I have recently developed an app that I plan to sell to small businesses. I do not have a huge backing of cash so I am unwilling to purchase a commerical application that would protect my software against theft.
My current plan is the following:
- I include a public key (pgp) or a literal code inside of the app.
- User purchases software off of website providing certain information.
- The site calls a function which creates a product key. This key is emailed/shown to the user after purchase.
- After the user downloads the product, they will have to enter some information along with the provided product key to attempt activation.
- The application contacts a web service at our hosting location. It uses encryption along with other information to create an activation code which is sent back to the application.
- In the future the application will check periodically with the web service to determine if it is authorized.
- Somehow I would like to update the pgp/code during software update so I would possibly need a function that would decrypt the information, update the license, re-encryption, and then update the service database.
So I wonder:
- Is this the correct way to do this or is it obsolete now?
- What is the best way to generate unique product keys?
- Is there a way to keep the public/private keys completely off of the client's PC?
- Is there a good way to detect an illegal license? I plan on only offering site wide licenses so I just need to detect the evil little bit torrent/irc people.
Thank you in advance for your help. It is greatly appreciate it.
Menu
