Category: Software Licensing Best Practices

Adding Cryptolens SDK Into a Rhino 3D Plugin

The goal of this blog is to explain the 5 easy steps on how to add Cryptolens SDK into a Rhino 3D plugin. If you want to install our software license manager for a Rhino 3D plugin, please also check out our blog on how to get started in .NET. You can find that post here.

This blog will mainly cover how the steps in theory, and if you want code examples, please read the full documentation page for Rhino 3D plugins. We also show code examples in the following YouTube video:

5 simple steps to add Cryptolens SDK into a Rhino 3D plugin

Step 1 – Download the SDK

In our example, we create a plugin based on Rhino 8. When you have your project open, please follow this link to download our SDK on GitHub.

When on GitHub, click on “Releases” and choose the latest release. There are two versions to choose between. “Cryptolens.Licensing.CrossPlatform.zip” can be used if you expect to target platforms other than Windows. Normally, we suggest to try downloading “Cryptolens.Licensing.zip” and checking if all the features you need are supported.

Step 2 – Extract the folder

When you have downloaded your desired file, the next step is to extract the libraries. You will see that we have all of the binaries for all of the platforms on the downloaded file. For this tutorial, we will be using “netstandard.2.0”.

When in the “netstandard.2.0” folder, please copy the folder’s path link.

Step 3 – Dependencies

In Solution Explorer in Visual Studio, right-click on “Dependencies” under the name of your project. In the new menu, click on “Add Project Reference…”.

Step 4 – Browse

In the new window, click on “Browse” in the left menu. Now, click on the “Browse…” button in the lower right corner. In the “File name” field, please paste the folder path that you copied in step 2.

You should now be able to see the file called “Cryptolens.Licensing.ddl”. Please select that file and click “Add”. That should take you back to the original window, and simply click the “Ok” button to complete the step.

Step 5 – Install Newtonsoft.Json

The final step is to install Newtonsoft.Json using NuGet. To do that, right-click on “Dependencies” once again under the name of your project. This time, click on “Manage NuGet Packages…”

In the new window, change to the “Browse” tab and search for “Newtonsoft.Json”. When you find it in the search result, please install it using the down-arrow icon to the right. Click “Apply” in the window that pops up.

Code examples and full implementation

A good step to do next would be to build the project using our key verification code to see if everything is working. We suggest checking out the YouTube video above or going to the full documentation page.

Thank you for reading, please reach out to us if you have any questions!

Subscription VS Usage-based licensing

Do you want to license and sell a software product? Then you might be interested in understanding the differences between subscription VS usage-based licensing. The two licensing models are beneficial in different ways, and we will in this blog give you guidance on what to choose.

If you want to read more about licensing models, please read our help pages. We made the following video covering subscription VS usage-based licensing:

When to choose usage-based licensing

First of all, what is usage-based licensing, and how does it work? Usage-based licensing is when you charge a customer for a specific action. For example, you might sell software to photographers where they can edit photos. Instead of charging your customers a subscription fee once a month, you can charge a customer per photo that they edit in your software.

One benefit is that you can charge the customer more fairly. Enterprises that use your software every day pay a high price. Startups that use your software once in a while are allowed to pay a lower price.

So when should you opt to charge per usage instead of a subscription fee? The value that your customers get from your product must be highly correlated to the specific action you want to charge for. This simply means that the actions you charge for need to provide a lot of value to your customers.

Your editing software from the example provides value to your customer only when the customer edits a photo. Therefore, it is appropriate to consider usage-based licensing for such a software product.

When to choose subscriptions

Great! But when is it not a good idea to charge customers for certain actions? We covered earlier that usage-based licensing allows you to attract both small and large customers since they can have their own prices depending on their usage.

If you are selling multi-purpose software where you cannot find one specific action that gives all of your customers a lot of value, subscriptions can still allow you to charge customers different prices.

By implementing different pricing plans with different feature sets, you can motivate enterprises to pay a higher subscription fee to get full access to your product. Startups can then get a more basic version without all of the features at a smaller price.

Cryptolens makes it effortless to license and sell any type of software application, no matter if you want to implement subscriptions or usage-based licensing.


Get Started with Cryptolens Today!

Different types of software licenses - Cryptolens

How do you implement a Software Licensing System?

When you are thinking about licensing and selling your software product, you probably come across the question “How do you implement a software licensing system?” When you want to license and protect your software application, a software licensing solution could be the key you are seeking. Below, we will cover the basics of how to implement a software license management system.

