Glossary of Software Licensing Terms

The Beginner's Guide to Software Licensing

We know learning all the ins and outs of the vocabulary and jargon around software licensing can feel like learning another language. To help you get a handle on all the new terms we're throwing at you, we've compiled a simple glossary with term definitions. (You may even want to bookmark this page for future reference.)


Software Licensing 101

We'll start off with the most common jargon you'll read throughout our suite of software licensing and distribution products.

License Key: A license "key" is a usually long sequence of alphanumeric characters, often called a "string" in programming circles. For us, a license key can be that, but it can also be more than that. Keys can be short, unique sequences of random characters that identify a specific license resource and its rules within our systems. Your business can then send a license key to our API to "validate", with the ultimate goal: to protect your software with a license key.

A license key may also contain embedded data within it, often called a "dataset." Your business can utilize this dataset within your systems to store things such as license entitlements, customer information, and things of that nature.

License Code: Often used interchangeably with "license key."

Product Key: Often used interchangeably with "license key."

License Validation: The act of validating a license key, often against a set of additional parameters. Using Keygen's API, a license key validation can be performed by sending the license key to one of our API's validation endpoints. From there, we'll check things according to your license configuration, such as the license's expiration date, if it's allowed on the current device, and other parameters.

License key validation may seem like a simple process, but it can become rather complex for a lot cases, especially when you're dealing with license key activation. Using our licensing API, you can keep things simple for your engineering team and leave the complex tasks to us.

License Verification: Often used interchangeably with "license validation", though it can also be referring to the act of "verifying" a license key's cryptographic authenticity.

License Entitlements: Used to refer to a specific permission, or entitlement, a license resource has. Most commonly, an entitlement refers to a specific feature of a software application. License entitlements can be managed using our API's entitlement resources, through a license's "metadata" attribute, which can store arbitary key-value pairs, or entitlements can be embedded directly into a license's tamper-proof key dataset.

License Metadata: A freeform key-value data store for Keygen API resources. This is commonly used to store license feature toggles, customer information, and things of that nature.

{
"metadata": {
"customerId": 12345,
"featureX": true,
"featureY": true,
"featureZ": false
}
}

License Expiration: A specific date and time that the license will expire. Expired licenses will come back as "invalid" during license key validation. License expirations can be changed and renewed at any time using our API.

License Server: A server that handles all of the nitty-gritty of software licensing, such as license validation, device activation, authentication and authorization, etc. Our flagship product is a license server. We're a company that allows you to license your software applications monthly, yearly or perpetually. We host our cloud software licensing API so that your engineering team doesn't need to spend time and money building and maintaining an in-house licensing sever. With Keygen, your engineering team doesn't need to know how to build a licensing server, only how to implement licensing in your application using our API.

License Key Generator: A piece of software that has one purpose: to generate valid license keys for distribution to customers. Our service, Keygen, is a license key generator and license activation server all in one.

License Manager: A software license manager, or license management tool, is an often overloaded term. On one hand, it can be referring to an application which administrators can use to manage licenses. For example, for Keygen, our admin Dashboard may be considered this type of license management tool, as it allows your team to manage licenses and other resources for your business. On the other hand, a license manager may also be referring to a tool which businesses utilize to manage the software licenses they own for various other business tools.

License Model: How a business packages and sells its software, and the rules a business chooses for licensing their products to end-users. There are many different types of software licensing models. If you don't know how to license your software, that's okay — we're here to help. You can reach out any time and we'd be more than happy to walk you through the best licensing model to choose to meet your unique business objectives.

Licensing-as-a-Service: A subset of Software-as-a-Service (SaaS), which allows users to connect to and use cloud-based applications over the Internet. Licensing-as-a-Service (LaaS) allows users to connect to cloud-based license servers, such as Keygen, to quickly add software licensing to their applications.

Licensing API: A type of licensing server meant for use by software developers, and primarily, for machine consumption. Software applications can communicate with a cloud-based API using specific data formats that are easy to read and consume across a wide variety of programming languages, operating systems and application frameworks. Rather than include a proprietary license key validation algorithm within your software application (which can be hacked since everything is handled on the end-users device), instead, you can send a data payload to a secure cloud-based software licensing API such as Keygen to perform the license validation off-site, returning the validation status to your application for further processing.

