• Plan your general license strategy
• Case: from Shareware to Licensed Software
• Case: digital invoices
• Case: time & date dependant User Access: Streaming Video, Newspaper Access etc.
• Case: distributed secure documents
• Case: Vote processing / Polling: secure and only 1 vote per qualified entitled person
• Example: Remote Activation
• Case: Distributed software in a client/server model: model 1 application modules
• Case: Distributed software in a client/server model: model 2 project development
  

Comments / questions can be send to feedback@keybuster.com

If you are planning to release new software or if you are planning a new release for which users have to pay finally, we recommond that you plan your license strategy. This means you must decide whether you want:

a)  users can use your software for a short period of time freely and then the software has to be bought.

b) users can use your software only once, and then they have to buy a key 

c) users can not use nor see your software before they pay for it

d) the software is free or payed for entirely and  you provide the code as well, but you want to have control of some sort

You can of course use many variants on the above. For example: the software does not stop entirely after the trail expiration on a), but it still functions partly. For example saving, or printing is disabled or what is appropiate. Or you can decide to add future modules that are already inside your software but for which users have to pay seperately.

With the Keybuster.com key management functions you can decide which and how  the key fits in your strategy. Maintain those keys on-line and enable or disable a key at any moment manually.

You can embed the key in a Javascript snippet, which validated your ingenius script. Which does not function without a valid key. You decide whether people should pay for that key or not and you decide whether a key should be valid or not.

Even when you provide your code under the an Open Source License, but you want to keep track of your code or a significant part of your code, you can include a key. That key is set could be valid always and with some intelligent coding you can see in the statistical area of Keybuster.com where and how many times your code is accessed.  

If you tailor made software for your client and the source code is included in the deal it does not always mean he can change all parts freely. Perhaps there are copyrighted routines, or perhaps you handed over the code but payment is pending. You could easily include a line that refers to a Keybuster Key and make the extra touch you need.

Of course there are other usage examples, such as triggering your application on a certain date, or e-mail certifactes, but licensing (payed) applications is the main purpose.

Developing applications takes time and energy and we feel that the user should pay for an application. We made the KeyBuster environment, so that you can focus on the main core of your application and not waste time on the licensing model and integration.
You can use it to check and to license Internet sites /  pages or to license your server or stand-alone application. We recommend you read the case studies/ examples on this site.

The above title is actually a bit narrow and should fully have read: Shareware, Freeware, Onceware,  Licensed Software and/or entire modules based on licenses or concurrent users. You will understand why, when you read on about "my application".

I have a software package (i call that the core) and it  has 3 modules. A module for accounting, a module for printing my orders to suppliers and mainting stock and a module where i keep my customers and make the invoices. Now i want to sell that package, but i am not sure how to sell it, so i posted the package on several newsgroups and software development sites as Shareware. 

I embedded one Keybuster Key which i already made active here at Keybuster.com.
People that install the package will normally not even notice it's inside. I assume everyone has an Internet connection, cause it's also needed for some features inside my software, but also to access the Keybuster.com Key. I wrote some lines that the program will only start if the Key has given the response "valid". 

When the key is not valid the program will display that there is no permission to run the application and they have to contact me. For each version i create i embed another Key so i can see how many times people have run the application totally. I can also see if there are old versions (old keys) that are still in use.

Also i embedded a key per module, cause i want people to pay finally for the modules, not for the core application. In the modules i wrote therefore some other code around the key: if the key is invalid it simply does not run and displays the message that you can buy a license for 1 year. For that people have to send me an e-mail. Then i will send them back an "invitation for payment" that comes from Paypal. Customers log in there and transfer the money. I get notice from Paypal and i will create a new Key for them on Keybuster.com. I send them a Thank-You and the new "digest" by e-mail and the instruction they have to copy and paste that digest in the pop-up screen in the module. 
(Actually the module then saves that digest as the new key to be validated in the registry)

For the new release i am thinking to make the code around the Key a bit more intelligent. Only the first time it will check on-line if the key is valid. After that it will write a small variable in a file and it will not bother to check the Keybuster.com site for the key for at least the next 10 tries. This means people can also use the application after that first time, ten times without an Internet connection which is rather conveniant sometimes.

Also i already changed the code in the new release for the "sales and invoice" module around the key, such that it will display an "invalid key message" when the key is no longer valid but also "number of concurrent users reached" when there are more than 2 users currently working with the application.
I have a hunch that some of my customers, who payed for the software, copied and distributed the package to their colleagues (who do not have a license) and i want to check that.

In every module i now also embedded a simple extra Key, that will be used to automaticly download a new version from my website, when i enable that key. Standard that key will be invalid and then nothing happens. That way i can remotely tell my customers if there is a new version or perhaps incidently (!) an important bug issue or message.

