• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Licences 101 - Copy Protection for Newbies
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Licences 101 - Copy Protection for Newbies

  • Subject: Re: Licences 101 - Copy Protection for Newbies
  • From: Jeremy Dronfield <email@hidden>
  • Date: Mon, 23 Sep 2002 18:41:47 +0100
Thanks to everyone who's replied, both for your advice and your patience with me for tickling such a well-worn subject. I've got a few questions, but first I'd better deal with an issue which seems to be a hot potato, and which I didn't express well in my post.

I wrote:
4. App triggers an email message to developer registering the transaction.

Steven M.Palm wrote:
I personally don't like this. Not because I'm doing anything illegal, but I simply abhor the idea of software doing something (especially communicating with the outside world) without my invocation.

Sherm Pendley wrote:
My objection to it would be more of a practical matter: it requires an active internet connection.

Jeff LaMarche wrote:
I personally watch my packets any time I install a new app and if it sends information over the internet without asking me, I uninstall the software and write a nasty e-mail to the author.

I totally agree - I just didn't explain my idea properly. I've actually built a prototype validation model based on the schema set out in my post. The way registration works is this: When the licence has been validated, the content view of the licensing window changes. The user is asked if they want to register the product, and is shown the information that will be sent, and given a choice of three buttons: Register Now, Register Later, and Why Register? (which changes the content view again to tell the user that the purpose of registering is to ensure that they will gain free entitlement to all future updates of the product). If they click Register Now, the default mail app launches and begins a new message containing the requisite info, which can be examined. The user thus has a second chance to decide not to register, by simply not clicking Send. If they decide to Register Later, they aren't harassed: the Registration window never appears again unless they call it by choosing Licensing... from the Application menu. I suppose my post should have said "triggers an email *addressed* (but not sent) to developer..."

So, if you're still bearing with me, I've got a few questions about the suggestions that have been sent.

I wrote:
2. App compares the entered value with a valid value (or array of valid values) held internally. If it gets a match, then:

Steven M.Palm wrote:
I would suggest instead some algorithm be implemented to generate keys which match a given validation formula/checksum/whatever.

Josh Ferguson wrote:
The most secure method here is having some kind of generation and validation routines. The easiest way to make this relatively secure is to generate a serial number based on a registration name. Maybe something like encrypting the name and hashing the result to generate a serial number would work. Check out MulleCipher to do this.

Peter Sichel wrote:
If you use a key checking algorithm (some hash of the users name, organization, date, etc...) do not include the code needed to generate valid keys within the software you supply to customers. You can avoid this by encrypting the generated key and then decrypting it in your application before applying your key checking algorithm.

Jeff LaMarche wrote:
You should use some form of algorithm. A "blacklist" is definitely a good idea - a list of values that pass the algorithm but are not valid for other reasons (known distributed or hacked values)

These suggestions are sufficiently similar for me to conclude that there is (up to a point) a more or less standard approach to this part of the process. The problem for me is in the details. My questions:
1. The customers buys a key. What's the best format for this - a UUID perhaps, or something based on one? How many should there be - a unique one for each customer, or a handful of standard keys?
2. Forgive my ignorance (remember this is Licences 101), but I need some guidance (perhaps some code snippets) on how to hash serials and perform basic checksums etc in the validation process. Again, I'm not asking anyone to offer me their crown jewels - just some snippets which you wouldn't dream of including in your app but which a newbie can use to learn the techniques.
3. The app I'm working on here is already linked to the MulleCipher framework for its resource handling, so if it would help with licence validation, that would be great. I'll also look into the esellerateSDK. But these will probably only help once I've mastered the basics.

Again, thanks for the advice, and thanks in advance if anyone's got any more they can give me.
-Jeremy

========================================
email@hidden // email@hidden
The Alchemy Pages:
- fractious fiction at http://freespace.virgin.net/jeremy.dronfield
========================================
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Licences 101 - Copy Protection for Newbies (From: "Steven M.Palm" <email@hidden>)

  • Prev by Date: Re: Cocoa Browser [was Re: NSMutableNumber?]
  • Next by Date: Software Registration using Authorization/Authentication APIs?
  • Previous by thread: Re: Licences 101 - Copy Protection for Newbies
  • Next by thread: Re: Licences 101 - Copy Protection for Newbies
  • Index(es):
    • Date
    • Thread