Product key server as a service
Here is the service that I want:
- Developer makes app FooBar, and wants to monetize it via product keys.
- Developer signs up for a PKSaaS.com account, a product-key-server-as-a-service company.
- PKSaaS generates an asymmetric keypair for developer’s account. PKSaaS will use this to sign product key files.
- Developer downloads the PKSaaS.com library and integrates it into app FooBar.
Developer provides the library with the public key.
The PKSaaS library registers the app to handle
*.foobar-keyfiles. The library handles opening
*.foobar-keyfiles, verifying the authenticity of the product key file with the public key, and storing the product key file locally.
- Developer adds “buy product key” section to FooBar.com. This payment page is provided by PKSaaS.com.
- When PKSaaS.com receives payment from a FooBar customer email@example.com, it generates a key for
firstname.lastname@example.org, signs this with the private key, and emails this to email@example.com as the attached file
- Jim opens the attachment, which automatically opens in FooBar.
- The PKSaaS library verifies the
firstname.lastname@example.org’s signature, saves the file, then informs the FooBar application logic that it should allow paid features.
- Periodically or on demand, the PKSaaS library checks that the product key file is still valid (e.g., has not expired).
Optionally, there may be logic which ties the product key to the machine, or limits the number of machines using that product key, or verifies that the current user really is
email@example.com. These would be designed to prevent the dispersal/reselling of the
firstname.lastname@example.org product key.
My problem is that I can only find a single service which does this: FastSpring. Where are the competitors?
More by Jim
- The inception bar: a new phishing method
- The hacker hype cycle
- Project C-43: the lost origins of asymmetric crypto
- How Hacker News stays interesting
- My parents are Flat-Earthers
- The dots do matter: how to scam a Gmail user
- The sorry state of OpenSSL usability
- I hate telephones
- The Three Ts of Time, Thought and Typing: measuring cost on the web
- Granddad died today
- Your syntax highlighter is wrong
Tagged . All content copyright James Fisher 2017. This post is not associated with my employer. Found an error? Edit this page.