By Tim Regas November 16, 2018

The Developer’s Guide to Software Licensing and Copy Protection

Consider these statistics from the 2018 BSA Global Software Survey:

  • Unlicensed software represents 37 percent of all software installed on personal computers worldwide.
  • The commercial value of unlicensed software globally is more than $46 billion.
  • Malware from unlicensed software costs businesses across the globe nearly $359 billion a year.

The Commission on the Theft of American Intellectual Property estimated that annual losses from software piracy, theft of trade secrets, and counterfeit goods run as high as $600 billion each year.

If you thought this is mainly a concern of developers that distribute software outside the United States, it’s worth mentioning that the cost of software piracy is higher in the U.S. than in any other country—followed by China, India, France, and the U.K., according to data from the Business Software Alliance.

One developer succinctly explained why software developers are investing appropriately in software copy protection:

“I didn’t spend 10 years of my life developing the software so that it could be given away. I needed a better way to protect it.”

In short, as a software developer, you should have software licensing top of mind.

Why Software Security Is Important

The short answer is, people suck. Well not most people, but the few bad apples out there can cause more damage than the majority of good honest people combined.

While most people will be honest, pay for your software, and not misuse it, there are individuals who will use unlicensed copies of software, steal software for the purpose of reselling it, or reverse engineer it just to say they have.

As the developer, you have spent countless hours planning, designing, and coding software to solve some problem. The last thing you want is for someone to steal your hard work and profit from it.

Another, less considered, side effect of poor software security is the potential damage to your reputation.

According to the BSA, malware from unlicensed software costs nearly $359 billion annually. If a company determines that your software, even if used unlicensed, brought in malware that caused damage, would that company be running back to you for their next software purchase? Probably not.

Even if they understand the software was unlicensed, making the company squarely to blame, you will still have to do damage control to ensure no one else is impacted by the malicious version of your software.

The best course of action is to protect your software before it is ever distributed.

Here’s the good news: According to the BSA survey, businesses that “take pragmatic steps to enhance their software management” increase profits by as much as 11 percent.

Indeed, protecting your trade secrets and brand have obvious bottom-line benefits. These include avoidance of unnecessary costs, not to mention frustration associated with backtracking and reinventing your software with proper protection. It’s inarguably better to work on developing your software rather than on trying to gain it back.

How to Secure Your Software

There are many vendors who provide software licensing and security, but first you must ask yourself important questions to determine how to proceed.

The first question you must ask when securing your software is, what is your primary goal in implementing software security? Is it to prevent piracy? Prevent reverse engineering or misuse? Or is it something else altogether?

Then you should ask what level of security is required for your application. Will a bicycle lock do, or are you wanting something more like Fort Knox? Most developers err on the side of caution and implement more security than what is necessary and is typically recommended.

Finally ask yourself how much you want to spend on software security. There is no right answer to this question, so you’ll need to shop around to get a feel for the prices of the options you decide to implement.

Once you have determined your need, budget, and level of security, you can start looking at your options for protection.

Key Elements of Protection

Software copy protection begins with your licensing strategy, where you will determine how to be compensated for your software. Some common licensing strategies include:

  • Perpetual. One-time payment allows for unlimited access to the application.
  • Feature-based. Software is purchased, and additional features are unlocked with additional purchases.
  • Time-based. Software is rented for a specified length of time and can be renewed at expiration.
  • Tiered. Versions of the software are offered based on the number of features available, e.g., Silver, Gold, or Platinum.

Once you’ve arrived at a licensing strategy, you’re ready to find a solution that enforces that strategy and makes it very difficult or nearly impossible to circumvent, so you get paid the correct monetary value for each user.

Your software copy protection strategy should take into account where your software will be released. Will it connect to the internet? Will it run on standard PCs/Macs or an embedded device? In software copy protection, there’s no “one size fits all” approach. Look for a solution that meets all your criteria.

You’ll also want a solution that reflects your required security level. A handy analogy: You shouldn’t lock up your bicycle in Fort Knox to keep it safe, and you shouldn’t use a bicycle lock to secure the Hope Diamond. Your protection should match the value of your software.

