LOCATION DRIVEN SOFTWARE LICENSING

Information

  • Patent Application
  • 20170041326
  • Publication Number
    20170041326
  • Date Filed
    August 04, 2015
    9 years ago
  • Date Published
    February 09, 2017
    7 years ago
Abstract
location based licensing of software on a computer. A given software product has certain locations or regions authorized. While the computer executing the software remains within the authorized region or regions, at least one factor in a multi-factor authorization scheme is satisfied, and software remains licensed and operational. When the computer is removed from these regions, the software is not licensed and is prevented from executing. The check for location occurs periodically such that were the computer moving, the license status of the software dynamically updates. When going to a new region where a license has not been previously purchased, the system prompts the user to purchase a license for that new region. Upon purchase, the software continues to operate as previous.
Description
TECHNICAL FIELD

The invention relates to software licensing, security and authentication, and in particular, method and system for location-driven software licensing.


BACKGROUND

There is an ever-increasing demand for security in the current digital age. In particular, companies, such as software licensors, regard the protection of software as an important priority. For example, avoiding exploitation of software on a computer can recover lost profits for the software author. However, licensing schemes, especially those using multi-factor authentication, are often intrusive and burdensome to the user experience. Accordingly, it has been difficult to identify a means to avoid exploitation without putting an undue burden on the user experience.


SUMMARY

Embodiments of the invention include a method for enabling location based licensure of software. The method beginning with first periodically determining the location of a device having software. Then, generating a license policy for the software, the license policy differentiating between a plurality of defined spatial regions for which licensure of the software is available and wherein the device is licensed to execute the software in at least a first defined spatial region. Next enforcing the license policy such that the device is not enabled to execute the software if the device is located in one of the defined spatial regions that has not been licensed to execute the software according to the license policy.


Later, there is acknowledgement that the device had left the first defined spatial region and entered a second spatial region. When the device leaves a licensed region, executing the software is disabled and the user of the device is prompted to purchase an amendment to the license policy such that the device is licensed to execute the software in the second defined spatial region. Finally, if the user purchased an amendment to the license policy, enforcement at least partially enables the software to execute on the device if the user purchased the amendment.


Another embodiment of the invention includes a system for enabling location based licensure. The system includes a license specification. The license specification manages a licensure policy for digital goods stored on a device, wherein the licensure policy includes predetermined terms and conditions and with personal predetermined rights for the execution of the digital goods on the device, said predetermined terms and conditions including a defined spatial region in which the digital goods are licensed to execute. The system further includes a license enforcement module. The license enforcement module stored on the device and for enforcing the licensure policy upon the digital goods.


Enforcement of the licensure policy includes at least partially enabling the digital goods according to personal predetermined rights while the device is located in the defined spatial region. The enforcement further entails disabling the digital goods according to personal predetermined rights while the device is located outside of the defined spatial region. The system also includes a location receiver communicatively coupled to the license enforcement module and for periodically providing the license enforcement module with location data for the device, the location data obtained from one or more sensors in communication with the device.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a block diagram of a preferred embodiment of the invention;



FIG. 2 is a flowchart depicting an embodiment of the method of the invention;



FIG. 3 is an illustration of the method of FIG. 2;



FIG. 4 is a flowchart illustrating license enforcement;



FIG. 5 is a flowchart depicting an embodiment of the invention using a distributed system;



FIG. 6 is an illustration of the method of FIG. 5;



FIG. 7 is a flowchart depicting an embodiment of the invention using a hot-spot device system;



FIG. 8 is an illustration of the method of FIG. 7:



FIG. 9 is a block diagram of a computer including a location sensor.



FIG. 10 is a flowchart depicting an embodiment of location based licensure



FIG. 11 is an illustration of location based licensure;



FIG. 12 is a flowchart of a method to purchase location based licenses; and



FIG. 13 is a block diagram of a plurality of sensors available to computing devices.





DETAILED DESCRIPTION
Terminology

Brief definitions of terms, abbreviations, and phrases used throughout this application are given below.


For purposes of this disclosure the terms “software,” “licensable software,” and “digital goods” refer to applications, documents, executable code, programs, and records which are subject to licensing agreements.


