13 Replies Latest reply on Jul 5, 2013 11:31 AM by schamblee

    Best practices for activation compliance for Runtime solution

    janslort

      Title

      Best practices for activation compliance for Runtime solution

      Post

           Hi Fellow Developers;

           I have developed a Runtime solution that is getting distributed to numerous small clients to run on their P.C. computers.  They are required to pay a small monthly use fee.  If they forget or fail to pay, I want to deprive them of further use till they do pay.  What is the best way or system for this?

           Jan

        • 1. Re: Best practices for activation compliance for Runtime solution
          schamblee

               I don't want to give to many trade secrets, I don't want anyone hacking my runtimes.  I use a date in number format then I have a math formula to convert This number to another number then I may add letters from the company name to it.  I reverse my math formula then convert the number to a date then if this date has expired I go to a renewal screen.  You would give the customer this random number to enter into a field.  You would have a script or a custom function to convert this random number to a date. This date would be verified each time the user starts the software.    You might have to check this date somewhere besides the startup if they don't exit the software. 

          • 2. Re: Best practices for activation compliance for Runtime solution
            janslort

                 Dear S. Chamblee:

                 Thank you ever so much for your post.  Now if I could understand it, I would give myself a raise! This is several notches above my pay grade.  Is there any other soul out there who has a solution that is a little easier for me to understand  ?  Please . . . .

                  

                 Jan

            • 3. Re: Best practices for activation compliance for Runtime solution
              schamblee

                   Create a calculation field with Get(CurrentDate)+30*2 return results as a number.  This will get the current date and add 30 days to it. I use a different math formula but I will use two in this example, which is just random so the number doesn't look like a date.  Get(CurrentDate) as a number gives the number of days since 01/01/01.  To an experienced hacker this may be obvious,  so I use a math formula so it will not be so obvious.  I use a more complex formula.   This will return 735112.   You would have an activation screen to enter the activation code. This number is the number you give your client over the phone to activate there copy for 30 days.  You could add text to the being or the end to make the code harder to be reversered engineered and so they could not  just makeup a number.  I usually add other character as check digits, to verify it's a real code.  Your startup script would verify the check code then covert the number back to a date. 735112/2 will give the expiration date in number format. Use getasDate to convert to a real date.  Then if this date has already passed then you would go to activation layout if not you would go to the startup layout.  I'm not going to give  my exact method on here but this is the basic idea.

                   Here is a link about passing dates as numbers

                    

              http://forums.filemaker.com/posts/4b07008c01?opentoken=QXBpS2V5PTEwYzgwZjlkODliMjcwNmUmcF9jaWQ9MTMyNDU2NyZwX2VtYWlsLmFkZHI9aHlwZXJzb2Z0JTQwY2FibGVvbmUubmV0JnBfbmFtZS5maXJzdD1TdGFjeSZwX25hbWUubGFzdD1DaGFtYmxlZSZTaWduYXR1cmVWZXJzaW9uPTImU2lnbmF0dXJlPUt0bDFiSGdGWXNoQ0tCV2o0TEJTbFIzNTR3dyUzRCZwX3Nlc3Npb25pZD1vZDV1JTJBanVsJnBfdGltZXN0YW1wPTEzNzI4OTcxNDI*

                    

              • 4. Re: Best practices for activation compliance for Runtime solution
                janslort

                     Dear S;
                     I get it.  Very smart of you.  BUT. . . .it seems that you are passing a validation date that causes a look at the system date + or -. something.  Could this be defeated by changing the system date to "before" the expireation date?  In my case I'm not thinking so much about having my stuff hacked & stolen as I am about my monthly subscribers just not sending in their payment.

