How does the SoftwareShield System Work?

This section is a brief overview of how the SoftwareShield System works with your software to enforce the license you design with the SoftwareShield License Manager. Licensing is briefly reviewed including the important concept of Serial Numbers and Activation Codes. An example scenario is given that describes a typical transaction.

At run-time, licensing works through a cooperative effort between your application, the SoftwareShield ClientProtector component (which you must redistribute with your applications), and the License File that you create for the application.

The (main, distributed) License File is a compressed and encrypted file which contains all the licensing information necessary to enforce itself on your application. The SoftwareShield ClientProtector component is a COM server .DLL which you must distribute with your applications and register on the clients machine in your applications installer package. The ClientProtector is the component through which your application interacts with the License File that you must distribute also.

License Files you develop are specific to a particular application and (often) specific even to different releases. The ClientProtector is an in-proc COM server used by all applications that use the SoftwareShield System regardless of the version of license it uses. Your application must have a small set of information in order to start the ClientProtector and subsequently use it to enforce the license, including encryption passwords used to encrypt the file and other sub-components of the file, the name of the license file it should use, and a code representing what FingerPrint elements to use to identify an authorized system (if any).

You develop your licenses using the SoftwareShield License Manager application. The License Manager is a full featured Windows application that allows you to design and implement any and all license features your application needs. The License Manager also handles compiling License Projects into distributed licenses which you then ship with your application. When you create a distributed license, the License Manager also creates a programming notes file which simplifies your job of incorporating the license into your application. The License Manager even writes several language versions of the exact code you need in the programming notes file which you can copy into your development environment to initialize and start the ClientProtector component.

Once you have designed and developed the License, tested and debugged your application (and its licensing features), and distributed your application, the license, and the ClientProtector component, you are ready to use the Activation Code Generator (either manually or automatically) to control your application through its license.

Serial Numbers are 12 digit alphanumeric codes that represent a "token of ownership" of one or more copies of some aspect of your software. By itself and before it is activated, it is not associated with any particular user or machine and itself represents the ownership. Before the Serial Number is activated - it is the ownership. In other words, it is like a cheque made out to "cash" - anyone can use it. This "aspect of your software" can be either the right to use the entire software package or as detailed as a single use of a single function within that software.

Serial Numbers allow you to impliment new license models (which are enforced with the use of the CheckPoint License Server). You can use Serial Numbers to produce commercial off the shelf software (COTS) that is pre-packaged, boxed and sold at a retailer. The Serial Numbers you pre-generate for this purpose would be stored inside the box and used during customer activation to "turn on the software" on their machine. This allows you to get the benefit of making a sale to an arbitrary customer at a retailer, but still have the benefit of machine locking / FingerPrinting ensuring that the software can only be activated as many times as you permit.

You can use Serial Number to sell "bulk licenses" or "seats" in enterprise installations of your software. By generating Serial Numbers that have a number of Activations associated with them, you can effectively sell a set of seats to your application using a single Serial Number. This is referred to as the Total Activations Permitted for a Serial Number. When end-users receive a Serial Number you sent them, they will be able to activate the provided number of seats (machines) - but no more. These Serial Numbers can be pre-generated with a set number of seats or can be dynamically generated with an arbitrary number of seats from either a simple HTTP GET call or a SOAP web-service.

Activation codes are 12 digit codes that you generate. They contain all the necessary information to make pre-defined changes to the license that controls your application. By issuing Activation Codes to your customers, you change the way your application behaves. For example allowing it to run in full-mode or adding 10 more pre-paid uses of a specific feature. The Activation Codes that the SoftwareShield Manual-ActivatorT creates are encrypted in two layers. The first layer of information is a composition of three items which are compressed together and encrypted using the password (key) specific to this Authorization Code. The information inside the first layer is:

1. A parameter value if necessary.
2. A "shelf-life" if necessary. Which is a date whereon the code will expire and will not function for anyone.
3. The users Finger Print code if necessary.

This encrypted first layer is compressed together with one more piece of information, the Authorization Code ID for which the code is to operate. The entire structure is then encrypted one more time using the global Authorization Code password (key).

All encryption in SoftwareShield is performed using the BlowFish algorithm which is well known to be extremely secure.

Some Activation Codes are "single-use" codes, so that once they are used on a given system - they can never be reused on that same system. Some Activation Codes have a "shelf-life". The "shelf-life of an Activation Code is a period of days that you set before issuing the license but can also override while issuing each Activation Code. The code must be used within this "shelf-life" - or it will expire. Expired Activation Codes will not work on any system whatsoever.

For example, here are the basic steps to implementing a simple trial version of an application that expires and won't run 30 days after it is installed, unless the client purchases it from you:

1. You design and develop a License for your trial version application.
2. You test and debug it until you are ready for a release.
3. In your trial version installer package, you must distribute: (1) your application (naturally), (2) your distributed license, and the (3) ClientProtector .DLL (which must also be registered on the client machine through your installer package).
4. Your client receives your trial version (by download or disk) and installs your trial version (which copies the license file into your applications directory and the ClientProtector to a convenient directory and registers it with the Windows system like any other COM server).
5. Your client happily runs your program. Every time the program starts - your program must invoke the ClientProtector to check its license. The ClientProtector decrypts the license and tells your application that it is an expiring trial version and that there are 30 days remaining in the trial period.
6. You can then display this information to your user and inform him how he can purchase the software by linking to your "Buy-Now" page or contacting you by phone, e-mail or whatever you wish. During the trial period - you will probably want to have the program execute normally, but give the user the opportunity to enter an Activation Code if they have already decided to purchase it and have received the code from you.
7. After 30 days have gone by, when the user next starts the program, the ClientProtector will discover that the expire period has lapsed -informing your application. You will then probably choose to prompt the user that their free trial period is over and they must purchase the program to continue using it. You can also prompt them to input their Activation Code now if they have already purchased their copy. If they do not input a valid Activation Code - you terminate the program.
8. Once they have decided to purchase the program from you they must supply you an "Authorization Request Code" and of-course payment. Once you have successfully processed their payment (by hand or automatically through a web-merchant for example) you can then input into your SoftwareShield Activation Code Generator their request code for the particular product you are selling. The Activation Code Generator - then determines if the request code is valid for that license and if so, constructs an Activation (or Authorization) code to supply to the customer. With the Manual SoftwareShield Activation Code Generator (which is a simple Windows application), you must manually enter their request code in order to generate the code to provide them. In the Internet edition of the SoftwareShield System - this process can be completely automated and deployed on the web. (See diagram below) The Internet version once properly deployed allows you to have trial versions downloaded, evaluated, purchased and activated without any intervention from you at all; 24 hours a day, 7 days a week, 365 days a year.
9. Back at your customers computer - they receive their Authorization Code from you. They restart the program (if it wasn't running already since the last step could have all happened in a matter of minutes if you have deployed the Activation Code Generator on the web) and enter the code. The ClientProtector then validates that the code is real, ensures that it was meant for this specific computer (if FingerPrinting is enabled) and updates the license file to reflect that the program should now run as a full version.
10. Now - every time the program starts, the ClientProtector opens the license to find that this is a fully functional version of the program, and executes without interruption.

The following diagram illustrates how the SoftwareShield System facilitates a simplified transaction using the Web-Activator: