Product key

Last updated October 10, 2022

A product key, also known as a software key, serial key or activation key, is a specific software-based key for a computer program. It certifies that the copy of the program is original.

Product keys consist of a series of numbers and/or letters. This sequence is typically entered by the user during the installation of computer software, and is then passed to a verification function in the program. This function manipulates the key sequence according to a mathematical algorithm and attempts to match the results to a set of valid solutions.

Effectiveness

Standard key generation, where product keys are generated mathematically, is not completely effective in stopping copyright infringement of software, as these keys can be distributed. In addition, with improved communication from the rise of the Internet, more sophisticated attacks on keys such as cracks (removing the need for a key) and product key generators have become common.

Because of this, software publishers use additional product activation methods to verify that keys are both valid and uncompromised. One method assigns a product key based on a unique feature of the purchaser's computer hardware, which cannot be as easily duplicated since it depends on the user's hardware. Another method involves requiring one-time or periodical validation of the product key with an internet server (for games with an online component, this is done whenever the user signs in). The server can deactivate unmodified client software presenting invalid or compromised keys. Modified clients may bypass these checks,^[1] but the server can still deny those clients information or communication.

Examples

Windows 95 retail key

Windows 95 retail product keys take the form XXX-XXXXXXX.^[2] To determine whether the key is valid, Windows 95 performs the following checks:

The first 3 characters must not be equal to 333, 444, 555, 666, 777, 888 or 999.
The last 7 characters must all be numbers from 0-8.
The sum of the last 7 numbers must be divisible by 7 with no remainder.
The fourth character is unchecked.

If all checks pass, the product key is valid.

Controversy

Some of the most effective product key protections are controversial due to inconvenience, strict enforcement, harsh penalties and, in some cases, false positives. Some product keys use uncompromising digital procedures to enforce the license agreement.

Inconvenience

Product keys are somewhat inconvenient for end users. Not only do they need to be entered whenever a program is installed, but the user must also be sure not to lose them. Loss of a product key usually means the software is useless once uninstalled, unless, prior to uninstallation, a key recovery application is used (although not all programs support this).^[3]

Product keys also present new ways for distribution to go wrong. If a product is shipped with missing or invalid keys, then the product itself is useless. For example, all copies of Splinter Cell: Pandora Tomorrow originally shipped to Australia without product keys.^[4]

Enforcement and penalties

There are many cases of permanent bans enforced by companies detecting usage violations. It is common for an online system to immediately blacklist an account caught running cracks or, in some cases, cheats. This results in a permanent ban. Players who wish to continue use of the software must repurchase it. This has inevitably led to criticism over the motivations of enforcing permanent bans.^{[ citation needed ]}

Particularly controversial is the situation which arises when multiple products' keys are bound together. If products have dependencies on other products (as is the case with expansion packs), it is common for companies to ban all bound products. For example, if a fake key is used with an expansion pack, the server may ban legitimate keys from the original game. Similarly, with Valve's Steam service, all products the user has purchased are bound into the one account. If this account is banned, the user will lose access to every product associated with the same account.^[5]

This "multi-ban" is highly controversial, since it bans users from products which they have legitimately purchased and used.^{[ citation needed ]}

False positives

Bans are enforced by servers immediately upon detection of cracks or cheats, usually without human intervention. Sometimes, legitimate users are wrongly deemed in violation of the license, and banned. In large cases of false positives, they are sometimes corrected (as happened in World of Warcraft .^[6]) However, individual cases may not be given any attention.^{[ citation needed ]}

A common cause of false positives (as with the World of Warcraft case above) is users of unsupported platforms. For example, users of Linux can run Windows applications through compatibility layers such as Wine and Cedega. This software combination sometimes triggers the game's server anti-cheating software, resulting in a ban due to Wine or Cedega being a Windows API compatibility layer for Linux, so it is considered third-party (cheating) software by the game's server.^[7]^{[ citation needed ]}

Related Research Articles

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

<span class="mw-page-title-main">Thin client</span> Non-powerful computer optimized for remote server access

In computer networking, a thin client is a simple (low-performance) computer that has been optimized for establishing a remote connection with a server-based computing environment. They are sometimes known as network computers, or in their simplest form as zero clients. The server does most of the work, which can include launching software programs, performing calculations, and storing data. This contrasts with a rich client or a conventional personal computer; the former is also intended for working in a client–server model but has significant local processing power, while the latter aims to perform its function mostly locally.

