With any subscription based service, particularly SaaS, companies (like Netflix and Adobe Creative Cloud) are dealing with the problem of account subscription sharing. A user can begin a subscription and give another user their login credentials. So how can we mitigate, or better yet, prevent subscription sharing for subscription based services?
In this blog post, we’ll look at strategies to mitigate and prevent subscription sharing between users.
This is a guide on how to mitigate sharing access and stealing your business subscription revenue by preventing account sharing for subscription based businesses and websites.
The PubNub Data Stream Network provides a set of core “building-block” services that can be used to build and scale a wide range of applications. PubNub provides a reliable geo redundant signaling solution (WebSockets, XMPP, BOSH, Comet, HTTP Long-polling, etc.) with many design patterns and over 70 SDKs to fit your growing business needs including Android Java, iOS Objective-c and JavaScript Web/Mobile.
In this document, we will describe to you a growing demand for a new security pattern being requested by security focused businesses. This Design Pattern document describes a unique technique and business solutions around a customers requirement to have one connection, and one connection only, per authenticated user when using a Data Stream Network similar to C# .NET SignalR, SocketIO / SocksJS for Node.JS JavaScript.
The use-cases can vary. Maybe its a music-streaming product, like Spotify, that would like its users to use it services locked to one device only and hence will log-off the user already signing in. Maybe it’s a hotel-chain that wants its guests to only be able to use one card key for one room and hence will not allow any new keys to be set.
We’ve had this conversation many times here at PubNub and there are many more business-driven scenario which will derive value from our point solution design pattern. Does any of that sounds familiar?
You are now ready to make a decision between two business rules to follow when restricting access to users who share their security login credentials. When a user is authenticated by your identity management system, you will have two choices on how to proceed with granting access through your subscription paywall.
Option One is to remotely force logout any devices associated that have been granted access to the subscription service. Option Two is to block access to subsequent login attempts while another use is online and logged in on another device.
You would like to always accept new logins by revoking previous login sessions and issuing new access keys. The new grant (the latest grant request) will be the only user who has account subscription access. You would like to deny and block access because another user has an existing session in use.
PubNub.Revoke({...})
from the previously granted access keys. This will force all remote sessions to be logged out in real time!PubNub.Grant({...})
– with a Session TTL of 1 Hour.PubNub.Publish({ … })
methods with user’s keys.Note in Step (2.4) – we ask you to generate a new channel name. However you may not need to generate a new channel name if the data stream source is a shared channel such as a stock quote symbol channel stream.
Any user who has a shared email/password will be blocked access while another user is using the subscription service. You can accomplish access blocking this by following these steps:
PubNub.Here_Now({ … })
on the associated User’s Channel Name to detect if there is an active device session subscribed.Both of the options above provide to you the necessary steps required to prevent subscription sharing for subscription based paywall websites and apps. These steps are generalized to control access and mitigate duplicated permission grants allowing you to manage access and deny request for access based on your business requirements.