Category: Announcements

Successful change of infrastructure and the way it affects the licensing model

Dear Users!

In this letter, I would like to describe the progress that we’ve made since the 9th of June as a mean to reduce downtimes, how our licensing model has changed, how it affects current customers, and finally some of the new functionality that are currently available and those that will be available soon.

First of all, I would like to thank everyone who took their time to reply to the questionnaire that was attached to the previous post. It has been really helpful and has affected the way the plan was executed. Generally, most of us share the opinion that we should have new servers and to allow SKM to be hosted on private servers. Within the same week, we changed the infrastructure from being in a shared environment to a virtual private server provided by Microsoft Azure. From now on, no more downtimes should occur as the environment is highly compatible with our application. In addition, the response speed should be a lot faster than before.

Some of the advantages of the change of infrastructure is that it makes SKM even more reliable for critical operations such as instant license validation and payment processment. However, security and reliability improvements have affected the licensing model of our application. Now, instead of just offering a cloud based software licensing system, there will be an option to host SKM on your own servers. This is particularly good for enterprises with policies that require data to be stored in the infrastructure of the company.

If you choose to host SKM on your own, there are two ways it can be achieved: dedicated and on premise. The first option gives you SKM that is specifically hosted for your company, but which is maintained and hosted by us. The latter allows you to host SKM on your own servers. Maintenance is still included in this case.

Since we have three new types of subscriptions: Standard, Professional and Ultimate, the old Premium subscription is now longer available for new customers. Thanks to all current Premium subscribers, SKM has continuously grown from just being a way to avoid duplicates in Software Protector (SKGL) to an advanced, competitive, affordable, developer friendly licensing solution with tools that ensure that you reduce the time needed to maintain software licensing and distribution. Your friendly feedback and loyalty has encouraged us to keep on adding new features in order to deliver you a great service. Therefore, all current Premium subscribers will be able to upgrade their subscriptions in the same way as before. However, if you would like to get our newest features, you are always welcome to upgrade to any other subscription!

Now, let’s have a look at what’s new in SKM. Clearly, the design has changed in many parts of the application, in order to ensure that you get a great user experience. It’s not yet perfect, but we do our best to make it as great as possible (and you are always encouraged to let us know your thoughts on the forum!). Since we want SKM to be as simple as possible, we’ve added support for a fluent interface in SKGL Extension (read more here). Moreover, to simplify customer management, we’ve added the ability to assign keys to a customer, which removes the hassle that can occur when you have to manage many licenses. From now on, it’s the customer, not the license key that should be in centre. Later this year, we will extended the Web API to allow it to be more customer based. In addition, there is support for a new algorithm for key generation, namely SKM15. This algorithm is more adjusted to an online licensing system such as SKM. Our Web API is not entirely compatible with SKM15, but everything is made to change this (here is compatibility list).

In the nearest future, we plan to open up a new version of the Web API with support for token based authentication, simplified versioning and documentation. A final date is not set because even if it set, more time will be required to review and test it, which would make the initial prediction incorrect. It will be released, that’s what can be said at the moment. In addition, we’ve started working on a cool feature that allows you to analyse the usage of your application (during activation for instance). By setting up a script, you can track down potential violations of a certain license quite easily. Again, it will be released, but there is still no solid deadline. If you would like to test our current progress, please let us know!

In conclusion, here’s what we’ve gone through. First of all, the infrastructure has changed to avoid downtimes. Secondly, support for dedicated and on premise hosting was added for those that prefer to have a private SKM server. Thirdly, current Premium customers will be able to keep their subscription as before, however, there is always an option to get new features by upgrading to a different subscription. Fourthly, we mentioned that there is an added support for customer management and there is also a new key generation algorithm optimized for SKM. Finally, it was announced that a new Web API will be released with support for token based authentication (and much more), and that soon you will be able to track down potential license violations using simple scripts. Finally, I would like to thank all of you for providing constructive feedback and suggesting new features. It has been fun to work with you, and I’m looking forward to continue working with you in order to ensure that your products are secured with a modern licensing system!

Kind Regards,

Artem

Lead Developer


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Additional security for multiple products

Along with the update of SKGL Extension (see release notes), we’ve added support for signing of product id (pid), user id (uid) and activation date. These fields solve the following problem that was reported by a user:

Before, it was possible to use the same KeyInformation file (serialized by SaveKeyInformationToFile) to unlock other products (that used the same Public Key, i.e. by the same software vendor). For some, it worked out by specifying this information in the Notes field.

This change mostly affects those that use offline key validation or some sort of periodic activation with multiple products in the same account. By checking the product id during activation/validation, you can ensure that only the correct key information object is used for a given product.