For the purposes of this disclosure, the term “heartbeat” or “heartbeat check” as relating to software licensing refers to the act of checking on a key element of a license scheme periodically at predetermined intervals.


For purposes of this disclosure, the term “planned obsolescence” as relating to license codes refers to a license code which is only functional for a predetermined period of time. Embodiments of planned obsolescence comprise licensing where a different license code is required at each heartbeat check.


Token Based Licensing of Digital Goods


In embodiments of the invention a user brings a token within a proximity of a computer, and software on that computer is licensed to execute in a determined manner. Similarly, should the user take the token out of the proximity of the computer, the software is no longer licensed and may not execute in the previously enabled manner. Embodiments of this invention are optionally used as a sole enabling factor for software licensure, or as one factor in a multi-factor authentication (MFA) scheme.



FIG. 1 is a block diagram of a presently preferred embodiment of the invention. The invention includes a device 2 which is preferably handheld, mobile or easily portable. In embodiments of the invention, the device 2 is any of a key chain dongle, a cell phone, a PDA, or other suitable personal tokens known in the art.


The device 2 includes a device memory 4 containing operating software 6 and an license ID 8. The operating software 6 comprises of instructions and rules of the operation of the device 2. The license ID 8 is a unique identifier held by the device. The license ID 8 comes in multiple formats and is taught in additional detail below. The device 2 also includes a battery 10 and a wireless radio 12. These components transmit data and power as necessary through a device BUS 14. Those skilled in the art will realize a similar device is not limited to those components shown in FIG. 1


In embodiments of the invention, wireless radio 12 comprises and of a Bluetooth communicator, a near-field communicator, a WiFi communicator, or any other suitable limited range, wireless communication method known in the art. The wireless radio 12 establishes communication with a computer 16.


The computer 16 includes, among other things, a CPU 18, a user interface 20, a power source 22, a computer memory 24, a network interface 26 for connecting to the Internet and a computer wireless radio 28 for connecting to the device 2. The computer wireless radio 28 is not be necessary if the device 2 uses a wireless communication protocol similar to the means the computer 16 uses to communicate with the Internet. In that case, the network interface 26 alone is sufficient. These components transmit data and power as necessary through a computer BUS 30. Those skilled in the art will realize a computer is not limited to those components shown in FIG. 1


The computer memory 24 contains a few elements, those elements including, software 32, a license specification 34 and a license enforcement module 36. The software 32 is a computer program in which an author or user wants to regulate execution or access. The license specification 34 contains licensing information pertaining to the software 32 to be regulated. This information includes the name of the software, the version number, the number of copies (or instances) that have instructions that indicate are licensed, authentication information, and any other suitable metadata pertaining to how the software 32 is regulated. Some embodiments include the names of the parties who are licensed to execute or use the software 32. The license enforcement module 36 implements the logic in the license specification 34. The license enforcement module 36 also optionally verifies the authenticity of the license ID 8 of the device 2.


In some embodiments the software modules of FIG. 1 including the license specification 34 and the license enforcement module 36 exist as a single module or more modules than described. Additionally, In other embodiments, the software modules exists in part on the device 2 rather than the computer 16. Further, in still other embodiments, some of these modules 34, 36 are components of the licensed software 32.


The license ID 8 comes in multiple formats. Embodiments of the license ID 8 are a device ID. Examples of a device ID are any of serial numbers, MAC addresses, or other permanent to semi-permanent unique identifiers. Other embodiments of the license ID 8 are a software license key. Still other embodiments of the license ID 8 are an arbitrary code.


Another embodiment of the invention comprise a license ID 8 which is a morphing token. The morphing token receives periodic instructions to change in some manner. Without periodic instructions the morphing token either becomes outdated or obsolete (for lack of morphing instructions), or self-delete or self-mutilate. The periodic instructions are included on the device 2, in the operating software 6, or come from the Internet.



FIG. 2 is a flowchart depicting an embodiment of the method of the invention and FIG. 3 is an illustration of the method of FIG. 2. To begin, the device 2 is implanted with a license ID 8 (202). This is done by programming the device 2 with a code to use as a license ID 8, or the device 2 natively knows the code, and has instructions that indicate the known code is a license ID 8. In some embodiments, the device 2 is unaware of the known code is a license ID 8. Rather, the outside devices such as a computer 16 interpret the meaning of the known code.


The device 2 is next placed in proximity to a computer 16 including licensable software (204). The device 2 establishes a connection with the computer 16 (206). In some embodiments, multiple computers connect to the device 2 simultaneously. As an example, Bluetooth range is generally 10 meters, so as many computers 16 as fit within 10 meters connect to the device 2. Different wireless radios have varying ranges. If the wireless protocol is WiFi, there is 20-30 meters of range in which computers 16 connect to the device 2.


Once connected (208), the device 2 provides the license ID 8 to the connected computer 16 (210). Optionally, the computer 16 first requests the license ID 8 from the device 2 before the device 2 provides the license ID 8 to the computer 16. The computer 16, and software modules thereon, then use the license ID 8 as directed by other elements of the invention. After a given time elapses (212), the system again checks if the device 2 is still connected to the computer 16 (208). This check occurs using a heartbeat monitoring feature. If the connection persists, the license ID 8 remains with the computer 16 (210). If the connection has ended, the license ID 8 is revoked (214).


Revocation of the license ID 8 occurs in a variety of ways. In an embodiment the license ID 8 is revoked by the computer 16, or one of the software modules thereon, using instructions to delete the license ID 8 should the connection to the device 2 break. Another method to revoke the license ID 8 is to have the license ID 8 self-delete if the license ID 8 does not receive outside input instructing preservation. A third method of revoking the license ID 8 is for the license ID 8 to consistently change to function, and to cease changing when the connection between the device 2 and the computer 16 is broken.


As mentioned above, this method works while the device 2 is connected to a plurality of computers 16. In some embodiments, there are no additional verification steps before licensure of digital goods occurs. As an illustrative example, a teacher who carried a device 2 walks into a classroom where the device establishes connections with all of the student's computers 16, and the software on the student's computer's 16 is licensed to operate. Once the teacher, and by extension the device 2, left the classroom, the student's computers 16 no longer execute the software.


In another illustrative example, a system administrator who carries the device 2 roams a business freely, and when the administrator with the device 2 came within range of a computer 16 or group of computers 16, additional software features activate on those computers 16. When the administrator went to a different section of the business the software features deactivate.


Alternatively, in other embodiments, it is preferred for the device 2 to act as a single factor in a MFA scheme. In an illustrative example, a user walks into an Internet café carrying a device 2. All the computers 16 in the internet café become primed, but no software is licensed until the user enters in additional input such as any other suitable MFA factor known in the art, or disclosed herein. The software then remains licensed and operational until the user leaves the café and the device 2 leaves proximity with the computers 16 in the café.



FIG. 4 is a flowchart illustrating license enforcement. On the computer 16 storing licensable software 32 there are license enforcement 36 and license specification 34 modules. In operation, the license specification 34 provides logic for the license enforcement module 36 (402) which the license enforcement module 36 enforces upon users of the software (404). Subsequently a user brings a device 2 to pair with the computer 16 and the license ID 8 is sent to the computer 16. The modules 34, 36 receive the license ID 8 (406).


The license enforcement module 36 then verifies the authenticity of the license ID 8 (408). Given a valid license ID 8, the license specification 34 provides new logic to the license enforcement module 36 (410). The license enforcement module 36 then enforces the new logic on the software 32 (412). The license enforcement module additionally monitors the connection between the device 2 and the computer 16 as disclosed above (414). Should the connection between the device 2 and the computer 16 break, the license enforcement module 36 deletes the license ID 8 and enforce the original logic (416).



FIG. 5 is a flowchart depicting an embodiment of the invention using a distributed system, and FIG. 6 is an illustration of the method of FIG. 5. To begin, the device 2 is implanted with a unique ID 38 (502). This is done by programming the device 2 with a code to use as a unique ID 38, or the device 2 natively knows the code, and has instructions that indicate the known code is a unique ID 38. In some embodiments, the device 2 is unaware of the known code is a license ID 38. Rather, the outside devices such as a computer 16 interpret the meaning of the known code.


