What is a node-locked license?
A node-locked license (also called a machine-locked or hardware-locked license) ties your software to a specific device. When a customer activates their license, it binds to their computer's unique hardware fingerprint. That license won't work on any other machine without transferring or deactivating it first.
This is the most common licensing model for individual software sales. When you buy a desktop app, game, or plugin for personal use, you're almost always getting a node-locked license. It's simple to understand: one license, one machine.
How node-locked licensing works
The technical flow is straightforward:
1. Hardware fingerprinting – When your software runs, it generates a unique identifier from the user's hardware. This fingerprint might combine the CPU ID, MAC address, disk serial number, motherboard identifier, or other stable hardware characteristics.
2. Activation binding – During activation, the license key gets associated with that specific hardware fingerprint on your license server. The server now knows this license belongs to this exact machine.
3. Validation – Each time the software launches, it regenerates the hardware fingerprint and checks it against what's stored. If the fingerprints match, the license is valid. If not, the software knows it's running on an unauthorized device.
4. Enforcement – What happens when validation fails is up to you. Most software shows an error and asks the user to activate properly. Some allow limited functionality. Others refuse to run entirely.
The key insight is that the license isn't just a string of characters; it's bound to physical hardware. A user can't simply share their key with a friend because the key is already tied to their machine.
Node-locked vs floating licenses
The main alternative to node-locked licensing is floating licensing (also called concurrent licensing). They serve different use cases.
| Aspect | Node-locked license | Floating license |
|---|---|---|
| Bound to | Specific device | Pool of concurrent users |
| Installation | One machine per license | Unlimited installations |
| Sharing | Not possible without transfer | Shared across organization |
| Offline use | Works offline after activation | Requires license server connection |
| Best for | Individual users | Teams and enterprises |
| Administration | Simple, self-serve | Requires capacity planning |
| Price point | Lower per-license cost | Higher total cost, better per-user value |
When to use node-locked licenses
Node-locked licensing makes sense when:
- You're selling to individuals rather than organizations
- Each customer needs dedicated, guaranteed access
- Offline operation is important
- You want to prevent casual license sharing
- Your software runs on a specific workstation (design tools, development environments)
- You're selling games, plugins, or personal productivity software
When floating licenses work better
Floating licenses are the right choice when:
- You're selling to teams or enterprises
- Users don't need the software simultaneously
- Customers work across multiple devices and locations
- You want to reduce license costs for large organizations
- The software requires network connectivity anyway
Many vendors offer both models. Node-locked for individuals, floating for teams. This covers the full market without forcing customers into a model that doesn't fit.
Benefits of node-locked licensing
Prevents casual sharing
The biggest advantage is piracy prevention. Without hardware locking, a customer could buy one license and share the key with everyone they know. With node-locking, the key only works on their machine. Sharing requires them to deactivate first, which most people won't bother doing.
This doesn't stop determined pirates, but it stops the casual sharing that costs indie developers real revenue. Your honest customers stay honest because sharing isn't convenient.
Simple for customers
Node-locked licenses are easy to understand. You buy the software, you activate it on your computer, you use it. There's no license server to configure, no concurrent user limits to manage, no network requirements after activation.
This simplicity reduces support burden. Customers rarely have questions about how their license works because the model is intuitive.
Works offline
Once activated, node-locked licenses typically don't need ongoing internet connectivity. The activation is stored locally, and validation happens against that stored data. Your software can work on air-gapped systems, during internet outages, or on laptops during flights.
This matters for professional tools where connectivity can't be guaranteed. Video editors working on location, developers coding on planes, security researchers in isolated environments; they all benefit from offline capability.
Lower infrastructure requirements
From a vendor perspective, node-locked licensing is simpler to operate than floating. You need a server for activation, but you don't need the real-time session tracking that floating licenses require. If your license server goes down briefly, existing users aren't affected because their activation is already stored locally.
Challenges of node-locked licensing
Hardware changes cause friction
When customers upgrade their computer, replace a failed component, or reinstall their operating system, their hardware fingerprint may change. Suddenly their license doesn't work anymore.
Good licensing systems handle this through: - Generous fingerprinting – Not requiring every hardware component to match, just enough to uniquely identify the machine - Automatic transfers – Allowing a limited number of hardware changes before requiring manual intervention - Self-serve deactivation – Letting customers release their old activation and reactivate on new hardware - Support processes – Having a way for customers to request license transfers when automation fails
Limits flexibility
Some customers want to use their software across multiple devices. A designer might work on a desktop at the office and a laptop at home. With strict node-locking, they'd need two licenses.
The common solutions are: - Multiple activations – Allow 2-3 activations per license for personal use across devices - Easy transfers – Make moving the license between machines painless - Floating option – Offer a floating license tier for users who need multi-device access
Doesn't suit all products
Node-locked licensing assumes there's a "device" to lock to. This works for desktop apps, games, and plugins. It's awkward for: - Cloud/SaaS applications – There's no client device to fingerprint - Mobile apps – Users expect their apps on all their devices automatically - Web-based tools – The "machine" is just a browser
For these products, user-based licensing (tied to accounts rather than devices) typically makes more sense.
