What is hardware-locked licensing and why choose LimeLM?
This article is going to explain what software licensing is, the types of licensing, and why the “hardware-locked” type of licensing will earn you the most money. Finally, I'll cover why LimeLM is the best hardware-locked licensing solution on the market by showing how it works and what we do to uniquely solve your licensing problems.
What is software licensing?
Software licensing allows you to get paid for each copy of your software. The types of software licensing come in a few general forms which I'll be covering in the next section. With few exceptions the “hardware-locked” licensing is best for businesses because it allows you to have absolute control over where your software is installed.
The point of licensing isn't to stop crackers from cracking your software. The point of licensing is to increase your revenue by preventing casual piracy (using serials over and over again). There is real money to be made by stopping casual piracy.
Types of software licensing
The types of licensing fall into 3 general groups:
- Serial only licensing
- Hardware-locked licensing (online activation, USB dongles, floating licenses, etc.)
- “Snake oil”
A. Serial only licensing
“Serial only” licensing (a.k.a. product key only licensing) is where you have a product key like “ABCD-EFGH-IJKL-MNOP-…” and that's it. A user or company can use the product key over and over again and there's nothing you can do about it.
There are some variations of serial-only licensing. One such variation is asymmetrically encrypting a large block of data and including this encrypted data in a license file for the user. But the principle behind all of these variations remains the same: the license (whether it's a product key or a file) can be shared over-and-over again.
For almost every case we recommend avoiding “serial only licensing” — use hardware-locked licensing instead (see the next section).
Advantages of serial-only licensing: It's exceedingly simple to build in-house.
Disadvantages of serial-only licensing: You have absolutely no control over how many times a company/user uses your software. You will lose a considerable amount of revenue using “serial-only” licensing.
B. Hardware-locked licensing (online activation, USB dongles, etc.)
Hardware-locked licensing is the best type of software protection for 99% of all software. The biggest benefit of using hardware-locked licensing is that you (the company) have absolute control over how many times a customer installs your software. This means increased revenue by preventing casual piracy.
Hardware-locked licensing is known by many names (like node locked, etc.) and there are many variations. The most popular variation of hardware-locked licensing is “online activation.” Most people have encountered this type of licensing when they purchase a copy of Microsoft Windows or Microsoft Office.
When a customer uses well designed online activation it looks nearly identical to “serial-only” licensing. That is, the customer buys a copy of your software and gets a 20 to 30 character serial number like “ABCD-EFGH-IJKL-MNOP-…”. The customer enters this serial number into your program or your program's installer. Then, when the user clicks an “Activate” button, some “magic” happens behind the scenes. Your app will either let the customer use your app on that machine or your app will tell the customer to buy another license.
What's the “magic” behind online activation? That is, how does your software decide whether to let the customer use your software or not? The condensed version of the “magic” behind proper online activation is the following:
Your customer enters a serial (e.g. “ABCD-EFGH-IJKL-MNOP-…”).
Your software generates a “fingerprint” to uniquely and anonymously identify the customer's computer.
This serial and the computer's unique “fingerprint” are sent to an activation server.
If the server allows the activation then the serial and fingerprint are cryptographically signed and sent back to the user.
Based on this cryptographically signed “activation block” your app or installer will know whether the user is allowed to use your application or not.
The whole activation process is a huge topic that can get exceedingly technical. This is the condensed version and most normal people are probably confused about what “cryptographic signing” is and how exactly you generate a “fingerprint” for a computer. Don't worry — I'll be explaining these concepts in the simplest way possible in the “Why LimeLM and why hardware-locked licensing?” section.
Advantages of hardware-locked licensing: You have complete control over how many times your customer uses your software. This can mean a significant increase in revenue.
Disadvantages of hardware-locked licensing: It's hard to build this licensing in-house and there are only a few 3rd party companies that do hardware-locked licensing well. (If you haven't guessed, LimeLM is one of the few that does hardware-locked licensing well).
C. “Snake oil”
Up until the early 1900's in America there were traveling “doctors” who sold bottles of “snake oil” as cure-all medical treatments. The “snake oil” was often an unidentifiable liquid rather than actual oil from snakes. And these “doctors”, without exception, were uneducated fraudsters. These fraudsters went from town to town convincing the overly trusting town-folk that their “snake oil” remedy cured all ailments.
