Embedded software copy protection

This may be of background interest

martin

Put in the license that it is not permitted to copy or reverse-engineer the software.

Anyone paying $100k for a box will pay attention to the fine print.

Otherwise, anyone paying $100k for a box can pay a few bucks to rent the tools to copy your software as it transits the system bus.

You could build the PC into a security case, like a modified safe, with a combination lock and everything.

If you really do have the ability to wire up the triggers to the case, you could try this:

Sounds awfully silly, though. And impossible to test.

Threatening to sue someone who breaks their contract to keep the code secure is a much more powerful antidote.

Because if you don't tell them it's expensive to reverse-engineer your machine, they will just guess at its behavior and pay a crafty teenager $50 to write code to those requirements.

--Blair

Why do you use standard PC and standard OS ?

With dedicated hardware and OS, the likelihood that someone could find a platform to copy your product to.

Paul

What you need is a small thermite grenade attached to the top of the hard-drive that's triggered when the case is opened.

Might be a small liability problem...

Not really, but the video above is cool. ;)

There is no way to solve the non-technical problem by the technical means. If your software/hardware is really worth protection, you should protect it legally.

Vladimir Vassilevsky

DSP and Mixed Signal Design Consultant

Dongle?

John

Stop and think a bit about what you are doing here.

Are you sure you want to use an PC with XP on this type of project. You are controlling a mechanical device (the motor) which may have the potential to do a great deal of harm if your system got to a state where it couldn't be shut off quickly. If this is for a small motor with very little torque available then it might be OK.

Perhaps you might consider constructing a proper embedded system (from SBC based modules), with the hardware fully tailored to perform the tasks required. Ditch any idea of running XP or maybe you do not really need an operating system at all. Then you will have a mix of hardware and software to be able to fulfill the customers requirements and they will come back when they need more such systems.

Any system that needs to be shut off quickly should have a large number of those big red emergency STOP switches distributed all over the place, that will simply cut the power to the control electronics in case of an emergency, possibly activating some spring loaded breaks.

XP Embedded is a usable platform for running the user interface for a control system, but is it an appropriate platform for the actual motor control is an other question.

The question of data security, copy protection etc. should not be addressed as some kind of a late add-on feature, but these things should be part of the initial product design.

With the OP's requirements, I would design a system, with the actual control logic using some dedicated card, running some possibly in-house OS, while the user interface would be running perhaps XP Embedded.

It would not be a pity, if someone copied the user interface, since the system would not work without the specific hardware. In fact it might be a good idea to distribute the user interface as a demo product for potential customers.

No matter how wildly the user interface is cloned, the actual product bringing the revenues would be hard to clone, especially, when the number of potential users are that low, since with such low number of potential customers no-one would do it.

Apparently nobody noticed the sarcasm in my previous post :-).

Paul

Using hardware certainly will help

That's actually very hard to do - see the USA Spy plane that force-landed in china as an example. They are now looking at giant rare earth magents that physically swing over the hard drive, and wipe them that way : old-fashioned magentic brute force. I did not see mention of how they would shield the magent, so it did not slowly wipe the hard drive in the 'retract' position...

Your cost price/risk is rather under the US military budget, so you might consider something less out in left field (sic).

You need to define what exactly you are protecting against. Since you presumably sell a PC+HW+Expertise+Support+Updates, and you include a reasonable amount of HW, then look at the attack motivations, and protect against those. eg Does it matter if they copy the PC SW, if they lack the HW ?

Do you need anti-clone or anti-creep protection on the products [sell & support a couple, but customer has dozens cloned...]

With modern Flash uC, FPGA and CPLD there are plenty of places you can serialise and key your systems, and the best security will be many small keys, rather than a single attack point (like a dongle). Some FPGAs have RAM based encryption streams, that makes them very hard to attack/clone.

You only really need to go up to the cost of reverse engineering the product ( ie copy, with probably improvements, the functions )

Always remember that keying should never penalise the legitimate user, or you will shoot yourself in the foot.

-jg

You cant make profits from s/w unless you have friends in Congress like Bill Gates has ....

Best just get on with hardware and dont worry about it .

Ill be giving a free Forthrite OpSys for ARM9 ........ It needs no U-Bloat nor Linux nor manuals nor English text its the first True GUI .... ARM from Atmel has the best Docs ive ever seen , making it simple and fast to develope . Atmel has exactly the right hardware info to get you started on any EVB .

Have you looked at securewrap?

Hmm... Market Intelligence, Real-time Customer Management and Self-managed Feature Control. You need all *that* to do copy protection ?