Using the date to allow users to have a grace period

[Joe_Black]

Hi all,

I have an app that users can add plug in modules to, each module gets a
key supplied by us to activate the module for permanent use, the modules
however must work for a trial period, say 30 days, to allow the user a
chance to test that the module is what they want before paying for it.

The problem is, when the module is installed the app records the date it
was first found and uses that date to give the grace period i.e. for 30
days a message is given stating how long they have left before this
module stops functioning. Obviousley the user could change the date on
their PC after the 30 days to be within the 30 day trial period, is
there any way I can record the actual date so that if the user does
change the date the module still knows how many days it has been used for.

Or is there a better way to allow a grace period?

Many thanks

Joe

 

[Marvin Varela]

There are several ways to do something like this.

First, if the PC's date is anywhere before the last recorded date, terminate
the trial inmediately, they're obviously tampering with the date.
Second, If your application has something to do with the internet, check the
date outside the user's PC using a webservice or something similar.
Third, you could add an additional variable, for example a number of
executions, so that even if they keep setting the date right (but they will
fail some time or another) you can terminate the trial if you detect they
have executed the application more than the reasonable times they could do
in 30 days (300 times is unlikely, 3000 is almost impossible for any
interactive application. You could kindly remind them this is a trial
version every 300 executions, and terminate it at 3000. Make the reminder
difficult to ignore, make it last 45 sec. and if they try to close it before
that time close the application and make them start all over again).

Also, after you have detected any attempt to tamper on your application
leave a trace so that even if it is uninstalled and re-installed completely
you'll be able to still tell them the trial is over. Don't make this too
obvious because they will find it and delete it, make it difficult to find
and completely out of context so there is no way to relate the trace left
with your application and also don't leave a trace any place where it could
be deleted by accident.

Hope thsi helps.

 

[Joe_Black]

There are several ways to do something like this.

First, if the PC's date is anywhere before the last recorded date, terminate
the trial inmediately, they're obviously tampering with the date.
Second, If your application has something to do with the internet, check the
date outside the user's PC using a webservice or something similar.
Third, you could add an additional variable, for example a number of
executions, so that even if they keep setting the date right (but they will
fail some time or another) you can terminate the trial if you detect they
have executed the application more than the reasonable times they could do
in 30 days (300 times is unlikely, 3000 is almost impossible for any
interactive application. You could kindly remind them this is a trial
version every 300 executions, and terminate it at 3000. Make the reminder
difficult to ignore, make it last 45 sec. and if they try to close it before
that time close the application and make them start all over again).

Also, after you have detected any attempt to tamper on your application
leave a trace so that even if it is uninstalled and re-installed completely
you'll be able to still tell them the trial is over. Don't make this too
obvious because they will find it and delete it, make it difficult to find
and completely out of context so there is no way to relate the trace left
with your application and also don't leave a trace any place where it could
be deleted by accident.

Hope thsi helps.

Hi Marvin,

Thats some food for thought, many thanks, I will use several of the
methods you have suggested.

Thanks again

Joe

 

[Brian P. Hammer]

I've used an obscure place in the registry but add to it... I encrypt the
date and time and add another key to verify that the encrypted key. I also
grab the name of the computer, processor type and memory installed. If any
two of these changes, I disable to entire app. Keeps people from sending the
registered/purchased app to other's.

HTH,
Brian