Have cancer? The snake oil will cure that. Broke an arm? Have some snake oil. Lost your hearing or eyesight? A dash of snake oil will fix you right up. Just have a headache? Snake oil works there too.
It wasn't until the gullible town-folk realized that their ailments weren't getting better (and in some cases getting worse, especially if they needed immediate treatment) that they realized both the “snake oil” and the “doctor” selling it were frauds.
Worst of all, these snake oil salesman soured the townspeople when real doctors came to town. How can the townspeople tell difference between a snake oil salesman who calls himself a doctor and a real, trained doctor who also calls himself a doctor?
Snake oil of software protection
Fast forward to the 21st century and you'll see there's a similar problem with licensing products. You have some licensing products, like LimeLM, that are fantastic (increasing your revenue without bothering your customers). But the dark side is that there are still an awful lot of third-party software protection products that promise things that are bald-faced lies. The problem is that you have to be an expert in the licensing field to tell the lies from the truth.
I could give you a list of the current popular snake oils in the software protection space (obfuscation, “anti-debuggers,” “anti-reverse engineering”, “anti-cracking”, “in-memory program encryption,”, etc., etc., etc.). And I could give you a point-by-point breakdown on why these are all snake oil (with academic research to back up my arguments). But I don't think that's enough. Firstly, the list would go on for miles, and I could fill a thick book debunking the current “snake oil” protection products point-by-point.
Worst of all, if you're not an expert in software licensing systems, how can you tell legit licensing that will increase your revenue from snake oil protection that will actually hurt your company? How do you tell the facts from the lies?
How to tell snake oil software protection from legitimate licensing
All is not lost — if you know what to look for and what to ask then you'll be able to tell snake oil from true licensing. Let me start with a quick list of irrefutable truths about licensing:
All software can be cracked and, by extension, all software protection can be cracked.
No “special technique” can be written to change this indisputable fact that all software can be cracked.
The goal of licensing is not to stop 100% of all piracy in the world. That's impossible.
The entire point of hardware-locked licensing is to stop casual piracy. Stopping casual piracy will make you money.
The quick way to tell if the licensing solution is “snake oil” (or worse, if the licensing developers are incompetent) is to use the following questions:
Can the company talk to you in detail about the encryption algorithms they use (including where files are stored, how data is transmitted, the type of encryption used)? If they can't answer these questions then they're incompetent and/or fraudulent. Avoid them at all costs.
Does the company claim to have a “secret sauce”? If so, run away fast — they're lying. Good licensing is based on well-known techniques (described below).
Does the company claim to prevent/stop/impede or otherwise “thwart” hackers or crackers? If so, they're lying; run for safety.
Usually those 3 questions are enough to tell if a company is selling snake oil or if the company actually knows what it's doing. Doing a thorough debunking of “snake oil” licensing takes many, many pages, so we'll leave this topic for another time. But if you want further details about why “anti-debuggers”, “in memory encryption” and the like are bogus technologies we can spell it out for you. Email us at email@example.com.
Why LimeLM and why hardware-locked licensing?
In a typical “why you should choose us” product page there would be a table listing our product's features compared to our competitors features and there would be checkmarks in each column. Inevitably our product's feature column would have the most checkmarks. If we were feeling particularly sneaky we'd put a “negative feature” that our competitors had and that we didn't.
We won't insult your intelligence. Licensing software is enormously complex behind-the-scenes and it's very hard to do an honest comparison with other licensing software unless you deeply understand how proper licensing works. That's what this section will be covering.
In the process of describing how hardware-locked licensing works I'll be covering how LimeLM is better than its competitors. I'll start first with how LimeLM trounces its competitors in the broad sense. Then I'll get into the nitty-gritty details of how the hardware-locked licensing works.
What are the differences between LimeLM and all alternatives?
There are lots of differences between LimeLM and our competitors. However, the root of all the differences between LimeLM and all other licensing products is our philosophy. We built LimeLM from the ground up to be simple; simple for you and simple for your customers who will be running your software.
