How to protect your application or a computer game from piracy and illegal sharing?
As you know, almost all programs protected using traditional approach are pirated and
can be freely downloaded via torrents.
Are you looking for the third-party COM or ActiveX grid control because the standard List View control does not have all the features you need?
Maybe you do not have additional time or resources to develop your own grid control?
The piracy and illegal content sharing is certainly one of the most serious problems on today's software market. PC games, office suits, business applications and even operating systems suffer from the piracy.
What are the options to protect your commercial or try-before-buy software application? We will not consider an option to go open source here. A common implementations of the software protection divide into the following groups:
Method 1. Only offline protection using a serial key with or without a third-party protector that provides the compression and encryption services, optionally the CD/DVD checking. Method 2. Includes Method 1. and an additional activation of the program through the internet or phone/fax using the locally generated hardware ID. Method 3. Includes a server-side activation, a user authorization and checking of the integrity of the client files; optionally includes an update services, and accumulates statistics and client logs.
Stand-alone Windows Application
This type of applications does not have a server-side functions at all or have a limited server-side part. The software vendors of these applications usually
use Method 1. and some of them use Method 2. The applications of this type does not require an internet connection and work offline most of the time.
Today there is no solution to efficiently protect such stand-alone programs. Any offline software protection system can be and certainly will be eliminated or bypassed and
your product will be uploaded to the torrent network in a few hours.
Server- or Web Application and Software-as-a-Service (SaaS)
This type of applications has only the server-side functionality with a minimal or without any client-side functions. Usually the user access the application using the web browser
and cannot copy and share the files of the application directly. This article does not cover the protection of a server-side applications.
Client-Server Application
The user can share and modify the client files, but have no access to the server files. This type of applications can be protected and we will show you how it can be implemented.
If you have a stand-alone Windows application, we can recommend you to consider the possibility to convert it to the protected Client-Server application.
What is the cost of such conversion? It depends on the size of a code base, the network programming skills of the team and the actual features of the application.
Is it possible to require an internet connection for your customers? If yes, then it is a good idea to implement some server-side logic to enforce the license restrictions and
control your digital rights.
Now we come to the Digital Rights Management systems (DRM). Make sure you are familiar with this concept by visiting a DRM page at Wikipedia.
An example of a really working DRM solution is the STEAM technology created by Valve. What to do if you are unable to distribute your software via STEAM? You need a solution anyway.
Let's see what is Bogemic DRM and what it can offer.
Our Concept of DRM
To protect your software efficiently we developed a DRM that is used already in our products. This technology is based on the following simple ideas:
1. To control the software, prevent the piracy and illegal sharing/usage, the client part of application should always contact the server-side part and download
some important information to continue its execution.
2. This information should be really critical for the client and it must be temporary, i.e. should not be saved to local files or anywhere else.
The information received from the server must be used only during the current session and dropped and ignored after the session is closed. Additionally, the information should be encrypted using the client-generated hash value and decrypted only before the use.
This scheme does not replaces or prohibits traditional offline protection software. They are good to prevent the analysis and modification of client-side files. Our approach creates a need of a server that controls the application and decides whether the client is allowed to run.
The restrictions of this concept
First of all you have to decide what type of information is critical for your application and move it to the server-side.
This critical part of the program should not be too large, otherwise the users with the slow network connection will suffer and it
should not be too small, because attackers can decrypt it. The ideal size varies from several hundreds of bytes to several kilobytes.
For example, the essential information for a computer game is some level data. This should be downloaded and decrypted each time the user
plays the level.
Our implementation - Bogemic DRM
full implementation of our DRM concept
an authorization and identification of the user using the hardware-based hash value
writing server access logs and statistics
the server-side part is implemented as a web-service using Apache, MySQL and PHP
an automatic update of the client files with the integrity verification
an ability to resume the download
an ability to download and display the banners
(optional component) provides serial keys generation and verifying
(optional component) provides license file generation and verifying
(optional component) controls a number of running instances with the same license on the local network
Bogemic DRM is available to the prospective clients for licensing, it can be adapted to the almost every type of project: generic Windows application or a PC game.
We offer also custom development services, consulting services including the details of migration from the Stand-alone application to the protected Client-Server architecture.
