The availability of the real time timer in Guardant Time/Net models gives the capability of controlling activation and deactivation of hardware algorithms in these dongles, as well as periodic change to the algorithm’s determinant depending on time.
These capabilities are used for controlling the terms of licenses on protected application, as well as for automatic readjustment of protection mechanisms in time.
Timer deactivation
The following necessities may occur while solving the tasks for limiting the license terms:
- Finish the license operation at a set time (license expiration time)
- Finish the license operation in a certain timeframe starting from the first use (license period)
Limiting the operating time of one or several hardware algorithms used in the protection system is an effective method of limiting the license term. The algorithm needs to correctly convert the data during the license term, and upon termination of license the algorithm locks (assumes inactive state) and stops processing the data. Thus, the execution of protected application is also halted.
The value of field rs_DeadTime and nsafh_DeadTime flag in rs_HiFlags flag fields must be set in order to limit the license term by concrete time in the hardware algorithm descriptor. When rs_DeadTime comes the algorithm will be deactivated. Originally the algorithm should be in active state.
In order to limit the license term set by the period in the hardware algorithm descriptor you need to set the values of rs_LifeTime field and nsafh_LifeTime flag in rs_HiFlags flag field. When rs_LifeTime lapses the algorithm will be deactivated. A condition of using this limitation is the lack of nsafh_DeadTime and nsafh_BirthTime flags in rs_HiFlags flag field, i.e. the algorithm activation and deactivation will be restricted by other methods.
Activation at a preset time
In order to activate the algorithm at a preset time the value of field rs_BirthTime and flag nsafh_BirthTime in rs_HiFlags flag field needs to be set in its descriptor. When rs_BirthTime time comes the algorithm will be automatically activated. Whereas, the algorithm originally needs to be in inactive state.
From that moment the hardware algorithm will be able to convert data and, consequently, be used in the protection mechanism. The scheme of such mechanism may look like the “relay exchange” from the automatically deactivated algorithm to the activated algorithm. These algorithms may process the data differently, and therefore changing the protection algorithm, which increases the protection tamperproofness.
Besides, the automatic activation allows, if necessary, creating the moment for starting the license.
Automatic change of the algorithm determinant
Another way for dynamically changing the protection mechanisms is the ability to modify the algorithm determinant by timer. Whereas the algorithm always stays active and the “relay exchange”, just as in the case above, does not happen.
In order to use this feature of the algorithm you need to set the periodicity of changing the determinant rs_DaysGap and the time rs_ChangeFlipTime Start starting from which the periodic change will occur.
You can combine the automatic change of the determinant from the life-time limitation mode using the following flags: nsafh_DeadTime, nsafh_BirthTime and nsafh_LifeTime.
This service is only available for symmetric encryption algorithms (AES128 and GSII64).