ba272
asked on
Need an encryption method
I am in need of a mathematical approach which would create unique "keys" to prevent piracy of my software. The inputs could be the customer's name, address and start and end dates of the license period. Acceptable digits would be 0..9, A..Z. I would like an approach which will allow me to put this unique customer information into my C# conversion program, so that it could produce a password, such as "13243-K32K2-09088".
Sample Inputs:
Customer: "Frank A. Smith"
Address: "105 Washington St., Vienna, VA"
License period: "5/29/2005 - 5/29/2006"
But I need to be able to convert the password back to the customer information. Does anyone have any idea how to do this?
Thanks.
Sample Inputs:
Customer: "Frank A. Smith"
Address: "105 Washington St., Vienna, VA"
License period: "5/29/2005 - 5/29/2006"
But I need to be able to convert the password back to the customer information. Does anyone have any idea how to do this?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you use a web based approach it is also easy to bypass the code. In fact, any code that checks for a "key" is easy to bypass.
The only way to protect your software is to NEVER give it to the customer.
Rather than keep a key off the customer's site, your should keep a key class in your software. This must be an essential class and your should only expose its interface via a web service. That way anyone using your software will need to access your web service. Now this brings a whole host of new problems related to performance and reliability to the table that can cost a significant amount to overcome. If you don't do this right the customer will think your software to be of poor quality.
Bottom line - it costs a lot to protect software from piracy. Often no protection and a good contract and relationship with your customers is the most economical solution.
Answer these questions:
How big is your market?
How much do you trust your customers?
How much do you stand to really miss out on due to piracy?
And this one:
How much will it cost to really protect your software?
This is why most software uses a basic "keep the honest people honest" that is easily hacked.
The only way to protect your software is to NEVER give it to the customer.
Rather than keep a key off the customer's site, your should keep a key class in your software. This must be an essential class and your should only expose its interface via a web service. That way anyone using your software will need to access your web service. Now this brings a whole host of new problems related to performance and reliability to the table that can cost a significant amount to overcome. If you don't do this right the customer will think your software to be of poor quality.
Bottom line - it costs a lot to protect software from piracy. Often no protection and a good contract and relationship with your customers is the most economical solution.
Answer these questions:
How big is your market?
How much do you trust your customers?
How much do you stand to really miss out on due to piracy?
And this one:
How much will it cost to really protect your software?
This is why most software uses a basic "keep the honest people honest" that is easily hacked.
ASKER
How big is your market? Answer: Huge
How much do you trust your customers? Answer: not at all
How much do you stand to really miss out on due to piracy? Answer: we stand to lose our core business
How about this as something to shoot for?
A security class in my program, with a private interface. That class will communicate with my web service, but only when business is slow and there's plenty of processor available to me. The class could pass secret information, like the restaurant's address, to the web service and get some form of an authentication key in return. But here's where I am lost about what gets passed back from the web service and how it's used.
But this solution involves mapping, so if I can enforce the use of an address in mapping lookups, and send that address to the web service, wouldn't that help in some way?
Thanks,
Bob
How much do you trust your customers? Answer: not at all
How much do you stand to really miss out on due to piracy? Answer: we stand to lose our core business
How about this as something to shoot for?
A security class in my program, with a private interface. That class will communicate with my web service, but only when business is slow and there's plenty of processor available to me. The class could pass secret information, like the restaurant's address, to the web service and get some form of an authentication key in return. But here's where I am lost about what gets passed back from the web service and how it's used.
But this solution involves mapping, so if I can enforce the use of an address in mapping lookups, and send that address to the web service, wouldn't that help in some way?
Thanks,
Bob
You could pass back
a) a module (a core dll) that your system needs to run
or
b) the finished product of a data processing algorithm
As for (a): Any thing that eventually runs on the customer CPU can be snapshotted and written to disk. Basically, if it runs on my CPU and sits in my RAM, I can copy it and run it elsewhere.
The only way to protect software is to keep it at your site. The ASP buisiness model does this nicely. Option (b) is sort of an "ASP lite" - all the software runs on the client's system, except for a key function, like sales tax calculations.
Either way, you need a good data center with guaranteed 24/7 uptime and a low latency network connection to each client.
If your customers are restaurants as indicated above, then you can probably go with a basic key scheme like mentioned above. Their level of IT sophistication is relatively low and piracy will be a minor problem if you implement any kind of protection.
a) a module (a core dll) that your system needs to run
or
b) the finished product of a data processing algorithm
As for (a): Any thing that eventually runs on the customer CPU can be snapshotted and written to disk. Basically, if it runs on my CPU and sits in my RAM, I can copy it and run it elsewhere.
The only way to protect software is to keep it at your site. The ASP buisiness model does this nicely. Option (b) is sort of an "ASP lite" - all the software runs on the client's system, except for a key function, like sales tax calculations.
Either way, you need a good data center with guaranteed 24/7 uptime and a low latency network connection to each client.
If your customers are restaurants as indicated above, then you can probably go with a basic key scheme like mentioned above. Their level of IT sophistication is relatively low and piracy will be a minor problem if you implement any kind of protection.
ASKER
Thanks for the help. You gave me a pretty quick lesson in stopping pirates.
Thanks.
Thanks.
ASKER
What you said about the ease with which this can be bypassed worries me, so I am considering a web based authentication to augment the algorithmic approach. For example, I could program into my application a periodic check-in to a web service I could create. Would that code also easy to bypass? How do you see a web service working along with an encryption algorithm? I also expect to be able to access the systems of paying customers, so theoritically I could deposit a new key on their system periodically. So I have lots of options. Which ones do you think would give the best protection?
Thanks for the advice.