Product activation is unobtrusive, secure and versatile - should you do it right. this bulletin describes a fewobvious, and a few not-so-obvious, issues for thereforeftware developers to think about.
Product activation is a well-liked techniquefor securing software licenses (penetrate /ActivationLandingPage.htm for a stylern activation system). However, software developers want to think a fewll of the necessities for a able activation system, from the license models they'll want to support to how they'll take care of the corner-case customer environments.
the fundamental activation process is typicallyas usual. Upon purchase the software vendor sends a singular product serial number to the U.S.er. When the U.S.er installs the applicatiat they're reminded to go into their product reg code digit. Their application connects to the seller's hosted license server over the netto make sure that this product reg code number is legal and has not alin a positionbeen accustomed to behaveivate a license. It also obtains from the license server the license limits pply to that user's license, this type ofs some degree in time or enabling of professionalduct features. Finally it locks the license to the U.S.er's system at reading suremachine parameters, this type ofs the MAC adclotheor hard drive ID, and encrypts the license limit and locking datain a document that is saved by the U.S.er's system. Once refreshed the appliance interrogates that regional encrypted document to accomplish its license retard, so continues busy on that user's expressmachine inside the defined license limits w!
ith not extracommunication necessitated with the seller's systems.
Sounds undeniableenough... merely listed here are the 10 spacesyou wish to need to think a fews you selecta professionalduct activation system.
License models
What are the license models you will want to offeracross your target audiences? Are there additional models Marketing might have to offernext annual? listed here are a fewpossibilities:
* Time-limited licenses, for trials or subscription licensing
* Feature-enabling, to offerdiffehireworthpoints or to archive your product for diverseverticals e.g. a customer's license may desireFeature A to be OFF ugg corinth boots, Feature B on the prolevel, Feature C at level 5, Feature D on a three0-day trial and so forth.
* Usage-based licensing. this will well be metered (where the U.S.old is tracked for subsequent reporting and billing, but not limited) or debiting (where the U.S.er purchases a usage ration that is depleted because the appliance is findd).
* Custom licensing. perhapsyou wish to need to speak a fewlicensing parameters for your application, this type ofs the Terabytes of learning so as to residence, selection of communication outlets to support, selection of pages open at anybody time and so on.
* a fewcombination of the above e.g. enabling every feature with its own usage and point in period.
Disattachedsystems
Not all calculators have an online linkage, so that you wish to absence to meditation about the direction you are going to assist your users who're on insulated corporate networks, or justcan't obtain a network articulation from their laptop. the entire point of professionalduct activation is automation and advantage - you do not absence to absence to ardiversityphone assist (during working hours, 24x7? uggs liberty boots 5509, multi-lingual?) to assist human and not using a web linkage. Luckily, tlisted here are a fewsolutions... should you prefer the most efficientsystem. as one example:
* User self-service activation. Does the activation system offerone way to be usedrs to behaveivate licenses on disattachedsystems? a populartechniqueis for the licensing software, once It finds it could't hook up with the hosted license, to encrypt the locking and product serial number datain a file, which the U.S.er then hand-carries to any netbrowser for upload to the seller's self-service network site. the seller's system accepts the file, checks it, and returns the encrypted file had to allowthe license. This file examendmentmay also be done by email, and even snail mail.
* Proxy server support. in lots of sectors such finance, mil/aero and government, users' systems do not have an immediate connectidirectly to the netbut can access it via an HTTP proxy server. are you able tor applications access your hosted license server through an existing HTTP surrogate server?
* Install of your non-publicproxy server. If there is no suitable HTTP proxy server available, does the activation solution comprise its own proxy server for installation at the buyer's network?
Security
the methodology is to offer protection for your applications from hacking and 'fairabuse' (over-subscription by legitimate customers), so that you wish to have lusty security. listed here are a fewinquiries to think about:
* should you factortime-limited licenses for trials or subscriptions, is there protection against users who offer to increase their license by rotating back their system timer?
* Is there protection against users who attempt to hack or spoof the licensing library inbuiltfor your application?
* Is the communication between the licensed applying and the license server secure against man-in-the-middle attacks ugg roseberry boots, replay bombards, and forgery attacks?
* in circumstance you are tracking license limit datan arealy for eachuser, are these records secure against hacking and rollback to prior editions?
* Can no-one another ardiversitya license server and that factorlicenses on your product?
Node-locking
the overall way to stoping a license from justbeing copied onto a diffehiresystem is to fasten each license for your required parameters of the objective system, this type ofs the MAC address, host ID, hard drive ID and so forth.
to this point so nice, but listed here are a fewnode-locking inquiries to invite:
* Is the node-locking mechanism amenable and extensible, so that you'll be able to fasten to the parameters you would like?