By addressing these considerations, you can determine if a software- or hardware-based (or mixed) solution is best.

Types of Protection

Let’s run through the major options for software copy protection, including the cost, level of security, and implementation in each case.

Honor system.
The upfront expense is zero, and the hope is everyone who buys your software refuses to distribute it, so you’re paid for each user. There is no setup or implementation required: As soon as you hit compile, you’re ready to distribute. Problem: As your volume of users grows, it becomes almost mathematically inevitable that some users will intentionally or unintentionally share it. Needless to say, your level of security under an honor system is virtually nonexistent.

Software-based with no internet connectivity.
This tends to be a low-cost option. Implementation of software-based solutions are usually carried out after the software has been compiled. Typically, a software wrapper with some configuration settings is used to protect the application. When the software is run by end users, it isn’t connected to any resources for protection. Because all licensing parameters are on the computer running the software, unauthorized use is fairly easy. The level of security for software-based solutions is in the low-to-moderate range.

Software-based with internet connectivity and activation.
The required connection back to a licensing server generally results in a high cost for setup—plus recurring fees. Again, a software wrapper is used to implement the protection, but because internet connectivity is required, the options offered by the wrapping software are more robust. The additional options allow for greater visibility into where the software is being used, how it is being used and, whether or not it is being used in an unauthorized way. Because internet connectivity is always required, some locations may be excluded. Protection is in the moderate-to-strong range, because licensing parameters remain off-site on secure licensing servers.

Hardware-based protection.
Security is very strong, because licensing is contained on a USB hardware security dongle, with no internet connectivity required. The cost on a per-license basis for each dongle is low, and no recurring licensing fees are involved. Implementation can be accomplished using application program interfaces (APIs) or software wrapping.

Key Benefits of Security Dongles

USB hardware security dongles are the best choice for software licensing and security. They can be quickly and easily implemented using a software wrapper. For greater flexibility, APIs can be integrated into your software, and for the greatest security both software wrapping and API integration can be used.

Security dongles offer a variety of advantages, starting with the form factor. The presence of a physical key removes the license from the computer hardware. With an external key located outside the operating system, security is strong.

Moving the license from one computer to another is as easy as removing the USB from one computer and inserting it in another. The secure physical dongle key cannot be read or copied.

Using a USB dongle, no licensing server is contacted, so you’re able to deploy software where internet connectivity is restricted or prevented. This includes high-security locations such as government installations and areas where internet traffic is heavily monitored, restricted, or not allowed. Dongles eliminate the need to make available different solutions for different environments.

Other benefits of USB dongles include:

  • Improved security for your intellectual property (IP). Tight integration between the dongle’s firmware and your software makes it possible.
  • Flexible licensing options. Your options for establishing—and enforcing—licenses are virtually unlimited.
  • Exceptionally easy implementation. A first-rate dongle solution can be implemented within minutes rather than in days, weeks, or months.
  • Multiplatform support. USB dongles can support all versions of Windows as well as Mac and Linux systems.

What to Expect From Your USB Dongle Resource

Should you choose this option for protection, in addition to first-rate protection, your chosen dongle supplier for software copy protection should deliver:

  • Ease of implementation.
  • Speed of delivery for production dongles. You don’t want to be waiting on your supplier to sell more of your software.
  • Flexibility to implement and customize the solution to fit your needs.
  • Software licensing is far from one-size-fits-all.
  • Peace of mind knowing that your supplier has a proven track record and will be around to support your though the full life cycle of your application.
  • Support to help implement the solution as well as continuing support for when it’s time to upgrade your software.

Don’t Let Others Profit From Your Hard Work

While the rate of software piracy has decreased 2 percent in the past two years, it still accounts for 37 percent of software installed on personal computers. A slight decrease in piracy does not mean you can neglect software licensing and security.

You have invested hundreds, probably thousands of hours into your work; the last thing you want is for your hard work to be stolen. Before releasing any software, you should think about how you are going to license and secure it, and if you have already released software without protection, you can retroactively add security to prevent future harm.

About the author

    Tim Regas

    Tim Regas is a product expert and general manager at KEYLOK. With over 35 years of experience, KEYLOK helps software developers license and secure software using hardware security dongles.