NeuroAgent

How to Create a Software License Verification Server

Detailed guide on creating a server for software license verification. Overview of cloud platforms and specialized licensing services to protect your software.

#aktivatsiya-programm#bezopasnost-serverov#litsenzirovanie-po#oblachnye-platformy#python-zashchita#server-litsenzii#zashchita-programm
Question

How to create a server for program license verification?

I’m developing a program in Python with C++ elements and looking for ways to protect it from cracking. The protection method includes the following stages:

• Encryption of most program files using a password
• Activation through a one-time key:

  • User enters activation key in the program
  • Program sends key to server
  • Server creates encrypted permanent access key
  • Server sends this key back to the program
  • Program gets activated

• License verification on startup:

  • On restart, program sends encrypted file with permanent key to server
  • Server decrypts file and verifies key
  • If key is correct, server sends passwords for encrypted files
  • Program temporarily decrypts files (only during runtime)
  • After program closes, all decrypted files are deleted

• Additional protection methods (protection against file copying and running on other PCs)

Questions:

  1. What services allow creating a server for license verification with the above requirements?
  2. Are AWS, Azure, or Google Cloud suitable for this task, or are there specialized alternatives?
  3. What recommendations are there for improving my program protection method?
NeuroAgent

License Server for Software Verification

A license server for software verification can be created using cloud platforms (AWS, Azure, Google Cloud) or specialized licensing services such as SoftwareKey, LicenseSpring, Cryptolens, or FlexNet Licensing. These solutions ensure secure license verification and protect your software from unauthorized use.

Contents

Platform Selection for License Server

Both cloud platforms and specialized services are suitable for creating a license verification server. Each option has its advantages:

AWS (Amazon Web Services) provides reliable infrastructure for deploying license servers. You can use EC2 to run the server, S3 for storing keys, and DynamoDB for managing the license database. AWS regularly achieves third-party validation for thousands of global compliance requirements.

Azure (Microsoft) offers Defender for Cloud to protect cloud resources, including CSPM (Cloud Security Posture Management). The platform provides deep integration with Microsoft services and extends capabilities to other cloud platforms.

Google Cloud Platform (GCP) provides similar capabilities with Google Cloud Armor for DDoS protection and various security tools.

All three platforms ensure data encryption in transit, compliance with industry standards, and protection against DDoS attacks, making them suitable for license servers.

Specialized Licensing Services

Several specialized services exist for creating license verification servers that significantly simplify implementation of your requirements:

SoftwareKey offers a solution with three-step license validation:

  • Fail Silent during initial validation period
  • Systematic communication with central license server
  • Dynamic management of validation intervals using SOLO Server

LicenseSpring provides:

  • Configuration of license periods with start and end dates
  • License binding to devices or instances
  • Floating licenses for managing concurrent usage
  • Centralized management of license policy

Cryptolens is a “licensing as a service” provider that helps developers license and protect their software products. The service provides secure asymmetric license keys.

FlexNet Licensing from Revenera is a dynamic licensing service that allows monetizing and protecting SaaS, on-premise, air-gapped, and hybrid deployments. The system supports dongles for additional security.

Agilis Software offers Nephele - a cloud-based subscription solution for startups and small businesses, and Orion - a network licensing platform that can simultaneously function as an activation server, floating license server, and asset tracking server.

Technical Implementation on AWS, Azure and Google Cloud

AWS Implementation

To implement your protection method on AWS, you will need:

  1. EC2 instance for running the license verification server
  2. S3 bucket for storing encrypted key files
  3. DynamoDB table for managing the activated licenses database
  4. Lambda functions for automatic processing of activation requests
  5. API Gateway for secure access to the license server

Example Python code for the backend:

python
from flask import Flask, request, jsonify
import boto3
import hashlib
import cryptography.fernet

app = Flask(__name__)

@app.route('/activate', methods=['POST'])
def activate_license():
    activation_key = request.json['activation_key']
    # Validate the key
    if validate_activation_key(activation_key):
        # Generate permanent key
        permanent_key = generate_permanent_key()
        # Encrypt the key
        encrypted_key = encrypt_key(permanent_key)
        # Save to database
        save_to_database(activation_key, permanent_key)
        return jsonify({'status': 'success', 'key': encrypted_key})
    return jsonify({'status': 'error'})

@app.route('/verify', methods=['POST'])
def verify_license():
    encrypted_file = request.json['encrypted_file']
    # Decrypt file with key
    key_data = decrypt_key(encrypted_file)
    # Verify the key
    if verify_key(key_data):
        # Send passwords for file decryption
        return jsonify({'status': 'success', 'passwords': get_passwords()})
    return jsonify({'status': 'error'})

Azure Implementation

On Azure, you can use:

  1. Azure Functions for serverless architecture
  2. Azure Key Vault for secure key storage
  3. Azure SQL Database for license management
  4. Azure Active Directory for authentication
  5. Defender for Cloud for threat protection

Google Cloud Implementation

For GCP, it’s optimal to use:

  1. Cloud Functions for request processing
  2. Cloud Storage for key storage
  3. Firestore for license database
  4. Cloud IAM for access management
  5. Cloud Armor for DDoS protection

All three clouds support data encryption at rest and in transit, which is critical for license server security.

