Solid State Logic (SSL) is a world leading manufacturer of advanced audio production systems for studio, live sound and broadcast. With more than 3000 SSL-equipped facilities operational today,  SSL consoles and recording studio hardware and software are universally recognised for their reliability and outstanding sound quality.

From Hardware to Software

Founded in 1969, SSL has seen an interesting evolution in its product offering . The name “Solid State Logic” was originally derived from their first product - a switching system for pipe organs. 7 years later, the product line expanded to include the first A-series console in 1976, and a big breakthrough with the SL 4000 E Series in 1979. Variants of this console followed, transforming the way music was recorded, and creating an international gold standard in music engineering hardware.

1985 marked the beginning of an era of digital research and development, leading to the development of the 01 - an eight channel recorder/editor. Three decades of continuous innovation landed Solid State Logic not only as a leader in recording hardware, but also professional studio software - both analogue and digital.

SSL and PACE Anti-Piracy

Although SSL is most famous for its rich legacy in analogue studio hardware, the company also has extensive experience in digital audio and DSP development. As the industry grew beyond dedicated hardware-hosted DSP, the release of the ‘SSL Native’ plug-ins signaled SSL’s first steps into the Digital Audio Workstation software marketplace - including the legendary Bus Compressor and Channel Strip plug-ins, inspired by sought-after sound of the SL 4000 E-series analogue console.

The entrance into the software marketplace marked the beginning of a relationship between Solid State Logic and PACE Anti-Piracy. In early 2011 SSL needed a licensing solution for their software and evaluated PACE’s early product InterLok. SSL needed a Machine Based Licensing solution, a solution which PACE was still developing, and ultimately SSL chose an alternative licensing platform. 

It is important to note that license management platforms hold a variety of responsibility on many different levels. Not only does a platform have to securely distribute licenses to end users, the platform must also stay up to date with the latest operating system releases. "Customers are expecting things to work in their environment. In the audio industry, customers often need to avoid upgrading their computers for backcompatibility reasons between sessions. Supporting all of these environments ends up being maintenance and testing for the developer and you need a platform that can target all these things and is going to work. There are a lot of changes to keep up with. I don't think this would be possible were we doing all of this in house!” remarked Jon Sandman, Product Manager at SSL. 

In 2013 an OS release caused a variety of issues with the SSL licensing system. The licensing vendor SSL had chosen was unable to maintain the software updates needed to continue uninterrupted service and a good user experience when a major release occurred. The issues caused the team at Solid State Logic to reach back out to PACE Anti-Piracy. “We needed a solution that was widely supported and from a supplier that made the integration process fast and straightforward. We had already used proprietary and less well known securitization solutions, and familiarity and market acceptance had been seen as barriers to success.”

By this time, PACE had developed and released Eden - a robust license management system with Machine-Based Licensing and security - exactly what SSL needed. James Motley, Head of Workstation Products at SSL at the time, was concerned about the cost to migrate license management platforms to PACE, and the effect it would have on business. PACE was able to work with the SSL and Audiotonix team to create flexible pricing and tiers. 

When asked why SSL chose to go to PACE for their licensing needs, Jon Sandman said “We were aware of a number of successful companies using PACE security solutions in our industry. Many of our customers were already familiar with PACE, and so in looking for a securitization solution, PACE was an obvious choice.” When asked why SSL did not choose an alternative licensing solution, Jon continued “Market acceptance is important to us. Securitization and piracy prevention measures are a sensitive subject for our customers, and since PACE had already achieved acceptance with users and established themselves as a leader in our industry, a significant hurdle was overcome from the offset.”

“It is especially important to SSL that we also protect our IP. Emulations of SSL hardware, for example - if someone were to pick the software apart, then it would be a real shame for the dedicated plug-in development and DSP team that we have here at SSL.”

More Than Just Licensing

In addition to offering security and licensing services, the PACE Anti-Piracy brand also houses JUCE - an open-source cross-platform C++ application framework, used for the development of desktop and mobile applications. JUCE has been an integral part of the SSL software development framework. SSL has expanded software plug-in development - going from 10 plug-ins, to regularly releasing on average 2 plug-ins every quarter bringing the current total to 22.

