One of my customers wants me to make sure that noone can take his data
and open it up on another computer.

The files are encrypted, but could be opened if someone brought them to
another computer AND had a valid password.

So he wants me to provide some additional security.  I want to tie the
password file to his computer.  I do have a backdoor to that file, but
it is safe because that password changes every day, so if his computer
crashed and he had to use backups to install on another computer, I
could always do that.

So how do I tie a single data file to a specific hard drive or computer?
There must be some kind of code snippet somewhere......


Jerry

Could you just hash his password with the mac address of the network card?
He'd have to remember it (have it recorded) in case his computer toasted,
but that's pretty specific.

You could even wire it up so you don't ever have to know it -- let him know
it keeps it safe from you, too.  So, the other person would have to know the
password and his mac address; or SID or both or whatever.

Just as an FYI, I have a fingerprint reader built-in on my laptop (they have
externals too).

Pretty nice, very reliable and it lets me have a 30 character password,
because I never have to use it.  I have a "My Safe" on my desktop that I
can't get into unless I imprint and then I can open it up.

"Jerry Blumenthal" <jerry@blumenthalsoftware.com> wrote in message
news:4557A69D-94E6-49E4-BB84-FF66E98D94BF@news.elevatesoft.com...
> One of my customers wants me to make sure that noone can take his data and
> open it up on another computer.
>
> The files are encrypted, but could be opened if someone brought them to
> another computer AND had a valid password.
>
> So he wants me to provide some additional security.  I want to tie the
> password file to his computer.  I do have a backdoor to that file, but it
> is safe because that password changes every day, so if his computer
> crashed and he had to use backups to install on another computer, I could
> always do that.
>
> So how do I tie a single data file to a specific hard drive or computer?
> There must be some kind of code snippet somewhere......

What I need is the code snippet that lets me get that MAC address or
lets me ID the hard drive.  Once I have a function like Get_CPU_ID or
something like that, I can encrypt it and create an extra field in the
table's record, store the encrypted ID in that field, and then refuse to
 use the other data in the record if that ID doesnt match.

So if you have a function to get the mac address, please let me know
what it is.

Re the fingerprint:  his concern is that some employee who is authorized
and has a password and a valid fingerprint access will then make a copy
somehow of the data files, either by burning a CD, or by emailing them,
etc...

Jerry



Jerry Hayes wrote:
> Could you just hash his password with the mac address of the network card?
> He'd have to remember it (have it recorded) in case his computer toasted,
> but that's pretty specific.
>
> You could even wire it up so you don't ever have to know it -- let him know
> it keeps it safe from you, too.  So, the other person would have to know the
> password and his mac address; or SID or both or whatever.
>
> Just as an FYI, I have a fingerprint reader built-in on my laptop (they have
> externals too).
>
> Pretty nice, very reliable and it lets me have a 30 character password,
> because I never have to use it.  I have a "My Safe" on my desktop that I
> can't get into unless I imprint and then I can open it up.
>
> "Jerry Blumenthal" <jerry@blumenthalsoftware.com> wrote in message
> news:4557A69D-94E6-49E4-BB84-FF66E98D94BF@news.elevatesoft.com...
>> One of my customers wants me to make sure that noone can take his data and
>> open it up on another computer.
>>
>> The files are encrypted, but could be opened if someone brought them to
>> another computer AND had a valid password.
>>
>> So he wants me to provide some additional security.  I want to tie the
>> password file to his computer.  I do have a backdoor to that file, but it
>> is safe because that password changes every day, so if his computer
>> crashed and he had to use backups to install on another computer, I could
>> always do that.
>>
>> So how do I tie a single data file to a specific hard drive or computer?
>> There must be some kind of code snippet somewhere......
>
>

http://bdn.borland.com/article/0,1410,26040,00.html

But I'm not sure about the "extra field" part -- why use that instead of the
password for the table?  What keeps the user from copying the file and then
looking at other data besides the MAC field?

