Blog on Software Licensing, Commercialization, and Revenue Optimization

Protecting Rhinoceros plugins with software licensing

Rhinoceros® (aka Rhino 3D) is a powerful computer graphics and CAD application. It’s also quite extensible as it allows developers to create their own plug-ins and add-ons. The aim of this post is to give you quick way of getting started with software licensing in your application, with focus on .NET.

One way of developing Rhino 3D applications is using Visual Studio. To add a simple key verification mechanism, only three steps are necessary:

  1. Right click on your project in the Solution Explorer and click on Manage NuGet Packages.
  2. Search for Cryptolens.Licensing and install it (for certain Rhino versions, please see this page).
  3. Add the code-snippet form this page in the code where the plugin loads for the first time.

You can know create a license key in the Cryptolens dashboard to test that the key verification code works. That should be it! If you would have any questions, please feel free to reach out.


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

License server for software licensing

One of the problems experienced by software vendors when selling to large customers is that some of their machines that will be running the software do not have direct internet access.

Although it is still possible to use offline activation, having an active connection to Cryptolens makes things much easier for both you as the software vendor and your customers.

To solve this, we can use a license server that will re-route all the license verification requests from the computers in the network to Cryptolens, as shown below:

If you have already implemented key verification in your application, the license server can be set up quite quickly in two steps:

  1. Install the license server as described here.
  2. In the Key.Activate method, add LicenseServerUrl parameter and set it to point to the license server (the IP and port of are shown in step 1).

Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Ways of protecting your private data – a short intro to cryptography

Encryption is important. Although intuitively you might say that you have nothing to hide, it’s important to ask yourself the following question: would you be willing to give your Facebook password to a stranger or publish it online? Probably not. Most people have something to hide and encryption is one way of safe-guarding your private information.

The focus of this article is on how to protect your data against physical compromise (symmetric encryption), when you send it to someone (asymmetric encryption) and when you would like it to be retrievable (secret sharing).

Your own data (symmetric encryption)

If you want to protect files that only you will be working with, symmetric encryption is quite useful. Symmetric encryption means there is only one key to encrypt and decrypt data.

By default, it’s a good idea to have full-disk encryption to make sure your files are inaccessible if the computer or phone is lost. If you have a USB stick, it’s also useful to encrypt the information on it as these tend to be lost more frequently.

Tech savvy: 

Nowadays, AES (Rijndael) is the one that is considered to be secure, so by default this is the way to go. The most common AES versions are with 128-bit keys and 256-bit keys. For most cases, 128-bit keys should be ok, but for extra paranoid users, you can both increase the key size and combine it with other encryption methods, such as AES-Twofish-Serpent (all of these are AES finalists).

If you leave your computer unattended, please make sure it’s turned off. Preferably you should let it be off in 10 min to avoid cold-boot attack.

Tools

  • BitLocker (built into Windows, mainly for full-disk encryption)
  • VeraCrypt (cross platform, full-disk encryption and encrypted containers)

Sharing data with others (asymmetric encryption)

Imagine you would like to allow everyone to contact you securely without having to agree on a secret key first (which is the case with symmetric encryption). This is where asymmetric encryption is useful. Instead of one secret key there are two: one to encrypt and one to decrypt.

There is a good analogy with real objects. To enable others to send you shipments securely, one way of accomplishing this would be to hand out unlocked padlocks with a box. If they want to send you something, they would lock the box with your padlock, ensuring that only you can open it.

Tech savvy:

The most common asymmetric encryption methods are RSA and Elliptic curves. There are some arguments which method is more secure. Both RSA and ECC base their security on mathematical problems that are hard to solve. Since we are better at factoring large numbers (which can help to break RSA) than we are at solving the elliptic curve discrete logarithm problem, RSA keys tend to be larger than those in ECC (2048 vs 256) to guarantee the same level of security.

There are also different kinds of ECC curves, ones proposed by NSA (NIST curves) and by independent researches, eg Curve25519 by Daniel J. Bernstein, and there are mixed opinions on which one to choose (an interesting article on the topic).

