Product Key Scheme

This is a concept for a product key activation for a web application. You download the application, install it on the server, and then it will allow you to buy a key via a website. The key will unlock the software (remove a nag message or something).

The system uses a public/private key system. There's a function f where f(private, data) -> encryptedmessage, and a function d(public, encryptedmessage) -> data.

The public key is embedded in the software.

When the user buys a key, a string with the site domain and a product name (or id) is concatenated is run through f(). The result is sent back to that domain, to a special URL that will receive the encrypted message.

The encrypted message is stored as the product key.

Subsequently, the site will decrypt the message with d(public,product key), resulting in the original domain and product name registered, and then check to see that the domain and product name match the reality. If it matches, the site will continue to run.

The nice feature of this system is that the software doesn't need to "phone home" to keep running. In fact, it needs to contact the server only once. Additionally, if the product becomes obsolete, the private key can be released and anyone can generate a key. This system need not be a huge burden on the user, but can still help in addressing issues of unauthorized copying and licensing.

Instead of encrypting and decrypting, a digital signature algorithm can be used as well.

One limitation of this method is that there is no expiration date for the key. This is only a problem for the vendor who wishes to collect periodic licensing fees.

This system can be operated for a peer-replicated ledger and payment system like Bitcoin, if the system can pass a message along with the payment. A payment with the domain and product number can be constructed. The server can generate a receiving address. The payment and the registration information is transmitted. The payment service then refunds a small amount of with a message containing the encrypted activation key.