* Does the node-locking machinery emulate generally-accepted pcscience principles, and never do such cheats as bypassing the operating system, with all its unforeseeable consequences (this type ofs damaging simplysince the U.S.er installed a shoe manager, or upgraded their operating system)?
* are you able to secure licenses on virtualized systems (e.g. VMWare), where the hardware parameters can legitimately amendmentfor an authorized user? How about supporting users who run Windows on a Mac?
* should you wish to have, can the node-locking mechanism offerresiliency against small alterations, so not inconveniencing users who make a inferior system upgrade?
* are you able to specify a suite of locking parameters, with the license working if anybody of the mostm is matched? as an example, maybeyour user wants so that you can run their license in certainly an of any 4machines - are you able to spacethis?
* if this is the caseme users really prefer dongle-based licensing, are you able to fasten to a dongle to boot?
* should you sell a system together with your non-publiccustom hardware in it, are you able to knit the license to, say, the serial number for your custom hardware?
* How do you are catching attention of the inevitable 'My machine broke - how do I reinstate my license?' consumer inquiry?
License Relocation
the reality of life is that users occasionallyneed to transport their license to variant system, months or even years while It's premier activated. This appears straightforward, whatsoever tlisted here are a fewissues to think about:
* perhapsyou do not need to offerthis facility to eachone. are you able to regulate which users are allowed to relocate their licenses?
* to be usedrs who're granted to relocate their copyright, are you competent to regulate how occasionallythey may be able to take deed? you can likewise no needthem act so above a daily root (that sounds just like they're sharing the license with others).
* Is tlisted here are anybody intervention required for your chapter during a license relocation, or does the professionalduct activation system catch on it? Is it secure?
* Can licenses be deactivated on disattachedsystems?
* Your application couldwell have a fewsettings your users adonly because the y work with it, so that your application runs exactly for the y love it. Do they have got to set these up again at the mark current installation (that could be annoying), or are you able to convey them automatically?
* Does the professionalduct activation system track license relocations, so that you perceivewhat your users are doing? mayit cater you with a advising when a relocation is completed?
License Revocation
perhapsyou do not entirely confidence your clients, alternatively even you sell your production on credit, or on a monthly subscription, so may absence to revoke a user's license in the accident that they did not pay up or re-subscribe.
* are you able tor activation system revoke a user's license?
Reseller sales
maybeyou sell via resellers or OEMs now, or maneuver to take action. perhapsyour bargains department is in search of resellers abroad, or hbecause it within the ir strategic plan? whether so, you would better be able to catch on the fundamental issue: how do you delegate array fulfillment (if desired) for your reseller, in the meantime asstill keeping an eye at the licenses they issue?
* are you able tor activation system permitresellers to factorlicenses?
* If it does, are you able to limit the form of licenses they may be able to issue? as an sample, are you able to preventthem enabling surefeatures that are not a part in their accession with you, are you able to impede the alternative of licenses they issue, or set a most point in time at the licenses they issue?
* are you able to generate a report at the licenses they've issued? Can they?
* are you able to receive an alert once they factora license?
Extensibility
at the same time asyou might assume that every one of your customers' needs shall be met with a professionalduct activation approach, what if that may ben't the case? maybea fewusers won't need any informatidirectly to pate out in their union in any respect (occasionallythe case with a fewgovernment and financial institutions).
* are you able tor activation system also support, mention, dongle-based or drifting licensing over your customers internal network, without a appearance communication required in any adore?
* should you do want to support movable licensing or dongle-based licensing ugg kid boots, does engineering need to re-do the licensing integration, or does the prevailing licensing system they integrated for professionalduct activation support it without having any amendmentor replacement?
Platshapesupport
in fact you wish to need to attempt protection for your application on all of the pc platbureaucracyyou support.
* Does the activation system offera shopper library for always of your curhireplatforms?
* How about platbureaucracyfor your product roadmap?
* How about 64-bit platforms?
* What if a big customer requires support for a non-popularplatshape- are you able to readily win it?
* should your application is in Java, and also you are production the most of Java's platshapeindependence, is the licensing library actually multi-platform, or are you introducing platshapedependency?
Back-office integration and that infrastructure
should your small affair involves numerous licenses, otherwise you are anticipating it to, you can also need to automate license fulfillment.
* are you able to automate fulfillment out of your back-office/CRM system, say vian online Services?
* are you able to automate controltasks, this type ofs export, archival and reporting for the licensing system?
* perhapsyou do not need to host the license server in any respect. Is there a threerd-party administered service accessible?
Clearly not all these questions will apply to all software vendors, but they hopefully offerfood for thought, and recommendspacesyou want to bear in idea to make sure your product activation deployment is successful.
Considering Product Activation? you wish to need to take into consideratiat these 10 Issues