I am trying to create a subscription based licensing system, where if you buy a software for 1 year 1 user, you can use it only for a year in the machine you used to activate the software, after which you will have to renew your license key. This is pretty basic but implementing the same of your own is a total different scenario.
So let me discuss what I did so far: (Code not included let me know if you want me to paste them)
First I have a hosted MySQL DB, in which I have a database which stores all the license related information (Products , serial_keys, Plans etc.)
So, when you start the software for a the first time it checks for a few values in the registry (multiple locations) , if not found it shall ask you for a serial key.
Once you have entered the serial key, the software shall connect to the DB and validate your key and compute the following
- Validate the serial key
- Compute a Unique machine ID – Fetch BIOS_SL , MB_SL , HDD_SL , add them into one string and MD5 it.
- Compute License Validity – Get Internet Current time , Increment the year with the plan duration
- Store the following information in the registry (Multiple Locations) – license_id , machine_id, valid_till, activation_date, last_updated & license_status
A few Logical steps skipped here like if the license is already activated, check and match the registered machine_id
So the software is registered. Now, I every time the software starts it will again look for those values in the registry and make a decision based on it, here is where I am stuck and need your expert advice.
- Software starts
- Checks Registry values
- Generates machine_id and matches it with the one stored
- Reads valid_till value (expiry date) and matches it with the current time.
Considering that the user has no internet and used it for one time activation or his internet plan expired, How can I make a legitimate check for the date? Can’t use system time they are very much vulnerable.
At this moment I think of creating a service which will have a call back function to act whenever the user tries to change the system date. But this is tedious and I suppose not the best solution.
Or Record the system time at boot and depend on that, but then the user can change it via BIOS even before the system boots.
Sorry for such a long question, but had to explain the entire scenario.
In a nutshell, user doesn’t have internet connection how to maintain or fetch a legitimate source for date/time calls?