In addition, the activation date is currently signed also. This means that the client user is unable to change the activation date, which ensures that activation files are only valid for a certain period of time. A tip here is to try to use the TimeCheck method.

If you would have question about the way you can take an advantageb of this security measure, please send a question on our forum.


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Some new updates in Serial Key Manager

Hi,

Last month, new functionality was added to the platform in order to facilitate the software distribution process. Here is a list of them:

Right now, we are working on a new functionality called Forms, which has the aim to simplify basic operations that are performed very often. As we are still working on it, you are encouraged to tell us what you would like us to add or change. For example, maybe you need to use a third party together with SKM in your solution. You can submit your ideas in two ways:

  1. On our Google Group
  2. Contact us directly

If you have the time, we would appreciate if you would answer a very short questionnaire (4 questions) about the way you use SKM. The last two questions allow a more detailed feedback that will allow us to improve your user experience. Thank you for taking your time!

Lastly, apart from these updates, we know that some of our users experienced downtime last month (during midnight, Stockholm time). We don’t want to have it this way. Serial Key Manager stands for quality and we are working on to make sure that this does not happen again.

Regards,

Artem Los

Lead Developer


Security improvements to key signing functionality

After that Web API 2.0 was announced, there have been some minor changes.

  1. A new parameter, signMid was added in the Activation method. By setting it to true, you can ensure that the machine id (set by mid) is signed also. (read more about the security advantages under SignMid)
  2. The Valid output parameter is equal to “True”, with a capital “T”, instead of “true”.
  3. The signing functionality (in both Activation and Validation methods) was fixed to make sure that signatures that the server generates can be validated by a client using the public key.

SignMid

The security advantage of using signMid is mostly relevant for applications that perform activation only once or not at all. By setting it to true, the machine code will be added to the signature (in the KeyInformation class) and thus the client app will know that it has not been modified since the last activation was performed.

This opens doors to securer key activation on computers (devices) that do not have direct connection to the Internet, for example, some computers in an enterprise. An enterprise computer does only need to provide a machine code, which is later used to get a signed key information file. If you would like to have something that facilitates the implementation of this logic, please wait several days (approx 1-2 weeks). We are currently working on a possible solution.


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Application maintenance 3rd-4th January.

Yesterday, between 11 pm – 1 am Stockholm time, there was a major upgrade of the APIs in the application. This might have caused disturbances that could affect the Web API during that time. I am very sorry for that. The application is now up-to-date!

Serial Key Manager platform is updated continuously, which is very difficult to notice. However, certain times we need to upgrade vital components in order to keep Serial Key Manager secure.

Interact with server using API

SKGL Extension was upgraded to the new functionality available in SKM since yesterday. Apart from the fact that you can generate/activate/validate keys using web requests, you can from now list all products and also get uid, pid and hsum values without explicitly logging in through the browser.

Here are the methods that were recently added to the API:

The class that stores this information is:

NOTE: You have go through authentication using your username and password associated with your account for these methods to work.


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Access to the notes field

In the last post, there was a questionnaire about whether or not the access to the “notes” field should be given through key validation or key activation. The results of the questionnaire were mixed.

All opinions are very important for us, so, as a result, the notes field access is implemented in such a way to allow those users that want to access it being able to do so, while those users that don’t want the notes field to be exposed will be able to restrict access to it.

So, if you want to get the notes field exposed, please see this article. If you don’t, there is nothing that has to be done. Simply keep using  Serial Key Manager as you’ve always have done!

The recently released version of SKGL Extension API, v. 1.0.8.1, incorporates a new “notes” field in the KeyInformation class. The notes field is saved in the same way as creation date and other serial key features into a file during offline key validation (one time key activation with a digital signature). For those users that decide not to activate notes field access, nothing has to be done either. Serial Key Manager platform will work with 1.0.7.1 as usual.

It would be great if you find this way of implementing the access to the “notes” field is the optimal solution, but it might not be the case. If there is something you don’t like about this change or if you simply want to tell us what you think, you are warmly welcome to contact us!


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Additional information using JSON

Serial Key Manager is now entirely platform independent! Not only can validation and activation occur on any platform, but even the additional data like set timefeatures, can be retrieved using a simple web request. This means that no password has to be stored in the application, which drastically improves the security.

If you would still like to allow offline validations, please consider using activation where you restrict the number of machines that can use the same key.

Several weeks ago, trial activation feature was added, which will ensure that the time restriction starts at the moment of activation.

As you can see, many features have been added to Serial Key Manager. Because of this, 3 days premium subscription can now be activated again, to allow you to test the newly added features.

You are always welcome to ask any questions! Contact us here.


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.