An Insight on Software License Management.
Do you think that your company is overspending on software? Well, almost every company is faced with budget constraints.
Do you think that your company is overspending on software? Well, almost every company is faced with budget constraints. There are only few that recognize how much amount they have tied up in software license and how much they can save with the aid of strategic software license management. License management software gives you full control over your licensing. Effective management of generated product keys is one of the most significant aspects of license management. Generating license keys for software applications in a secure way is truly a perplexing task. There are certain criteria which the generated license keys should meet and they are as follows:
- Even if the malicious party has full access to the product logic, only the software developer would be able to generate the license keys. It is not recommended to obfuscate the license key generation algorithm inside a product and expect that no one is going to find it. Hiding encryption/decryption key inside executable is also a bad practice. It is advisable to utilize public key cryptography in order to generate digitally signed license keys. Product keys are known to be digitally signed using a private key. Utilizing the corresponding public key, the product can verify the digital signature.
However this task is very challenging because most of the usual public key cryptography algorithms have large signatures which cannot be embedded inside the generated product keys. For example, the RSA 512 algorithm uses 1024-bit signatures, which would make product keys very long, with hunderds of characters, which is unacceptable. The problem of signature size can be solved by using asymmetric elliptic curve cryptography, which uses much shorter keys to achieve the same strength as RSA. This way you can generate short, secure license keys with acceptable size.
- Each product key should work on a single computer. This task is accomplished via software activation technologies. Technically, software activation involves generating signed activation data for each computer using an activation web service. The activation data is a signed message containing the unique hardware id of the computer and the message signature. Activation validation involves validating the digital signatures of the activation data using the public key embedded into the product, and then verifying that the embedded hardware id corresponds to the computer's calculated hardware id. Note that activation validation cand be done completely offline and does not involve communicating to a web service.
- The generated product keys should be short and easy to type or dictate. Characters that have some resemblance between them, like "l" and "1", or "0" and "O", should not be used in encoding license keys. The characters used to encode license keys should not be case sensitive.
A licensing library that can accomplish all of the goals of secure license management is SoftActivate Licensing SDK. This licensing library supports license key generation and validation, product activation and comes with full C#/.NET and C++ source code. You can find more about this license management software at relevant web sources.
Do you think that your company is overspending on software? Well, almost every company is faced with budget constraints. There are only few that recognize how much amount they have tied up in software license and how much they can save with the aid of strategic software license management. License management software gives you full control over your licensing. Effective management of generated product keys is one of the most significant aspects of license management. Generating license keys for software applications in a secure way is truly a perplexing task. There are certain criteria which the generated license keys should meet and they are as follows:
- Even if the malicious party has full access to the product logic, only the software developer would be able to generate the license keys. It is not recommended to obfuscate the license key generation algorithm inside a product and expect that no one is going to find it. Hiding encryption/decryption key inside executable is also a bad practice. It is advisable to utilize public key cryptography in order to generate digitally signed license keys. Product keys are known to be digitally signed using a private key. Utilizing the corresponding public key, the product can verify the digital signature.
However this task is very challenging because most of the usual public key cryptography algorithms have large signatures which cannot be embedded inside the generated product keys. For example, the RSA 512 algorithm uses 1024-bit signatures, which would make product keys very long, with hunderds of characters, which is unacceptable. The problem of signature size can be solved by using asymmetric elliptic curve cryptography, which uses much shorter keys to achieve the same strength as RSA. This way you can generate short, secure license keys with acceptable size.
- Each product key should work on a single computer. This task is accomplished via software activation technologies. Technically, software activation involves generating signed activation data for each computer using an activation web service. The activation data is a signed message containing the unique hardware id of the computer and the message signature. Activation validation involves validating the digital signatures of the activation data using the public key embedded into the product, and then verifying that the embedded hardware id corresponds to the computer's calculated hardware id. Note that activation validation cand be done completely offline and does not involve communicating to a web service.
- The generated product keys should be short and easy to type or dictate. Characters that have some resemblance between them, like "l" and "1", or "0" and "O", should not be used in encoding license keys. The characters used to encode license keys should not be case sensitive.
A licensing library that can accomplish all of the goals of secure license management is SoftActivate Licensing SDK. This licensing library supports license key generation and validation, product activation and comes with full C#/.NET and C++ source code. You can find more about this license management software at relevant web sources.
About the Author
 |
Sever Stavaru Sever Stavaru is the author of this article on License key generation. Find more information on License management software here |
Comments
No comments yet! Be the first: