Forging The Future 2/5/12 — 7:32 UTC

Consumer Nightmare: Quite inexplicably, a legally purchased copy of Windows Vista which used to activate and run flawlessly under both Bootcamp and VMware Fusion on a MacBook Pro decides that some combination of software bug patches and device driver upgrades has transformed its host hardware into a different computer on which its Vista license code may no longer be used since it was already in use on a different machine — never mind that it is still running off the same disk partition on the same physical computer.

We should all be quite sympathetic to Microsoft’s concerns about software theft, but it is unconscionable to employ an authentication system that causes legitimate End Users so much anguish.

Particularly irksome is the Vista Help System’s Activation FAQ which omits the all too common question of:

“What do I do if a previously activated copy of Vista has deactivated itself and online activation fails with an erroneous report that one’s license code is already in use on a different machine and can’t be reused?”

Over the Summer Microsoft Research in Cambridge presented some extremely impressive demos of the Windows 7 user interface, but if their new OS employs a similar activation scheme to that used in Vista, one would have to very seriously think twice before investing in the upgrade.

That means that it is in both Microsoft’s and its End Users’ best interest to find a more workable alternative. One that protects Microsoft’s IP Rights but recognizes the reality that today’s End Users frequently upgrade their hardware and move legacy operating systems into Virtualized environments possibly under other host operating systems.

This strongly suggests that Microsoft shouldn’t try to tie Windows licenses to particular hardware configurations.

The next Windows should instead be licensed for the use of a single copy at a time by a single individual on any current or future hardware or emulation software he or she may currently or subsequently own. If one needs to run multiple copies on different machines at the same time, that would call for multiple licenses.

This model corresponds to the real world notion of using a physical Key and its computing equivalent, the Dongle!

A dongle is a small plug that goes into a communications port on a computer like a USB jump drive that contains custom hardware to authenticate a user.

Granted that some early dongles were usability nightmares (e.g. they lacked the now common pass-through port allowing other devices to be connected through them). But much has been improved over the years and this technology has much to recommend it.

Indeed, today, a dongle could be designed as a cryptographic co-processor to improve user security, handle licensing management for 3rd party software, and automatically store and retrieve passwords to access secure web sites.

Such functionality would be seen as a major feature that would drive up system sales, particularly if any given copy of the OS would accept any licensed dongle.

Then if one had 3 family members, each could purchase a license dongle, which would unlock his or her personal file space and identity, or perhaps even temporarily and securely access a cloud-based home folder from a total stranger’s PC.

One could even imagine the development of families of dongles, where one could purchase one or two master dongles and several subordinate ones allowing parents to access their children’s accounts.

If the dongles also incorporated a fair amount of nonvolatile memory, additional OS version and 3rd party licenses could be burnt into them to avoid having a proliferation of dongles chained together. In effect, each user would have one master keychain to pop into a USB port in lieu of a traditional easily guessed password login.

Of course, a conventionally encrypted copy of such licensing and configuration data, protected with a really long and truly random password, could be stored by the system provider on a remote server which would also facilitate sharing protected files with friends, transferring licenses between individuals, and invalidating any stolen dongles’ encryption codes.

This would entail sharing keys or deleting license keys and passwords from one dongle while adding them to another as part of a single secure transaction as well as changing the password used to encrypt any online authentication credentials. This would also permit the True Owner of local content to use the online backup of a lost dongle’s codes to access his or her encrypted files long enough to re-encrypt them with a replacement dongle.

In effect, such an approach would limit any data loss/exposure or unauthorized software access to local content/credentials stored on devices that fell into the wrong hands along with one of the matching dongles with which such data was encrypted.

To eliminate this final risk, some dongles or devices could readily be augmented with fingerprint readers or some other form of biometric authentication control to offer industrial grade security at a premium price point.

Such scenarios would offer countless benefits for platform vendors and their loyal customers including new revenue streams from dongle sales & cloud based security services for the vendors and improved security & ease of use for their customers.

Of course in a world of new hardware devices of every imaginable form factor, with OS X and Linux steadily on the move, Windows 7 in final development, and Google’s own OS just around the corner it is just a matter of time before such innovations reach End Users!

This entry was posted on Saturday, July 11th, 2009 at 1:02 pm and is filed under Consumer Advocacy, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.