The device 2 is next placed in proximity to a computer 16 including licensable software (504). The device 2 establishes a connection with the computer 16 (506). In some embodiments, multiple computers connect to the device 2 simultaneously. As an example, Bluetooth range is generally 10 meters, so as many computers 16 as fit within 10 meters connect to the device 2. Different wireless radios have varying ranges. If the wireless protocol is WiFi, there is 20-30 meters of range in which computers 16 connect to the device 2. If the wireless protocol is near-field communication (NFC), there is less than a foot of range in which computers 16 connect to the device 2. Other examples include cellular protocol.


Once connected, the device 2 provides the unique ID 38 to the connected computer 16, which in turn provides the unique ID 38 to a cloud server 40 (508). Optionally, the computer 16 first requests the unique ID 38 from the device 2 before the device 2 provides the unique 38 ID 8 to the computer 16. The cloud server 40 then authenticates the unique ID 38 as the unique ID 38 pertains to software licensure and provides the computer with a license key 42 (510). The license key 42 enables the licensed software on the computer to perform according to a predetermined licensing scheme. After a given time elapses (514), the system checks again if the device 2 is still connected to the computer 16 (512). This check occurs using a heartbeat type monitoring feature. If the connection persists, the license key 42 remains with the computer 16 until the next check (512). If the connection has ended, the license key 42 is revoked (516).


Revocation of the license key 42 may occur in a variety of ways. In an embodiment the license ID 8 is revoked by the computer 16, or one of the software modules thereon, having instructions to delete the license key 42 should the connection to the device 2 break. Alternatively, the cloud server 40 issues instructions to the computer 16 to delete the license key 42. Another embodiment uses a morphing license key, having properties similar to the morphing token discussed above.


As mentioned above, this method works while the device 2 is connected to a plurality of computers 16. While connected to a cloud server 40, there are additional controls to the distribution of license keys 42. In an embodiment of the invention, the cloud server 40 only distributes a fixed number of keys at a time, or depends on another variable or factor before issuing a license key 42. Use of a distributed system with a cloud server 42 gives additional controls against exploitation because software activation or licensure is not dependent on the device 2 alone Despite the additional controls there is no additional interruption to the user of the digital good.


In an illustrative example, a new student walks into a university library carrying the device 2 which has the new student's student ID encoded therein. When the new student approaches a bank of computers 16, the device 2 connects to the computers 16 and transmits the student's ID to each of the computers 16. The student selects a computer 16 and attempts to use licensed software, the software, then unlicensed, contacts the cloud server 40 with the new student's unique ID 38, as well as the unique ID's 38 of other old students in the vicinity. The cloud server 40 knows that license keys 42 have been issued to all previous unique ID's 38 and the only new ID is that of the new student, so the cloud server 40 issues a license key 42 to the computer 16 that the new student has chosen. The software is then licensed to operate according to given parameters. When the student leaves the library, the cloud server 40 revokes the license key 42, or cause the license key 42 to be inoperable.


This illustration creates conditions for cases of harassment or exploitation where a malicious actor acquires the license key 42 associated with the new student before the new student was able. In such cases additional factors in a MFA scheme, such as a log on password, biometric authentication, or other challenge/response systems are inserted to prevent harassment.


In other illustrations the cloud server provides other types of regulation depending on numerous factors combined with the device's unique ID 38 including identification of the computer 16 paired with the device 2, the location of the computer 16, the Internet network the computer 16 was on, or any other suitable MFA factor known in the art. The differing types of regulation include issuing license keys 42 with differing permissions, or license keys 42 that enable differing digital goods.



FIG. 7 is a flowchart depicting an embodiment of the invention using a hot-spot device system, and FIG. 8 is an illustration of the method of FIG. 7. An alternate embodiment of the device 2, is a hot-spot device 44. A hot-spot device 44 is a similar personal token type item, which broadcasts an Internet signal. A common example of such a hot-spot device 44 is a smart phone which is enabled to rebroadcast the cell service signal received from the service provider, as a WiFi signal. Other types of hot-spot devices 44 are suitable so long as such hot-spot devices 44 are wireless personal tokens, capable of providing Internet connectivity to connected devices.


To begin, the hot-spot device 44 is placed in proximity to a computer 16 including licensable software (702). The computer 16 then establishes a connection with the hot-spot device 44, and subsequently the Internet (704). In an embodiment of the invention, multiple computers simultaneously connect to the hot-spot device 44. The computers 16 connect to the hot-spot device 44 as either an unsecured signal, or with a password. The hot-spot device 44 then retrieves a license key 42 from a cloud server 40 (706). The cloud server 40 is enabled to provide similar regulation to the licensed key distribution as disclosed above.


