Ok -- your client will send you their license key and a UUID of their computer. With that, you'll authenticate and respond to the client with a specially generated binary patch.
That patch should be a unique patch that is generated only by license key and UUID. You should deprecate that license key and give them a "new" license key (that they can find in their about and email) -- thus no two licensed programs will be alike. The UUID's are used for analytics and tracking, as well as one fun idea:
The generated binary ONLY works with that systems submitted UUID and that new license key (that you gave to the user!
). If the current UUID + license key hashing fails, then you can force them to resubmit their license key, which (ideally) would return a new binary patch updated to a new license key and new uuid.
It is at that point you can catch someone who submits the same license key twice with completely different UUIDs-- because the flow dictates that there be only one UUID per patch generation, UUID and current license key, with a reference to the previous one. In short, you can detect someone using the same license key on many systems simultaneously from someone who is migrating computers (because they'll install it once per authentication/reauthentication...).
That patch should be a unique patch that is generated only by license key and UUID. You should deprecate that license key and give them a "new" license key (that they can find in their about and email) -- thus no two licensed programs will be alike. The UUID's are used for analytics and tracking, as well as one fun idea:
The generated binary ONLY works with that systems submitted UUID and that new license key (that you gave to the user!
). If the current UUID + license key hashing fails, then you can force them to resubmit their license key, which (ideally) would return a new binary patch updated to a new license key and new uuid.It is at that point you can catch someone who submits the same license key twice with completely different UUIDs-- because the flow dictates that there be only one UUID per patch generation, UUID and current license key, with a reference to the previous one. In short, you can detect someone using the same license key on many systems simultaneously from someone who is migrating computers (because they'll install it once per authentication/reauthentication...).
Slave to the Patriarchy no more
