How to secure licensekey generation

Posted by Jakob Gade on Stack Overflow See other posts from Stack Overflow or by Jakob Gade
Published on 2010-03-22T03:29:48Z Indexed on 2010/03/22 3:31 UTC
Read the original article Hit count: 390

Filed under:

.NET

|

licensing

|

encryption

Scenario, simplified for brevity:

A developer creates an application for a customer. The customer sells this app to end-users. The app requires a license key to run, and this key is generated by the customer for each end-user with a simple tool created by the developer. The license key contains an expiry date for the license and is encrypted so the end-user can’t tamper with it.

The problem here is that the developer (or anybody who has a copy of the license key generator) can easily create valid license keys. Should this generator fall into the wrong hands, it could spell disaster for the customers business.

Ideally, the customer would have to use a password to create new license keys. And this password would be unknown to the developer, and somehow baked into the decryption algorithm in the application so it will fail if an attempt to use an unauthorized key is made.

How would you implement a solution for this problem that is both transparent and secure?

© Stack Overflow or respective owner

Related posts about .NET

Apt-Get Update: failure to fetch; can't connect to any sources

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I realize there are dozens of "apt-get update: failure to fetch" questions (I read through all I could find), but my present circumstance is unique to 12.04 and it affects all sources; not just launchpad. Additionally, I've tried several different servers in Europe and the U.S. as well as the "main… >>> More
12.04: Apt-Get Update: failure to fetch; can't connect to any sources

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I realize there are dozens of "apt-get update: failure to fetch" questions (I read through all I could find), but my present circumstance is unique to 12.04 and it affects all sources; not just launchpad. Additionally, I've tried several different servers in Europe and the U.S. as well as the "main… >>> More
What's New in ASP.NET 4

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
The .NET Framework version 4 includes enhancements for ASP.NET 4 in targeted areas. Visual Studio 2010 and Microsoft Visual Web Developer Express also include enhancements and new features for improved Web development. This document provides an overview of many of the new features that are included… >>> More
.NET Reflector 6, .NET Reflector Pro, TestDriven.NET, .NET 4.0 and Mono

as seen on Simple Talk - Search for 'Simple Talk'
By now you may well have noticed that .NET Reflector 6 and .NET Reflector Pro are out in the wild. The official launch happened today, although we actually put the software out last Thursday as part of a phased release plan to ensure that everything went smoothly today which, so far, it seems to have… >>> More
Redmine on Apache2 with Passenger issue

as seen on Server Fault - Search for 'Server Fault'
I installed Redmine and run it in Apache2 with the Passenger module. Apache2 boots, Passenger module gets loaded and the Redmine welcome page is shown, however when trying to login or navigate to other parts of the Redmine site, the browser keeps loading and loading and loading forever, although the… >>> More

Related posts about licensing

Windows Server 2008 / SQL 2008 Licensing for Authenticated Web Application

as seen on Server Fault - Search for 'Server Fault'
Hello, I'm trying to crunch some numbers to see what the software costs involved are for hosting an application we are developing. Users will not be anonymous - they will need to log in. SQL Server 2008: SQL Server licensing is easy - it will be licensed per-processor. No real fuss there. The… >>> More
Copy protection and licensing tools.

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm new to stackoverflow.com after hearing about it from Jon Skeet on DotNetRocks.This seems like the perfect place to ask this question. I am in the middle of trying to find a 3rd party Copy protection and licensing tool. The company that I work with have 4 products that need to be protected. We… >>> More
Don't Forget About Software Licensing

as seen on Internet.com - Search for 'Internet.com'
Is your company developing software for sale or distribution? If yes, your company needs a sales policy and a flexible, commercially feasible licensing model. >>> More
Need help with software licensing? Read on…

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Figuring out which software licensing options best suit your needs while being cost-effective can be confusing. Some businesses end up making their purchases through retail stores which means they miss out on volume licensing opportunities and others may unknowingly be using unlicensed software which… >>> More
Can I use `UnlockCommercialFeatures` for developing Java applications without a commercial license?

as seen on Programmers - Search for 'Programmers'
As of Java 7 Update 40, Oracle is now including Java Mission Control in the JDK. Being always interested in a new profiling tool, I decided to check it out. However, trying to start Flight Recorder against a process, I get the following error, Now I'm getting cold feet about adding the JVM option… >>> More