Dongle Security

License Dongles as Part of a Flexible Software Security Strategy

According to the most recent Global Software Survey from BSA (aka The Software Alliance), companies that proactively work to improve their software management can increase profits by 11%. Malware from unlicensed software may be costing the economy more than $359 billion. Your customers rely on you to have strong, convenient security and licensing strategies in place. 

But having a licensing system set up isn’t enough. You’ll need a way to enforce it that maximizes your ROI and creates a smooth user experience for your customers. License dongles can be an effective building block in your strategy. 

Key dongles, or security dongles, are a major player in the history of software security and licensing. They are pieces of hardware, today mostly USB drives, that are integrated with the software. The software is designed to only work if the key dongle is plugged into the computer. Once it’s there, it can even limit the software’s usage or unlock features. 

What is a License Dongle?

A license dongle is a device that connects to a computer to enable functionality or decrypt content in software that is not meant to be shared. While these key dongles can use a wide variety of connectors and ports, today they’re mostly on USB drives. The most simplistic version of security dongles won’t let the software run unless it recognizes that the software dongle USB is plugged in. But the more successful dongle protection comes from product keys or encryptions that are programmed onto the software dongle. In addition to allowing the software to run, they can restrict features or usage times, which allows software dongles to enforce licensing terms. 

The History of Software Licensing Security

Before floppy disks, software licensing wasn’t a serious issue. Software sellers tried providing activation codes or binding software to individual computers. But these methods proved easy to circumvent and inconvenient for users. Both of these systems eventually evolved. Vendors learned to tie software licenses to whole servers or networks, instead of single machines, and to use online activation that could also provide usage feedback to developers. 

Another option was the license dongle. While we tend to use the word today for any of the cords and connectors that clutter the drawers of home offices worldwide, the earliest published uses of the word dongle refer to antipiracy devices.

What is a Key Dongle? 

Today, key dongles are a critical part of the licensing and security strategy for software developers. Using specialized USB drives, because not all drives have unique serial numbers, developers load key dongles with hardware serial numbers and ID strings that are difficult to tamper with. The resulting software licensing dongles are especially popular for high-level design and manufacturing software. 

When it comes to software licensing, the key dongle’s firmware is programmed with data about what type of access to allow. It tells the software when or where to open, which features to activate, and even how long to run before shutting the user out. 

So Why Doesn’t Everyone Use Key Dongles for Software Licensing?

Over the years, the license dongle has gone in and out of fashion. Originally, software that was protected this way would have been programmed to only run if it recognized that the key dongle was present. Users wouldn’t be able to use illegal copies of the software because they wouldn’t have the security dongle to go with it. However, this type of security is easy to break. Software pirates can either remove the software dongle check from the software or convince the software the key dongle is there. For someone who knows what they’re doing, this fix could take just a couple of hours. 

The way around this problem is to store an encryption key on the security dongle, rather than check for the software dongle itself. The software itself is encrypted and only the code on the key dongle will unlock it. With this system, each license dongle’s code can include unique instructions about the terms of a particular licensing agreement. 

Like any other security method, even this one isn’t perfect and isn’t right for every software. The benefits of key dongles make them a good choice for specific applications as part of a broad security strategy.

The Benefits of License Dongles

Increased Security  - A physical separation between the software and encryption key means that anyone trying to pirate the software would need physical access to the key dongle at least once.

Flexibility - A security dongle lets developers and users implement a wide variety of licensing agreements without making any changes within the software itself. They also make it easy to enforce licensing agreements without restricting users to a particular device. 

Independence- When the encryption key is located on a license dongle, the software application doesn’t need to connect to the internet. This makes it ideal for high-security locations or other places where internet use is restricted. 

Should You Use Key Dongles for Software Security?

License dongles are rarely used for consumer software (programs you’d use on a home computer). They are often used as just one part of a licensing strategy. Companies that use USB dongles often fit one of the following criteria:

• work in high-security environments without internet access
• create software for specific pieces of hardware or for devices that are replaced or updated often
• offer a range of licensing models based on usage, features, or varied subscriptions

What are Your Options for License Key Dongles? 

Even among USB dongles, no two are alike. They come in several different hardware formats and use varying types of encryption. Thales’ own Sentinel Hardware Keys, for example, use 128-bit AES encryption and a unique encryption key for each communication session. They also incorporate other Thales licensing and security technologies, including Sentinel Shell and Sentinel V-ClockTM.

This is because the most powerful protection comes from combining software dongles with other layers of security strategy. Sentinel LDK supports key, hardware, encryption and USB dongles, cloud licensing, built-in software licensing, and any combination of these enforcement methods. By integrating software and cloud-based security with a physical hardware key, this solution offers the highest-level protection against intellectual property theft and software piracy.