Pretty much all my career, I worked with building solutions (customized applications for a single customer). Now that my company is going in developing software for the masses, a lot of packaging is waiting for us.
I wanna ask about licensing software. How to generate serial numbers and activation numbers. What are my options for licensing software in general.
I realize that it's sort of a general question but it's a conversation starter.
views:
466answers:
4If you're using .Net to build your solutions, it might be worth checking out Xheo. I've used them before to implement licensing and they integrate nicely with .net solutions. You can do things like require basic serial keys to activiate products right through to setup up an activation server and require people to activate and deactivate their products to use and port them between machines.
Our licence model works using public/private key cryptography. They send us thier name and contact details, which we encrypt using our private key. The encrypted file is then sent back to the licencee which they enter into the application. The application has our public key embedded in the binary (or if they have a connection to the net, it pulls it off our site) and it uses that to decrypt the licence information. If the decrypted licence matches the details that they entered then they are licenced to use the product!
By using private/public key cryptography we give our application a trust that the data in the licence key is actually from us (authenticity of the licence)
There are other neat things you can do with this, like encoding subscription levels into the licence key. The application will decrypt the licence key and see that they are only allowed to use certain bits of functionality.
This can be attacked though. For example a blackhat can either remove the whole licence key checking part of the binary, or update the stored public key in the application to one that they have generated. They will then be able to make it accept their own licence. However since our applications are not that mainstream we dont consider this a major threat.
This article on piracy by a guy who built and marketed a small .NET application is very informative. His application was pirated, which giveshim an interesting perspective:
http://kalzumeus.com/2006/09/06/yo-ho-me-hearties-yo-ho/
His points are basically that you need to make the activation system a barrier to normal users - there is nothing you can do if your application is popular enough to be pirated by a cracking group. The most important thing is to make sure that a cracked version of your program, if it does exist, is invisible to 99% of the public.
You should use a public key based cryptographic system so that its not possible to develop a keygen for it.
Take a look at CryptoLicensing which is cryptographic licensing system with support for trial, full, activated,hardware-locked licenses, etc.