The present invention relates to software licensing management, and, more particularly, to a method for detecting the presence of duplicated instances of a software license in an environment which supports license issue based on a software license key.
A common prior-art scheme for managing licenses for a licensed software program is to issue a software key to the authorized user, as illustrated in
Associated with software program 101 is a software license key 105, which is specially-prepared information furnished by the licensor of licensed software program 101 to an authorized user thereof, typically in the form of an encoded series of characters which the authorized user enters into computer 103, typically via the keyboard thereof. The terms “software license key” and “license key” herein denote such information which can be used to obtain a software license. The terms “software license” and “license” herein denote information in machine-readable form (i.e., in a form which can be used directly by a computer) which is used via a computer to determine the extent to which a specified licensed computer software program may be used or operated on that computer. Typically, such a software license reflects the permitted usage conditions of a legal license extended to authorized users of the software program by a licensor of that software program.
Software license key 105 can also be supplied in machine-readable form for automatic input directly into computer 103, such as over a data network. Various formats for license key 105 are possible, including, but not limited to: plain text (ASCII); “Extensible Rights Markup Language” (XrML); and “Usage Rights Language”, such as the “Digital Property Rights Language” (DPRL). The term “information” herein denotes any data which can be stored, retrieved, manipulated, and otherwise processed by computer.
Without a valid license, software 101 will not operate in a regular fashion. Typically, in the absence of a valid software license, licensed software 101 either does not operate at all, or operates in a reduced fashion, such as in a partially-disabled demonstration mode, or for a limited time only. A software license 113 is required to use software 101 in a regular manner. When software license 113 is installed in computer 103, licensed software 101 detects the presence of software license 113 and operates in a regular manner.
Software key 105 by itself does not permit use of licensed software 101, but is used to obtain a license. To obtain license 113, software key 105 is sent to a license server 109 via a license request 107. License server 109 is typically a remote server on a network (not shown), such as the Internet. Because software key 105 is an item of information rather than a physical object, sending software key 105 to server 109 is equivalent to sending a copy of software key 105 to server 109—that is, even after sending software key 105 to server 109, software key 105 remains loaded in computer 103.
Upon receipt of the software key 105, server 109 confirms the validity of software license key 105 and issues license 113 to computer 103 via a license issue 111. In many cases, software license 113 authorizes the user to operate software 101 on only a single computer at a time. For such cases, software license 113 is typically linked to computer 103 via a fingerprint 115 associated with license 113, such that license 113 does not enable software 101 to operate on any other computer besides computer 103. This prevents the user from installing software 101 on multiple computers and using a single license to enable multiple-computer use in violation of the terms of the license. It is noted that installing or copying software 101 onto multiple computers is usually a simple matter, and that software key 105 is also easily copied onto multiple computers. Enforcement of the license terms is therefore dependent on the linking of software license 113 to computer 103 via fingerprint 115.
Both the computer program and the license for operating the computer program are typically installed on the computer. The terms “install”, “installed”, “installation”, and variants thereof, herein denote the loading of these data items in machine-readable form on the computer, or the rendering of these items in equivalently-accessible form to the computer. In order for the computer software to be executable by the computer, the license must be directly accessible by the computer, and both execution and access are enabled by installation.
The term “fingerprint” herein denotes machine-readable information intended to identify a specific computer and thereby distinguish that specific computer from other computers. A fingerprint typically contains a predetermined function of one or more characteristics of a computer such that the fingerprints for different computers have a suitably-high probability of being different. Thus, one way to consider a fingerprint is as a hashing function of the computer's individual characteristics.
Characteristics of a computer used for generating, creating, or deriving fingerprints include, but are not limited to: hardware-specific characteristics, such as machine-readable serial numbers for hardware components (such as the processor, hard disk drive, etc.); data-specific aspects, such as the data stored therein and the organization of the data stored therein; configuration-specific aspects, such as operating system parameters and characteristics; and network-specific aspects, such as network address, MAC address, and the like.
