If you were a global merchant 300 years ago, you were probably using a wooden ship as your delivery method, and there was always a danger of lurking pirates ready to steal your goods. With the emergence of e-commerce, we are no longer entirely dependent on ships and boats in global trade, but the danger of piracy, in the form of unauthorized use or access to digital content, is still prevalent.
Last week, we discussed the vulnerability of ecommerce sites to hackers and the benefit of complying with external security standards, like PCI-DSS and SAS-70. This week, we focus on protecting digital content from unauthorized access or copying.
Like the common cold, there is no cure for hackers, and digital ecommerce companies need to have preventive measures in place to protect their revenue stream. We begin by analyzing different types of digital content and understanding that each type of digital content has it own challenges in keeping it’s copyright protected.
SaaS, for example, is relatively easy to prevent unauthorized access to, because SaaS keeps the provider in control of the digital content, while users pay for access to a product or service. Nevertheless, a wily hacker can steal access to the service or the content (e.g., if you offer video courses or flash-based applications through a web portal, a hacker can screen record the content).
Software is probably the most common digital asset sold today and is moving more towards the cloud, but the vast majority of software is still downloaded on to a machine. On premise software, (and audio, video, and text products like ebooks), is more difficult to protect. Since oversight of the product is lost when delivered to users, digital ecommerce companies selling these products online need to find ways to control what is done with the product after it is received. Otherwise, a product is susceptible to being “cracked”, and the rightful vendor can be cut out of further sales.
Games have both download and cloud delivery models. The download, or license model, has similar protection issues to software, but cloud delivery is essentially the same as SaaS where the product is harder to steal, so a hacker seeks unauthorized access to the product.
For an expert perspective on different ways to protect digital assets, we spoke with Dieter Hӓrle, owner and managing director of Mirage Systems, a global software provider with a focus on content and copy protection, digital rights management, license management, software activation and copy protection for applications.
“A license key solution was sufficient 10 years ago, but not today,” Hӓrle says, “a good solution covers more than just the licensing mechanism.” Hӓrle recommended the following key practices in developing a complex and useful strategy to prevent unauthorized access.
Protect Against Decompiling
Decompiling is the process of taking a software program and reverse engineering it until the source code is revealed. Manipulating the source code to remove the copy protection or licensing mechanism results in the hacker gaining a free version of your product. Dangerous indeed! One preventative measure against decompiling is to obfuscate your source code. Note that programs written in .Net and Java are vulnerable to this type of hack and harder to obfuscate, while Delphi and C++ are less vulnerable and easier to obfuscate.
Develop a Strategic License Model
Asking which licensing model is best for copyright protection is like asking which chess move is best. The answer is entirely dependent on your situation, and there will be trade-offs between your desire for control and the user’s desire for unrestricted access. Several important license models are listed below.
A very strict licensing model that restricts installation to a single computer. The upside is that users buy more licenses for other computers… if there isn’t a cheaper option available elsewhere. The downside to this scenario is that with such strict limitations, a higher percentage of installations turn into customer contacts and user frustration. If the license is restricted to one PC, an important feature to include is the ability to move the license to a new PC in case the PC is replaced.
Per user license model
(e.g. switch between office PC, home PC and mobile PC.) This gives the user a great additional value as he can use a product on multiple devices.
Allow users to install software on e.g. three different computers.
Network license –
(e.g. per PC/seat or per user) lets a company a central point of license administration. Only the administrator handles licensing issues — the end user does not even know that a license exists.
A floating license is available to different users within a company, resulting in a shared model between employees. As long as enough licenses exist, other users can run the program legally.
Individual feature enabling
Use this strategy to get customers to buy at a cheap price and upgrade with more features later.
In all models, a combination of several computer identification points is used to strictly limit the installation and identify a computer. An activation process (online, email, fax or phone) is necessary to send the hardware information to an activation server.
Protecting your intellectual property is a complex topic and needs careful attention and thought before releasing a product to the market. Hӓrle notes, “Depending on the kind of software you sell, the focus can be different. A network license is essential for business software where a game vendor may focus on decompiling and copy protection.” Here are some of Hӓrle recommendations:
Selling B2C software
- Allow a license key two-three installations before locking to avoid unnecessary customer contacts.
- Market a higher-priced family license that permits installation on all household computers. This is a good way to increase the average revenue per order or household!
Selling B2B software
- Offer a concurrent licensing model, which is more flexible.
- The typical alternate to concurrent is a per-computer model, which results in more seats and cost; good if you can get it, but companies usually have alternatives.
- Digital product distribution is global, so make sure your system supports a wide variety of languages. Ensure that your licensing product is also multi-lingual.
In the words of Dieter Hӓrle: “A customer expects that software just works – no matter if the PC is replaced, used on a virtual machine or on his mobile PC. A software vendor wants revenue from each sale. To balance both requirements you need a comprehensive licensing and copy protection solution. A simple system is insufficient. As the requirements to use software get more and more complex, you need a protection system that covers every usage scenario.”