Default banner

Sentinel Envelope

One-Click, Easy-to-Use Protection

Intellectual Property Protection with Sentinel Envelope

The Sentinel Envelope is an automatic file wrapper that provides robust intellectual property protection against software reverse engineering through file encryption, code obfuscation and system-level anti-debugging. This ensures that algorithms, trade secrets, and professional know-how embedded in the software are secured against hackers.

Software solutions not only consist of executables and DLLs, they also contain data files which may be of even greater value than the software applications themselves. In many cases, these data files contain highly sensitive information and Intellectual Property which must be secured against prying eyes and theft. The Sentinel Envelope creates multiple random layers of protection for each file, making it extremely complex and time consuming for hackers to remove while ensuring that software code is safe from exposure while en-route to its end-user destination.  Increase your operational efficiency, improve your customer satisfaction, gain business insights and capture more revenue opportunities today with our products.

How the Sentinel Envelope Works

To protect data files, the Sentinel Envelope tool wraps the application, encrypting and controlling access to the software data files so that only authorized users and the hosting software can decrypt and upload them. In seconds, you get top-notch security and access-control for your entire product suite

The ToolBox is a GUI-based utility that helps familiarize you with the Sentinel Run-time API and generates code for inclusion in your software source code.

The Sentinel Run-time API lets you protect applications with direct calls to the Sentinel LDK protection key throughout the software's source code.

  • Specifications
  • Features & Benefits
  • Sentinel LDK Protection Types
  • Sentinel LDK Features

Multiple, Non-obtrusive Calls to the Sentinel Hardware-based Protection Key

The Sentinel Envelope is responsible for checking whether the Sentinel HL key is connected to the host during software runtime. Both the encryption and decryptionmechanisms employ AES 128bit encryption ensuring a fully secured two-way communicationchannel confirming the presence of the key.

Multi-layered Shield—Security for the Weakest Point

The weakest point in an application protected with any wrapping mechanism is the seambetween the application and the externally added code. This is the point which, once annulled,will disconnect the link to the hardware key, leaving the application unprotected. Consequently,this is the point at which most attackers will attempt to strike. Once they understand the codeand recognize its location, they can then operate in one of the following manners:

  • Break the protection link for the specific application file – Specific hack.
  • Break the protection link for all other files protected by the same mechanism if the exact same method appears in all of them repeatedly – Generic hack


One of the strongest features of the Sentinel Envelope is its ability to protect the seam point by presenting numerous obstacles that prevent the protection link from being broken.This is achieved by supplying multi-layered protection code, added onto the application file dynamically during the protection process. Like train cars, these pieces of code are specifically designed to fit one-after-the-other.

  • Automatic File Wrapper - Provide robust protection against software reverse engineering through file encryption and native code obfuscation.
  • Re-connection of the Application to the Hardware -The application is now tightly coupled with the Hardware by means of a protection key.
  • Secure Communication Channel - Sentinel LDK eliminates man-in-the-middle attacks by providing a secure channel for communication between the protected application and the protection key. The Java Envelopeuses this ability to prevent a hacker from intercepting communications to access data sent back from the protection key.
  • Run-Time Decryption - Because Sentinel LDK decrypts files as they are requested at run-time rather than loading all the .class files into the virtual machine at once, it prevents hackers from rebuilding the entire application.
  • AppOnChip – Sentinel Envelope AppOnChip feature facilitates inseparable binding between Sentinel HL key and the application by executing segments of code on the token itself.
  • National Instruments LabVIEW application (RTEXE) Protection - A version of Sentinel Envelope is also available which protects the National Instruments LabVIEW application (RTEXE) running on cRIO-9030 or cRIO-9067 devices. These embedded devices run the National Instruments Linux real-time operating system. Supported devices for end user include cRIO-903x with LabVIEW 2014; cRIO-903x with LabVIEW 2015; cRIO-906x with LabVIEW 2014; cRIO-906x with LabVIEW 2015. Supported platforms for vendors (Sentinel Envelope for NI RTEXE) include Windows 7 32/64 bit and Windows 10 32/64 bit.