This difference in philosophy exhibits itself in several ways. For starters, we make it easy for you (the software company) to get LimeLM and TurboActivate integrated into your app and your sales processes. Plus we make it just as easy for your customers to activate in under 1 second.
For instance, on the developer side of things, I bet you can get TurboActivate integrated in your app and everything configured in less than an hour from the time you sign up for LimeLM; you can't say the same about any of our competitors. We make it simple from the first moment you touch LimeLM, and we continue this theme of simplicity throughout your use of it.
Of course the list of advantages LimeLM has over its competitors can go on for miles. A few of the highlights are:
TurboActivate (the part of LimeLM you include with your application) works on multiple platforms (Windows, Linux, and Mac OS X) and multiple CPU architectures (x86, x64, PPC, ARM, SPARC).
TurboActivate works with all programming languages and we don't charge you for every programming language or platform you want to use. When you sign up for LimeLM you immediately get access to all example code and libraries for all platforms.
You can host LimeLM on your own servers or let us handle all the work.
We make it easy for you to make recurring revenue from your apps (for example charging on a monthly basis).
We provide ready-made examples showing how to integrate LimeLM in your purchase process (thereby automating everything so your customers can use your software mere seconds after placing an order).
There are many, many more features. You can check out our help articles that get into some specific use-cases for LimeLM and TurboActivate. You can also check out the tour of LimeLM which has a broad overview (with pretty pictures) showing how you can use LimeLM.
How hardware-locked licensing works
The whole purpose of hardware-locked licensing is that you have full control over where your customers install your software. More specifically it means you get paid for every copy of your software.
However the hardware-locked licensing has to be designed correctly to be effective. That's what this section covers: how well designed hardware-locked licensing works.
As described above hardware-locked licensing can be broken into these 5 steps:
Below is a brief description of what each of these steps means, and how well designed licensing (like LimeLM) handles them.
1. Your customer enters a serial
When your customer purchases your software you send them a product key. It normally looks something like “ABCD-EFGH-IJKL-MNOP-…” Here's what the product key entry page in the TurboActivate wizard looks like:
Of course if you're using LimeLM, you can just plop this TurboActivate wizard directly in your app and let us handle all the nuances of the user experience.
2. Your software (using TurboActivate) generates a “fingerprint” to uniquely and anonymously identify the customer's computer.
After your customer enters their product key, they'll click an “Activate” button. The very first thing to happen is TurboActivate (the part of LimeLM you include with your application) will analyze the customer's computer and generate a unique “fingerprint” of the computer:
This “fingerprint” allows TurboActivate to limit where your customers can install your software. So even if your customer own 2 identical computers that came off the manufacturing line one after another, TurboActivate will still be able to tell these computers apart.
3. This serial and the computer's unique "fingerprint" are sent to an activation server.
The next step that happens immediately after TurboActivate gets the “fingerprint” of the computer is it sends this “fingerprint” and the product key the customer entered to the LimeLM servers.
4. If the server allows the activation then the serial and fingerprint are cryptographically signed and sent back to the user.
The LimeLM servers will look at the product key and the fingerprint and determine what action to take. For instance, when a customer buys 2 copies of your software you'll send them a single product key (e.g. ABCD-EFGH-IJKL-MNOP-…) that has 2 “activation slots”. That is, the product key can be activated on 2 computers.
So if the product key sent to the LimeLM servers has a free “activation slot” — or if the fingerprint has already been activated and the user is just re-installing on the same computer — then LimeLM will send a cryptographically signed “activation block” back to TurboActivate:
This “activation block” means your software is activated on the customer's computer. Once it gets the “activation block” from the LimeLM servers TurboActivate doesn't need to be connected to the internet to verify the cryptographically signed “activation block.” It just uses the concepts behind asymmetric cryptography to verify that the activation is genuine.
5. Based on this cryptographically signed block your app or installer will know whether the user is allowed to use your application or not.
