Blog on Software Licensing, Commercialization, and Revenue Optimization

Licensing software to customers with thousands of employees (B2B)

In this post, we would like to share several new tools and practical tips that are tailored to those of you that sell to larger companies. We will cover the common issues such as management of large number of activations, offline access and reporting.

Recommended approach

When selling to larger companies, we recommend to issue one license key per client and keep track of the employees using activations. For those familiar with Flexera terminology, an activation is the same as a seat. There are two ways to restrict the number of active employees that you can your software:

  • Node-locked: in the node-locked model, once a device is activated, it needs to be manually deactivated if the customer wants to use that seat on a different machine.
  • Floating license: in this model, unused devices will automatically be deactivated when not in use, allowing your customers to install your application on any number of machines and use it concurrently on a limited number machines.

If you want to have different number of seats per feature, our recommendation is to issue a separate license per feature.

Managing activations

Typically, it’s more convenient to issue one license key per company and then restrict the number of end users (aka. machine codes/seats) to the number of workstations that will run the application. However, it can quickly become hard to manage all the end users, especially when employees leave and your customers want to free up unused seats.

To solve this problem, we have introduced the concept of “friendly name” and improved the license portal to allow your customers to query on it.

A friendly name is a way to add a human-readable name to each activated device, so that it is possible to tell which user it belongs to. Normally, machine codes are an unreadable string, and look similar to “9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08“. To make it easier to distinguish between these, you can add an optional paramater FriendlyName when activating/verifying a device. For example, if you have integrated our key verification script, you can add the friendly name as shown below:

var result = Key.Activate(token: auth, parameters: new ActivateModel()
{
    Key = licenseKey,
    ProductId = 3349,
    Sign = true,
    MachineCode = Helpers.GetMachineCode(),
    FriendlyName = Environment.MachineName
});

Our recommendation is to use Environment.MachineName as the friendly name, since if your customers use Active Directory, they will be able to see it in the admin dashboard:

To make it easier for your customers to find unused devices and deactivate them, we have added new tools in the customer portal and a new permission to deactivate devices in the customer object. There’s also a new sign up link that you can use to allow your customers to sign up with deactivation permission.

Once they are logged in, they can click on the “manage licenses” tab, and they will see a pag similar to the one below:

Here they can either manage all the activations/used seats and remove unused ones. For example, to find all my activations, the admin could click on “manage activations globally” and search for “artem(at)cryptolens.io”:

Offline access

Oftentimes, larger companies have strict constraints on internet connectivity. They may want to have their devices completely offline or without direct internet access. When your customer puts forward this constraint, our recommendation is to offer them to use our license server as a first step, which tends to be accepted in most cases. The idea behind the license server is to act as a reverse proxy, in other words, it allows devices on your customers’ network to communicate with Cryptolens through the license server, without the need of having a direct internet access by themselves. As a result, only the license server needs to be able to access the internet. Furthermore, your customers can restrict the internet access of the license server to only be able to access Cryptolens. Instead of having to do that for all their devices, they can focus on protecting one workstation running the license server. The license server is freely available on GitHub.

If your customers want to have their devices completely offline, you can use the idea of offline activation, by delivering the license file using eg. a USB stick. In simple terms: normally, when you call Key.Activate to verify a license key, you receive a signed JSON response that our client libraries convert into a language-specific object. For example, in .NET, it’s the LicenseKey object. Once you have this object you can check the status of the license, eg. features and expiration date. For devices that do not have the ability to call Key.Activate, you can instead send them the result from this method as a license file. The easiest way to enable your customers to receive these files on their own is by using our Activation Forms. Once they have provided the license key and machine code, a license file will be downloaded, which they can put on a USB stick, which is then used to activate the offline device. Under the hood, an activation form will call Key.Activate; in other words, if you want to control the user experience, you can create your own page that performs this call. Alternatively, you can manually create this file in the dashboard, by clicking on the yellow button next to the license key.

