Earlier this month, Apple and Microsoft disclosed independent vulnerabilities in their digital signature infrastructure, affecting a huge range of operating systems.

In Apple's case, it was possible to create a fake signature and get macOS to trust it. (Details) This is like a fake ID that fools the bartender into selling alcohol to a teenager.

In Microsoft's case, it was possible to create fake signatures that looked like they were from a trusted entity. (Details) This is like being able to print your own ID cards, as if you were some authority.

What are Digital Signatures?

Digital signatures are like driver's licenses (or other ID cards, around the world), but for software. They say, with authority, who the holder is. They are used to convey trust: if I know who you are, I know what you should be allowed to do, and I can have reasonable trust in how you'll behave.

So too with apps.

All modern apps come with digital signatures, like ID cards, saying who they are. But a digital signature, unlike an ID card, can instantly be checked to see if it's valid. It doesn't just have to look authentic - you can actually check that it really is authentic, and who the publisher really is - through standard cryptographic techniques based on “public key infrastructure (PKI)”.

This idea underpins most consumer apps used today. Apps in the iOS App Store have always required digital signatures. So too with Android. macOS and Windows have been ratcheting up digital signature requirements for more than a decade, and now signatures are effectively a requirement to deliver software to macOS, while on Windows they are required for a good user experience.

Digital Signatures in Software

Digital signatures are also used by software publishers to establish their own trust systems. One common example is products that load content or have plugins, and need to verify that the content or plugins are authentic. Digital signatures are exactly the right tool for this job.

Both of these bugs have the same basic consequence: until they were fixed, digital signatures weren't really the strong guarantee of identity that we thought they were. Or in the Microsoft case, there might be fake digital signatures in the wild that can never be proven inauthentic. 

Those apps you installed, from trusted publishers, might not have been from those publishers at all.

This highlights one of the problems with digital signatures: they're a single source of trust. If you base all your trust on one system, then when that system is broken, you have no trust left. As happened last week, with Apple and Microsoft.

PACE Customers are Protected

But PACE customers are still protected, even now that these vulnerabilities are well known. Our licensing and content protection platforms use our own digital signature infrastructure - on top of the OS signature infrastructure - to verify the authenticity of plugins and content. We use a completely separate set of certificate authorities (but the same proven cryptography!) to provide a second layer of trust above and beyond the standard operating system signature checking.

Our signatures weren't broken by these vulnerabilities, and the software publishers who rely on PACE digital signatures can continue to trust the content and plugins they load into their products.

PACE customers also enjoy features that don't come with operating system digital signatures, like explicit identification of the product (not just the publisher), and connections between licensing and digital signatures that enable features like encrypting content that can only be decrypted by authorized products.

If you have a software product or content that would benefit from stronger authenticity guarantees, or from high-security licensing and distribution, we encourage you to contact us at to learn more about how PACE can help you protect your work.

Solid State Logic (SSL) is a world leading manufacturer of advanced audio production systems for studio, live sound and broadcast. With more than 3000 SSL-equipped facilities operational today,  SSL consoles and recording studio hardware and software are universally recognised for their reliability and outstanding sound quality.

From Hardware to Software

Founded in 1969, SSL has seen an interesting evolution in its product offering . The name “Solid State Logic” was originally derived from their first product - a switching system for pipe organs. 7 years later, the product line expanded to include the first A-series console in 1976, and a big breakthrough with the SL 4000 E Series in 1979. Variants of this console followed, transforming the way music was recorded, and creating an international gold standard in music engineering hardware.

1985 marked the beginning of an era of digital research and development, leading to the development of the 01 - an eight channel recorder/editor. Three decades of continuous innovation landed Solid State Logic not only as a leader in recording hardware, but also professional studio software - both analogue and digital.

SSL and PACE Anti-Piracy

Although SSL is most famous for its rich legacy in analogue studio hardware, the company also has extensive experience in digital audio and DSP development. As the industry grew beyond dedicated hardware-hosted DSP, the release of the ‘SSL Native’ plug-ins signaled SSL’s first steps into the Digital Audio Workstation software marketplace - including the legendary Bus Compressor and Channel Strip plug-ins, inspired by sought-after sound of the SL 4000 E-series analogue console.

The entrance into the software marketplace marked the beginning of a relationship between Solid State Logic and PACE Anti-Piracy. In early 2011 SSL needed a licensing solution for their software and evaluated PACE’s early product InterLok. SSL needed a Machine Based Licensing solution, a solution which PACE was still developing, and ultimately SSL chose an alternative licensing platform. 

It is important to note that license management platforms hold a variety of responsibility on many different levels. Not only does a platform have to securely distribute licenses to end users, the platform must also stay up to date with the latest operating system releases. "Customers are expecting things to work in their environment. In the audio industry, customers often need to avoid upgrading their computers for backcompatibility reasons between sessions. Supporting all of these environments ends up being maintenance and testing for the developer and you need a platform that can target all these things and is going to work. There are a lot of changes to keep up with. I don't think this would be possible were we doing all of this in house!” remarked Jon Sandman, Product Manager at SSL. 