“Not only our plug-ins, but our desktop application is in JUCE - the virtual mixer. We are reaping some of the benefits of the JUCE framework - including graphics improvements - in our SSL 360° desktop application and our new 4K B plug-in which used the latest JUCE release. The 4K B channel strip plug-in is an analogue model of the SL 4000 B-series console channel - an entirely new SSL channel strip for your productions - complete with 360° Plug-in Mixer (your virtual SSL console) and first-class integration with the SSL UC1 and UF8 for hands-on control.”

The Audio Developer Conference

With PACE’s acquisition of JUCE also came the stewardship of the Audio Developer Conference (www.audio.dev). ADC will host its 7th annual conference in London and Online this year November 14 -16, 2022.

Solid State Logic supported the mission of the Audio Developer Conference with silver sponsorships in 2021. 

The SSL team participated both online and in-person during the conference, presenting a talk How to Stand the Test of Time (Despite The Time it Takes to Test) by Jon Sandman. When asked why the Audio Developer Conference is important, Jon remarked “It is great to connect with the people that make the products you love.”

“I’ve always had an interest in accessibility and UX. It is a pretty broad subject, and going to ADC and actually connecting with experts in that field inspired me, and gave me a mental roadmap of what we can do and what our focus can be, which is important for me as a Product Manager.”

Conclusion

PACE Anti-Piracy brings a standard in professional audio software licensing that many companies rely on. We take great pride in working with organizations like Solid State Logic to ensure their software licensing needs are met. In addition, we are honored to expand our connection to SSL through our brands JUCE and the Audio Developer Conference. We look forward to a continued partnership on all levels!

For more information on the new SSL 4K B plug-in, please visit: https://www.solidstatelogic.com/products/ssl-4k-b

For more information on the Audio Developer Conference visit https://audio.dev

PACE Anti-Piracy was featured in a recent edition of Cyber Defense Magazine with an article titled “Are We Shifting Left Enough” written by Douglas Kinloch, VP of Business Development.

The term “shift left” is centered on the idea that Application Security efforts are now happening at earlier stages of the development lifecycle. Mr. Kinloch adds to the discussion by raising the questions “how far left does an organization need to shift?”

He writes: “Shift Left” is in danger of becoming a buzz-word, much as “End Point” did 20 years ago. In software development, it is clear that the idea of moving security awareness from traditionally the last thing considered before shipping, to something every developer understands, can implement, and can act accordingly has to be a good thing. “Zero Trust” is another buzzword that may travel hand-in-hand with Shift Left, but as many are beginning to point out there is no single Zero Trust silver bullet, it’s a process. As a process it needs to be the default setting of any designer of any system relying on IT networks, connectivity or software.”

How should developers and analysts begin to think about answering the challenge? 

At PACE we are users of software tools that ensure the Licensing products we supply to our customers and partners remains as secure as possible. It is a different approach to most License Management tools where there is an emphasis on process, revenue management and software monetization. It is our belief that if the License Manager can be compromised, then all the software monetization tools in the world can’t maximize revenue or protect developers’ IP.

PACE Shifted Left Early

In order to deliver such security the Developer team at PACE “shifted left” in the early 2000s and delivered iLok License Manager, secured by deep understanding of application code, and use of our Fusion Application Protection tools; Anti-Tamper and Obfuscation. To further secure customers’ IP and revenue streams, White Box Works ensures the security of the cryptographic keys within the entire system. 

PACE is now offering the same capabilities to partners across a number of markets, supporting Software POS and High Value Software customers, protecting IP and vitally important business logic from outside interference.

Conclusion

The assumption that compiled app code will be accessed, and that attackers have the tools and skills changes the security calculus completely. 

Zero Trust means that developers protecting their code understand that the actual end-point is not the device, or even the application within that device, but is the source code on the developers’ machine - before it’s even compiled. So when you decide to Shift Left, as we did, ask yourself, “how far?”


