A client has an application that will run on a third party machine. There is a regular fee to use the software.
Can someone suggest some licensing applications?
We needs to
create a licence and add it to a database of some sort
have a server somewhere that the application can check if the licence is still valid. This could be a third party server, or software running my client’s server.
probably, check some specific details of the end client system that links a licence to a specific site. This is not a nodecheck feature that links it to a particular PC, but to specific data the application can access.
I’ve found a few possibilities on the web. I’m interested in other people’s approaches and experiences.
My clients have used a range of solutions. The level of security correlates with the amount of work required and the angle of the learning curve.
The easy schemes can tie the software to encrypted registry entries, a hidden file, or some bit of hardware like a drive serial number or network mac address. These are more impediment than impregnable, but sometimes enough. Harder ones use Sentinel HASP or CodeMeter (USB) dongles. The USB dongles have independent date/time clocks (for time-limited licenses), optional server management, and a chunk of programmable memory for customization. Deciding between one scheme and the other will depend in part on the money involved. You will have dev costs, the client will have licensing costs, and nobody really wants to pay any of it. A modest degree of protection with really good support might be enough to keep them in line.
The scheme we need would check with a remote server somewhere to make sure the customer regular payments are up to date.
I am reluctant to offer a custom solution if there is something already existing. Web searches have found products like PayKickStart, LicenseSpring and keygen. Short term they look cheaper with some at $99 per month, probably $US, one at $49, until you start doing 10K requests to the server API per month. Their server is used to store the information, and they provide a dashboard with lots of options (and varying costs).
There is also SoftActivate which you can purchase. It has an SDK and sample server code to run on your own server. This might be worth a look as hopefully a lot of the basic work is done already and it only needs some tweaking.
I use the Hasp USB locks, I encode a date to a section of the memory of the lock that I can update annually.
My software checks to see if the is date is valid and warns them 3mounths out and again in the final month and the system works quite well. The client renews the licence, I issue a set of software keys that update the lock with the new date.
We lose a few locks when people send their machine in for work or move office.
Of the say thousand locks only a few have failed.
Easy to move the lock from one machine to another so you can take it home and use it without a second licence just remember to bring it back. ( not so much of an issue with working from home)
I like it that you don’t have to be connected to the internet to use them
They do regularly get more expensive and supply is sometimes an issue.
There are options for single machine and server systems.
They do also do software licencing both local and via the internet.
You can also let them manage the whole system for you with their licencing portal managing the licences and I think payments but I’d have to check that. I don’t have enough clients to warrant that.
For simple applications I still tend to do some sort of mash of the hard drive ID and just hold it in an ini or xml file.
I’ve always been rather wary(1) of third party licensing products and wrote my own (which I showed at the symposium a few years back) - but that did not include a phone home scenario (I discussed it briefly). I can’t find a copy of my slides at the moment so if anyone has a copy (a pdf was included on the usb handed out along with the source code) feel free to share.
What ever you go with, please consider any inconvenience factor for the end customers - some companies (who will not be named) do not consider that and provide no way to move licenses to different machines or to deactivate a license and yet incredibly still limit how many times you can activate and make you jump through hoops and direct you to sales and try to get you to pay again for software you already paid for if you no longer have a support subscription
Creating your own client/server in this would not be too difficult… it depends also on how technical the end users are and whether they have the ability to attempt any circumvention of the licensing scheme.
(1) I have seen many of these vendors come and go - if you are using their infrastructure to enable your software to run… good luck when they disappear. Or if you are running their server software on your own infrastructure - and they fold, will it continue to work and allow for os upgrades, server migrration etc.
The bar for licensing and copy protection vendors needs to be a lot higher than a typical component vendor - since they are much harder to replace and might result in your software just stopping working one day.
I also can’t find the pdf of your talk. I think it’s on a USB TCG handed out, but it must be in a very safe place.
I’ve used my own licensing scheme for my own product for many years, and have an idea of the issues this product is likely to face, as it is in the same market space. Moving PC does happen, but not frequently. I do not intend to recommend tying the licence to the PC. Instead it would be tied to a piece of equipment related to the application. Changing that equipment is also something we need to support, but I don’t see that as an issue.
I take your point about third party vendors going out of business.
The phone home option seems preferable to issuing a new licence each time the customers pays their subscription. I think the PC is always going to be connected to a network so that it can connect to some cloud software that is integral to the application. This is something that needs confirmation.
If someone does find @vincent 's presentation pdf and can upload it, I would be grateful.
One slight complicating factor is that the application is in C# so some of the third party components that might be usable for a Delphi app can’t help this time.
Thanks everyone who has answered and commented. It is very useful to have ideas bouncing back and forth.
In that case you might want to look at an obfuscation tool - we use SmartAssembly (it’s not cheap). Without obfuscation it’s simple to load up the assemblies in ilspy and figure out how to circumvent the licensing - of course if your end users are non tech people that’s less likely - we sell to developers so for us it was essential.
This may not be important to your application, but some phone-home
schemes bestow a period of grace to allow “off-line/on the plane/don’t
trust the cafe internet” use. A server connection and validation of the
licence only has to occur (for example) once a month.
In my experience, third-party USB dongle schemes are fantastic right up
to the moment when they are not. Driver issues are becoming more
frequent, and it is not unusual to find a client’s well-intended Windows
update has effectively shut them out of their own software. Cue call to
support…
Yes, I agree. It is extremely unlikely that this software would be on a laptop flying around, or taken home, as it relates to building/site management.
My own software is not subscription based, but licensed to hardware on site. If the hardware fails, the customer has 30 days to get a new licence. I expect we would do something similar for this client.
I was reading about USB dongles yesterday, and felt they added a layer of complexity that the end customers would probably not be able to cope with. Many are not particularly IT savvy.
A monthly fee for that? Wow - I wonder how many people actually go for that when there are much better/cheaper options - I use https://virtualhere.com/