In 2013 an OS release caused a variety of issues with the SSL licensing system. The licensing vendor SSL had chosen was unable to maintain the software updates needed to continue uninterrupted service and a good user experience when a major release occurred. The issues caused the team at Solid State Logic to reach back out to PACE Anti-Piracy. “We needed a solution that was widely supported and from a supplier that made the integration process fast and straightforward. We had already used proprietary and less well known securitization solutions, and familiarity and market acceptance had been seen as barriers to success.”

By this time, PACE had developed and released Eden - a robust license management system with Machine-Based Licensing and security - exactly what SSL needed. James Motley, Head of Workstation Products at SSL at the time, was concerned about the cost to migrate license management platforms to PACE, and the effect it would have on business. PACE was able to work with the SSL and Audiotonix team to create flexible pricing and tiers. 

When asked why SSL chose to go to PACE for their licensing needs, Jon Sandman said “We were aware of a number of successful companies using PACE security solutions in our industry. Many of our customers were already familiar with PACE, and so in looking for a securitization solution, PACE was an obvious choice.” When asked why SSL did not choose an alternative licensing solution, Jon continued “Market acceptance is important to us. Securitization and piracy prevention measures are a sensitive subject for our customers, and since PACE had already achieved acceptance with users and established themselves as a leader in our industry, a significant hurdle was overcome from the offset.”

“It is especially important to SSL that we also protect our IP. Emulations of SSL hardware, for example - if someone were to pick the software apart, then it would be a real shame for the dedicated plug-in development and DSP team that we have here at SSL.”

More Than Just Licensing

In addition to offering security and licensing services, the PACE Anti-Piracy brand also houses JUCE - an open-source cross-platform C++ application framework, used for the development of desktop and mobile applications. JUCE has been an integral part of the SSL software development framework. SSL has expanded software plug-in development - going from 10 plug-ins, to regularly releasing on average 2 plug-ins every quarter bringing the current total to 22.

“Not only our plug-ins, but our desktop application is in JUCE - the virtual mixer. We are reaping some of the benefits of the JUCE framework - including graphics improvements - in our SSL 360° desktop application and our new 4K B plug-in which used the latest JUCE release. The 4K B channel strip plug-in is an analogue model of the SL 4000 B-series console channel - an entirely new SSL channel strip for your productions - complete with 360° Plug-in Mixer (your virtual SSL console) and first-class integration with the SSL UC1 and UF8 for hands-on control.”

The Audio Developer Conference

With PACE’s acquisition of JUCE also came the stewardship of the Audio Developer Conference (www.audio.dev). ADC will host its 7th annual conference in London and Online this year November 14 -16, 2022.

Solid State Logic supported the mission of the Audio Developer Conference with silver sponsorships in 2021. 

The SSL team participated both online and in-person during the conference, presenting a talk How to Stand the Test of Time (Despite The Time it Takes to Test) by Jon Sandman. When asked why the Audio Developer Conference is important, Jon remarked “It is great to connect with the people that make the products you love.”

“I’ve always had an interest in accessibility and UX. It is a pretty broad subject, and going to ADC and actually connecting with experts in that field inspired me, and gave me a mental roadmap of what we can do and what our focus can be, which is important for me as a Product Manager.”


PACE Anti-Piracy brings a standard in professional audio software licensing that many companies rely on. We take great pride in working with organizations like Solid State Logic to ensure their software licensing needs are met. In addition, we are honored to expand our connection to SSL through our brands JUCE and the Audio Developer Conference. We look forward to a continued partnership on all levels!

For more information on the new SSL 4K B plug-in, please visit: https://www.solidstatelogic.com/products/ssl-4k-b

For more information on the Audio Developer Conference visit https://audio.dev

I made a plug-in and want people to try it! How do I do that?

Maybe you’ve been making audio software for decades, or perhaps you’ve just finished your first plug-in with JUCE, and now you want people to try it for a certain period of time.  Let’s talk about some quick and easy ways to offer trial licenses for your PACE-protected software.  By the end of this, you will know several of the ways in which you can provide trial licenses, and some of the methods for delivering those trial licenses.

As a software publisher using the PACE licensing system, you have a lot of control over who can gain access to your software, and how.  Whether you want to offer a perpetual license with several activations, or a subscription license only allowed on an iLok USB, or just a timed trial so everyone can try your product before they buy it, you control the ways in which your customers interact with your software.

Let’s explore several ways of distributing trial licenses to customers (and how to implement them) so everyone can enjoy trying your products, including:

Automatic (Auto-demo)

Auto-demo is one of the most widely used methods for depositing a trial license into your customer’s iLok account. Why? Because the PACE tools do the work for you.

It starts with the Activation Experience, which is a tool included with PACE Level 1 protection. The Activation Experience is triggered when PACE-protected desktop software is launched, or when a PACE-protected plug-in is scanned by a DAW. If you install a PACE-protected pro audio plug-in and do not yet have a license for it, the Activation Experience will pop up and ask the customer to log into their iLok account.  After a user logs in, it will search for any valid license for that product within that iLok account.  

