There are many, many, many protections available. The key is:

• Assessing your target audience, and what they're willing to put up with
• Understanding your audience's desire to play with no pay
• Assessing the amount someone is willing to put forth to break your protection
• Applying just enough protection to prevent most people from avoiding payment, while not annoying those that use your software.

Nothing is unbreakable, so it's more important to gauge these things and pick a good protection than to simply slap on the best (worst) protection you are able to afford.

• Simple registration codes (verified online once).
• Simple registration with revokable keys, verified online frequently.
• Encrypted key holds portion of program algorithm (can't just skip over the check - it has to be run for the program to work)
• Hardware key (public/private key cryptography)
• Hardware key (includes portion of program algorithm that runs on the key)
• Web service runs critical code (hackers never get to see it)

And variations of the above.

-Adam

Whatever route you go, charge a fair price, make it easy to activate, give free minor updates and never deactivate their software. If you treat your users with respect they'll reward you for it. Still, no matter what you do some people are going to end up pirating it.

We license our commercial software using our own licensing system - which is what we are selling (license management tools). We generally sell subscription licenses, but can also sell based on usage if we wish. It has been secure for us so far: www.agilis-sw.com

Software protections aren't worth the money -- if your software is in demand it will be defeated, no matter what.

That said, hardware protections can work well. An example way it can work well is this: Find a (fairly) simple but necessary component of your software and implement it in Verilog/VHDL. Generate a public-private keypair and make a webservice that takes a challenge string and encrypts it with the private key. Then make a USB dongle that contains your public key and generates random challenge strings. Your software should ask the USB dongle for a challenge string and send it up to the server for encryption. The software then sends it to the dongle. The dongle validates the encrypted challenge string with the public key and goes into an 'enabled' mode. Your software then calls into the dongle any time it needs to do the operation you wrote in HDL. This way anyone wanting to pirate your software has to figure out what the operation is and reimplement it -- much harder than just defeating a pure software protection.

Edit: Just realized some of the verification stuff is backwards from what it should be, but I'm pretty sure the idea comes across.

Given a little time your software will always be cracked. You can search for cracked versions of any well known piece of software in order to confirm this. But it is still well worth adding some form of protection to your software.

Remember that dishonest people will never pay for your software and always find/use a cracked version. Very honest people will always stick to the rules even without a licensing scheme just because that is the kind of person they are. But the majority of people are between these two extremes.

Adding some simple protection scheme is a good way of making that bulk of people in the middle act in an honest way. It is a way to nudge them into remembering that the software is not free and they should be paying for the appropriate number of licenses. Many people do actually respond to this. Businesses are especially good at sticking to the rules because the manager is not spending his/her own money. Consumers are less likely to stick to the rules because it is their own money.

But recent experience with releases such as Spore from Electronic Arts shows that you can go to far in licensing. If you make even legit people feel like criminals because they are constantly being validated then they start to rebel. So add some simple licensing to remind people if they are being dishonest but anything more than that is unlikely to boost sales.

Don't.

Pirates will pirate. No matter what solution you come up with, it can and will be cracked.

On the other hand, your actual, paying customers are the ones who are being inconvenienced by the crap.