i4SCADA Knowledge Base

i4SCADA Licensing tutorials

Abstract

Learn more about the i4SCADA Licensing options provided to you by WEBfactory. Chose the license preferred by the community you're contributing to or depending on.

Currently, WEBfactory ability to protect and license the i4SCADA software is facilitated by the use of flexible protection and licensing tools, together with a protection key.

This key may be either Software-based or Hardware-based.

Note

The first step to activate a license for i4SCADA software, is to address the WEBfactory Sales team, at sales@webfactory-i4.de.

Based on your request and needs, a Protection Key will be provided to you, along with further instructions.

Warning

Please note that since version 3.8.12 of i4SCADA, when your SLA expires, installation of the i4SCADA products will be possible only for the last purchased license version, or higher.

Clone detection criteria for i4SCADA Software licenses

One of the methods used to identify illegitimate use of licensed software is machine cloning. Machine cloning involves copying the entire imagine of a machine (including software and legitimate licenses) and duplicating it to other machines. If there is no way to detect that the new image is running on a different hardware, than that on which it was originally installed, multiple instances of the software are available, even though only a single license was purchased.

As part of the License Activation process, the i4SCADA License Manager, creates a "fingerprint" of the computer, on which the protected i4SCADA software was installed. This "fingerprint" contains hash values of a number of characteristics of the computer. It is stored within the secure storage on the computer, and returned to WEBfactory in the C2V file.

Each time the end user starts the protected i4SCADA software, a new fingerprint of the computer is created (system fingerprint) and compared to the reference fingerprint. If the system and reference fingerprints correspond,  the protected software can be operated.

If cloning is detected, the license is disabled, and the user will not be able to operate the software.

The criteria used to protect the i4SCADA software licenses, depends on whether its installed on a physical machine or on a virtual machine.

Clone detection criteria for virtual machine installations

Clone detection for software installed on a virtual machine, must employ a different technique than the one used for physical machines. The upcoming sections describe the clone protection schemes that can be used, depending on the installed and licensed i4SCADA software version.

Warning

When upgrading to i4SCADA version 3.8.12, or higher, your license will also require an update, to use VMType1 / PMType1 clone protection schemes.

VMType1 clone protection scheme

The i4SCADA software, licensed for version 3.8.12 and higher, uses the VMType1 clone protection scheme. The VMType1 clone protection scheme allows rollback snapshots, while relying on three different parameters, for verifying fingerprints on a virtual machine: the virtual MAC address, CPU characteristics, and UUID of the virtual image.

Tip

For more details about the VMType1 scheme, please also read the description here.

The below table describes how the protection against cloning is provided, on basis of parameter combinations:

Comparison Results

Characteristics Compared

Virtual MAC Address

Identical

Different

Not relevant

Not relevant

CPU Characteristics

Identical

Not relevant

Different

UUID

Identical

Not relevant

Different

Sentinel LDK Behavior:

The Software is...

launched

disabled

disabled

disabled

VMType2 clone protection scheme

The i4SCADA software, licensed for versions lower than 3.8.12, uses the VMType2 clone protection scheme. The VMType2 clone protection scheme is capable to prevent attacks that are based on virtual machine rollback snapshots.

Tip

For more details about the VMType2 scheme, please also read the description here.

The below table describes the circumstances under which the i4SCADA application is disabled:

Comparison Results

Characteristic Compared

Virtual MAC Address

Identical

Different

Not relevant

Not relevant

Not relevant

CPU Characteristics

Identical

Not relevant

Different

UUID

Identical

Not relevant

Different

Rollback Snapshot Detected

No

Not relevant

Yes

Sentinel LDK Behavior:

The Software is...

launched

disabled

Clone detection criteria for physical machine installation

As indicated , the clone detection for physical machine installations is slightly different.

PMType1 clone protection scheme

The i4SCADA software, licensed for version 3.8.12 and higher, uses the PMType1 clone protection scheme. The PMType1 clone protection scheme uses two components to verify fingerprints: hard drive serial number and motherboard ID.

If either the hard drive serial number or the motherboard ID does not match the characteristics in the fingerprint in the secure storage, Sentinel LDK License Manager still allows the protected software to operate. Sentinel LDK recognizes that situations occur where an end user has a legitimate reason for replacing one of these components in the user’s computer. This policy possibly enables a user to operate protected software on a cloned computer. However, this policy also frees the Vendor from dealing with numerous support calls from users who have replaced a component in their computer. Such calls would otherwise generate costly support cases for the Vendor’s customer support organization.

If both the hard drive serial number and the motherboard ID do not match the characteristics in the fingerprint of the license, Sentinel LDK regards computer as a clone and prevents the protected software from operating. (See the table that follows.)

Comparison Results

Characteristics Compared

Hard drive serial number

Identical

Different

Identical

Different

Motherboard ID

Identical

Identical

Different

Different

Sentinel LDK Behavior:

The sofware is...

launched

launched

launched

disabled

Tip

For more details about the PMType1 scheme, please also read the article here.

PMType2 clone protection scheme

The i4SCADA software, licensed for versions lower than 3.8.12, uses the PMType2 clone protection scheme.

The PMType2 scheme uses various components such as CPU, Ethernet card, optical drive, PCI card slot peripherals (for example: display, storage, network, multimedia) along with the hard drive serial number and motherboard ID to verify fingerprints on a physical machine. Each component that makes up the reference fingerprint is assigned a weighted value. The following computations are consequently performed:

  • A = total for the weighted values of all components in the reference fingerprint.

  • B = total for the weighted values of all components in the system fingerprint that match components in the reference fingerprint.

  • matching percentage = (B/A) * 100

A required percentage is computed, based on the level of agreement that is found between the hard drive serial number and motherboard ID, in the reference fingerprint and in the system fingerprint. If the matching percentage reaches the required percentage, the protected application is allowed to execute.

Tip

For more details about the PMType2 scheme, please also read the article here.