Is this the solution we're looking for?

Wire fence Software DRM (digital rights management) solutions have been available for well over two decades and have always about preventing, inhibiting, restricting and controlling.

Laila Arad-Allan, Director of product management, software DRM at Aladdin Knowledge Systems takes a look at how DRM might be used in future to ensure the integrity of software.

In the early years, DRM solutions focused on preventing the illegal use of software and reducing software piracy. In subsequent years, licensing was introduced, still as a means to control the number of distributed copies and prevent loss of revenue.

More recently, when the economic climate became more challenging and the internet introduced and enabled new sales and distribution methods, software became much more accessible and tough competition dictated the desire to be first to market.

Software publishers began demanding solutions to enable greater and wider access to their software, while still preventing piracy and securing their revenue.

From inhibitor to enabler

Acknowledging the need to improve accessibility and to meet a broader range of demands from software publishers, software protection and licensing solutions have clearly shifted focus from that of inhibitors to that of enablers and are the only security products that enable business growth in addition to preventing loss.

New licensing functionality enables software publishers to offer flexible and attractive software packages and pricing models that subsequently facilitate broader market reach and deeper account penetration. Commercial software protection and licensing systems are divided into two major categories: hardware-based solutions and software-based solutions.

Hardware-based solutions

Known as dongles or SLATS (software licensing authentication tokens), these external USB devices contain some form of intelligence and connect to any USB port on the PC in order to enable access to a protected software application.

The software application and its licenses are locked to the USB device. Hardware-based solutions offer the highest level of protection, since security and licenses are managed by the hardware device itself.

The hardware is virtually impenetrable and is only accessible by the software publisher. In addition, hardware-based solutions offer portability - since the protected application can be used on any machine to which the key is connected. For simplicity, this article refers to a hardware-based solution as hardware key.

Software-based solutions

Software-based solutions vary in their technology and offer anything from serial number protection to product activation. Software licenses are locked to an end-user's PC, where security, if it exists, is also implemented.

Product activation offers the highest level of protection amongst the software-based protection solutions. However, generally, software-based solutions are weaker than hardware-based solutions.

Security and licenses are managed in software on the end-user's PC - over which the software publisher has no control. The main advantages of software-based solutions are quick delivery (e.g. via the internet) and fast deployment of protected software since all components are digital. For simplicity, this article refers to a software-based solution as software key.

Both hardware and software-based solutions have clear advantages and disadvantages. The decision to choose one or the other goes beyond protection needs. Business considerations are much stronger influencers.

In most cases, the constraint of having to select a single solution - either hardware key or software key - presents an obstacle, ultimately creating business barriers for software publishers.

Traditional solutions only allow pre-packaging the software to include commercial terms and a fixed level of built-in protection. They do not offer options for modifying these specifications without re-engineering the software itself.

At times, publishers will decide to use both types of solutions - the hurdle then becomes even higher, since the solutions are offered by different suppliers.

From enabler to business expander

The evolution from an inhibiting to an enabling software protection and licensing solution is insufficient in today's business environment. When protecting and licensing their software, software publishers must consider a broad variety of factors in order to grow their business.

Such considerations include the type of software being sold, its price, target markets, potential end users, competitive advantage, piracy rates in the various sales regions, minimising costs and so on.

A software protection and licensing solution that does not offer business flexibility cannot address these issues. Therefore, the transition from inhibiting to enabling must extend to provide applications with business-expansion type protection, and to offer a comprehensive solution that manages a publisher's software rights and facilitates new business opportunities.

An innovative approach

Clearly, traditional software DRM solutions - as enabling as they may be - are insufficient for today's software publishing business requirements. The need increases for solutions that provide a flexible, customisable and scalable infrastructure for secure software commerce and rights management.

Because the choice to use a hardware-based or software-based solution is entirely a business decision, new approaches must be developed that will empower business decision makers to choose their preferred solution, or a combination of both.

The following sections discuss the various challenges software publishers face in protecting, licensing and selling their software. They also discuss how to maximise the benefits of an innovative solution that combines hardware- and software-based DRM capabilities, while keeping the processes associated with a product's life-cycle fully separate and independent.

Time to market

Getting products to market on time increases profits in the long term. Software publishers will benefit by selecting a DRM solution that does not impose non-core competence tasks, such as integrating protection strategies, translating sales and business rules into software behaviour and hard coding them in the application, on their engineering teams.

A quick time-to-market DRM solution is one that provides engineers with all the tools required to implement protection strategies quickly and effectively, while completely releasing them from having to implement business logic.

This means that engineers can remain oblivious to factors such as the license models to apply or the type of key (hardware or software) to deliver with the software to the market. A DRM solution that facilitates decisions and implementation of these factors by business decision makers ensures engineering productivity and enables faster time to market.

Creating and addressing business opportunities

If development and business processes are completely separate, when engineering release dates arrive, product and marketing managers can step in to independently apply commercial logic. Various license models can be paired on the fly with a hardware or software key to create market-driven software packages.

The type of key, that dictates the level of anti-piracy and protection for license terms, can be determined according to a number of different criteria.

The hardware key option can be selected for protecting software distributed in high risk territories, to protect expensive software or when portability of licenses is mandatory. The software key option can be selected for inexpensive versions of the software or when software is sold over the internet.

Licenses can be determined according to market segments (e.g. professionals vs. students); pricing schemes that yield competitive advantage; sales models that ensure recurring revenue streams; and policies that enable publishers to sell according to their customers' buying preferences.

A flexible DRM solution should therefore enable business decision makers to select which protection key to use and which licensing model to implement.

Broader market reach

Super distribution and trialware are not new concepts but are traditionally available only with software-based protection and licensing solutions. A hardware key is not an option, since it forms an obstacle in both cases. It is costly for trialware versions that are shipped in substantial volumes, and by definition it prevents super distribution.

A DRM solution that combines hardware-based and software-based capabilities in its core technology can offer powerful marketing tools such as trialware and super distribution, regardless of the key that eventually allows access to the fully functional version.

An all-in-one solution can offer both strong marketing tools and give software publishers the freedom to choose the ultimate key (hardware or software), according to practical commercial considerations.

One plus one must equal one

A combined DRM solution that merely glues together hardware and software-based protection and licensing solutions results in a cumbersome and complex system. Using new approaches and advanced technology, the system must be designed at its core to support both hardware and software-based solutions and to enable transparent transition from one to the other.

Security and licensing must be constructed in a manner that enables implementation without regard to the type of key that is ultimately used. Furthermore, role-based tools that can be used independently must be available to facilitate processes performed by various players in an organisation (e.g. engineering, marketing, and fulfillment).

July 2007