Resticting use to one PC

[MrMcFestoe]

Seen it womewhere where you cab get access to look up the HardDrive serial number and post it to a table only once, access then looks at this and the serial number and if they do not match wont open.

Any ideas, i wont to protect my DB from being copied and use on another machine.

Colin

 

[KornGeek]

This is a creative idea, and one I'll have to look into myself. However, I see one issue with this. You have to distribute this on some media (email, CD, floppy disk, etc.) At that point, the hard drive serial number is unknown. What would stop a malicious user from simply copying the original?

I have some ideas on this, I just am curious about how others might handle this.

Also, be sure to properly and completely implement security to keep that value protected.

If anybody knows how to read this serial number, I am also interested. This could be the missing key in my copy protection scheme.

 

[KornGeek]

Another option I've looked into for copy protection is the use of hardware keys. They are available in parallel port or USB versions, and from what I've been able to determine, these are very secure.

Disavantages:
1) Each key has a monetary cost associated with it, reducing profits on each copy sold.
2) Some users are hesitant to use these. Especially the parallel port variety.

Advantages:
1) They are relatively easy to implement. In the test I did with one of these, I had it locked down tightly in about 2-3 days (including reading documentation, etc.)
2) These are versatile. Instead of forcing the user to be installed only one one computer, you are instead restricting it to one computer in use at a time.

This is just to give you some other options to consider.

 

[fs483]

There's always the online activation method used by Windows XP, MS Office and Norton Anti-virus (both will be using this method soon). The user must call in either by phone or by internet to have his/her copy of the software activated.

bootleg

 

[KornGeek]

bootleg,
I've looked into doing something like that, but you first need to be able to get some unique value from their computer (such as the hard drive serial number) as a starting point. You can then process this to develop a reg-code scheme. The key idea I mentioned above also supports similar functionality.

I personally don't like this scheme because I am still using software that I originally purchased for my 386 computer about 10 years ago. I'm on my 4th or 5th computer since then. I would have to contact them with each new computer I got, and if it's a smaller company that went out of business, my software would now be worthless.

 

[fs483]

KornGeek,

I remember many years ago, back in the days of 51/4 floppies and early 3 1/2 floppies, some games couldn't be copied because some sectors were not read or couldn't be read when doing diskcopy disk to disk. When you supply a software on cdrom, you then supply the key by diskette. Once the key (diskette) has been read, the contents are destroyed forbidding the reuse of the one time only key. Of course if the customer has to reinstall the software, they will need another key (diskette) and if the software company goes out of business... Well can't do much.

Every method designed must somehow communicate with a central database to authenticate the legal copies either electronically or by telephone. Even large corporations like Microsoft uses a method that needs the software to "phone home" for activation. If there's a better method, they would have probably found it ... Other than encoding the social security number of the purchaser into the software, there's no real method of authenticating the software. I'm using social security number because that information is usually known by one person (the owner) and this person is usually relunctant to pass it on to others !

There's also encoding biometric readings from the person who purchases/registers the software but in Canada there are VERY VERY strict rules on using biometrics for authentication and I'm pretty sure applying it in these contexts are not allowed.

I'm interested too because I'm in the process of developping a customized software for a client but that I wish to later on sell to other clients and prevent unauthorized copies...


bootleg

 

[LittleSmudge]

This is a really interesting thread for me too for a slightly different reason.

I have a client who has some Access databases and they are worried ( paranoid ) that an unhappy employee could copy commercially sensitive databases onto CDROM and then leave the company and go to work for a competitor with all their data. So I see this as a solution for them to lock the database to the "Home" hard drive.

So back to the original question :- Does anyone know how to find out the Hard Drive's serial number ?




G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[fs483]

LittleSmudge,

Unfortunately you can't prevent theft of data to that point ! Nothing will prevent the "unhappy" employee from writing the data down like an email or telephone number or even memorizing them ! For sure every company has sensitive data, I guess the employer can ask the employees to sign (I think they are called) non-disclosure forms ? A contract the prevents the employee from disclosing any private info or they are liable for prosecution... Removing CDWriters from the computers should suffice !

I'll report back if I find anything.

Bootleg

 

[LittleSmudge]

I accept what you are saying bootleg and I make no warrenty that my client's fears are justified or sensible. .. ..

However, they are concerned about data theft in LARGE quantities. Not just the data from a record or two, but the data from the 30,000 records which represent client histories, Names, Addresses, Contact details, Contract info, etc ..




G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[MrMcFestoe]

Hi Guys

Sorry about posting this tread but, it seems a good point to develop, have found a site that shows you how to extract the HD serial number, but i was wondering if it ould be wrote to a field in Access but once only so it looked at this every time its started.

Had problems the hard disk (Seagate CRAP) in my main machine gave up thats why the reply has been so long and all my favorites had gone, but i have been on a site that extracts the serial number and i will post the address when i find the site, i have printed out from this site so i must have the address.

Any ideas on protecting data, i have been trying to get a random number to pop up in twelve months and lock the DB until the correct code is entered but only got it have working thats when this HD serial number came up.

Will post it soon

MrMcFestoe

 

[LittleSmudge]

If you can provide the site MrMcFestoe i'll create the code that uses it.

( How that for teamwork ? )




G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[myboat]

What I have done is, created a VB program to read the HD serial number and encrypt the ouput to a small text file. I store the text file in the program files directory so know one can find it and gave it a official looking name ending with DLL. The opening main menu reads this file decrypt the data and checks the serial number of the HD. If it is not valid, I display an offical looking message that program has performed some kind of illegal operaions, etc...

 

[BNPMike]

I don't think you can protect data in this way. An mdb contains tables which can be read by other software eg Ability Office Database. You could password-protect the database but I suspect the user would know the password.

 

[willir]

Slightly different approach...

On a Novell server, you could use the CopyInhibit file attribute. Maybe XP Server 2010 or 2020 may include the same feature. Sighhh. ;-)

Sorry for the intrusion -- just remembering days-gone-by.

 

[WillYum]

http://www.freevbcode.com/ShowCode.Asp?ID=3380

I trust the title spelling is no indication of the code accuracy ;-)

I'd be interested in seeing this accomplished. However, how do you propose to protect the table from being written to?

Let's suppose that someone stole the database and that username/password scheme was all properly running. I suppose you could make the table unupdatable to all but administrators.

My point being, if they get admin access, couldn't they just replace the HDD Serial ID with their own? Unless you are planning on storing it in code.

In either case, it sounds tricky if that hard drive ever fails, the database would, of course, lock out that user (I've had many a HD failure).

Nevertheless, I'd be interested in seeing your implementation and there is no doubt that it would pester some persistent hacker who didn't have admin access (though the only way the code would be able to execute is after a valid username/password were entered, right?)

-- WillYum

- William ~^~ ~^~

~ W . I . L . L . Y . U . M ~
wOrLd WiDe WhAt?

 

[WillYum]

This is also a relevant link regarding our discussion:

http://www.eggheadcafe.com/articles/20021019.asp

Discussing the difference between Volume Number and internal Hard Drive Serial Number.

- William ~^~ ~^~

~ W . I . L . L . Y . U . M ~
wOrLd WiDe WhAt?

 

[dRahme]

Hi, my cheap way of doing this:

Create a text file, name it whatever you want and place it in a folder on the target computer.

I like the windows directories. On db load, look for the file. If it does not exist, shut the db back down.

I ship everything out as .mde and have not had a problem except of course for calls from individuals wondering why the db won't open on their machines.

dRahme