Node-locked License: A Node-locked License is a license that can only be used on a single activated device. Node-locked is a fancy way to say "I want a license to only be valid on a single machine" i.e. you "lock" the license to a particular machine resource. When a license is validated on a machine that hasn't been activated, the validation will come back as invalid.

Floating License: A Floating License is a license that can be used on many activated devices. Floating is a term used to describe the opposite of "node-locked" i.e. a floating license can "float" across multiple machines, but often only up to a maximum number of machines.

Concurrent License: Often used interchangeably with Floating License, though our system also uses this term to refer to a particular floating license that can exceed their maximum number of machines causing the license to become invalidated due to the overage. The overage must be corrected to return to a valid state.

Perpetual License: A Perpetual License is a license that does not expire, i.e. it's valid in perpetuity, hence the name.

Timed License: A Timed License (or Fixed Duration License) is a license that has a fixed duration, i.e. it expires at some point in time.

Subscription License: A variation of a Timed License, but usually renewed on a billing schedule, e.g. monthly or yearly, according to the licensee's billing status.

Feature License: A Feature License is a license that is entitled to utilize a particular feature of a software application. For example, a business may put more valuable features their software application offers behind a "Pro" license, for a higher price. You can configure your licenses to have different feature entitlements by storing feature toggles in the license's metadata attribute.

Metered License: A Metered License (or Usage-based License) is a license that is entitled to utilize a particular feature of a software application a set number of times. For example, a business may want to limit the amount of times a particular IP address reads a paid article per-month. A license can be created for the IP, and usage incremented upon each article page view. The IP's usage can then be reset each month.

License Activation

Device Activation: Using an activation licensing service, such as Keygen, businesses can activate (and deactivate) specific devices, often referred to as a "node" or a "machine", to specific licenses. For example, let's say a license "A" is activated for machine "X." When license "A" is used on machine "X", all is good and the license validation request will come back as valid. But if license "A" is used on machine "Y", the validation will come back as invalid, with a specific response explaining that machine "Y" is not activated. Similarly, if license "B" tried to be used on machine "X", it would come back as invalid, stating the same thing.

Device Deactivation: The act of removing, or deactivating, a specific machine's association to a license. Machine deactivation is often used to free up "slots" for a floating or node-locked license, so that another machine can take its place.

Activation Key: Though often similar in appearance to a license key, activation keys have an entirely different function. An activation key is used to activate a device, or many devices, for a specific license. In our case, an activation key, or activation "token", are API credentials that your engineering team may use to authenticate with our license servers for the purpose of activating devices from within your software application. An activation token is per-license.

Activation Code: Often used interchangebly with "activation key."

Device ID: A unique identifier assigned to a device by most common operating system installations. These IDs, or UUIDs, often look similar to this: 4b39a5a5-fe1e-48a2-b3c3-58c12db52dfe.

Hardware ID: A unique identifier assigned to hardware components of a device, such as a hard drive or motherboard.

Hardware Serial Number: Often used interchangeably with "hardware ID."

MAC Address: A MAC (Media Access Control) address is a number that identifies the network adapters installed on a device.

IP Address: An Internet Protocol (IP) address is a numerical label assigned to each device connected to a network.

Device Fingerprint: A unique, non-changing value that indentifies a specific device or machine. This can be a unique value stored within a registry or filesystem, or it can be a combination of hardware and software identifiers such as device ID, hardware ID, virtual machine ID, MAC address, and IP address, etc. Your engineering team is in total control of the value used for fingerprinting devices.

Activation Server: See license server. An activation server is a license server that can perform device activations, in addition to validating license keys.

Copy-protection: The act of protecting your software application from being copied, i.e. pirated, across unauthorized devices. You can introduce anti-piracy measures by implementing machine activation into your licensing model.

Offline Licensing and Cryptography

On-Premise Software: A software application that is installed on-site, often within a customer's own datacenter, or at the very least on a device that your customer controls such as a cloud server.

