Offline activation via phone or simple stringAnswered

We have several customers that are required to run our software in closed environments where getting a simple XML file out to the outside world is very difficult. Our current homebrew licensing scheme allows them to generate a simple 80 character string of alphanumerics. They can then write this string down on a piece of paper or call us on the phone and relay the information which we then use to generate a registration file. The registration file is then able to be brought into the closed environment. Does LimeLM support such an activation method. I searched the forums and found an answer from a few years ago (no it does not), but I was hoping things may have changed. Thanks.

The information that needs to be communicated (the encrypted & hashed computer-fingerprint and associated data) from the user and the information that needs to be communicated back (the cryptographically-signed fingerprint and associated data) is around 1Kb of data each way.

Not huge, but far too large to be accurately communicated via-voice over phone lines of varying quality.

Hence the option of offline activation. If a customer is *truly* without communication to the civilized world (which is really, really rare -- rarer than customers claim) they can send and receive tiny text files.

If this is an information security thing you can link your privacy policies to ours:

Privacy Policy: https://wyday.com/privacy.php

wyDay Data Processing Agreement: https://wyday.com/dpa/

A final option would be to install and activate a TurboFloat Server instance on a piece of hardware (server, laptop, Raspberry pi, or any other device that meets the requirements) and that piece of hardware can run on their closed network: https://wyday.com/limelm/help/turbofloat-server/

Thanks for the reply. It's very difficult for them to get the information out but not impossible, so I think we can still move forward.

I am also experiencing the same issue (multiple customers working in classified spaces, unable to remove electronic files). I've found that our customers can declassify a printout of the activation request for offline activations. However, we consistently run into font recognition issues when attempting to pass the scanned document through OCR software. Oftentimes I am forced to attempt to resolve the conflicts by hand until the activation request is accepted. Is there any way to limit characters when generating the activation request (i.e. don't include “1”, “L/l”, “O/o”, or “0”)?

Answer

No, the activation data isn't meant to be read over the phone or printed / scanned.

If they can print / send / fax the data then they can also send the data in a text file.

The XML files are just text files, but if they don't understand computers, they can copy and paste from the XML file to a text file.

I think the issue is that users are in an air gapped environment. See Air gap (networking) - Wikipedia

Usually this also means you cannot take data out or in via electronic means (CD/network/floppy/whatever). Seems odd, but these environments are very real. Printing the xml file is a hacky workaround but seems to work.

 I think the defaults that you have chosen make a lot of sense for open environments, but it would alleviate a lot of problems if we could set the size of the encrypted & hashed computer-fingerprint and associated data at the API level. $0.02