If a license is found, Activation Experience will ask the user where it should be activated (iLok USB/iLok Cloud/machine, for example) and continue through the activation process.

License not found

If a license is not found, Activation Experience will pop up a ‘Try’ button.  When that Try button is clicked, it will automatically deposit a trial license (pre-selected by the publisher) into that iLok account, and then continue with the activation process.

Once you (the Publisher) have set up your trial license and chosen the Auto-demo in your Activation Experience setup, all you need to deliver to the customer is that PACE-protected binary for the customers to gain access to a trial license.

Benefits of Auto-demo:

Activation Codes

Built into the PACE SDK is access to an online portal called PACE Central.  Among many other tools within PACE Central, (including license creation, trial license time limit setup, iLok account search, etc.) there is the Code Factory. The Code Factory allows you to create and manage activation codes for various licenses, including trials and perpetual licenses. You can create activation codes yourself and distribute them right to your customers.  

Once your customer has that code, it can be redeemed one of two ways:

Which one is better?  Whichever one your customer prefers.  There is a benefit when your customer uses iLok License Manager because it will allow them to see more exactly which location they have activated the license to.  

Redeeming a code and activating with iLok License Manager

Redeeming a code and activating with Activation Experience

Once you’ve created a batch of codes, there is the question of how you will deliver those codes to your potential customers. See the Methods of Distribution below for some commonly used ways to get trial licenses to your customers.

Benefits of Activation Codes:

Manual License Deposits

The online portal, PACE Central, allows software publishers to manually deposit licenses directly into any iLok account. Having the ability to quickly deposit a trial license for customer support reasons, or for beta testing and influencer management, can be quite helpful.  However, manually depositing trial licenses one by one for your general customer base is not recommended, for the hopefully obvious reason that it will quickly become tedious and time-consuming.

Methods of Distribution

Whether you decide to use Auto-demo or Activation Codes for your trial licenses, there are a few methods of distribution to consider. Once you have a PACE-protected binary, you could easily give out Activation Codes to anyone or, just provide a download link for your installer if you chose the Auto-demo. Why wouldn’t you do that? Because you will want to know who actually tries your software.

Customer Data Acquisition and Why You Need It

People who try your software are your target audience, which means you’ll want to get them to opt in to marketing and promotional emails from you. This will provide you with the ability to: 

While the PACE tools provide valuable data on licenses deposited for support purposes, owning your own customer database and knowing each product they have tried and/or purchased will enable you to grow your business and stay connected from the very beginning.  Knowing the lifetime value of your customers is crucial for successful planning of marketing and promotional plans.   

Distribution Method #1: Registration Before Trial

This option would require someone to either provide an email address, or a full user registration (name, email, etc.) on your website, before you allow them access to the installer for your product. Once that registration is verified, a redirect URL can give  access to the installer with the Auto-demo. If you choose Activation Codes, one can be emailed to the customer.

Distribution Method #2: Sell A Free Trial

This involves setting up a $0 product in your webstore that requires customers to fill out information and allows you to place a checkbox to try for the opt-in of marketing emails.  Once they have ‘purchased’ a trial for that product, the installer can be provided with either the Activation Code to be redeemed, or a link to the installer for your software with the Auto-demo included.

To sum it up, once you’ve decided to protect your desktop application or plug-in with PACE, there are several ways to create and deliver trial licenses to your customers. 

As your business grows, there are more advanced options available to centralize the direct sales, dealer sales, and customer registration and installation processes. This would involve having your own code system for users and dealers in a central place with more automated and secure deposits to PACE. This could also include single sign-on and activation in your application. Having all of this data within your own CRM or database will allow for a more seamless customer experience and more upsell opportunities, and remove any potential data privacy issues. PACE clients that make this investment in their infrastructure tend to have great success in growing their business and increasing the lifetime value for each customer.

Our experience has shown that publishers increase sales when they offer prospective customers a trial of their plug-in. To that end, we at PACE have created a licensing platform that offers our publishers the ability to customize the trial and demo experience. By offering multiple ways of creating and delivering licenses, we give our publishers the autonomy to customize the experience that is best for their customers.

For more information on offering trial licenses or how PACE can benefit you and your customers, contact us now.

PACE Anti-Piracy was featured in a recent edition of Cyber Defense Magazine with an article titled “Are We Shifting Left Enough” written by Douglas Kinloch, VP of Business Development.

The term “shift left” is centered on the idea that Application Security efforts are now happening at earlier stages of the development lifecycle. Mr. Kinloch adds to the discussion by raising the questions “how far left does an organization need to shift?”

He writes: “Shift Left” is in danger of becoming a buzz-word, much as “End Point” did 20 years ago. In software development, it is clear that the idea of moving security awareness from traditionally the last thing considered before shipping, to something every developer understands, can implement, and can act accordingly has to be a good thing. “Zero Trust” is another buzzword that may travel hand-in-hand with Shift Left, but as many are beginning to point out there is no single Zero Trust silver bullet, it’s a process. As a process it needs to be the default setting of any designer of any system relying on IT networks, connectivity or software.”

