tags:

views:

1444

answers:

3
+10  Q: 

Web-based license activation

I have an existing app that has a free trail, and the same code/download can also be "upgraded" to a full-featured application by giving it a "license key". This is done with some magic and the semi-hacky method of getting some name for a machine. So, basically I am selling licenses per computer.

The current payment and activation proceed as follows:

Customers pay via paypal, then I get an email from paypal and then send customer an email to request their ID, so I can send back a license key. This is not optimal for a lot of reasons.

If I were a customer I would not be impressed.

The topic is briefly addressed and mentioned here:

http://secretgeek.net/25steps_21tools.asp

Unfortunately I am not sure of the good alternatives. I want to be able to do all this programmatically. I do have my own domain and it is hosted on linux server. I can server side code if needed I suppose.

What I want is an automated process for getting the license key to the client. They will have to either supply the machine ID up front (no way that I can see in paypal) or in a response to an email.

In many/some cases the software is not on a machine with internet access, so a pay through the software is no good.

I can think of lots of rube-goldberg things that involve code on my website, some involving databases, all involving CCing me with license keys, etc.

Paying for the service is fine - I do not want to spend my time on this stuff - I have lots to do to upgrade the product.

It is Win32 right now - moving to Mono soon hopefully.

I prefer to keep the licensing scheme as it is - with a key tied to a machine.

Does anyone have a nice clean solution?

EDIT: Both answers (only two as of this writing) are good. I am going to do the paypal IPN thing and have the IPN notified page send an email with a link to a form. It also will make an entry into a database with the authcode - which will be checked later.

The customer goes to the link, enters the details from their specific machine and the auth code I send from the IPN/Paypal. I check the database to ensure this is valid and not a duplicate, and then if successful display the license key and also email it to them.

Not implemented yet, but it should all work. Just have to hack out some php.

EDIT

Thanks for the suggestions. This is all done and working now using PHP, mySQL and paypal ipn.

+1  A: 

what i do is offer two paths:

i provide a Register program as part of the installation package, which reads the machine identity info and writes it (encrypted) to a local file. It then attempts to contact a web service to generate the license key.

If the program cannot reach the web service, it tells the user the name and location of the machine-info file and the email address to mail it to. I can then generate a key from that and email the key back

Steven A. Lowe  2009-01-12 21:22:06
2 things - 1. I don't want to manually email anything. I want it automated. 2. I need to trigger the license stuff AFTER the purchase and only once. (only one machine ID per license request)
Tim  2009-01-12 21:27:01
@[Tim]: Perhaps I was not clear - the manual email is a fallback only for those not on the internet; you could easily automate this part with a filter rule. For most customers, the register program gets the license from the web service on first run. I use this for trial and paid versions.
Steven A. Lowe  2009-01-12 21:38:11
1. Email isn't necessarily manual thing, receiving and sending email programmatically is easy. 2. Just add a button to the help menu that says 'registration', which pops up a dialog with a text to explain its purpose and a button to fetch the key (info is checked on serverside)..
Tuminoid  2009-01-12 21:38:42
Yes, I see. Note - many installs of this product are in labs isolated from the internets. I want to make it easy for the user to get the key so likely much of the automation is going to be a web-based solution, not in my app.
Tim  2009-01-12 21:50:26
+7  A: 

Here is the scheme I use for a commercial product which works well for me.

Upon purchase use PayPal IPN to generate an activation number server side (I do this with PHP + MySQL), store it in a database and e-mail it to the new customer.

Customer receives the activation code and enters it into your product.

The product verify's the activation code and then generates a hardware/machine code. It then goes back to your server (I use an authenticated HTTP POST request back to my server) to verify if the activation number is still active and if the machine code is ok.

Server side you can check if the machine code has not been activated before you associate the machine code with the activation number and tell the product to allow activation.

If the activation code has all ready been used you can disallow activation.

You can build on all this for more features. Like most copy/license protection it can be bypassed but it gives you a decent amount of control over your legit customers.

QAZ  2009-01-12 21:37:07
Nice - I was just looking at the paypal part. It was the other stuff I did not work out yet.Note that I also have to be able to get the license key (the last part) without the product involved - because the machine might not be connected to the internets.
Tim  2009-01-12 21:40:57
Tim: perhaps if no net connection is present at time of activation the product will temporarily activate itself for 24 hours/5 days/30 days or something and then locked out until connected to the net. Otherwise you might need to distribute a license server.
QAZ  2009-01-12 22:07:13
My scheme rght now is tied to a machine - it uses the machine ID as part of the algorithm. So once I have it I don't need to connect to a server to validate. Again, this is just to keep honest folks honest. Anyone with some time and knowledge can crack it...
Tim  2009-01-12 22:20:53
A: 

Dear QAZ,

What all information are you providing to paypal for transaction and based on what output from paypal you decide wheather the transaction was successfull or not.

Once the trasaction is successfull i guess you are getting redirected to you website and there you generate the activation code for the customer and send the code via email to the customer rite?

Thanks.

Naresh Rathore  2010-02-01 15:16:48

related questions

Install-base of Java JRE?
Software Deployment in a Virtual Environment
Rails requires RubyGems >= 0.9.4. Please install RubyGems
Deploying a Git subdirectory in Capistrano
Any capistrano comparable for windows/.net?
Pushing out MSI files
Generic design for packaging of user changes for deployment
What's the best way to create ClickOnce deployments
What are some good SSH Servers for windows?
How Do You Secure database.yml?
Whats the best way to securely publish a site post build?
.net solution subversion best practices?
JRuby / Rack deployment
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
Issues with DB after publishing via Database Publishing Wizard from MSFT
How do I make a custom .net client profile installer?
What's the general consensus on supporting Windows 2000?
How do you deploy your SharePoint solutions?
ILMerge Best Practices
Error ADMA5026E for WebSphere Application Server Network Deployment
What is called a Node in a WebSpere Network Deployment
What is your favorite web app deployment workflow with SVN?
An executable Python app
Deploying SQL Server Databases from Test to Live