Protecting Your Licensing Data Against Tampering

Encrypted memory objects (CDO_MEMORY) for the CRYPTO-BOX® were introduced with Protection Kit 7.4.

This new DataObject type allows storing of encrypted data of fixed size (actual data size is stored in the CDO header) protected against unauthorized changes with a special internal signature. The CDO_MEMORY content is encrypted, so it cannot be read  by regular CBIOS read calls. Moreover, the value is bound to the particular CRYPTO-BOX which prevents any duplication to another dongle.

The only way to read or change CDO_MEMORY data is using corresponding DO API call with UPW submission. See Compendium chapter 14.2 and sample code in Protection Kit 7.4 for further details:

[PPK root]\SmarxOS\API\Win\Samples\DO\C++\MSVS2005 (Static VC)

It is strongly recommended to apply additional hardware based encryption to the CDO_MEMORY content (AES, see corresponding CBIOS sample code in the Protection Kit) when storing confidential data like passwords. The reason is: having a valid CRYPTO-BOX and using DO API, plus knowing the User Password and internal geometry of the licensing data, a potential intruder can read the secret value.

CDO_MEMORY is currently supported for C++ (Visual Studio), support for C# and Delphi will be available soon.

Please contact us if you need support for further development environments, or if you have any questions about the CRYPTO-BOX implementation: support@marx.com or use our support ticket system.