The configuration and characteristics of a computer that is identified by a particular fingerprint will change gradually in the course of normal usage. Therefore, a computer which is identified by a particular fingerprint may, after a certain amount of usage, no longer be identifiable by that fingerprint. It is therefore desirable to be able to associate a computer with the originally-given fingerprint, even after a certain amount of change has taken place. Thus, fingerprints are typically matched to their respective computers in a manner that tolerates a certain amount of mismatch. As a consequence, fingerprint matching is not perfectly precise, and as a result, fingerprints are not unique a given fingerprint can correspond to more than one computer, and a given computer at different times can correspond to different fingerprints. This non-uniqueness of fingerprints is a fundamental prior-art weakness in the use of fingerprints to enforce software license terms.
As noted above, during the course of the authorized user's legitimate use of software 101, it may happen that the characteristics of computer 103 change in such a way that fingerprint 115 no longer properly identifies computer 103. As non-limiting examples of this: certain operating system parameters may change; and/or hardware additions or replacements may take place. Similarly, it may happen that the authorized user obtains a new computer and wishes to move his or her software and data to the new computer. Under such conditions, despite the tolerance typically exercised in matching fingerprint to computer, it is to be expected that at some point software license 113 as tied to fingerprint 115 no longer serves to enable software 101. Provisions are therefore typically made in the prior art for the authorized user to obtain an updated software license for using software 101. The updated software license is tied to a new fingerprint of the changed computer.
As previously noted and described, the enforcement of the terms of the software license depends on the linking of the license to a specific computer via a fingerprint. As further noted and described, however, provision is made for the user to be able to obtain an updated license which is linked to a changed computer. As illustrated in
Even though they are logically distinct as pieces of information, license 113 and license 313 were both based on the same software key and represent the same legal license. Legally, then, license 113 and license 313 are thus actually duplicated instances of the same legal license. The term “legal license” herein denotes a license seen from a legal perspective, as a legal embodiment of an agreement between a licensor and a licensee. A legal license is an abstraction of an agreement between two parties and is thus independent of the specific form or forms in which the agreement is embodied (a non-limiting example of which is a data object), The terms “license instance” or “instance” herein denote a logical or physical embodiment of a particular legal license (a non-limiting example of which is a data object representing the legal license). The terms “duplicated license instance” or “duplicated instance” herein denote a logically or physically distinct instance in a multiplicity of instances of a particular legal license (a non-limiting example of which is a copy of a data object representing the legal license). To clarify this in a non-limiting example: if there exists only a single instance of a particular legal license, that single instance is not a duplicated instance. However, if there exist two or more instances of a particular legal license, those two or more instances are each duplicated instances. The limitation of the prior art is that, due to the non-uniqueness of fingerprints (as discussed above), license instances which are logically-indistinguishable can be associated with physically-distinct computers. It is logical distinctness that enables enforceability, and thus the physically-distinct computers can operate with the logically-identical license instances without detection.
It is clearly in a licensor's interest to be able to detect duplicated instances of a software license, such as a license obtained by use of a software key, as described above. Duplicated instances are symptomatic of license violations, and detecting them can aid in the enforcement of the license. Detection of duplicated instances, however, is difficult and unreliable, owing to the non-uniqueness of fingerprints, as discussed above.
The above-noted difficulty of detecting and identifying duplicated instances of a single license is compounded in a prior-art multiple-license environment, as illustrated conceptually in
A computer software usage environment that features only one legally-authorized user for a specified licensed computer program is herein denoted as a “single-license environment”. The term “software usage environment” herein denotes a computer environment in which software is used, including, but not limited to: individual personal computers; and networks of computers.
In some cases, multiple-license environments are not enforced by the licensed software or other means, but depend on the integrity of the users to comply with the terms of the legal license limiting the number of users for a specific licensed software program. In other cases, multiple-license environments are enforced as detailed below:
Referring to
It is emphasized that, in contrast to fraudulently-obtained license 313 (
In the environment illustrated in
There is thus a need for, and it would be highly advantageous to have, a method for readily and accurately detecting duplicated instances of a software license, particularly for use in a multiple-license environment. This goal is met by the present invention.
