Locking & Encryption

Machine Locking

In stand-alone configuration Sheriff uses a licence file that is locked to the workstation; in network configuation Sheriff uses a licence database that is locked to the server. Machine locking prevents a licence file or database from being illegally duplicated to other machines. Network users can share the protected application provided that the concurrency limit is not exceeded.

Licence Key

The Sheriff Licence Key is dynamically encrypted, which means that the Licence Key changes every time it is generated even with the same Reference Code and licence policies. This is to prevent the Licence Key from being dissected. The Licence Key as well as the Reference Code are self-checked; any bit change to them causes them to become invalid.

Licence Database

The Sheriff licence database is encrypted and cannot be modified.

Communication Channels

The communication channel between an application and Sheriff is encrypted to prevent parameters being monitored or altered en-route. In addition, Sheriff employs a challenge/response protocol in calls between the client and the server. It provides a very reliable way for Sheriff and an application to verify that the other is a legitimate party.

Other Measures


Comprehensive anti-tampering facilities are built into Sheriff, including:

  • System clock verification (E.g. cannot be wound back to gain extra days).
  • Licence database cannot be backed up and restored to gain extra units.
  • Hardware parameters cannot be emulated to duplicate licence for unauthorised machines.

Secret Codes

The Sheriff Licence Key Generator cannot be used to generate unauthorised Licence Keys, since for each product a unique set of Secret Codes is required.