tags:

views:

61

answers:

1
Q: 

Using the system time for node locked licensing

I have node-locked licensing working, using the MAC address and system time. We're concerned that people will just edit their system date to extend a license, so I've tried getting the real date from an machine in the NTP pool. That works, but then obviously you can't use the product without being online, and it doesn't seem to be 100% reliable (I'm guessing the UDP packet never arrives/returns in some cases).

What's the standard approach here? Live with the changeable OS date? Run something on a web server that provides the time over TCP? I hear the BIOS date gets updated by the OS when you reboot, so perhaps there isn't any way to know for sure what the current date is without using the internet?

I know that licensing can never be completely secure, and I expect it to be cracked or torrented, but I don't want it to be as easy as changing the system date. Any ideas appreciated. Thanks

A: 

Using a hard disk drive serial number in addition to the date would be more difficult to bypass. You can also have it limited to the user login name. Other than having a hardware dongle, software licensing can always be circumvented.

Update: If that's the case, can't you just monitor the time? Create an algorithm that validates the system clock follows a logical progression (always increasing.) If the date ever suddenly get shifted back more than a specified amount of time (you have to account for some drift and internet time server corrections), you disable the program until the user restores the clock?

Jeff Lamb  2009-11-05 14:51:47
I don't think the disk serial number is available on Linux unless I'm root, can't remember. Less worried about tying it to a specific machine or user than I am about the indefinite extension of licenses.
mr grumpy  2009-11-05 15:09:48
I'd have to store that last-system-time in a file somewhere, which they could erase. I guess I could check the filesystem for the most recently modified file (any file) and check if that's in the future with regard to the system time. Hmmm.
mr grumpy  2009-11-05 16:54:33
Couldn't you store it in a critical program file? If they delete that file, they screw up the program as well. You could obfuscate the system time using some algorithm so it's not easily readable, then CRC check it to make sure it hasn't been mucked with.
Jeff Lamb  2009-11-05 17:39:18

related questions

Unix gettimeofday() - compatible algorithm for determining week within month?
How do I convert a date/time to epoch time (aka unix time -- seconds since 1970) in Perl?
calculate elapsed time in flash
time.sleep -- sleeps thread or process?
Elapsed time without considering weekends and bank holidays in Java
What languages do date, time, and calendar operations really well?
Measure Total Network Transfer Time from Servlets
Time Parsing in Flex
How can I calculate time schedules (for free)?
What is your choice for a Time Managment Solution?
How can you insure your code runs with no variability in execution time due to cache?
How do you measure the time a function takes to execute?
Resetting detection of source file changes
How to parse relative time?
What is the simplest way to find the difference between 2 times in python?
Datetime arithmetic with a string in Ruby
What should we do to prepare for 2038?
What is the most efficient way to populate a time (or time range)?
“rusage” statistics
If I have a PHP string in the format YYYY-DD-MM and a timestamp in MySQL, is there a good way to convert between them?
How to display "12 minutes ago" etc in a PHP webpage?
Dealing with PHP server and MySQL server in different time zones
Design debate: what are good ways to store and manipulate versioned objects?
Help with CRON jobs?
How can I determine a web user's time zone?