The present invention is of a method for detecting duplicated instances of a software license, as previously defined herein. Embodiments of the present invention include methods for detecting duplicated instances in a multiple-license environment as well as in a single-license environment. According to embodiments of the present invention, not only is it possible to detect a duplicated instance, but it is also possible to detect the original license instance from which the duplicate was derived.
Embodiments of the present invention achieve the above capabilities by supplementing or replacing the fingerprint with a unique identifier for the computer, and by maintaining a database record of the identifier. The unique identifier ultimately expires and must be updated via a wide-area network (such as the Internet).
When a computer ultimately needs to update an expired unique identifier by sending the software key in a license request, the license server on the wide-area network checks the database to determine if the expired unique identifier has ever been updated before. If not, then the license server updates the computer's unique identifier and issues an updated license to the computer. If the unique identifier has already been updated, then the present request is for a duplicated instance. If the unique identifier is not currently in the database at all, then the license request is invalid and is refused. If the request is made without a unique identifier, then the request is for a new license on the multi-license software key, and the database is checked to see that the limit of licenses permitted on the software key has not been exceeded. In related embodiments, the license server database also contains information relating to the individual users, and can accept requests to terminate a license.
Therefore, according to the present invention there is provided a software license for a computer program installed on a computer, the software license including a unique identifier for identifying the computer, (a) wherein the unique identifier is generated by a remote license server, (b) wherein the unique identifier is embedded within the computer, (c) wherein the unique identifier has a predetermined expiration time and contains a predetermined function of the expiration time, and (d) wherein the computer program runs on the computer only when the license is installed on the computer.
Also, according to the present invention there is provided a software license for a computer program installed on a computer, the software license including a unique identifier for identifying the computer, (a) wherein the unique identifier is generated by a remote license server, (b) wherein the unique identifier is embedded within the computer, (c) wherein the unique identifier is combined with a fingerprint of the computer, and (d) wherein the computer program runs on the computer only when the license is installed on the computer.
In addition, according to the present invention there is provided a method for issuing a software license from a licensor for a computer program installed on a computer, the method including: (a) providing a software key specifying a maximum number of licenses; (b) receiving an issue request with the software key; (c) if the number of licenses already issued is not less than the maximum number of licenses, then refusing the issue request; otherwise fulfilling the issue request by: (d) generating a unique identifier; (e) storing the unique identifier for future reference, to verify update requests; (f) generating a license containing the unique identifier; (g) embedding the unique identifier in the computer; and (h) sending the license to the computer.
Moreover, according to the present invention there is provided a method for updating a software license from a licensor for a computer program installed on a computer, the software license having a current unique identifier, the method including: (a) storing the current unique identifier for future reference, to verify update requests; (b) receiving an update request with a received unique identifier; (c) if the received unique identifier is not the same as the current unique identifier, then refusing the update request; otherwise fulfilling the update request by: (d) generating an updated unique identifier; (e) generating an updated license containing the updated unique identifier; (f) embedding the updated unique identifier in the computer; and (g) sending the updated license to the computer.
The invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
The principles and operation of a method for detecting duplicated instances of a software license according to embodiments of the present invention may be understood with reference to the drawings and the accompanying description.
The terms “remote license server” and “license server” herein denote a server which is physically located apart from the computer to which the license is furnished, and which is connected to that computer via a data communications link. Data communications links herein, include, but are not limited to: computer networks; cables; wireless connections; modems; and interfacing devices. According to preferred embodiments of the present invention, the data communications link is the Internet.
According to embodiments of the present invention, unique identifier 503 is a data object generated by license server 507, and can include, but is not limited to: numbers; character strings; other data; or combinations thereof, which can be assigned uniquely to a computer, to uniquely identify that computer. Because the unique identifier is a data object, a copy of a unique identifier is equivalent to the unique identifier itself.
