Thread: how to force windows to report a false hard disk serial number?
View Single Post
  #10  
Old 01-15-2004, 03:18
JMI JMI is offline
Leader
  
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 98 Times in 96 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
raladin:

It is difficult for me to chat in real time because I have a day job which has nothing to do with computing, other than using one for getting work done and I often work at it for long hours at a time without significant breaks. However, I will PM you with an email addy where you can contact me to discuss your issues more fully.

Do I understand that you want to have the user download your software? Does that mean that the software downloaded on their computer has to interact with your server to update and/or interact with the "lessons"?

Having the software locked to a particular HD is an option available from several protection companies, including armadillo. It prevents the installation of the software on more than one HD, "IF" the distributor sets up the software options on their protection code properly. It also has MD5 code to encrypt part of the code with a particular registration criteria, that makes it pretty secure without someone actually having that code. It prevents a part of the program from decrypting needed features. Of course it only works on windows products. The point here is that they have trial downloads you could study for fuctionality.

I believe the key to security here is a two step process. First the software must have some major functional part of it encrypted with MD5 that simply does not operate without the proper authentication. One way to prevent the "unauthorized" distribution of your software could be to make part of the software operable "only" when their "authenticated" machine is connected to your server. In other words, the "lessons" open on their machine, but do not do anything important, unless connected to your server. If the "data" they need is not available on "their" machine, they can not make it work there. Only by successfully connecting to your machine, would the "fuctional" component actually be available. You could then have a folder on your machine that is available "only" to someone with that HD authentication embedded in his code, who also had the proper authentication code to the server, such as encrypted username and password. Such a two step authentication simply adds a second level to the process.

Generally the only really secure system downloaded to the user, which you want to only work when properly connected to your server, is one where there is NOTHING on their machine which is capable of making it work. If the code that makes it work is actually there, it requires strong encryption to prevent access "without" you server connection, but if your server actually sends something to them to "unencrypt" that portion of the code each time they connect, some smart hacker could eventually figure out how to intercept it and "activate" without being connected at all. But if the part that makes the lessons work is ONLY on your server, and is not actually downloadabe, but only viewable, i.e. you have disabled "view source" fuctionality and the files are "read only" and encrypted with a piece available only on your server, it would become a difficult process for anyone to use your "lessons" who wasn't BOTH the proper person AND operating from the proper machine.

Regards,
__________________
JMI
Reply With Quote