views:

1444

answers:

3

I have an existing app that has a free trail, and the same code/download can also be "upgraded" to a full-featured application by giving it a "license key". This is done with some magic and the semi-hacky method of getting some name for a machine. So, basically I am selling licenses per computer.

The current payment and activation proceed as follows:

Customers pay via paypal, then I get an email from paypal and then send customer an email to request their ID, so I can send back a license key. This is not optimal for a lot of reasons.

If I were a customer I would not be impressed.

The topic is briefly addressed and mentioned here:

http://secretgeek.net/25steps_21tools.asp

Unfortunately I am not sure of the good alternatives. I want to be able to do all this programmatically. I do have my own domain and it is hosted on linux server. I can server side code if needed I suppose.

What I want is an automated process for getting the license key to the client. They will have to either supply the machine ID up front (no way that I can see in paypal) or in a response to an email.

In many/some cases the software is not on a machine with internet access, so a pay through the software is no good.

I can think of lots of rube-goldberg things that involve code on my website, some involving databases, all involving CCing me with license keys, etc.

Paying for the service is fine - I do not want to spend my time on this stuff - I have lots to do to upgrade the product.

It is Win32 right now - moving to Mono soon hopefully.

I prefer to keep the licensing scheme as it is - with a key tied to a machine.

Does anyone have a nice clean solution?

EDIT: Both answers (only two as of this writing) are good. I am going to do the paypal IPN thing and have the IPN notified page send an email with a link to a form. It also will make an entry into a database with the authcode - which will be checked later.

The customer goes to the link, enters the details from their specific machine and the auth code I send from the IPN/Paypal. I check the database to ensure this is valid and not a duplicate, and then if successful display the license key and also email it to them.

Not implemented yet, but it should all work. Just have to hack out some php.

EDIT

Thanks for the suggestions. This is all done and working now using PHP, mySQL and paypal ipn.

+1  A: 

what i do is offer two paths:

i provide a Register program as part of the installation package, which reads the machine identity info and writes it (encrypted) to a local file. It then attempts to contact a web service to generate the license key.

If the program cannot reach the web service, it tells the user the name and location of the machine-info file and the email address to mail it to. I can then generate a key from that and email the key back

Steven A. Lowe
2 things - 1. I don't want to manually email anything. I want it automated. 2. I need to trigger the license stuff AFTER the purchase and only once. (only one machine ID per license request)
Tim
@[Tim]: Perhaps I was not clear - the manual email is a fallback only for those not on the internet; you could easily automate this part with a filter rule. For most customers, the register program gets the license from the web service on first run. I use this for trial and paid versions.
Steven A. Lowe
1. Email isn't necessarily manual thing, receiving and sending email programmatically is easy. 2. Just add a button to the help menu that says 'registration', which pops up a dialog with a text to explain its purpose and a button to fetch the key (info is checked on serverside)..
Tuminoid
Yes, I see. Note - many installs of this product are in labs isolated from the internets. I want to make it easy for the user to get the key so likely much of the automation is going to be a web-based solution, not in my app.
Tim
+7  A: 

Here is the scheme I use for a commercial product which works well for me.

Upon purchase use PayPal IPN to generate an activation number server side (I do this with PHP + MySQL), store it in a database and e-mail it to the new customer.

Customer receives the activation code and enters it into your product.

The product verify's the activation code and then generates a hardware/machine code. It then goes back to your server (I use an authenticated HTTP POST request back to my server) to verify if the activation number is still active and if the machine code is ok.

Server side you can check if the machine code has not been activated before you associate the machine code with the activation number and tell the product to allow activation.

If the activation code has all ready been used you can disallow activation.

You can build on all this for more features. Like most copy/license protection it can be bypassed but it gives you a decent amount of control over your legit customers.

QAZ
Nice - I was just looking at the paypal part. It was the other stuff I did not work out yet.Note that I also have to be able to get the license key (the last part) without the product involved - because the machine might not be connected to the internets.
Tim
Tim: perhaps if no net connection is present at time of activation the product will temporarily activate itself for 24 hours/5 days/30 days or something and then locked out until connected to the net. Otherwise you might need to distribute a license server.
QAZ
My scheme rght now is tied to a machine - it uses the machine ID as part of the algorithm. So once I have it I don't need to connect to a server to validate. Again, this is just to keep honest folks honest. Anyone with some time and knowledge can crack it...
Tim
A: 

Dear QAZ,

What all information are you providing to paypal for transaction and based on what output from paypal you decide wheather the transaction was successfull or not.

Once the trasaction is successfull i guess you are getting redirected to you website and there you generate the activation code for the customer and send the code via email to the customer rite?

Thanks.

Naresh Rathore