I tend to use either RSA 4096 or Curve25519 for ECC.

Tools

  • GnuPG (for email communication)
  • Signal (end-to-end encrypted messaging)

Splitting a secret (secret sharing)

In case something happens to you and you don’t want your encrypted data to be inaccessible, you can break up a password (eg to your personal files) into multiple pieces that you give to your close friends. All friends need to agree to retrieve the original secret.

Tech savvy:

Additive secret sharing (code snippet shown later) is the easiest to understand and implement but it requires all parties to be present to retrieve the secret. Shamir Secret sharing allows us to define how many shares will be necessary to get the secret.

The cool thing about secret sharing is that it’s unconditionally secure, meaning that we need all shares to retrieve the secret and we don’t gain more info with more shares. It also means that the modulus Q does not need to be large.

If it’s ok to require all parties to be present to get the secret key, you can use the code for additive secret sharing below. Your secret can be any number less than 2^512 (512 bits).

import secrets

Q = 2**512

def encrypt(x, no_shares = 3): 
    """
    Splits the secret up into 'no_shares' shares
    """
    shares = [secrets.randbelow(Q+1) for i in range(no_shares - 1)]
    shares.append((x - sum(shares)) % Q)
    return shares

def decrypt(shares):
    """
    Combine all shares to retrieve the secret
    """
    return sum(shares) % Q

Tools


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Overdraft software licensing

Several months ago, we introduced support for floating licenses, which, in simple terms, is a way to permit a certain number of concurrent end users at a time.

Overdraft license is a way to allow your users to temporarily exceed the upper bound of the number of concurrent licenses to take into account for potential peak usages. Once this occurs, a special event is going to be registered so that you can increase the limit in the next billing cycle.

In .NET, this can be implemented as follows (below, we allow the users to exceed the upper bound by one more concurrent license):

var auth = "{access token with permission to access the activate method}";
var result = Key.Activate(token: auth, parameters: new ActivateModel()
{
    Key = licenseKey,
    ProductId = 3349,
    Sign = true,
    MachineCode = Helpers.GetMachineCode(),
    FloatingTimeInterval = 100, // needed for floating licenses
    MaxOverdraft = 1            // needed to allow overdraft
});

if(Helpers.IsOnRightMachine(res2.LicenseKey, isFloatingLicense: true, allowOverdraft: true))
{
    // everything OK!
}

You can read more about this on our help pages.


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

SendOwl and DPD integrations with Software Licensing

On a mission to make software licensing more accessible, we have recently improved our Web API to make integrations with other services easier. For example, we have made it possible to return license keys as plain text, which many third party platforms require.

When selling software, there are two problems that need to be solved: payment processing and software licensing. Cryptolens core has always been the comprehensive licensing API. If you are using SendOwl or DPD, you can keep using them for payments and Cryptolens for software licensing.

If you have a new project, I would recommend to check out our new tutorial about built-in recurring payments and payment forms.


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Cryptolens joins Stripe partner program

Most people today don’t know that only three percent of GDP is online. That’s why we’re
excited to join the Stripe Partner Program to increase internet commerce and help
companies start, run, and scale their businesses.

By joining the program, our mutual customers will now benefit from the combination of
Cryptolens secure licensing platform with Stripe’s seamless payments platform.

We believe that removing barriers to online commerce helps more new businesses get
started, levels the playing field, and increases economic output and trade around the
world. Together with Stripe, our mission is to bring more commerce online and increase
the GDP of the internet.


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Recurring Payments with Stripe combined with Software Licensing

A popular licensing model amongst software vendors is subscription-based licensing. It is generally seen as a smaller risk for the customer than traditional one-time payments (eg. which normally require a large commitment), but at the same time it provides recurring revenues for the software vendor.

You can get started with recurring payments by visit our help pages.

Features

Recurring payments are implemented as a part of the customer portal. Thanks to this update, customers can not only manage their existing licenses but also subscribe for new ones.

Everything related to payments, plans and subscriptions is managed by Stripe, so if you’re already using Stripe, it’s quite easy to get started with the new recurring payments feature. If you do not have Stripe, it’s quite easy to get started. A tutorial can be found here.

