How to prevent usage of expired license through system clock tampering?
I am currently working on a license manager using java, I will be specifying a start and end date for my application so I can force a licensed user to re-license the program after a certain amount of time.
But the problem I am facing is that any one can roll-back their system date and time in order to maintain the validity of license. Is there any way in Java to detect the system date and time is changed. I have already tried Network Time Protocol to get the current date and time from a time server.
Answer
You likely are storing a license file on the system. a) include the time that the software was registered in the license file, b) digitally sign the file.
The digital signature will tell you if the license file was tampered with. If not, the time will tell you when the software was registered; if the "current time" is less than the registered time, your license manager knows something funny is going on and it can respond according (refuse to run, delete the license, ...
If you really want to enforce the date range, write the current time on each program execution to a separate digitially signed file, verifying that time always goes monotonically up.
You can also check your last recorded time against any files your application writes-then-reads. Such a file with a date later than your last recorded time indicates some kind license-file rollback.
These wont stop the user from setting the clock back some, but it will make it pretty hard for him to do this in an organized way.