I get a lot of compliments on my software package and the number of keyhits increases every day!

It is becoming more and more common that invoices to your customers are not being send by postal service, but simply stored on your server. Customer recieves an e-mail that there is a new invoice. Sometimes the e-mail contains a general link to the site as well but then the invoice process is completed.

If the customer wants to see the invoice he has to go to your server where the invoices are stored, he has to log in, and select the invoice. This requires some customer actions and when the amount of invoices are substantial, the customer will have to put in more effort to open the appropriate invoices.

Another approach could be a bit more customer friendly and secure as well: the customer receives the full orginal invoice by e-mail as the orginal document. The document contains a Keybuster.com Key and a small macro or program that can connect to Keybuster.com and validate the key.

So the orginal invoice is send with the (non viewable) embedded Key of the customer inside. That key refers to Keybuster.com. Only to those who KNOW the key, can check the Key at Keybuster.com and view that invoice directly without having to login.  This could be done in for example in MSExcel or MSWord.

Q: How do you (as the creator of the invoices) know the key to be sent?
A: You received a set of keys (or 1 key) from the customer (or created those on Keybuster.com yourself)

Or:

A small application or just a link is sent to the customer which holds a Keybuster.com-Key-connect html-link that will go to the appropriate website address where the original invoice is stored.

Q: Is this secure, cause once one knows the website address from where the invoices can be retrieved, there are the unprotected documents? 
A: Depends on the website from the creator of the invoices. If you want to be extra sure, you embed on that website where the invoices are stored, a small script (java, php, asp or similar) which still does some validation. This could be validation given from Keybuster.com for example you entered an extra variable like ?custid=xxx  and check if the referal website address really is Keybuster.com.

Q: The Key will expire, does it mean customers can no longer view that invoice after a certain period? 
A: True. If you would use 1 key per customer, we suggest that the customer will only see the latest (on unopened) invoices. To see a full list of (old) invoices customer would still need to login on your server and select an old invoice..

For every transaction that would grant the user on a certain period of time / date a particular access, you can use Keybuster.com. Create a key per user that has a certain validation period. Embed the key in your granted transaction or service and Keybuster will check whether it is valid or not. The application, webpage, video or other (streaming) content will receive a valid or invalid response anc can act upon that. In the case of a Browser (Internet) page Keybuster can display the appropriate resultpage.

Or you can create a key per service for all users if the service has a limited time span. When the key is disabled all users will see that the key is no longer valid.

Examples are: 

• videofragment accessable only for viewers who payed, or only for a specific time span
• show a newspaper page or access to newspaper articles only during a specific time span
• show a piece of multimedia only viewable during time of a contest
• show html page with downloadable items only usable during a specific time span or boudn to a specific user
• vote only once and check if only 1 concurrent user is voting
  

Another idea is this example (please check the legal issues which could be determined per country) :

• Access to Age dependant services such as alcohol, gambling, adult sites. 
  Services only viewable for those who bought a Key at Keybuster. Paypal verified age and other things and thus you could conclude that the viewer with a valid Keybuster Key has the valid age and is your target audience.

Case Study: Vote processing / Polling: secure and only 1 vote per person

Suppose we have set up a voting system that must allow 10.000 people to vote between 9 AM and 8 PM. We want to issue voting "papers" for qualified persons only and those persons only receive 1 vote.

You can easily create those voting papers in 1 second on Keybuster.com. Make sure you set "concurrent users" on 1, so that only 1 voting attempt can be made by the person with that key. You could set up your own page which counts the numbers of votes and compare that with the statistics on your keys on Keybuster.com. Now you can (at random) distribute these keys to your entitled voters.

If you feel it is necessary to add another layer of security, you could even decide that you generate 1 extra Key for yourself. On your page/application that registres the votes, you can then change the code such that one can only vote If both Keys are valid, not just one.

Then, if something happens during voting time, you could easily disable all voters by disabling only Your Key.

Example: Remote Activation

If an application would check regullary for a valid key, you could remotely (from any Internet connection in the world) turn that Key On or Off. 

Then it's up to the application to respond to such an on or off event. You could give someone access to a particular device when you're abroad, or you could reset your security alarm when you're not there.

