Content

Abeona - how to protect your applications

Abeona and its digital signature system protects your license file against user interferences. Properties you store in license file cannot be changed without signature violation. So if you have in your license file property set to disable any application modul, user cannot overwrite file to enable it.

This works. But how you can protect your applications against illegal copy?

Generally - it is not a good idea to bind your license to concrete computer. Your customer becomes your hostage (and hostage of her or his hardware). What if the computer breaks down?

But if you need or prefer this way of protection, Abeona offers methods to obtain

• computer MAC address (its network card unique number) and
• user system name
.

Better way is to use properties that are characteristic for your customer and store them to the license file . For example, if you produce some kind of economic software (e.g. bookkeeping), store customer company name in license file and use this property when you publish a new invoice. Any other unlicensed user is out of the game.

The other approach is in support. Better and frequent support (including new versions of application) for licensed customers will force illegal users to buy your product.

Of course, none of these solutions is applicable if you don't use computer bound license and you want to allow to use your application only N users of your customer. At this moment you need license server. Abeona offers one, and you can customize it for your needs.

How to protect against a fake Abeona

One possible way to break Abeona license protection is replace original Abeona JAR file by fake JAR with the same name, same classes and methods, but with the different behaviour.

In our examples you can find class ProtectAbeonaJar. This class contains a few methods to protect Abeona JAR file against such attack. All you need to do is to copy these methods into your application code (there are no dependencies except declared imports of standard Java classes). Then you can invoke them when your application starts. Of course, you can rename them to increase the protection.

There are two methods to validate Abeona JAR file:

1. validateAbeonaJarLocally() - you can use this method to validate Abeona JAR file if your application has no Internet access. Method has built-in hash codes for all known Abeona releases, so it compares hash code of Abeona JAR file computed in runtime to those patterns. Disadvantage of this method is need to update this method whenever you update Abeona version.
2. validateAbeonaJarRemote() - this method is usable when your application has Internet access. It validates Abeona JAR you currently use against hash codes published on www.beesoft.eu. This method will work without any edit with future releases of Abeona.

Both methods use SHA-256 algorithm to compute hash codes and throw java.lang.Exception if there is not a compliance. It is your choice which method you use. Or you can use both depending on the situation.

Appendix

Abeona is protected by itself. The same system we offer to you is used to protect Abeona. Which properties do we use?

• First is the same as in all license files - digital signature stored in property Abeona.Signature.
• Property Abeona.Serial.Number contains serial number of your installation and this property is copied to each license you produce.
• Also property Abeona.Owner contains your name (or name of your company) and is copied to produced license files too.

Any illegal usage of Abeona software is easily exposed. And the similar way we use to protect our software you can use to protect yours.