License Keys
-
I'd like to include some sort of license key (30 day free, etc) with my software. Firstly: for example, if I download Adobe Illustrator and use it for 30 days - it is smart enough to to know that if I uninstall and reinstall - it still won't work. Maybe it's using the registry and storing an obscure key somewhere? I'm interested to know is there a defined (API) way to do this? Or is it mostly "security by obscurity." I know nothing is perfect ... there are plenty of "FIXES" for my favorite first person shooters, but if you're trying to limit trial durations or license software for any fixed period of time, is there a fairly "strong" technique to do this? Finally, if I want to limit an installation to one machine ... I guess I can have the user register online (ala MS) after which I'd probably implement some type of handshake - and then query for something like the Network Card id ... like GUIDs are generated. But, is that "correct?" Do motherboards have serial #s yet? Or, is there a different approach that would suit me better. Looking online, I'm not sure what topics to Google ... suggestions would be most appreciated. Many thanks, -Luther
-
I'd like to include some sort of license key (30 day free, etc) with my software. Firstly: for example, if I download Adobe Illustrator and use it for 30 days - it is smart enough to to know that if I uninstall and reinstall - it still won't work. Maybe it's using the registry and storing an obscure key somewhere? I'm interested to know is there a defined (API) way to do this? Or is it mostly "security by obscurity." I know nothing is perfect ... there are plenty of "FIXES" for my favorite first person shooters, but if you're trying to limit trial durations or license software for any fixed period of time, is there a fairly "strong" technique to do this? Finally, if I want to limit an installation to one machine ... I guess I can have the user register online (ala MS) after which I'd probably implement some type of handshake - and then query for something like the Network Card id ... like GUIDs are generated. But, is that "correct?" Do motherboards have serial #s yet? Or, is there a different approach that would suit me better. Looking online, I'm not sure what topics to Google ... suggestions would be most appreciated. Many thanks, -Luther
Ah -- one more ... I have Pro Tools and their higher end software requires a dongle (USB key). Mark of the Unicorn used to include a floppy disk - which would include exactly one install. If you moved your software or wanted to reinstall, you had to UNAUTHORIZE your hard drive back to the floppy, reinstall, and then AUTHORIZE the hard drive. I assume that floppy was a "special" floppy in that, you couldn't just make copies of it and create your own unlimited AUTHORIZATIONS ... but I never knew what they did to AUTHORIZE the hard disk. Can you write to a SECRET section? Or again, is this all "security by obscurity" and they simply hid some mark someone on the disk. How could they guarantee that no one would write over it? Many thanks for any suggestions -- last part of an prototype project - and I'm not sure how whether to secure it with a home grown approach? or if there were some accepted industry practices. Thanks Again, -Luther
-
Ah -- one more ... I have Pro Tools and their higher end software requires a dongle (USB key). Mark of the Unicorn used to include a floppy disk - which would include exactly one install. If you moved your software or wanted to reinstall, you had to UNAUTHORIZE your hard drive back to the floppy, reinstall, and then AUTHORIZE the hard drive. I assume that floppy was a "special" floppy in that, you couldn't just make copies of it and create your own unlimited AUTHORIZATIONS ... but I never knew what they did to AUTHORIZE the hard disk. Can you write to a SECRET section? Or again, is this all "security by obscurity" and they simply hid some mark someone on the disk. How could they guarantee that no one would write over it? Many thanks for any suggestions -- last part of an prototype project - and I'm not sure how whether to secure it with a home grown approach? or if there were some accepted industry practices. Thanks Again, -Luther
-
I'd like to include some sort of license key (30 day free, etc) with my software. Firstly: for example, if I download Adobe Illustrator and use it for 30 days - it is smart enough to to know that if I uninstall and reinstall - it still won't work. Maybe it's using the registry and storing an obscure key somewhere? I'm interested to know is there a defined (API) way to do this? Or is it mostly "security by obscurity." I know nothing is perfect ... there are plenty of "FIXES" for my favorite first person shooters, but if you're trying to limit trial durations or license software for any fixed period of time, is there a fairly "strong" technique to do this? Finally, if I want to limit an installation to one machine ... I guess I can have the user register online (ala MS) after which I'd probably implement some type of handshake - and then query for something like the Network Card id ... like GUIDs are generated. But, is that "correct?" Do motherboards have serial #s yet? Or, is there a different approach that would suit me better. Looking online, I'm not sure what topics to Google ... suggestions would be most appreciated. Many thanks, -Luther
My personal preference is to use the install date/time in a reversable math function and store it in an obscure place in the registry. Any activation/licence keys would then be tied to the specific date/time of the install and therefore useless for activating other installations of the program. Of course that makes the keys useless for re-installation purposes on the same system also (after a wipe out and reload of OS), which would be a legitimate use. One way to identify a system by hardware would be to read the mac address of the NIC. Again far from foolproof as it assumes a system will have a NIC and it won't be replaced, but if you work with a combination of the date/time and MAC address and allow your activation keys to work if either matches the original, you should get pretty good security with minimal false positives.
-
Sorry if I wasn't clear. I want to understand/write/test/build/architect this functionality. Not purchase it.
-
My personal preference is to use the install date/time in a reversable math function and store it in an obscure place in the registry. Any activation/licence keys would then be tied to the specific date/time of the install and therefore useless for activating other installations of the program. Of course that makes the keys useless for re-installation purposes on the same system also (after a wipe out and reload of OS), which would be a legitimate use. One way to identify a system by hardware would be to read the mac address of the NIC. Again far from foolproof as it assumes a system will have a NIC and it won't be replaced, but if you work with a combination of the date/time and MAC address and allow your activation keys to work if either matches the original, you should get pretty good security with minimal false positives.
Thats a pretty good idea. No matter how many times the user installs or wipes the computer and tries to reinstall, the license expires on the expiration date as defined when the license was created. Could almost get away with a simple file then. I guess this approach is only as strong as the strength of the Reversible Function ... Thanks for the suggestion. -Luther
-
Thats a pretty good idea. No matter how many times the user installs or wipes the computer and tries to reinstall, the license expires on the expiration date as defined when the license was created. Could almost get away with a simple file then. I guess this approach is only as strong as the strength of the Reversible Function ... Thanks for the suggestion. -Luther
Use the registry not a file or all the user has to do is look for a new file in certain areas and delete it. Elaine :rose: The tigress is here :-D
-
Use the registry not a file or all the user has to do is look for a new file in certain areas and delete it. Elaine :rose: The tigress is here :-D
If the user finds the file - and deletes it, the software will no longer work. And unless the user can reverse engineer the function that created the key in the first place, the user cannot create a new file and extend the license. In the world of ssh and encryption, security by obscurity is generally considered a bad or weak thing. That is one of the reasons why DES, 3DES, AES, etc are public algorithms. Security by hiding things is not quite as secure as using "hard to decode" techniques. It seems that a file created using this premise could very well be public. I think you have a good point from a practical standpoint though. It may be so timeconsuming and impractical to search the entire Registry for an obscure key ... that no normal user would do it ... If memory serves me correct, http://www.ssh.com/products/tectia/client/non-commercial.html distributes a license file and http://www.vandyke.com/ actually gives the user a KEY to enter into the software manually. There's no hiding much of anything here. Given the abovee points, can you elaborate and the danger you think exists in using a license file? Thanks much, -Luther