Sharis Posted September 6, 2018 Share Posted September 6, 2018 Hello, fellas security people, I would like to know the best way to authenticate offline software. We would like to sell our client our server software, but we want to ensure that this software would not be duplicated or used by non authorized users. We are thinking about usb authentication key, but I want to know how other people think about this problem. Quote Link to comment Share on other sites More sharing options...
digininja Posted September 6, 2018 Share Posted September 6, 2018 Most solutions like this will take a fingerprint of the installation then require an initial internet connection to sign that fingerprint. The app checks the fingerprint when starting up and fails if it doesn't match. If you can't get that initial internet connection you give the user a text file with the fingerprint in it and they then have to get it onto the internet where they send it to you, you sign it and send back the hash, they input the hash and all is good to go. You just have to be careful about what you fingerprint, too little and it can be cloned, too much and small tweaks to the machine break it. You can also build expiry dates into this so the app expires but that relies on them having a working and up to date clock on the machine. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.