This is a guide focused on how to create a secure usage based license module using the KoalaKey.
IMPORTANT! The secure keys used in this example must be changed for production when using this example for your licensing solution.
Example situations where this guide would be used:
- To limit the number of times a user can run a program
- Control which features of a program a user has access to
- Provide a method to issue updates remotely (and to prevent re-use of an update)
- To prevent a user from editing a remote update
Covered in this guide with examples is:
- Securely writing a set of values to the KoalaKey via the software protection module
- Reading a stored value
- Decrementing a stored value
- Reading and decrementing a stored value
- Providing a remote update method
To expand on the concepts used, only 2 values must be retained by you:
- A password of your own creation is used to prove that the file is authorized by you. This password is used as a cryptographic salt which is securely stored on the KoalaKey BEFORE distribution.
- A unique identifier for the customer or the KoalaKey’s ID.
Please modify the example as required or contact support (at) koalakey.com for help! These examples can be expanded on for much greater security, for example by using a dynamic password created by a pseudo random number generator.
The concepts used here:
- Applying one way hashing algorithm SHA1 which is a difficult to reverse hashing algorithm and is near impossible to reverse when applied twice with salt, especially when paired with incomplete output (this example loosely follows the algorithm behind HMAC based one time passwords (HOTP) for protecting the secret key and counter).