Product Activation Concept

Question

0.00/5 (No votes)

See more:

, +

I really need a more complete concept of how to manage Product Registration in an online environment. Firstly I will explain what I am trying to achieve and then what I have so implemented so far. Please do not confuse this post with generating license keys, that is already taken care of.

In my application, written in VB.Net (WinForms), I want to create a "Site License" registration scheme. This means that the client only needs to register one installation (server) and all clients (workstations) will verify if the product is registered each time they log into the system. I use MySQL on both the client side and the Web (online) side. The Web DB is only used to store product (client) registration information.

The Registration Process:
1. Registration can only be done on the computer system running "mysqld.exe".
2. Basic information about the user is captured e.g.: Business Name, Business Type, City, State, Country, Contact Person, Contact Email Address, Product installation type (DEMO / Registered which will determine the Expiry Date in the license key).
3. A license key gets generated using:
(i) a unique key (AES 512 encryption) +
(ii) MAC Address (any other hardware key can be used since MAC address can be manipulated) +
(iii)Product Version +
(iv) Expiry Date.
4. Only client information is written to the Local DB while everything gets written to the Web DB, including the License Key, MAC Address, Expiry Date. This is because I do not decrypt the key online, that is done in the application.

From this, one will notice that Hardware Locking is done by incorporating the NIC MAC Address into the license key.

This is all easy and working perfectly. However this is not the problem areas.

Possible scenarios which will affect the license key:
1) Hardware failure, NIC / System replacement - MAC Address is different
2) Software re-installation for whatever reason.

I've even started to implement a random generated Pin Code which will be written to the Web DB and then used to allow any changes to be made to the information stored on the Web DB. This is just adding more complexity to the process, more things to remember, more code that can go wrong. I want to keep things as simple as possible, handle most (if not all) possible scenarios and most importantly it must be effective.

I just need someone to help me with the workflow, not the coding. Coding is not the problem here, my concept / logic is failing me and I am afraid that I am starting to complicate things more than what it is necessary. There is probably a much simpler and more effective way to do this without using third party services.

One can argue that I should maybe consider using a Paid For solution which will handle everything I need to, but this is going to lead to a debate, possible arguments, polling and eventually causing the thread to be closed. In short, I do not want nor do I need to use a Licensing system. My application will not have a huge install base because it is specialized software, however I still want to protect my investment of time, blood, sweat and tears.

Any help will by greatly appreciated. If more clarity is required, let me know and I will edit the post.

Regards,

Tino

Posted 11-Aug-14 4:49am

Tino Fourie

Updated 2-Sep-14 3:40am

thatraja

v3

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

DaveAuld · Answer 1 · 2014-09-02T07:29:00

Solution 1

What you want to do is generate a hardware key that is made up of a number of things;
e.g. hard drive serial numbers, cpu processor serial number (if available), hard drive capacities, bios id, gpu id etc. etc.

You could then use a weighting to determine if it is considered a 'new system' if more than 'x' of these things have changed.

There are a few articles around the net on methods of doing this, you would have to do a search though.

Here is one such similar question on SO: http://stackoverflow.com/questions/2842116/reliable-way-of-generating-unique-hardware-id[^]

Posted 2-Sep-14 7:29am

DaveAuld

Comments

Tino Fourie 7-Sep-14 15:27pm

Dave, Thank you for your reply. I did originally looked into hardware locking and in the end decided against it. The reason for moving away from hardware locking was the fact that my licensing model is based on a site license, which covers all computer systems for a business location. Another reason was to prevent upsetting a user / owner too much with being too critical with piracy prevention. Another reason is that Windows 8 makes it more complicated to gather hardware information and since MAC addresses can be changed by hand, just spoofed it all for me.

I came up with a possible less inconvenient way by using a Pin Code. Randomly generated code for each installation, this Pin Code can never change. It is not stored anywhere on any client computer but instead gets printed on a certificate once. You can not reprint the document once it has been printed. I use the same philosophy as Microsoft, if you loose it you buy a new one. The only place that the Pin Code is stored in on a Web DB which I maintain and to which my application connects every time it is fired up to validate the registration information.

The only drawback I see in this method is that the client needs to be connected to the internet when using my application. BUT also noteworthy to mention is that 99% of my target market will / have to be connected to the internet in any case. So I am not really taxing the client by forcing a permanent internet connection on them.

It is not a full proof system and it will probably get hacked by an experienced hacker fairly easily, but at least I keep the school kiddies from hacking my application.

Thanks again for your reply. It is something I did investigate from the beginning but decided against it in the end.

DaveAuld 8-Sep-14 0:41am

Hi Tino,

In that case the only other option I can think of is a hardward dongle on the site's server hosting the application. It would contain the license and any module/concurrent connection (seat) licenses. Products like Deskey or KeyLok might help. (You can get a dev kit fro Deskey to experiment with, I had one from them in the past).

Tino Fourie 9-Sep-14 13:57pm

Dave, thanks again for another suggestion. I am aware of dongles and also the security is provides any software developer. The only thing I have against dongles is the associated price tag. Security aint cheap I know (and for good reason I should add) but sometimes it just kills the project because of the "cost to client" aspect. On the other hand, I will definitely look into Deskey. It is not a name that rings a bell. I spent a few hours researching 3rd party products an found that there are so many out there. Thanks again for the info mate.