About Transaction Keys
Products that use FlexNet licensing with a trusted license model require at least one transaction key. (Do not define transaction keys if products are licensed only with certificate license models. )
A transaction key consists of a trusted ID, a set of transaction key seeds, and a set of bindings. The transaction key determines a FlexNet Publisher Licensing Toolkit Trusted ID configuration. FlexNet Operations provides no direct access to the Trusted ID configuration.
Anchoring Types
Anchors record the deletion and restoration of trusted storage. Available anchors are dependent on the operating system and provide different levels of security. The following table describes the anchoring types on different platforms:
Note:When the transaction key binding type is set to Virtualization-aware Fingerprint, only Windows (registry and track zero) and Linux (file based) anchoring are supported.
|
Anchoring Type |
Description |
|
Registry |
Windows: Windows registry entry |
|
Track Zero |
Windows: Write to track zero |
|
File Based |
Macintosh, Solaris, Linux: Anchors written to system files |
|
OSX File Based |
Macintosh: Anchors written to system files |
Transaction Key Usage
As long as all transaction key seeds are random, no transaction key is intrinsically more secure than another. However, if a Trusted ID configuration is compromised, the transaction key that created that Trusted ID configuration may be compromised.
Consider creating several transaction keys to use for different types of activations or products. For example, one transaction key could be used for regular activations, one for local trials, and one for short code activations. If you support activation of products of different values, consider linking high value, narrowly distributed products with one transaction key and lower value, widely distributed products with a different transaction key.
Linking different transaction keys (and, therefore, different Trusted ID configurations) to different distribution mechanisms or products has a security benefit: high value or securely distributed products are not at risk if the Trusted ID configuration for lower value or less-securely-distributed products is compromised.
Virtualization-Aware Transaction Keys
Similarly, consider using virtualization-aware transaction keys (in addition to default transaction keys) for products that may run on virtual machines. A virtualization-aware transaction key binds to the VMID of a virtual machine and, therefore, results in a binding that is specific to that instance of the virtual machine. (Clones of a virtual machine each have a different VMID.) However, when running on a virtual machine that the licensing client does not recognize as a virtual environment, the licensing client uses the default transaction keys, treating the machine as if it were a physical machine.
Note:Virtualization-aware transaction keys require FlexNet Publisher 11.10 or later.
Important:Transaction keys cannot be imported using the Product Packaging web service.
See Also