Re: Want to Protect my Software - Recommendations?



Hi Regina,

I only implement the copy "protection" for my own software, not
for reselling the copy protection solution. Why should I be concerned
with patents?
I was just pointing out common methods (Product Keys/Product
Activation) and semi-anonymous hardware signatures for identifying
unique installations (truncated hashing).

Why should I be concerned with patents?
That's a decision you have to make.

Jeff

On Aug 13, 10:59 am, holtz.reg...@xxxxxxxxxxxxxx wrote:
Jeff, I only implement the copy "protection" for my own software, not
for reselling the copy protection solution. Why should I be concerned
with patents? I am not going to compete with Microsoft or any other
evil empire. Can you explain?

Thanks,
Regina

On Aug 11, 4:04 pm, Jeffrey Walton <noloa...@xxxxxxxxx> wrote:

Hi Regina,

I've noticed there is not a lot of quality reading out there on the
topic, so what little I know is from reverse engineering of binaries
to see how they work and reading patent claims.

I want to protect my software such that upon invocation of installer,
it sends to my web site some hash of the customer's PC hardware
configuration

It seems the trend is towards truncated hashing. The truncation adds
hardware anonymity to the process. Truncated hashing is what Microsoft
uses in WPA. Adobe uses a Macrovision product, which in the past,
simply uses a hard drive serial number from a DeviceIoControl from a
custom driver. I've also noticed the Macrovision driver has gone
through a couple of revisions due to security vulnerabilities. N.B.:
Adobe does not update the driver they install, so they leave the hole
on your system. From Updating the Macrovision SECDRV.SYS Driver [1]:
"This driver update also addresses new public reports of a
vulnerability in the secdrv.sys driver on supported editions of
Windows Server 2003 and Windows XP..."

then in my web server a script will generate a matching
"unlock" key that will let the installer proceed and send it back to
the user (via HTTP).

This is typically done with a signature mechanism. If the server is
satisfied, it will sign a SUCCESS message and return it to the client.
If the validation fails at the server, the server signs a message
indicating FAIL.

Since I am still operating on a shoe string budget...

Ooops... Microsoft owns the intellectual property on the truncated
hashing gear - USP 6,243,468, "Software Anti-piracy System that Adapts
to Hardware Upgrades". In Europe, the patent is EP1452940.

For the product key stuff, the landscape is full of land mines. The
patent that sticks out with respect to product keys is that of Jason
DeMontt, USP 6,173,403, "Method and Apparatus for Distributing
Information Products".

I don't recall patents on signatures to validate an installation. If
you dig deep enough, you'll probably find something on the subject.

If you've got something working, hopefully it will not be claimed by a
troll. The trolls don't license their technologies - they wait for a
perceived violation and then litigate for damages. I recently read
that companies such as Google, Verizon, and HP are forming their own
coop to pool IP resources [2].

without having to be bound by the GPL license ...

Probably not what you were hoping for...

Jeff

[1]http://www.macrovision.com/promolanding/7352.htm
[2]http://valleywag.com/5020978/google-hp-and-others-form-league-of-extr...

[SNIP]
.