Reporting tools

Another important feature that your customers can request is to have access to audit logs. For example, if the use the floating license model, they might want to know how many seats are used at any one time so that they can scale it up or down. We are actively working on improving the customer portal to allow your customers to analyse their usage. At the time of writing, we have created standalone scripts on GitHub that you can use to generate several common reports. If you need to generate a specific report, please let us know and we will add example code.

Introducing reseller portal for software licensing

Since the end of last year, we have made the reseller portal generally available for all users. We would like to thank all our beta customers for their feedback during the development process.

Idea

The goal behind the reseller portal is to allow you to delegate license issuance rights to other users. This can be your resellers/distributors, IT-admins of your customers or your employees. In other words, “reseller” can be any user that should only be able to create specific amount of new licenses based on a pre-defined template.

The reseller portal also introduces new logging capabilities. All events related to new licenses, customers, etc, are stored in the object log. Thanks to this log, you can, for instance, bill your resellers or customers only when they have successfully created a new license.

Getting started

Once you have created a new account, the reseller portal will be available in the top menu. If you are an existing customer, you can enable it on the billing page. As the next step, we recommend to check out the wiki page for more information.

Please let us know if you have any questions 🙂

Rust code for software licensing

Today we have released a library that you can use to implement license key verification for applications written in Rust. The library is freely available on GitHub.

To verify a license, you can use the code similar to the one below. More information about the parameters can be found here.

use cryptolens;

fn main() {
  let license_key = cryptolens::KeyActivate(
      "WyI0NjUiLCJBWTBGTlQwZm9WV0FyVnZzMEV1Mm9LOHJmRDZ1SjF0Vk52WTU0VzB2Il0=",
      cryptolens::KeyActivateArguments {
          ProductId: 3646,
          Key: "MPDWY-PQAOW-FKSCH-SGAAU",
          MachineCode: "289jf2afs3",
          .. Default::default()
      }
    ).unwrap();

  let public_key = r#"<RSAKeyValue><Modulus>khbyu3/vAEBHi339fTuo2nUaQgSTBj0jvpt5xnLTTF35FLkGI+5Z3wiKfnvQiCLf+5s4r8JB/Uic/i6/iNjPMILlFeE0N6XZ+2pkgwRkfMOcx6eoewypTPUoPpzuAINJxJRpHym3V6ZJZ1UfYvzRcQBD/lBeAYrvhpCwukQMkGushKsOS6U+d+2C9ZNeP+U+uwuv/xu8YBCBAgGb8YdNojcGzM4SbCtwvJ0fuOfmCWZvUoiumfE4x7rAhp1pa9OEbUe0a5HL+1v7+JLBgkNZ7Z2biiHaM6za7GjHCXU8rojatEQER+MpgDuQV3ZPx8RKRdiJgPnz9ApBHFYDHLDzDw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"#;

  match license_key.has_valid_signature(public_key) {
    Ok(true) => { }
    _        => { println!("Signature check failed. Aborting!"); return; }
  }

  println!("Successfully activated license key: {}", license_key.Key.unwrap());
}

As always, let us know should you have any questions!

Autodesk Revit plugin software licensing

Autodesk® Revit is a powerful building information software, which allows developers to extend its functionality through plug-ins that can be written in either Python or .NET. In order to monetize your plugin, we need to implement a license verification mechanism and a way to accept payments from prospective customers.