Jerry,

Look at the OnGuard routines from TurboPower...
the software is now open source and available no charge.

http://sourceforge.net/projects/tponguard


Jon

Jerry Blumenthal wrote:
> One of my customers wants me to make sure that noone can take his data
> and open it up on another computer.
>
> The files are encrypted, but could be opened if someone brought them to
> another computer AND had a valid password.
>
> So he wants me to provide some additional security.  I want to tie the
> password file to his computer.  I do have a backdoor to that file, but
> it is safe because that password changes every day, so if his computer
> crashed and he had to use backups to install on another computer, I
> could always do that.
>
> So how do I tie a single data file to a specific hard drive or computer?
> There must be some kind of code snippet somewhere......
>
>
> Jerry

Jerry Hayes wrote:
> http://bdn.borland.com/article/0,1410,26040,00.html
>
> But I'm not sure about the "extra field" part -- why use that instead of the
> password for the table?  What keeps the user from copying the file and then
> looking at other data besides the MAC field?
>
>


The file is password protected.  It can only be opened with the
password, which is embedded in a program that will show only certain
fields in the records.  Effectively, the extra field is hidden.

If the user copies the file, he still cant look at other data without
that program.

But even if he did, suppose the serial# is ABC123.  But when encrypted
and stored it comes out to 123456qwert09976.  He is not going to be able
to move that file to another computer and know how to send a decrypted
serial# to match the one on the new computer.

I would prefer to put the extra field into the file header, but that's a
lot of trouble, and I dont know how; Tim would probably yell at me.
Besides, the extra field approach should work. I'm not looking for
government level security, just to prevent an employee from messing
around when he has no right to do so.

Jerry

Actually I purchased those routines years ago before TP went out of the
Delphi business.  I didnt know that they included machinery methods;
I'll have to look.  Thanks.

Jerry



Jon Lloyd Duerdoth wrote:
> Jerry,
>
> Look at the OnGuard routines from TurboPower...
> the software is now open source and available no charge.
>
> http://sourceforge.net/projects/tponguard
>
>
> Jon
>
> Jerry Blumenthal wrote:
>> One of my customers wants me to make sure that noone can take his data
>> and open it up on another computer.
>>
>> The files are encrypted, but could be opened if someone brought them
>> to another computer AND had a valid password.
>>
>> So he wants me to provide some additional security.  I want to tie the
>> password file to his computer.  I do have a backdoor to that file, but
>> it is safe because that password changes every day, so if his computer
>> crashed and he had to use backups to install on another computer, I
>> could always do that.
>>
>> So how do I tie a single data file to a specific hard drive or computer?
>> There must be some kind of code snippet somewhere......
>>
>>
>> Jerry

Jerry,

There's definitely a routine that creates a fingerprint for a machine
based upon a number of characteristics.  You could use this fingerprint
to create the kind of thing you have in mind.

Jon

Jerry Blumenthal wrote:
> Actually I purchased those routines years ago before TP went out of the
> Delphi business.  I didnt know that they included machinery methods;
> I'll have to look.  Thanks.
>
> Jerry
>
>
>
> Jon Lloyd Duerdoth wrote:
>> Jerry,
>>
>> Look at the OnGuard routines from TurboPower...
>> the software is now open source and available no charge.
>>
>> http://sourceforge.net/projects/tponguard
>>
>>
>> Jon
>>
>> Jerry Blumenthal wrote:
>>> One of my customers wants me to make sure that noone can take his
>>> data and open it up on another computer.
>>>
>>> The files are encrypted, but could be opened if someone brought them
>>> to another computer AND had a valid password.
>>>
>>> So he wants me to provide some additional security.  I want to tie
>>> the password file to his computer.  I do have a backdoor to that
>>> file, but it is safe because that password changes every day, so if
>>> his computer crashed and he had to use backups to install on another
>>> computer, I could always do that.
>>>
>>> So how do I tie a single data file to a specific hard drive or computer?
>>> There must be some kind of code snippet somewhere......
>>>
>>>
>>> Jerry

Jerry,

You could use the file description field to store some sort of encrypted
string.

