Products

The management of Software Licensing is the bedrock on which many diverse software companies has been built, however the status quo of revenue for products supplied and supported is under threat as never before.

Software has been copied and passed on to friends and family for many years, however the advent of high-speed internet and file sharing technology has now created a black market in free or low cost copies of major software of such magnitude that the originators find their business under threat.

Metaforic has developed a suite of products to protect IP and to permit access only to authorised users.

A search of torrent websites, street markets in the Far East or online auction sites clearly demonstrators that present technology is not achieving the level of sophistication and strength of resistance to hackers required.

Those removing licence certificates, spoofing licence keys and posting online have the upper-hand, so much so that the response from many in the industry is now not to attempt to prevent copying or unauthorised sale but to attempt to track down users of pirated software and to then serve them with legal proceedings- expensive, time consuming and open to mistaken identity.

At Metaforic we believe it is far better to prevent the piracy through making the process of making a protection system both expensive (in time) and tedious enough such that the hacker will seek easier prey.

MetaFortress

Metaforic’s first product is an entirely revolutionary, automated anti-tamper and integrity checking system, which prevents analysis, de-bug and alteration of application code. An intertwining of many lines of discrete integrity checks (from many thousands of options) resulting in a protection system that detects analysis, attempted changes to it’s own code and the application code- the starting point for any attack.

Applied automatically and with minimal developer interaction as application code is compiled, the tools ensure that all code is immediately protected before it leaves the developers’ desktop.

MetaFortress is the secure foundation that protects and further enhances the performance of all Metaforic technology. 

MetaSure

MetaSure is an umbrella term for a suite of tools that deliver unparalleled flexibility and security in IP and License Management across a range of markets, from PCs and server applications to games consoles, set-tops and cell phones.

MetaStore

Core to any secure system based on a known secret (or key) is the need to store that information such that it can be accessed, verified and the service thus authorised. This is true of License Managers for PCs, Conditional Access and Cell Phone Activation systems. This principle has been used and abused through out the histories of the IT, Gaming and PayTV markets.

MetaSure SecureStore is a new proprietary method of storing such a known secret in a manner that is difficult to analyse and identify, thus making the hackers’ first task of analysis time consuming and perhaps impossible. In simple terms, elements of the known secret are effectively scattered throughout the application to be protected.

SecureStore stores and retrieves sensitive data (CAS keys for example) in a tamper-resistant manner. During operation of the application, data is ‘interweaved’ and stored.  Stored data contains the application-state and secure timer state. Any attempt to change the save-data or the timer invalidates both in a detectable manner. In order that the application be accessible, or the content to which that application has access, the key has to be re-constituted and verified.

The risk to most licence systems today its that a skilled hacker can analyse this key verification process, accessing the key itself and the mechanisms used to verify it thus giving him information he can use to gain access (spoof) at a later date or that he can sell, distribute online to others. The combination of the SecureStore techniques and MetaFortress’ anti-analysis feature prevents this.

MetaTime

Part of the “usual” licensing mechanism used in many business models is an online verification process that links the users’ device to a central point; a verification server for example. One of the licence verification techniques used is to check time elapsing on a licence and to cross-reference this with the device. In doing so many of the old tricks such as “re-winding” a system clock to gain access outside a trial period or similar are defeated.

This process works well as part of the system across all permanently connected devices and will continue to do so. However in these days of dispersed computing across many devices this “always connected” scenario is very rare.

MetaTime  augments an application’s logic with a tamper-resistant clock. Using this Secured Clock along with MetaStore, a strong time-limit and verification process can be maintained on or off-line.

If the user attempts to access the content outside the authorised time then MetaTime will prevent the application from running. If a hacker attempts to identify and change the MetaTime code MetaFortress will prevent his analysis and alteration attempts as with MetaStore.

MetaTime supplements any online verification process maintaining a check on the authorised use even when off-line.

MetaTime solves a near impossible problem – it provides secure storage and secure clock measurement on PCs – previously it was thought this was insolvable as the system clock was too easy to spoof. Securing the clock on any system provides a reliable point of reference on which to begin to build a protected system

MetaID

MetaID generates a unique system fingerprint of the computer used. This fingerprint data is based on a variety of system resources which, when taken in totality, uniquely identifies the subscribers’ computer or device.  The MetaID API provides the ability to generate an ID string, compare ID strings, and manage which resources are queried to create the ID string. Unlike any previous attempt to provide this capability MetaID can recognise, manage, Authorise or disable applications from running on Virtual Machines.

The data may be used with existing systems and/ or stored securely within the application itself thus completing the authorisation process, on or off-line.

MetaCert

MetaCert confirms and verifies licences securely based on an authorisation key injected directly into the application code itself, requiring no SDK or DLL.