Re: Want to Protect my Software - Recommendations?

Hi Regina,

I've noticed there is not a lot of quality reading out there on the
topic, so what little I know is from reverse engineering of binaries
to see how they work and reading patent claims.

I want to protect my software such that upon invocation of installer,
it sends to my web site some hash of the customer's PC hardware
configuration
It seems the trend is towards truncated hashing. The truncation adds
hardware anonymity to the process. Truncated hashing is what Microsoft
uses in WPA. Adobe uses a Macrovision product, which in the past,
simply uses a hard drive serial number from a DeviceIoControl from a
custom driver. I've also noticed the Macrovision driver has gone
through a couple of revisions due to security vulnerabilities. N.B.:
Adobe does not update the driver they install, so they leave the hole
on your system. From Updating the Macrovision SECDRV.SYS Driver [1]:
"This driver update also addresses new public reports of a
vulnerability in the secdrv.sys driver on supported editions of
Windows Server 2003 and Windows XP..."

then in my web server a script will generate a matching
"unlock" key that will let the installer proceed and send it back to
the user (via HTTP).
This is typically done with a signature mechanism. If the server is
satisfied, it will sign a SUCCESS message and return it to the client.
If the validation fails at the server, the server signs a message
indicating FAIL.

Since I am still operating on a shoe string budget...
Ooops... Microsoft owns the intellectual property on the truncated
hashing gear - USP 6,243,468, "Software Anti-piracy System that Adapts
to Hardware Upgrades". In Europe, the patent is EP1452940.

For the product key stuff, the landscape is full of land mines. The
patent that sticks out with respect to product keys is that of Jason
DeMontt, USP 6,173,403, "Method and Apparatus for Distributing
Information Products".

I don't recall patents on signatures to validate an installation. If
you dig deep enough, you'll probably find something on the subject.

If you've got something working, hopefully it will not be claimed by a
troll. The trolls don't license their technologies - they wait for a
perceived violation and then litigate for damages. I recently read
that companies such as Google, Verizon, and HP are forming their own
coop to pool IP resources [2].

without having to be bound by the GPL license ...
Probably not what you were hoping for...

Jeff

[1] http://www.macrovision.com/promolanding/7352.htm
[2] http://valleywag.com/5020978/google-hp-and-others-form-league-of-extraordinary-patent-holders

On Aug 11, 1:57 pm, holtz.reg...@xxxxxxxxxxxxxx wrote:
Hi All,

I want to protect my software such that upon invocation of installer,
it sends to my web site some hash of the customer's PC hardware
configuration, then in my web server a script will generate a matching
"unlock" key that will let the installer proceed and send it back to
the user (via HTTP).

I am not a cryptologist but my initial thoughts about implementing the
above were that I am basically looking for a function (C/C++) that
knows how to do asymmetric encryption/decryption.

(it seems like a symmetric encrypt/decrypt function would do, too, if
I send the hardware configuration representation clear text, then
generate an encrypted version of it that would serve as the unlocking
key, but then once the encryption function is known, all such keys are
broken...)

Since I am still operating on a shoe string budget, I am looking for
such a function (or library) that I can include in my code, without
having to be bound by the GPL license (having to publish my entire
software's source code just because I used GPG).

Can you recommend a public-domain (or LGPL) library/function that can
help me implement the above?

Thanks,
Regina
.

Relevant Pages

  • Re: 2008 SBS no longer boots
    ... driver issue initially, the fact that it seems to happen randomly now ... weird with a hardware problem that consistently doesn't get through boot ... other customer, even a 2 week old one, the problem immediately returned. ... There was a time when a server was fired up with a specialized OS and had a battery of tests run against each component to purposefully stress it. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2008 SBS no longer boots
    ... Intel raid card for Server 2003. ... install with one raid driver, or with the other raid driver. ... Any thermal issues and a lot of other hardware problems should show up ... other customer, even a 2 week old one, the problem immediately returned. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2008 SBS no longer boots
    ... Any thermal issues and a lot of other hardware problems should show up ... Happen to know a tool to determine driver load order by just having the ... other customer, even a 2 week old one, the problem immediately returned. ... There was a time when a server (even one that had been "burned ...
    (microsoft.public.windows.server.sbs)
  • Re: 2008 SBS no longer boots
    ... Windows *does* write to a log, however, during a safe-mode boot what driver it is attempting to load. ... Any thermal issues and a lot of other hardware problems should show up ... other customer, even a 2 week old one, the problem immediately returned. ... There was a time when a server (even one that had been "burned ...
    (microsoft.public.windows.server.sbs)
  • Re: 2008 SBS no longer boots
    ... driver issue initially, the fact that it seems to happen randomly now ... Hardware tests don't turn up anything, SBS 2008 CD boots fine, running ... other customer, even a 2 week old one, the problem immediately returned. ... can provide clean power to the server and resolve the issue. ...
    (microsoft.public.windows.server.sbs)