How to protect an application with a serial generator using the client / server way

Hello everybody,

I want to distribute an application created by me on the web. It is a rared file. There are no executables that can be launched inside it. I do not want that everyone can open this file. Instead,I would personally assign a serial key for each copy that is downloaded and I also want the keys turned off once they are used. Can you give some ideas about how to create the whole thing ? Thanks.
LVL 2
marietto2008Asked:
Who is Participating?
 
CSecurityConnect With a Mentor Commented:
So it's executable, you shouldn't call it it's not an executable.

Simply create a RSA key pair for example or implement Diffie Helman challenge-response schema. Then generate encryption key for each session.

When user enters a serial, you connect to your server, do the challange-response and generate an encrypted session key, encrypted user's serial with session key, send it to server, server verifies serial, sends encrypted response to client, client shows response and decides about user.

It would be most secure authentication schema. You should also encrypt/obfuscate your authenticate code in order to make reversing impossible or at least so hard.
0
 
CSecurityCommented:
If it's not an executable, how you want to execute codes and decide to let user use it or not?

Only option you have is encrypting the file and giving password to only registered/paid users. No more option is available. But user can distrubte extracted file, as it is not executable file.

If it's audio/video etc. you can try keeping them on your web server and having an encrypted media player, althought they are also recordable by users.

You can have maximum protection by embedding your file into an executable and Only allowing access to your content/file using by executable file.

That's all
0
 
marietto2008Author Commented:
it's a Linux distribution created by me. For example the Redhat Linux Server can be activated only with a code and the old codes are blacklisted. How can I do it ? How can I setup a server to authenticate codes ? Codes could be the cryptographic keys ?
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
marietto2008Author Commented:
I'm a totally newbie about that. Do you have a tutorial that explain to me step by step what to do ? Thanks.
0
 
CSecurityCommented:
Diffe-Helman key exchange:
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

You need to google it, but I should tell you, it's not something easy. It's better for you to hire a freelancer from RentACoder.com to do it for you.
0
 
CSecurityCommented:
There is too much thing to do,

Encryption algorithm
Encryption schema
Protecting application from being reversed (anti-dump, anti-debug, etc.)
Code to deploy all features

And it seems you need these features all in Linux and I think it should be written in C/C++.

So it's challenging, as I said, it's better to hire someone
0
 
marietto2008Author Commented:
ok
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.