Welcome to our FAQs | Q&A corner
Getting started
We are still uploading and improving the contents of the FAQ sections, but we already have a large amount of information available for our popular product items. Please, start browsing our FAQs, it is highly likely that you will find an answer to your question. You can also explore and compare Longmai products in our Online Store, and get a price quote from our Sales representatives.
Don’t forget to share your thoughts with us through the feedback form.Tell us what you want! Our Sales Specialists are standing by to answer your questions.
Frequently asked questions and answers
- All
- Copyright Protection
- Corporate
- Data Protection
- General Questions
- Identity Authentication
- Product Related
- Technical
- Technologies
What is a digital certificate?
In public key cryptography, one of the keys, known as the private key, must be kept secret. The other key, known as the public key, is intended to be shared with the world. However, there must be a way for the owner of the key to tell the world who the key belongs to. Digital certificates provide a way to do this.
A digital certificate is a digital form of identification, much like a passport or driver’s license. A digital certificate is a digital credential that provides information about the identity of an entity as well as other supporting information. A digital certificate is issued by an authority, referred to as a certification authority (CA). Because a digital certificate is issued by a certification authority, that authority guarantees the validity of the information in the certificate. Also, a digital certificate is valid for only a specific period of time.
Digital certificates provide support for public key cryptography because digital certificates contain the public key of the entity identified in the certificate. Because the certificate matches a public key to a particular individual, and that certificate’s authenticity is guaranteed by the issuer, the digital certificate provides a solution to the problem of how to find a user’s public key and know that it is valid. These problems are solved by a user obtaining another user’s public key from the digital certificate. The user knows it is valid because a trusted certification authority has issued the certificate.
In addition, digital certificates rely on public key cryptography for their own authentication. When a digital certificate is issued, the issuing certification authority signs the certificate with its own private key. To validate the authenticity of a digital certificate, a user can obtain that certification authority’s public key and use it against the certificate to determine if it was signed by the certification authority. For more information, see Digital Signature and Wireless PKI.
Other Information
What is a certification authority (CA)?
Certification authorities are the organizations that issue certificates. They establish and verify the authenticity of public keys that belong to people or other certification authorities, and they verify the identity of a person or organization that asks for a certificate.
Feedback and Support
You can provide feedback by completing the Longmai Feedback form, or contact us directly through our Contact Us Page.
What is Digital Signature Certificates?
Digital Signature Certificates (DSC) is the electronic format of physical or paper certificate like a driving License, passport etc. Certificates serve as proof of identity of an individual for a certain purpose; for example, a Passport identifies someone as a citizen of that country; who can legally travel to any country. Likewise, a Digital Signature Certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally.
How it Works?
A Digital Signature Certificate explicitly associates the identity of an individual/device with a pair of electronic keys – public and private keys – and this association is endorsed by the CA. The certificate contains information about a user’s identity (for example, their name, pincode, country, email address, the date the certificate was issued and the name of the Certifying Authority that issued it). These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user’s computer hard disk or on an external device such as a token. The user retains control of the private key; it can only be used with the issued password. The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
What is the difference between a Digital Signature and a Digital Signature Certificate?
A digital signature is an electronic method of signing an electronic document whereas a Digital Signature Certificate is a computer based record that Identifies the Certifying Authority issuing it. Has the name and other details that can identify the subscriber. Contains the subscriber’s public key. Is digitally signed by the Certifying Authority issuing it. Is valid for specified period of time.
The pirated license fee savings is greatly under estimated. Software developers are constantly looking for cost effective copy protection solutions. mLock is simple to integrate and work with yet powerful solution to save you time and energy when protecting (with high level of strength and security) the sales / distribution of software from piracy!
Longmai mLock models based on unique fully programmable smartcard chip technology offer strong copy protection for software publishers at much lower costs than any other dongle in the market.
Yes. Our SmartTime dongle supports real time clock. You can use it to securely set an expiry date limit on the issued software license.
All our products (including cards, token and dongles) are compatible with major operating systems like Windows, Mac, and Linux and even Mobile OS (for the Bluetooth product models)
Reserving API function interfaces during software developing, invoke the interfaces when developers integrates software with dongle. When software is running, dongle will verify on visitors’identity, only legal visitors can get accessed. Dongle offers multiple interfaces,software developers are free to define their custom interfaces and integrate our products to fit their needs.
Absolutely. Take advantage of our low prices and customizable product series. We can even help you with your clients’ color of preference of for your purchase. We offer a variety of different product models. Click Contact us to find out more.
