* The Business of Software

A community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

This community works best when people use their real names. Please register for a free account.

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Best way to implement software registration

What is the best way to setup software registration for my new product? I'm selling to large companies if this helps, this is my first product and I'm new to registration schemes. There seems little on the web so I'd appreciate any help /advice you can offer.

Thanks
James T
Friday, February 15, 2008
 
 
Do you really need this?

If you are selling to large companies, I would suggest that you don't need anything like this and it'll just get in the way and potentially annoy them.

Of course, ymmv.
Odysseus Send private email
Friday, February 15, 2008
 
 
Odysseus,

Yes he really does need something, piracy does exist in businesses and if he doesn't protect his software he will loose most of his revenue (I have tested this for a B2B product).
Tony Edgecombe Send private email
Friday, February 15, 2008
 
 
For my source code documentor products, I made a trial version for download which has limited reporting options.

The full version the customer gets by going to my site and entering their registration code.

RegNow sends the customer their registration code in an email. Periodically, I upload new registration codes to RegNow (I built a little app to make new ones).

Registration codes expire after 18 months, but if they enter an expired one they get the option to upgrade.

This is a nice system because if registration codes get stolen I know which customer they came from. As they expire stolen ones will also cease to be of use at some point.

Incidentally, many businesses are very hot on software licensing, and will have asset management software to keep track of what they have licenses for and/or software to snoop the network and look for unlicensed software.

Finally when selling to business, consider offering multiple licenses for several users and/or site license options.
Dr GUID Send private email
Friday, February 15, 2008
 
 
You want to stop the casual sharing of registration keys i.e. the company buys 1 registration key and gives it to 10 users, despite only paying for 1 copy.

I issued 1 or 2 keys to companies and then the next day I get an email asking why they can't use that key for 20 different companies. Granted these are the exception rather than the rule.

1) Start off simple. Get the username and/or machine name and/or hard disk serial number from the computer, encrypt or hash it. Get the end user to email you this encrypted code and send back a registration key that matches. This is fast to implement and you will end up with a key that can only be used on 1 computer. Disadvantages: A small number of customers will complain.

2) Give them a key that only works for 1 or 2 years. When you product is mature at least these intial keys you give out won't come back to haunt you.

3) Check for clock tampering i.e. the user putting his system clock back for a while so he/she can use your software. Check the dates of system files, check a date from an Internet server. It is even easy enough to write a bit of PHP or Perl and roll your own INternet time server.

4) The best scheme is Internet activation, but it does require some server side code.
The client application sends the unique key to a server. The server checks how many times this key has been used. The server then tells the client application whether it can be used or not. The client application records this information somewhere. You may wish to build this on top of (1) i.e. the server sends back an encrypted machine name or hard disk serial number that only matches 1 computer.

I recently found my Google Adwords Adverts on a crack site i.e. if someone searched for a crack on my software product I would end up paying the crackers, with Google getting a cut of the action.

If your software product ever becomes popular, the Google clowns and their cracker friends will come for a cut of the action!

Well! At least come up with a system that you can control. There always will be the odd business that will try to rip you off. THe most important thing is to prevent 1 registration key being used by 20 different people.
MicroISV
Friday, February 15, 2008
 
 
Sorry, I meant to say:


I've issued 1 or 2 keys to companies and then the next day I get an email asking why they can't use that key for 20 different _computers_.
MicroISV
Friday, February 15, 2008
 
 
For large companies (in the US) I'd keep it simple:

(i) Stay away from registration keys
(ii) Offer a sweet volume pricing curve
(ii) Cut a custom binary with a unique identifier per company
(iv) Have each user registe' online, via the app, on first use - just name & company name.

People may enter 'Wile E. Coyote' for name and 'ACME Kits' for company name, but you get to know how many users per company.
Road Runner
Friday, February 15, 2008
 
 
If a company does not want either individual registration keys or 1 bulk registration key for multiple users (i.e. 1 key can be used 50 times), you should sell them a site licence and make the site license expensive enough so that little jokers can't afford it and you cover the costs of a little bit of unauthorised use.

