Gemalto’s Embedded Licenses – Securing your Software


Subscribe to our blog


Gemalto is well-known for their security solutions. They have branched into software licensing by acquiring SafeNet, which was a very synergistic merger.  The Sentinel product range, which is now under their roof, is a popular choice among software vendors, offering both soft and hard-key options for protecting valuable and expensive applications from unauthorised use. While Gemalto can offer solutions for both on-site and cloud licensing, our focus today is on their embedded licenses and the Internet of Things.

A Shift in Understanding

Manufacturers of sensors, devices and major equipment have come to understand that the real value of their products is in the software that is integral to the product, rather than the hardware, which is a once-off purchase. Managing and monetizing usage of the software can provide a steady revenue stream long after the purchase has taken place. This is where Gemalto has been busy developing a comprehensive solution. A combination of Sentinel’s license management with Gemalto’s cybersecurity is flexible and robust enough to protect and monitor anything from sensors measuring heat given off by urban buildings to major healthcare and industrial equipment, such as MRIs or cranes.

Using embedded licenses can have a major impact on inventory and product range. The application can be used to activate or suppress one or more features of a product, removing the necessity to keep a different physical product for each permutation. The company can carry a lean and minimal physical product range, with a wide and diverse virtual list of products, the features of which are differentiated by the licensing software. They can also be confident that their intellectual property is secure and protected from tampering and hacking.

An Enhanced Customer Relationship

While using embedded licenses requires a complete rethink of how products are assembled and delivered, there is also a major change in the vendor-customer relationship. Traditional licensing was focused on ensuring that the customer was compliant with their licensing agreement. The software monetization approach is collaborative rather than adversarial (Think of SAP vs Diageo). The benefit of being able to receive real- or near-time data on what products and features the customer is using is twofold; the vendor has visibility into what features each customer needs and can capitalize on up-selling or cross-selling opportunities; secondly, analysing the data for the entire customer base identifies future products.

Managing these licenses is by entitlement; each customer and each user of that customer can have his own profile of the product, with features switched on or off.

The vendor can also design his own licensing model, opting for prepaid, where a new feature or application must be requested before it can be used, pay-as-you-go, or even post-paid, where it can be used and paid for retrospectively. The flexibility is possible because of the usage data being streamed up from the customer; the vendor knows how the customer is using the devices and the software within these devices.

Sentinel Fit -When Size does Matter

Gemalto claim to have the smallest software licensing product on the market with Sentinel Fit. Specially designed for the most basic of devices, its footprint ranges from 1,5KB RAM for AES (Advanced Encryption Standard) to 13Kb RAM for RSA (Rivest, Shamir and Adleman, the cryptographers) encryption. Flash storage uses more (6.5Kb for AES and 34Kb for RSA). This does not mean it is not scalable, it can support up to 65K licenses of features or functions.  It is available in kit form and the runtime source code can be accessed. It has also been designed to work in most environments and across most platforms.

This small package is very secure, as you would expect from Gemalto; licenses are secured throughout their lifecycle from inception to decommissioning; users cannot copy the software from one device to another, because a “fingerprint” is generated that prevents this from happening.

For those vendors who want primarily to control access, entitlement and software versions, the Sentinel Fit provides a stripped-down but functional license capability. for those who need more, there is Sentinel LDK and EMS.

Sentinel LDK is a comprehensive license development kit that offers complete versatility, from physical key management through to cloud. This enables the vendor to choose any form of license management from perpetual to cloud to provide a license that is the best fit for the customer.  In tandem with Sentinel EMS, it covers all aspects of licensing and entitlement.

Pulling it All Together – Sentinel EMS

Sentinel EMS is a license and entitlement management system that can easily integrate a company’s back office and enterprise applications, including SAP, Salesforce and Oracle. It has a customer self-service portal too. Sentinel Fit feeds data to the EMS and this data can be analysed to provide intelligence on:-

  • licensing compliance
  • how products are being utilized, and which features are most used
  • future products and toolkits for the market

It can also be used to notify users of upcoming upgrades, contract renewals and enhancements and fixes. This is a useful feature, which improves the customer experience, together with the self-service portal. The portal gives the customer excellent flexibility in managing their licenses. It can be:-

  • customised to allow customers to manage their licenses independently, without having to rely on Support Services – this allows customers to perform actions like activation, renewal and upgrades, depending on the vendor’s business model or models
  • branded to match your website (white-label software)
  • integrated with other software services that support customer experience, such as your CRM

There are other products from Gemalto, such as Sentinel Up, which manages upgrades and enhancements, Sentinel Cloud for web-based access, as well as their core license management offering, Sentinel RMS. All the products integrate and can cover the whole geography of license management, from on-site to cloud. They also have a comprehensive set of hardware devices that can be used to increase security, such as dongles and USB cards. Gemalto has an impressive list of customers, including many in the engineering and scientific realms. Two of them are Stryker and Trimble.

Some Embedded License Experiences

Stryker as a major manufacturer of medical devices had been using dongles to protect the software that drives these products. The challenge with physical licensing is addition or replacement of the license manager when required; it takes time to get to the customer, while time can be a critical component in healthcare. It is also expensive getting the device to the customer. They have migrated to a SaaS solution, where the software key is embedded in the device for their main product, and are rolling the same solution out across their product range.

Trimble needs no introduction to anyone in engineering. With about half a million assets to manage, license and entitlement management is a major concern for them. They also used to rely on dongle protection, but as their Marketing Director, Bill Graber explains, getting a physical license key to a customer operating in the depths of the Amazon rainforest is far more challenging than sending the license over the air (OTA) or embedding it in the product. They also are faced with disparate license models within the organization, inherited via their acquisition strategy, which has seen them bring 200 companies under the Trimble roof in the last 15 years. Sentinel EMS assists in the integration of these different models.

Which is Better: Gemalto or Flexera?

While Flexera and Gemalto are not the only providers of embedded licenses, they are the leaders, with the largest market shares. Flexera is very widely used for software license management – it is highly likely that some of the software applications you are using yourselves have Flexera licenses. The chances of having one Sentinel license or more are also high, especially if any of the software you use is protected by a dongle or other hardware device. Both vendors claim robust security features, but Gemalto may have the edge in this case, as security management is their core offering. The small footprint of Sentinel Fit is ideal for IoT sensors with very limited storage; Flexera also have a small footprint embedded license, but it has a minimum size of 50K. It is advisable to try a proof of concept with these two vendors as well as some of the smaller competitors, like Snow and Agilis, to find the best fit for your business.


Skip to content