Product Activation: Fingerprints, Copy Protection, Disconnected Computers

By Mike Wozniak  |  Software Copy Protection System, Software Licensing Tips

Posted:  July 25

For the most control, protected applications typically rely on some form of product activation process. A good licensing system will offer solutions for computers directly connected to the internet as well as for those that are not.

During application startup, the protected software application will open and read its license file. This file can contain many license parameters that govern the features the customer is allowed to use. It may also read a computer fingerprint.

What is a Computer Fingerprint and When is it Used?

A computer fingerprint is very similar to how your fingerprints can identify you uniquely as a person. The licensing system will read one or more hardware identifiers to uniquely identify a physical computer as accurately as possible.

To avoid passing around potentially user-identifiable information, the computer fingerprint is often hashed. For some licensing systems (such as the SoftwareKey System), fingerprinting isn't limited to computer hardware information. Some applications have their own unique data (e.g. tax ID in the case of medical billing software, database connection strings for a client / server application, other custom information such as an external piece of hardware with a serial number which can be read), which can be perfect for fingerprinting during software activation.

Most developers use a licensing system for copy protection purposes - to make sure that the customer is using the software within the limits of their license agreement. In order to do this, a computer fingerprint must be stored in the license file. During application startup, the software will open/validate the license file and compare the fingerprint of this computer's hardware to the fingerprint stored in the license file (which was previously approved).

Copy Protection through Product Activation

Product activation typically involves communication between your software running on the customer's computer and an authoritative body that has the necessary privileges to approve activation requests. This authoritative body can be a customer service representative at your office or a central licensing server located on the internet.

The software can be activated with a simple two-step process - request and response. The first step involves generating a secure request from the computer being activated. A computer fingerprint will be included in the challenge request along with other information to identify what license is being activated on this computer. The authoritative body or computer can generate the secure activation response that ultimately creates an encrypted license file on the computer being activated with the license parameters along with the approved computer fingerprint.

What Happens if the License File is Copied?

Because the encrypted license file contains a computer fingerprint bound to a specific computer which was previously-activated, copying this file to a different computer will not allow the customer to use the license on that second computer since the fingerprint from the computer will not match the fingerprint in the copied license file

Why Can't the User Activate on a Second Computer?

You can set parameters with the central authoritative body as to how many times a specific customer's license can be activated. Typically, when the user goes through the request / response process, an activation counter is decremented. Once the counter reaches zero, the customer will no longer be able to activate the software on a new computer (at least until they deactivate a computer first or contact you for a license reset).

If you only grant them one activation, then they can only activate on one computer.

How Do You Activate Disconnected Computers?

The product activation process is quite easy when both the computer being activated and the central licensing server are both connected to the Internet. Activating a disconnected computer still requires a request / response process since:

  1. The license file needs to have a computer fingerprint securely stored within it.
  2. The authoritative body needs to make sure the number of activated computers has not exceeded the license agreement.

When internet access is not available on the computer being activated but access is available through a nearby computer, it is possible to use an indirect request / response process through another computer with internet access:

  1. The request is generated by the computer to be activated and copied to a thumb drive.
  2. The thumb drive is taken to the nearby computer with internet access.
  3. The nearby computer passes the request file to the central licensing server for approval.
  4. After validating the license and the request, the central licensing server sends a response.
  5. The thumb drive is used to copy the response back to the disconnected computer.

The disconnected computer now has an encrypted license file approved with the fingerprint matching the hardware passed up in the request.

What Happens if Internet Access Is Not Available At All?

It is still possible to securely activate disconnected computers running in very remote locations if telephone access is available. A volume license file (see below) containing all of the license parameters can be taken to the remote site along with the software installer. A simple exchange of numeric codes over the telephone can properly "approve" the volume license file for use on this specific computer. In this case, two license files will be used on the activated computer. During application startup, the software will open/validate both license files to make sure everything matches.

Volume License Distribution

When you trust your customer and you want to allow their IT department to mass distribute your software across the company's network, or if you already know the unique data to bind a license to, a Volume License File can be used. This type of license file does not need a fingerprint, and therefore doesn't need the request and response activation process.

During application startup, the software will open/validate the license file and read the parameters under which it should run. It does not need to perform any type of fingerprint comparison. Any computer with the valid license file can simply run the software, which is why you would only use this with a trusted customer.

A Volume License File can be combined with other means of copy protection, such as the offline activation process listed above, or with Cloud-Controlled Network Floating Licensing.

The SoftwareKey System has product activation features covering all of the cases described in this article, from volume licenses to activating very remote computers without Internet access.

View our Activation Overview with SOLO Server Automation video for a quick summary of how activation works with SOLO Server:

Activation Overview

Feel free to contact us with questions or request a free trial.

Try It Now Free!

Be up and running in minutes. Try a fully-featured 30-Day trial of the SoftwareKey System Protection + Automation Bundle.  Use our hosted server, which has no server software to install and configure. Transition seamlessly when you purchase - no wasted work.

About the Author

Mike Wozniak is the founder of SoftwareKey.com and responsible for marketing, content and product strategy. When he isn't plotting new ways to help customers solve licensing and business automation challenges, he likes to travel and entertain guests who come to visit the Orlando area.

Mike Wozniak


Tags


Related Posts

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>