Certificates - Restricted Publication Tools

Applies to HTML Viewer, IE Browser publications.

imgYou (for example if you are an author/publisher who wants to sell his/her ebooks) can easily turn your publication into a demontration or trialware: this tab lets you create a trial or restricted publication, that means a publication with limited functionality (time-bombed publication for instance: it works only for a given number of days), unless your end users register it (i.e. purchase a key from you to access the unlocked/full publication) or activate it.

In the "Security|Trial Publication Tools" tab, turn "Create a restricted publication" on as shown below: this option will generate a restricted publication.

img

imgTrial publications work with certificates: a security certificate is like a door into your publication. Like a physical door, these entrances to your publication can let certain people (the ones with the right key) enter. Only those who pay for your work can get a registration key.

Every certificate has a unique signature. This is what HTML Executable uses to create keys associated to your certificate. The unique signature is strictly confidential: you should never give it to anyone.

A special security certificate, called the Default certificate, works a little differently. Used for evaluation versions of publications, this certificate does not use keys, which allows end users to access your publication even when they don't have a key for your program. The default certificate is mandatory. When the default certificate is active, the publication works in the Trial mode.

Except for the default certificates, other certificates should be used for registered versions of publications. When a certificate other than the default one is active, the publication works in the Registered mode.

Trial and registered modes are used by some features of the publications: the About box will display a "Trial: please register this program..." statement in the Trial mode while it will show "This program is registered to ..." when working in the Registered mode. Also, you have the option to lock HTML pages, thanks to the features of the security profiles.

img

You may therefore create different registered versions of a single publication:

  • for each registered version, you can define which pages are unlocked thanks to the Security Profiles.

  • some registered versions could also have an expiration date. After this date, your user would need a new key.

imgYou can manage the certificates of your publication by going to the "Security|Trial Publication Tools" tab.

Configuring certificates

Each certificate has properties that you can configure by selecting the certificate and double-clicking it (or clicking the Configure button). The following window will appear:

img

imgExcept the Default certificate, each certificate has a unique signature as explained above. You can enter what you want or let HTML Executable create a unique key for you by clicking New Key.

imgChanging the unique signature will automatically invalidate any older keys that you generated and distributed to your users.

imgYou can forbid the entire access to your publication if the user is not registered (no evaluation is possible): just enable "Do not allow access to the publication without prior registration". This option is only available for the Default certificate. It always displays a nag screen called the "Unlock screen" at startup; this dialog box (that you can customize according to your needs) allows users to enter their key and unlock the publication.

imgCertificates can expire: you can specify the number of days or allowed runs for the evaluation period (the certificate will work during this period and it will stop working after that).

  • For the default certificate which is designed for trial purposes, the evaluation period starts when the publication is run for the first time by the end user.

  • For other certificates, the evaluation period starts when the end user enters a key.

You can either create X-day trial periods or X-use ones. Just select the expiration mode you want using the list: "days" or "runs". Note that changing the expiration mode may require you to reset trial information on your system (on the Publication Output Filename tab, select Reset Settings).

For the number of runs, do not forget that the first run actually counts! If you wish to give 5 additional runs to the user after the first run, then enter 6 runs instead of 5.

imgWarning: avoid using expiration features for a portable publication. In fact, portable publications store their settings on the USB disk. Consequently, trial settings are saved on the disk too: an end user could easily reset his trial period by removing the settings files. For portable publications, you should forbid the entire access as explained above or use Security Profiles to partially lock your publication.

imgWhen the default certificate has expired, end users cannot access to the publication anymore. They have to enter a key to upgrade to another certificate than the default one.

When a certificate other than the default one has expired, it can optionally revert to the default certificate: to allow this behavior, enable the "Revert to the default certificate if expired" option. Otherwise end users cannot access to the publication anymore.

When a certificate has expired, the nag screen (if enabled) will display an error message: you can change this error message or let HTML Executable use the default one. If the nag screen is not enabled, a standard message box will appear. Then the publication exits.

nag screen

imgThe nag screen invites your end users to register the publication (i.e. pay the registration fee to you). It can also let them enter their key or activate the publication, go to the online purchase page or evaluate your publication. You can enable or disable it thanks to the "Show the nag screen at startup" option:

  • Never: the nag screen is never displayed. This is not recommended if your certificate has an expiration date; however use this choice for registered versions as you should never display a nag screen in a registered version of your publication.

