Let’s assume that you have developed a software application (eg. app) that you are about to sell. Then, there are three things you need to consider:
- Licensing – this is used to keep track of the type of features that end users have bought. A simple example of this when your user has to type a license key to unlock more functionality. When selecting these kinds of systems, it’s important that the system both supports offline mode and is cloud-based. The advantage of cloud-based systems is that they are more scalable and secure (eg. you have full control of all end users).
- Obfuscation – this is used to make your program binaries (eg. exe and dll files) harder to disassemble. This is especially important for .NET apps, since existing tools make this very simple. A word of warning though: none of the available systems are 100% safe, and even the well-respected systems are being cracked within days of software release.
- Web API – imagine your algorithm is so important that you don’t want to risk it being leaked. Since obfuscators are never 100% safe (mainly because in the end, the code will be executed on the client machine), the only secure way is to never run this code on client machines that you don’t control. Instead, you can create a Web API method that you host yourself and then allow your program to consume it. In this case, the algorithm is safe at the cost of constant internet access requirement.
To sum up, the first system to consider is licensing, since this will remove the administrative burden of keeping track of the type of rights your customers have to the software. As a bonus, many cloud-based licensing systems support integration with payment processors. In the end of the day, the goal is to ensure payments and license verification are automated, so that you can focus on developing the features that really matter to your customers.
For more information, please see this page.
Today, we are happy to share a new version of the analytics dashboard (available to all customers), which includes many new cool features. We will sum this up in this post. The new analytics dashboard will be improved continuously, with the aim to offer more in-depth analysis of the data.
If you have any feedback, we would be happy to hear from you!
- Login on your account: https://app.cryptolens.io/Account/Login
- Go to https://app.cryptolens.io/Stats
- Click on the link on the top of the page to visit the new page.
Note: After a while, the new page (https://analytics.cryptolens.io/index.html) will redirect you back to the old page. To view it again, you just need to click on the link again. We will fix this in the coming weeks.
World Map and Filters (by country)
To start with, you will see all the data that has accumulated since the beginning (“all time” option). You can control this easily with the 5 buttons available in the top menu (we will discuss how to set a custom time period a bit later).
The map allows you to examine stats from specific regions. You can select the desired countries and then click on “show/hide filters” and click on the “filter” button close to the country tags, as shown below (filtering on Sweden and Norway). Once we have activated the filter, it will turn blue. You can then click on the filter again and it will turn white, meaning it’s no longer active.
If you are interested in a different time region than those supported on the top menu, you can use the timeline to select an area of interest. To reset the timeline, just double-tap on it.
Time of Day
One way to understand how your application is being used is by examining when it’s used during the day. This was already available in the old analytics dashboard. The key difference in the new one is that it takes into account the local time zone of the end user.
Most Active Customers and Other Metrics
The last part includes a short summary of the key metrics such as how many licenses were created and how many requests were made during a specific time period. Moreover, it’s now also possible to compare “how active” license keys and customers are relative to each other. For instance, in the customer list, you can see your top most active and inactive customers, which can help you to discover the early adopters in a technology adoption lifecycle model.
The common way of distributing licenses has always been using license keys (or files). Each time a customer needs more features, they have to get a new license key. Thanks to a cloud-based solution such as SKM, it’s possible to limit the number of licenses a customer needs to keep track of, since you can always change the properties of a license in the control panel.
With the “user login authentication” feature, we want to take distribution of licenses a step further and make it even more seamless for you and your customers. Below are some of the benefits of using user login authentication:
Benefits of User Login Authentication
- Security – an account is much easier to protect than a license key (SKM has many security mechanisms in place, including two-factor authentication).
- Time – if your customer loses a license key, they will first of all contact you, which will require more maintenance time per customer (SKM account can always be restored automatically and if more support would be needed, we will take care of it).
- Trust – every user account comes with an easy-to-use control panel that makes it easier for your customers to manage their licenses.
A quick way to get going with user login authentication is by watching a short video and reviewing an example implementation on GitHub.
Note: In addition to SKM Client API, you need to install Cryptolens.SKM, which requires .NET Framework 4.6.2 or above (or .NET Core 1.0 or above). Cryptolens.SKM targets .NET Standard 1.4, so if you target any other .NET friendly platform, you can find more information here.
If you have any feedback or suggestions, please contact us at support (at) skmapp.com.
Useful Facts & Links
We have now finalized the last bits that were left to make the C++ client API more reliable and easier to integrate. This is great news if you develop applications in C++ (for instance, drivers, connected products as a service, IoT products, and more).