Once connected (708), the device 2 provides the license key 42 to the connected computer 16 (710). Optionally, the computer 16 first requests the license key 42 from the device 2 before the device 2 provides the license key 42 to the computer 16. The computer 16, and software modules thereon, then use the license ID 8 as directed by other elements of the invention. After a given time elapses (712), the system checks again if the device 2 is still connected to the computer 16 (708). This check occurs using a heartbeat type monitoring feature. If the connection persists, the license key 42 remains with the computer 16 (710). If the connection has ended, the license key 42 is revoked (714).


Variations on the license ID 8 include implementations of executable code. Such executable code is used to provide additional features to software 32 running on a computer 16, or even complete software modules. In use, a user comes within proximity to a computer 16 and licensed software or software features is enabled on the computer 16. When the user leaves, the software or the features are deleted. The software or features are transmitted over the wireless connection between the device 2 and the computer 16. The transmission of software or features is by streaming or uploading/downloading. The revocation of the transmitted software or software features is performed as revocation of license materials is described above.


Location-Based Licensing of Digital Goods


In embodiments of this invention, a user brings a device intended to operate certain software to a specific place or region, and software on that device is licensed to execute in a determined manner. Similarly, should the user take the device out of the place or region, the software is no longer licensed and does not execute in the previously enabled manner. Embodiments of this invention are used as a sole enabling factor for software licensure, or as one factor in a multi-factor authentication (MFA) scheme.



FIG. 9 is a block diagram of a computer including a location sensor. The location aware computer 46 of FIG. 9 has similar components to the counterpart computer 16 in FIG. 1, with the addition of a location sensor 48 and a network location sensor 50. The location sensor 48 refers to a GPS module, a network triangulation device, a GPS with smart map integration, an altimeter, or any other suitable location aware device known in the art. A network location sensor 50 refers to methods known in the art to identify the location of a computer based on the computer's connection to the Internet. Such methods include IP tracing, network recognition, and geo-fence contact.



FIG. 10 is a flowchart depicting an embodiment of location based licensure, and FIG. 11 is an illustration of location based licensure. To begin, licensable software is loaded onto a location aware computer 46 (1002). Using location sensors 48, 50, the location of the location aware computer 46 is determined (1004). Given options for where the location aware computer is located (1006), differing licensing schemes (1008, 1010) are enforced by the license enforcement module 36. If the location aware computer 46 detects a change in location (1012), the system again obtains location information (1004).


Regions are defined in numerous ways. A first method is to create boundaries referring to a plurality of GPS coordinates. Another method is to give a single set of GPS coordinates and provide an acceptable range from that point. Mapped borders additionally are determined vertically by an altimeter. A third method to define regions is through national, municipal, or otherwise sovereign borders. A fourth method to define a region is with a geo-fence. Alternatively, a region is determined by reference to recognizable features (such as a road, or a building perimeter) or any other suitable method known to define property lines. Defining a region is distinct from determining the location of a location aware computer 46.


For example, while an embodiment of a location aware computer 46 determines location through cell phone tower triangulation, that location has corresponding GPS coordinates, even if a GPS device was not used to determine the location. Cross-referencing the location information with the region boundaries enables the method of invention to perform step 1006.


Numerous examples including regions A and B follow. “Region A” and “Region B” are to remain undefined; though, for illustrative purposes, each region is characterized in multiple inconsistent ways to provide examples. While binary region examples are provided, the invention functions with a plurality of regions beyond the first two.


The license specification 34 contains details concerning how to treat various regions. For example, in one embodiment, certain software 32 is only be licensed while accessed in a certain office (Region A). If a user attempted to operate the software 32 from a location aware computer 46 outside of the office's parking lot (Region B), the software is not licensed, and does not execute. Enforcing the license scheme between inside the office's parking lot (A) and outside of the office's parking lot (B) is carried out by the license enforcement module 36. In use, a user activates the software 32 inside the office parking lot (A) where the license enforcement module 36 enables the software 32. As the user carries the location aware computer 46 out of the office parking lot (B), the software 32 becomes unlicensed and cease to function as previous.


