11 Replies Latest reply on Feb 9, 2014 2:38 PM by Mike_Mitchell

    Protection of my solution

    francishunger

      Hi,

       

      I'm working on a solution to be distributed online and thinking about how to protect it. Would you coment on it? I'm using a one licence per client.

       

      • I'm using a layout "MAC" that is only visible to the developer and a table that is only accessable to the developer.
      • It contains a field that holds the computers MAC address
      • A calculation processes the hexadecimal value into a decimal value (to obfuscate the origin).

       

      • In another Layout "Licence" I'm displaying this decimal number and the user is asked to send it to me when paying the software.

       

      • I do have a password database which can calculate the original MAC adress of that user and store it. It also calculates (with some magic substractions, multiplications and divisions) a Serial Number, which I send in reply. The user has to enter this serial number. When the serial number (reversing the magic substraction, multiplications and divisions) matches the MAC address, the license is valid.

       

      I'm aware that I'll have users who replace their computers and subsequently call me, because their license becomes invalid. This may also occur if they would change certain parts, e.g. the network card, which leads to a change in the MAC address.

       

      A bigger difficulty seems to me the automation of the shopping process. At the moment I do not see any other option than receiving the calculated number by email or so, putting it in my database and replying by email. Which could take up to 24 hours or more (if I'm on holiday). I do not expect tons of people buying the solution... Maybe 100. I'm not expecting the thing such a success, that people would actively start to crack it or so. (Otherwise I would want ot discuss it here...)

       

      Do you know of any online selling services for software that might deal with this process of exchanging the serial?

       

      Any other comments or hints?

        • 1. Re: Protection of my solution
          steve_ssh

          Hello Francis,

           

          Around 10 - 15 years ago there were two companies that I was aware of that offered services along the lines of your inquiry:

           

          Kagi and Digital River.  I believe that digital river has since changed its name to something like SWREG.

           

          You might try googling for these and similar companies to see what you come up with.

           

          HTH,

           

          - steve

          • 2. Re: Protection of my solution
            Stephen Huston

            You might consider allowing a one week trial period before they have to register, and making the start of the registration process (scripted, I assume) extend the life of the trial by several days (but only once) to allow for any necessary response. This should avoid users feeling that they cannot try it for free, or are locked out even though they have started the registration as instructed.

             

            Such options can be scripted using a global date field which is set once and then tested whenever the registration number is still missing, assuming this is a single-user solution.

            • 3. Re: Protection of my solution
              DavidZakary

              I number of years ago I did a system that would only let you add 10 records. After that it prevented you from adding more until you had a valid serial number. You could use it as long as there were fewer than 10 records. It was pretty basic, but it worked. The serial number was calcualted based on a user name. Unfortunately I had to manually send out the serial number after I was notified of a purchase from Kagi.

               

              I looked into Kagi at the time, they had an API available but it could not be integrated with FileMaker. This was about 8 years ago.

              • 4. Re: Protection of my solution
                mardikennedy

                There are 'technical' solutions and behavioural ones.

                 

                On the behavioural side, I set things up (via a 'setup' script setting a 'preference' field) so that the licensed user's name appears either on an opening screen or some other appropriate possie.  This way, if the solution gets passed on to an unlicensed user, it's all quite explicit. I also aim to 'know' my clients and that also builds loyalty and (hopefully) ethical behaviour. The only reason however that this works in my context is that a) it's a very definable, niche user base and b) filching is regarded as bad form.  The overall honesty levels are obviously much lower in some environments.

                 

                On the technical side, the other thing that I'll do to differentiate between a demo and a licensed copy is to (formulaicly) purge new records created in an unlicensed copy.  You can play with serial numbers or creation date or both to easily distinguish between original records and additions.  Again, not completely impenetrable but sufficient in the solution's environment.

                 

                My first priority is always to manage the behavioural side; I mostly think of the technical options as 'plan B'.

                 

                All the best,

                Mardi

                • 5. Re: Protection of my solution
                  francishunger

                  Thanks everybody for your comments.

                   

                  The most interesting is for me your suggestions to more work towards the moral side of licensing, rather than the technical. "Aim to know my clients" is a twist on this issue worth considering further.

                   

                  I'll have to think about that. I already have planned a demoversion which would run unlimited but deny printing and exporting to pdf and excel. Since the solution will be used for organizatorial work I think this may be limitations which first provide enough incentive to actually use it and a level of missing functions, creating incentive to spend on the full version.

                   

                  What seems strange to me, that I couldn't find this point being discussed by Filemaker Inc. or in books, as far as I know. Maybe you have seen something somewhere.

                  • 6. Re: Protection of my solution
                    usbc

                    Have you considered hosting a demo file on your server ?

                    • 7. Re: Protection of my solution
                      Malcolm

                      The most interesting is for me your suggestions to more work towards the moral side of licensing, rather than the technical. I'll have to think about that.

                       

                      Especially as your target group are barristers! An unscrupulous barrister is going to be unmoved by moral considerations and a scrupulous barrister is so busy with their briefs that there isn’t time to pay the bills.

                       

                      I’d stick to serious issues. Usage limits allow the user to try the system without being able to use it. How about limiting the maximum hourly fee to $100. That will bring a smile to their face.

                       

                      malcolm

                      • 8. Re: Protection of my solution
                        NickLightbody

                        Hi Francis

                        Having suffered from a case of a lawyer - yes Malcolm - requesting additional licenses then failing to pay and removing our access to the server a few years ago my approach was to write a licensing server in FileMaker.

                        This has been running now for over 3 yrs.

                        If a user does pay then we turn off the license and the system reverts to single user read only - we reckon that it is correct to allow them to see their own data but not to use our system beyond that.

                        The server also controls user licenses, active modules, features, the terms of the end user license and links to help - so everything can updated as necessary.

                        We have thought about licensing it to other developers but have not done so yet.

                        It enables us to charge and get paid monthly - which is nice.

                        Cheers, Nick

                        • 9. Re: Protection of my solution
                          francishunger

                          Your idea brings at least a smile to my face. thanks, Francis

                          • 10. Re: Protection of my solution
                            francishunger

                            For the ease of use I have for the moment only considered that the same file is a demo and a full version. Otherwise I might need to create scripting for the import of data from the demo solution to the full version (= lazyness).

                             

                            But the demo thing is not so much of my concern, as is the question: which of the online services might be good to deal with that model as decribed in the original post.

                             

                            I have began to look into

                            http://www.sendowl.com/

                            http://www.mycommerce.com/

                            http://www.fastspring.com/

                            http://www.paypal.com/

                             

                            Most likely the paypal API may allow a custom php programmed interaction that allows the exchange of the solution number and serial number...

                            • 11. Re: Protection of my solution
                              Mike_Mitchell

                              Nick -

                               

                              If you don't mind my asking, what strategy did you use for your licensing server? PHP page through a web viewer?

                               

                              Mike