Air-gapped: An air-gapped environment is a computing environment that does not have access to the public Internet. This could mean the device is entirely offline, or that it has access to a local network. This is common for on-premise software installations.

Proxy License Server: A small server that has limited access to the public Internet, with the single goal of relaying, or "proxying", data from a local network to a cloud license server such as Keygen. For many offline air-gapped environments, a simple proxy license server can be used to communicate with our cloud software licensing API.

Encrypted License Keys: The act of encryption takes a value and produces an obfuscated version of that value using a private key (that we keep secure). The obfuscated, or encrypted, value can then be decrypted and read using a public version of the private key, called a public key, both of which are directly associated with your unique Keygen account.

Often to allow offline license key verification, you can choose cryptographically encrypt license keys, which can be decrypted using your account's public key. Encrypting a license key can be an extra security measure for licensing integrations that utilize our API, or it can be used stand-alone mechanism for securely delivering a license key and embedded dataset to air-gapped devices.

Valid license keys can be decrypted within your software application, revealing a dataset that can include entitlements, feature toggles, and other customer information. Invalid or tampered license keys will fail decryption.

Signed License Keys: Similar to encryption, the act of signing takes a value and creates a signature of the value using a unique private key (which we store securely on our servers). The signature can then be verified using a public key, often performed directly from within your software application.

You can choose to cryptographically sign license keys and verify their authenticity in offline environments, or just as an added security measure to your online-capable license integration. Signed license keys can be verified to ensure that any data embedded within that key hasn't been tampered with.

For example, if you were to include a usage limit inside of a license key's embedded dataset, you would want to have confidence that a bad actor can't simply change their usage limit from say 10 to 10,000. Using a signed license key, any change to the key's dataset will immediately invalidate it, ensuring the dataset is tamper-proof.

Activation Proof: Similar to a signed license key, we also offer the ability to generate a "proof of activation" for use in offline environments. A device can be activated using a license management portal, or a proxy license server, and the activation proof can be generated and delivered to the offline device. Your software can cryptographically verify that the device was indeed activated, all without requiring that the device connect to the public Internet.

Attack Vectors

Software Keygen: Simply put, a Keygen is some form of software that generates license keys, i.e. a license key generator. It's often used in a negative context, because historically, software license keys were generated using proprietary algorithms, of which can be, and have been, reverse-engineered for many products. Once the proprietary algorithm is figured out, a bad actor creates a software application that uses the propietary algorithm to generate illegal software license keys.

We chose the name "Keygen" for it's true meaning: a license key generator. We hope we can redeem the name and Make Keygens Great Again. We don't use proprietary algorithms that can be reverse-engineered, like the old days. Rather, we lean on cryptography — the same algorithms used for the Internet's security and used by government agencies such as the NSA — to craft a secure cloud-based software licensing solution that can't be reverse-engineered like other legacy systems.

Man-in-the-Middle Attack: The act of spoofing a license server. For example, a bad actor could spoof the license server's address, www.licensing.example, to point to their own local licensing server which always responds with a valid license key. This is a "low-hanging-fruit" attack, since it doesn't involve modifying an application's source code, thus it's usually easier to accomplish. But thankfully, we have a solution for this attack vector. You can verify that a response came from our licensing servers by having your engineering team check the cryptographic signature of the response.

Software Tampering: The act of tampering with, or modifying, locally stored data, such as a data cache. Thankfully, all API responses from Keygen include a cryptographic signature, which can be stored alongside the data and verified to ensure that the local data exactly matches the data we originally sent.

Software Cracking: The act of directly modifying the source code of your software application to bypass its licensing system. All applications installed on an end-users device are susceptible to cracking. Anti-cracking is the act of attempting to prevent software cracking, or more realistically, "harden" your software against crackers.

Software Hacking: In the context of software licensing, this term is often used interchangeably with "software cracking."

Software Piracy: The act unauthorized distribution of your software application and its usage on unauthorized devices. Anti-piracy measures can be added by utilizing device activation and cryptographic verification.


Looking for the definition of a licensing term we missed? Ask away.