Offline authorization systems (VB, net)

Question

0.00/5 (No votes)

See more:

I've finalized my code - its currently running in a beta mode in a commercial environment, but it's time for the next step. Moving towards a commercial product.

Can anyone shed some insight.

the way I would like it to work is the following.

take unique ID's from the computer:
motherboard serial
cpu serial
windows serial
(I won't use Mac address or HDD serial numbers as these are allowed to change)

I also want to append additional information such as:
customer name
reseller name

All of the above information will be included within the authorization string.

I need to be able to construct a value to each serial/name of the hardware. This is so I can figure out what hardware/names have changed. (This will eventually sit on a web based database so the web page can discern the changes, rather than myself)

If I receive the auth string form a client the next process would be to create the code they would enter. My theory on this is
for each char in value, convert to byte, and then run that through a Fibonacci to come up with something obscure, multiply that by a prime number, and then MD5 that string?

if more than 2 of the above fields change, it should say that the hardware has changed 2 much, it now needs to be reauthed.

Which leads me to the next question. (This is further down the line, but is important)

Further on from this, would this be a good idea? If I ask them to send through an MD5 of their hardware this would be easy to find. Should I be removing certain characters.

I want as much information from the installed computer as possible, as I need to be able to discern whether the client has simply upgraded from win 7 to win 10, replaced a HDD or are trying to install on a new system.

I want to have a webpage which would accept a payment type.
It should be able to discern what has changed, and if too much has changed should prompt for payment (essentially a new customer)

What I have tried:

I've currently got a auth system that is just an MD5 of the serial numbers attached to the hardware being queried.

I passed this onto a friend, and within 2 hours, he had figured it out.
He has said I should move towards an online auth, and verification on startup system, but this isn't viable with my software.

Posted 15-May-16 1:20am

Mendaharin

Updated 15-May-16 5:57am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Patrice T · Answer 1 · 2016-05-15T05:57:00

Solution 1

NO, never ask to design the security module of a commercial software on a public forum.
It help any hacker to break your security.
Your request is also off-topic of this forum.

My advice:
The only viable way is to hire a local professional and sign a confidentiality contract.

Posted 15-May-16 5:57am

Patrice T