529,822 active members*
1,487 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

Enforcing blacklisted licenses

September 2020
29
med_wibu-systems
Author: med_wibu-systems
Company: WIBU-SYSTEMS AG
Enforcing blacklisted licenses

It doesn’t happen often, but it is possible that license containers can be lost, stolen or broken, and when it does occur, the ISV is faced with a dilemma: how to reactivate the license quickly to foster good will with the customer while protecting revenue from malicious actors. In these cases, blacklisting is a technique that can help address the dilemma. Blacklisting has been a feature of CodeMeter since the very early days.

This post will discuss the following points about blacklisting:

  • What is software license blacklisting?
  • Why would you blacklist?
  • Who maintains the blacklist?
  • How to enforce blacklisted licenses.  

What is blacklisting?

In general, a blacklist contains a list of untrustworthy items that should be avoided. In the CodeMeter world, when we talk about blacklisting licenses, we are really talking about blacklisting CodeMeter “containers”. Such a blacklist of CodeMeter containers would include a list of their serial numbers. Any licenses found in blacklisted containers would be removed and/or the containers themselves would be locked.

Why blacklist a CodeMeter container?

Licenses (containers) should appear on a blacklist whenever a customer reports a lost, stolen or broken container. The classic example (probably a Wibu-Systems urban legend) is “my dog ate my dongle”. In such a case the ISV must make a business decision. What to do when a license container is reported lost or stolen? Do you trust the customer explicitly 100% of the time and simply replace the license (container) for free? Or, do you make the end-user pay the full price for another license? One option for those ISVs who use CodeMeter is to provide a free replacement license, but to also add the lost container’s serial number to a blacklist so that the license cannot be used by either the container thief or the unscrupulous end user. If you no longer support lost, stolen or counterfeit licenses, your support costs will not push up the price of your software. And in a way, by employing blacklisting, you are rewarding your honest users.

Who maintains the blacklist?



You maintain the blacklist in your own instance of CodeMeter License Central (CmLC).

Select the “Manage Blacklist” menu option in CmLC.

From the manage blacklist page, you can add, search, and remove CmContainers as you see fit.

 

More detailed instructions concerning maintaining blacklists can be found in Section 15.3 of the CodeMeter License Central Manual.

Enforcing Blacklisted Items

Licenses may be withdrawn or deactivated in blacklisted containers as described above and the container can be locked (prevented from being used again for any purpose) whenever the container checks or activates to your CmLC.

Alternatives

But what about the container that never connects to the Internet? Does the end-user get to use such a license forever? If you have a popular application, then there is a likelihood that bad actors will try to use “lost” licenses (containers) without making payment.

Fortunately, CodeMeter is equipped to handle these offline situations. Checkpoint licenses are one way of handling it, but there are many more possibilities.

For example, the ticket used to activate the original license can be stored within a file, registry or even into a protected data field inside the CmContainer. Then at set intervals, this ticket is sent to CmLC via the CmLC Gateway API and allows the local license state to be updated. This is similar to the subscription handling that can be performed when a ticket is presented to CmLC. CmLC looks at the actions of the ticket (which licenses need to be activated, which licenses need to be withdrawn, which licenses need to be replaced), then applies these actions. The action to renew would follow the replacement action, where the license state is checked to see if the ‘subscription license’ needs to be activated. This allows that even though the original license is a perpetual license, it must continually call home to renew the license. The license is renewed automatically and transparently… unless the container has become blacklisted. You can control how often the “phone home” command takes place.

Another possibility (with optional aid from Wibu-Systems Professional Services) is when the customer authenticates with their Customer ID; then CmLC Gateway can perform a look up of their order/ticket history, performs the same workflow as above (confirm license state, apply replacement/new license). Again, as long as CmLC Gateway transmits something from the customer like the Customer ID or Ticket, then CmLC can be queried as to which licenses belong and whether the license needs to be deactivated.

Another use case, is that the application, upon detection of Internet access, performs a call home to check the license state. We have an excellent webinar on how to handle lost licenses here.

Summary

In the real-world, licenses can break. In the case of CmDongle containers, this situation is very rare since the MTBF (Mean Time Between Failures) is measured in millions of hours. In the case of CmActLicense containers, files can become corrupted, but since our license files have redundant copies hidden in various places, this also has become rare. But things do get lost and sometimes modern PCs do need to be reformatted to get rid of viruses, etc. When that happens, Wibu-Systems recommends, as a best practice, to go ahead and trust your users and replace licenses… but also blacklist the original container.

 
0 comments

Blog Archiv

October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016