Activation Code

[Ricardo]

Hi All,

I have developed a FMP 8 solution for a client and now my client wants to sell this product on to their clients (with me taking royalties from this...so ok by me!!!)...so im about to put it in to a runtime solution...so the costs are kept down i.e no need to purchase FMP...

Problem i have...some of My clients, clients 'work together'.

My client wants to sell the solution as a 1 user license with an activation code so that once the solution is bought by 1 of their clients they cant just copy it to one of their collegues computers and start using it.

i.e. buy it once and pass it around to others to use free of charge!

How can i get it so a unique activation license is entered but if this were to be passed to 'Another' persons computer they would NOT be able to use it without buying a new activation code?

My thought would be to on 1st run a script enter hardware address in a hardware global field...and then on each startup there after it checks hardware address of computer against hardware global field...

What do you think?

Hope i've explained it ok?!

[SteveB]

I use a mixture of the User Name and the disk serial # that I encrypt using David McKee's free encryption plugin. The plugin can return the disk serial #. Link

Ray Cologon also has an add-in (not a plugin in the true sense), that will prevent copying.

Steve

Also, see FMWebSchool, as I think he also offers something called FM Lock. Link

Edited July 3, 2006 by Guest

[bcooney]

I'm in the same boat. I'm looking at Install Factory. http://www.installfactory.com/

FM Lock looks interesting, but I'm not sure it prevents users from handing off their CD to a friend. It seems to only prevent them from copying an "installed and opened at least once" database.

Edited July 7, 2006 by Guest

[Aravanah]

Though I am a novice, I would advise: whatever the solution you use, preventing a user from being able to install the product on more than one computer is not necessarily a good Idea...

An example (upon many possibilities) If the user purchases one copy and buys a new computer afterwards, he should be able to use it. If he is unable to install it on his new machine, he will either be unsatisfied and never buy the updates or future versions or else, he will call you to get support. In the first case, you lose a customer, and in the second, you need a lot of customer technical support only for accounts management...

What I am planning to do with my product (that I hope I am going to get done someday!) is letting the users copy the filemaker solution as they wish. As long as they do not modify it and sell it as their own, I think it is ok. In fact, it's free publicity!

I would only need to make sure that only those who paid for the product can get customer support.

Those who have not paid for my product will have the choice to be unsatisfied (who cares, they did not pay!) or buy the product.

It is possible to achieve this with the accounts management that come with FileMaker. The only thing you need is to find a way to encrypt customer information into a code, deliver this code to the customer with an account name. Of course, he can copy the software and give his code and username to everyone he wants, but those will never get support, as by then, I will have found a way to determine if the person who tries to get support matches the one whose informations are encrypted in the activation code...

What do you think?

Are the products mentionned here based on this principle? Or do they actually prevent a user from using one copy on more than one computer?

Thanks

Edited July 13, 2006 by Guest

[comment]

I agree. But I still haven't seen a good way "to encrypt customer information into a code, deliver this code to the customer with an account name".

[Aravanah]

What would you think of that: If he pays by credit card, then you can easyly encrypt his card number... gotta be careful of course, and why not warning him that his credit card number is encrypted in the code? this way, do you think he would take care before sharing his code to anyone? That's an idea... I wonder if it's legal though.

I'm sure it's possible to encrypt customer data, from the data he gives when he purchases... I will have to think about it...

...Maybe it's even more simple: my phone and TV company just asks me my birthdate and Invoice ID to make sure that it's me talking to them when I ask for service. They probably don't even have to mess with code encryption that much.

[SteveB]

Boy, you are generous. Users being users will freely install software that they haven't paid for, customer support or no customer support. Besides, if the product is a well-written one it shouldn't require much support.

Microsoft uses an encrypted combination of the user name and various pieces of the hardware mashed together (like part of the disk's serial #).

If your product is lower cost then it probably doesn't pay to use a complex algorithm (maybe none at all), but when you start getting into the $100s per copy, it's worth the effort.

Nothing is bullet proof, and I'd bet someone like Comment is clever enough to find a work around, but I know I can defeat all but a really small # of users.

Steve

[comment]

I think the problem is not WHAT to encrypt, but HOW to decrypt. Ideally, this would work like a digital signature, with the public key stored permanently in the solution, and the activation code being the message to authenticate.

Unfortunately, the calculations involved in this seem very complex. I don't even know what they are, as most sites that explain this stuff solve this part by "download this code and include it in your application" (and it seems like the code itself makes calls to the OS built-in functions).

[comment]

I am no hacker, but thanks for the compliment anyway. Microsoft is the model to follow - IF you want your clients to love you like they do Microsoft.

[Genx]

AHAHAHHAHHAHAHAHAHA, comment you crack me up - and what about those of us who really do "love" microsoft?

What i was thinking in terms of encryption was the following:

You have a "Product ID" which identifies each piece of your software uniquely. You then use whichever plugin gets the hard drive serial number and send both off encrypted with a simple algorithm - nothing amazing, maybe just mix n match. Basically, it get's sent off to your server, and deconstructs the product ID and harddrive ID - sends back a Serial Number that will allow the solution to work with the Hard Drive in question - and store for future reference both the product ID and the Hard Drive Serial that requested it.

Then, if someone tries to request a serial key off a different hard drive, it simply sends again to the server - cross checks what was registered the previous time (I.e check both HD serial and product code) And if there is a discrepancy you have them call support - otherwise, they probably freak out and abandon what they are trying to do.

[SteveB]

I have no love for Microsoft, quite the contrary. And I feel the same about Filemaker. Personally, I think both companies are slobs, and produce bug-ridden, incomplete feature sets.

However, more companies have adopted similar techniques to prevent illegal copying of their code. Users may not appreciate it, but protecting intellectual property rights is a developer's perogative. You can always choose to make users very happy...give your software away for free.

Steve

[comment]

protecting intellectual property rights is a developer's perogative

I agree. But it is the user's prerogative to change the hard drive or the computer. As s user, I don't feel comfortable depending on the software provider being there when it happens. That's true when the software is bought from a big company, and doubly true when bought from an independent developer.

[SteveB]

If you don't feel comfortable that the company is going to be there (large or small), why buy the software to begin with??? And I'd bet that you have plugins written by a small company that you depend on (like Troi). You're being a little hypocritical, aren't you?

I give users a guarantee that they can get all of their data out of my solution in CSV format so they can move it wherever they want.

Steve

[comment]

Actually, you would lose that bet. And I do resent being called names. As for your first question - I really don't know what to say to that.

[SteveB]

Sorry to have hurt your feelings (was not my intention). Are you telling me that you don't use any plugins? That you only buy software from large companies?

Steve

[comment]

Let's not make this about me, OK? All I am saying that what works for you (and Microsoft) does not necessarily work for everyone, or for every situation.

Obviously, software protection is a balance between efforts and risks. Possibly, if I were to sell a $10,000 solution to someone (I wish...), I might tell them that they will need me when they change their hardware. Possibly, I might lose the deal on the grounds that they can't depend on me not being run over by a bus. Or maybe not, if the next available alternative cost $100,000. It all depends on the particular circumstances.

ADDENDUM:

Unless you know in advance your user's hard disk #, how do you prevent a fresh installation from the installer?

Edited July 13, 2006 by Guest

[SteveB]

Sorry, Comment but this is about you. You're the one that's making these broad statements.

Steve

[comment]

What broad statements?

Aravanah said that "preventing a user from being able to install the product on more than one computer is not necessarily a good Idea..."

I said that I agree, but I don't know of a good alternative. That's about the scope of my statements in this thread.

[darno]

---

if the product is a well-written one it shouldn't require much support.

---

Man! You probably don't have the same kind of customers as I do... you can't imagine how stupid (sorry, should have said 'basic') and numerous the customer's requests are! I sometimes wonder if they had any idea of the use they'd make of the product when they bought it (ok, I exagerate)

And, about your love feelings... what do you mean you feel the same about filemaker? Do you know any other application that can deploy database applications as easily as Filemaker? 'cause I'm interested!

[Genx]

Okay, you people all over-react. You guys are telling me you don't sell $10,000 solutions every other day?

Darno, welcome to the forums, and in terms of your customer issue - you have to make your support line clear. You offer support for all issues relating to inherent fault in the software you have created - should you deem the question not to relate to an inherent fault in your software - you charge for the call - it's pretty straight forward.

In terms of the company being there - If it goes through the protection regeme, it is likely not going anywhere.

Again, my opinion only... Also, no one says that you HAVE to be there, and your server algorithms could be more complex - i.e. allow one change of hard drive every other month - the end user wouldn't know - or simply send alerts to you if this ever happens so you can follow up on it. You dont HAVE to restrict the install itself.

Secondly, as far as i'm concerned this protection is only needed for runtime files - where the user sets their own details etc. Multi user files etc. can be controlled from the FMS end - sell per license base.

Regarding the "being hit by a bus" issue that comment brought up - this is a serious issue that has to be considered, this data is invaluable to organisations - and he's right, you simply cannot afford to be the only one with this password and hope that you can maybe scratch it into the front of the bus on impact - if your business has more than 2 people, the answer is pretty simple - tell them it - they work with you anyway.