How should developers and analysts begin to think about answering the challenge? 

At PACE we are users of software tools that ensure the Licensing products we supply to our customers and partners remains as secure as possible. It is a different approach to most License Management tools where there is an emphasis on process, revenue management and software monetization. It is our belief that if the License Manager can be compromised, then all the software monetization tools in the world can’t maximize revenue or protect developers’ IP.

PACE Shifted Left Early

In order to deliver such security the Developer team at PACE “shifted left” in the early 2000s and delivered iLok License Manager, secured by deep understanding of application code, and use of our Fusion Application Protection tools; Anti-Tamper and Obfuscation. To further secure customers’ IP and revenue streams, White Box Works ensures the security of the cryptographic keys within the entire system. 

PACE is now offering the same capabilities to partners across a number of markets, supporting Software POS and High Value Software customers, protecting IP and vitally important business logic from outside interference.


The assumption that compiled app code will be accessed, and that attackers have the tools and skills changes the security calculus completely. 

Zero Trust means that developers protecting their code understand that the actual end-point is not the device, or even the application within that device, but is the source code on the developers’ machine - before it’s even compiled. So when you decide to Shift Left, as we did, ask yourself, “how far?”

Find the full article in Cyber Defense Magazine.

For more information on how PACE tools can help your organization shift left, contact us.

Home-grown Licensing vs. Professional Licensing: A Boomerang Story

Freehand Graphics is a global leader in software solutions for the screen-printing industry. Some of their software, notably Separation Studio NXT and AccuRIP Emerald, makes pre-press functions, like color separation, a simple and easy process for their customers.

Some History

As art students living in New York City, Charlie and Laura Facini were interested in making a career in the arts. Charlie was interested in printmaking and took a part-time job at a screen-printing shop to earn some extra money. Technology was quickly changing during this time, and screen printing was beginning to transition from a completely manual process to digitization. The industry was changing, and Charlie was at the forefront. While working daily to process orders, manually adjusting colors and specs, Charlie realized that parts of the screen-printing process were extremely time-consuming and error-prone. He decided to embrace the innovation that was happening around him with computers and technology and write a computer program to optimize the process.

Charlie wrote a program that would ultimately revolutionize screen-printing. What would normally take 3 labor-intensive days of work, Charlie’s program allowed to be done in less than an hour. Having discovered such a time-saving and efficient tool, Charlie’s screen-printing shop (which he now owned with his wife Laura) was able to process more orders and ultimately make more money. The next step – could he sell this program to other screen-printing shops?

Freehand and PACE Anti-Piracy

In 1995, Freehand sought a way to distribute its software securely with a licensing system. PACE helped Freehand set up a secure licensing model that allowed customers to try the software, and later to buy it. The ability to ‘wrap’ their code with PACE’s unique architecture gave Freehand the security and flexibility it needed for trial extensions, ensuring prospects had enough time to evaluate the product and eventually buy.

In 2007, after joining forces with a new developer, Freehand decided to move toward a home-grown licensing model and no longer use PACE. 

Why Turn Back to PACE Anti-Piracy?

A shortfall of the home-grown licensing system was the lack of a robust license control center. With limited ability to help clients activate or deactivate software in response to local hardware issues, Freehand actively looked to improve the UX and to enhance customer service. 

Free trials are at the core of many software sales strategies. For Freehand Graphics, nearly all sales are preceded by an 8-day trial. One drawback to the home-grown licensing system was that when a potential customer downloaded the trial, Freehand couldn't easily turn off access once the trial was over. People evaluating the software could, in some cases, still have access even though their trial period was over.   

Freehand Graphics also offered a ‘chargeback guarantee’ – allowing customers who purchased their products to get their money back if they were not satisfied. Although a rare occurrence, when a customer did ask for a chargeback, there wasn’t an easy way to completely turn off access. A customer chargeback should have triggered the end of the license use, but the system in place did not offer that ability. 

Finally, in 2019 Freehand decided to move from perpetual licenses to a subscription model. The need to make this change stemmed from a goal to create more features and a better user experience for customers. Charlie added “Perpetual is an ugly word when you are trying to create recurring revenue for a software product.” It was this decision that ultimately brought them back to PACE.

"With PACE, clients in good standing continue to benefit from using Freehand software, while those without an active license no longer have access. Freehand benefits from knowing that software activated means profits retained, while users enjoy the freedom and power of 24/7/365 web-based license controls."

Updating Meant Upgrading

The return to PACE Licensing not only helped Freehand’s new business model create recurring revenue and growth, but it also resulted in a better experience for their end-users. PACE iLok License Manager delivered a better UX for end-users, who are now more self-sufficient. This has resulted in a significant decrease in some support requests and eliminated other support issues altogether. This, in turn, has allowed Freehand to focus more on product and development.


When asked what role professional security and licensing have on Freehand Graphics, Charlie Facini responded

“Without question, our products would not exist in this form in a digital age. It is impossible. You can’t let someone trial software without security, you can’t sell without security. Without proper security, you have an open-ended sale. PACE Anti-Piracy gave us something we never had in the past... mental security.”