Implement a software licensing system

A software license management solution has to establish a lock in your software code that only allows entry to people who put in a valid digital license key. If the key is invalid, or if they are unable to insert a key, the system should deny entry to the application. Without this system in place, anyone can access your software app, and it becomes very difficult to sell such a product. That is why a software licensing solution is important when protecting your code against unauthorized users.

Great, so how do you implement such a system? Well, there are essentially two ways. You can either code your own license key generator, or work with a Licensing as a Service (LaaS) provider. We have made other blog posts covering both of those options in greater detail, but let’s now cover the fundamental differences.

Software license management tool image

How to License Software – License Key Generator

A license key generator is a script that allows you to generate sub-sets of license keys and set up a script that checks the validity of that license key string. This is a lightweight solution that works quite well, but since it only performs partial key verification, and since the structure of the license keys will start to leak over time, it is not the optimal solution for long-term and more serious applications.

Furthermore, having an internal software licensing solution comes with some disadvantages. Coding your own system in and of itself will take a lot of time, and making sure it holds up in the long run will take even more time. However, it may still be preferable in some instances, and you can read more about such a solution here.

Outsource Licensing – Licensing as a Service (LaaS)

A Licensing as a Service (LaaS) provider such as Cryptolens allows you to set up a license manager within minutes that performs full key verification. This enables quicker software license implementation and you gain access to all of the advanced licensing techniques you will need, such as usage-based pricing, offline license verification, floating and node-locked licenses, and user-account-based licensing. Getting started with a cloud-based and outsourced software license manager such as Cryptolens can be done by following 3 easy steps:

1. Install our SDK in your programming language.

2. Create a free Cryptolens account.

3. Insert a code snippet into your code

1. Let us begin with the SDK. Cryptolens offers comprehensive SDKs in your favorite programming languages to make it effortless to implement a Licensing as a Service (LaaS) platform within minutes. Install our SDK in your language here.

2. Create a free Cryptolens account to get access to our easy-to-use dashboard where you can create and manage license keys and restrictions. You can also find your access tokens and other parameters that you have to insert into your code. Cryptolens offers you a way to implement licensing for free at your own pace, and you only have to pay when you get customers of your own. Check out our pricing plans here, and you can always get started for free.

3. The last step is to insert a code snippet into your application’s code. We provide comprehensive help guides to make the implementation seem effortless. The following image gives a summary of how our code snippet looks. See the code snippet in your programming language here.

Please visit our help pages if you want to learn more. You can also learn about software licensing basics in the following video:

Are you new to Cryptolens? Welcome! We are dedicated to offering an easy-to-use Licensing as a Service (LaaS) platform so you can license and sell your software application within minutes.


Get Started with Cryptolens Today!

How Does Software Licensing Work?

A common question in today’s digital world is “How does software licensing work?”. Understanding the basics of software licensing allows you to make smarter decisions, regardless of whether you are buying a software license from a software vendor or handing out licenses to customers as the software vendor.

Why is software licensing important? Well, in order to not over-pay for a software product, consumers must choose the right licensing type, such as a subscription or usage-based model, along with the correct pricing plan. Software vendors, on the other hand, have to make sure their software is able to know who is allowed access and for how long. Ultimately, software licensing is so important to many software vendors that without it, they can simply not sell their products at all.

This blog will first focus on the basics of how software licensing works for a person buying a software license. Then, we will move over to cover how a software vendor uses software licensing to charge effectively for their software product.

Explaining How Software Licensing Works – Consumer’s Guide

Software license management tool image

What is a software license?

When you are buying a software product from a software vendor, they might have you buy a software license. So, what is a software license? Well, many software products today are actually not purchased in the same way as you might purchase a physical product. When you buy an apple, for example, no one can tell you what to do with that apple once you’ve paid for it.

However, software products usually work slightly differently. Instead of gaining full control over a software product when you have paid for it, you most likely will be granted restricted use over it. A common type of software product today is Software as a Service (SaaS), where you pay a subscription fee every month to keep on using the product. If you don’t pay, you will lose access to the SaaS product.

A software license then establishes the terms and rules that apply when you are using the product. When you buy a license to use a certain software product, you agree that you will pay a recurring sum every month to continue to use the product, for example.

What happens when you don’t pay?

