Software protection dongle: Difference between revisions

Browse history interactively ← Previous editContent deleted Content addedVisual WikitextInline

Revision as of 20:32, 14 February 2004 editDavid Gerard (talk \| contribs)Edit filter managers, Administrators213,071 edits more detail← Previous edit		Latest revision as of 17:21, 5 August 2024 edit undoRobbieIanMorrison (talk \| contribs)Extended confirmed users18,445 edits →Etymology: added "" to a quote to allow it to read smoothly
Line 1:		Line 1:
			{{Short description\|Electronic software copy protection device}}
	A '''dongle''' is a small hardware device that connects to a ] and acts as an authentication key for a particular piece of ]. When the dongle is present, the software will run properly; when it is not, the program will run in a restricted mode or refuse to start. Dongles are used by some ] vendors as a form of ] or ] because it is much harder to copy the dongle than to copy the software it authenticates.
			{{more citations needed\|date=March 2008}}

			A '''software protection dongle''' (commonly known as a '''dongle''' or '''key''') is an electronic ] and content protection device. When connected to a computer or other electronics, they unlock software functionality or decode ].<ref>{{cite book \|last1=Amos \|first1=S. W. \|last2=Amos \|first2=Roger S. \|title=Newnes Dictionary of Electronics \|url=https://archive.org/details/newnesdictionary0000amos_o3q0 \|url-access=registration \|accessdate=4 July 2013 \|year=2002 \|edition=4th \|publisher=] \|isbn=0750643315 \|oclc=144646016 \|page=}}</ref> The hardware key is programmed with a ] or other cryptographic protection mechanism and functions via an electrical connector to an ] of the computer or appliance.<ref>{{cite book \|last=Stobbs \|first=Gregory A. \|title=Software Patents \|edition=Third \|url=https://books.google.com/books?id=Rn1vZWqSuNYC&pg=SA2-PA90 \|accessdate=4 July 2013 \|year=2012 \|publisher=] \|isbn=9781454811978 \|oclc=802867781 \|pages=2–90}}</ref>
	('''Dongle''' also refers to an ] jack attached via a wire to a small edge connector, which is used to connect an ] cable to a ] ], into which the edge connector plugs. This type of dongle has no copy protection purpose. These are falling out of favour as more ]s include a built-in RJ-45 socket.)

			In software protection, dongles are two-interface security tokens with transient data flow with a pull{{clarify\|date=January 2021}} communication that reads security data from the dongle. In the absence of these dongles, certain software may run only in a restricted mode, or not at all. In addition to software protection, dongles can enable functions in electronic devices, such as receiving and processing encoded video streams on television sets.
	Dongles are typically used with very expensive packages and ] software, such as ]/] software, ] applications and some ] packages. Efforts to introduce dongle protection in the mainstream software market have met with stiff resistance from users.
			]

			==Etymology==
	Vendors of dongles and dongle-protected software often use terms such as '''hardware key''' or '''security device''' in their written literature. In day-to-day use, however, "dongle" is the almost universal term for the device and is used informally even by said vendors.
			The Merriam-Webster dictionary states that the "First known use of ]" was in 1981 and that the etymology was "perhaps alteration of dangle."<ref>{{cite web \|title=Dongle \|url=https://www.merriam-webster.com/dictionary/dongle \|publisher=Merriam-Webster \|accessdate=11 June 2019}}</ref>

			]
	==History==

			]
	], in ], was the first program to use a dongle. Its dongle was a simple passive devices that connected a ] in a predetermined manner.

	Dongles rapidly evolved into active devices that contained a serial transceiver (]) and even a ] to handle transactions with the host. Later versions adopted the ] interface in ~~preference~~ to the ] or parallel interface.		Dongles rapidly evolved into active devices that contained a serial transceiver (]) and even a ] to handle transactions with the host. Later versions adopted the ] interface, which became the preferred choice over the ] or parallel interface.{{Citation needed\|date=June 2021}}

			A 1992 advertisement for ] claimed the word dongle was derived from the name "Don Gall". Though untrue, this has given rise to an ].<ref>, ''Byte'' Magazine, p. 148</ref>
	==Problems with dongles==

			== Usage ==
	===Implementation problems===
			] parallel port copy protection dongles.]]
			Efforts to introduce dongle copy-protection in the mainstream software market have met stiff resistance from users. Such copy-protection is more typically used with very expensive packages and ] software such as ]/] software, ], ] hospitality and special retail software, ] applications, and some ] packages.