Sometimes, licensure of software is not focused on monetization, but rather, enforcement of regulatory compliance of local laws. In another example, certain encryption functions are licensed in a first country (A), but unlicensed in a second country (B) in order to comply with local laws. In this example, a user in a vehicle activates the encryption feature. As the vehicle crosses the border between first (A) and second (B) country the location aware computer 46 encounters a geo-fence or determine using a location sensor 48 that a national border is being been crossed. The encryption feature is then unlicensed and terminates operation.


Referring now to FIG. 12 a flowchart of a method to purchase location based licenses, with continued reference to FIG. 11, in an embodiment of the invention, licenses additionally exist only in a given country. Given a location aware computer 46 with licensable software 32 (1202), a user intends to leave a licensed region, and plans ahead of time to obtain a license for the region the user was headed to (1204). When the user attempts to use the software 32, a location check occurs (1206). Had the user opted to obtain a license for a new region previously, or attempted to operate the software 32 in a region wherein the user did not have a license, the user is prompted to purchase a license (1208). Licensing schemes include both permanent and temporary licenses.


Licensed software becomes enabled by the license enforcement module 36 (1210). With continued use of the software 32 (1210), a heartbeat location check or event monitor continuously directs the license enforcement module 36 to check the location of the location aware computer 46 (1214).


As an illustrative example, in travelling between a first country (A) and a second country (B), software 32 existing on the location aware computer 46 is only licensed for the first country (A). It is common for software licenses between two countries to have differing prices. Accordingly, a software author may not want a cheaper license to be effective where licenses are more expensive.


Upon leaving the first country (A) the license enforcement module 36 terminates software operation. However, upon entering another country wherein licenses are purchasable, such as the second country (B), the license enforcement module 36 prompts a user of the location aware computer 46 that the user is invited to purchase an additional or temporary license for the second country (B). Or, in another embodiment of the invention, if there is a price difference between the countries, the license enforcement module 36 requires that the user pay the difference. Upon purchasing a license for the second country, which is recorded in the license specification 34, the software 32 is licensed in the second country (B) and operates as normal.


In another illustrative example, a fisherman who is licensed to fish in a given region of water (A) has an operational license for fish finding software. Should the fisherman move to a second region of water (B), the software may prompt the fisherman to purchase an additional license for the software. In this way, multiple regions within the same national borders offer differing licenses from one region to the next.



FIG. 13 is a block diagram of a plurality of sensors available to computing devices. An embodiment of a location aware computer 46 is a smartphone 54. Smartphones 54 have a plurality of sensors. Such sensors include a light sensor 56, a camera 58, a GPS 60, a cellular triangulator 62, an accelerometer 64, a gyroscope 66, a thermometer 68, a proximity sensor 70, a touch sensor 72, WiFi locator 74, a Bluetooth locator 76, a magnetometer 78, a pressure sensor 80, and a humidity sensor 82. Many of these sensors are able to provide additional information from which a location or other salient details are determined. These sensors additionally are used to generate licensure factors in a single authentication or MFA scheme.


Although the invention is described herein with reference to the preferred embodiment, one skilled in the art will readily appreciate that other applications may be substituted for those set forth herein without departing from the spirit and scope of the present invention. Accordingly, the invention should only be limited by the Claims included below.

