Last updated: 15 May 2017
One of the most apparent advantages of hardware keys for software licensing over traditional software-based solutions is the ease of transferring a key, with its contained licenses, from one computer to another.
To prevent the use of illegal software copies, licensing systems typically use a mechanism called a ”fingerprint”, which holds unique hardware identifiers of the end-user’s computer hardware. The fingerprint is used to ensure that licenses bound to one computer cannot enable the software on another, or worse – on multiple computers.
These identifiers are encoded into the license when the license file is being created and signed by a license generator, which is located with the software vendor. During runtime, these identifiers are checked again and a comparison is done between the current computer state to the identifier information stored in the license.
To keep this security concept in place, while allowing end-users to transfer the license to another computer of their choice, some licensing systems include a mechanism that cancels the license on the computer from which the license should be transferred, and uses the software vendor’s backend system to generate a new license for the computer to which the license is transferred. This solution keeps the license generator at the vendor side, maintaining the security level similar to that of the original license.
However, this solution has one significant disadvantage – it requires internet connectivity. Though this may not be of an issue with software used at homes or in most offices, internet connectivity is typically an unacceptable requirement in environments such as production facilities, highly secure server environments such in banks, military and government agencies networks, and others.
A much better option for transferring software licenses in such environments is to employ an offline license re-host mechanism, like the one offered in SafeNet’s Sentinel LDK. In three simple steps end users can transfer software-based licenses from one computer to another without the need to communicate to the software vendor for every transfer, eliminating the need for an internet connection on any of the involved computers. Software vendors should have the power to enable or disable this mechanism. Once enabled, end users have the freedom to transfer licenses between computers at any time, and any amount of times they wish, keeping the software vendor out of the loop and keeping associated support costs to minimum. As this is an offline mechanism, ISVs don’t need to run a 24×7 service to enable it, which is a requirement in the case of online-transfer solutions.
How does offline re-hosting software licenses work?
As part of defining their product catalog in their entitlement management system, software vendors decide whether to allow or prevent end users from re-hosting licenses between computers. Once a license defined with the right to re-host is deployed, the end user can transfer it between computers in three simple steps. In the case of Sentinel LDK, this is done using out of the box tools provided with the product.
- Step 1: Create an identification file on the recipient computer and copy it to the host computer;
- Step 2: Create a license file on the host computer, for the recipient, based on the identification file; and
- Step 3: Install the license file on the recipient computer.
Though off-line re-hosting is a significant leap in ease of use of software-based licensing systems, one challenge still exists: what if the operating system isn’t accessible, for example due to a computer crash? Solving this use case remains an advantage of hardware keys, where the key can always be disconnected from the host machine, regardless of its state, and connected to the recipient machine.
In conclusion, using a re-hosting approach provides greater ease of use predominantly in licensing machines that can’t maintain an active internet connection.