The purpose of the evaluation version of Validy SoftNaos is to let interested parties study Validy Technology software protection in depth. Several aspects of the technology can be scrutinized.

An important asset of the technology is that it does not depend on hidden procedures. The technique is not strong because it performs a secret transformation of the bytecode but because it uses a secret key in a tamper resistant coprocessor. An analog is the difference between restricted cryptographic algorithms for which the algorithm itself must be kept secret and unrestricted ones that combine a public algorithm with a secret or private key. The virtual coprocessor, a pure software implementation of the secure coprocessor, is part of the evaluation package so that applications protected by the translator can be executed. This coprocessor is not tamper resistant. By running the protected application under a debugger, it is possible to access the state of the coprocessor and the instructions after they have been deciphered. Therefore, this evaluation package alone does not provide any actual security.

With a secure hardware coprocessor, the stream of data and instructions exchanged between the application and the coprocessor is still open to scrutiny and modification. However, to observe the hidden state and the deciphered instructions, one must break the secure processor.

In the current version, the use of a software coprocessor makes it difficult to estimate the performance of the transformed application when using a hardware coprocessor. The hardware coprocessor runs slower than the main processor and communicates with it through a bus that limits the rate and latency of the communications but it uses a hardware accelerator to decipher the instructions.

This package is distributed under a Validy license that can be found in Annexe A, Licence simple d’utilisation du « progiciel » Validy® SoftNaos pour Java®, version d’évaluation 1.0.