What modern methods of software protection?

Good day!

There are quite a large and old project includes a large number of applications (15-20).

Now it has a function of protection from unauthorized usage via a USB token.
Method of distribution of such user buys a license (essentially offline), shakes "the ground" for his version, and the token gets in the mail.
A pair of keys (or something similar) is "sewn up" in program code when forming the distribution.
It works and is debugged (but methods of "sealing" and protecting outdated by modern standards soft well very old)

Now formed a project to upgrade this software or some apps want to create a modern protection.

In this connection questions:
  • what modern methods, means and ways of protection of the software is now working in the market?
  • are there ways to and technology allowing to work with physical USB keys? (users often lose them, while the life cycle of software does not end)
  • interested in the theoretical and practical side of the issue (which libraries)
  • preferably open source and cross-platform solutions


I would appreciate any comments!

ps the distribution of the subscription is not considered
March 19th 20 at 09:13
3 answers
March 19th 20 at 09:15
Solution
The most modern method is the activation of the network. The fact that it is convenient. That is, if you have unique software and it is not unique, you can mock the user like you want. But if buying the competition is easier, you will just lose customers.

In particular, a fairly reliable method of protection when the job application is only possible online. It realizes the connection to your server, which allows you to run other copies of the software with the same key. Of the minuses - it is necessary to keep your server and clearly see his work. Of the benefits - the user gets the flexibility to transfer the software to other machines. This approach changes accordingly and the payment service becomes a subscription and the software is rented.

Well, if users have no Internet, then don't take modern methods and old. But in today's world it is almost impossible. So, at least, a one-time online activation, the user must be able to pass. Accordingly, the approach is roughly the same - the user must be a personal account associated with the purchased software. This LK it manages your keys. In particular, it can detach your keys from the old (possibly lost) iron. But here's the problem - if the software cannot check your status on the network, he won't find out about what happened dissociating. So from time to time, software still needs to knock at the Internet. Here then begins the intricacies of how often, where to store and encrypt more reliable, how to determine the current time, etc. For simplicity we can forget about this and force users to be online at least pure to run the application.

But if the application is simple, which competitors can dazzle for a month, it is important, sorry, not to defend the application at all. It certainly spiratyat, if it is good, but it just goes to benefit, advertising, and more will buy. Again, despite what the price, but for a simple application the price must be cheap, and focus on mass sales, coupled with a microscopic cost.
March 19th 20 at 09:17
I think you need to user base and online activation when a new iron or a new installation. The software is tied to the hardware, and then preactivities through the website or "on the phone". At the time of the reactivated checks the legality of the use. Plus constant online updates.
How to bind activation to hardware? What parameter and what drives to use? - helen71 commented on March 19th 20 at 09:20
@jeff.Schaden, @Felix_Erdman
Of course, we offered the option of online activation, subscription, personal account (and without it, a service activation), we firmly understand that this is mainstream in all aspects, both in security and convenience; but the customer firmly insists on maintaining the old order of activation.

Decided to go meet him. To start, simply find out what is on the market similar to this archaic mechanism.

ps but like anything sensible :) - helen71 commented on March 19th 20 at 09:23
@helen71,
What parameter and what drives to use?

the serial number of the motherboard and screw, or their sum - billy.Daugherty commented on March 19th 20 at 09:26
@billy.Daugherty, thank you very much! - helen71 commented on March 19th 20 at 09:29
@helen71, but actually I didn't do anything, it is these "details" are used for activation even in the standard "installers". - billy.Daugherty commented on March 19th 20 at 09:32
March 19th 20 at 09:19
To begin with how much this app is popular and expensive. Particularly specialized single-discipline do not make sense very much to protect - it is necessary only to a small group, the chances that this group will find the fan alone, which will sagacity just for fun, of course, but very low. For example, find me a keygen program for NAKIVO Backup & Replication :)
If the app is popular and relatively expensive - it will still break, no matter what protection You did not hang. 1C what did not come up with as soon as are not perverted - broke, broke and will break. In fact, so began to fight administrative methods.

Find more questions by tags SoftwareDesigning softwareInformation security