Jump to content

Offline server authenticating method


Recommended Posts

Hello, fellas security people,

I would like to know the best way to authenticate offline software. We would like to sell our client our server software, but we want to ensure that this software would not be duplicated or used by non authorized  users.

We are thinking about usb authentication key, but I want to know how other people think about this problem.

Link to comment
Share on other sites

Most solutions like this will take a fingerprint of the installation then require an initial internet connection to sign that fingerprint. The app checks the fingerprint when starting up and fails if it doesn't match.

If you can't get that initial internet connection you give the user a text file with the fingerprint in it and they then have to get it onto the internet where they send it to you, you sign it and send back the hash, they input the hash and all is good to go.

You just have to be careful about what you fingerprint, too little and it can be cloned, too much and small tweaks to the machine break it.

You can also build expiry dates into this so the app expires but that relies on them having a working and up to date clock on the machine.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...