2

Im have created a software application which is windows based. Soon im going to make it live. Means my clients will be able to use it after they download it from my website. Also to mention i have made the software in a way that it works only with the key that i provide. Initially its gonna be a free trial.

Here im generating 35 digit key and its a unique one. Means once the user requests me for the key and i send him/her the key, he/she may be able to use my application. But the real problem arises from here.

I want the code to be used only once.

Ex: If my application is downloaded by the user, he can use the key to use my application but the same key cannot be used by any one else. Lets suppose my key is xxx the same code xxx should not work for any other person who has downloaded my application. Just to make the software to be used only by genuine users.

i have also gone through this link

http://social.msdn.microsoft.com/Forums/zh/winformssetup/thread/301913a0-ecf9-4095-8d66-a3f4baeea6eb

by Danny Staten

I still haven't met my requirements.

First of all i thought to get the Ip address of the person who is registering to download my application and based on that i can limit my key to be used only by the person whose ip address would be stored in my database. But i think it would be wrong/ unnecessary process. And to use my application the persons network cable should have been plugged each and every time. But it wouldn't solve my purpose.

Secondly i thought of creating a process of the application pinging to my server or to me.

Like initially when the user runs the application(online or offline) the application should work, but as soon as he connects the network cable/plug to network an alert should be provided to my server or to me. And from my side i can make a check if the user is using the key that i have provided to him. If in either way the user is not genuine i should be able to stop him from using my application anymore. From my side i have decided to store the keys inside the database which have been provided by me. And each requested keys in another table. Im not sure if im going the right. But as of now this is the thing that has come into my mind.

But to summarize, in the end i want that a key should be used by only one user. Just to avoid a million different users using my application with a single key.

Im not sure with any idea that i have provided.

Now is there a way i can achieve that?

burning_LEGION
  • 13,246
  • 8
  • 40
  • 52
Vikneshwar
  • 1,029
  • 4
  • 20
  • 38
  • why not use a guid? its nondeterministic and will not yield the same result – Mutu Yolbulan Aug 10 '12 at 11:32
  • I second that. A Guid generated per user would always be be unique. Storing the IP does not make sense for this, as it MIGHT be different each time a user logs into the net, depending on the provider. Even if the company has a fixed IP, you could not differentiate between several user form the same company. – Jens H Aug 10 '12 at 11:40
  • @Mutu Yolbulan: All i want is to do something that will prevent many people accesing my application using a single key. I dont know how to do that. I have created a different application which generates unique code, so creating a unique key is not my problem. All im thinking about is that the same key should not be used more than once. Ex: If the key is "xxx" and a user has downloaded my application only he can use my application using the key. The same key "xxx" should not be used by any one else. Hope you understand my query. I tried to be specific. – Vikneshwar Aug 10 '12 at 11:51
  • Are you thinking of using the [Halt and Catch Fire](http://en.wikipedia.org/wiki/Halt_and_Catch_Fire) instruction so that the machine cannot execute your program again, or [Execute Operator Immediate](http://www.physics.ohio-state.edu/~bcd/humor/instruction.set.html) to prevent the user from running it again? Or use [DeleteFile](http://msdn.microsoft.com/en-us/library/windows/desktop/aa363915(v=vs.85).aspx) to mark the executable file for deletion as soon as it is closed? A sufficiently motivated user can hack pretty anything you do to prevent reuse or reinstallation. – HABO Aug 10 '12 at 11:51

2 Answers2

3

Get hardware fingerprint of his machine and generate key based on that. Your software should check whether the key was generated for that specific machine. This however requires online activation of your software. You can do this in two ways

  • letting user start unactivated application and display HW fingerprint which he sends to you. You then return activation key which he enters.
  • your application connects automatically to activation service and sends the fingerprint, receives activation key and stores it

Another point would be to include information about several components of hardware and allow user to change one or few. E.g. take fingerprint of HDD serial number, MAC address, motherboard SN, some CPU info (e.g. family name), you should allow user to upgrade or add another HDD.

There is SO topic about getting hardware information.

Community
  • 1
  • 1
Nikola Radosavljević
  • 6,871
  • 32
  • 44
0

You have to make a choice I think, the stronger your key system will be, harder it'll be for your users.

IE: A good system would be to generate a hardware key, so it only gets installed on the computers that are registered. Although it works well, users who buy a new computer will probably get in the trouble of asking you to register a new hardware key.

And if you only give them a key (like a serial number), it'll probably easy to use it on another computer.

So basically, if you don't think many users will give away their key because the software isn't going to be used by many people, I would not get a "super-strong" hardware authentication..

Also, don't register an IP address, everyone with a dynamic IP will hate you for doing this.

Pacane
  • 20,273
  • 18
  • 60
  • 97