We understand that the publisher identity is the root of the licensing technology's security and that the client and client server identity file are derived from it. In general - we suppose - that the publisher identity (identity_backoffice.bin) can be used to create new valid licenses.
The C-based license server does not allow using a signed settings file as opposed to the java-based license server which is why we are thinking about ways to secure the license server identity files. However we first want to understand whether we really need to protect the license server identity and have to make efforts to protect this data.
While older license server administration guides (e.g. 2016) state that only the backoffice_identity.bin contains sensitive data and shall be protected, newer versions (e.g. 2022) state that both the client_server_identity.bin and the backoffice_identity.bin should be protected. Did something change or was the documentation extended only?
We would like to understand the impact of theft of the identity files, specifically for the license server identity and the backoffice identity files.
what would a potential attacker be able to do in case the
client_server_identity.bin is stolen
the backoffice_identity.bin is stolen
what would be potential mitigation actions in case the
client_server_identity.bin is stolen
incase of theft - can the client_server identity be "updated" without updating the client and backoffice identity?
the backoffice_identity.bin is stolen
Do we need to protect the license server identity file?
Is there a way to protect it with the C-server just as with the java-based server (e.g. by using a signed settings file). Would Revenera's professional service be able to help here with a solution?
@jberthold - do you havev an answer to what would need to happen if the client / server identity file is compromised? Is there a way to "revoke" it? Is there a way to update it without updating the backoffice and client identity files?
The Back Office identity contains the private key used to license your products. With it, someone with sufficient understanding of how to use it has the ability to generate apparently legitimate licenses using that identity. This identity should be secured and backed up safely. If it is lost, it cannot be recreated and it cannot be reclaimed if a rogue use gains access. If it were compromised, the only recourse would be to create a new set of identities and rebuild/distribute your licenses application with the new identity (highly undesirable).
The Client Server identity contains the private key used to share a served license with clients. If it were compromised, someone would need sufficient understanding of how to use it and would also need a valid back office served license in order to falsely generate licenses for clients. Due to the fact that it also requires a valid back office license it is less of an issue.
Hi @jberthold and thanks again for an answer to a question I've already asked a few times. Working on the security department of our products, we have to understand risks and would require some sort of incident response. That's why those two questions above were asked.
what would a potential attacker be able to do in case the
client_server_identity.bin is stolen
the backoffice_identity.bin is stolen
what would be potential mitigation actions in case the
client_server_identity.bin is stolen
incase of theft - can the client_server identity be "updated" without updating the client and backoffice identity?
the backoffice_identity.bin is stolen
the worst case, and we do not have to dig into this deeper
The interesting question here is can you replace one of the keys (i.e. the client or client server identity without replacing all 3 identities) making them incompatible to previous versions.
