come in several form factors, including USB sticks (with optional flash memory), memory cards (SD, microSD, CF, and CFast type), and ASICs. Access controls by timer or unit counter govern the ability to access or edit the engineering data.
CmDongles are operated with CodeMeter, Wibu-Systems’flagship technology that incorporates state-of-the-art proprietary encryption methods based on public symmetric and asymmetric standards, like AES 256-bit, RSA 4096-bit, and ECC. Its specific password management tool is flexible enough to allow the creation and administration of passwords in accordance with the customers’ requirements and secure enough to safeguard the digital identity of the TIA Portal’s users. Passwords can now be transferred online or offline, conferring additional versatility to the solution.
Speaking on the subject of incorporating a Wibu-Systems solution into a Siemens TIA Portal, Oliver Winzenried, CEO and founder of Wibu-Systems, said, “We are obsessed with security and therefore glad to be able to offer a small, but significant building block to the TIA Portal. With our CodeMeter password management technology, manufacturers can easily manage and protect their invaluable digital know-how. The cloud-based deployment of passwords facilitated by CodeMeter License Central simplifies their distribution and assignment.”
CodeMeter License Central allows the user to create, manage, and distribute their licenses. Even complex licensing models can be mapped in a quick, straightforward manner to meet customer requirements.
CodeMeter for secure licensed digital delivery and IP protection across all industries
But it doesn’t stop there. Many companies are now incorporating Wibu-Systems CodeMeter solution into their back-end infrastructure to facilitate a secure digital delivery of their products. CodeMeter allows the end user to apply a comprehensive range of license models that include both traditional models like single user licenses or network licenses,as well as modern consumption and user-based license models. License models are defined through Product Codes and Product Item Options.
For example, Dataton, a major player in the international infotainment industry, uses CodeMeter while monetizing software-realized features and protecting their IP invested in multi-display production and presentation systems for cultural installations and live events.
CodeMeter is also used in the automotive market by Bosch – ESI(tronic). The company uses a license-based subscription model for their diagnostic software solutions for the aftermarket workshop business, where experts provide advice, repair and maintenance services for all makes.
Integrating access management and license issuing into a company’s back-end infrastructure or customer portals makes a lot of sense. Wibu-Systems CodeMeter can provide cybersecurity capabilities to intelligent device manufacturers who want to safeguard firmware upgrades and updates, to software publishers that need to protect their intellectual property from counterfeiting and reverse engineering, and to users who want to be sure the software they run is genuine and has not been tampered with.
Perhaps more important in terms of back-end integration,CodeMeter includes the entitlement aspect, from the creation of licenses, to their online or offline delivery, transfer, or remote management. In doing so, Wibu-Systems is supporting the migration to a dynamic industrial economy, where new license-based business models can create additional revenue and responsive pricing models for unlimited access to the market for all vendors and users. Companies don’t have to manually issue a software license – it is automatically generated from their back-end infrastructure. As Frank Felten, Vice President of PTV Group commented, “Our customers are not interested in licensing, but in using our products.”
A point of view, I suspect, shared by many.
3 https://silicontrust.org/2015/05/19/video-software-protection-licensing-and-security-from-wibu-systems/4 https://www.wibu.com/wibu-systems-webinars/webinar-lean-license-management-via-sap.html