In addition to recurring payments, the customer portal makes it possible to use user account authentication, described in the previous article.

Screenshots

Example when the customer has subscribed to a new plan:

The new license will show up on the home page of the customer:

Reviewing a license key and the subscription it is associated with:


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Software licensing for PHP applications

We recently added support for key verification in PHP, available on GitHub. Below is the sample code that can be included into your application.

<?php
require_once('Cryptolens.php');

$activate = cryptolens_activate(
      // Access token
      'WyI0NjUiLCJBWTBGTlQwZm9WV0FyVnZzMEV1Mm9LOHJmRDZ1SjF0Vk52WTU0VzB2Il0='
      // Product Id
    , 3646
      // License Key
    , 'MPDWY-PQAOW-FKSCH-SGAAU'
      // Machine code
    , '289jf2afs3'
    );

// $activate is now a boolean indicating if the activation attempt was successful or not

?>

The repository contains all the necessary information to get the code to work (eg.. finding access tokens)


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Usage-based (pay per use) software licensing in .NET

Many software vendors nowadays move away from one-time payments to other licensing models. One such example is the usage-based model. By doing so helps lowering the barrier of entry for new customers, as they no longer need to commit to the product long term, which is usually the case with one-time payments. If you already have a subscription model, supporting usage-based payments can help you to monetise a group of users who would otherwise not buy the product.

You can read the entire tutorial here.

Getting started

In Cryptolens, usage-based licensing can be implemented using data objects, aka custom variables. We can use these variables to record how often features are used and keep track of any usage credits that a customer has purchased. There are two ways of billing customers:

  • Upfront payment: customers need to purchase usage credits in advance.
  • Based on actual usage: customers pay for the actual usage in the end of the billing period.

Charging based on actual usage

If you choose to charge your customers based on actual usage, we can simply use the code below:

var auth = "Access token with AddDataObject, ListDataObject and IncrementIntValue permission. Please also set KeyLock value to '-1'";
var licenseKey = "LZKZU-MPJEW-TARNP-UHDBQ";

var result = Data.ListDataObjects(auth, new ListDataObjectsToKeyModel 
{
    Contains = "usagecount",
    Key = licenseKey,
    ProductId = 3349 
});

var obj = result.DataObjects.Get("usagecount");

if (obj == null)
{
    // make sure to create it in case it does not exist.
    Data.AddDataObject(auth, new AddDataObjectToKeyModel { Key = licenseKey, ProductId = 3349, Name = "usagecount", IntValue = 1 });

    if(res == null || res.Result == ResultType.Error)
    {
        Console.WriteLine("Could not create new data object. Terminate." + res.Message);
    }
}
else
{
    var res = obj.IncrementIntValue(auth, 1, licenseKey: new LicenseKey { Key = licenseKey, ProductId = 3349 });

    if (res == false) 
    {
        Console.WriteLine("We could not update the data object. Terminate.");
    }
}

Upfront payments

If you instead want to charge your users upfront, we need to create the data objects when creating the license. If you are using payment forms, we can set up two requests, one creating a new license and another creating a new data object (inspired by this tutorial), as the result from key creation will be “piped” into data object creation request. You can then have another payment form that allows users to refill their credits, in which case the custom field can be used.

You can use the code below to verify if the limit was reached inside your application:

var auth = "Access token with AddDataObject, ListDataObject and IncrementIntValue permission. Please also set KeyLock value to '-1'";
var licenseKey = "LZKZU-MPJEW-TARNP-UHDBQ";

var result = Data.ListDataObjects(auth, new ListDataObjectsToKeyModel { Contains = "usagecount", Key = licenseKey, ProductId = 3349 });
var obj = result.DataObjects.Get("usagecount");

var res = obj.DecrementIntValue(auth, decrementValue: 1, enableBound:true, lowerBound: 0, licenseKey: new LicenseKey { Key = licenseKey, ProductId = 3349 });

if (!res)
{
    Console.WriteLine("Could not decrement the data object. The limit was reached.");
}

Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.