[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Business models
- To: email@example.com
- Subject: Re: Business models
- From: Esben Haabendal Soerensen <firstname.lastname@example.org>
- Date: 04 Jun 2001 09:35:43 +0200
- Delivered-To: mailing list email@example.com
- Delivery-Date: Mon, 04 Jun 2001 03:35:47 -0400
- Mailing-List: contact firstname.lastname@example.org; run by ezmlm
- Newsgroups: sunsite.linux.linuxgames
- Organization: SunSITE.dk - Supporting Opensource Software
- References: <01052712081102.00594@chrisbig> <200105271421.KAA07831@identicalsoftware.com>
- Reply-To: email@example.com
- Sender: firstname.lastname@example.org
- User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7
email@example.com (Dennis Payne) writes:
> [online key validation]
> > Actually that is IMHO one of the nicer schemes - and it's one that does
> > work. And it's quite simple and portable.
> Yes and no. In theory it is simple to implement but a robust
> implemention ins't so easy. First keys must be sufficiently random that
> they can't be guessed. Second the network protocol must establish a
> secure connection to send the key. If those safeguards aren't
> implemented, you could end up with a lot of annoyed legal customers
> that can't access play your game because their key is in use.
How about a scheme with the license key being a small non-secret
key-id paired with a secret and sufficiently large cryptographic key.
The game server would then have a database of all known key-id/key
When connecting to the game server, the client sends the non-secret
key-id to the game server, thus telling the server what key to use.
The client and server then setup a safe crypted channel with the
secret key, using that channel for a session specific key-exchange.
Nice and simple. The only vulnerability being the game server. It
would probably be a good idea to seperate the game server into a game
server (or a cluster of those) and a key server, which protects the
keys, handles the key-exchange stuff, and hands the session keys to
the actual game server.
To unsubscribe, e-mail: firstname.lastname@example.org
For additional commands, e-mail: email@example.com