Authentication and Authorization
Code security protects the normal, day-to-day operations of an app, tool, or daemon. But what happens when your code is under siege? It is often essential to know not only what the user is doing but also who the user is and whether the user is allowed to do that. This is where authentication and authorization come into play.
Authentication
-
“If you know yourself but not your enemy, for every victory gained you will also suffer a defeat.” — Sun Tzu, The Art of War
When securing software, the first thing you must do is find a way to distinguish friend from foe. This process is called authentication.
In computer security, authentication verifies the identity of a user or service. Authentication usually serves one of two purposes:
- As a precursor to authorization, identifying the requesting entity to determine whether that entity should have permission to perform an operation
- For producing an audit trail by logging who performed an operation so that blame can be cast when something breaks
Three types of authentication are most common:
- Local user authentication. Verifying a user’s identity is usually performed by the operating system as the first step in authorization. If your code is running as a normal user, the operating system limits what your code can do based on that user’s permissions. Your code can also ask the operating system for the identity of the user for auditing purposes.
- Network host authentication. Verifying the authenticity of a remote server is often necessary—for example, to determine whether it is safe to send credit card information to a specific website.
- Remote user authentication. Users are often authenticated by remote servers when performing certain tasks. Authenticating a user remotely requires that your code send credentials in some form, such as a password, a cookie, or a digital certificate.
Authorization
Authorization is the process by which an entity such as a user or a server gets permission to perform a restricted operation. The term is also often used to refer to the right itself, as in “The soldier has authorization to enter the command bunker.”
The difference between authentication and authorization is somewhat subtle. Often, the mere fact that a user has an account means that the user is authorized to do something, in which case authentication and authorization are the same thing. However, in more complex systems, the difference becomes more obvious.
Consider a computer with two users. Each user is known to the system. Therefore, both users can each log in to the computer, and it authenticates them. However, neither user is authorized to modify the other’s files, and as a result, neither user can do so.
Third-Party Documentation
There are a number of excellent books on computer security that you should consider reading. Here are just a few of them, grouped into subject areas.
Threat Modeling
- Howard, Michael, and David LeBlanc. Writing Secure Code (second edition), Microsoft Press, 2003.
- Anderson, Ross. Security Engineering: A Guide to Building Dependable Distributed Systems, 2d ed. John Wiley & Sons, 2001.
Fuzz Testing
- Sutton, Michael, Adam Greene, and Pedram Amini. Fuzzing: Brute Force Vulnerability Discovery, Pearson Education, 2007.
Cryptography
- Schneier, Bruce. Applied Cryptography. 2d ed. John Wiley & Sons. 1996.
- Brands, Stefan. Rethinking PKI and Digital Certificates: Building in Privacy. The MIT Press. 2000.
Other Secure Networking Protocols
- The authentication model for HTTP is described in RFC 2617, HTTP Authentication: Basic and Digest Access Authentication.
- For information on the SSL protocol for secure networking, see the IETF SSL Version 3.0 Draft Specification. For the TLS protocol, see the TLS Working Group website and RFC 5246.
- Documentation of the AES encryption algorithm used for FileVault is available on the National Institute of Standards and Technology (NIST) website.
- Not really.
- According to our internal testing results, performance difference when using a simple and complex algorithms vary within just few milliseconds. The end user can’t even notice the difference at all (optimize by limiting frequent calling of the algorithm function)
Technical Support
Keeping your firmware or software up-to-date is one of the most important things you can do to maintain your Longmai product’s security. For technical support or instructions on how to update our products firmware or software, please contact us. Most of Longmai product models are sold with limited warranty. We keep our customers informed on latest software updates or bug fixes via email or phone. We provide sFTP or Website links to obtain the latest product firmware upgrades.
First of all, we would like to thank you for your interest in Longmai’s Partner Program.
Your application for registration to distribute LONGMAI eligible products will be considered once we have received your completed request form and authorized signature:
- Please complete Distribution and Resale Application Form providing details in all fields, attach product testing report or solution demo and submit it via email or fax eFAX to: +8610-62313636, attn: Longmai Partner Distribution Request; Email to info@longmai.net Subject: Longmai Partner Distribution
- Your application will be reviewed, and Distribution and Resale Application Form will either be accepted or declined within 5 working days.
- Century Longmai will contact you to progress your application and Sign Partner Agreement
For more information on how to proceed, please send us Email feedback or checkout our Partner related Links below:
Click to access Distribution and Resale Application Form, fill and send back to Century Longmai.