Right now, it offers the activation method, which is the method that should always be called to either verify or activate a license. If there are other methods that you would find useful, please get in touch with us.
The project has been lead by Martin Svedin, Lead Developer.
On the technical side
Our client API in C++ is quite different from its .NET counterpart. The main difference is in error handling, the protocol under the hood and the ability to perform API requests outside of our API (which uses curl by default). Extensions functions (ability to chain together several constraints together) in the C++ client are similar to the .NET client.
How to perform activation
In the .NET client, the only object you need is LicenseKey. In the C++ client, there is a similar class called LicenseKey (which contains license key parameters such as features). However, in order to retrieve a LicenseKey object, you cannot just call the activation method. Instead, you need to use an intermediate class called RawLicenseKey. That is, when you call the activation function, it will return a RawLicenseKey, which can be used to create a LicenseKey object.
The only difference between RawLicenseKey and LicenseKey is that the former one contains signature whereas the latter one does not. If you want to support offline activation, you should save RawLicenseKey object (the license and the signature, as described here). However, when you verify the license parameters, LicenseKey should be used instead.
Adding a chain of constraints on LicenseKey object is very similar to the way it is done in .NET. For example, in .NET, to check that feature 1 is enabled and the key has not expired, you would type:
licenseKey.HasNotExpired().HasFeature(1).IsValid() // returns true if the constraints are satisfied
In the C++ client, it’s quite similar:
license_key->check()->has_not_expired(123456789)->has_feature(1) // returns true if the constraints are satisfied
A minor difference is that has_not_expired requires the current time as a Unix time stamp in seconds.
Public Key extraction
Another point worth mentioning is how you insert your public key (not the access token) into the C++ client. You can find your RSA public key here that has a structure similar to the one below:
When you specify the modulus and exponent, you can just copy them directly from your public key as shown below:
This has to be done before any activation request is sent, as shown here.
This was a short summary of the C++ client, with focus on users that are familiar with our .NET client. For further information, please see the GitHub repository and API documentation Please get in touch with us should you have any questions! One more thing, please review the third party licenses when you are ready to release your application.
When your customers are running your application, personal information such as the IP address is sent to Cryptolens AB. GDPR aims to protect users’ privacy, which means that it is important that you have a consent from your customers in doing so.
To make sure that you are compliant, our lawyer has composed an excerpt that you can insert into your agreement.
Binding the agreement to your customers
If you are targeting a large number customers, it may not be feasible to get a signed copy of the agreement. Instead, there are several ways you can make it binding online. We have listed several suggestions below:
- Before your customers can use your application, they should have opened a window that shows the Terms of the agreement (if you have your own end user license agreement) together with the Consent to personal data processing.
- It must be ensured that your customers have read the documents before they can use your application. There are different ways to do this and a function with a non-pre-filled box can be used. The customer must actively tick the box to approve the Terms of the agreement and the Consent to personal data processing.
If you would have any questions, please feel free to contact us.
Several days ago, we updated our pricing page with the aim of making SKM more customized to your business needs. Before, we had three types of subscriptions, but we quickly realized that all our customers had different requirements of the set of tools they need (eg. licensing, payments and analytics). Therefore, we want to focus on giving you the tools that better satisfy your requirements.
This means that we will use a usage based licensing model where you only pay for the modules you use and their usage. However, we also plan to introduce a standard pricing tier that can be used by those without specific requirements. This is coming soon, already in the beginning of next month. Using this approach, we hope that we can help both early stage startups as well as larger enterprises with custom needs.
In general, this change will increase the price of our core licensing offering. This only affects customers that registered a subscription in 2017 (i.e. those of you who had a subscription before 2017 will not be affected). We understand that this can have an impact on your plans, which is why we have developed a general procedure of how this change is implemented:
- If your subscription is about to expire (or has expired), you will get up to 3 months for the same price as before.
- Within those 3 months, we will give you an offer based on your needs.
- In specific cases, we are ready to adjust the rules above (eg. generally for start ups and/or students).
The reason behind the changes is because SKM has evolved from being a hobby-project into a real company. This means that we can invest into better infrastructure, focus on upgrades and new features, and be able to provide a system that is compliant with various types regulations (for example, we are already GDPR compliant).
But most importantly, our goal is to ensure that you can focus on the core features of your application, and not have to think about licensing and payments.
For example, we have recently released support for platforms using C++, new Web API methods and many other updates. In the coming week, we will release even more visible changes, such as the “User Login Authentication” project, which is a new and more secure way of licensing applications. Please keep visiting our blog for more information.
