A
A
Alexey Matal2019-03-29 18:11:03
Information Security
Alexey Matal, 2019-03-29 18:11:03

What are the modern methods of software protection?

Good afternoon!
There is a rather large and old project, it includes a large number of applications (15-20).
Now it has a function to protect it from unauthorized use via a USB token.
The method of distribution of such software is that the user buys a license (essentially offline), downloads the version "sharpened" for him, and receives the token by mail.
A pair of keys (or something similar) is "sewn" into the program code when the distribution kit is formed.
It works and is debugged (but the methods of "sewing" and protecting are very outdated, by modern standards the software is very old)
Now we are forming a project to update this software or some applications, we want to install modern protection.
In this regard, questions:

  • what modern methods, means and methods of software protection are currently on the market?
  • Are there any ways and technologies that allow not to work with physical USB keys? (users often lose them, while the life cycle of the software does not end)
  • interested in the theoretical and practical side of the issue (which libraries)
  • preferably open source and cross-platform solutions

I would appreciate any comments!
ps distribution by subscription is not yet considered

Answer the question

In order to leave comments, you need to log in

3 answer(s)
D
dollar, 2019-03-29
@johnliv

The most modern method is network activation. The thing is, it's convenient. That is, if you have unique software, and it has no analogues, then you can mock the user as you like. But if buying from competitors is easier, then you will simply lose customers.
In particular, a fairly reliable method of protection when the application can only work online. It connects to your server, which does not allow you to run other copies of the software with the same key. Of the minuses - you need to keep your server and clearly monitor its work. Of the benefits - the user gets the flexibility in terms of transferring software to other machines. This approach changes the payment accordingly - the service becomes a subscription, and the software is rented out.
Well, if users do not have the Internet, then take not modern methods, but proven old ones. But in today's world, this is almost impossible. So, at a minimum, the user must be able to pass a one-time online activation. Accordingly, the approach here is about the same - the user must have a personal account associated with the purchased software. In this LC, he manages his keys. In particular, he can untie his keys from old (possibly lost) hardware. But here is the problem - if the software cannot check its status over the network, then it will not know that a decoupling has occurred. Therefore, from time to time the software must still knock on the Internet. Then the subtleties begin, how often, where to store it and encrypt it more reliably, how to determine the current time, etc.
And if the application is simple, which competitors can blind in a month, then it is important here, I apologize, not to protect the application at all. It will probably be stolen if it is good, but it only benefits, advertising, and more people will buy it. Again, depending on what the prices are, but for a simple application, the price should be a penny, and the main emphasis on mass sales, coupled with a microscopic cost.

A
Alexander, 2019-03-29
@NeiroNx

I think you need to maintain a user base and online activation - when changing hardware or a new installation. The software is tied to the hardware, and then reactivated - through the site or "by phone". At the time of reactivation, the legality of use is checked. Plus constant online updates.

C
CityCat4, 2019-04-01
@CityCat4

You need to start with how popular and expensive this application is. It doesn’t make sense to protect a particularly specialized, narrowly professional at all - it only needs a small group, the chances that in this group there will be a lone fan who will be hacked just for fun, of course, there are, but very low. For example, find me a keygen for the NAKIVO Backup & Replication program :)
If the application is popular and relatively expensive, it will still be broken, no matter what protection you put on it. From whatever she came up with and as soon as she didn’t distort - they broke, they break and they will break. Actually, that's why they began to fight with administrative methods.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question