Reputation: 51
Is this a good concept for a serial key activation using a web service?
I am writing a windows desktop application in WPF. I need to add in an activation process and was wondering if I have the right idea
This is the process I was thinking of implementing. Would this be the best solution
- When the user loads the application it checks for a registry key with the activation code in it
Needs activation
- If there is no activation key in the registry they are given an activation page
- In here they will enter there activation key which they will receive from us
- When the user clicks activate i get the serial number of their HDD and hash it
- I then connect to a webservice which i have written to check -- Does the key exist -- Is there an assigned HDD serial hash to it -- Is it active
- If it passes all these criteria i update my DB via the webservice with the HDD serial and mark it as active
Already active(registry key with activation key present)
- Get the serial number of their HDD and hash it
- Retrieve the key from the registry
- Connect to the webservice to check if the key exists, is still active andassigned to the correct HDD hash
- If it is I allow the user to continue
- If not then I remove the registry key altogether and inform them that they will need to reactivate the software and then load up the activation page.
Asides from wondering if this is the correct way to do this I have a few additional concerns:
The webservice will need to be secured The user will need to have internet access at whenever they start up the program so that i can check the webservice
Any advice anyone can give would be greatly appreciated. I couldn't find any answers out there.
Upvotes: 4
Views: 884
Answers (2)
Reputation: 187
Sounds good but you need to keep in mind:
- The connection to the webservice must be secured with SSL.
- The exchange of messages between the web service must be signed with some form of private/public key so the client knows the message really comes from the server and users don't create their own activation servers.
- Your webservice must be on servers with high availability (you don't want angry users calling because they can't get their work done).
- The HDD serial number can be changed. You may want to combine that with something else.
Upvotes: 1
Reputation: 1
The concept you came up with it good so far, but since you require the user to be online at all times i would additionally encrypt the data with RSA.
Your product gets the public key hardcoded and the data you send to the server gets sent back encrypted with the private RSA key. This way you can prevent them from using self made activation servers that do nothing but say "eveything is a-okay, you're activated."
Upvotes: 0
Related Questions
- Product activation with public key certificate
- Generating activation key from serial number
- How can I create a unique activation code?
- Generating a serial number for product activation
- Barcode web service
- ASP webservice call to be automated
- Is there a "standard" way to implement Software Activation for .NET?
- Is this a valid way to create a web service and is it commonly accepted?
- Running e-commerce site from a web service. Bad idea?
- Windows Activation Service on Windows 2003