Jon

Jerry Blumenthal wrote:
> Jerry Hayes wrote:
>> http://bdn.borland.com/article/0,1410,26040,00.html
>>
>> But I'm not sure about the "extra field" part -- why use that instead
>> of the password for the table?  What keeps the user from copying the
>> file and then looking at other data besides the MAC field?
>>
>>
>
>
> The file is password protected.  It can only be opened with the
> password, which is embedded in a program that will show only certain
> fields in the records.  Effectively, the extra field is hidden.
>
> If the user copies the file, he still cant look at other data without
> that program.
>
> But even if he did, suppose the serial# is ABC123.  But when encrypted
> and stored it comes out to 123456qwert09976.  He is not going to be able
> to move that file to another computer and know how to send a decrypted
> serial# to match the one on the new computer.
>
> I would prefer to put the extra field into the file header, but that's a
> lot of trouble, and I dont know how; Tim would probably yell at me.
> Besides, the extra field approach should work. I'm not looking for
> government level security, just to prevent an employee from messing
> around when he has no right to do so.
>
> Jerry

Jerry:
You've touched on one of key shortcomings of the modern PC ... stuff fails!.  If
you tie your data to the MAC address of one machine (and several of the methods
cited are not foolproof - see my experience below) and if the user has to change
out his Ethernet adapter, then how do you propose the user will be able to
access his own data?  This hardware identity issue is a constant struggle in
software licensing.

Another approach you might consider would be to encode the data and have the
encryption/decryption provided by a small service program that runs on the
"intended" user's machine.  The service program could communicate via messaging
with your application and provide the real-time encryption/decryption.  If
another user attempted to view the data from another machine then the data is
meaningless.  The "thief/casual user" would have to obtain all three
components - the service program, your application and the data.  This approach
does not depend on hardware and is portable to different environments.

On the issue of MAC addresses, I have had some interesting experiences with all
the methods cited in this thread.  One thing I would like to suggest to everyone
who relies on any of the NetBIOS methods, is to test your application using the
following approach:
1.    - Cold boot the target machine and immediately run your application -
hopefully you will obtain the correct results.
2.    - Perform a "Log Out"/"Log In" without a cold boot in between then run
your application and check your results.  I have experienced different NetBIOS
results being received in this situation.  It can depend on the machine's BIOS,
network adapter, protocols and even the protocols running on a remote server
where the station might map a network drive.

In short - be careful when using MAC addresses and ensure that you provide
fall-back methods - you are likely to need them.

--
.... Norm

Norman W. Clark, Clark-Tech Inc.
nclark@clark-tech.com
www.clark-tech.com
www.smbproducts.com

"Jerry Blumenthal" <jerry@blumenthalsoftware.com> wrote in message
news:44977079-8F44-47D4-8BF1-3D257DEACEC6@news.elevatesoft.com...
> What I need is the code snippet that lets me get that MAC address or lets me
> ID the hard drive.  Once I have a function like Get_CPU_ID or something like
> that, I can encrypt it and create an extra field in the table's record, store
> the encrypted ID in that field, and then refuse to use the other data in the
> record if that ID doesnt match.
>
> So if you have a function to get the mac address, please let me know what it
> is.
>
> Re the fingerprint:  his concern is that some employee who is authorized and
> has a password and a valid fingerprint access will then make a copy somehow of
> the data files, either by burning a CD, or by emailing them, etc...
>
> Jerry
>
>
>
> Jerry Hayes wrote:
>> Could you just hash his password with the mac address of the network card?
>> He'd have to remember it (have it recorded) in case his computer toasted, but
>> that's pretty specific.
>>
>> You could even wire it up so you don't ever have to know it -- let him know
>> it keeps it safe from you, too.  So, the other person would have to know the
>> password and his mac address; or SID or both or whatever.
>>
>> Just as an FYI, I have a fingerprint reader built-in on my laptop (they have
>> externals too).
>>
>> Pretty nice, very reliable and it lets me have a 30 character password,
>> because I never have to use it.  I have a "My Safe" on my desktop that I
>> can't get into unless I imprint and then I can open it up.
>>
>> "Jerry Blumenthal" <jerry@blumenthalsoftware.com> wrote in message
>> news:4557A69D-94E6-49E4-BB84-FF66E98D94BF@news.elevatesoft.com...
>>> One of my customers wants me to make sure that noone can take his data and
>>> open it up on another computer.
>>>
>>> The files are encrypted, but could be opened if someone brought them to
>>> another computer AND had a valid password.
>>>
>>> So he wants me to provide some additional security.  I want to tie the
>>> password file to his computer.  I do have a backdoor to that file, but it is
>>> safe because that password changes every day, so if his computer crashed and
>>> he had to use backups to install on another computer, I could always do
>>> that.
>>>
>>> So how do I tie a single data file to a specific hard drive or computer?
>>> There must be some kind of code snippet somewhere......
>>
>>
>
>