LimeLM
wyBuild
Support forum
wyDay blog
wyDay Home

What is hardware-locked licensing and why choose LimeLM?

This article is going to explain what software licensing is, the types of licensing, and why the “hardware-locked” type of licensing will earn you the most money. Finally, I'll cover why LimeLM is the best hardware-locked licensing solution on the market by showing how it works and what we do to uniquely solve your licensing problems.

What is software licensing?

Software licensing allows you to get paid for each copy of your software. The types of software licensing come in a few general forms which I'll be covering in the next section. With few exceptions the “hardware-locked” licensing is best for businesses because it allows you to have absolute control over where your software is installed.

The point of licensing isn't to stop crackers from cracking your software. The point of licensing is to increase your revenue by preventing casual piracy (using serials over and over again). There is real money to be made by stopping casual piracy.

Types of software licensing

The types of licensing fall into 3 general groups:

  1. Serial only licensing
  2. Hardware-locked licensing (online activation, USB dongles, floating licenses, etc.)
  3. “Snake oil”

A. Serial only licensing

“Serial only” licensing (a.k.a. product key only licensing) is where you have a product key like “ABCD-EFGH-IJKL-MNOP-…” and that's it. A user or company can use the product key over and over again and there's nothing you can do about it.

There are some variations of serial-only licensing. One such variation is asymmetrically encrypting a large block of data and including this encrypted data in a license file for the user. But the principle behind all of these variations remains the same: the license (whether it's a product key or a file) can be shared over-and-over again.

For almost every case we recommend avoiding “serial only licensing” — use hardware-locked licensing instead (see the next section).


B. Hardware-locked licensing (online activation, USB dongles, etc.)

Hardware-locked licensing is the best type of software protection for 99% of all software. The biggest benefit of using hardware-locked licensing is that you (the company) have absolute control over how many times a customer installs your software. This means increased revenue by preventing casual piracy.

Hardware-locked licensing is known by many names (like node locked, etc.) and there are many variations. The most popular variation of hardware-locked licensing is “online activation.” Most people have encountered this type of licensing when they purchase a copy of Microsoft Windows or Microsoft Office.

When a customer uses well designed online activation it looks nearly identical to “serial-only” licensing. That is, the customer buys a copy of your software and gets a 20 to 30 character serial number like “ABCD-EFGH-IJKL-MNOP-…”. The customer enters this serial number into your program or your program's installer. Then, when the user clicks an “Activate” button, some “magic” happens behind the scenes. Your app will either let the customer use your app on that machine or your app will tell the customer to buy another license.

What's the “magic” behind online activation? That is, how does your software decide whether to let the customer use your software or not? The condensed version of the “magic” behind proper online activation is the following:Fingerprint

The whole activation process is a huge topic that can get exceedingly technical. This is the condensed version and most normal people are probably confused about what “cryptographic signing” is and how exactly you generate a “fingerprint” for a computer. Don't worry — I'll be explaining these concepts in the simplest way possible in the “Why LimeLM and why hardware-locked licensing?” section.


snake oilC. “Snake oil”

Up until the early 1900's in America there were traveling “doctors” who sold bottles of “snake oil” as cure-all medical treatments. The “snake oil” was often an unidentifiable liquid rather than actual oil from snakes. And these “doctors”, without exception, were uneducated fraudsters. These fraudsters went from town to town convincing the overly trusting town-folk that their “snake oil” remedy cured all ailments.

Have cancer? The snake oil will cure that. Broke an arm? Have some snake oil. Lost your hearing or eyesight? A dash of snake oil will fix you right up. Just have a headache? Snake oil works there too.

It wasn't until the gullible town-folk realized that their ailments weren't getting better (and in some cases getting worse, especially if they needed immediate treatment) that they realized both the “snake oil” and the “doctor” selling it were frauds.

Worst of all, these snake oil salesman soured the townspeople when real doctors came to town. How can the townspeople tell difference between a snake oil salesman who calls himself a doctor and a real, trained doctor who also calls himself a doctor?

Snake oil of software protection

Fast forward to the 21st century and you'll see there's a similar problem with licensing products. You have some licensing products, like LimeLM, that are fantastic (increasing your revenue without bothering your customers). But the dark side is that there are still an awful lot of third-party software protection products that promise things that are bald-faced lies. The problem is that you have to be an expert in the licensing field to tell the lies from the truth.

