Before reading the rest of this page, make sure you understand what an Authorization Definition is, what an Authorization Request Code is and what a Code Exchange is. If not, please read Authorization Definitions, Authorization Request Codes and/or Code Exchanges.

Activation Codes are 16 digit alpha-numeric codes which have the exact same format as Authorization Request Codes (1234-5678-90AB-CDEF). These codes are generated by you using either the Manual-Activator or the Web-Activator. They are input by your user through your software into the ClientProtector which uses them to activate an Authorization Definition.

Activation Codes contain a few pieces of information which is encrypted in two layers. The first layer of information is a composition of three pieces of data which is compressed together and encrypted using the Authorization Definition Password for the specific Authorization Definition to which it applies. The information inside the first layer is:

1. An Authorization Definition Parameter Value if necessary.

2. The Shelf-Life expiration date if necessary.

3. The requesting machines FingerPrint if necessary.

Once encrypted, this first layer is appended to one more piece of information, the Authorization Definition ID for which the code is to operate. The resulting data is then encrypted one more time using the Global Authorization Definition Password. The following diagram may make the internal structure of an Activation Code clearer. Although you do not need to know exactly how it is constructed, this information goes a long way to helping you understand the way Activation Codes work.

All encryption in GameShield is performed using the BlowFish algorithm (256 bit) which is well known to be secure and fast. Due to the nature of the encryption, changing bits in specific locations (as noted above), does not only impact those bits changed - changes are commutative and in all likelihood, a change to a single bit the Activation Code will affect the rest of the bits. Knowledge of how the Activation Code is constructed internally does not weaken the implementation.

Some Activation Codes correspond to Authorization Definitions which are defined as Single-Use. Once the generated Activation Code is used on a given system - it can never be reused on that same system.

Some Activation Codes have the option of a Shelf-Life wherein the code must be used - or it will expire. Codes not used within their shelf-life are expired and will not work on any system whatsoever. You have the option of changing or omitting the shelf-life for any code which provides this option. You also have the option at the time you generate an Activation Code with the Manual Activator to override the shelf-life and make it as long or as short as you like (or omit it completely).

Activation Codes are provided from you and directly input into your software by your users and interpreted through your application by the ClientProtector component primarily using the function InputActivationCode. However, in some cases the events OnAttemptReleaseCP and OnAttemptRecover may indirectly allow you to input Activation Codes received from your user.

The ClientProtector interprets an Activation Code by first decrypting it. It then validates that it is a valid code, valid for this specific license, and valid for this specific machine (if FingerPrinting is enabled). If it passes all these validation tests, the main license file and all alias files are updated to include this new information (see Authorization Definition Activation in this Feature Guide for more information).

Once you have successfully processed your customers payment, you may generate an Activation Code and provide it to them to unlock the software, release some feature, add prepaid uses, or whatever else you have designed into your licenses Authorization Definitions.

More Information

For help on actually generating Activation Codes, see either the GameShield Manual-Activator Reference or the GameShield Web-Activator Reference.

For help on inputting Activation Codes into the ClientProtector, see InputActivationCode in the ClientProtector Reference.

For help on responding to events fired from the ClientProtector (such as OnAttemptReleaseCP or OnAttemptRecover), see Creating a ClientProtector COM Event Sink in the ClientProtector Reference.