This article needs additional citations for verification. (December 2016) (Learn how and when to remove this template message)
A product key, also known as a software key, is a specific software-based key for a computer program. It certifies that the copy of the program is original. Activation is sometimes done offline by entering the key, or with software like Target Security card, Best Buy and Walmart, online activation is required to prevent multiple people using the key like Xbox Digital Code. Not all software has a product key, as some publishers may choose to use a different method to protect their copyright, or in some cases, such as free or open source software, copyright protection is not used.
Computer games use product keys to verify that the game has not been copied without authorization. Likewise, one is not allowed to play online with two identical product keys at the same time.
Product keys consist of a series of numbers and/or letters. This sequence is typically entered by the user during the installation of computer software, and is then passed to a verification function in the program. This function manipulates the key sequence according to a mathematical algorithm and attempts to match the results to a set of valid solutions.
Standard key generation, where product keys are generated mathematically, is not completely effective in stopping copyright infringement of software, as these keys can be distributed. In addition, with improved communication from the rise of the Internet, more sophisticated attacks on keys such as cracks (removing the need for a key) and product key generators have become common.
Because of this, software publishers use additional product activation methods to verify that keys are both valid and uncompromised. One method assigns a product key based on a unique feature of the purchaser's computer hardware, which cannot be as easily duplicated since it depends on the user's hardware. Another method involves requiring one-time or periodical validation of the product key with an internet server (for games with an online component, this is done whenever the user signs in). The server can deactivate unmodified client software presenting invalid or compromised keys. Modified clients may bypass these checks, but the server can still deny those clients information or communication.
Some of the most effective CD key protection is controversial, due to inconvenience, strict enforcement, harsh penalties and, in some cases, false positives. CD key uses uncompromising digital procedures to enforce the license agreement.
Product keys are somewhat inconvenient for end users. Not only do they need to be entered whenever a program is installed, but the user must also be sure not to lose them. Loss of a product key usually means the software is useless once uninstalled, unless, prior to uninstallation, a key recovery application is used (although not all programs support this).
Product keys also present new ways for distribution to go wrong. If a product is shipped with missing or invalid keys, then the CD itself is useless. For example, all copies of Splinter Cell: Pandora Tomorrow originally shipped to Australia without CD keys.
Enforcement and penalties
There are many cases of permanent bans enforced by companies detecting usage violations. It is common for an online system to immediately blacklist a CD key caught running cracks or, in some cases, cheats. This results in a permanent ban. Players who wish to continue use of the software must repurchase it. This has inevitably led to criticism over the motivations of enforcing permanent bans.
Particularly controversial is the situation which arises when multiple products' keys are bound together. If products have dependencies on other products (as is the case with expansion packs), it is common for companies to ban all bound products. For example, if a fake CD key is used with an expansion pack, the server may ban legitimate CD keys from the original game. Similarly, with Valve's Steam service, all products the user has purchased are bound into the one account. If this account is banned, the user will lose access to every product associated with the same account
This "multi-ban" is highly controversial, since it bans users from products which they have legitimately purchased and used.
Bans are enforced by servers immediately upon detection of cracks or cheats, usually without human intervention. Sometimes, legitimate users are wrongly deemed in violation of the license, and banned. In large cases of false positives, they are sometimes corrected (as happened in World of Warcraft.) However, individual cases may not be given any attention.
A common cause of false positives (as with the World of Warcraft case above) is users of unsupported platforms. For example, users of Linux can run Windows applications through compatibility layers such as Wine and Cedega. This software combination sometimes triggers the game's server anti-cheating software, resulting in a ban due to Wine or Cedega being a Windows API compatibility layer for Linux, so it is considered third-party (cheating) software by the game's server.
- Biometric passport
- Cryptographic hash function
- Intel Upgrade Service
- License manager
- Product activation
- Serial number
- Software license server
- Volume license key
- Chang, Hoi; Atallah, Mikhail J. (2002). "Protecting Software Codes by Guards". Security and Privacy in Digital Rights Management. Springer. p. 160-175. ISBN 978-3-540-47870-6.
- Australian Pandora Tomorrow CD-Key Problems Shack News
- "Valve suspends 20,000 Steam accounts". GameSpot. Retrieved 2013-05-15.
- Blizzard Unbans Linux World of Warcraft Players Softpedia
- "Linux users banned from Diablo 3- End Gamers". Archived from the original on 2012-07-10. Retrieved 2012-08-14.