I asked this a while ago on technet and didn't get any feedback.
What I ended up doing is creating a web-hosted PHP file that performs a check against a passed license key to an online MySQL database.
Filemaker does a calculated insert from URL step, with the client serial number (UUID) to return a result.
I read the code from that link and look for a "yes valid license" message. I can also use filemaker on my end to generate Get(UUID) to add serial numbers to the MySQL table via ESS for new keys.
In the client side for filemaker I store a registration record that they can modify (not delete or create) in to store license key, as well as a validation flag. Then there's triggers that will look for a verification flag every 30 days or whatever interval I set. This way I can unlicense their key later, validation will fail, and application will exit.
you could modify this for demo purposes as well. IE a demo key would install a timer script that exited application after 10 minutes, or installed a specific privilege set, or whatever you need.
Thanks for your reply. Did you generate a list of valid keys at first and then conduct the check? In the past, I would have created an array with a list of serial numbers, or increment them with a randgen method, but not sure in FM. It would be nice to see a whitepaper, or something that I could actually peruse to understand it more thoroughly. Your approach seems like a great, but I do not quite understand its entirity.
No, I generate a single key on my end (in filemaker, using ESS to access the online MySQL database) each time I need it. My solution is only single-user based though so I only need one key per sale. That key is stored in a MySQL table hosted on the same web site that hosts my regcheck.php file. I then send that key to the user, who inputs it into a record in the filemaker file I sell to them, and then verifies it with "insert from URL" (filemaker script step) from regcheck.php
I use filemaker's Get(UUID) function to generate a serial, stored in a text field. Since UUID's can have 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations making it pretty hard to guess, I feel that's secure enough for my needs. Also since I'm performing my regcheck.php through a web site, I can grab authentication attempts as well through that script, storing and allowing me to block any malicious IP traffic I find in the logs.
Instead of generating an array of keys, you could possibly script filemaker to loop create a batch of records, and have Get(UUID) as an auto-enter value on a text field for serial. This would allow you to create batches of keys that work with the above scenario.