FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

implement a hardware license

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

implement a hardware license

‎05-26-2015 06:22 AM
332 Views
arnogir
Senior Contributor II

Hello

I'm working on a  project which use a K60 with MQX 4.2.0.

The board will have an Ethernet connection with an laptop home made software to control the board.

I need to implement a hardware license. I explain my need:

The board must be activated with a key (provided by a seller). The key must contain a time delay information (i.e: Must run until 3 April 2015)

The board will be equipped with the RTC.

But I have to protect myself against all attempts to divert license: Change current date, remove RTC battery to RAZ the date etc..

The board date will be set only by laptop software which will be placed in an "administrator mode"

Have you an example that is close near or far from what I want?

Thank:smileyhappy:

0 Kudos
Reply
2 Replies

‎06-03-2015 06:29 AM
225 Views
bobpaddock
Senior Contributor III

Take a look at http://www.codeproject.com and search for 'License'.  The link below is in .NET, it has one of the better descriptions and the code could be transliterated to C:

Licensing systems in .NET - CodeProject

The security Gurus that hang out at places like Schneier on Security will tell you that what you are after is not possible.

Given enough time and resources anything can be broken.  It becomes the question: Does the asset have the value to make it worth the time?  Does the asset have value after the passage of time?

Take a look at some of the AppNotes and maybe you could use this as the hardware key being sold?:
http://www.ftdichip.com/Support/Documents/DataSheets/Modules/DS_USBKey.pdf

Securing a laptop is rather meaningless if the asset itself has Ethernet port.  Just plug it into a different laptop.

Google 'sans embedded' for example: SANS Institute Embedded Assessment.

Use some type of Zero Prof Knowledge hand shake to allow setting of the RTC.

Understanding Zero-Knowledge Proofs - Schneier on Security

Is the RTC prone to environmental attacks?  Put it in the oven or freezer makes it run slower/faster?

0 Kudos
Reply

‎06-02-2015 02:19 PM
225 Views
Luis_Garabo
NXP TechSupport
NXP TechSupport

Hi Arnaud,

I think that perhaps the HTTP authentication is what you can use to ensure that no one is entering to your HTTP server. You can also use other tricks like changing the port where it is mounted like instead of typical (port 80) you can use the 1030. In addition, you can store the correct expiration date in flash, so, it doesn't matter if the battery is removed you then can know when it expires. You can also store in flash the current time. That way next time the battery is placed again you know the latest time.

The example that we have that includes HTTP authentication is the C:\Freescale\Freescale_MQX_4_2\rtcs\examples\httpsrv

I hope this helps you.


Have a great day,
Garabo

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply