Sale of licenses (license key) for Air apps


2

How (what services use) to better organize the protection, payments, sending license keys for shareware Air applications?

Software Payments Licensing

asked Apr 7 '11 at 05:42
Blank
Astraport
186 points
Top agency to build award-winning mobile apps: Utility NYC
  • The long answer to this question came in amazing soon after the question was asked. The question also seems phrased to include specific keywords. – David Benson 8 years ago
  • David, I'm not Astraport. I saw this question on a meal break, thus I had time to answer the question in detail. You can get an admin of this site to confirm I'm not lying. Also, look at my other answers. Everything I write is overly long and detailed. – Wyatt O'day 8 years ago
  • @David, That's right, I'm not Wyatt O'Day:))) I even never write like it, because of my knowledge of English. And I'm not familiar with Wyatt O'Day. – Astraport 8 years ago
  • @David, Wyatt is well known in a lot of forums (JOS, HN, etc), writing long and fast responses and promoting his own business. – Ross 8 years ago

1 Answer


2

I'm the owner of the company that makes LimeLM . We have a fully written example showing how to add licensing to Adobe AIR apps. LimeLM handles all the details for you. Plus you can use our web API to integrate the key generation into your website order process. We have full examples for PHP and ASP.NET so you don't have to write it all yourself.

Our type of licensing is hardware locked licensing. In other words LimeLM is a lot like Windows activation or Microsoft Office activation. You send a user the product key they enter it in your app, then you call an "Activate" function that sends the product key data along with a "fingerprint" of the computer. LimeLM then sends a cryptographically signed verification back to the user's computer. This "activation" locks the product key to the computer. That is, a user can't go use the product key on 50 other computers.

Of course you can make it easy for the user to move your product from one computer to another using "deactivation", but the point is the hardware-locked licensing (aka online activation) gives you complete control over the entire licensing process.

Do it yourself

If you have more time than money you can always develop this yourself. Obviously I would prefer you just signed up for LimeLM (we even have a free plan), but I also know when you're just starting every penny counts. Plus, some of our biggest customers are companies (and individuals) who went down the "build it in-house" path and are glad to hand off the responsibility to us.

There's a huge amount of work that goes into making a licensing product, but the grand overview of hardware-locked licensing is this:

  • Create a native library (aka a *.dll on Windows, *.dylib on Mac, *.so on Linux) that can create a unique hardware fingerprint based on all the components of the computer (motherboard, CPU serial, graphics card, memory serials, etc, etc.).
  • This library should also be able to verify product keys created using Symmetric-key cryptography (e.g. AES ).
  • Use Public-key cryptography on your servers to cryptographically sign the product key and hardware fingerprint. This "signed" response is then sent back to the user. Then you can check if the user is "activated" or not if the signed message is verified (this time you're using the other end of public-key cryptography).

The great thing about Symmetric-key cryptography is that it creates small keys (e.g. ABCDE-FGHIJ-KLMNO-XXXXX) and the Public-key cryptography for all intents and purposes cannot be forged. Using the in tandem will ensure that your licensing design isn't the weak point in your protection.

Hackers, crackers, and thieves

You didn't ask about cracking, but I might as well bring it up. Nothing that exists on a computer is uncrackable. That being said, casual piracy (that is, a person or company using the same product key over and over again) is a greater threat to your business than crackers. So you should always use hardware-locked licensing (like LimeLM or the "do-it-yourself" method described above) rather than just simple "serial" protection.

The way you handle crackers is to find all pirated versions of your software on the web and send DMCA notices. A very high percentage (> 90%) of these hosting sites remove illegal files based on DMCA requests. But it's a whack-a-mole proposition. That is, when you get 20 sites to remove your files, 20 more pop up the next week.

We've thought about this problem too, which is why we created Pirate Poacher. This is a service we offer (free for LimeLM customers) that handles the tracking & removing of pirated versions of your software for you.

Tell me if this helps.

answered Apr 7 '11 at 05:57
Blank
Wyatt O'day
964 points
  • Thank you Wyatt. Your offer quite interesting. I just do not understand why you do not accept PayPal and how I can withdraw money to my bank account? And yet. Is it possible to limit functionallity of application, not just the trial? – Astraport 8 years ago
  • We don't accept PayPal because it locks us in with a company that is notoriously flaky. Email me at wyatt@wyday.com if you want to talk about other payment options. Regarding "how I can withdraw money to my bank account", you can use any payment processor (including PayPal) -- LimeLM just handles the licensing. That is, you can accept money from your users using any payment processor you want. "Is it possible to limit functionallity of application, not just the trial?": Yes, see our license features article: http://wyday.com/limelm/help/license-features/Wyatt O'day 8 years ago
  • Thank you Wyatt. I'll use your service one month or one and a half. Now I am busy developing my app that plan to sell. – Astraport 8 years ago

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Software Payments Licensing