I could give you a list of the current popular snake oils in the software protection space (obfuscation, “anti-debuggers,” “anti-reverse engineering”, “anti-cracking”, “in-memory program encryption,”, etc., etc., etc.). And I could give you a point-by-point breakdown on why these are all snake oil (with academic research to back up my arguments). But I don't think that's enough. Firstly, the list would go on for miles, and I could fill a thick book debunking the current “snake oil” protection products point-by-point.

Worst of all, if you're not an expert in software licensing systems, how can you tell legit licensing that will increase your revenue from snake oil protection that will actually hurt your company? How do you tell the facts from the lies?

How to tell snake oil software protection from legitimate licensing

All is not lost — if you know what to look for and what to ask then you'll be able to tell snake oil from true licensing. Let me start with a quick list of irrefutable truths about licensing:

  1. All software can be cracked and, by extension, all software protection can be cracked.

  2. No “special technique” can be written to change this indisputable fact that all software can be cracked.

  3. The goal of licensing is not to stop 100% of all piracy in the world. That's impossible.

  4. The entire point of hardware-locked licensing is to stop casual piracy. Stopping casual piracy will make you money.

The quick way to tell if the licensing solution is “snake oil” (or worse, if the licensing developers are incompetent) is to use the following questions:

  1. Can the company talk to you in detail about the encryption algorithms they use (including where files are stored, how data is transmitted, the type of encryption used)? If they can't answer these questions then they're incompetent and/or fraudulent. Avoid them at all costs.

  2. Does the company claim to have a “secret sauce”? If so, run away fast — they're lying. Good licensing is based on well-known techniques (described below).

  3. Does the company claim to prevent/stop/impede or otherwise “thwart” hackers or crackers? If so, they're lying; run for safety.

Usually those 3 questions are enough to tell if a company is selling snake oil or if the company actually knows what it's doing. Doing a thorough debunking of “snake oil” licensing takes many, many pages, so we'll leave this topic for another time. But if you want further details about why “anti-debuggers”, “in memory encryption” and the like are bogus technologies we can spell it out for you. Email us at support@wyday.com.


Why LimeLM and why hardware-locked licensing?

In a typical “why you should choose us” product page there would be a table listing our product's features compared to our competitors features and there would be checkmarks in each column. Inevitably our product's feature column would have the most checkmarks. If we were feeling particularly sneaky we'd put a “negative feature” that our competitors had and that we didn't.

LimeLM comparison

We won't insult your intelligence. Licensing software is enormously complex behind-the-scenes and it's very hard to do an honest comparison with other licensing software unless you deeply understand how proper licensing works. That's what this section will be covering.

In the process of describing how hardware-locked licensing works I'll be covering how LimeLM is better than its competitors. I'll start first with how LimeLM trounces its competitors in the broad sense. Then I'll get into the nitty-gritty details of how the hardware-locked licensing works.

What are the differences between LimeLM and all alternatives?

There are lots of differences between LimeLM and our competitors. However, the root of all the differences between LimeLM and all other licensing products is our philosophy. We built LimeLM from the ground up to be simple; simple for you and simple for your customers who will be running your software.

This difference in philosophy exhibits itself in several ways. For starters, we make it easy for you (the software company) to get LimeLM and TurboActivate integrated into your app and your sales processes. Plus we make it just as easy for your customers to activate in under 1 second.

For instance, on the developer side of things, I bet you can get TurboActivate integrated in your app and everything configured in less than an hour from the time you sign up for LimeLM; you can't say the same about any of our competitors. We make it simple from the first moment you touch LimeLM, and we continue this theme of simplicity throughout your use of it.

Of course the list of advantages LimeLM has over its competitors can go on for miles. A few of the highlights are:

There are many, many more features. You can check out our help articles that get into some specific use-cases for LimeLM and TurboActivate. You can also check out the tour of LimeLM which has a broad overview (with pretty pictures) showing how you can use LimeLM.

How hardware-locked licensing works

The whole purpose of hardware-locked licensing is that you have full control over where your customers install your software. More specifically it means you get paid for every copy of your software.

However the hardware-locked licensing has to be designed correctly to be effective. That's what this section covers: how well designed hardware-locked licensing works.

As described above hardware-locked licensing can be broken into these 5 steps:

  1. Your customer enters a serial (e.g. “ABCD-EFGH-IJKL-MNOP-…”).

  2. Your software (using TurboActivate) generates a “fingerprint” to uniquely and anonymously identify the customer's computer.

