Sentinel Keys

>What is a Sentinel Key?

>Prerequisites for Checking In a Sentinel Key

>Sentinel Key Status

>Checking In a Sentinel Key

>Viewing C2V Data

>Sentinel Key Attributes

>Actions for Sentinel Keys

New to Sentinel EMS?
See How to Use Sentinel EMS?

What is a Sentinel Key?

A Sentinel key is a hardware- or software-based license container that may include:

>One or more licenses that provide access to protected applications

>Protected memory that can only be accessed from protected applications

>An encryption engine that can only be used by protected applications

The Sentinel key must be accessible to the machine on which a protected application runs, either by a local connection or a network connection.

Keys are added to the Sentinel Keys page when the vendor activates an entitlement or checks in a C2V file.

Prerequisites for Checking In a Sentinel Key

>A role that includes Activation Management permissions. At minimum, you need the Add permission. For details, see Roles.

>Access to the C2V file that was generated on the end user's machine.

Sentinel Key Status

The Status attribute for a Sentinel key can be one of the following:

Status Description
Enabled When you check in a C2V file, the status of the Sentinel key is set to Enabled.
Disabled Relevant only for Sentinel HL (Driverless configuration) keys. Indicates that tampering was detected. Sentinel LDK Envelope run-time module disabled the key because it determined that the user attempted to tamper with the key or with the protected application. For more details, see Sentinel LDK Software Protection and Licensing Guide.
Blocked Relevant only for Sentinel keys that were migrated from Sentinel LDK-EMS in a disabled state. This may occur the key was disabled using a Sentinel LDK-EMS web service prior to migration. Blocked keys are read-only and cannot receive updates. However, customers can continue using these keys with the existing data.
Cloned Relevant only for Sentinel SL keys. Indicates that Sentinel LDK Run-time detected cloning and disabled the affected licenses. This prevents an end user from logging on to the software for which cloned licenses are detected. The end user must contact your vendor representative and submit a C2V file from the machine on which the cloned license was detected, together with their Product Key, to have the cloned key updated and the product activated. For more details about clone protection, see Sentinel LDK Software Protection and Licensing Guide.
Out-of-Sync

Relevant only for CL keys when using Produce and Push.

Indicates that the push operation failed for the service-hosted cloud licensing key. Displayed only when the most recent change to the CL key does not yet exist on the service-hosted, cloud license manager server even though the CL key was produced (generated or updated) successfully. This may occur if the connection to the service-hosted, cloud license manager server is slow or not available. If you see this indicator, try to restart the synchronization process by clicking the Synchronize button Synchronize button in the Actions column. If synchronization fails, then contact Thales Customer Support for assistance.

Virtual Clock Error

Relevant only for Sentinel HL (Driverless configuration) keys that:

> Do not contain a real-time clock (such as Max keys), and

>Use time-based licenses (such as Expiration Date, Time from First Use, or Time from License Generation).

Indicates that the difference between the system time on the end user's machine and Sentinel EMS is more than 24 hours. This may signify tampering with the time-based licenses.

Checking In a Sentinel Key

You check in a Sentinel key using the Customer-to-Vendor (C2V) file received from your customer—the end user. The checkin process enables you to store the Sentinel security key information from the C2V file. This information can then be used in connection with order updates.

To check in a Sentinel key:

1.From the navigation pane, select Sentinel Keys to view the Sentinel Keys page.

2.Click Check In C2V. The Check In C2V page opens.

Check In C2V dialog box

3.In the Upload C2V box, either browse to select a C2V file or drag and drop a C2V file into the Upload C2V area. You can safely drop the C2V file when you see a large box that instructs you to drop your file in the box. Sentinel EMS validates the C2V file. If the C2V file is valid, the word C2V is embedded in the Upload C2V box and the Key Details area displays data from the C2V. Otherwise, an error message is displayed.

4.Click Check In.

Viewing C2V Data

C2V files are encrypted by default. You can use the Check In C2V page to view the data stored in a C2V file.

To view C2V data:

1.From the navigation pane, select Sentinel Keys to view the Sentinel Keys page.

2.Click Check In C2V. The Check In C2V page opens.

Check In C2V dialog box

3.In the Upload C2V box, either browse to select a C2V file or drag and drop a C2V file into the Upload C2V area. You can safely drop the C2V file when you see a large box that instructs you to drop your file in the box. Sentinel EMS validates the C2V file. If the C2V file is valid, the word C2V is embedded in the Upload C2V box and the Key Details area displays data from the C2V. Otherwise, an error message is displayed.

4.Expand the Key Details area to view the attributes embedded in the C2V file.

Associated Products

Expand a product to view its Associated Features.

Associated Memory

Key Attributes

The following example shows the data available when viewing the content of a C2V file.

sample data for a C2V file

Sentinel Key Attributes

The sections below describe the data that is embedded in a Sentinel key. This data is visible on the Sentinel Keys page. The following image shows an example of Sentinel key data with the Associated Products section expanded.