To sum up, we do everything we can to stay innovative and provide you with a modern licensing system that you can rely on.
Today we’ve released a new major version of SKM Client API for .NET. The important takeaway from our release notes is that we have have fixed the networking issue with applications running in a corporate environment (eg. VPN) and those running through a proxy. This is good for those of you that develop enterprise applications. Moreover, we’ve brought support for SHA-256, which is now the default hash function for machine codes.
Now you can secure your account even further using two-factor authentication (2FA). In addition to your password, you will have to enter a short 6-digit code each time you log in, which helps to keep your account protected.
Enable 2-step verification
You can access this page directly here.
- Go to the Account Settings page
- Click on “Configure 2-step verification”
- Check “Enable Two Step Authentication” checkbox
- Scan the QR code with Google Authenticator (note: there are other alternatives such as Authy if you already have oen of them installed). If you want to get Google Authenticator, you can get it for
At SKM, open-mindedness and transparency are at the core of everything we are doing. Therefore, we’ve open-sourced the core parts of 2-step verification, freely available on GitHub. You can learn more about our other open-source projects at cryptolens.io/open-source.
SKM platform is being relied upon by many software developers and vendors of various sizes. Today, we are happy to introduce SKM Enterprise, a tailored solution for high volumes of end customers, with custom development of functionalities to support all types of software and workflows (from mission critical applications to large scale usage). In addition, we are now offerring extended support (eg. phone and email support) aimed at enterprise customers.
Our aim is to make it easy for software developers and vendors to focus on developing functionalities that really matter to their customers and that make them a world leader in their area.
By making software licensing simple and affordable, we hope that more companies will be more productive and profitable, and in this way make their product more innovative and beneficial to their customers.
Getting in touch
If you want to get in touch, please send us an email at support (at) skmapp.com or visit our office at Lindstedsvägen 24, Stockholm (4th floor). We look forward to meeting you!
Problems with App store?
One clear problem with any App store is that you’re locked in to use their limited set of licensing models (i.e. ways to sell your app). This is evident when you want to support proper subscription based model (i.e. customers need to pay on a monthly or early basis to continue to use your app). Many big companies, such as Microsoft and Adobe, are starting to charge their customers on a recurring basis, for instance in Office 365 and Adobe Creative Cloud. Now, you no longer buy the “product” but rather the “service”, which means that we want to give our customers a great user experience independent of the platform, may it be a tablet, a smartphone or a PC. Unfortunately, this is very difficult to implement and manage across multiple platforms if you use built in functionality of the App store (and other app stores) because you’re locked in into their ecosystem.
Not only are you locked in into their ecosystem, they also take 30% of your revenue that you could have used to develop your application further.
Say you sell your service for $100/per month. Then you have to pay $30 per month in royalties, which adds up to almost $400 per year. Note, this is in addition to the fee that you payed to register a developer account.
How is this solved now?
One question that comes into our mind is following: How do companies like Spotify and Uber avoid to pay Apple the 30% transaction fee? The common denominator is that they use a custom licensing component that they maintain themselves. For example, to use Spotify, you need an active subscription (even if the app is free), which you can get outside of the Apple store, for example, on Spotify’s website. So, technically, no transaction occurred in the app itself.
The idea is to avoid using the built-in functionality of the App store as much as possible. You can do this in the following two ways: either you develop a licensing component from scratch or use a third party.
Building from Scratch
If you have some time at your disposal, you can create a licensing system from scratch or use an open source library, such as SKGL. The advantage is that you get to design it specifically for your needs. Using open-source systems can save you some time, but please keep in mind that you might instead need to spend time on configuring it and possibly extending depending on your requirements.
Using Third Party
The idea here is simple: “Why invent the wheel?”. Software licensing and monetization is such a common problem so there are solutions out there that can do just that.
First of all, they will probably cover many cases and secondly they are also cheaper than doing it on your own (after all, think about the time it would take, which is approx. 2-3 months, and later maintenance).
The critical bit is maintenance. Imagine that your business model changes and you have to restructure your licensing solution. If you use a third party, they most likely have what you’re looking for, so changing won’t be hard. Otherwise, you have to do it yourself from scratch.
Example solution using SKM
In order to get a working licensing component, one way to go is to use SKM – a cloud based licensing as a service. SKM is like a toolbox that contains many of the tools that you would need to set up a licensing system within hours. In comparison to many of the alternative solutions, it’s aim is to be accessible, which includes being affordable and simple-to-use. Moreover, one of the values is transparency and developer friendliness; many of the tools used in SKM are available open source and free of charge. It’s very simple to get started.