Solved

protecting a java app

Posted on 2004-08-25
13
223 Views
Last Modified: 2010-03-31
I want to distribute a java application in demo mode and upon registration to enable the full mode. What are my options ?
What i figured out so far is that i must get the user to submit some data (such as a name, id, etc) and i'll offer a key generated from his data. he types the key in the app and if it matches his data the app gets into full mode. so far so good. BUT, what should the user's data be ? what if one user registers and then tells everyone his data and key ? are there any other options ? how are big-time commercial java apps distributed ?

thanks
0
Comment
Question by:hapciu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
13 Comments
 
LVL 35

Accepted Solution

by:
girionis earned 25 total points
ID: 11892073
Have your application communicate with your server when the user enters his key. Then if the key is valid register the product and "cancel" this key (you could set a field in the database to true, like "keyUsed = true"). Then when next user tries to re-enter the same key check it against the database. If it is canceled (field "keyUsed" is true) then inform the user that this is an invalid key.
0
 

Author Comment

by:hapciu
ID: 11892162
That's doable, but i think it's a bit of overkill for my small-time app.
is there a way to avoid communicating with my server ? can I get some absolutely unique data from the user's machine (i.e. not letting him enter his data but show it to him) ?
0
 
LVL 16

Assisted Solution

by:krakatoa
krakatoa earned 25 total points
ID: 11892237
You could try to use the serial number of the hard disk.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 25 total points
ID: 11892246
>>how are big-time commercial java apps distributed ?

They tend to generate time-limited keys. I know ATG and Together do
0
 
LVL 35

Expert Comment

by:girionis
ID: 11892258
It is only needed to be done once, when the user first enters his/her key. After that there is no need to communicate with the server since the product will be unlocked.

> can I get some absolutely unique data from the user's machine (i.e. not letting him enter his data but show it to him) ?

You could get his I.P. (if it is static and if he is not behind a firewall) or his MAC address, but you can't get the MAC address with pure Java unless you use JNI.
0
 
LVL 35

Assisted Solution

by:TimYates
TimYates earned 25 total points
ID: 11892355
   java.rmi.dgc.VMID guid = new java.rmi.dgc.VMID() ;
    System.out.println( guid.toString() ) ;

returns:

    da4d755f7762b8ea:1dd7056:fe9638a9ff:-8000

on my machine, which is a SHA encoded IP address, hashcode, system time and a counter, so if you only look at the first two blocks of it, maybe that will be unique?

0
 
LVL 35

Expert Comment

by:TimYates
ID: 11892365
actually, you could encode the key with the system time, and then you could make it only work for a specific period of time?

Maybe...
0
 

Author Comment

by:hapciu
ID: 11892373
CEHJ: what is a time limited key ? do they still communicate with the company's server ?
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 11892511
>>CEHJ: what is a time limited key ?

A licence key that expires after a period. In some cases, network connections are not made.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 11892845
And at the end of the day, with perseverence, a copy of JAD, a copy of BCEL, an the JDK, people will probably be able to strip the protection out...  :-(

So I wouldn't stress about it for too long...
0
 

Expert Comment

by:hunor_nam
ID: 11951013
What kind of app is it? Can't you include in the hash some user specific data?
What I mean is that for an accounting application (for example), you could include the registration number of the company (which usually appears on reports and other stuff - so another company will NOT work with the same one)
If not... you could include the computer name and the "registered to" name (windows)... but all of this is changeable...
The only remaining option is (as stated above) the HDD serial number and/or the MAC address... but what happens when he changes hardware? You reissue...
But then as well maybe he does not, and just applies for reissue, with his "friends" data :) So you are mostly stuck. The best would be to have server communication... but I don't know if that pays off...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Viewers learn about the “while” loop and how to utilize it correctly in Java. Additionally, viewers begin exploring how to include conditional statements within a while loop and avoid an endless loop. Define While Loop: Basic Example: Explanatio…
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question