When machines, systems, robots and people work in an industrial environment, various sources provide extensive data input. This is often processed with the help of artificial intelligence (AI) applications. In addition, machines can use this data to learn and optimize their own algorithms using machine learning (ML). For example, cameras are used to check the quality of a product and deviations can be detected quickly and precisely using AI and ML. To protect the ideas of the developers behind this process, manufacturers of applications for AI and ML, which are often written in the Python programming language, need effective technical protection.

Analyst Slash Data examined the popularity of the various programming languages in a 'State of the developer nation' survey. Over 19,000 developers were surveyed in the first quarter of 2021. One of the results: Software developers work with Python the second most frequently, with the main uses being data science, machine learning and applications for IoT.

Attack on the programming language

Due to the growing importance of AI and ML, attackers will increasingly try to get hold of manufacturers' good ideas and profit from them with little effort. Python is typically a point of attack, as the Python source code is delivered as a simple text file and can be read in plain text, which is common for scripting languages. This means that users can - intentionally or unintentionally - change, manipulate and copy the source code and analyze the idea behind it, for example an AI learning algorithm, and use it without authorization (reverse engineering).

As a protection and licensing expert,Wibu-Systems knows the importance of the Python programming language for manufacturers of AI and ML applications. For this reason, the company has launched the 'AxProtector Python' encryption option on the market.

The provider's 'CodeMeter' technology was already able to protect Python software by pre-compiling the EXE files using the Cython compiler. What is new now is the direct and automatic encryption of Python software via 'AxProtector Python', which extends the existing tools of the CodeMeter Protection Suite.

The basic principle of all CodeMeter tools is: first the manufacturers encrypt their software and then they supply the appropriate license key to the user. Users can then use the encrypted software in accordance with their authorizations. The protection hardware 'CmDongle', the software-based activation file 'CmActLicense' or the 'CmCloudContainer', which is located in the cloud, serve as carriers of the license keys.

Via precompilation to protected software

© Wibu Systems

The classic method consists of two steps: pre-compilation and encryption. The Cython compiler is used to convert the Python software into an executable file (EXE) written in C, so that this executable file can then be encrypted using the standard tool 'AxProtector'. This enables manufacturers to encrypt and license their intellectual property contained in the software and thus generate additional revenue under the heading of 'software monetization'. Manufacturers can automatically implement various licensing models - for example, single user licenses, floating licenses within a network or a time-based model. Important data for the Python software can also be encrypted and signed via the CodeMeter Core API. In this way, the manufacturer must create and deliver a specific executable file for each individual platform, which requires technical knowledge.

Direct encryption

The minimum requirements for using 'AxProtector Python' are 'Python 3' and 'CodeMeter 7.30'. The tool encrypts directly, without conversion by 'Cython', and no native code is generated. As the Python software is only encrypted once, there is only a single executable file that runs on the different platforms Windows, Linux or macOS. Only the part that is currently required is loaded into the main memory at runtime and then decrypted, so that the majority of the software remains encrypted. Each function of the 'Python' software is encrypted individually so that manufacturers can generate modular licenses. Users only receive the license keys for what they have purchased. Subsequent purchases are also handled in the same way.

If the manufacturer wants to leave functions and files unencrypted, he can set annotations and control this via entries in the protection definition. The integration of protection is much easier with 'AxProtector Python', as the precompilation step is no longer necessary.

Different encryption tools

Rüdiger Kügler is VP Sales & Security Expert at Wibu-Systems in Karlsruhe.

© Wibu Systems

Similar to a toolbox, manufacturers can use various encryption tools to encrypt the entire software or only certain parts. There is a choice of different 'AxProtector' variants, which are optimized for different programming languages and ensure automatic protection of an executable file, 'IxProtector' for encrypting individual functions and 'IP Protection' to protect software from reverse engineering, but no license keys are required. 'AxProtector Python' complements the existing variants: the standard 'AxProtector', 'AxProtector Java', 'AxProtector .NET' and 'AxProtector CmE' for embedded software.