Hardware key to limit access to certain computer programs

[lunloon]

I am wondering if there is any solution available for consumers to encrypt computer programs using hardware keys (nowadays only USB, in the past there were the LPT port ones) so that access to these programs were only allowed if you have the hardware key.

This is so that nobody else can use the programs without having the USB key, for e.g.

Normally, software vendors incorporate the protection in the software they develop/distribute, however, what I am looking for is a layer above the software to be limited.

Hope I make some sense, and thanks in advanced to anyone who have some insight.

 

[lycheas]

Sure, dongle keys were popular for a while back in the 90's and 00's.
The dongle keys don't even need encryption, just an encoded request and response implemented in the PCB.

 

[lunloon]

Sure, dongle keys were popular for a while back in the 90's and 00's.
The dongle keys don't even need encryption, just an encoded request and response implemented in the PCB.

So is there such a solution available, like I install Adobe Photoshop on my computer, and I can use this solution to prevent other people from using it on my computer?

In this case, only Photoshop, but the other programs on the computer is still available for use.

 

[Kiwi8]

Maybe can use an alternative method instead?

Perhaps something like create an encrypted partition and install your "certain" programs there.

 

[lovehate]

You want to stop people from using Photoshop only? The main idea is not encryption right? Just to make sure others are unable to use Photoshop just use windows ACL.

 

[stay8899]

U can control application access via Applocker in win7 or higher AppLocker in Windows 8: Prevent Users from installing or running Windows Store Apps

 

[ykgoh]

How to make a disallowed-by-default Software Restriction Policy

 

[lunloon]

Thanks all for the contribution. What I am finding out is say for a shared computer, a particular software can only be used if a particular person has a hardware key. And this key can then be shared around if required as a form of control.

ACL and Applocker is not able to do that since it's not dynamic in nature (does not change access restrictions), thus a person who has used it once can always use it instead of being allowed to at any 1 time.

I dunno if I am making any sense.

 

[davidktw]

Thanks all for the contribution. What I am finding out is say for a shared computer, a particular software can only be used if a particular person has a hardware key. And this key can then be shared around if required as a form of control.

ACL and Applocker is not able to do that since it's not dynamic in nature (does not change access restrictions), thus a person who has used it once can always use it instead of being allowed to at any 1 time.

I dunno if I am making any sense.

Applocker is dynamic, the question is what kind of dynamics are you looking for. What you are looking for is resource counting, this obviously is not going to be satisfied by AppLocker. In fact there is probably none or haven't heard of kind of application resource control down to number of times an application can be used.

Hardware key will not solve the problem for you, since hardware key is nothing more than just identity or rights token. Once you are given the key may it be software or hardware, you are given the rights to use whatever resources allocated to you. You still require a software resource manager to manage "one time pass" concept or usage counting so to speak.

One way I can think of is to create a new account on-the-fly each time you want to give access to an end- user on an application. Dynamically allocate the programs you want to give access to this account. When end-user login to the system, end-user can use the application. Once logout, the account will be suspended. This will require some powershell scripting and precise control of the account manipulation.

The only probably difficult part is the user will be considered a guest user, you can't bind to their user directory.

 

[ykgoh]

Your requirement sounds more like DRM technology to control the number of users i.e. 1 copy 1 user like implemented for music and computer games.

 

[ykgoh]

Thanks all for the contribution. What I am finding out is say for a shared computer, a particular software can only be used if a particular person has a hardware key. And this key can then be shared around if required as a form of control.

ACL and Applocker is not able to do that since it's not dynamic in nature (does not change access restrictions), thus a person who has used it once can always use it instead of being allowed to at any 1 time.

I dunno if I am making any sense.

If it's a shared desktop computer/laptop, surely there can be only 1 user using it at any time? Can 2 or more users sit together in front of a shared computer and do things together?

Or is it a server that allows multiple users to log in simultaneously with different user sessions?

I'm confused.

 

[lunloon]

If it's a shared desktop computer/laptop, surely there can be only 1 user using it at any time? Can 2 or more users sit together in front of a shared computer and do things together?

Or is it a server that allows multiple users to log in simultaneously with different user sessions?

I'm confused.

Thanks to all.

I am more or less convinced there's no easy solution.

So to take ykgoh's post as an example,

TL;DR: Want to use Hardware keys/tokens to allow software usage that is installed across many computers.

Full story:

The current situation is that we have a software vendor that we purchased a few copies of licenses from (5). So we were on the basis of we use what we bought. So we can use 5 copies of the software on 5 different computers at any 1 time, and the 6th was not allowed access.

This is probably normal licensing.

Then they decided to allow excess usage. So if the 6th computer now wants to be used, it is now allowed. Even if we bought only 5 licenses. What gives?

And they decided that excess usage will be charged based on a certain % of the retail price.

So I am trying to find a solution to control the number of copies of software being able to be used at any 1 time using hardware keys/tokens. Else we have to tie the software in specifically 5 computers, which makes life difficult for some people as they will have to be displaced when they do not need.

And our are just using normal PCs without a server (NAS only), so we don't effectively have a user login environment (how you call that) that people can just change computers and login and find their own things there (more or less can actually, using the NAS).

But some of them use Outlook which is tied to their computers, so this is a bummer.

 

[ykgoh]

Thanks to all.

I am more or less convinced there's no easy solution.

So to take ykgoh's post as an example,

TL;DR: Want to use Hardware keys/tokens to allow software usage that is installed across many computers.

Full story:

The current situation is that we have a software vendor that we purchased a few copies of licenses from (5). So we were on the basis of we use what we bought. So we can use 5 copies of the software on 5 different computers at any 1 time, and the 6th was not allowed access.

This is probably normal licensing.

Then they decided to allow excess usage. So if the 6th computer now wants to be used, it is now allowed. Even if we bought only 5 licenses. What gives?

And they decided that excess usage will be charged based on a certain % of the retail price.

So I am trying to find a solution to control the number of copies of software being able to be used at any 1 time using hardware keys/tokens. Else we have to tie the software in specifically 5 computers, which makes life difficult for some people as they will have to be displaced when they do not need.

And our are just using normal PCs without a server (NAS only), so we don't effectively have a user login environment (how you call that) that people can just change computers and login and find their own things there (more or less can actually, using the NAS).

But some of them use Outlook which is tied to their computers, so this is a bummer.

Just an idea, not sure if it will work. Is it possible to install a copy of the software to a folder on your centralised NAS?

Then set a max user limit on the shared folder?

Limit the Number of Users of a Shared Folder

I think this method requires a Windows workgroup, but no need for a Windows domain with Active Directory.

 

[lunloon]

Just an idea, not sure if it will work. Is it possible to install a copy of the software to a folder on your centralised NAS?

Then set a max user limit on the shared folder?

Limit the Number of Users of a Shared Folder

I think this method requires a Windows workgroup, but no need for a Windows domain with Active Directory.

We are using Synology NAS, so i am not sure if it can do that (or running applications off itself). Will investigate if this is feasible. Or maybe install it on a computer and share it off similar to your example.

Thanks for the suggestion.