The licensing mechanism is very important part of the commercial product. Proper testing of it prevent the unauthorized utilizing of your intellectual property.
This article includes brief description of the software licensing types and tools accompanied by the notes about what things are worth paying more attention.
Junior Tester of Apriorit Inc.
What is licensing and what is it for?
Software just like other objects of the intellectual property, such as music and literature works, is protected from the unauthorized copying by the laws about the author’s rights. These laws suppose that the software publisher keeps some exclusive rights, one of them is the right to produce software copies.
Buying the software user actually buys the license that gives him a right to use this software. The terms and conditions of utilizing the software (for example, the possibility to move it to the other PC, use previous versions) are fixed in the agreement, which accompanies the software delivery. The most widespread is EULA – End User License Agreement. EULA is the contract between a user and the software publisher, which describes the possible ways of software utilizing and also limitations for it.
The Agreement can:
- Describe what changes user can perform on the product
- Limit the user right of copying the product
- Allow user to transfer the product or install it to the portable PC
- Indicate if a user can update the product
- Provide a user with the special rights of the network utilizing of the product.
Usually EULA is provided in the digital form and is shown on the first start of the product. User should agree to its terms before the product installation.
Buying a license a user in fact gets the additional services from the publisher such as free technical support, updates and others.
All licenses are divided into two big groups: free software and proprietary software. There are also different types depending on the number of licensed copies (individual, volume, enterprise licenses etc.), additional services volume (standard, ultimate etc.), the type of the object the license is applied to (per user, per machine, per server etc.).
Software protection tools
Methods of the software protection can be divided into software-based and hardware-based. Software-based methods don’t consider the physical properties of the data storages, special hardware etc. Hardware-based methods use specific hardware (e.g. electronic keys connected to the computer ports) or physical peculiarities of the data storages (CDs, floppy disks) to identify the original software version and protect the product from the illegal utilizing.
Electronic key (hardware key, dongle) is the hardware tool intended for software protection from copying, illegal usage and unauthorized distribution.
Generally hardware key is a microchip or microcontroller that has unique algorithms of functioning. The keys are often plugged via USB or LPT interfaces.
Key is plugged to the certain computer interface. Then the protected program sends data to it by means of the special driver. This data is processed in accordance with the specified algorithm and returned back. If the key response is correct then the program continues working, otherwise it can perform any actions implemented by the developers – for example, turn to the demonstration mode, block the access to some features.
To provide the security of the network software special digital keys are used. It’s enough to use just one key for protection and licensing of the network product (limitation of the number of the program copies, which are working in the network). This key is installed on any workstation or network server.
Serial number or license key . Usually it is the text string (but can be a file) with the specific structure. This key is provided to the customer together with the program version (for example in the box package) or separately. Then, just after the installation, the program asks user to enter the key (or provide the path to the key file) and checks the authenticity of the key by the certain criteria.
Subject to the check method we can name the following license key types:
Standard key/serial number. In this case program checks the key provided by a user using several conditions, for example: the key should include 25 symbols, 12 of them should be the numbers and 13 should be the letters, number sum should be equal to 60 and the sum of the numeric equivalents for the letters should be equal to 100. If this approach is used per se (without some additional security actions like activation via Internet) then the key can be used for installing the program to the other computers.
Key with the reference to the serial numbers of the computer hardware components. As a rule, vendor uses the mechanism when a user fills the survey at the vendor’s site and sends to the same site the specific computer identifier (hardware id). Using this hardware id the key is generated. Usually the key contains encrypted information about the user, product, number of licenses etc.
If a user upgrades his computer, the protection fails. The authors of the many programs protected by hardware reference are ready to provide a user with the new key. Besides the hardware id vendor can also use serial number of the hard drive, MAC address of the netcard, BIOS control sum and other system properties.
Activation via Internet. Here the unique product serial number is used. When a user installs an application, it asks to enter serial number and then establish Internet connection with the vendor’s system to check if the provided serial number is listed in the actual numbers.
License server. It is the specialized server application or hardware-software complex that enable to centralize license management. If there is big loading then a separated physical server can be provided for the license server. License server stores all licenses bought for the specified number of the product copies and provides a license to the each program start.
Licensing check-list and testing guidelines
When you start the work on the licensing test you should first of all determine what scheme you have, i.e. what protection tools are used and what are their combinations.
Let’s consider the simplest most widespread licensing schemes: with text key, with key file and with hardware key. More complicated schemes are the partial intersection of the following sets or are specific for the each individual product.
The trial period is often present in this scheme. We’ll consider the check-list with it as it’s more complicated – for the scheme without trial period some tests will be simply omitted.
It’s recommended to check:
– the limitations of the application functionality (if there is such during the trial period) and correspondingly the availability of the full functionality after the successful licensing.
– the possibility of licensing during the trial period
– application response to the input of the incorrect registration data (if the key consists of the several fields then you should make the separate test for the each of them):
а. Key is corrupted
b. Key is absent
c. Key is typed in the wrong case
d. Key contains the extra symbols at the end and/or at the beginning
– application response to the input of the correct registration data
– application response to the input of the registration data provided for the previous versions of the tested application
– unlicensed application behavior after it has been reinstalled during the trial period
– application behavior after the trial period is over
– unlicensed application behavior after it has been reinstalled after the trial period is over
– application response to the system time change forward/backward (the most important here is to keep the trial period correct). Take into account that the system time change should be performed in BIOS because the one performed in the operating system does not have much effect.
– the possibility to register application after the trial period is over.
– application behavior after the registration data has been deleted, for example from the registry (usually after registration the deletion of these data is disabled).
– licensed application behavior after it was reinstalled.
Here you should pay attention on the aspects:
– Using a file with the correct name but with incorrect content and vice versa.
– Starting application after the file was deleted.
– Saving the file while the application is being reinstalled.
– Application behavior after the file has been replaced:
a. correct -> incorrect,
b. correct -> correct,
c. incorrect -> correct,
d. incorrect -> incorrect.
We should check:
– Application functioning with no special software for hardware key installed.
– Application functioning without hardware key.
– Unplugging hardware key while the application is running (here we should take into account 2 situations: application has some process run and application is in the standby mode):
a. Permissible waiting time for the key plugging.
b. Correct application behavior after the unplugged key is returned.
с. Correct application behavior if the waiting time is over and the key was not plugged.
– Application functioning if there are some other devices akin to the hardware key plugged (for example, if the key is USB device then it’s good to check its functioning together with flash drive).
Frequently it’s required to perform countdown not only of the trial time but also of the program starts during the trial period. Here it’s important to control that after the number of starting attempts is over the trial period is finished too regardless of the actual number of trial days left.
Most software products put the information regarding the registration to the About form (usually called by the About menu item). We should check if this information is present and is correct for any licensing scheme in every state.
If HardwareID is used in the registration process it makes sense to try to propose the HardwareID of the other computer.
Testing licensing you should not forget to check some main things:
- correct finishing of the trial period (if it is present);
- user cannot use a program after trial period is over without licensing;
- limitations of functionality in demo-version;
- user cannot renew the trial period using the system time changing or program reinstallation;
- user cannot license a program with incorrect data.
The correct work of licensing is a guarantee of the proper protection of your product. Don’t spare resources to protect your program from the unauthorized utilizing.
You should remember that especially for this type of testing it’s not enough just to check the correct functioning of the licensing mechanism. Tester should think as a user and try to hack the existent protection by any means. Only such approach gives some confidence in the licensing reliability.
Let your products be of high quality!