For more information on how PACE Anti-Piracy can help with your licensing needs, contact us!

Are you using a Continuous Integration (CI) build pipeline that is based in the Cloud and need to code sign your plugins for AAX on a virtual machine?  If so, PACE has the solution for you.  Meet Cloud 2 Cloud.

Cloud 2 Cloud is a new service available for AAX code signing that no longer requires a physical iLok USB device to be attached to the machine that is handling the code signing certification.  Software developers can now achieve the same result - a validated AAX plugin for use in Pro Tools - now without the need for an iLok USB to be attached to the machine completing the code signing process.

With Cloud 2 Cloud, now you can utilize PACE's cloud-based AAX code signing technology into your existing cloud-based build pipeline for seamless, and truly continuous integration between cloud services. 

"Thanks to this tailored-made solution, we are now able to automate the build of AAX plug-ins and integrate the signing process inside Audio Modeling’s Continuous Integration system."

Emanuele Parravicini, CTO, Audio Modeling

To learn more about how Audio Modeling integrated Cloud 2 Cloud with their CI system, click on the link here.


Fighting software piracy is an ongoing battle; it means lost revenue, marketshare , and your reputation as a publisher could be at stake.

Unauthorized copying and distribution accounted for $2.4 billion in lost revenue in the United States alone in the 1990s,** and is assumed to be causing impact on revenues in the music and the game industry, leading to the proposal of stricter copyright laws such as PIPA and the DMCA. Everyone knows that illegally sharing software is wrong, yet it still happens every day. Lowering the barrier to entry by removing copy protection, or moving to a flimsy, online pay wall model has been proven ineffective at preserving software integrity. Our research has shown that a hacker’s intentions are difficult to predict. Sometimes, they wish to crack very expensive software to deliver it to the masses; other times, they crack software for sport and recognition amongst their peers. This makes anti piracy protection an important factor to consider if your goal is to make money. Not only do hackers offer product for free but they often abuse copyrights as well.

Another point to consider is how an anti piracy solution can protect your companies brand, perhaps your greatest asset. Good anti piracy software protects your executable inside and out and makes your product tamperproof. Our research has also shown us that global hackers are not as concerned about giving away your software for free, but rather they see your success as a vehicle to steal precious and sensitive information from your audience. By reverse engineering and inserting malware, hackers can gain access to your customers’ data and computers. If you have not adopted stringent anti piracy software protection practices, experienced hackers can quickly and easily infiltrate your distributions and ruin your company’s reputation. With open communication readily available in social media, it is even more imperative, as your potential customers will run from your product offering if they feel they cannot trust it.

Hackers are relentless. Their community is large and they are becoming more and more brazen with their attacks and frequency. They communicate with each other and will even crowdsource their efforts to take a software title down. They hate anti piracy protection and may often engage in a smear campaign to make software publishers believe that an anti piracy solution will hurt their bottom line. Common arguments are that the anti piracy copy protection scheme is cumbersome and a hassle for the end user. Sadly, many publishers believe this when in fact, we have the data to prove the contrary.

You would be mistaken to think that an anti piracy solution is a one-time cost, a set it and forget it investment. We have seen good, strong, expensive anti piracy software from our competitors hacked within days of being posted. Sadly, in some cases protected software lasts only hours in the wild. How do you combat this threat? Will any anti piracy solution work for your needs? We can help you with this fight. We have anti piracy solutions that are proven to be effective in protecting your company’s revenue stream.

Before we delve into discussing anti piracy software, we would like to give you a glimpse into how vulnerable you could be.

How do they do it?

Most anti piracy software protection schemes rely on license checks to validate ownership. A license check validates the ownership and allows your software to run. Remove the license and the software will cease to work. A seasoned hacker can easily spot simple license checks and remove the checks without degrading the functionality of the software.

Of course, as anti piracy solutions become stronger, the tools hackers write and use adapt, thereby escalating this war. Mid-size to smaller companies, who lack the financial resources to sink into a homegrown anti piracy solution, don’t stand much of a chance, and some have sadly resigned themselves that their product will be hacked as soon as it’s released.

Enter PACE Anti Piracy Inc. to fight this battle for you. We have a proven track record of over 30 years developing solutions to stay ahead of attacks on our customers: You, the publisher. Until recently, our most secure method of storing a license was on a proprietary USB iLok dongle. After some technological breakthroughs and years of development, our license servers are secure enough to deliver cloud licensing at an affordable cost AND be secure enough for us to brand with the iLok name.

How do we combat this?

Anti-Piracy Security Software

PACE Anti-Piracy, Inc has been in this business for over 30 years. We have seen it all and yet we are surprised at the tenacity, level of sophistication, and for lack of a better term, talent of the hacker community to quickly and methodically dismantle a publisher’s hard work and release it on a torrent site. The only way to combat these threats is to understand the motivations and methods used. We constantly monitor hacker boards and communications to understand their challenges. We look for methods that prove to be difficult for them to break. We also employ a team of reformed hackers to challenge our product offerings before they are released to our publishers. We use tested cryptography and have vast experience with anti-tamper and white box technologies. We test our anti piracy software against the most brilliant minds in the industry and we are only satisfied when they have to admit defeat.