In an embodiment of the present invention, a unique identifier is a sequentially-assigned integer; in another embodiment, a unique identifier is a randomly-generated number having a suitably-high probability of being different from all other such randomly-generated numbers. In a further embodiment of the present invention, a unique identifier is cryptographically-authenticated and/or encrypted for later validation to confirm authenticity and/or to prevent unauthorized persons from knowing the contents thereof.
In a still further embodiment of the present invention, unique identifier 503 is embedded in computer 501 in a non-volatile location that is hard for a user to locate. Such hard-to-locate non-volatile locations include, but are not limited to: unused storage space on a hard disk; an alternate data stream (ADS) of a file; the operating system registry; and combinations of the foregoing. In addition, steganographic methods that are well-known in the art can also be used to embed unique identifiers in a manner that is hard for a user to locate.
Data configuration 601 is shown for multiple licenses, such as would be found in a multiple-license environment, as previously discussed. However, data configurations according to the present invention are not limited to multiple-license environments, and in embodiments of the present invention are for single-license environments as well.
A unique identifier chain 645 is for a License 640 (“License A”) and a unique identifier chain 655 is for a license 650 (“License B”). These licenses are both authorized in the multiple-license environment and are both requested by via the same multi-license key 602 in the manner as described previously (the multiple-license environment illustrated in
In
Likewise, at a time 611, a unique identifier 613 (designated as “B1”) is issued by license server 507 to identify a second computer (not shown). In a similar manner, identifier 613 is embedded in the second computer and referenced by the issued license as shown in
In an embodiment of the present invention, a unique identifier on a chain is stored with other records of the associated license, and is accessible to the licensor even when that unique identifier is no longer used to identify a computer. In this embodiment, for example, unique identifier 609 (“A1”) and unique identifier 621 (“A2”) are stored as being associated with “License A” and accessible to the licensor even after unique identifier 637 (“A3”) is used to identify the computer. In another embodiment of the present invention, only the current unique identifier (such as unique identifier 637) is stored and accessible as associated with the license (license 640 in this non-limiting example). The current unique identifier for a chain is herein denoted by the term “head-of-chain”, and is accessible to license server 507 for use in updating the license.
In a similar fashion, more licenses can be added, up to the limit stipulated by the multiple-license agreement. For a single-license environment, only a single chain (e.g., chain 645) would be present. It is once again emphasized that for a multiple-license environment, distinct license instances (such as license 640 and license 650) are not duplicated instances, but represent authorized separate licenses.
At some point, the computer running the unauthorized copy of the licensed software will have to update the license. As previously discussed, this is enforced by configuring the unique identifier with an expiration (
The duplicated instance is then detected immediately, because the original unique identifier 625 has previously been updated so that the current unique identifier for “License B” 650 is unique identifier 633 (“B3”). The duplicated instance is detected because associated unique identifier 709 does not match head-of-chain unique identifier 633.
Note that in a non-limiting alternate scenario, license update request 711 is made prior to update request 705, and in this alternate scenario it is unique identifier 625 which is still the head-of-chain, and hence license update request 711 will be considered legitimate, and will result in the license update with unique identifier “B3”. The duplicated instance, however, will still be detected, as soon as license update request 705 is made. In other words, the first license update request made for a duplicated instance will be considered legitimate, and all subsequent license update requests for that duplicated instance will be detected as coming from a duplicated instance. In effect, then, embodiments of the present invention consider that only one of the duplicated instances to be legitimate, and the rest—regardless of which specific instances they happen to be—as unauthorized duplicated instances.
In the embodiment of the present invention which stores only the head-of-chain, duplicate instances will be detected, but the precise point of the unauthorized duplication cannot be determined. In a multiple-license environment, for example, it will not be possible to determine from which license the unauthorized copies were derived. In embodiments of the present invention which store all the previous unique identifiers, however, it is possible to determine which license was copied to produce the unauthorized copies.