License verification

Python plugins

If your plugin is written in Python, you can use the Python2 version of our Python client. A simple license verification can be performed with the code below (your specific parameters can be found here):

from cryptolens_python2 import *
HelperMethods.ironpython2730_legacy = True

pubKey = "<RSAKeyValue><Modulus>sGbvxwdlDbqFXOMlVUnAF5ew0t0WpPW7rFpI5jHQOFkht/326dvh7t74RYeMpjy357NljouhpTLA3a6idnn4j6c3jmPWBkjZndGsPL4Bqm+fwE48nKpGPjkj4q/yzT4tHXBTyvaBjA8bVoCTnu+LiC4XEaLZRThGzIn5KQXKCigg6tQRy0GXE13XYFVz/x1mjFbT9/7dS8p85n8BuwlY5JvuBIQkKhuCNFfrUxBWyu87CFnXWjIupCD2VO/GbxaCvzrRjLZjAngLCMtZbYBALksqGPgTUN7ZM24XbPWyLtKPaXF2i4XRR9u6eTj5BfnLbKAU5PIVfjIS+vNYYogteQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"

res = Key.activate(token="WyIyNTU1IiwiRjdZZTB4RmtuTVcrQlNqcSszbmFMMHB3aWFJTlBsWW1Mbm9raVFyRyJd",\
                   rsa_pub_key=pubKey,\
                   product_id=3349, key="ICVLD-VVSZR-ZTICT-YKGXL", \
                   machine_code=Helpers.GetMachineCode())

if res[0] == None or not Helpers.IsOnRightMachine(res[0]):
    print("An error occurred: {0}".format(res[1]))
else:
    print("Success")
    
    license_key = res[0]
    print("Feature 1: " + str(license_key.f1))
    print("License expires: " + str(license_key.expires))

C# or VB.NET

If your plugin is either written in C# or VB.NET, you can use our .NET library instead. To add it to your project in Visual Studio:

  1. Right click on your project in the Solution Explorer and click on Manage NuGet Packages.
  2. Search for Cryptolens.Licensing and install it.
  3. Add the code-snippet form this page in the code where the plugin loads for the first time.

Accepting payments

One way to sell an Autodesk Revit plug-ins is by publishing them in the Autodesk App Store, where a basic licensing mechanism is already provided. The problem with this approach is that the licensing models available are quite limited (eg. you can only charge your customers once for the plug-in and they will be able to use it in perpetuity). For instance, selling your plug-in as a service (subscription model) is not supported.

A better approach is to still publish your plug-in in the Autodesk App Store and set it to be a free app. You can then ask your customers to get a separate license key to be able to unlock all features.

You can read more about various ways of selling your software in our help pages. I would also recommend to check out the available licensing models.

If you have any questions, please feel free to reach out!

Tips on monetizing Python applications

Python can be used to develop a variety of applications, either as plugins (eg. for Discord, AutoCAD, Autodesk Maya, etc) or standalone applications. In this post we will focus on how to monetize a standalone Python application.

Let’s say you have developed a Python application that classifies images (eg. using tensorflow or pytorch). To start selling it, there are just three things we need in place:

  • Code obfuscation – to ensure that no one can reverse engineer the application.
  • License verification – to ensure that customers need a license key before they can use the application (eg. so that you can restrict which features they can use and how long the license is valid).
  • Webshop – so that customers can obtain a license key to unlock functionality.

Code obfuscation

To obfuscate your application, multiple tools can be used. You can either use packages such as pyarmor that are made to obfuscate Python code or open source tools such as pyinstaller in combination with cpython (for most sensitive code).

License verification

A license key can be easily verified using the code below. You can find more information about the parameters here.

from licensing.helpers import Helpers
from licensing.models import Response, RSAPublicKey
from licensing.methods import Key

pubKey = "<RSAKeyValue><Modulus>sGbvxwdlDbqFXOMlVUnAF5ew0t0WpPW7rFpI5jHQOFkht/326dvh7t74RYeMpjy357NljouhpTLA3a6idnn4j6c3jmPWBkjZndGsPL4Bqm+fwE48nKpGPjkj4q/yzT4tHXBTyvaBjA8bVoCTnu+LiC4XEaLZRThGzIn5KQXKCigg6tQRy0GXE13XYFVz/x1mjFbT9/7dS8p85n8BuwlY5JvuBIQkKhuCNFfrUxBWyu87CFnXWjIupCD2VO/GbxaCvzrRjLZjAngLCMtZbYBALksqGPgTUN7ZM24XbPWyLtKPaXF2i4XRR9u6eTj5BfnLbKAU5PIVfjIS+vNYYogteQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"