			In cases such as prepress and printing software, the dongle is encoded with a specific, per-user license key, which enables particular features in the target application. This is a form of tightly controlled licensing, which allows the vendor to engage in vendor lock-in and charge more than it would otherwise for the product. An example is the way ] licenses ] to customers: When a ] output device is sold to a customer, Prinergy's own license cost is provided separately to the customer, and the base price contains little more than the required licenses to output work to the device.
⚫	There ~~is the~~ potential ~~for~~ weaknesses in the implementation of the ] between the dongle and the ~~protected~~ software~~. It requires considerable cunning to implement this in a fashion that is not easy to ]~~. For example, ~~naïve~~ ~~implementations~~ ~~might~~ ~~simply~~ define a ] to check for the dongle, returning "true" or "false" accordingly, ~~reducing~~ the ~~protection~~ to a ~~single~~ ] ~~value~~ at ~~one~~ ~~point~~ in ~~the~~ ~~program~~.

			USB dongles are also a big part of ]'s audio production and editing systems, such as ], WaveLab, Hypersonic, ], and others. The dongle used by Steinberg's products is also known as a Steinberg Key. The Steinberg Key can be purchased separately from its counterpart applications and generally comes bundled with the "Syncrosoft License Control Center" application, which is cross-platform compatible with both Mac OS X and Windows.
	Modern dongles include built-in strong ] and use fabrication techniques designed to thwart ]. Typical dongles also now contain ] — key parts of the software may actually be stored on the dongle.

			Some software developers use traditional USB flash drives as software license dongles that contain hardware serial numbers in conjunction with the stored device ID strings, which are generally not easily changed by an end-user. A developer can also use the dongle to store user settings or even a complete "portable" version of the application. Not all flash drives are suitable for this use, as not all manufacturers install unique serial numbers into their devices.
	===User problems===

			Although such medium security may deter a casual hacker, the lack of a processor core in the dongle to authenticate data, perform encryption/decryption, and execute inaccessible binary code makes such a passive dongle inappropriate for all but the lowest-priced software. A simpler and even less secure option is to use unpartitioned or unallocated storage in the dongle to store license data. Common USB flash drives are relatively inexpensive compared to dedicated security dongle devices, but reading and storing data in a flash drive are easy to intercept, alter, and bypass.
	Dongles tie up a port on the host machine. This has been ameliorated to some extent by the adoption of USB, but is still a serious drawback. To get around this, most practical dongles include a replacement port, so as to become an inline device.

			===Issues===
	In fields where dongle-protected software is common, users often need more than one such application installed on a given computer. Manufacturers claim that multiple dongles can be successfully stacked or daisy-chained, but operational problems with stacked dongles are common. The number of dongles can also become physically problematic.
		⚫	There are potential weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. For example, a simple implementation might define a ] to check for the dongle's presence, returning "true" or "false" accordingly, but the dongle requirement can be easily circumvented by modifying the software to always answer "true".

			Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart ]. Typical dongles also now contain ] — essential parts of the software may actually be stored and executed on the dongle. Thus dongles have become ]s that execute program instructions that may be input to the cryptoprocessor only in encrypted form. The original secure cryptoprocessor was designed for copy protection of personal computer software (see US Patent 4,168,396, Sept 18, 1979)<ref></ref> to provide more security than dongles could then provide. See also ].
	There is the obvious problem of losing the dongle, rendering the protected software useless until a replacement can be obtained. This is particularly likely if one needs to swap dongles for different applications.