Also you may want to time limit the software you give them in some way i.e. sell them a site licence for 3 years and time-limit the software for 3 years.

It only takes one joker in a company for you to lose money.
MicroISV
Friday, February 15, 2008
 
 
@Tony:

James said he was selling into large companies, and although there may be some cases of piracy, this should be rare, and is just a fact of life. I was also referring to the amount of stress that such a scheme may involve, for the O/P and the customer.

I am against software piracy, and agree that it is necessary to mitigate the risks, but I also know from personal experience that some software is not friendly, and can cause to many problems that it gets abandoned.

Firms like Microsoft can get away with activation, etc, but that is only because they sell what we want (Office, etc). I don't think it is worthwhile putting too many barriers to entry in front of new and potential clients.

As always, ymmv.
Odysseus Send private email
Friday, February 15, 2008
 
 
For volume licenses, I chose a licensing scheme that checks for a registration file in the application folder. If it finds one, then it will self-register.

This allows me to create special builds for site licenses that include the registration file in the setup. Since my build is automated, it only takes a few minutes to create.

I post the custom setup online and send them a link. When the file has been downloaded by the customer, I remove it from the server.
Private EyeSV
Friday, February 15, 2008
 
 
"Registration codes expire after 18 months, but if they enter an expired one they get the option to upgrade."

I can't stand registration schemes like that and if I see one, it will severely limit my desire for the product. If I buy something I want to "own" it and I don't want my "ownership" of it to depend on you staying in business, or to have to cough up money for it next time I upgrade my computer.
Allen David
Friday, February 15, 2008
 
 
@Allen David:
Yeah that is the kind of thing I was on about. I believe that these schemes can often count against ISVs by making it harder for legitimate customers to own software.
Odysseus Send private email
Friday, February 15, 2008
 
 
I make a point of never buying software that requires information such as a hard drive serial number before generating a license key. Why should I have to contact you every time I upgrade to a new machine? I already bought and paid for MY license. How do I know that you and your business will even be around in 12 months? And what happens when my hard drive dies late on a Friday evening, when I have a crucial deadline to meet on Monday morning, and everyone in your company has gone home for the weekend?

This is the very first thing I check for before buying software.
B.K. Send private email
Friday, February 15, 2008
 
 
>> This is the very first thing I check for before buying software. <<

You may care deeply about this. But I can tell you from long experience, medium-to-large companies don't give a toss.
Mark Pearce Send private email
Saturday, February 16, 2008
 
 
Think about your licensing model first. Do you really need to require registration of every copy? Or would it be easier to just sell them a blanket license?

With AIS Parser SDK the choice was pretty easy -- since I am selling source there is no way to control licensing of it. So I have 2 prices -- Single Project and Unlimited Projects. The big companies tend to buy the unlimited license and small shops buy the single license. I'm happy and they're happy.

For a binary distribution of an app I would probably include some kind of trial with registration key -- but the key will be portable and not expire. I have frequently run into problems when moving to a new computer system and trying to get all my tools re-licensed. I don't want to make my customers go through that hassle.
bcl Send private email
Saturday, February 16, 2008
 
 
Mark is correct, in fact many of my customers assume I use an activation scheme even though I don't.
Tony Edgecombe Send private email
Sunday, February 17, 2008
 
 
This is blatant self promotion:

http://www.lazarusid.com/registration.shtml

It does, however, work.  This library exists to take the burden of writing the registration checking off of you.  You still have complete freedom to implement the interface however you would like.  I ship it as a plugin to the NSIS installer that will require a valid serial and registration key, but that's not the only way to use it.  You could make it load a file from the disk (sounds like the ideal solution for your situation), or input the information via a dialog in your app.
Clay Dowling Send private email
Wednesday, February 20, 2008
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz