HP3000-L Archives

July 2002, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
PC licensing methodology (was: [Linux] mediacheck & RHL 7.3)
From:
Wirt Atmar <[log in to unmask]>
Reply To:
[log in to unmask][log in to unmask]
Date:
Mon, 15 Jul 2002 21:30:50 EDT
Content-Type:
text/plain
Parts/Attachments:
text/plain (174 lines) 
Regarding our plans to use a PC's NIC card MAC address as a HPSUSAN-number
like device, Greg wrote last Friday:

> If, like Microsoft's software licensing program, you plan to go easy on
>  this, this sounds like a pretty good idea. Off the top of my head, two
>  wrinkles come to mind.
>
>  Some NAT solutions also provide MAC address spoofing...
>
>  Which brings me to my second puzzlement. NICs are cheap, and come in many
>  forms. While I have no idea what AICS's next software offerings will look
>  like, I know what my toy network looks like, and it is a mess. I have a
>  couple of NICs in the family PC, only one of which is in use.

The MAC address-based licensing file will be created by the programs on the
PC, not by some remote server somewhere else, thus there will be no
possiblity of spoofing. Moreover, should the PC have multiple NIC cards in
it, we'll read through all of them to determine if any of them match.

There are two kinds of internet adapters on a PC, true hardware devices and
software "pseudo" adapters. In every PC I've ever examined, the true hardware
adapters MAC numbers begin with very low digits, almost always 00. The
software adapters, in contrast, seem to begin with either 44 or 45.

If anyone has any information on how the MAC addresses are assigned, I'd
appreciate hearing it. At this point, I don't even know who hands out MAC
numbers. IANA doesn't seem to concern itself with this aspect of the internet.

=================================

In that same regard, Jeff wrote:

> Gee, and look at the frenzy that the Pentium "serial number" or the
>  Microsoft "unique file identifier" caused not so long ago...

I'm well aware of the controversy. That's one reason I don't mind running the
methodology we've decided to adopt before you all now. If there's something
really obejctionable, it would be good to find it out now. Worse, we are
intending to store the MAC addresses of the registered machines along with
the user organization's name in a database in one of our HP3000s. This
information will be transmitted automatically by the programs to the HP3000
over the internet when the user registers the software.

For a complete description of the method, see below.

=================================

And John asked:

> And how much hassle will there be when the NIC (and MAC) changes?
>
>  John "who just finished replacing several NIC's and a router due to
>  lightning" Pearce

It should be virtually invisible, but the license for the various products
will ride with the NIC card, not the PC per se. Having lightning destroy all
of your NICs of course would be the worst possible scenario, but that's what
customer service is for.

=================================

THE LICENSING METHOD WE'VE CHOSEN TO EMPLOY:
(comments welcome)

The method of licensing we've chosen to employ was designed around these
concerns:

     o That it would provide an easy try-before-buy methodology, but one that
protects our interests as well in that it doesn't allow for easy mechanism to
invoke unlimited trials.

     o That it would be as easy for a corporation to purchase 5000 copies as
it is for an individual to purchase a single copy

     o That it would provide an easy, reliable, completely automated
mechanism of purchase, 24 hours a day, seven days a week.

     o That it would suppress the piracy of a legitimately purchased copy to
the greatest extent possible. The HPSUSAN number on MPE boxes has been very
successful in that regard. The MAC address on a PC's NIC card is the closest
similar number in a PC, absent a unique identifier in the CPU chip itself
(which as Jeff notes, was a contentious issue a few years back).

=================================

The mechanism works as follows: The trial user downloads a copy of the
software. When it is first run, the program will notice that there exists no
"license.txt" file resident in the executable's folder on the user's PC, thus
the copy must be a trial copy. It will then automatically telnet back to AICS
Research and transmit the PC's lowest slot NIC MAC address that exists for a
real (hardware) adapter. This MAC information will be stored in an HP3000
IMAGE database, along with a count of 1. At this point, that's all the
information we will have concerning the user.

Each time the user then reruns the trial version, the same procedure recurs.
The NIC MAC address is transmitted back to the AICS. If it already exists in
the database, as it would now, the count is incremented until the maximum
number of trials is exhausted. At that point the user would either have to
purchase the software or run through the trial limits on another PC (or
change out his NIC card).

If the user opts to register the software, a form will come up inside the
software itself (there is no need to resort to a web page). If the user
wishes to purchase the software on a credit card, he enters the number of
copies he wishes to purchase, the credit card number, and his email address.
All of this information is encrypted and transmitted to AICS, where this
material is not only automatically charged to his credit card, but also
stored in the database at AICS, along with the number of copies purchased.

If the organization wishes to purchase a fair number of copies and prefers to
arrange that purchase through a purchase order, basically the same process
occurs: a PO is sent by letter, by fax or by email, and the licensing
material is returned by email or by phone.

The licensing mechanism we're adopting is a "meal card" plan. If you purchase
one copy, a dozen or 5000 copies, you are sent a 10-letter number, something
like MSKFIESCSR, that you will use to license your copies of the software
internally. It will be your responsibility to safeguard the licensing number.

The next time the user runs an unlicensed version of the software, he will
have the opportunity to type in the licensing number. At that time, the
program will telnet back to AICS, transmit the licensing number and the MAC
address of the PC, deduct one from the count of copies purchased, and create
a license.txt file on the user's PC. From that point on, now due to the
presence of the license file, the PC will never again have to talk AICS.

There are some caveats to this. When a user purchases "one" copy, we will
actually multiply that number by 3, allowing him to place a copy of the
software on three PCs. We're doing this primarily to allow the user to
upgrade his machine (and thus change out the NIC card) two times, but he
could place the software on three different machines immediately if he wished
to do so.

All of these rules will be published, so if the user wanted to maintain his
licensed copies indefinitely, he could migrate his NIC cards, but as a
practical matter, I don't think most people will do that. Similarly, some NIC
card MAC addresses are changeable, thus some "leakage" (a polite word for
piracy) could occur, but so few cards allow this that we don't consider it a
great problem.

However, to the users' advantage, we are not planning on charging for
updates. Rather we intend on having the software publicly available, just as
we do now with QCTerm. The QCTerm distribution process has worked amazingly
well, distributing approx. 50,000 copies completely invisibly to our
day-to-day operations. Using the same model, users can continuously upgrade
to new copies without ever having to contact us.

Similarly, we're planning on offering student versions of some of the
software, where we'll only charge $10 for a year's usage. Under this
licensing agreement, a 10-letter licensing number will be issued, as above,
but every usage of the software will telnet back to AICS and check the
validity of the date.

Other than hacking into the AICS server, which will of course be an HP3000
running IMAGE, the user won't have any way to manipulate the dates himself or
forge a fake licensing file. On the other hand, doing licensing this way
means that we won't have to hide a licensing file anywhere on the users'
machine, trojan horse-like. And it will provide the user some protection. If
his hard drive should crash and he loses everything, with our products at
least, all he would have to do is download a new copy off of the web. The
first time that he runs the software, it would telnet back to AICS, at which
time the software would recognize that this machine was already licensed and
rebuild a new license.txt file on his PC, and he would be immediately back up
and running, without having to call customer support and explaining his
problem.

If anyone has any comments or complaints about this procedure, I would
appreciate hearing them.

Wirt Atmar

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2