license-key for software [closed]

StackOverflow https://stackoverflow.com/questions/5830008

  •  27-10-2019
  •  | 
  •  

Question

I am at the first experience of releasing my windows application and I don't have a cue how I should move on. Here my question:

I have my own website running on hosting. I would like to implement a customer portal so after receiving an order I will provide a username and password via email where users can download the activation code. I know that this is a big question...How to protect my application against duplication? Do you know what is the "best" solution to apply license system to my software?

  • How I can force the application to be excuted just on specific pc? Is it complex to achive?

  • In this scenario should I create a new build for each user so the activation key will unblock just the right build?

  • If so I understand that each profile will have its own build file along with activation code and a sort of service agreement information (i.e. 1 year of free updateds). Again I see it to complex to manage, for every changes in the application I need to compile, build and upload new version...? Ok... my application right now is a simple exe file with some folders and xml configuration files but what in future...?

  • Is it possible just to share among all user a single application file which can be activated by using the user activation code (in this scenario user will have his own profile just for activation key and SA information). what about security? if someone share the activation code I guess the application can be unblocked anywhere.

  • Should I implement the customer portal on a dedicated server (i.e) ? I don't have possibility to install my own server. What do you think about virtual server on ISP?

  • What about invoicing and ordering process? You think that an ecommerce commercial solution is a good choice? For istance I was thinking to get order via email or fax and then process the license (still don't know how) and send invoice whith information for payment (i.e wire tranfer). What do you think?

  • If the software it would cost (still don't know the price) let's say less then 30 dollars does it make sense to use as payment method a wire tranfer? What about share-it.com? Is it safe? Do they also handle customer portal?

Thanks a lot.

Was it helpful?

Solution

i would go with similar system to what i have seen used by Nod32 ( which is why i don't use it anymore, but still suggest to buy for everyone else ).

Application has two states: demo and full. You can use the demo version for time period of 30 month.

And each application has a product key, which is daily verified against remote server. If verification fails, application slips back into demo mode.

If the verification server is unreachable, you show user a message that "verification server unreachable, check your connection or verify manually". Then try again in an hour. If for .. lets say .. 3 days application hasn't been verified. It does into demo mode.

If user, which has connection issues clicks on notification bubble, he sees a view containing information about how to verify manual or button for "try again".

For manual verification you have a generated code (based on his hardware data), which he can enter in your website together with his product key. And get a number for manual verification.

my 2 cents.

OTHER TIPS

The usual way to prevent users from just replicating your application on many machines is 'node-locking' - at runtime the application checks that certain machine parameters match the values recorded in an encrypted license key or activation record. The Ethernet MAC address is a popular locking parameter, but this is not a good choice as on some systems the MAC address can be set or spoofed. A combination of parameters such as Windows ID, machine name, perhaps user log-in name etc. is more secure.

To issue a license you either request these details from the user or have them run a small utility that writes them to a file they send to you. You can then encrypt them in the license key, which can also contain other information such as a trial or subscription time limit, feature configuration info etc.

Alternatively, all this can be done automatically using [product activation][2]. When your application first runs it connects to a hosted license server, checks it is a valid license, and automatically reads the names of the locking parameters on its host, so it can then encrypt them and persist them in a local file it then reads each time it runs after that (so the app does not need to connect to the server again after the initial validation). If you go the activation route it is much more convenient for you and your users.

Whatever route you go, you need to think about: - Integration with your chosen ecommerce provider/payment processor? - How to handle users who don't have an Internet connection? - How to support users who want to relocate their license, perhaps because they bought a new system? Can you ensure they have only one copy active at any one time? (and you may also want to limit how often they can relocate their license). - If you lock to several machine parameters, can your locking system accommodate the user upgrading part of their system, so potentially causing one of the node-locking parameters to change? - If the user's system crashes, how can they get their license running again on another machine? - How do you issue trial licenses? - How do you protect against people who try to hack your license protection? - Might you in future want to configure features in your product e.g. offer different price points, or different combinations of features to different types of users. Can your licensing system handle this?

All these issues and more have of course already been considered and resolved by competent commercial licensing systems.

How I can force the application to be excuted just on specific pc? Is it complex to achive?

You can store his computer ID/Key pair in your database.

In this scenario should I create a new build for each user so the activation key will unblock just the right build?

No. Definitely you do not want to create 1000 builds for 1000users.

If so I understand that each profile will have its own build file along with activation code and a sort of service agreement information (i.e. 1 year of free updated).

It is easy to manage it with a right tool. You can ‘bind’ each key to a specific version range of your product (say v1.0.00 – v2.0.00) or specify the validity period of the key ( SaaS scheme)

Is it possible just to share among all user a single application file which can be activated by using the user activation code ..?

Yes. It’s called floating or network licenses.LAN license server allows to run some limited number of product’s instances in corporate network. This approach is widely used by corporate customers.

Should I implement the customer portal on a dedicated server (i.e) ? I don't have possibility to install my own server. What do you think about virtual server on ISP?

It depends on what you mean under ‘own server’. You can’t run separate daemon/process on shared hosting, you need VPS or dedicated server. But you can use the solutions that are present on the market already.

Why do you need to implement activation system yourself? And run servers yourself? It may appear a far more complicated and costly as it seems.

ActivationCloud https://activation-cloud.com provides a good set of features that can fit needs of ISVs that is selling software to home and corporate user. Consider to use it.

Read my question "A licensing system for my (WinForms) application. Would this be secure enough? (Within reason)"

I listed a few possibilities.

Mainly, I noticed that you wanted the program to be only runnable on a specific PC, for which I used a function which returns a unique code for each PC, and required it to be the last 5 characters of the Product Key.

Hope this helped. :)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top