Serial Key feature
--The default duration of the certificate of the installer is 30 days
--One serial key per user(stored in tbl_serialkeys)
--Once they run the software, it will ask for a serial, email and name
--After inputting the serial, the software will connect to my server via internet and do the following authentication process:
---Verify if serial is valid(the status of the serial key should be ‘Unused’ otherwise an “Invalid serial key” notification message will appear)
---Log the IP address, Serial key, Email and name of the user
---The status of serial key in ‘tbl_serialkeys’ should be changed to ‘Used’
---Sends a notification email(w/ complete details) to admin
---Server sends a certificate to client
---Certificate is valid for 365 days
--Client computers automatically request new certificate to server after half of the duration of the validity of certificate
--If connection cannot be made a notification message must pop out upon opening of application:
"Renewal of your license cannot be made, please contact the supplier as soon as possible to avoid any inconvenience. You still have X days left before your license expires."
--If the license expires, the software must deny access to user anymore unless renewal process has been executed properly.
--The software must also silently connect to server once a day whenever there is an internet connection to verify the status of serial key if its set to ‘Deactivated’ the system will automatically set the license to expired, denying further access to the user and a popup window should appear for the renewal of license.
--If the user/client reformatted its computer, they will notify us via(email/phone) and we will issue them another serial key, then their current serial key will be set to ‘Deactivated’ so that no one will be able to use it anymore.
--The certificate must not depend on the system clock of the user since it can be easily bypassed. Maybe it should have its own counter?
--The system must also have its own counter(Table name: tbl_syslogs, Column Name: Counter). The purpose of the system’s counter is to verify that the certificate is not being altered. The certificate will be automatically revoked whenever the counter of certificate didn’t much the system’s counter. And ask the user to renew its license. When the system connects to the internet, it should send a command to change the status of the serial to ‘Deactivated’ and add the reason ‘Invalid Certificate’ to column ‘remarks’
--Server’s username and password must not be stored in the system. The system will only send command to the server in able to process its request.
Database Table Structure
Other security feature:
How to protect the certificate that will be generated in the computer from being copied?
-What I have in my mind is that, the system will create a random filename stored in Windows\System32. The file attribute must also be set to hidden, read only and system.
Please suggest if you have something better in your mind.
Automatic Backup feature
-The user can backup the database base on the configured settings:
->Base on the preset time
->or everytime you run the POS(can be toggled on/off)
->or everytime you exit the POS(can be toggled on/off)
-The user must also be able to backup the database manually
-The system should assign the filename automatically for each backup entry.
-The user can configure how many backup entry can be stored before it overwrites the first entry
-The user can restore the database via backup/restore panel
-The backup entries should be encrypted