Dongle or other hardware based security measure

[digii3]

Hi, I have a project where I would like to have some kind of hardware based security measure. It is a kind of annual subscription model (but internal use only) where a software needs to be renewed annually for continual use. The requirement is that no wireless or over the network form for the act of creating the file activation data is permitted. My idea is to use either a C64u or an Amiga (mainly because they are available for me to use and is NOT Windows) for the encryption software for the file activation data, but want some kind of hardware dongle with physical 3 to 12 switches to provide an additional layer of encryption. On the workstation side, once the the created activation file is installed, the software's internal initiation file would have a field with the 3 to 12 values that will need to match the physical switches plus the encoded software decryption before the main software will run. The main software is compatible with Windows 7 and later and is compatible with Wine under Linux.

Another question, on the software encryption side, if I use PETSCII to generate the encryption, is that any different than the current legacy encrypted ASCII data? (Legacy encryption currently have the user enter a simple ASCII data for encryption to generate the activation file once every year with just the new activation number of days).

 

[Aeberbach]

Surely a physical token should be as simple as possible? Like an iButton? (These can be connected to any USB port using a holder, or a reader can be installed in any panel, there are keyfob solutions if people need to carry them around etc.) I would think it is easier to provide a revised version of the software annually than to create a whole other software project based on a computer so long out of production, and so incredibly slow by modern cryptographic standards.

 

[digii3]

Surely a physical token should be as simple as possible? Like an iButton? (These can be connected to any USB port using a holder, or a reader can be installed in any panel, there are keyfob solutions if people need to carry them around etc.) I would think it is easier to provide a revised version of the software annually than to create a whole other software project based on a computer so long out of production, and so incredibly slow by modern cryptographic standards.

A physical box with toggle switches or similar was requested because the owner wants to prevent former employees from copying and taking the encryption software with them and at the same time, not change the simple annual update where the encrypted file is just in the directory of the software in the legacy system. The idea is to have a physical box with toggle switch so at worst, the software will only be usable by former employees or outside people until year end. There is no critical data to be stolen, just want to prevent long term use of the proprietary software. So long as the physical switch is not stolen, it would ideally be secure. In addition, the use of physical switch will also make it somewhat more difficult to guess how the encryption is being created. So idea is a physical box with switches or something else connected to a computer with the encryption software. Press a button on the computer and the encrypted files is generated to be moved to the workstations. The workstation just need to enter the same code as the physical switch settings one time and it is good for the year or number of days running, whichever comes first. It would be even better if the physical switch have a simple button on it and can just create a preset number of days of authorization file and move it to a SD or USB drive, much simpler and not on any network. The physical switch is critical to the owner.