1

A customer wants their product to require users to enter a machine-specific code, so that they can only run it on one machine... if they want to use it elsewhere they get a deactivation code from the first machine and send that back to prove this.

If the app could talk to their server this could be made much smoother but this is not the case. I thought of a workflow but it's a bit convoluted:

  1. Customer purchases a license and is emailed a serial code
  2. Customer installs App and is prompted for serial code
  3. App generates a machine-specific code and performs some operation combining this with the serial code, providing this PC-Code to the Customer
  4. App now requests an Activation code, once entered it will run
  5. Customer sends PC-Code to Vendor who check it's valid against their recorded serial code, and using both generates an Activation code which they send to the Customer

The idea is PC-Code and Activation Code are both short, more like pin-numbers, so it's not too horrific... but is there a better system? And how can specific steps be implemented?

I personally don't like restricting the customer so much but it's not my call, it's been argued to death already :)

Mr. Boy
  • 60,845
  • 93
  • 320
  • 589
  • 1
    perhaps this would help: http://stackoverflow.com/questions/3002067/how-are-cd-keys-generated – rook Jul 15 '10 at 06:40
  • You said `if they want to use it elsewhere they get a deactivation code from the first machine and send that back to prove this`. Once removed from the original machine to be installed somewhere else, what is keeping the customer from re-installing it on the original machine with the original information? Nothing from what I can see. It is just like using one copy of Windows on may machines. As long as those machines do not have internet access MS will never know. Same thing for you I think. Any non-internet based solution you come up with is going to fall short of what you want I think. – ubiquibacon Jul 15 '10 at 06:49
  • @typoknig - you are right to an extent. We're not trying to deter anyone seriously after breaking the system, only to make it so you have to deliberately evade the system and can't simply install on 100 PCs. As far as your specific point, we could a)leave something in the registry b)introduce a time component to one of the keys – Mr. Boy Jul 15 '10 at 07:39

2 Answers2

1

By using an activation code step you are effectively forcing the customer to be your internet connection. Unfortunately without this step you can't tie them down to a machine.

The biggest problem is going to be your deactivation code - if the customer writes down their activation code what's to stop them using it to reactivate their PC again?

The only way would be to have your activation code somewhat based on date so that they get a week or month to enter it. They'll probably never notice an issue unless they need to a reinstall in which case you can reissue another activation code (provided there isn't an outstanding non-deactivated code for a different machine).

How programming-competent are your customers and how motivated will they be to crack your software?

This article provides some good ways on getting hardware information.

Matt Mitchell
  • 40,943
  • 35
  • 118
  • 185
  • We are only guarding against "casual piracy" where a user thinks "I can install on all my PCs, who will know?" Users are not expected to try and crack it, it's for sale to corporate environments only. Good call on using the date, that makes sense. – Mr. Boy Jul 15 '10 at 07:41
1

This is why hardware keys are used, you cannot physically plug it into two devices at once. The only method with software requires a trusted third party to manage quorum, i.e. authentication servers over the Internet.

One popular unique identifier for Unix licensing is the hostid. A modern alternative would be to include a secure token generator such as the RSA SecurID. Have the administrator read the token over the phone to the vendor, pass through some algorithm to generate a key to unlock the software.

Everything else is going to be smoke and mirrors.

Steve-o
  • 12,678
  • 2
  • 41
  • 60