At a step 801, a license server receives a request to issue a software license or to update a software license. Typically a software license key (such as key 105 in
For a license issue request, decision point 805 determines whether any further licenses are permitted under the license agreement. If the number of licenses already issued does not exceed the maximum number of licenses, then flow branches to a step 807, in which a new license is issued, as previously described and as illustrated in
For a license upgrade request, decision point 813 checks to see if the supplied unique identifier is head-of-chain. As previously-detailed, if the unique identifier is head-of-chain, then the update request is legitimate, and in a step 815, the license server updates the license, as previously described and illustrated in
In a related embodiment of the present invention, the license server can accept requests to terminate a particular license. Such a request can be from the licensor, for example to terminate the license of a licensee who has been making unauthorized duplicates of a license. A licensee, particularly in the case of a multiple-license environment, can also request termination of a license, for example when an employee who has been given a license to use the software leaves the company.
To terminate a license, the license server need only refuse to update the license. At the expiration of the unique identifier, the license terminates and the software program no longer operates on the computer of the former licensee.
An embodiment of the present invention has a non-limiting example of a unique identifier whose data structure is shown in
In an encryption operation 915, source data 900 is encrypted to yield a unique identifier 921 for including in licenses and embedding in the computer, as previously described. After encryption, unique identifier 921 looks like a random number, but actually contains all the above useful information, which can be retrieved by decrypting with the proper key. Unlike a random number, however, unique identifier 921 is guaranteed to be unique—provided, of course, that source data 900 is always different, which will be the case, because update number 907 is sequentially incremented.
Furthermore, including such information in the unique identifier allows immediate identification of the licensee from whose license the duplicated instance was derived. If a unique identifier that is not head-of-chain is received with an update request, it is necessary only to decrypt the unique identifier to identify the licensee—it is not necessary to search any databases.
However, even if the unique identifier does not include such information inherently within, it is possible to maintain a database of unique identifiers as associated with licensees (such as the associations illustrated in
In another embodiment of the present invention, the licensor's private key of a public-key encryption key-pair is used for encryption operation 915. In such a case, unique identifier 921 can be validated as having come from the licensor by using the licensor's public key for decryption. Furthermore, the license enforcement mechanisms of the licensed software program can determine for themselves when unique identifier 921 expires, by examining expiration field 911 directly, after decryption.
A further embodiment of the present invention provides a computer program product for performing the method previously disclosed in the present application or any variant derived therefrom. A computer program product according to this embodiment includes a set of executable commands for a computer, and is incorporated within machine-readable media including, but not limited to: magnetic media; optical media; computer memory; semiconductor memory storage; flash memory storage; and a computer network. The terms “perform”, “performing”, etc., and “run”, “running”, when used with reference to a computer program product herein denote the action of a computer when executing the computer program product, as if the computer program product were performing the actions. The term “computer” herein denotes any data processing apparatus capable of, or configured for, executing the set of executable commands to perform the foregoing method, including, but not limited to the devices as previously described as denoted by the term “computer”, and as defined below.
The term “computer” herein denotes any device or apparatus capable of executing data processing instructions, including, but not limited to: personal computers; mainframe computers; servers; workstations; data processing systems and clusters; networks and network gateways, routers, switches, hubs, and nodes; embedded systems; processors, terminals; personal digital appliances (PDA); controllers; communications and telephonic devices; and memory devices, storage devices, interface devices, smart cards and tags, security devices, and security tokens having data processing and/or programmable capabilities.
The terms “computer program”, “computer software”, “computer software program”, “software program”, “software” herein denote a collection of data processing instructions which can be executed by a computer (as defined above), including, but not limited to, collections of data processing instructions which reside in computer memory, data storage, and recordable media. The term “licensed” when applied to the foregoing terms herein denotes that the authorized use or execution thereof is governed by the terms of a license.
While the invention has been described with respect to a limited number of embodiments, it will be appreciated that many variations, modifications and other applications of the invention may be made.