Product key server as a service
Here is the service that I want:
- Developer makes app FooBar, and wants to monetize it via product keys.
- Developer signs up for a PKSaaS.com account, a product-key-server-as-a-service company.
- PKSaaS generates an asymmetric keypair for developer’s account. PKSaaS will use this to sign product key files.
- Developer downloads the PKSaaS.com library and integrates it into app FooBar.
Developer provides the library with the public key.
The PKSaaS library registers the app to handle
*.foobar-keyfiles. The library handles opening
*.foobar-keyfiles, verifying the authenticity of the product key file with the public key, and storing the product key file locally.
- Developer adds “buy product key” section to FooBar.com. This payment page is provided by PKSaaS.com.
- When PKSaaS.com receives payment from a FooBar customer firstname.lastname@example.org, it generates a key for
email@example.com, signs this with the private key, and emails this to firstname.lastname@example.org as the attached file
- Jim opens the attachment, which automatically opens in FooBar.
- The PKSaaS library verifies the
email@example.com’s signature, saves the file, then informs the FooBar application logic that it should allow paid features.
- Periodically or on demand, the PKSaaS library checks that the product key file is still valid (e.g., has not expired).
Optionally, there may be logic which ties the product key to the machine, or limits the number of machines using that product key, or verifies that the current user really is
firstname.lastname@example.org. These would be designed to prevent the dispersal/reselling of the
email@example.com product key.
My problem is that I can only find a single service which does this: FastSpring. Where are the competitors?
More by Jim
- Your syntax highlighter is wrong
- Granddad died today
- The Three Ts of Time, Thought and Typing: measuring cost on the web
- I hate telephones
- The sorry state of OpenSSL usability
- The dots do matter: how to scam a Gmail user
- My parents are Flat-Earthers
- How Hacker News stays interesting
- Project C-43: the lost origins of asymmetric crypto
- The hacker hype cycle
- The inception bar: a new phishing method
- Time is running out to catch COVID-19
- A probabilistic pub quiz for nerds
- Smear phishing: a new Android vulnerability
Tagged . All content copyright James Fisher 2017. This post is not associated with my employer. Found an error? Edit this page.