Log in

Home > Solution >Software Protection > Using RSA Signature Verification

Using RSA Signature Verification


RSA signature verificationcan effectively prevent dongle from being cloned. Cloned dongle could not actas a substitute to the genuine one without modifying the software. This avoidsend-user from taking the piracy copy for the genuine one.

RSA algorithm belong toasymmetric cryptographic algorithm, encryption and decryption are relativelyindependent, using respective keys called public key and private key. Any onecan use Public key while private key can only be used by the owner and can notbe calculated according to public key. The encrypted data with public key canonly be decrypted by private key in the computer process, otherwise it is thesame. With this feature, you can realize the authentication. This theory liesin that the certified part (user) should encrypt the specified data with theprivate key and sent the result to the certifying part (service) who woulddecrypt the data with the public key,If the certifying party gets the original data, itproves that the certified party owns the right private key corresponding withthe public one, which means you have confirmed the legitimacy of the certifiedparty. Note that public and private keys are both produced by the certifiedparty.

However, authentication ofElite can be realized as described following. Application software sends arandom RSA signature data to dongle. In software, result from signature indongle will be tested with the public key, which is corresponding to theprivate key. Due to high safety of Elite hardware and design of non-exportedprivate key despite of PIN owned by the developer, crackers have no accesses tothe private key. Thus, crackers could not take signature on the random data.That is why the cloned dongle can not be the substitute to the genuine one.There are no ways to decrypt by simulating data in theory under suchauthentication and the only way is to revise the original software. Thiseffectively avoids cloned dongle. Compared with previous authentications suchas manufacturer number, which is easily simulated, this authentication has highsafety and simply implemented thus it is really a perfect choice.


Suggestion:

Adding Signature Verification of random data intofunctions if you don't have strict requirement on the operation speed, forexample, starting software or reading key data, it can realize authenticationas well as prevent data from being revised or faked.

Besides, crackers may revisesoftware to decrypt through fixing system time to fix random data so thatrandom data mechanism fails. However, random data can be produced by buildingown random data to produce calculation or using random data from inside ofElite.



Related Products



EL Genii

     EL STD