Case Study:  Distributed Secure Documents 

For example you work in a firm (f.e. lawyer firm) and you create and distribute a lot of documents among your partners and clients that are confidential. Most firms have applications that can secure a document or it's storage & distribution. Securing can mean for example:

1. physically encode the document with encryption software & key stored anywhere
2. stored in orginal format on a secure server only accessable by log-in

• mutally agree on: encode & decode application, and mutal keys
• place the document on a secure server and hand over a password to access the unsecure file

We assume you do not want to send the unsecure file by unsecure e-mail and do not care.
Keybuster.com could provide these solutions for you:

The external party buys a key at Keybuster.com or "the firm" does that and also "the firm" buys one key for itself.  "The firm" includes these keys into the unsecured document, which is now secure.You could choose whether the included macro or small application will only reveal the document if both keys are valid. 

Of course you can change the macro at will, for example if you want that the external party (client) key is valid Or the key from the "firm is valid".
The document can also have an automatic expiration date when you want to use that, otherwise it can be accessed during the existance of one or both keys.

You can choose to create a key per person, per application, per document or any group of entities that is applicable.

Case Study: Distributed software in a client/server model

The client-server model basicly represents a server that has a high or low payload and a client that is occasionally or permanently connected to the server. For such a model and all variations that exist, we take the following example:

The server contains the company software and the company Database.
The netwerk is IP based and the server has a gateway to the external Internet that 
can be accessed by clients that have authorization for that.

Model1

Client uses an application that uses the permanent network connection with the server and 
the server uses application modules that use authorization keys. If such an authorization key is
valid the user will not be bothered, otherwise the user will be restricted or will be notified.

Authorization keys are stored in the Keybuster database and thus the server will connect every hour (determined by the server's application) to Keybuster.com or at least every first time a new user session starts. Keybuster.com will verify the key and sends back the result to the server.
The server itself, or the administrator can make, change and revoke keys of course at will.

You might wonder why and when is this usefull, cause you already use extensive adminstration tools and user rights on the server for your network access.

Suppose you have a business where employees like representatives are used to work from different locations.
They already have installed their software on their laptops and probably a copy of the database too,
so they can work also when they do not have network access. When the database is updated or an application is updated the server, or user rights per module have beenchanged the laptop will notice the next time an Internet connection is being made.

Then, it might discover at Keybuster.com that:
- one or more modules are no longer accessable for them (specific key user rights revoked)
- the database key is expired and they have to update their database
- the user must update one or more modules before they can work on

Remember that all these are just examples what could happen, just by connecting to Keybuster.com
and using the Keys stored there. You do not need to write extensive checking routines, table update and secure algorithms or check whether an application should be updated. Just use the Keybuster.com utilities and the "signals" for the appropiate actions (read:keys) will be maintained by Keybuster.com.

Of course there has to be someone who from time-to-time changes or updates the keys if application modules are developed or maintained by your own people. They simply create a key on Keybuster.com and from that point on they are the manager of that key. The same is valid when development or ownership lies with third parties.

Model 2
Suppose you share software along different users (project structure: management, planner, programmers, sharing documents etc.) and locations. 

That would be a common example in the Internet based world we live in. 
An ordinary solution would be e-mail or FTP for people to upload and to download their files. There are more sophisticated solutions but they all have the same purpose: sharing files among people with different user rights.  Each participant in the project has his own download area. For example: server directories or a forum-based application.

In this setting most problems occur when these typical settings change or have to change:

- files are considered read-only for all and write for one
- files are considered to be read-only for some but not for all
- files are extremely confidential for all, and only accessable by some
- an employee is being fired and immediately must be denied access
- a new employee must have access to a certain group of files

You can not solve all these problems with the current known solutions without puttin in a lot of effort and a lot of work. Especially when you porject team is extensive: you have to do a lot of work as an administrator of user rights.

With the help of the protected Keys on Keybuster.com you let keys decide how rights will evolve.
You simply move the administrative tasks to the individual members of the project team, without changing the upload or download user rights.

There are several possibilities that lead to a workable solution, this depends on the strategy that has the best fit.  We mention some solutions:

• Keys per login area: You can choose to create keys per login area. Key verification takes place after the login of a user or during. Thus after the successfull name and password the script connects to Keybuster.com and verifies 1 or more keys to see what rights there are regarding to documents and files.
  Depending on the successfull keys one gets access to one or more directories or user rights. Or you could of course request key validation per document / file as well.
  
• Key per document: documents (DOC,XLS,HTML etc..) must have embedded a Key verification script. Prior to execution or opening the document the script (php, macro, VBscript etc...) must connect to Keybuster.com and verify the Key.
  You can choose to create a key per person, per application, per document or whatever logical group of entities is applicable.
  
• Key per application: specific items can only be opened by application. That application will verifiy the key at Keybuster.com. We recommend that you store the data from that application encrypted in the database or file otherwise it is very easy to bypass that application. You can choose to create a key per person, per application, per document or whatever logical group of entities is applicable.

Quick Start ?   Make a Keybuster login Create your first key Your first trail key is free of charge