			Hardware cloning, where the dongle is emulated by a device driver, is also a threat to traditional dongles. To thwart this, some dongle vendors adopted ], which is widely used in extremely rigid security requirement environments such as military and banking, in their dongle products.
	==Origin of the word "dongle"==

			A more innovative modern dongle is designed with a ] process which transfers encrypted parts of the software vendor's program code or license enforcement into a secure hardware environment (such as in a smart card OS, mentioned above). An ] can port thousands of lines of important ] code into the dongle.{{citation needed\|date=December 2012}}
	The word "dongle," as a word for something unnamed (akin to "doodad" or "whatchamacallit") has been used since the 1970s. Its origin is unknown. The ], 4th edition, says it is "probably arbitrary coinage." Assertions that it was derived from the name "Don Gall" are an ] popularized by a 1992 advertisement for Rainbow Technologies, a dongle vendor.

			In addition, dongles have been criticized because as they are ], they are easily lost and prone to damage, potentially increasing operational costs such as device cost and delivery cost.

			==Game consoles==
			Some unlicensed titles for ]s (such as '']'' or '']'') used dongles to connect to officially licensed ]s, in order to circumvent the authentication chip embedded in the console.{{citation needed\|date=March 2012}}

			Some ] devices, such as the ] and ] use a dongle. Typically it attaches to the memory card slot of the system, with the disc based software refusing to work if the dongle is not detected. The dongle is also used for holding settings and storage of new codes, added either by the user or through official updates, because the disc, being read only, cannot store them. Some dongles will also double as normal memory cards.{{citation needed\|date=March 2012}}

	==See also==		==See also==
			* ]
			* ]
			* ]
			* ]
			* ]
			* ]
			* ]

			==References==
			{{Reflist}}

			==External links==
		⚫	*

			{{Software distribution}}
			{{Authority control}}

			{{DEFAULTSORT:Dongle, software protection}}
⚫	*
			]
			]
			]
			]
			]
			]

Latest revision as of 17:21, 5 August 2024

Electronic software copy protection device

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Software protection dongle" – news · newspapers · books · scholar · JSTOR (March 2008) (Learn how and when to remove this message)

A software protection dongle (commonly known as a dongle or key) is an electronic copy protection and content protection device. When connected to a computer or other electronics, they unlock software functionality or decode content. The hardware key is programmed with a product key or other cryptographic protection mechanism and functions via an electrical connector to an external bus of the computer or appliance.

In software protection, dongles are two-interface security tokens with transient data flow with a pull communication that reads security data from the dongle. In the absence of these dongles, certain software may run only in a restricted mode, or not at all. In addition to software protection, dongles can enable functions in electronic devices, such as receiving and processing encoded video streams on television sets.

Etymology

The Merriam-Webster dictionary states that the "First known use of dongle" was in 1981 and that the etymology was "perhaps alteration of dangle."

A Rainbow Tech parallel port dongle PCB, front side. Note the numbers rubbed off the chips to make reverse engineering harder

A Rainbow Tech parallel port dongle PCB, back side

Dongles rapidly evolved into active devices that contained a serial transceiver (UART) and even a microprocessor to handle transactions with the host. Later versions adopted the USB interface, which became the preferred choice over the serial or parallel interface.

A 1992 advertisement for Rainbow Technologies claimed the word dongle was derived from the name "Don Gall". Though untrue, this has given rise to an urban myth.

Usage

Daisy chained parallel port copy protection dongles.

Efforts to introduce dongle copy-protection in the mainstream software market have met stiff resistance from users. Such copy-protection is more typically used with very expensive packages and vertical market software such as CAD/CAM software, cellphone flasher/JTAG debugger software, MICROS Systems hospitality and special retail software, digital audio workstation applications, and some translation memory packages.

In cases such as prepress and printing software, the dongle is encoded with a specific, per-user license key, which enables particular features in the target application. This is a form of tightly controlled licensing, which allows the vendor to engage in vendor lock-in and charge more than it would otherwise for the product. An example is the way Kodak licenses Prinergy to customers: When a computer-to-plate output device is sold to a customer, Prinergy's own license cost is provided separately to the customer, and the base price contains little more than the required licenses to output work to the device.

USB dongles are also a big part of Steinberg's audio production and editing systems, such as Cubase, WaveLab, Hypersonic, HALion, and others. The dongle used by Steinberg's products is also known as a Steinberg Key. The Steinberg Key can be purchased separately from its counterpart applications and generally comes bundled with the "Syncrosoft License Control Center" application, which is cross-platform compatible with both Mac OS X and Windows.

