Online Activation with Vendor Licensing System



  • Hello,
    I'm trying to understand the workflows from the Plugin Licensing Manual. The third workflow in the manual uses online activation which is what I want to do:

    1. the Customer buys and download the plugin from Vendor;
    2. the Customer installs the plugin and run Cinema 4D;
    3. at Cinema 4D start, if no valid plugin license is retrieved by on-line querying the Vendor Licensing System, the plugin asks the Customer via a question dialog if a Cinema 4D License Report should be send to the Vendor;
    4. the Vendor automatically receive and process the report(s) based on their sales records and generates one or more plugin license(s) which are then stored in the Vendor Licensing System;
    5. at next Cinema 4D start, the plugin license retrieves, by querying on-line Vendor Licensing System, a valid license.

    Please forgive all of the questions: I've never created this kind of setup, so I am unclear about how to create the Vendor Licensing System on my server:

    • How do I use the License Report to create a valid plugin license on the server?
    • How do I 'bind' the plugin to a userID or a systemID?
    • What would the plugin license file sent by the Vendor Licensing System contain?
    • How could I allow the plugin to wait for a couple weeks before checking the license again (so the user doesn't always have to be online to use the software)?

    Thank you very much!



  • Hi,

    you forgot to tag your question, but I'll assume you are still on Python, I'll also assume you are on R21. The license model the methods provided by the SDK changed significantly with R21.

    While reading the C++ manuals is often a good idea, the C++ workflow of licensing a plugin has never been directly translatable to Python. With the major difference being that we have no access to Cinema's main license dialog from Python (neither read nor write). For your quoted step-by-step guide the key word would be envisioned in the introducing sentence (which you left out), meaning that the whole procedure is just a proposal.

    How do I use the License Report to create a valid plugin license on the server?

    The license report in Python would be c4d.GetGeneralLicensingInformation(). You will have then to create your license key with the product, system and user id provided by that report, depending on what you want your key to be bound to.

    How do I 'bind' the plugin to a userID or a systemID?

    One way to do it could be to put the relevant information into one string (plus some salt) and then hash that string with a common and secure hash-function like for example sha-1. You could of course also build your own cryptographic hash function, because people will quickly figure out that your license keys are sha-1 hashes from just looking at them.

    What would the plugin license file sent by the Vendor Licensing System contain?

    At least on Python all this is not defined. The relevant functions to read and write serial information for a plugin are c4d.plugins.WriteRegInfo and c4d.plugins.WritePluginInfo and their respective Read counter parts. Also that whole "Vendor Licensing System" is not defined on Python (and I think also not C++). But if you would build such license model in Python, the license server provided by the vendor would have to send back the serial key it did create from the license information it received. You could also add more data if you would like, since you can store basically anything with the methods mentioned above.

    How could I allow the plugin to wait for a couple weeks before checking the license again (so the user doesn't always have to be online to use the software)?

    The system described in the C++ example only requires one online activation and so would the Python equivalent I did line out above. Once activated, the serial information would be stored locally and encrypted by Cinema 4D. If you want your plugin to call home on a regular basis, you would have to implement that separately.

    But keep in mind that all methods of preventing illegitimate users using your software will be overcome at some point. Leaving only the legitimate users with the hurdles of your licensing system. So it seems wise to design the system in such way, that it keeps the honest users honest, but does not try to prevent any serious attacks.

    Cheers,
    zipit



    1. How do I use the License Report to create a valid plugin license on the server?
      c4d.GetGeneralLicensingInformation provide you the user-ID, a system ID, and the product ID.
      It's up to you to generate a valid license based on these sets.
    2. How do I 'bind' the plugin to a userID or a systemID?
      There is no direct way but your license check have to check if the binding is good (typically sending the entered license and the userID/SystemID to your server that will tell you the license is valid or not) but this could be build also in the plugin, you are free to do what you want.
    3. It's up to you and your license scheme, only you can know what is a valid license.
    4. Zipit answers to this.

    For more information note that py-licensing_example_r21 demonstrate a basic way to do licensing.

    Finally, keep in mind, python is python whatever the type of protection you are going to put in place, it's still an interpreted language and any python script is run by the python VM, so for attackers, it's fairly easy to retrieve the python code which is currently used.

    Cheers,
    Maxime.

    Cheers,
    Maxime.



  • Hi,

    without further feedback, I'll set this thread as solved tomorrow.

    Cheers,
    Maxime


Log in to reply