User's Manual
25
• Optional encryption of data files associated with the protected programs
• Protection based on Label, Password and Memory
• Periodic control of SmartKey presence
• Selection of the message to be displayed
8.2 Protection of Windows platforms with GSS
Global Security System can protect all executable files created for the following platforms: Windows 9x, Windows ME,
Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista and later programs.
To start the protected Windows programs, the following run-time modules must be present in the same executable
directory: MODW9X.EXE and MODWNT.EXE as well as device GSSDRV10.VXD. These files are automatically
created by the GSS utility into the destination folder during the protection process. With Windows NT, Windows 2000,
Windows XP, Windows 2003 and Windows Vista the driver of the GSS device specific for these operating systems
must also be installed. To correctly install the device's driver, the user must possess the administration rights.
The SmartKey driver and the GSS device can be installed manually with the SDI utility or automatically, by integrating
the SDI library with your installation procedure.
For more specific, updated information on using the product, please consult the file README.TXT to be found in the
developer kit.
8.3 GSS: the common options
The different versions of GSS have a single user interface. This protects the integrity of the object code of the protected
programs. It is particularly useful when, in attempting to alter a part of the code or of the numeric parameters or text
strings, a hacker fraudulently modifies the object code.
Even the smallest of changes, even if only one bit is concerned, is detected by GSS, which displays a warning message
at program start and immediately stops the program. GSS also provides the possibility of entering a text that is shown if
the dongle is absent, or if the program file is corrupted.
8.3.1 Control of dongle presence
SmartKey users can often send commands for maintaining a list of dongle presences by using the Periodic Check
option. This list guarantees users that the dongle is present during the entire execution of the protected program.
The "Enable a periodic check of the SmartKey presence" option also prevents the users removing the dongle after a
program has been started. In the absence of the dongle, the appliance would continue operating, because no request to
control dongle presence would be sent.
Furthermore, periodic control of dongle presence instead of continuous control helps starting numerous copies of the
same program. This is because, in the absence of continuous control, one can first start the protected program and then
remove the dongle for a given time, in order to start copies of the same program.
8.3.2 Programming Error Messages
SmartKey enables users to personalize the error messages that are displayed in special conditions. By using this
function, one can define the error messages to one's liking. These are the conditions for which one can program error
messages:
•
SmartKey dongle not present
•
Program code changed
The list of programmable messages depends on both the SmartKey model and the Configuration character of the
Protection. The GSS utility also suggests some default messages for each of the error situations listed above.
8.3.3 Encryption of executable code
The GSS by default fully encrypts the original file, so that the new executable file is wholly encrypted. This defends the
program against hacker attacks, because it is virtually impossible to disassemble the original program by using the
executable file generated by GSS.
Any protection strategy without encryption techniques offers a rather low level of protection. Cryptography is reversible
only if the SmartKey used for cryptography is connected to the computer. If the SmartKey is missing, the cryptography
is irreversible.