I’m trying to think a good way to make a licensing system without affecting user’s experience and at the same to make it as secure as possible. I know it’s impossible to make it 100% secure, but I would like to make it harder.
What I thought so far:
- User downloads the software from a public permanent link (mega or something).
- User buys the software and receives a unique key on his mail (this key is then wrote on my DB)
- User opens the software and registers a new account with Username, Password and the key he received via e-mail. At the same time information about it’s pc is sent (will cover that later)
- API checks if the key is not already used and writes Username, Password and PC information on that key’s row.
- User opens software and writes Username and Password.
- Username, Password, PC information and Current time is sent to the server.
- Server checks Username, Password and PC information and sends an answer based on the current time (to make answer unique, idk if this is useful, read last question on “What I didn’t think about yet”).
- Every 1 or 2 minutes the software does 3. again to check if the information didn’t change.
There is a “Reset” button in case the users changed something in their Computers that made the key obsolete. This will ask the user to login, then will replace Computer’s information with the new one.
I’m still thinking about this, maybe Hardware information that cannot be faked, or something. I need all this information to be as hard to fake as possible and not changed so frequently that my users would have to reset their account every day/week.
What I didn’t think about yet:
- What happens if the user tries to fake the Computer information, how should the server check that the information is wrong. Like if the key becomes “00000000” because all the data is NULL, empty or 0.
- What happens if there are 2 Computers with the same information (for example, notebooks). Users would be able to use same serial / account for both computers. How often will this happen?
- What happens if someone gets the source code of my program? Will it have any consequence on the rest of the users?
- Is it possible to fake the answer from the server? What should I do to prevent that?
- After thinking about this system I noticed that I don’t have any kind of serial key generated from user information. (I mean, I send Computer information to the server to compare instead of making a serial key with it and giving the user this serial key).
To be honest, I read a lot and came with this Schema that I “tested” in my mind to see if I find any easy way to bypass (I mean things like “if you block internet connection then the program will work without license”). Now after “testing” it in my mind, I need more experienced users to give me some advice. This will be my main source of money while I’m studying and I’m trying to protect it as much as possible. A good link I found was how XP license system works: https://www.licenturion.com/xp/fully-licensed-wpa.txt But is not very useful because I don’t use any kind of serial key containing user information.
I don’t know if this is the page for this, I decided to post this here because I’m not asking about code or “how do i do the following”, I’m asking if this is easy to bypass.
Everything is appreciated, I’m still on the first step (thinking about everything and checking if it fails before I start to code it).
Thanks in advance.