<span class="mw-page-title-main">Keygen</span> Computer program that can generate a product licensing key

A key generator (key-gen) is a computer program that generates a product licensing key, such as a serial number, necessary to activate for use of a software application. Keygens may be legitimately distributed by software manufacturers for licensing software in commercial environments where software has been licensed in bulk for an entire site or enterprise, or they may be distributed illegitimately in circumstances of copyright infringement or software piracy.

A software protection dongle is an electronic copy protection and content protection device. When connected to a computer or other electronics, they unlock software functionality or decode content. The hardware key is programmed with a product key or other cryptographic protection mechanism and functions via an electrical connector to an external bus of the computer or appliance.

Cedega was the proprietary fork by TransGaming Technologies of Wine, from the last version of Wine under the X11 license before switching to GNU LGPL. It was designed specifically for running games created for Microsoft Windows under Linux. As such, its primary focus was implementing the DirectX API. WineX was renamed to Cedega on the release of version 4.0 on June 22, 2004.

PunkBuster is a computer program that is designed to detect software used for cheating in online games. It does this by scanning the memory contents of the local machine. A computer identified as using cheats may be banned from connecting to protected servers. The aim of the program is to isolate cheaters and prevent them from disrupting legitimate games. PunkBuster is developed and published by Even Balance, Inc.

<span class="mw-page-title-main">Cheating in online games</span> Practice of subverting video game rules or mechanics to gain an unfair advantage

Cheating in online games is the subversion of the rules or mechanics of online video games to gain an unfair advantage over other players, generally with the use of third-party software. What constitutes cheating is dependent on the game in question, its rules, and consensus opinion as to whether a particular activity is considered to be cheating.

TeamSpeak (TS) is a proprietary voice-over-Internet Protocol (VoIP) application for audio communication between users on a chat channel, much like a telephone conference call. Users typically use headphones with a microphone. The client software connects to a TeamSpeak server of the user's choice, from which the user may join chat channels.

Traitor tracing schemes help trace the source of leaks when secret or proprietary data is sold to many customers. In a traitor tracing scheme, each customer is given a different personal decryption key. (Traitor tracing schemes are often combined with conditional access systems so that, once the traitor tracing algorithm identifies a personal decryption key associated with the leak, the content distributor can revoke that personal decryption key, allowing honest customers to continue to watch pay television while the traitor and all the unauthorized users using the traitor's personal decryption key are cut off.)

Windows Genuine Advantage (WGA) is an anti-infringement system created by Microsoft that enforces online validation of the licensing of several Microsoft Windows operating systems when accessing several services, such as Windows Update, and downloading Windows components from the Microsoft Download Center. WGA consists of two components: an installable component called WGA Notifications that hooks into Winlogon and validates the Windows license upon each logon and an ActiveX control that checks the validity of the Windows license when downloading certain updates from the Microsoft Download Center or Windows Update. WGA Notifications covers Windows XP and later, with the exception of Windows Server 2003 and Windows XP Professional x64 Edition. The ActiveX control checks Windows 2000 Professional licenses as well.

<span class="mw-page-title-main">Valve Anti-Cheat</span> Anti-cheat software

Valve Anti-Cheat (VAC) is an anti-cheat software product developed by Valve as a component of the Steam platform, first released with Counter-Strike in 2002.

In software licensing, a volume licensing is the practice of selling a license authorizing one computer program to be used on a large number of computers or by a large number of users. Customers of such licensing schemes are typically business, governmental or educational institutions, with prices for volume licensing varying depending on the type, quantity and applicable subscription-term. For example, Microsoft software available through volume-licensing programs includes Microsoft Windows and Microsoft Office.

A client access license (CAL) is a commercial software license that allows client computers to use server software services. Most commercial desktop apps are licensed so that payment is required for each installation, but some server products can be licensed so that payment is required for each device or user that accesses the service provided by the software. For example, an instance of Windows Server 2016 for which ten User CALs are purchased allows 10 distinct users to access the server.

UltraVNC is an open-source remote-administration/remote-desktop-software utility. The client supports Microsoft Windows and Linux but the server only supports Windows. It uses the VNC protocol to control/access another computer remotely over a network connection.

Cheating in video games involves a video game player using various methods to create an advantage beyond normal gameplay, usually in order to make the game easier. Cheats may be activated from within the game itself, or created by third-party software or hardware. They can also be realized by exploiting software bugs; this may or may not be considered cheating based on whether the bug is considered common knowledge.

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.

Proprietary software, also known as non-free software or closed-source software, is computer software for which the software's publisher or another person reserves some licensing rights to use, modify, share modifications, or share the software, restricting user freedom with the software they lease. It is the opposite of open-source or free software. Non-free software sometimes includes patent rights.

ConnectWise Control is a self-hosted remote desktop software application owned by ConnectWise Inc., a software developer based in Tampa, Florida, United States. It was originally developed by Elsinore Technologies in 2008 under the name ScreenConnect.

Microsoft Product Activation is a DRM technology used by Microsoft Corporation in several of its computer software programs, most notably its Windows operating system and its Office productivity suite. The procedure enforces compliance with the program's end-user license agreement by transmitting information about both the product key used to install the program and the user's computer hardware to Microsoft, inhibiting or completely preventing the use of the program until the validity of its license is confirmed.

References

↑ Chang, Hoi; Atallah, Mikhail J. (2002). "Protecting Software Codes by Guards". Security and Privacy in Digital Rights Management. Springer. p. 160-175. ISBN 978-3-540-47870-6.
↑ Upadhyay, Saket (May 14, 2021). "Reversing Microsoft's Windows95 Product Key Check Mechanism".{{cite web}}: CS1 maint: url-status (link)
↑ "ProduKey - Recover lost product key (CD-Key) of Windows/MS-Office/SQL Server". NirSoft. Retrieved 2021-02-09.
↑ Australian Pandora Tomorrow CD-Key Problems Shack News
↑ "Valve suspends 20,000 Steam accounts". GameSpot. Retrieved 2013-05-15.
↑ Blizzard Unbans Linux World of Warcraft Players Softpedia
↑ "Linux users banned from Diablo 3- End Gamers". Archived from the original on 2012-07-10. Retrieved 2012-08-14.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Chang, Hoi; Atallah, Mikhail J. (2002). "Protecting Software Codes by Guards". Security and Privacy in Digital Rights Management. Springer. p. 160-175. ISBN 978-3-540-47870-6.

[2] Upadhyay, Saket (May 14, 2021). "Reversing Microsoft's Windows95 Product Key Check Mechanism".{{cite web}}: CS1 maint: url-status (link)

[3] "ProduKey - Recover lost product key (CD-Key) of Windows/MS-Office/SQL Server". NirSoft. Retrieved 2021-02-09.

[4] Australian Pandora Tomorrow CD-Key Problems Shack News

[5] "Valve suspends 20,000 Steam accounts". GameSpot. Retrieved 2013-05-15.

[6] Blizzard Unbans Linux World of Warcraft Players Softpedia

[Linux_users_banned_from_Diablo_3-7] "Linux users banned from Diablo 3- End Gamers". Archived from the original on 2012-07-10. Retrieved 2012-08-14.

[1]

[2]

[3]

[4]

[5]

[6]

[7]