We know it sounds like an unrealistic boast to say our anti piracy software cannot be cracked. Our goal is to stay ahead of the curve and hacking trends. We avoid giving known hooks or patterns that they recognize, and we pepper our anti piracy solutions with methods that we know are time consuming and difficult, if not impossible, to remove. We are constantly innovating and investing in the future.

The PACE Anti-Piracy, Inc. Solution

We are constantly asked by new publishers how long it will take to implement. To answer that, we must take many factors into consideration. We like to describe the amount of protection our anti piracy software solution provides as a dial that can be turned from 1 to 10. One being a deterrent to abuse; 10 being robust protection for valuable IP.

There are myriad reasons why a publisher would chose a particular anti piracy setting, it usually comes down to time available and effort required. Our solution is flexible enough to accommodate your needs.

How Much Anti Piracy Security Am I Getting?

An anti piracy solution is only part of the puzzle. PACE Anti-Piracy, Inc offers product licensing that works in tandem with the tamper-proof nature of our copy protection. In all of our years in business, our licensing system and hardware dongle have never been hacked. The license the end user purchases is always visible to you with our PACE Central portal and can accommodate many licensing scenarios from a full perpetual license to a limited trial or a renewing subscription, just to name a few. We offer reasonable license distribution solutions.

Please contact us to set up a discussion; we would love to understand your requirements and what you need to get to market.

Publishers looking for sales information about the iLok licensing system, software security, or anti-piracy may follow this link: http://go.paceap.com/proaudio.

**Greg Short, Comment, Combatting Software Piracy: Can Felony Penalties for Copyright Infringement Curtail the Copying of Computer Software?, 10 Santa Clara Computer & High Tech. L.J. 221 (1994). Available at: http://digitalcommons.law.scu.edu/chtlj/vol10/iss1/7

As this is our first ever blog post, I’ve been struggling for days to come up with a title. With the name PACE, there are a lot of clever choices. “PACE of Change” came to me first, then “Keeping PACE”, PACE in your Face… Coming up with a name for the blog may be harder than actually writing it.

So, despite the lack of a catchy name, to begin our first blog, perhaps a look back at a very successful 2018 in the software business:

51% of businesses say they’re shifting the way they price and deliver their products or services to customers.

Last year was the year of the subscription model for PACE Anti-Piracy. Virtually every conversation we had with prospects and customers turned to when they would be rolling out a subscription offer. Inspired by Adobe and other success stories, nearly every software publisher wanted a piece of the subscription revenue pie, and who could blame them.

By 2020, all new entrants and 80% of historical vendors will offer subscription-based business modelsGartner Research

What software publisher wouldn’t want to get off the annual release roller coaster? Betting the business each year that the next release would capture new users, beat last years “best release ever”, or be compelling enough to get folks to upgrade is a gut check. The promise of a nice, predictable revenue stream that would fund continued product development is most compelling.

What publishers learned quickly was that taking a handful of old, tired products and offering them as a subscription bundle was not the key to software publisher nirvana. Successful subscription offerings stay successful by consistently adding value to the subscription bundle, such as high-profile new product additions and truly useful new features. Some larger publishers even hosted developer conferences to showcase their latest and greatest and to create a one-on-one relationship with their most devoted users and key influencers.

Other learnings were that some publishers’ products are just never going to be a good fit for a subscription model. For example, publishers with a portfolio of products that won’t ever expand, or products that are marketed at low price points.

In the first quarter of 2019, the dominant market trend we are seeing is publishers of high-value software that has traditionally been sold as a perpetual license plus maintenance fee are investigating usage-based pricing models as a means to move down market. This strategy potentially gets their software into the hands of mid-sized and smaller companies with little or no upfront cost to their customers. The metered usage fees, billed monthly, can then be mapped to their customers various profit centers, or charged to a project.

This model is even more attractive in vertical markets where the competition is open source software or where hacked versions of competitive offering are readily available for download.

Stay tuned for future posts. We will do our best to keep you up to date on the latest software industry trends and, with luck, spark some new ideas that will make 2019 a banner year for you. Oh, and maybe even come up with a name for our blog.


Protect and License Your Product to Make a Profit

There are many options available to software developers to reduce the risk of software piracy and malicious use of their code. The following document explores the advantages and drawbacks of several protection strategies including Code Signing (Digital Signing), Software Obfuscation, Anti-Tampering, Software Protection Dongles, Cloud License Location, and White-box Cryptography. We hope this article is useful in exploring some of the many options available to protect your intellectual property.

Code Signing

Code Signing

Code Signing, also known as Digital Signing, is the process of digitally signing executables and scripts to assure the client OS (and therefore the user) that the software is genuine. Code Signing does nothing to assure the software developer that their code has not been tampered with in the field. The process employs the use of a cryptographic signature and certificate to validate authenticity.

Code Signing can provide several valuable features. The most common use of code signing is to provide security when deploying; in some programming languages, it can also be used to help prevent namespace conflicts. Almost every code signing implementation will provide some sort of digital signature mechanism to verify the identity of the author or build system, and a checksum to verify that the object has not been modified. It can also be used to provide versioning information about an object or to store other metadata about an object.

If your software is a stand-alone application, the signature is checked at the operating system level at first launch. If your software is a plug-in or add on, it may be checked by the host application as it loads. Code Signing is a good first step to protecting your software, however it should not be your only defense as it is susceptible to a number of work arounds. For example, if the system or host is compromised, the signature check may be ignored or removed. Without effective application protection (which is a subject covered later in this document), software protected exclusively with Code Signing be easily cracked and shared.



In software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans/hacker, and their tools to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even as a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in the industry.

Advantages of Obfuscation

There are several advantages of automated code obfuscation that have made it popular and widely useful across many platforms. On some platforms (such as Java, Android, and .NET) a decompiler can reverse-engineer source code from an executable or library. A main advantage of automated code obfuscation is that it helps protect the trade secrets (intellectual property) contained within software by making reverse-engineering a program difficult and economically unfeasible. Other advantages might include helping to protect licensing mechanisms.

Decompilation is sometimes called a man-at-the-end attack, based on the traditional cryptographic attack known as "man-in-the-middle". For run-time interpreted languages like Javascript, many publishers perform source text compression - renaming variables and methods to a single character and removing white space. Done to speed up loading, it has a side effect of some obfuscation.

Disadvantages of Obfuscation

While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible. Some obfuscation techniques have been analysed enough to make automated de-obfuscation possible. Further, implemented poorly, obfuscation has the potential to bloat the size of your code significantly, and also provide clues to a skilled hacker as to where your sensitive IP can be found. Security by obscurity (obfuscation) does not alone provide long lasting robust software protection.

Tamper Proof Your Code (Anti-Tamper Software)

The goal of tamper proofing is to protect your code from being modified and used in a way you have not intended. Tamper proofing is designed to fail gracefully at run-time, and not offer any clues as to why the modified code fails to operate. It does not stop a user from examining or extracting code from your executable. Effective tamper proofing makes software dynamic analysis very difficult. A motivated malicious actor given unlimited resources and time will eventually be able to crack tamper proofed code. But months of false positives and dead ends will hopefully deter them from targeting your code and extracting anything of value for their efforts. Anti-tampering technology typically makes the software somewhat larger and also has a performance impact. Though both of code bloat and performance impacts can be mitigated through the use of advanced automation technologies. There are no provably secure software anti-tampering methods; thus, the field is an arms race between attackers and software anti-tampering technologies.

Tampering can be malicious, to gain control over some aspect of the software with an unauthorized modification that alters the computer program code and behavior. Examples include: installing rootkits and backdoors, disabling security monitoring, subverting authentication, malicious code injection for the purposes of data theft, or to achieve higher user privileges, altering control flow and communication, license code bypassing for the purpose of software piracy, code interference to extract data or algorithm, and counterfeiting. Software applications are vulnerable to the effects of tampering and code changes throughout their lifecycle from development and deployment to operation and maintenance.

Anti-tamper protection can be applied either internally or externally to the application being protected. External anti-tampering is normally accomplished by monitoring the software to detect tampering. This type of defense is commonly expressed as malware scanners and anti-virus applications. Internal anti-tampering is used to turn an application into its own security system, and is generally done with specific code within the software that will detect tampering as it happens. This type of tamper proofing defense may take the form of runtime integrity checks such as cyclic redundancy checksums, anti-debugging measures, encryption, or obfuscation. Some anti-tamper software uses white-box cryptography, so cryptographic keys are not revealed even when cryptographic computations are being observed in complete detail in a debugger.

Anti-tamper software is used in many types of software products including: embedded systems, financial applications, software for mobile devices, network-appliance systems, anti-cheating in games, military, license management software, and digital rights management (DRM) systems. Some general-purpose packages have been developed which can wrap existing code with minimal developer effort. Malicious software itself can and has been observed using anti-tampering techniques, for example the Mariposa botnet.

Software Protection Dongle

Branded image of the iLok USB Smart Key

A software protection dongle (commonly known as a dongle or key) is an electronic copy protection and content protection device. When connected to a computer or other electronics, they unlock software functionality or decode content. The hardware key is programmed with a product key or other cryptographic protection mechanism and functions via an electrical connector to an external bus of the computer or appliance.

In software protection, dongles are two-interface security tokens with transient data flow with a pull communication that reads security data from the dongle. In the absence of these dongles, certain software may run only in a restricted mode, or not at all. There are potential weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. It requires considerable cunning to make this hard to crack. For example, a simple implementation might define a function to check for the dongle's presence, returning "true" or "false" accordingly, but the dongle requirement can be easily circumvented by modifying the software to always answer "true".

Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — essential parts of the software may actually be stored and executed on the dongle. Thus dongles have become secure cryptoprocessors that execute program instructions which may be input to the cryptoprocessor only in encrypted form.

Hardware cloning, where the dongle is emulated by a device driver, is also a threat to traditional dongles. To thwart this, some dongle vendors adopted smart card product, which are widely used in extremely rigid security requirement environments such as military and banking.

The PACE Anti-Piracy iLok is a robust security product that runs code. Not merely a dongle with a digital identifier or secret. The iLok is an active security device that leverages both hardware and software encryption, public key private key infrastructure (PKI), and digital signing in conjunction with application protection tools that are used to protect the software.

Cloud License Location

Branded image of the iLok Cloud

Modern cloud licensing solutions are as secure, and in some cases more secure, than traditional dongle systems, as the cloud provides a secure active security component. Cloud-based software licensing also removes the risk of lost or damaged dongles and computers. You can rest assured that the licenses activated to the modern cloud-based software license solutions will not be cloned, hacked, or tampered with.

License checks that are performed by the client software still need to be secured against reverse engineering and modification; otherwise, they can be identified and disabled by hackers.

White-box Cryptography

White-box Cryptography

White-box cryptography is a necessary building block in any overall software security strategy. It is a cornerstone in the protection of cryptographic primitives in applications that run on potentially hostile execution platforms, such as on PC’s, Tablets, or Smartphones, and white-box cryptography is a key component of DRM and software licensing solutions.

The underlying idea of white-box cryptography is to merge the key and the crypto algorithm code into a new, transformed code. The key is effectively hidden in the code and cannot be easily separated. White-box cryptography implementations of symmetric block ciphers, like AES and DES, are available as commercial products. Additionally, some white-box cryptography suppliers offer implementations of algorithms such as hashes, RSA, and Elliptic Curve Cryptography, with the capability to combine multiple algorithms without disclosing the intermediate values, as well as tools to build unique White-box implementations on-demand.



For more information on how PACE can help you protect your software, contact us today.

The Software Security Service sector is one of the fastest growing and evolving industries in the world.

Nearly every sector depends on software to improve efficiency, and in most cases, it’s critical to getting the actual job done. A minor software problem could grind a project to a standstill.

Software has evolved significantly over the last decade, and this has led to better operational efficiency. Unfortunately, with every evolution, new security threats emerge.

Security Code

Gartner Group found that 70% of current security risks are found within the software applications. The widespread adoption of software in every sector has made software protection even more critical to success. As such, having a robust and up-to-date software protection and licensing system is crucial, especially in this connected age where cracks can be made available to millions in a few keystrokes.

Many businesses suffer losses, running into billions of dollars because of software piracy. According to Business Software Alliance (BSA), more than a third of all software in use is stolen. This criminal act costs publishers billions each year, which, in turn, drive up the price for legal software. Besides this, there are several security issues that businesses have to grapple with.

Consider these thefts and cybercrime scenarios:

Statistics from Software Alliance shows that about four in ten software installations are illegal. These installations have a commercial value of more than $51 billion. The above crimes are just the tip of the iceberg when examining the need for organizations to have a solid software protection service. In fact, the need for software protection and implementing tight security measures goes beyond software publishers.

The question now is how to address this challenge

Security Image

To effectively respond to these challenges, PACE has developed a robust software protection platform service. With over three decades of winning the challenge and over 32 million licenses for our customers, we understand the kind of software protection service our customers need to protect their systems.

Why choose our software protection service

For organizations who would like to deploy a turnkey software security and licensing management solution, PACE offers a complete software protection service that supports them through the complete product development lifecycle. Whether you are a software publisher concerned about reverse engineering attacks or creating an easy to use activation experience for your customers, we are up to the challenge.

Our Ecosystems gives you several benefits:

Custom Protection Design

Our software protection service allows you to choose the level of protection you want for your product.

Flexible Licensing Model

Through our platform you can design different licensing models; Perpetual, Subscription, Rental, Trials, and more.

Multiple Delivery Channels

To deliver licenses to customers in real time, you can choose between license activation codes, a web portal, and even an API.

Easy to Manage Licenses

Our system gives your customers the power to manage their own licenses with iLok License Manager, reducing your customer support.

In addition to the above, our software protection comes with the following features:

Strong security

Our software protection service helps organizations secure their most vulnerable asset, so they can focus more on serving their customers.

Different license types

We offer several different license types designed to cover varying business needs. These include perpetual, network-based, subscription, trial and timed.

Subscription support

We have simplified our low-cost subscription software protection service for easier control.

Custom settings

Design a security model that works best for your operations.

Full support

Every sign-up comes with quality support from our engineering team on top of the full documentation that our customers receive.

Digital Signing

Ready to make a Pro Tools plugin? Our software service also allows you to digitally sign your binaries for use in Avid Pro Tools as a verified AAX plugin.

We would love to protect your business

To fully tackle security threats, it is crucial that you evaluate software security needs, weaknesses, and strategy. Ideally, you should come up with a security policy to safeguard your systems. With our software protection service, we can help you to secure your systems so you can focus on producing great products and services for your users.

Get in touch with us to schedule an appointment with one of our experienced security experts who will help you understand how our software protection platform service could solve your software security challenges. Partnering with PACE allows you to get ahead of the criminals planning to harm your business.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram