5

I will be selling a new product that will be managed by a web application on my own servers. The web application will allow to manage some devices.

I would like to limit the amount of managable devices to the number of licenses bought by the user.

My web app is currently allowing to manage all the devices with no quantity limitations.

I don't know where to start to implement the licensing (license key generation and checking) nor to limit the devices based on the license keys the user owns.

Any help would be more than welcome. Thank you in advance.

FYI: I am using jquery, php and mysql.

vpx
  • 380
  • 1
  • 5
  • 14
  • Until you can compile a module you won't be able to use anything that cannot be easily undone. If you are only using JavaScript and PHP then any routines that provide protection or limitation can easily be removed. – WilliamK Mar 29 '13 at 08:15
  • Even if I limit the mysql queries based on the amount of valid license keys linked to the user (value stored in MySQL)? – vpx Mar 29 '13 at 08:18

1 Answers1

8

I would implement several tables in database, as it is shown below:

There will be the following entities: User, License and Device

And these entities will be related to each other as it is shown above. Every license will contain information about qty of licensed devices.

When a device connects to your service your service recognizes it by its id, which is being sent by device upon the connection. Then you can check, is the device registered, and what license is related to this device.

Limitations on quantity of devices will be checked upon device registration.

When a user registers a device (adds information to tables: Devices and LicensedDevices), your code should check the quantity of already registered devices with this license against devicesQty field value in Licenses table.

And if devicesQty value allows to add more devices, then your code adds new device to the database.

UPDATE:

To control quantity of licensed devices you need to register these devices (for instance - using unique ids of these devices). Otherwise you cannot control quantity of devices which are using your service.

One device connects, works, disconnects, then another, then another and so on. How can you control quantity in this case? I think there is no way unless registering ids of these devices.

And if a user changes his device to a new one, then there should be a procedure to update information about a registered device.

If your customer uses only web-browser to use your services, then the only way to control license/devices is to bind userid+password+deviceId to a license. And check this information upon logging in to your web-service/web-servers.

If you are using a native application on mobile devices to connect to your web-service then there is more sophisticated way.

Implement license key generation/verification via asymetric encryption approach.

For each user generate public and private key. Then store private key in your database and do not show it to anyone.

Let say your public key is: ABC-123-456

Use Base64 algorithm to convert public key bytes to alphanumeric characters.

Then, upon selling a license generate an arbitrary unique license code.

Let say your license code is: XYZ-789-012

And provide end-users with public key and license code: ABC-123-456 and XYZ-789-012

User sets public key and license code to the custom mobile application settings. And this application encrypts all sending data with this public key. And license code is included to the data package before encrypting it.

When your server receives a data from a device, it finds appropriate user by deviceId, then it finds appropriate private key to decrypt the data package. And then it inspects this data package on correctness.

Cœur
  • 37,241
  • 25
  • 195
  • 267
  • Thanks for your answer, I forgot to mention that the user will not need to associate a device with a license.It is just the amount of devices that are managable that is important to us, so I thought about associating a maximum quantity with the userID. I think I could managed that in the database schema. But I wonder how to manage the license process (key generation, validation). – vpx Mar 29 '13 at 08:43
  • And if a user has bought several licenses, then you just use total qty sum based on sum of qty from all bought lisences. Am I right? –  Mar 29 '13 at 08:53
  • One more question - do your mobile devices use a custom native application to connect to your web-services? Or it is a browser based application? –  Mar 29 '13 at 09:11
  • I have updated my answer for both variants. When you are using browser based app or native app on mobile device. –  Mar 29 '13 at 09:22
  • The mobile devices will use a native app but at the moment, I use a responsive web based application to ensure compatibility with every browser/device – vpx Mar 29 '13 at 09:28
  • Thanks a lot, I'll try to implement that. – vpx Mar 29 '13 at 09:31