I also have something similar. Actually my software need the customer to connect to my SMS Server to send there SMS messages. So I have better control over the installations. Nevertheless I have A security system for copy protection in place.
I used a combination between GUIDs and encryption. When the client part of the application is installed a hidden key is generated. This I store in multiple places as hidden values. (several places in the registry encrypted using different encryption keys and key names) So when ever the program is started, I look in to these places and make sure that My key is still intact and its a valid key. At the time of registration user needs to provide me with that key. Which I would take and add some of my own data and generate a Confirmation Key. The users gets the Confirmation key which he has to submit to the application. And the program does the same calculation I did in the server and make sure that generated Confirmation key Is generated by our server application. Then I use a key derived from the original key to encrypt my transmission too. (added Advantage) HTH cheers Kuminda Chandimith Sr. Technical Consultant Ducont.com FZ-LLC Tel: + 971-4-3913000 Ext 237 Fax: +971-4-3913001 http://www.ducont.com -----Original Message----- From: Michael Elfial [mailto:[EMAIL PROTECTED]] Sent: 15 August 2002 15:37 To: ActiveServerPages Subject: RE: Key Generation I'll just continue the story :) Yes one of the ways is to find a sowftware that does this. Even if it is not appropriate for ASP - you can do something to automate the work. If you choose to create your own generator and serial numbers ordering is NOT important: Then you can get some info for the user's machine. As Stephen said bios number or if you think this is better the disk se4rial number. What is better is hard to say - during some periods users change their motherboards more frequently tan the hard drives. So this is a long long conversation and I doubt there is a perfect answer. But, ok, after that you can use some hashing algorithm (MD5 or whatever you want - just select something more complex than a file checksum ;)). And generate hash over the PC info combined with some user data (name, address ...). you can combine some more data in the hashed string in order to make it hard to broke. This will be good enough and components can be found easilly - some of them free. Of course you will need to take care to implement key checking in the application too. Thus choose something that will be easy to use at the both ends. If you want ordering it becomes difficult. I have something but in very raw form - good for me but I doubt I'll be able to prepare it for the others and I have tools only for C++ - it will take a lot of time to prepare such thing for VB/ASP for example. And there is another problem - computer information is not included in this of key generation. It is impossible to keep track of the numbers by index and generate them on PCs info or at least this is not so easy. I hope the above way will be better and one suggestion from me - spare some time but do it yourself. Using a standard protection component/tool will open your app for the hackers sooner :). Michael -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 8:00 PM To: ActiveServerPages Subject: RE: Key Generation For such a scenario, you may want to use something they provide you as the seed (for instance, name). This way, you build an algorithm that checks the serial number entered against what it should be based on the name (for example). On your site, you use the same algorithm to produce the serial number. The algoritm can be something simple (say, modulus division of the ASCII character codes of the 2,4,6,8,10, and 12th character entered in the name. We use a product call Remote Anything! That builds its key based on the computer BIOS (thus locking the software to a specific machine). Basically, you submit a bios key to the company and they send you the serial number generated by that key. -Stephen -----Original Message----- From: Zaid Abdur-Rahman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 9:56 AM To: ActiveServerPages Subject: Re: Key Generation I need to go with your general keys or serial numbers suggestion. Here is what I am attempting to do. One a customer places an order for the software a serial number is generated and given to the customer. Upon installation of the software the customer needs to input that serial number which will then be verified, online. Thanks ----- Original Message ----- From: "Michael Elfial" <[EMAIL PROTECTED]> To: "ActiveServerPages" <[EMAIL PROTECTED]> Sent: Wednesday, August 14, 2002 7:00 AM Subject: RE: Key Generation > Hi, > > I saw the GUIDs suggestion - it is the only easy way. In general keys > or serial numbers are something more complex. There are several > requirements they should met. One of them is ordering - you need to > have a function that > will accept an integer parameter and will output the corresponding > key. This is required for software protection because you need also to > track the > clients. Also the function should accept parameters attached to a file > and so on ok if your questions is in this direction - tell me if not - > use GUIDs they > should > be enough. > > Michael > > -----Original Message----- > From: Zaid Abdur-Rahman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 14, 2002 12:47 AM > To: ActiveServerPages > Subject: Key Generation > > > Hello All, > > Is there a common way of generating unique keys, as in a CD Key? > > Thanks > > Zaid Abdur-Rahman > [EMAIL PROTECTED] > > > --- > You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > %%email.unsub%% > > > --- > You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] > To unsubscribe send a blank email to %%email.unsub%% --- You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --- You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --- You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --- You are currently subscribed to activeserverpages as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