Associated Products

The following table explains the associated product attributes.

Attribute Description
Product Name The name of product included in the entitlement.
Product Identifier The numeric identifier for the product included in the entitlement.
Physical Machine Clone Protection

The clone protection scheme to be used on a physical machine.

Default value: Platform Default

NOTE    If the product was migrated from Sentinel LDK, displays the clone protection scheme defined in Sentinel LDK-EMS prior to the migration.

Virtual Machine Clone Protection

The clone protection scheme to be used on a virtual machine.

Default value: Platform Default

NOTE    If the product was migrated from Sentinel LDK, displays the clone protection scheme defined in Sentinel LDK-EMS prior to the migration.

Associated Features

The following table explains the associated feature attributes.

Attribute Description
Feature Name The name of feature associated with the product.
Feature ID The unique numeric identifier for the feature associated with the product.
License Properties

Enables you to view the properties for the associated license model.

NOTE FOR CONCURRENCY  If the Network Term attribute was set to No in the associated license model, and the product was activated with support for a Sentinel HL key, then concurrency is implemented with Per Station and Unlimited in the Sentinel key. This implementation ensures that if multiple applications are using the same, locally installed license on a single machine, all of those applications can access the license.

Otherwise, if the Network Term attribute was set to Yes in the associated license model, then the defined concurrency limits are implemented.

Associated Memory

The following table explains the associated memory file attributes:

Attribute Description
File ID The numeric identifier that your application uses to refer to the selected memory file.
File Type The read-write permissions for the memory file. For details, see File Type.

Key Attributes

The following table explains the Sentinel key attributes: The displayed key attributes depend on the type of key.

Attribute Description
Status The status of the Sentinel key. For details, see Sentinel Key Status.
Customer Name Name of the customer defined in the entitlement.
Customer Identifier The customer identifier defined in Sentinel EMS.
Key ID The unique, automatically generated , Sentinel key identifier.
Key Type

The type of key, for example, SL-AdminMode or Sentinel-HL-Max.

For CL keys, Key Type is set to SL-AdminMode and Hosted Service is set to Yes.

Virtual Clock

The date and time when the protected application logged in to the feature.

(Displayed only when available)

See also: Reset Virtual Clock

Hosted Service

Indicates if the Sentinel key is connected to the service-hosted, cloud license manager server, which is hosted by Thales. This requires a subscription to the Sentinel LDK Cloud Licensing (CL) Service.

When set to Yes, the key is known as a CL key.

Possible values: Yes or No

Market Group (Batch Code) Your organization's unique vendor code (or the batch code for Sentinel protection keys with a demo vendor code—DEMOMA).
Creation Date

The date and time that the C2V file was checked in for this Sentinel key or when the product is activated for the first time.

Last Modified Date

The date and time that an updated C2V file was checked in for this Sentinel key, for example, if the license was updated or when the product is activated for the first time.

Actions for Sentinel Keys

The following table lists the actions available for Sentinel keys. Each action is available only for certain conditions, as described below.

Action Description
Download V2CP

Downloads the V2CP file that was generated from the C2V file.

Available for: Sentinel keys whose status is Enabled, excluding CL keys (where Hosted Service is set to Yes).

Enable

Opens a confirmation box that lets you re-enable a Sentinel key that is disabled.

> If the operation succeeds, you can download the V2CP file directly from the success message as well as from the grid.

>If the operation fails, then follow the instructions in the error message.

Available for: Sentinel HL (Driverless configuration) keys whose status is Disabled.

  Clear 'Cloned' Status

Opens a confirmation box that lets you clear the cloned status of a Sentinel key.

>If the operation succeeds, the Sentinel key status to Enabled. You can download the V2CP file directly from the success message as well as from the grid.

>If the operation fails, then follow the instructions in the error message.

Available for: Sentinel keys whose status is Cloned.

  Reset Virtual Clock

Opens a confirmation box that lets you reset the virtual clock time on the Sentinel key to the current UTC time.

>If the reset operation is successful, you can download the V2CP file directly from the success message as well as from the grid.

>If the operation fails, then follow the instructions in the error message.

Available for: Sentinel HL (Driverless configuration) and Sentinel SL keys whose status is Virtual Clock Error.

Synchronize button Synchronize

Connects to the service-hosted, cloud license manager server to synchronize a Sentinel key.

Displayed only when the most recent change to the CL key does not yet exist on the service-hosted, cloud license manager server even though the CL key was produced (generated or updated) successfully. This may occur if the connection to the service-hosted, cloud license manager server is slow or not available. If you see this indicator, try to restart the synchronization process by clicking the Synchronize button Synchronize button in the Actions column. If synchronization fails, then contact Thales Customer Support for assistance.

Available for: CL keys that were generated using Produce and Push.