Over the past three years, the ESD Alliance’s License Management and Anti-Piracy (LMA) Committee has worked with member companies Cadence, Siemens EDA and Synopsys to develop a protocol for use with software license management systems to provide strong protection against piracy by defining how servers can be uniquely identified.

Sashi Subramanian, senior group director at Cadence, chairs the LMA and leads the development of the SEMI Server Certification Protocol. In my recent conversation with Sashi, we discuss the driving factors behind the creation of this new protocol, the challenges of bringing it to market and a status update.

Smith: What is a server certification protocol? What is its purpose?

Subramanian: The protocol is a means by which compute servers that run license server software can be uniquely identified. The purpose is to thwart software piracy that relies on cloning server identifications by allowing only entitled instances of license server software to run.

Smith: What were the driving factors behind this project?

Subramanian: Software piracy (illegal use of software licenses) is a multi-billion dollar problem. It is harmful both to the software vendors that develop the complex software programs required to design today’s leading-edge semiconductor chips and to the legitimate users of the software who invest in accessing it. An illegitimate user can access the software at little or no cost, which creates a unlevel playing field and is illegal.

Smith: Why develop a new protocol?

Subramanian: Expensive software such as that used for chip design is licensed for use, and access is granted via a license server. In the past, the license server(s) was identified by a host ID or machine identifier, typically the MAC address of the machine. Unfortunately, it has become well-known how a host ID can be cloned. Exploiting this flaw allows illegitimate users to fool the software license management system and gain access to licenses that were not granted.

The ESD Alliance and its members recognized this problem, and after looking for existing solutions (there weren’t any), decided it would be prudent to develop a protocol that would overcome the weaknesses of the host ID licensing method. Ultimately, the goal of the project is to provide a protocol that mitigates much of the illegal software use based on host ID cloning. A common protocol also enables a similar solution use model from different vendors and eases the deployment overhead for customers.

Smith: Can you explain who is behind the development of the protocol?

Subramanian: The project was proposed within the LMA committee that focuses on software license management and anti-piracy measures. The LMA committee is made up of representatives from ESD Alliance member companies. Three of the member companies—Cadence, Siemens and Synopsys—expressed interest in jointly developing a protocol that could be used throughout the industry. Since the ESD Alliance is a part of SEMI, and SEMI has a very active standards group, it was further proposed that the resulting protocol be submitted to the SEMI Standards group for consideration as an official SEMI standard.

Smith: What were some of the challenges that needed to be addressed in defining and creating the protocol?

Subramanian: We identified three challenges:

• The impact on the customer—we knew that the solution could not interfere with a customer’s business continuity, high-availability practices or otherwise restrict usage to customers who are compliant.
• Complexities of handling vastly different user environments, including highly secure (air-gapped) local and remote hosted on-premises environments that can be physical or virtualized and cloud-based environments
• Minimal overhead to the customer in deploying the solution

Smith: Is the protocol software or is it something else?

Subramanian: The protocol itself is not software. It is a document—like a recipe—that describes how an instance of a server can be uniquely identified. Companies that wish to utilize the protocol can create their own software implementations based on the protocol that resides in their software license management systems.

Smith: What is the status of the protocol? Is it available now?

Subramanian: The first draft specification has been completed. The joint development team is now evaluating the possibility of providing a reference implementation that will help users to understand how to apply the protocol in their own systems.

The protocol will be provided under license from SEMI. SEMI is in the process of defining how the protocol will be licensed and supported. In addition, the protocol is going through the process of standardization through SEMI’s standards organization.

About the ESD Alliance License Management and Anti-Piracy Committee
The License Management and Anti-Piracy Committee reviews third-party licensing management software used by member companies for issues, updates and best practices. It assesses technologies and best practices to thwart software piracy, a problem that impacts legitimate customers because it artificially lowers the barrier to competition and member companies that invest in developing and supporting products needed by their customers.

If you want to learn more about the LMA, visit the ESD Alliance website. Or contact me at bsmith@semi.org if you have questions or need more information.

Engage with the ESD Alliance at:

Website: www.esd-alliance.org

ESD Alliance Bridging the Frontier blog

Twitter: @ESDAlliance