Software Licencing on AS/400

Hi ,
I am currently developing software which I would like to be able to licence to various companies. This is been developed on an IBM AS/400 V5R2 operating system.  The software in question is bar-code scanning software and will run on bar-code scanners using 5250 emulation. It is been developed using RPG/400. I would like the ability to be able to supply software which would be licenced to a company for a specific period of time and/or for a max number of users. The type of control that I am trying to achieve is as follows:

1. If the max users were exceeded on any given day then the additional users would be prevented from using the software

2. A warning message would be displayed n days prior to expiry. If the expiry date of the software licence has been exceeded then the users would be prevented from using the software from that date forward.

3. Upon renewal of software licence the user would key in a password and the application would again become available.
4. Some form of encryption would prevent the user from bypassing the security.
I have heard that GENLICKEY is available as part of SM-1 however the AS/400 I am developing on does not have SM-1 installed.

Is there any other avenue open to me to achieve the above.  If so could you please point me in the right direction. The solution should be enough to encourage users to renew the licence upon expiry but it does not have to be completely crack proof. (if there is such a thing!!)
Appreciate any help I can get on this subject
Pat Clarke
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MurpheyApplication ConsultantCommented:
Hi  pclarkeirl,

I'm not sure, but developing software for limmed number of concurent users is very rare on the AS/400.
Normally the licence fee is calculated related to the machine model DSPSYSVAL SYSVAL(QMODEL)
The security you can arrange by the serial number DSPSYSVAL SYSVAL(QSRLNBR)  

We created some software a while ago that calculate a licence end date. I dont remember exactly, but as follows.

If the licence is ended or almost ended.
   The check was build in 3 diferent parts:

A function is  Generating a key and pop-up a screen with:
 - Model number
 - Serial number
 - Licence key
      This key was calculated from the last part of a timestamp (seconds and miliseconds) , modelnumber and serial number (numeric part only)

To get a new key the user have to supplie you with the Model Nbr, Serial Number and the key.

Now you enter this key and a new key will be generated by
   putting the new date model number and serial number in a string and add this to the old licence key.


Model : 820
Serilal : 123456B
Timestamp :  2004-10-26-17-22-35-123456

820 * 123456 = 101233920 + 35123456 = 136357376
 so the Generated key = 136 357 376  or 0001-3635-7376

This key entered in your system + the Model and serial number will generate a new key
Model + serial + new_licensedate:   82012345 + 20051231 = 102063576
  102063576 + 136357376  <= customers generated key:

Your licence key = 238-420-952
At customer site: 238420952 - 136357376 = 102063576 - 82012345 = 20053112 New Licence date.

Because every time the customer starts his application, his key is diferent, so your key is diferent.
because the Serila and Model is included, the key can not be used on other machines.

I didn't mention some little details, because this is more or less qualified information,
but you can add some extra values to the key's.

The new date can be stored in a binary or packed field in a normal date format or in a calculated date format
eg. xxx days after a specific date  
Store 2130 to indicate 2004-10-31 this day is 2130 days after 2000-01-01


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
First you must make up a key. This must include the following:

Serial Number (7 bytes)
Model (3 bytes)
Expiry Date (8 bytes)

Total length = 18 bytes this could be stored in a data area

Next to encrypt it.

What I would do is create Cross Reference constants in the program.

ENCRYPTED = ‘mNbvcXZasDFghJKL0192837465qWertYuiOp”

Then when reading the password use offsets to move round the encrypted string so that the same characters have different values

And remember to compile with an option that do not allow source to be viewed.

Here is a simple program to do the job

d Input           s             37    Inz(                                
d                                     'ABCDEFGHIJKLMNOPQRSTUVWEXY-        
d                                      1234567890')                      
d Encry           s             37    Inz(                                
d                                     'mNbvcXZasDFghJKL0192837465-        
d                                      qWertYuiOp')                      
dI1               s             10i 0                                    
dI2               s             10i 0                                    
dI3               s             10i 0 Inz(%size(Key))                    
dI4               s             10i 0 Inz(%size(Input))                  
D Key             DS                                                      
DQserial                         7    Inz('S4412SS')                      
DQModel                          3    Inz('890')                          
DDate                            8    inz('20041201')                    
D EnKey           s                   Like(Key)                          
D Keyz            s                   Like(Key)                          
c                   For       I1 = 1 to I3                                    
c                   Eval      I2 = %scan(%subst(Key : I1 : 1) : Input)        
c                                  + I1                                        
c                   If        I2 > I4                                          
c                   eval      i2 = i2 - i4                                    
c                   endif                                                      
c                   eval      %subst(enKey:i1:1) = %subst(Encry:i2:1)          
c                   EndFor                                                    
 ** decript                                                                    
c                   For       I1 = 1 to I3                                    
c                   Eval      I2 = %scan(%subst(EnKey : I1 : 1) : Encry)      
c                                  - I1                                        
c                   If        I2 < 1                                          
c                   eval      i2 = i2 + i4                                    
c                   endif                                                      
c                   eval      %subst(Keyz:i1:1) = %subst(Input:i2:1)          
c                   EndFor                                                    
c                   seton                                        lr            

MurpheyApplication ConsultantCommented:
Hi  Dave, pclarkeirl,

Real encryption is not only changing the characters to other characters by replace them on character value, but also on place in the string.

In Daves example is the result of the key : S4412SS89020041201 => 9rrqw99iopwpprqwpq
same character resultate in the same replacement.

By using the same encription string as Daves example and some simple extra encription, the result of the same input will be:
S4412SS89020041201 => 2Yutu65XaDbghaXa0s

This is a very simple example, you probably solve this encription within minutes, but you can make it as complex as you can think of.

But encrypting isn't always what you want, the more encryption you put in, the more dificult it will be by trouble shooting and support.
Hi Murphy
Encryption can be broken like you have said. When I want big security I put in a two byte offset field that is split (say byte 1 at position 15 and byte 2 at position 7). These two fields are first decrypted against the standard encrypted table. These then point to an array element that populated the actual encrypted data. I also put random characters that are inserted into the key at specific points.

The resulting encryption is virtually impossible to hack as there is no consistency between any keys. The only way to do it is de-compile the program and check out the logic.

When you sell to some one you will have a supplier table – I hold the encryption key used on this table.

Again it is how secure you want it to be and how much effort you want to put in.
pclarkeirlAuthor Commented:
Hi Dave,Murphy,
thanks to both of you for some great information. It has certainly given me the start that I needed to develop a licence key system. I can see also that I could if necessary incorporate a Max users value into the same concept. I might come back to you further down the line if I hit any problems.

all the best

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IBM System i

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.