Implementing node-locked licenses
The implementation details matter for security and user experience.
Hardware fingerprinting approaches
Your fingerprint needs to be: - Stable – Doesn't change unless hardware actually changes - Unique – Different for every machine - Accessible – Can be read without admin privileges - Tamper-resistant – Hard for users to spoof or manipulate
Common fingerprint sources:
| Source | Stability | Uniqueness | Notes |
|---|---|---|---|
| CPU ID | High | Good | Doesn't change, but VMs can share |
| MAC address | Medium | Good | Can be spoofed, may change with network adapters |
| Disk serial | High | Excellent | Stable, unique, but replacement changes it |
| Motherboard ID | High | Excellent | Very stable, tied to the actual hardware |
| OS installation ID | Medium | Good | Changes on reinstall |
Most systems combine multiple sources into a composite fingerprint, then allow for some variation. If 3 of 5 components match, it's probably the same machine.
Activation flows
The typical activation flow:
- User enters license key
- Software generates hardware fingerprint
- Software sends key + fingerprint to activation server
- Server checks if key is valid and not already activated elsewhere
- Server stores the fingerprint associated with this key
- Server returns success (or failure reason)
- Software stores proof of activation locally
For offline activation, you can use cryptographically signed license files. The user provides their fingerprint through a web portal, you generate a signed file they download and install. The software validates the signature and fingerprint match without contacting any server.
Handling edge cases
Real-world licensing needs to handle:
- VM migration – Virtual machines moving between hosts will change fingerprints
- Hardware failures – Users replacing broken components shouldn't lose their license
- Reinstalls – OS reinstallation may change some fingerprint components
- Corporate imaging – IT departments deploying identical system images
- Second-hand sales – Users reselling their license to someone else
A rigid system that locks forever to exact hardware will create support nightmares. Build in flexibility: allow a few activations per key, let users deactivate remotely, and have manual override processes for edge cases.
Node-locked licensing with LicenseSeat
LicenseSeat makes node-locked licensing straightforward:
Smart hardware fingerprinting – Our SDKs generate stable, unique fingerprints across Windows, macOS, and Linux. We combine multiple hardware signals and allow configurable tolerance for hardware changes.
Configurable activation limits – Set how many devices each license can activate. One for strict node-locking, or 2-3 for users who work across personal devices. Change limits anytime without reissuing keys.
Self-serve device management – Customers can view their active devices, deactivate old machines, and transfer licenses through a branded portal. No support tickets needed for routine hardware changes.
Offline activation support – Generate Ed25519-signed license files for air-gapped environments. Users activate once and never need network connectivity again.
Automatic device release – Optionally release inactive devices after a configurable period. If a customer's laptop dies and they can't deactivate it, the activation eventually frees up automatically.
Real-time activation analytics – See which devices are activated, when they last validated, and where they're located. Spot suspicious patterns like the same key activated in different countries simultaneously.
Common questions about node-locked licenses
How many activations should I allow?
For consumer software, 2-3 activations is typical. This accommodates a desktop and laptop without enabling abuse. For professional tools where users have dedicated workstations, 1 activation is common. For families or small teams, you might offer 5+ activations on a family/team license tier.
What happens when hardware fingerprint changes?
If you've configured tolerance for minor changes, small hardware updates won't affect the license. For major changes (new computer), the user either deactivates the old machine first or uses one of their remaining activations. If they've exhausted their activations, they contact support for a manual reset.
Can users transfer their license to someone else?
That's a business decision, not a technical one. You can allow transfers through your portal (deactivate everywhere, then new owner activates), or prohibit them in your terms. Some vendors allow one-time transfers, others don't allow any.
How do I handle pirates sharing cracked versions?
Node-locking stops casual key sharing, but determined pirates will crack your software regardless. The goal isn't perfect protection; it's making piracy inconvenient enough that most people pay. Focus on making legitimate purchase and activation as smooth as possible. People will pay for convenience.
Should I combine node-locking with online validation?
You can require periodic online check-ins even with node-locked licenses. This lets you catch revoked keys and provides usage data. But it adds a failure mode (what happens when your server is down?) and removes the offline benefit. Many vendors use node-locking for the anti-sharing benefit while staying primarily offline.
What about subscription licenses with node-locking?
They work together. A subscription license can still be node-locked to prevent sharing during the active subscription period. When the subscription expires, the node-lock becomes irrelevant since the license is no longer valid anyway.
The bottom line
Node-locked licensing is the default choice for individual software sales. It's simple for customers to understand, prevents casual sharing without intrusive DRM, works offline, and requires minimal infrastructure to operate.
The main trade-off is flexibility. Customers who want to use your software across multiple devices need either multiple activations per license or a floating license option. Hardware changes require activation transfers.
For games, plugins, desktop applications, and developer tools sold to individuals, node-locked licensing hits the sweet spot between protection and user experience. Combined with reasonable activation limits and self-serve device management, it keeps honest customers honest without making them jump through hoops.
LicenseSeat handles all the complexity of node-locked licensing: fingerprinting, activation, device management, and offline support. You focus on building your software; we handle the infrastructure that turns it into a product.