[thelist] Need to add a serial number system to my ASP script.

Ken Schaefer ken.schaefer at gmail.com
Sun Sep 12 22:59:14 CDT 2004


On Mon, 13 Sep 2004 11:45:19 +0930, Craig <cd-ml at aardvark.net.au> wrote:
> Hi Ken,
> 
> > How are you licencing the code? Per site? Per server? Can the user
> > transfer the licence/software between physical boxes (provided they
> > don't use more than the numbfer of copies they bought?)
> 
> I'm not sure really. I was going to give the user the .DLL file(s) and
> supply them with a serial number that takes the DLL out of "demo mode".
>
> > For example, if the code is licenced per physical server (irrespective
> > of the number of processors), and the code can be moved between boxes
> > (eg the user upgrades/replaces the box) then I would:
> > a) use assymetric key encryption
> > b) have the user tell you what the IP address of the server is
> > c) create an encrypted config file. The message is the IP address, and
> > key is yourp private key. You give this config file to your user.
> > d) you embed the public key into your application. When the component
> > initialises, it reads in the config file, decrypts it using the public
> > key, and checks the IP address against the IP address the machine is
> > using.
> >
> > This may present issues in a load balanced environment, and isn't
> > circumventable by clever programmers, but it's a common technique that
> > works for most cases.
> 
> At the moment, I think that I won't restrict it by IP address or anything.
> 
> Regarding the serial number, how would I actually implement this? I have VB
> code here that generates a serial number.  What I'm not sure about is when I
> generate a serial number, does it have to decrypt to a certain value, like
> the string "password".  So in my DLL I would decrypt the serial number and
> if the value is "password" I allow the DLL to run.
> 
> Sorry that my explanation is a little vague.


In this case, with a fixed serial number(s), I don't think there's any
real point encrypting anything.

You see, the DLL would need a master list of valid serial numbers. And
it makes no real difference if that list is a set of "encrypted"
serial numbers, or just a set of unencrypted serial numbers.

Your system doesn't aim to prevent copying of the software - only to
prevent the use of software without a serial. By copying the serial,
anyone can copy the software. Whereas in my previous suggestion you
are aiming to prevent the copying of software - in that case, the
software checks machine properties against the serial, however only
you can generate the serial numbers, and the serial number is unique
for each machine.

Cheers
Ken


More information about the thelist mailing list