Re: Business models

[Esben Haabendal Soerensen <esben@haabendal.dk>]

dulsi@identicalsoftware.com (Dennis Payne) writes:

> [online key validation]
> > Actually that is IMHO one of the nicer schemes - and it's one that does 
> > work. And it's quite simple and portable.
> 
> Yes and no.  In theory it is simple to implement but a robust
> implemention ins't so easy.  First keys must be sufficiently random that
> they can't be guessed.  Second the network protocol must establish a
> secure connection to send the key.  If those safeguards aren't
> implemented, you could end up with a lot of annoyed legal customers
> that can't access play your game because their key is in use.

How about a scheme with the license key being a small non-secret
key-id paired with a secret and sufficiently large cryptographic key.

The game server would then have a database of all known key-id/key
pairs.

When connecting to the game server, the client sends the non-secret
key-id to the game server, thus telling the server what key to use.

The client and server then setup a safe crypted channel with the
secret key, using that channel for a session specific key-exchange.

Nice and simple.  The only vulnerability being the game server.  It
would probably be a good idea to seperate the game server into a game
server (or a cluster of those) and a key server, which protects the
keys, handles the key-exchange stuff, and hands the session keys to
the actual game server.

/Esben

---------------------------------------------------------------------
To unsubscribe, e-mail: linuxgames-unsubscribe@sunsite.dk
For additional commands, e-mail: linuxgames-help@sunsite.dk