pclarkeirl
asked on
Software Licencing on AS/400
Hi ,
I am currently developing software which I would like to be able to licence to various companies. This is been developed on an IBM AS/400 V5R2 operating system. The software in question is bar-code scanning software and will run on bar-code scanners using 5250 emulation. It is been developed using RPG/400. I would like the ability to be able to supply software which would be licenced to a company for a specific period of time and/or for a max number of users. The type of control that I am trying to achieve is as follows:
1. If the max users were exceeded on any given day then the additional users would be prevented from using the software
2. A warning message would be displayed n days prior to expiry. If the expiry date of the software licence has been exceeded then the users would be prevented from using the software from that date forward.
3. Upon renewal of software licence the user would key in a password and the application would again become available.
4. Some form of encryption would prevent the user from bypassing the security.
I have heard that GENLICKEY is available as part of SM-1 however the AS/400 I am developing on does not have SM-1 installed.
Is there any other avenue open to me to achieve the above. If so could you please point me in the right direction. The solution should be enough to encourage users to renew the licence upon expiry but it does not have to be completely crack proof. (if there is such a thing!!)
Appreciate any help I can get on this subject
Regards
Pat Clarke
I am currently developing software which I would like to be able to licence to various companies. This is been developed on an IBM AS/400 V5R2 operating system. The software in question is bar-code scanning software and will run on bar-code scanners using 5250 emulation. It is been developed using RPG/400. I would like the ability to be able to supply software which would be licenced to a company for a specific period of time and/or for a max number of users. The type of control that I am trying to achieve is as follows:
1. If the max users were exceeded on any given day then the additional users would be prevented from using the software
2. A warning message would be displayed n days prior to expiry. If the expiry date of the software licence has been exceeded then the users would be prevented from using the software from that date forward.
3. Upon renewal of software licence the user would key in a password and the application would again become available.
4. Some form of encryption would prevent the user from bypassing the security.
I have heard that GENLICKEY is available as part of SM-1 however the AS/400 I am developing on does not have SM-1 installed.
Is there any other avenue open to me to achieve the above. If so could you please point me in the right direction. The solution should be enough to encourage users to renew the licence upon expiry but it does not have to be completely crack proof. (if there is such a thing!!)
Appreciate any help I can get on this subject
Regards
Pat Clarke
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Murphy
Encryption can be broken like you have said. When I want big security I put in a two byte offset field that is split (say byte 1 at position 15 and byte 2 at position 7). These two fields are first decrypted against the standard encrypted table. These then point to an array element that populated the actual encrypted data. I also put random characters that are inserted into the key at specific points.
The resulting encryption is virtually impossible to hack as there is no consistency between any keys. The only way to do it is de-compile the program and check out the logic.
When you sell to some one you will have a supplier table – I hold the encryption key used on this table.
Again it is how secure you want it to be and how much effort you want to put in.
Encryption can be broken like you have said. When I want big security I put in a two byte offset field that is split (say byte 1 at position 15 and byte 2 at position 7). These two fields are first decrypted against the standard encrypted table. These then point to an array element that populated the actual encrypted data. I also put random characters that are inserted into the key at specific points.
The resulting encryption is virtually impossible to hack as there is no consistency between any keys. The only way to do it is de-compile the program and check out the logic.
When you sell to some one you will have a supplier table – I hold the encryption key used on this table.
Again it is how secure you want it to be and how much effort you want to put in.
ASKER
Hi Dave,Murphy,
thanks to both of you for some great information. It has certainly given me the start that I needed to develop a licence key system. I can see also that I could if necessary incorporate a Max users value into the same concept. I might come back to you further down the line if I hit any problems.
all the best
Pat
thanks to both of you for some great information. It has certainly given me the start that I needed to develop a licence key system. I can see also that I could if necessary incorporate a Max users value into the same concept. I might come back to you further down the line if I hit any problems.
all the best
Pat
Real encryption is not only changing the characters to other characters by replace them on character value, but also on place in the string.
In Daves example is the result of the key : S4412SS89020041201 => 9rrqw99iopwpprqwpq
same character resultate in the same replacement.
By using the same encription string as Daves example and some simple extra encription, the result of the same input will be:
S4412SS89020041201 => 2Yutu65XaDbghaXa0s
This is a very simple example, you probably solve this encription within minutes, but you can make it as complex as you can think of.
But encrypting isn't always what you want, the more encryption you put in, the more dificult it will be by trouble shooting and support.