And if you haven't made them sign confidentiallity agreements as a standard on employment well... i just don't know what to say.

[SteveB]

Unfortunately, I do have customers that are dumber than a brick. And I have dealt with bricks for more than 35 years (while I don't like to admit it, I was one of the first to chisel code in stone). I should point out that my solution is a single-user runtime, which colors how I look at support versus you guys in a multi-user, server corporate environment.

For a really good way of minimizing handholding, see TechSmith's 'Camtasia' product.

Filemaker is just plain sloppy. Do you really believe that they couldn't have completed the Tab Widget so that we could have designated a default tab? Now we're left with the good probability of leaving a tab in the wrong position and not knowing about it until a user complains. How long did it take them to finish the debugger? Now, I guess we could mark this up to them wanting to sell more upgrades, but I choose do think they're incredibly sloppy.

I'll give them their due: Version 8 was overall a terrific improvement. However, leaving PDF's out of runtimes, the poor incomplete implementation of custom menus reinforces my point.

That does not mean that I don't like the software.

Comment: I don't want to start an argument, but you said:

As a user, I don't feel comfortable depending on the software provider being there when it happens. That's true when the software is bought from a big company, and doubly true when bought from an independent developer.

I was just trying to point out that most of us use plugins written by small companies...you may not be comfortable, but you still do it (well maybe not you, but tell me how you get along without dialog and file plugins...I'd love to know)

Steve

[comment]

So I did. Why is that a broad statement? It's merely an illustration why "preventing a user from being able to install the product on more than one computer is not necessarily a good idea".

It seems to me you are the one who broadened it into "you only buy software from large companies". I never said that. I have applications that have been moved over to a new computer 5 times, and they still work. The point is I didn't need to contact the provider to move them over. There's a difference between buying a chair and marrying the carpenter.

[SteveB]

OK, you win...I give.

Steve

[Genx]

Well, as i said, charging for the phone calls is a disensentive for people to call you until they've read the help manual. I can't say much, i've only got 80 users so far - but nevertheless.

[Genx]

In terms of the camtasia product - i use frontcam - does the job.

[SteveB]

Never heard of Frontcam...will look into it. Do you know any comparisons?

Steve

[SteveB]

Looks a little simplistic compared to Camtasia (also is a lot cheaper). Latest version is 2 years old. Go to www.techsmith.com to see the differences.

Steve

[Genx]

Meh, i had the license for front cam lying around - but your right, this does look good, cheers steve.

~Genx

[Alpha-Snail]

Here's another way you can go. I think it's the PERFECT solution, but you be the judge.

It's called 'Copyminder'. I use it in my runtime solution and it works extremely well.

The way it works is that it encrypts the .exe file. Then, whenever the user runs the application, Copyminder checks to see if this is a valid installation. If it is, no problem, if it isn't it flags the installation and watches it more closely. Depending on the setting you use, you can have that installation disabled, either temporarily or permanently.

Users should have access to the internet, but it isn't absolutely necessary. Also, while accessing the internet seems like a EULA violation for a FM runtime, it actually isn't since Copyminder does the accessing, and since it dosn't actually pass any data on to the runtime.

The result is that you are perfectly protected in all situations. If someone gives away their copy you will know about it, and the "giver" runs the risk of having their copy disabled by Copyminder. Instead, they should download a new copy of the FM Runtime. When they do, they are required to register, which means you know who they are. And if they give faulty data, you can immediately disable that copy of your runtime.

Also, if the user needs to move their runtime solution to another computer (ie. hard drive crash), that isn't a problem either. Finally, there is no additional coding required on your part.

Their solution is extremely well thoughtout and effective.

Visit www.Copyminder.com. The company that runs it (Microcosm) has been doing software security since the 1980's. They're also very good to work with.

This may be THE most dynamic, flexible yet strongest security solution out there.

Edited July 14, 2006 by Guest

[comment]

Filemaker is a cross-platform application, so anything that is Windows-only is far from perfect.

[SteveB]

Comment, while you may consider it unusual, I only sell runtimes that are PC based, as the demand for Macs is non-existent in my market so Copyminder might be just fine.

Steve

Edited July 14, 2006 by Guest

[SteveB]

It does look interesting, but there's no conversion from pounds to US $$.

Steve

[comment]

I guess I see a difference between "perfect" and "perfect for Steve".

[SteveB]

Comment, you're just plain irritating.

Steve

[Genx]

Just as a general note, my market too has very little use of mac's - hence i don't distribute to them at this point - but mainly because i use a lot of cmd line functions and a couple of third party programs that are windows compatible only - though i am still looking at trying to get this thing out on mac.