0

We have an application that we need to ensure that our APPLICATION DATA should not be used (or opened) in different computers with same users. For that we thought about getting harddisk GUID as a part of data encryption private key. In this case raid disks, virtual PCs would fail and wouldn't be able to open the data. We need some advice about how to get a proper id to strict user-per computer but not user-harddisk.

Note: Both Mac and Windows supported

Edit: it was about application data, but not the application itself. Sorry for wrong asking

ikbal
  • 117
  • 5
  • Can we ask what the application is? Why is it restricted to one _computer_ (and usable by one person) and not one _user_? – Clockwork-Muse Dec 27 '12 at 17:01
  • Note also that, even when you can get them, HDD IDs are not unique - e.g. in a previous job we discovered that all Dell's of a certain model had the same HDD ID, presumably due to ghosted drive images. – Arjailer Dec 27 '12 at 17:33
  • you could aggregate a list of device info kind of like [browser fingerprinting](http://programmers.stackexchange.com/questions/122372/is-browser-fingerprinting-a-viable-technique-for-identifying-anonymous-users) and use a validation threshold in case any components change (just postulating) – jtzero Dec 27 '12 at 19:33
  • So, the encrypted data is lost as soon as the HD fails, even if there is a backup. – mouviciel Jan 10 '13 at 14:04

2 Answers2

3

Maybe the MAC Adress of the Network adapter might be a proper solution for you. But even this cannot asure you a 100% unique ID because the Adapter can be built into another PC. But no matter what you do without a service based application you cannot 100% control who is allowe

Mohnkuchenzentrale
  • 131
  • 2
  • 4
    http://en.wikipedia.org/wiki/MAC_spoofing is also probably an issue – Karthik T Dec 27 '12 at 08:54
  • Agreed (+1), I would probably go with MAC address too, but in addition to spoofing there is the issue of machines with multiple network adapters, so even if someone isn't maliciously trying to impersonate a known user, you still have the issue of a user unwittingly trying to connect from multiple MAC addresses at different times. As you say though, can't be 100% sure no matter what. – Joel Brown Dec 27 '12 at 13:36
  • Yes, be careful of multiple MAC addresses per computer - I've fallen foul of this with my work laptop, where I usual use a wired connection, but sometimes disconnect and go wireless - same computer, two perfectly legitimate MAC addresses. – Arjailer Dec 27 '12 at 17:30
3

You can't, and it's a terrible idea anyway. People use multiple computers, and even on their primary computer, they generally change their computer hardware more frequently than their software. Back when I used software like yours, I would disable that protection so I could properly use the software I paid for. Now, I don't even bother, and just buy from your less draconian competitors instead.

People can set their own MAC addresses, so that's not really a solution. Also, routers change the MAC address on packets, so a central server has no access to it.

If you really want to restrict by hardware, the only real way to do it is to supply your own dongle that must be attached to the computer. Yes, you can move the dongle, but you're still restricting use to a physical piece of hardware, so you can't just email someone a license key. You almost never see these because they're annoying for both users and distributors.

The most common form of user restriction nowadays is probably the license server. The software contacts a server to obtain a license, and must release the license before it can be used again somewhere else. This lets a user use software on multiple computers, but only one at a time, which really should be your goal here. It's still a little annoying for users, but acceptable if the software is high quality.

Karl Bielefeldt
  • 146,727
  • 38
  • 279
  • 479
  • Thank you Karl, but I think I misasked the question. We have valueable data in our application. We need to protect the data encrypted in a machine so it couldn't be opened in another computer. That is we need a private key for our data encryption. – ikbal Jan 10 '13 at 13:59
  • 1
    I don't understand. If the computer hardware dies, how do they get to their valuable data? – Karl Bielefeldt Jan 10 '13 at 14:17