Some software developers use traditional USB flash drives as software license dongles that contain hardware serial numbers in conjunction with the stored device ID strings, which are generally not easily changed by an end-user. A developer can also use the dongle to store user settings or even a complete "portable" version of the application. Not all flash drives are suitable for this use, as not all manufacturers install unique serial numbers into their devices.

Although such medium security may deter a casual hacker, the lack of a processor core in the dongle to authenticate data, perform encryption/decryption, and execute inaccessible binary code makes such a passive dongle inappropriate for all but the lowest-priced software. A simpler and even less secure option is to use unpartitioned or unallocated storage in the dongle to store license data. Common USB flash drives are relatively inexpensive compared to dedicated security dongle devices, but reading and storing data in a flash drive are easy to intercept, alter, and bypass.

Issues

There are potential weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. For example, a simple implementation might define a function to check for the dongle's presence, returning "true" or "false" accordingly, but the dongle requirement can be easily circumvented by modifying the software to always answer "true".

Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — essential parts of the software may actually be stored and executed on the dongle. Thus dongles have become secure cryptoprocessors that execute program instructions that may be input to the cryptoprocessor only in encrypted form. The original secure cryptoprocessor was designed for copy protection of personal computer software (see US Patent 4,168,396, Sept 18, 1979) to provide more security than dongles could then provide. See also bus encryption.

Hardware cloning, where the dongle is emulated by a device driver, is also a threat to traditional dongles. To thwart this, some dongle vendors adopted smart card product, which is widely used in extremely rigid security requirement environments such as military and banking, in their dongle products.

A more innovative modern dongle is designed with a code porting process which transfers encrypted parts of the software vendor's program code or license enforcement into a secure hardware environment (such as in a smart card OS, mentioned above). An ISV can port thousands of lines of important computer program code into the dongle.

In addition, dongles have been criticized because as they are hardware, they are easily lost and prone to damage, potentially increasing operational costs such as device cost and delivery cost.

Game consoles

Some unlicensed titles for game consoles (such as Super 3D Noah's Ark or Little Red Hood) used dongles to connect to officially licensed ROM cartridges, in order to circumvent the authentication chip embedded in the console.

Some cheat code devices, such as the GameShark and Action Replay use a dongle. Typically it attaches to the memory card slot of the system, with the disc based software refusing to work if the dongle is not detected. The dongle is also used for holding settings and storage of new codes, added either by the user or through official updates, because the disc, being read only, cannot store them. Some dongles will also double as normal memory cards.

References

Amos, S. W.; Amos, Roger S. (2002). Newnes Dictionary of Electronics (4th ed.). Newnes Press. p. 152. ISBN 0750643315. OCLC 144646016. Retrieved 4 July 2013.
Stobbs, Gregory A. (2012). Software Patents (Third ed.). Wolters Kluwer. pp. 2–90. ISBN 9781454811978. OCLC 802867781. Retrieved 4 July 2013.
"Dongle". Merriam-Webster. Retrieved 11 June 2019.
Sentinel advert, Byte Magazine, p. 148
US Patent 4,168,396

External links

Jargon File: dongle

v t e Software distribution
Licenses	Beerware Floating licensing Free and open-source Free Open source Freely redistributable License-free Proprietary Public domain Source-available
Compensation models	Adware Commercial software Retail software Crippleware Crowdfunding Freemium Freeware Pay what you want Careware Donationware Open-core model Postcardware Shareware Nagware Trialware
Delivery methods	Digital distribution File sharing On-premises Pre-installed Product bundling Retail software Sneakernet Software as a service
Deceptive and/or illicit	Unwanted software bundling Malware Infostealer Ransomware Spyware Trojan horse Worm Scareware Shovelware
Software release life cycle	Abandonware End-of-life Long-term support Software maintenance Software maintainer Software publisher Vaporware list
Copy protection	Digital rights management Software protection dongle License manager Product activation Product key Software copyright Software license server Software patent Torrent poisoning

Categories: