Secure and Protect Your Binary Code
Our tools allow you to dial up or down the security level per product. With the flexibility to apply different levels of protection to each binary, you can balance security with performance or the end-user experience.
Fusion - Our State-of-the-Art Protection
Fusion works by blending your binary with our protection, creating a unique per-product fusing. Every binary has its own custom and unique binary protection. The hacking community hates the fact that the compromise of one binary would have no effect on the security of any other protected binary. When Fusion protection is combined with binary wrapping, your binary is at its most secure.
How does it work?
Our compiler proxy technology injects code into your sources at build time. We've created a mostly automatic system that you 'train' by running special builds. There are ample configuration options to allow you to balance security and binary performance.
While Fusion provides you with the absolute top-of-the-line protection, there may be a reason you do not want to use it on every product. PACE tools can also be used to create a protected version of your binary without requiring you to make changes to your code. Using our tools to wrap your binary and using the optional digital signing will still provide you with serviceable protection.
Digital content publishers need technological solutions to enforce their product licensing terms, but protecting digital content can be challenging. Unlike software, content generally does not have an executable component, so the content itself cannot enforce how it is used. PACE Eden Content Protection allows you to securely tie your content to an executable (a content player) and to protect both your content and your content player.
The Eden Licensing Platform allows you to digitally sign your binary, regardless of whether you use our tools to protect and/or wrap your binary. Unlike our previous protection tools which employed a proprietary digital signature implementation, Eden leverages the operating systems' digital signature support and extends it with our own signing technology. Your binary is first signed using the appropriate platform signature technology, then a PACE tool signs that first signature using PACE digital signing credentials.
The result is that first and foremost the resulting binary will appear to be well-signed for the platform, which means the the operating system will think it is signed and will not know about the PACE signature. But PACE customers with access to the full Eden SDK can make simple, cross-platform Eden API calls to verify that the binary was signed correctly for the platform and that it was digitally signed by a PACE publisher. Additional Eden API calls can be used to determine which publisher performed the signing, the product that was signed, and other signing details.
How do I sign my binaries?
Digital Signature requires just a few simple steps. First, you'll need to have a platform specific signing certificate for each of the platforms that you support (Mac OS and Windows). Next, use PACE Central, the PACE web portal, to define some preparatory settings. Then use our command-line tool to sign your binary. Creating the settings and signing the binary can be done in a matter of minutes. A comprehensive Getting Started Guide, included in the PACE Eden SDK, will walk you through the entire process.
- If you have a full license for the PACE Eden toolset, during the creation of your Wrap Configuration, simply choose a Binary Security option that includes "Digitally Sign".
- If you are a current PACE Digital Signing Services customer but do not have a license for the PACE Eden toolset, please contact our sales team.