In a similar way to a driver’s license, a software vendor can choose to withdraw your software license if you do not comply with the software license agreement. Instead of speeding and losing a driver’s license, software licenses are usually withdrawn when you fail to pay the recurring subscription fee. That means that your ability to use the software product gets restricted to partial use, or you might not be able to use the product at all.

Great, but how can a software product know that I as the consumer have paid my latest subscription? Well, that’s where license keys come in! Some applications force you to insert a license key before you are allowed to use it. When you pay your first fee to the software company, you might then get a license key string (usually a short combination of letters) that you have to insert into the application. Today, many companies tie these license keys to a user account, so you simply have to log in to your account and the application knows what license keys are associated with that account (account-based licensing).

When you try to access the application after failing to pay your latest subscription fee, the software licensing system will realize that the key you are inserting is invalid. Then, it will not allow you to use the application.

Pricing plans and licensing models – Save money with software licensing

Now I want to mention how you can use your software licensing knowledge to save money as a consumer of software products using pricing plans. Many SaaS products can be purchased (or licensed) on different pricing plans, where each pricing plan has a different set of features that you have access to. For example, a SaaS product can have a Basic and Advanced pricing plan. The Basic plan might cost $50/month and only include the basic features of the app. The Advanced plan then unlocks more advanced features and might instead cost $100/month.

As a consumer, you will naturally choose whatever pricing plan suits your needs. You might begin on the Basic plan to find out if you really need the product. If you do, you can simply upgrade to the Advanced plan when the time is right. That’s pretty simple, right?

However, when the product gets more complicated, so may the pricing plan options. You might be able to choose between different licensing models, for example. The pay-per-use licensing model is quite common. Then, you pay each time you use a specific feature in the product. Accounting software might charge users for each report that is generated, for example.

Instead of taking the easy way out and choosing the biggest pricing plan just in case, thinking a bit longer and investigating what pricing plan you really need can then save you a lot of money in the long run. Without the ability to choose pricing plans, all software products would have to be sold at a standard price, which could mean that you overpay for a product that you don’t use that much. Thanks to software licensing, you can then access more software products at more affordable prices!

How Software Licensing Works for Software Vendors

As previously mentioned, a customer is able to pay an appropriate price for the software product thanks to software licensing. If it works optimally, small users don’t feel like they are overpaying, but you can still have larger users pay a more reasonable price. For software vendors, there is a great benefit to be had if your customers feel like they are paying an appropriate price. It can enable you to get more customers while big users of your product still pay a fair price.

Let’s now focus on how to implement a software licensing solution. Firstly, what does such a software licensing system need to do? Well, the most basic task is of course to establish a lock in the application that requires a user to interest a license key. Then, it also has to be able to check the validity of the inserted license key.

Can you code such a system yourself? Yes, of course you can, but it will take time. A lot of time. Not only will it take time to develop, but you also have to maintain the system and make it scalable. If you don’t you may run the risk of getting angry emails from customers saying they can’t access the product they pay good money for, and that’s never a fun email to read. Additionally, coding advanced licensing features such as usage-based licensing or offline license verifications is not an easy thing to do (if you want to learn more, here is a quick post about in-house VS outsourcing software licensing).

As a result, more and more software developers are today outsourcing software licensing to experts, which is the topic of the rest of this blog post.

Implementing a Software Licensing Solution

A cloud-based Licensing as a Service (LaaS) provider such as Cryptolens will do most of the heavy lifting. When a user of your software signs up, your software sends a request to our license server where the information about all of your licenses is stored. The license server then checks if all of the requirements are met. For example, was the customer’s last payment successful?

If all of the requirements are satisfied, the license server sends a response back to your software that tells it to run as normal. If, for example, the customer did not pay their last payment, the license server will tell your software to display a message telling the customer what they need to do to gain access to the software again.

Using our dashboard, you can manage the license keys you have created and effortlessly implement any licensing model. You can even automate the license creation process using our API. Getting started is a simple three-step process of signing up, installing our SDK, and inserting a short code snippet into your application’s code. We have detailed guides in your favorite programming language so you can implement software licensing within minutes!

Thank you for reading! Here is a short video covering the technical underpinnings of software licensing from the software vendor perspective:


Get Started with Cryptolens Today!

Choosing between floating and node-locked licenses

Companies often face a challenge when choosing between floating and node-locked licenses. The two licensing models both handle the issue of setting a maximum number of machines that can use a license key at the same time. However, there are significant differences.