The cryptographically signed “activation block” is used by TurboActivate to see if the current computer's “fingerprint” and product key are activated. Needless to say cryptography is a huge and complex topic, but here's a simple breakdown of what the cryptographically signed “activation block” means:
Can check if activated without being online: TurboActivate can verify the computer is activated by comparing the computer's fingerprint to the cryptographic signature. This can all be done without being connected to the internet.
Un-forgeable: Because the “activation block” is created using asymmetric encryption this means no one can generate a fake “activation block”. For all practical purposes such a forgery is mathematically impossible to create.
How the competition does licensing wrong
Now you know how a properly designed hardware-locked licensing product, like LimeLM, works behind the scenes. However, well designed hardware-locked licensing like LimeLM is hard to find. The common mistake 3rd party licensing products and in-house designed licensing have are the following:
The list of what supposedly “professional” licensing products do wrong can go on and on. Those are just the most egregious mistakes crummy licensing companies make.
1. Not using asymmetric cryptography for the signed “activation block”
Poorly designed licensing systems simply send an “OK” or “Not OK” message when fake-activating instead of doing it properly by cryptographically signing the hardware “fingerprint”. This “OK”/“Not OK” behavior is incorrect and depends on how well the licensing can hide the response from the end-user. In other words this is snake oil.
One example where simply sending an “OK” response fails is when a customer uses hard drive cloning. Hard drive cloning is a widely used technique where IT administrators set up all the software on 1 computer then “clone” the hard drive to hundreds or thousands of other computers throughout their company. In other words, the IT administrator copies the software bit-for-bit from one hard drive to hundreds or thousands of other hard drives. This is a perfectly legal and widely used time-saving technique.
If your licensing system fake-activates by hiding an “OK” response then this fake-activation will be copied onto the hundreds or thousands of cloned hard drives. Thus, the company gets thousands of free copies of your software.
Properly designed hardware-locked licensing (like LimeLM) is not susceptible to problems like these. When an IT administrator “clones” the hard drive that has your activated software on it, none of the cloned hard drives will be activated. The reason is that the “fingerprint” of the computer will only match on the original computer (and not on any of the clones). Thus, the company will have to buy licenses for every computer they cloned your software to.
2. Users suddenly becoming “de-activated” if they remove or add a piece of hardware
Another big problem that plagues poorly designed software licensing solutions is failing to handle customers fixing and improving their computers. Customers add RAM, replace hard drives, and change their computers in other ways. The licensing solution you use must handle these normal user behaviors without forcing the customer to call your support lines to request a re-activation on their slightly altered computer.
In LimeLM we seamlessly handle users adding and removing hardware by using fuzzy-matching.
3. Using the wrong pieces of hardware for the ID
A common mistake 3rd party licensing solutions make is using the wrong things for the computer's fingerprint. Here's a brief list of some terrible “unique” identifiers of a computer:
The IP address: this is absolutely useless as a unique identifier because…
an IP address can be shared by multiple computers
the IP address for a computer can (and does) change often
The MAC address: this isn't a terrible unique identifier when used in tandem with several other components in the computer, but by itself it's nearly as useless as the IP address.
The “volume ID” of a hard drive: this is also called the “partition ID”. It's a software-generated ID that's stored in the partition. It's absolutely useless as a unique identifier for a computer because…
It changes if a customer reinstalls their operating system (meaning a customer will have to call your support line so they can reactivate on the exact same computer)
The “volume ID” is cloned when an IT administrator clones one hard drive to all the other hard drives in the company. (See “hard drive cloning” above).
The "computer name": this is the value you (and your users) set when they log on to Windows for the first time. The user can change it to anything they want, but Windows defaults to "[Username]-PC". So if a user enters "Bob" for their username, then the computer name will be "Bob-PC".
The reason this "computer name" is a bad "unique" identifier for a computer is that it's susceptible to high instances of false-positives and false-negatives.
False positives. A false positive in online activation is when the licensing (rather, your program using the licensing) sees 2 completely different computers as the same. That is, with a false positive match a user can use the same serial over and over again on multiple computers.
With the "computer name" being used as the "unique" ID of a computer, a false positive means that more than 1 computer have the same computer name. For example, let's say Bob buys a laptop and a desktop for his home and another laptop for his work. When he first logs into Windows on each of these computers he'll enter "Bob" as his username and each of the computers will be automatically named "Bob-PC". So if you use the "computer name" as the "unique" ID in your software then Bob will be able to use your software on all three of his computers when buying only 1 license.