res = Key.activate(token="WyIyNTU1IiwiRjdZZTB4RmtuTVcrQlNqcSszbmFMMHB3aWFJTlBsWW1Mbm9raVFyRyJd",\
                   rsa_pub_key=pubKey,\
                   product_id=3349, key="ICVLD-VVSZR-ZTICT-YKGXL", machine_code="test")

if res[0] == None:
    print("An error occured: {0}".format(res[1]))
else:
    print("Success")

Webshop

When you have obfuscation and license verification in place, we need a way for customers to be able to order a license key. If you already have Stripe, you can use the recurring billing module, which acts like an interface for plans defined in your Stripe account. In other cases, you can either use payment forms or a different platform (please read more here).

Questions? Please reach out to us at support@cryptolens.io 🙂

Offline SDK protection in .NET with software licensing

A common way to distribute functionality is by creating an SDK that can be consumed by developers inside their own application. The advantage of shipping functionality as an SDK is that you can focus on improving the core algorithms without the need of creating a separate GUI for a specific use-case.

Cryptolens already offers a way to protect SDKs and today we would like to introduce a new way that was specifically developed for .NET libraries that are permanently offline or where a perpetual licensing model is preferred.

How it works

The idea behind the new SDK licensing technique is to require developers to sign the application that will use your SDK with a special utility. When this is done, a new file with the certificate will be created in the same folder, which can later be verified when the SDK is called. This ensures that only authorised developers can develop applications that use your SDK.

Inside the SDK, you only need to call Helpers.VerifySDKLicenseCertificate() with your RSA public key, and it will make sure that the certificate is valid. A nice feature of this method is that it also returns a LicenseKey object, which you can use to decide which features should be available, etc. You can see a demo of this here.

In order to sign an assembly, developers can use a special utility that is available open-source on GitHub. Developers need to provide their license key and the assembly signing utility will automatically send their machine code so that you can control which developer machines can perform the signing operation.

Getting started

To get started, please check out the tutorial for SDK developers on the following page. All the helper tools and demo projects are available open-source in our GitHub repo.

Metered usage with Stripe recurring billing in software licensing

A year ago, we released the recurring payment module to the customer dashboard, which allows your customers to sign up for plans and instantly receive the license key.

This has now been extended with the option to record usage in addition to the subscription fee. It is quite useful if you offer some features on a usage-based basis (eg. yearly report generation in an accounting software). It can also be used to to charge for API calls or other types of method calls.

In .NET, usage can be tracked with a one line of code:

var res = Subscription.RecordUsage(auth, new RecordUsageModel { Amount = 1, ProductId = 3349, Key = "CMXKC-GUQRW-EJUGS-RRPUR" });

It quite easy to get started. Please check out this article for more information. You always welcome to reach out to us should you have any questions 🙂

Sign up customers automatically for the customer portal

A recent addition to the platform is the ability to sign up customers automatically to the customer portal. Instead of creating a customer manually or through the API, you can publish a generic link that will automatically register a customer with your account. This link can be found on the customer page.

In addition to allowing your customers to see their current licenses, the customer portal gives them the option to order new licenses as well as use their login credentials instead of the license key when unlocking your software. We will cover each case below.

Why customer portal?

Listing licenses

When you assign licenses to a customer account, your customers will be able to see all their licenses and their properties, such as the set of features they are entitled to and when they expire.

Recurring payments

If you have set up Stripe with your account, you can allow your customers to sign up for a plan in the customer portal and get instant access to a valid license key. They can also easily manage their subscriptions. You can read more about how you can get started here.

User account authentication

Instead of using a license key, you can allow your customers to authenticate using their login credentials. Cryptolens has developed a state-of-the-art protocol that preserves the privacy of your customers (more information about the protocol can be found here). You can read more on how to get started here.