2011 Concours Lepine Innovation - EL Genii Awarded Big

Paris, France - May 9, 2011 –EL Genii, the smallest software protection dongle that, with Code-Port technology, was awarded the 3rd prize at a glittering ceremony under the patronage of Mr. Nicolas Sarkozy, President of the France Republic.For preparation of this great expo, Senselock assigned two important figures to join; the R&D Manager and International Business Manager. The former made a great impression of Juries with an easy demo to give a full image that how EL Genii could achieve extremely high-secured mission of software protection and fit in such a tiny space, 2.8g in weight and coin-sized.

The award was not only a pre-expected result for Senselock, but also the payoff of hard work and long term research and development by Product and R&D Departments.

Since the first launch in 2010, EL  Genii have reached a great achievement on protecting software on blade servers and laptops. Its sales figure was built by customer satisfaction domestically and overseas. Senselock is looking forward to winning more market share for its superb slimness to offer the most cost-effective software protection solution for software venders.

How does it work?

Code Port Technology

It is essential to introduce the Code Port technology by the following diagram:

Code Port is an evolutionary technique of transferring key codes of protected software to a dongle under secure communication. When a corresponding dongle is plugged, the protected application will call specific API functions to run key codes and data stored in the dongle and return legal results, so as to complete the full operation of the protected application. As those code and data stored in the dongle do not have copies at the PC end, malicious crackers are unable to get algorithms or data by physical interception. In a word, Elite EL provides a reliable solution to shield software developers from financial loss caused by pirating activities.

Availibility

EL Genii has two versions of memory size 32K/64K. You could ask for quotation from our representatives or headquarters directly. www.senselock.com About the Concours Lépine The Concours Lépine, established in 1901, is now recognized worldwide as a leading force in the development of new technologies. The Concours Lépine allows inventors to promote their inventions and to establish links between inventors and official bodies.

The Relevance between EAL and Software Protection Dongle

EAL stands for evaluation assurance level and is a certificate of security for IT products measured against a set of common criteria portal.
 

How does a product get EAL certified?

It is assessed against a set of common criteria by an approved agency. The developer of the system produces a security target (ST) document containing a list of features to be assessed. The ST is based on the criteria here. The process is long and expensive, according to wikipedia vendors were spending $1 - $2.5million to gain EAL4 certification in the 1990s.
 

What is required to meet the various levels?

The EAL process is broken down to cover the following aspects of a system: Development, documentation, life-cycle support, security target evaluation, testing, vulnerability assessment.

Each EAL level goes into slightly more detail, for example the "development" area at EAL1 requires a basic functional specification to be provided by the developer. EAL2 requires that same functional specification but expanded to include details of security enforcement. It also requires a security architecture description and a basic design.

An EAL4 certificate does indicate that the product was developed following good practices and has a well defined and documented architecture. These are clearly good things in terms of stability and security.
 

How about EAL 5+ chip used in software dongle?

The security of the smart card chip is actually guaranteed by the semiconductor manufacturers. Generally speaking, chips produced by manufacturers with greater strength are more reliable. Regardless of the varieties of chips, the most possible attacks these chips will encounter mainly include the following:

1. Electronic attack (for instance, SPA and DPA);
2. Probe attack (for example, SiShell);
3. Dissection of chip;
4. Debug port.

The principle of the electronic attack technology (SPA and DPA) is: when a chip executes different operations, the corresponding energy consumption also varies accordingly. Special measuring apparatus and math statistics technology are used to examine and analyze these changes to obtain the specific key information from the chip.

Method of probe attack: make direct data access to and from memory or data bus through the connection of microprobe with the key parts inside the chip.

Dissection of chip: obtain the chip’s circuit logic and connection status through the use of scanning electron microscope and exert reverse engineering to the chip.

Debug port: directly read out the key information by activating the debug port of manufacturers.

To protect the indongle data from the above mentioned cracking methods, the wise option is to choose high ranking dongle device in EAL. So far, only Senselock produces the software protection dongle based on EAL 5+ chip which is NXP (Former is Philips) 16-bit smart card.
 

Is it worth buying EAL5+ products?

For companies that only has low priced software products, I would say the best solution is to use common single chip dongle or regular enveloper protection instead of spending too much on high-level dongle protection.

If your software is quite profitable to crackers, and once being pirated, the loss could be unbearable, then you do not have further option but choose the higher secured dongle in EAL.

After all the copyrights and source codes are the most valuable assets to the software company, not bunch of desktops and laptops.