The main benefits of each model will be explained in this blog. You can also watch the following video on YouTube:

Floating and Node-locked licenses

For the node-locked licensing model, let us assume that your client uses your license key on Machine A and B. If you want to activate Machine C, you first have to deactivate either A or B.

Floating licenses instead allow you to put a constraint to only allow, for example, 10 machines to use the license at the same time. The client can then install the application on, for example, 100 machines, but only be able to have 10 machines use the license key at the same time.

Floating licenses are therefore better if you know in advance that your customer will be moving machines and the most important aspect for you is that they do not use the license on more than a set number of machines.

Node-locked licenses are then best if you know that a customer will only use the license on a specific set of machines, and given that they will not switch machines often.

We hope we have now answered the question “Choosing between floating and node-locked licenses”. For a more in-depth description of the two licensing models and a guide on how to implement them in practice, please read our documentation.

Are you new to Cryptolens? Welcome! We make it effortless for software creators to license and sell any type of application, in any programming language. Our software licensing system integrates with leading providers such as PayPal and Stripe to make payments secure.

Join hundreds of innovative and world-leading software companies – get started with Cryptolens today!


Get Started with Cryptolens Today!

Different types of software licenses - Cryptolens

What are different types of software licenses?

Choosing between the different software license types is a crucial decision when you are planning on licensing and selling your software product. That is why we are answering the question “What are different types of software licenses? to help you get started.

We will now briefly introduce some of the most common software licensing models that we offer to our customers. If you want to read more in detail, please visit our documentation pages.

This blog is also available as a YouTube video:

Types of software licenses

One of the most common types is called a perpetual license. That is when you charge a customer once, and they get full access to your product forever. A subscription is when you are continuously charging a customer. They are only granted access to your application if they continue to pay. The most common subscriptions are paid on a monthly, quarterly, or yearly basis.

It might also be beneficial to charge the customer only when they use the software or its features. For example, if you sell an accounting software product, you could charge your customers for each financial report they create using the software. This licensing model is called usage-based licensing.

Lastly, some companies want to allow only a limited number of machines to use their software at the same time. This can be done using node-locking or floating licenses, both of which we have covered in more detail in our documentation. You can then charge the customer extra for a license where they can to use your software on more machines at the same time.

We hope that gave you an answer to the question “What are different types of software licenses?” If you would like to read more about the licensing types, please read our documentation.

And if you are new to Cryptolens, welcome to our website! We offer a software licensing system for software developers to license and sell any type of software application. Our documentation pages give you detailed guides in your programming language on how to implement our licensing as a service (LaaS) platform.


Get Started with Cryptolens Today!

Different types of software licenses - Cryptolens

Consumption based software licensing offline

Licensing software that will run in an offline environment is more challenging, specifically in cases where one needs a certain response from the server (for example, to activate a new devices or record usage). However, it tends to be a real problem when changes need to be recorded fast, which occurs in the floating license model and pay-per-use model).

A few days ago, we introduced support floating license that can work offline using our license server. Today, we would like to introduce the new release of the license server that supports the pay-per-use model offline.

How it works

Instead of contacting our server to record usage, the license server will, on a regular basis, write down all the updates to a data object to disk. Each time an update is written, we will use your public-key to encrypt it along with the previous encrypted block (if you want to learn more about how it works, please check out ‘asymmetric encryption’ in this article). Since the public key is used, there is no way to see what information has been recorded, and because each update is encrypted with the previous update, once it is on disk, there is no way to tamper with the usage (assuming the client has not backed up the previous version). And even if a client would be able to tamper with this file, it may still be detected by our AI anomaly detection module. In addition to the collection of usage information, if your clients send you these files regularly, you may be able to detect any tampering with their local clock.

You can read more about our protocol on the following page: https://eprint.iacr.org/2021/937. The implementation can be found in the following repository: https://github.com/Cryptolens/license-server.

As always, if you would have any questions, please reach out to us at [email protected].


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Introducing reseller portal for software licensing

Since the end of last year, we have made the reseller portal generally available for all users. We would like to thank all our beta customers for their feedback during the development process.

Idea

The goal behind the reseller portal is to allow you to delegate license issuance rights to other users. This can be your resellers/distributors, IT-admins of your customers or your employees. In other words, “reseller” can be any user that should only be able to create specific amount of new licenses based on a pre-defined template.

The reseller portal also introduces new logging capabilities. All events related to new licenses, customers, etc, are stored in the object log. Thanks to this log, you can, for instance, bill your resellers or customers only when they have successfully created a new license.

Getting started

Once you have created a new account, the reseller portal will be available in the top menu. If you are an existing customer, you can enable it on the billing page. As the next step, we recommend to check out the wiki page for more information.

Please let us know if you have any questions 🙂


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.

Be careful with sessions: Garmin Connect App example

It’s not uncommon nowadays to see people with a smartwatch, be it Apple Watch or another brand such as Garmin. I think there are many advantages of using one; to me, it’s about keeping track of exercises in the gym as well as other parameters such as stress and sleep.

Many smartwatches record a wide range of data points: puls, movement, altitude and location. This amounts to large amount of data, which can be used to infer various things about the individual. Therefore, it’s important to keep this data safe.

In this post, I would like to share the security issue in the Android version of the Garmin Connect app and list several tips on how this can prevented when you work with sessions in your projects.

Background

When developing an application that requires user authentication, most of the time one needs the state to persist so that users don’t need to enter the username or password each time they visit a new page. Sessions can help us to accomplish that. Using sessions is less secure than asking for credentials all the time, but it’s trade-off that most of us can accept.

The issue

Before we start: I have confirmed with Garmin that they have fixed the issue before publishing this post.

Early in April last year, I changed my password to Garmin Connect on their website. I was already logged in into the Android version of the Garmin Connect app with my old password and my expectation was that the app would ask me to re-authenticate at some point. But, it did not. I cannot tell how long the session would persist, but I could keep using the app for several weeks with the old session.

The problem with such a long session duration is that it gives users a false sense of security when they change their password. For example, imagine that the user had a weak password at some point and an adversary was able to login and obtain a new session. Even if the user would have changed the password later, an adversary would still have access to their health data.

If this problem would have occurred in, let’s say, the Neftlix app, I would not be as worried, but since Garmin Connect stores large amounts of health data, I felt like that the consequences of a potential breach could be huge.

Proposals

After filing this security concern to Garmin, I proposed the following changes:

  • Make sure that sessions are reset everywhere (especially in the android app) during a password reset (or at least offer the user the choice of selecting this option on the website)
  • Time-limit the sessions on the mobile devices
  • Enable two-factor auth for each account

Conclusion

To sum up, whenever you have to persist a state, make sure that sessions expire at some point and that users have the option to log out from all devices. It’s always a trade off between security and convenience, so when you decide the session length etc, you need to take into account the impact of a potential breach, etc. In some cases, you can require users to re-authenticate if the operation is highly sensitive.


Managing app settings in software licensing

When developing apps, you will likely need to store some metadata. This can either be specific to a certain user or be shared among all users.

Data objects offer an easy way of managing metadata either on the product, license key or machine code level. They are quite useful since it’s easy to change them as your application evolves and user-specific data will stay the same across all devices.

In this article, we will cover data objects associated with a product.

Editing metadata

To add or edit data objects on the product level, you can click on the Data Objects link as shown below:

On the next page, you can either add or edit existing data objects. The names are case-sensitive and duplicates are not allowed.

Retrieving metadata on app start

Let’s assume our application needs to obtain the currently supported DOTNET_RUNTIME (which we defined in the previous step). This can be accomplished with the code below (the project files are available here).

To get it up and running, we need to specify an access token and modify the ReferencerId. The access token needs to have the “ListDataObjects” permission checked and we also strongly recommend to specify the product it should work with. The ReferencerId should be the Id of the product.

 var systemSettings = Data.ListDataObjects("access token", new ListDataObjectsModel
 {
     ReferencerType = DataObjectType.Product,
     ReferencerId = 3349,  // <- the product id
 });
 
 if(!Helpers.IsSuccessful(systemSettings) || systemSettings.DataObjects == null)
 {
     Console.WriteLine("Could not retrieve the settings.");
 }

 var settings = systemSettings.DataObjects.ToDictionary(x=> x.Name, x => x);

 if(settings.ContainsKey("DOTNET_RUNTIME"))
     Console.WriteLine(settings["DOTNET_RUNTIME"].StringValue);

What’s next?

In the future tutorials we will describe how you can store user specific information. In meantime, let us know if you have any questions 👍


Not a customer yet? Sign Up for a free trial and implement our software licensing system within minutes.