Linux上的产品激活 [英] Product Activation on Linux
问题描述
Q .是否有任何开放源代码库可在Linux上用于许可和许可?产品激活相关的东西?如果否,那么附近还有其他选择吗?
详细的问题. :许可方案如下:
1.为用户分配了唯一的序列号/产品密钥
2.该应用程序内包含一个公共密钥(pgp)或文字代码.
3.用户使用产品密钥安装应用程序
4.用户现在需要通过选择激活选项来激活他的应用程序
5.为用户的计算机生成唯一的硬件哈希(例如使用MD5或SHA1),并将其与产品密钥一起发送到激活服务器.该应用程序与我们托管位置的Web服务联系.
6.激活服务器验证产品密钥.然后确定是第一次激活还是重新激活.
7.激活服务器使用RSA加密与激活相关的信息,并形成一个激活代码,然后将其发送回用户端的应用程序.
8.应用程序将通过使用包含在其中的公钥对激活码进行解密来对其进行验证,然后在进行积极验证时激活该应用程序.
9.应用程序会定期检查是否有硬件更新以及是否需要重新激活.
10.维护已发布产品密钥和凭证的数据库.相应的激活信息.
11.确保该产品的新版本每次都具有不同的公钥,并且在激活码验证过程中也要进行一些细微更改,以减少产品被破解的可能性.
12.许可证到期信息也可以集成到激活码中.程序运行时或启动时,应定期检查到期日期.应该确定系统时间修改.
将确保串行密钥没有被超过预期数量的用户/机器使用,在这种情况下,我将撤销该密钥.
我非常清楚,如果可以完全破解Microsoft Windows激活,还没有一个完整的反盗版解决方案.
我只是想要一个具有上述要求的足够体面的反盗版解决方案.
为用户提供便利不是我的首要任务,因为不再需要用户自己安装该应用程序.
卡巴斯基Internet Security使用的反盗版系统使我非常受鼓舞.
我们欢迎您对反盗版系统提出任何建议.
在此先感谢...
Q. Is there any open source library which can be used on Linux for Licensing & Product Activation related stuff? If No, then is there any near by alternative?
Detailed Q. : The Licensing scheme is as follows:
1. A unique Serial No./Product Key is assigned to user
2. A public key (pgp) or a literal code is included inside of the app.
3. The user installs the application using Product Key
4. The user now needs to activate his application, by choosing the activate option
5. A unique Hardware Hash is generated for the user''s machine (say using MD5 or SHA1), which is sent to the activation server together with the Product Key. The application contacts a web service at our hosting location.
6. The Activation Server verifies the Product key. Then identifies whether it’s a first time activation or re-activation.
7. The activation server uses RSA to encrypt the activation related information and form an activation code, which is sent back to the application on user’s side.
8. The Application will verify the activation code by decrypting it with the Public Key included in it, and activate the application on positive verification.
9. The Application periodically checks for any updates to the hardware and if re-activation is required.
10. Maintain a database of issued Product Keys & corresponding activation information.
11. Ensure that further new releases of the product have different Public Key each time and also some slight changes in the activation code verification procedure, so as to reduce chances of product being cracked.
12. License Expiry Information can also be integrated into the activation code. Expiry Date should be periodically checked while the program is running or on start-up. System Time modification should be identified.
Will be making it sure that the Serial key is not used by more than intended number of users/machines, in which case I will be revoking the key.
I know very well that there isnt a full proof anti-piracy solution, if microsoft windows activation can be cracked than anything can be.
I just want a decent enough anti-piracy solution with the requirements i mentioned above.
Providing ease to user is not my priority as user wont ever be required to install the application himself.
I am very much motivated by the anti piracy system used by the Kaspersky Internet Security.
Any suggestions to the desired Anti-Piracy System are most welcome.
Thanks in advance ...
推荐答案
在用户端对您的要求进行一些思考:
-您不是用户计算机的所有者,并且...
-用户可能想更改/修改/替换自己的计算机,而无需征求与他可能有联系的任何软件供应商的许可(它们可能是百分之一...)和...
-您将许可证卖给了用户"(签有合同),而不是他的计算机(那是一台机器,并且不是正当权利"的主体)
作为用户,我(至少在我的国家/地区)拥有复制任何数量的副本或我自己的个人用途"的完整权利.我需要授予的权限是,它只是我"(并且只是我的一个实例",或更一般而言,我的实例的数量"少于我拥有的许可数量)使用您的应用.我实际使用的计算机与您无关.
也就是说,您最好不要将许可证绑定到硬件或其一部分,而是要实现(某种)用户"(作为一个人)必须执行的(某种)登录"机制,从而允许该应用程序仅在用户的当代登录"数量不超过用户获得的许可证数量的情况下,该功能才起作用.在执行此操作时,还要考虑Internet的不可靠性"(您不能假装注销":计算机可能崩溃并重新启动,或者在您的应用关闭时网络可能不处于服务中"),因此也要实现过期并更新登录名,并允许一个宽限期":如果我有10个许可证,并且令牌续订过程为10分钟,请给我权利,将... 12个已记录的会话更改为5分钟的宽限期") .
如果您打算还将您的应用程序出售给公司,那么也可以考虑一种为公司提供许可证管理者"的方法:这可能是他们想要(在某些国家/地区,这是他们自己的合法权利)来管理自己的自己的内部用户,而无需提供您自己的内部凭据.毕竟,您只需要授予其号码",而不是个人身份".
Think a little bit about you requirement on the user side:
- you are not the owner of the user computer and ...
- the use may want to change / modify / replace his own computer without asking a permission to whatever software vendor he may have in touch with (they can be hundredths ...) and ...
- you sell you license to the "user" (who signed a contract) not to his computer (that''s just a machine, and it is not subject of "positive right")
As a user I have (at least in my country) the full right to make whatever number of copies or my own "personal use". What you are required to be granted by me is that it is just "me" (and "just one instance of me", or -more in general- a "number of instances of me" less than the number of licenses I own) using your app. The computer I''m actually using is not your business.
That said, you have probably better not to bind your license to an hardware or a piece of it, but to implement a (sort of) "login" mechanism the "user" (as a person) is required to do, allowing the application to work only if the number of "contemporary login" of a user stays into the number of licenses the user acquired. While doing that, consider also the "unreliability" of the Internet (you cannot "pretend a logoff": a machine can crash and be rebooted or the network may be "not in service" when your app is closed) so implement also an expiration and renew of the login, allowing a "grace period": if I have 10 licenses, and the token renewal proces is 10 minutes, give me the right to reach ... 12 logged session into a "grace period" of 5 minutes).
If you plan to sell your app also to companies, consider also a way to supply a "license manager" to the company as well: It could be they want (and in certain countries this is their own legal right) to manage themselves their own internal users, without giving you their own individual internal credentials. After all, you have to be granted only to their "number", not "personal identity".
这篇关于Linux上的产品激活的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
