Embedded software copy protection

Dennis wrote:
> Hi,
>
> I'm creating software for a new machine that runs on a Windows XP-embedded
> PC with a I/O card and motor controller card. I need to protect the software
> from reverse engineering and copiing. The protection needs to be very solid.
> What would be a good method to do so? The costprice of the protection is not
> realy an issue, so protection via software and hardware is an option.

Using hardware certainly will help

> A good  protection is perhaps when the PC is opened the harddisk will destroy
> itself?

That's actually very hard to do - see the USA Spy plane that
force-landed in china
as an example.
They are now looking at giant rare earth magents that physically swing
over the
hard drive, and wipe them that way : old-fashioned magentic brute
force.
I did not see mention of how they would shield the magent, so it did
not slowly
wipe the hard drive in the 'retract' position...

Your cost price/risk is rather under the US military budget, so you
might
consider something less out in left field (sic).

> On the other hand is the time to implement it a big constraint.
> There is much to do with only few people so if we could buy protection
> software and/or hardware than I would prefer that.  Any good advise on this?
> Some context:
> The number of products is about 100 per year.
> Costprice per product > 100,000.- Euro.
>
> Thanks in advance,
> Dennis.

You need to define what exactly you are protecting against.
Since you presumably sell a PC+HW+Expertise+Support+Updates,
and you include a reasonable amount of HW, then look at the attack
motivations, and protect against those.
eg Does it matter if they copy the PC SW, if they lack the HW ?

Do you need anti-clone or anti-creep protection on the products
[sell & support a couple, but customer has dozens cloned...]

With  modern Flash uC, FPGA and CPLD there are plenty of places you can
serialise and key your systems, and the best security will be many
small
keys, rather than a single attack point (like a dongle).
Some FPGAs have RAM based encryption streams, that makes
them very hard to attack/clone.

You only really need to go up to the cost of reverse engineering the
product
( ie copy, with probably improvements, the functions )

Always remember that keying should never penalise the legitimate user,
or you will shoot yourself in the foot.

-jg

  You cant make profits from s/w unless you have
friends in Congress like Bill Gates has ....

  Best just get on with hardware and dont worry
 about it .


 Ill be giving a free Forthrite OpSys for ARM9 ........
 It needs no U-Bloat nor Linux nor manuals nor English text
  its the first True GUI ....
  ARM from Atmel has the best Docs ive ever seen , making
 it simple and fast to develope . Atmel has exactly the right
 hardware info to get you started on any EVB .

Have you looked at securewrap?  www.securewrap.net

hhtest <hhtest@optushome.com.au> wrote:
> Have you looked at securewrap?  www.securewrap.net

Hmm... Market Intelligence, Real-time Customer Management and Self-managed
Feature Control. You need all *that* to do copy protection ?

Actually they offer just software protection, but I need the additional
features to assist with marketing.