  3. This serial and the computer's unique “fingerprint” are sent to an activation server.

  4. If the server allows the activation then the serial and fingerprint are cryptographically signed and sent back to the user.

  5. Based on this cryptographically signed block your app or installer will know whether the user is allowed to use your application or not.

Below is a brief description of what each of these steps means, and how well designed licensing (like LimeLM) handles them.

1. Your customer enters a serial

When your customer purchases your software you send them a product key. It normally looks something like “ABCD-EFGH-IJKL-MNOP-…” Here's what the product key entry page in the TurboActivate wizard looks like:


Entering a product key in TurboActivate

Of course if you're using LimeLM, you can just plop this TurboActivate wizard directly in your app and let us handle all the nuances of the user experience.

2. Your software (using TurboActivate) generates a “fingerprint” to uniquely and anonymously identify the customer's computer.

After your customer enters their product key, they'll click an “Activate” button. The very first thing to happen is TurboActivate (the part of LimeLM you include with your application) will analyze the customer's computer and generate a unique “fingerprint” of the computer:


TurboActivate looks at all the parts of your computer and generates a unique "fingerprint" of the computer.

This “fingerprint” allows TurboActivate to limit where your customers can install your software. So even if your customer own 2 identical computers that came off the manufacturing line one after another, TurboActivate will still be able to tell these computers apart.

3. This serial and the computer's unique "fingerprint" are sent to an activation server.

The next step that happens immediately after TurboActivate gets the “fingerprint” of the computer is it sends this “fingerprint” and the product key the customer entered to the LimeLM servers.


The product key and the computer's "fingerprint" are sent to the LimeLM servers

4. If the server allows the activation then the serial and fingerprint are cryptographically signed and sent back to the user.

The LimeLM servers will look at the product key and the fingerprint and determine what action to take. For instance, when a customer buys 2 copies of your software you'll send them a single product key (e.g. ABCD-EFGH-IJKL-MNOP-…) that has 2 “activation slots”. That is, the product key can be activated on 2 computers.

So if the product key sent to the LimeLM servers has a free “activation slot” — or if the fingerprint has already been activated and the user is just re-installing on the same computer — then LimeLM will send a cryptographically signed “activation block” back to TurboActivate:


The LimeLM servers send a cryptographically signed "activation block"

This “activation block” means your software is activated on the customer's computer. Once it gets the “activation block” from the LimeLM servers TurboActivate doesn't need to be connected to the internet to verify the cryptographically signed “activation block.” It just uses the concepts behind asymmetric cryptography to verify that the activation is genuine.

5. Based on this cryptographically signed block your app or installer will know whether the user is allowed to use your application or not.

The cryptographically signed “activation block” is used by TurboActivate to see if the current computer's “fingerprint” and product key are activated. Needless to say cryptography is a huge and complex topic, but here's a simple breakdown of what the cryptographically signed “activation block” means:

How the competition does licensing wrong

Now you know how a properly designed hardware-locked licensing product, like LimeLM, works behind the scenes. However, well designed hardware-locked licensing like LimeLM is hard to find. The common mistake 3rd party licensing products and in-house designed licensing have are the following:

  1. Not using asymmetric cryptography for the signed “activation block”

  2. Users suddenly becoming “de-activated” if they remove or add a piece of hardware

  3. Using the wrong pieces of hardware for the ID

  4. Forcing you to choose what hardware to use in the “fingerprint”

The list of what supposedly “professional” licensing products do wrong can go on and on. Those are just the most egregious mistakes crummy licensing companies make.

1. Not using asymmetric cryptography for the signed “activation block”

Poorly designed licensing systems simply send an “OK” or “Not OK” message when fake-activating instead of doing it properly by cryptographically signing the hardware “fingerprint”. This “OK”/“Not OK” behavior is incorrect and depends on how well the licensing can hide the response from the end-user. In other words this is snake oil.

One example where simply sending an “OK” response fails is when a customer uses hard drive cloning. Hard drive cloning is a widely used technique where IT administrators set up all the software on 1 computer then “clone” the hard drive to hundreds or thousands of other computers throughout their company. In other words, the IT administrator copies the software bit-for-bit from one hard drive to hundreds or thousands of other hard drives. This is a perfectly legal and widely used time-saving technique.


Hard drive clones

If your licensing system fake-activates by hiding an “OK” response then this fake-activation will be copied onto the hundreds or thousands of cloned hard drives. Thus, the company gets thousands of free copies of your software.