Improving Program Protection

Enhancing Cryptographic Protection

Your current protection method can be significantly improved:

  1. Use asymmetric cryptography instead of passwords. Instead of symmetric encryption, use key pairs (public and private). This will:

    • Simplify key management
    • Increase security
    • Provide server authentication

  2. Dynamic encryption - use different encryption keys each time the program starts, generated based on a permanent key and a temporary value.

  3. Code obfuscation - use tools like PyArmor or Obfuscator-LLVM to protect your code from decompilation.

Protection Against Copying and Running on Other PCs

To protect against file copying and running on other PCs, it’s recommended to:

  1. Hardware license binding - bind the license to a unique hardware identifier (motherboard, CPU, disks). This can be implemented through:

    • Reading component serial numbers
    • Physical dongle keys
    • Digital hardware signatures

  2. Regular license validation - the program should periodically validate the license, not just at startup, which will hinder the use of “cracked” versions.

  3. Network binding - limit license usage to a specific number of IP addresses or within a specific network.

  4. Obfuscation of cryptographic operations - hiding cryptographic algorithms and keys in the code.

Security and Compliance

Compliance Costs

When using cloud platforms, it’s important to consider compliance requirements:

  • Microsoft BYOL (Bring Your Own License) allows transferring existing licenses to other cloud providers, but doesn’t support Azure, Amazon, Alibaba, and Google
  • Windows Server doesn’t have License Mobility through Software Assurance rights for some providers
  • Flexible Virtualisation Benefit allows reducing costs by transferring existing subscriptions

Secure Validation Methods

According to SoftwareKey research, effective protection includes:

  1. Three-step validation system with increasing urgency messages
  2. Fail Silent mode during initial validation period
  3. Dynamic validation interval management from a central server

Protection Against Security Threats

To protect the license server from various threats:

  1. Use Web Application Firewall (WAF) to protect against SQL injections and other web attacks
  2. Rate limiting to prevent brute-force attacks
  3. JWT token authentication instead of simple API keys
  4. Anomaly monitoring to detect suspicious activity
  5. Backup of configurations and keys

Practical Recommendations

Optimal License Server Architecture

  1. Microservices architecture - separating functionality into individual services:

    • Activation service
    • Validation service
    • Key management service
    • Monitoring service

  2. Scalability - using automatic scaling to handle peak loads

  3. Geographical distribution - deploying servers in different regions to reduce latency

Implementation Steps

  1. Start with Proof of Concept - test the architecture with a small number of users
  2. Use a licensing service - start with a ready-made solution like SoftwareKey or LicenseSpring
  3. Gradually transition to your own infrastructure - as the user base grows
  4. Automate security tests - regular vulnerability testing
  5. Implement monitoring - tracking all requests to the license server

Budget Alternatives

For developers with limited budgets:

  1. Open source solutions - Open License Manager or CryptoLens
  2. Free tiers of cloud services - AWS Free Tier, Azure Free Account, Google Cloud Free Tier
  3. Hybrid model - combination of cloud and on-premises components

Recommendations for Improving Current Method

  1. Add multi-factor authentication for the license server
  2. Implement a reporting system for license usage
  3. Add automatic license renewal
  4. Implement a grant system for temporary licenses
  5. Create an API for integration with other systems

Sources

  1. Microsoft Licensing Implications for Cloud Migration (Azure, AWS, GCP)
  2. SoftwareKey - 3 Steps to Validate Software Licensing
  3. LicenseSpring | Secure & Flexible Software Licensing Solutions
  4. Cryptolens - Software Licensing Made Effortless
  5. FlexNet Licensing - Software Licensing Service
  6. Software Protection Service - SoftwareKey.com
  7. Microsoft Defender for Cloud Overview
  8. Comparing cloud provider security: AWS vs Microsoft Azure vs Google Cloud
  9. Cloud Compliance - Amazon Web Services
  10. Software License Server | Flexible & Secure | Agilis Software

Conclusion

Creating a license server for software verification is a complex task that requires attention to security, scalability, and usability.

Key takeaways:

  • Cloud platforms (AWS, Azure, Google Cloud) are suitable for implementing license servers and provide a high level of security
  • Specialized licensing services significantly simplify the process and offer ready-made solutions
  • The current protection method can be improved through asymmetric cryptography, hardware binding, and regular validation
  • It’s important to implement multi-factor authentication, monitoring, and automated security testing

Recommended actions:

  1. Start by assessing project requirements and budget
  2. Choose an appropriate cloud platform or specialized service
  3. Implement a license system prototype
  4. Gradually add additional protection features
  5. Regularly update and test the security system

Investments in a reliable licensing system pay off by protecting intellectual property and increasing software sales revenue.

How to implement hardware license binding to the user's computer?What code obfuscation methods exist for Python programs?How to set up regular license verification in an already running program?What open-source solutions exist for license management?How to protect the license verification server from DDoS attacks?How to integrate the licensing system with an existing user database?
Ask NeuroAgent