Claims
  • 1. (canceled)
  • 2. A system for directing the operation of installed software on an electronic device based on a multi-factor authentication scheme, comprising: a processor executing digital goods on a device;a proximity token having a wireless communicator which broadcasts a communication signal which is received directly by the device and an identification number;a license specification executed by a backend server and managing a license policy for the digital goods stored on a device, said license policy comprises predetermined terms and conditions and with predetermined personal rights for the execution of the digital goods on the device, said predetermined terms and conditions including a defined spatial region in which the digital goods are licensed to execute and reference to the identification number of the proximity token which must be delivered from the device to the backend server periodically in order for the digital goods to be enabled for execution;a license enforcement module executed by said processor and in communication with the license specification on the backend server and a location sensor, whereby the license enforcement module enforces the license policy upon the digital goods by: at least partially enabling the digital goods according to predetermined personal rights when the device is located in the defined spatial region and the license specification periodically verifies the identification number received by the device wirelessly and periodically from the proximity token, and disabling the digital goods according to predetermined personal rights when the device is located outside of the defined spatial region or the license specification is no longer able to forward the identification number of the proximity token to the license specification for verification; andwherein the license enforcement module periodically receives location data for the device from the location sensor and periodically requests the identification number from the proximity token to forward to the license specification for verification.
  • 3. The system of claim 2, further comprising: a payment receiver communicatively coupled to the license specification accepting payment from a user of the device in exchange for amendments of the license policy by the license specification.
  • 4. The system of claim 3, said payment receiver is configured to direct the license specification to update to add additional defined spatial regions in which the digital goods are licensed to execute.
  • 5. The system of claim 2, further comprising: a geo-fence detector contained on said device and providing notifications to the license enforcement module when the device crosses the boundaries of the defined spatial region.
  • 6. The system of claim 2, said digital goods comprise any of: applications, documents, folders of documents, or executable code.
  • 7. A method for directing the operation of installed software on an electronic device based on a multi-factor authentication scheme, comprising: providing a processor that executes software to generate a license policy for a digital good stored on a computer, the license policy comprising one or more enabled defined spatial regions wherein the computer must be located and an identification number stored on a proximity token which must be in direct wireless communication with the computer to periodically receive and forward the identification number to an authentication server, wherein periodic receipt of authentication from the authentication server together with license the digital good for use;periodically determining the location of the computer;periodically requesting the identification number from the proximity token while the proximity token is in direct wireless communication with the computer;periodically forwarding by the computer the identification number from the proximity token to the authentication server;periodically receiving authentication from the authentication server;enforcing the license policy by: disabling use of the digital good on the computer when the computer is not located in said one or more enabled defined spatial regions or the computer did not receive periodic authentication from the authentications server; andat least partially enabling use of the digital good on the computer when the computer is located in said one or more enabled defined spatial regions and the computer has received periodic authentication from the authentication server;prompting a user of the computer to amend the license policy to enable a disabled defined spatial region; andaltering the license policy to change the disabled defined spatial region into said one or more enabled defined spatial regions.
  • 8. The method of claim 7, said prompting occurs when the computer is located in the disabled defined region.
  • 9. The method of claim 7, said prompting occurs when the user of the computer preemptively indicates through a GUI interface that the user is going to travel to the disabled defined spatial region.
  • 10. The method of claim 7, said altering is temporary.
  • 11. The method of claim 7, said license policy comprising additional terms and conditions, individually, for each of said one or more enabled defined spatial regions.
  • 12. The method of claim 11, wherein said additional terms and conditions are consistent with local regulatory restrictions in said one or more enabled defined spatial regions.
  • 13. The method of claim 7, said enforcing additionally comprising additional factors in a multi-factor authentication scheme that must be satisfied before use of the digital good is fully enabled on the computer.
  • 14. The method of claim 7, further comprising: accepting, from the user, payment comprising the difference in license costs between said one or more enabled defined spatial regions and the license cost of the disabled defined spatial region.
  • 15. The method of claim 7 further comprising: accepting, from the user, payment comprising the license of the disabled defined spatial region.
  • 16. The method of claim 7 further comprising: accepting, from the user, agreement to new terms and conditions as a prerequisite for said altering.
  • 17. The method of claim 16, said new terms and conditions are consistent with local regulatory restrictions in the disabled defined spatial region.
  • 18. A method for multi-factor authorization of software, comprising; providing a processor that executes software to generate a license policy for a digital good stored on a computer, the license policy comprising at least two authentication factors which must be satisfied for the digital good to be licensed for use;enforcing the license policy by: disabling use of the digital good on the computer when two or more authentication factors have not been satisfied;enabling use of the digital good on the computer when at least two authentication factors are satisfied;satisfying a first authentication factor when the computer is located in a licensed defined spatial region; andperiodically satisfying a second authentication factor including: wirelessly connecting a passive access fob directly to the computer:delivering from the passive access fob to the computer a license ID;delivering the license ID from the computer to an authentication server;authenticating the license ID by the authentication server; andreporting authentication from the authentication server to the computer.
  • 19. The method of claim 18, further comprising: periodically determining the location of the computer to determine whether or not the computer is located in a licensed defined spatial region.