                     Could I have a log-on script in my solution that causes my clients to quiry my computer for a status verification (Active/Inactive) from a computer (specifically) authorized to have access to me.?  I know how to do this if I'm running "Server" with their database on my hardware, but that's not the case here.  Maybe using a "cloud" server?  (I don't really know what that might entail)

                     Jan

                • 5. Re: Best practices for activation compliance for Runtime solution
                  schamblee

                       It could be beat if they changed the date to a later date, if your script compared the expiration date to the system date, but everything on the system would be miss dated.  I don't think a user wants to send out an invoice dated several months later.   You could compare the expiration date from a date that you retrieve from the internet.  The point I was making about hacking, is that they enter a date without paying the monthly fee.  You could have a validation that retrives information from a web server, but then the user would have to have an internet connection.  No system is 100% foolproof, it's just a method that I use.   Most  users are not going to try and hack your system, so you may could get away with just giving them the date in number format.  I wouldn't want to just let them enter a expiration date in date format because they may just enter any date.  

                  • 6. Re: Best practices for activation compliance for Runtime solution
                    janslort

                         Dear S. Chamblee:

                         You're right of course.  Missdating the system cures one problem and createas a dozen others.  I really like the validation by my server idea, the clients all have Internet anyway.  How do I pass the "validation" to the solution sign in screen

                          

                         Jan

                    • 7. Re: Best practices for activation compliance for Runtime solution
                      schamblee

                           I have not actually use this method before.   You may be able to create a file / database that you can sent to the client, which they could import into their runtime to update the expiration date.  I would still want to encrypt the expiration date in some manner.

                      • 8. Re: Best practices for activation compliance for Runtime solution
                        janslort

                             Dear S.Chamblee:

                             How about a simple script in the logon that takes them to my file at my IPaddress.  After access to the file is granted with his password, he "Gets" (field).  If(Vaidation ="Yes";" Validated"; "Not Validated") .  If Validated is True, the script goes through to completion.  If not, he gets a message to call or e-mail us.  The list would be easy to maintain on our end and it is a daily part of the normal logon sequence.  Sort of like a password validation does on a network. What do you think?

                             Jan

                        • 9. Re: Best practices for activation compliance for Runtime solution
                          schamblee

                               You can use open url to go to your ipaddress but you would still need a method to get the information into the app.  Runtimes do not support file sharing.  You may could use a plug-in to perform this task.

                          • 10. Re: Best practices for activation compliance for Runtime solution
                            janslort

                                 Dear s Chamblee;

                                 o.k.  Can I have my solution  "Look," verify, copy, paste, import, or compare  a word for validation, say of the password?  I can use the logon "user" as a properly constructed "password" so I can free up the "password" function to be a word like "active ", or "valid" or some convolution like "gzornumplats4325". which must match or be obtained from my URL connection file. Can I use the value list somehow?  I just don't know the possibilities with bound solutions.

                                 I feel like we are getting closer to an answer, but I wouldn't blame you if you are getting tired of this pursuit of the "Holy Grail"

                                 Jan

                            • 11. Re: Best practices for activation compliance for Runtime solution
                              schamblee

                                   I don't understand how you want to use a value list.    You can any term / convolution to test in your app to state it active.  It just a matter of getting into the standalone app.  If information could copy then pasted then information, could also be typed in, which can lead to typos.  

                                   Here is another idea that might work.  A prior user was using a usb drive to store data outside the runtime.  There are cloud solutions that let you use them as a drive on your computer?  Sugarsync is a cloud solution i use to store files and use as a drive on my computer. Maybe your solution could check a table on the cloud to verify the solution is active.  Each user would need their own account and you would need access to update the file, which only needs updating to inactive when the user doesn't pay.  This table would only be accessed at startup to verify status is active.

                                   Here is a link about binding a external databases from a usb drive, but should work the same way.     bound solution using USB file doesn't work
                                   Again, I havn't actually tried this, but I don't see why it wouldn't work.

                                    

                              • 12. Re: Best practices for activation compliance for Runtime solution
                                janslort

                                     Dear  s. Chambllee:

                                     the other user you referred to is me.  I assigned a permanent drive letter to a USB stick "Z"and remove/restore client sensitive data to get it off the Internet  accessible machine.  O.k. You're right. I'll try iit thanks for all your help. 

                                • 13. Re: Best practices for activation compliance for Runtime solution
                                  schamblee

                                       I didn't notices.  Thats funny.   Well, I hope it works. Good Luck.  Let me know.  This might be a solution that other can use.