  • Only if certificate expired: the nag screen will pop up only if the certificate expired. In this case, it allows end users to enter a key to upgrade to another certificate. However if the certificate is still active, then the nag screen is not displayed.

  • Always: the nag screen is always displayed at startup. Recommended for the default certificate only.

You need to specify a URL to your online order page where end users may place their order so they can get the registration key. In the nag screen, end users can click the "Order Online" button which will open this URL.

Activating a certificate

imgTo allow an end user to upgrade to a certificate other than the default one, you either need to distribute a key to him/her or offer online activation. A key allows the associated user to activate a given certificate and unlock its features (these features can be configured with security profiles). Online activation actually downloads the key from a remote server.

HTML Executable offers two methods to activate a certificate:

img Registration Keys

End users need a registration key in order to unlock a registered certificate. After purchase, you generate a registration key for the user directly from HTML Executable (with the Make Key in the Restricted Publications tab) or with a key generator script. You provide this registration key to your user and he can enter it in the program like on the screen below:

enter registration key

Besides, you can create hardware-locked keys: to prevent end users from distributing their key to others or to avoid fraudulent purchases, you can configure the certificate to work with hardware-locked keys. In this case, the key issued to a registered user will be based on a unique identifier that depends on the user's computer hardware. The key will consequently only work on the user's computer and it becomes useless if it is shared with other persons.

If you enable this option, your users must also give you their system ID when they place their order. This system ID is automatically displayed on the nag screen/unlock screen where end users must enter their key. When generating the key for the end user, you have to enter his system ID in the Key Generator or provide it to the key generator script too.

Note: these type of keys depend on the user's computer, so if users change their computer, reformat their disk (due to a crash), change the motherboard of their computer, the system ID will be different. In this case, the key won't work again: you will have to issue a new registration key to your users or provide them with an easy way to get a new one.

imgSee also: How to make keys and how to deliver keys online instantly with Paypal

img Online Activation

This method lets you control who can run your ebook and on which computer. It needs a remote server with the HTML Executable Activation Kit installed on it. Registration information is directly downloaded from the server by the publication.

See how online activation works

You have to provide the URL to the activation kit installed on your server. For instance, if you installed the activation kit in a subfolder named "activation", the URL would be http://www.yourdomain.com/activation/

Finally, some users may not have an active Internet connection. If you wish to allow manual registration, enable the option. This manual method works exactly like for registration keys above. In that case, you must be prepared to accept requests from these users without any Internet connection.

Deactivating a certificate - remove registration key

imgYour users can now revoke their registration key definitively on a given computer. For instance, you have a client who wants to move his registered publication to another PC and you want to force him to delete the publication and activation (i.e. the registry settings) from the current PC. You also need proof from him that he has done this before supplying him with a new activation key for the other PC. Another possible case: refund requests.

imgIf you enable deactivation for a certificate, the end user can uninstall his registration data (registration key or activation) and receive a unique uninstall confirmation code in exchange. He can then send you this code as proof for a refund or a new key issue.

To remove his registration key, an end user must launch the publication EXE file with the deactivate parameter (for instance, using the Windows Start -> Run command).

Syntax: PUBFILE.EXE deactivate

imgHe will have to confirm his request. After that, his registration key is invalidated, a message box with the uninstall confirmation code is shown (the code is also copied to the Windows clipboard so the user can paste it in an email for instance) and the publication closes. The publication automatically reverts back to the Default certificate and expires immediately if the user tries to run the publication again.

imgTo verify the integrity of the uninstall confirmation code, you can use the scripts (C#, php...) we provide to our registered users in addition to the key generator scripts.

Hints about creating trial publications

  1. You may not set up an evaluation period for the Default certificate: in this case, the publication will always offer an evaluation mode unless you enable "Do not allow access to the publication without prior registration" as explained above. Nevertheless you can lock some pages (using security profiles) so they may be accessible only upon registration (for instance, an ebook where end users must pay to access to the remaining chapters).

  2. If you do not want to allow an evaluation period at all, once again enable "Do not allow access to the publication without prior registration" as explained above; or alternatively you can just set the number of days to "0" for the Default certificate. In this case, a publication can only work if your user upgrades to another certificate (i.e. enters a key).

  3. You can always lock crucial HTML pages using the Security Profiles or add more restrictions using HEScript scripts.