Properly designed hardware-locked licensing (like LimeLM) is not susceptible to problems like these. When an IT administrator “clones” the hard drive that has your activated software on it, none of the cloned hard drives will be activated. The reason is that the “fingerprint” of the computer will only match on the original computer (and not on any of the clones). Thus, the company will have to buy licenses for every computer they cloned your software to.

2. Users suddenly becoming “de-activated” if they remove or add a piece of hardware

Another big problem that plagues poorly designed software licensing solutions is failing to handle customers fixing and improving their computers. Customers add RAM, replace hard drives, and change their computers in other ways. The licensing solution you use must handle these normal user behaviors without forcing the customer to call your support lines to request a re-activation on their slightly altered computer.

In LimeLM we seamlessly handle users adding and removing hardware by using fuzzy-matching.

3. Using the wrong pieces of hardware for the ID

A common mistake 3rd party licensing solutions make is using the wrong things for the computer's fingerprint. Here's a brief list of some terrible “unique” identifiers of a computer:

4. Forcing you to choose what hardware to use in the “fingerprint”

Worse than using the wrong things for the fingerprint, some 3rd party licensing, like SoftwarePassport (formerly Armadillo), don't even bother choosing what components to use. Instead they force you to decide which pieces of hardware to use for the “fingerprint” of the computer.

Giving you the choice of which hardware components to use in the “fingerprint” sounds like a good idea, but in practice it's a disaster. Products like SoftwarePassport push the burden of testing which parts of the computer actually matter onto you. They force you to test the licensing on thousands of computers (or force you to cross your fingers and hope the hardware components you picked actually work with your customers).

There's no good way to do this statically. So even if SoftwarePassport detected all the necessary hardware components for hardware locking (they don't, they're missing a few important ones like the motherboard information) they don't dynamically detect changes in hardware.

Fitting with our philosophy of LimeLM (simplicity for you and your customers) we take an entirely different direction. TurboActivate dynamically chooses the best hardware-ID based on the actual computer hardware. We have researched which are the best components to "lock" the computer to and we don't make you worry about what works and what doesn't. We've done an immense amount of real end-user testing to see what best to use to uniquely identify a computer.

How LimeLM and TurboActivate add polish that goes above and beyond the competition

Not only do LimeLM and TurboActivate get the basics right, we also go above and beyond our competition to make the licensing experience seamless for your customers.

Fuzzy matching — seamlessly handling when users add & remove hardware

When a customer activates your software the “fingerprint” of the computer is generated based on the current hardware. But what happens if the user fixes or upgrades parts of their computer? In TurboActivate we have something called “fuzzy matching.”

Fuzzy matching means that even when users change some minor components of their computers (RAM, hard drives, etc.) TurboActivate will still see the customer as activated:


Fuzzy matching in TurboActivate

This means that if a customer adds more RAM or swaps out a hard drive they won't have to call or email you to reactivate. Everything will just work.

LimeLM & TurboActivate handle real life user behavior

In addition to handling the real life behavior of customers modifying their computers, we also handle re-installations of the operating system (e.g. Windows). That is, if a customer reinstalls Windows on their computer they don't have to call you up. They can simply reactivate your software and start using it immediately.

The list of things LimeLM does to make your customers lives easier is nearly endless.

Dead simple user interface for you and your customers

To top it all off we make sure LimeLM and TurboActivate are incredibly simple for you, your company, and your customers. For instance, generating a new product key for your app is as simple as specifying how many computers you want the key to be used on and then clicking the “Create product key button”:


Creating a product key

Of course you can automate this process. That is, you can automatically generate the product key and email it to the customer after they order your software. You can also limit specific features in your app and use SaaS licensing to earn recurring revenue from your apps.

When your customer gets the product key they simple paste it into your app and press Activate (or they use the TurboActivate wizard you can include with your app):


Entering a product key in TurboActivate

Even if things go wrong, we make it easy to solve the problem. For example, if a customer loses their computer they'll need to be able to activate on their new computer. All you have to do to let them activate on their new computer is to login to your LimeLM account, search for their email or product key, then click the “Deactivate” link:


Deactivating an individual activation

The customer can then immediately activate on their new computer.

Give LimeLM a try — free for 30 days

It's hard to find a 3rd party licensing solution that gets the basics of hardware-locked licensing right. It's even harder to find a licensing solution that cares about the end-users' experience. We do both. Give LimeLM a try — you'll be glad you did.