Secure Node-locking for Hardware Identification

Prevent HostID Spoofing and Preserve Revenue

Binding a software license to a particular end user computer or license server ensures that software is only used by an authorized and paying customer. This strategy, called node-locking, is an easy way to recover revenue from under-licensing and piracy.

Problem: HostID Spoofing is a common attack on licensing systems, both by licensed customers seeking to use more seats of the software than they purchased, or by outright pirates. In a HostID spoofing scenario,  characteristics of the original licensed machine are replicated on another arbitrary machine, thus multiplying the number of available licenses without paying an additional fee. This attack is particularly simple when weak characteristics such as the MAC are used to calculate the HostID.

Solution: When implemented robustly, node-locking is the easiest way to recapture revenue lost to under-licensing. BindIT is a software-based node-locking solution which provides strong resistance to HostID spoofing. Powered by Uniloc®, BindIT’s  patented device recognition algorithm uses multiple factors, including some which are intrinsic to the hardware and are practically impossible to replicate on another computer.  Arxan’s BindIT provides strong, performance efficient, cost effective and user-friendly node locking for software applications.  The result is reduced piracy, reduced technical support and development costs, and increased recapture of revenue from under-licensing.

Secure Yet Customer-Friendly Node-Locking

Traditional node locking measures such as hardware dongles are expensive, The total cost of ownership for dongles is very high. Software publishers incur significant initial cost in acquiring and deploying the dongles, plus additional cost when dongles are lost or fail, and customers call for technical assistance. Clients incur significant expense in maintaining and tracking dongles, and suffer downtime when dongles need to be replaced.

BindIT integrates seamlessly into software, and the application can then be optionally hardened with GuardIT. The result is a level of security comparable to, and often higher, than hardware dongles. Furthermore, customers gain the advantages of operational efficiency, customer-friendliness and flexibility that come with an all-software implementation.

How it Works

BindIT is configured and integrated into your application during development. GuardIT hardening, if used, is then applied following compilation of the application. When your end user runs your protected application for the first time, the computer’s fingerprint is generated, and the resultant HostID is provided to to your license management or node locking routine. This is stored for future reference, usually as part of the software license that is issued at installation. For each subsequent execution, the HostID is calculated from the host machine, and compared to the reference HostID. As long as there is a match, the software continues to run normally. If the match fails, a variety of reactions can be taken including remote notify with tampering information, allowing the software to run for a grace period, or restricting software features.

Features and Benefits of BindIT

Feature	Benefit
Device Recognition	BindIT uniquely fingerprints a computer based on multiple hardware and software characteristics, to provide a HostID which enables node-locking
Integration with license management	BindIT provides point-click integration of node locking logic with FlexNet Publisher. It also supports interoperation with any in-house or third party license management or online activation system.
Tolerance	By allowing some system characteristics to change before a re-authentication is required, normal customer upgrades and normal computer wear-and-tear can be accommodated without disrupting user experience or incurring expensive technical support calls. (Tolerance is tunable, and non-tolerant operation is also supported.)

Advantages of BindIT

• Easy to Use
• Customer Friendly
• Algorithmically Strong
• Spoof-Proof