Find the full article in Cyber Defense Magazine.

For more information on how PACE tools can help your organization shift left, contact us.

Next-gen ‘White-Box Works’ code generator launches complete with EMVCo Software-Based Mobile Payment security evaluation certificate

1st March 2022 - San Jose, California - Banks, payment service providers (PSPs), schemes, and other financial institutions can now benefit from a uniquely high level of sensitive data protection and application attack resistance, following today’s launch of White-Box Works, a next-generation EMVCo-evaluated White-Box code generator, from PACE Anti-Piracy. 

Unlike traditional solutions, White-Box Works gives the customer complete, independent control over their protected code, ensuring their encryption keys and proprietary algorithms never leave the customer’s premises. White-Box Works can transform any C-code into a protected white-box variant in a single step, offering unparalleled flexibility, security, and efficiency.

This level of in-house control also promises to increase operational efficiency for the customer, since they are no longer beholden to a white-box library vendor’s build schedule and can develop their application in accordance with their internal schedules. It also enables the customer to use, replace and update their deployed encryption keys and algorithms at will, with no need to re-engage PACE Anti-Piracy, or any other third-party vendor, to do so. 

White-Box Works has been designed to defeat a variety of sophisticated attacks, including those involving reverse engineering, fault injection, and advanced statistical analysis (such as Differential Computation Analysis).

White-Box Works outputs code that has been designed to defeat a range of attacks to which many encryption-dependent financial apps remain vulnerable, including, for example, those supporting mobile payments, digital identity, self-service retail, and softPOS use-cases. 

White-Box Works has also achieved an EMVCo Software-Based Mobile Payment (SBMP) security evaluation certificate, following a successful EMVCo SBMP Evaluation conducted by global security lab, Riscure. 

“Statistical Analysis attacks are the bane of all white-box encryption protection solutions,” comments Allen Cronce, CEO of PACE Anti-Piracy, Inc. “We are very proud to be equipping the financial services industry with a solution capable of addressing these and other vulnerabilities. White-Box Works represents a significant step forward in the encryption protection space, and will give banks, PSPs, schemes, and other financial sector users greater confidence in the security of their sensitive data. We’re also delighted to accompany the launch with news of White-Box Works’ EMVCo SBMP evaluation certificate and are grateful to Riscure’s talented penetration testers. The entire Riscure team has been a pleasure to work with throughout the rigorous EMVCo evaluation process.”

“Riscure is proud to have assisted PACE Anti-Piracy in achieving an EMVCo SBMP evaluation certificate for White-Box Works,” adds Maarten Bron, Managing Director of Riscure North America. “This innovative technology provides a unique security capability for solution developers as it supports the creation of white-box instances for any algorithm, allowing for optimal flexibility and developer freedom when the protection of cryptographic keys is vital. This makes White-Box Works not only useful in payments, but also in other fields such as digital rights management, eHealth, IoT, automotive and more.” 

“It's also noteworthy that White-Box Works was evaluated as a stand-alone technology and did not require the additional protection of binary hardening and tamper-proofing technology to receive an EMVCo security evaluation certificate,” adds Allen Cronce. “I believe this is another industry first for White-Box Works. It’s an unmatched achievement we are immensely proud to highlight.”

White-Box Works is available now. For more information, please visit our White-Box Works webpage or contact PACE Anti-Piracy at [email protected]

About PACE Anti-Piracy, Inc.

PACE Anti-Piracy, Inc. is a privately held company based in San Jose, California. Since 1985, PACE has provided software publishers and distributors with high-quality solutions for secure software distribution. PACE products are used by a growing number of world-class software publishers around the world.

www.paceap.com 

About Riscure

Founded in 2001, Riscure is a leading global advisor on the security of connected and IoT devices, as well as a recognized vendor of advanced security testing tools and security training. Riscure helps customers around the world to build robust hardware and software solutions and to speed up the process of secure development and certification. Riscure is the thought leader in Mobile Security and has been the front runner on security analysis of White-box Cryptographic implementations since 2012.
www.riscure.com

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram