Skip to end of metadata
Go to start of metadata

Introduction

Licensee Secret is an additional optional security feature. It adds globally a node-locking capability, and may be used in combination with any supported licensing models. Although using it with some licensing models, e.g. Floating, does not make much sense, there is no restriction, feel free to find your own creative way of using Licensee Secret.

Licensee Secret feature has the following modes of operation, configurable in Product settings:

ModeDescription
DisabledValidation parameter licenseeSecret will be ignored. Previously stored value retained, but is not accessible until the mode is changed.
PredefinedSecret is generated by vendor and passed on to the licensee (e.g. in a hardware dongle, or text-based encrypted key). The value must be explicitly set to the licenseeSecret property of the corresponding Licensee entity (using either Console or API). Licensee validation will only succeed if the value provided in licenseeSecret validate parameter matches the stored one. Since licenseeSecret must be set to the Licensee in advance, this mode can't be combined with "Auto-create Licensee" mode.
ClientThis mode is similar to the Predefined mode, but unlike Predefined, the secret must not be set to the Licensee in advance, instead it will be set using the value provided in licenseeSecret parameter on first validate call. Once set, it works same way as Predefined mode. This will allow automatic locking to any secret value provided by the licensee, typically hash of some HW related data (e.g. MAC address, CPU serial number, etc). This mode can be used with hardware dongle too: the dongle holds the secret, but it is only bound to the specific licensee on the first validate.

 

Validation flow

Here is the licensee secret workflow diagram for the "Client" mode:

Examples

Use these examples to construct API calls when using licensee secret.

Predefined mode

 Create or Update Licensee
Request
Response
 Subsequent validate, secret matches
Request
Response
 Subsequent validate, secret mismatch
Request
Response

Client mode

 First validate and Subsequent validate with matching Secret
Request
Response
 Subsequent validate, secret mismatch
Request
Response
  • No labels