Worse yet, when an IT administrator in company clones one hard drive to all the other hard drive in the company, the "computer name" will be the same throughout the entire company. (See “hard drive cloning” above). This means a company will only have to buy 1 license from you to use your software on every computer in their company.
False negatives. Much worse than false-positives are false-negatives. A false negative is when a customer installs your software on the same computer they installed your software on before, but they aren't able to activate because the licensing sees the computer as being different. For example if a user installs your app, activates it, then reinstalls Windows and uses a different computer name, they won't be able to re-activate your software.
Most "bargain" (cheap) 3rd party licensing products use the "computer name" as the unique ID for the computer.
4. Forcing you to choose what hardware to use in the “fingerprint”
Worse than using the wrong things for the fingerprint, some 3rd party licensing, like SoftwarePassport (formerly Armadillo), don't even bother choosing what components to use. Instead they force you to decide which pieces of hardware to use for the “fingerprint” of the computer.
Giving you the choice of which hardware components to use in the “fingerprint” sounds like a good idea, but in practice it's a disaster. Products like SoftwarePassport push the burden of testing which parts of the computer actually matter onto you. They force you to test the licensing on thousands of computers (or force you to cross your fingers and hope the hardware components you picked actually work with your customers).
There's no good way to do this statically. So even if SoftwarePassport detected all the necessary hardware components for hardware locking (they don't, they're missing a few important ones like the motherboard information) they don't dynamically detect changes in hardware.
Fitting with our philosophy of LimeLM (simplicity for you and your customers) we take an entirely different direction. TurboActivate dynamically chooses the best hardware-ID based on the actual computer hardware. We have researched which are the best components to "lock" the computer to and we don't make you worry about what works and what doesn't. We've done an immense amount of real end-user testing to see what best to use to uniquely identify a computer.
How LimeLM and TurboActivate add polish that goes above and beyond the competition
Not only do LimeLM and TurboActivate get the basics right, we also go above and beyond our competition to make the licensing experience seamless for your customers.
Fuzzy matching — seamlessly handling when users add & remove hardware
When a customer activates your software the “fingerprint” of the computer is generated based on the current hardware. But what happens if the user fixes or upgrades parts of their computer? In TurboActivate we have something called “fuzzy matching.”
Fuzzy matching means that even when users change some minor components of their computers (RAM, hard drives, etc.) TurboActivate will still see the customer as activated:
This means that if a customer adds more RAM or swaps out a hard drive they won't have to call or email you to reactivate. Everything will just work.
LimeLM & TurboActivate handle real life user behavior
In addition to handling the real life behavior of customers modifying their computers, we also handle re-installations of the operating system (e.g. Windows). That is, if a customer reinstalls Windows on their computer they don't have to call you up. They can simply reactivate your software and start using it immediately.
The list of things LimeLM does to make your customers lives easier is nearly endless.
Dead simple user interface for you and your customers
To top it all off we make sure LimeLM and TurboActivate are incredibly simple for you, your company, and your customers. For instance, generating a new product key for your app is as simple as specifying how many computers you want the key to be used on and then clicking the “Create product key button”:
Of course you can automate this process. That is, you can automatically generate the product key and email it to the customer after they order your software. You can also limit specific features in your app and use SaaS licensing to earn recurring revenue from your apps.
When your customer gets the product key they simple paste it into your app and press Activate (or they use the TurboActivate wizard you can include with your app):
Even if things go wrong, we make it easy to solve the problem. For example, if a customer loses their computer they'll need to be able to activate on their new computer. All you have to do to let them activate on their new computer is to login to your LimeLM account, search for their email or product key, then click the “Deactivate” link:
The customer can then immediately activate on their new computer.
Give LimeLM a try — free for 30 days
It's hard to find a 3rd party licensing solution that gets the basics of hardware-locked licensing right. It's even harder to find a licensing solution that cares about the end-users' experience. We do both. Give LimeLM a try — you'll be glad you did.