The DK2 DESkey combines state-of-the-art encryption algorithms with secure microcomputer technology and in-house designed ASICs to secure your software. Features such as Down Counter and Remote Update capability allow the DK2 to licence your software exactly how you want it, with the ability to time-licence the software or modules and securely update them at the customer site.
DESwrap can be used with the DK2 to provide instant protection with or without access to source code.
The DK2 can also be used in conjunction with DESnet to licence software over a network.
The DK2 is available in a number of formats including a USB dongle, parallel port, ExpressCard, PC Card and the DK2E for embedded applications, which are all totally interchangeable using common drivers.
Within the DK2's ASIC is a very large ‘seedable’ Pseudo-Random Number Generator, capable of producing vast quantities of data. This data may be used by your application in many ways, such as providing unique encryption keys for protecting vital areas of your code.
Code or data from your application may be fed through the DK2 for in-line encryption. This has the advantage of hiding your encryption key within the hardware of the DK2.
As standard, 224 Bytes of memory are available: the 16-byte ‘Public’ sector and 208-byte ‘Private’ sector. The Public sector will allow both read and write operations at any time. The Private sector may be read at any time, but cannot be written without the unique 6-byte password. This feature enables licensing and configuration information to be written to the Private sector. Although the user has no way of writing to Private Memory, it is possible for you to change the contents at your customer’s remote site, securely, and without divulging your password. See Remote Commands below. Larger memory configurations are available on request.
All customers will have at least one unique 6-byte password to enable writing to Private Memory or setting the Down Counter. Attempts at random guessing this password will cause the DESkey to shut down until reset at the factory.
This feature works in conjunction with an algorithm run on the host system, which encrypts and sends data to the DK2 where an embedded complementary algorithm decrypts it. Similarly, data returned is encrypted in the DK2 and sent to the host which decrypts it. The command sent and data returned has a different form each time it is used, even if the same command is used repeatedly, thereby preventing functional emulation by a device driver or any other means.
Programmable with any value between 1 and 16 million, this password-protected feature provides the means to stop your software working after a pre-programmed number of executions. This is an ideal method for controlling demonstration software or metering by the run or by process. As with Private Memory updates, this counter may be reset on site using a Remote Command.
Using certain Hidden Commands, the Private Memory or the Down Counter may be securely updated in the field. The DK2 contains a special Update Counter, of which the current value must be known and supplied as part of the encrypted Remote Command. Using this, it is possible to create an encrypted sequence that can be given to an end-user to update their DK2. This Command is totally secure because it is encrypted using data unique to the end-user’s specific DESkey and the state of its Update Counter. Since the Remote Command increments the Update Counter, it can only ever be used once. To update the DK2 again, a new Command sequence must be generated.
The DK2 uses the powerful Anti-Emulation Algorithm to provide additional ‘Hidden Commands’. Called as often as required, the command sent and returned data will never appear to be the same.
For the latest drivers and support, please go to the DESkey Support and FAQs section.
Assessment by BIS (the Bureau of Industry and Security) in the USA has classified the DK2, DK2USB and DK2E with an ECCN (Export Control Classification Number) of 5A992/AT1. For more information please see our Export Classification page.