Newsletter:

(Article) TrueLicense Java Application License Management

Submitted by guru on Thu, 01/01/2009 - 09:09

Article : TrueLicense Java Application License Management

Features

  • Applications can create or verify application licenses which are bound to users, systems or any other entity.

  • Licenses can be perpetual or temporary (valid within an arbitrary period).

  • Shareware applications can configure secure on-demand creation of free trial period licenses.

  • The authenticity of licenses is assured by using the digital signature mechanisms provided by the Java Security API. A vendor provided, password protected Java keystore is required to hold the private and public keys used for signing and verifying licenses.

  • Privacy of installed license content is maintained by using the password based encryption mechanisms provided by the Java Cryptography Extension (JCE).

  • All keystore and encryption parameters like passwords, etc. are fully parameterized through simple-to-implement Java interfaces.

  • Long time persistence, portability and efficiency is achieved by creating XML based generic certificates and compressing them with GZIP.

  • A Swing based license management wizard is provided to allow easy license installation/verification for users.

  • The code is internationalized, currently supporting English and German.

  • Most classes provide protected methods, providing well-defined entry points for future extensions by subclasses (Warning: The protected part of the API is still a topic for research and may change at will).

Benefits

  • Protects your intellectual property and investment in software development.

  • Secure License Management is now a no-brainer for closed source applications.

  • Hackers would need to crack multiple levels of encodings, secure digital signatures, encryptions and validation checks.

To protect your intellectual property, you should always use Java byte code obfuscation for client applications in order to protect them against decompilation with tools like JAD (this matter is independent of the use of this library collection). If you chose to do so, don’t forget to include the TrueLicense Library Collection when obfuscating your application. Otherwise, hackers could simply exchange your public keystore and your implementation of the KeyStoreParam interface in the JAR of your primary application with their own ones to bypass your license verification code!

Resource :

https://truelicense.dev.java. net/
https://truelicense.dev.java. net/tutorial.html