 
                 Patent Application
 Patent Application
                     20180307811
 20180307811
                    The present disclosure generally relates to software piracy prevention, and more particularly to preventing the use of software by unintended end users.
The Background and Summary are provided to introduce a foundation and selection of concepts that are further described below in the Detailed Description. The Background and Summary are not intended to identify key or essential features of the claimed subject matter, nor are they intended to be used as an aid in limiting the scope of the claimed subject matter.
Software piracy has historically meant copying or unauthorized copying. But now, the definition has been expanded to any copying or distribution of computer software in violation of its license agreement. This may be done through copying, downloading, sharing, selling, or any other use not permitted under the license. Although software publishers and retailers have invested substantial time and effort in preventing and detecting piracy, it is estimated that tens of billions of dollars in revenue are lost annually due to ongoing piracy.
The drawings illustrate the best mode presently contemplated of carrying out the disclosure. The same numbers are used throughout the drawings to reference like features and like components. In the drawings:
    
    
    
    
    
One embodiment of the present disclosure generally relates to a method for preventing piracy that includes providing software having an intended end user, where the software has features. The method includes configuring the software to be activated by the intended end user and configuring the software such that at least one of the features is performable only when the software is activated. The method includes providing a database of allowed keys and storing a unique key associated with the intended end user within the database of allowed keys. The method includes requesting a key to be entered by a user to activate the software, matching the key entered by the user to the unique key stored in the database of allowed keys, and matching the unique key to the intended end user associated with the unique key stored in the database of allowed keys. The method includes presenting to the user the intended end user associated with the unique key stored in the database of allowed keys and activating the software only when the key entered matches the unique key stored in the database of allowed keys and the user matches the intended end user associated with the unique key stored in the database of allowed keys.
Another embodiment of the present disclosure relates to a system for preventing piracy. The system includes software having an intended end user, where the software has features. The software is configured to be activated by the intended end user and is configured such that at least one feature is performable only when the software is activated. The system includes a database of allowed keys. A unique key associated with the intended user is stored within the database of allowed keys and the software is configured to communicate with the database of allowed keys. The software is configured to request a key to be entered by a user to activate software. The software is configured to match the key entered to the unique key stored in the database of allowed keys and to match the unique key to the intended end user associated with the unique key stored in the database of allowed keys. The software is further configured to present to the user the intended end user associated with the unique key stored in the database of allowed keys. The software is activated only when the key entered by the user matches the unique key stored in the database of allowed keys and the user matches the intended end user associated with the unique key stored in the database of allowed keys.
This written description uses examples to disclose embodiments of the disclosed invention, including the best mode, and also to enable any person skilled in the art to practice or make and use the same. The patentable scope of the invention is defined by the potential claims and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have structural elements that do not differ from the literal language of the claims, or if they include equivalent structural elements with insubstantial differences from the literal language of the claims.
The present disclosure relates to software piracy protection, and specifically to preventing or discouraging activation of software by users who are not the intended end users of a particular product activation key.
In recent years, software has principally transitioned from physical products, such as discs and CD-ROMs, to downloads and subscriptions from online retailers, publishers and manufacturers. With this transition, software developers and publishers have moved from distributing discs to distributing serial numbers and product activation keys as a means for activating the software for use. Under this modern distribution model, software piracy typically occurs by one of at least three mechanisms: mis-channeling, multiple activations, and cracking.
Mis-channeling occurs when a unique key within a set of allowed keys that is meant for one group of intended end users or one particular intended end user is activated and utilized someone else. In fact, the store selling the product or activating user of mis-channeled software is often unaware that piracy has even occurred. Under the previous regime, software piracy primarily entailed duplication, whereby CDs or DVDs and any corresponding packaging were duplicated and made to look as though they originated from the developer or manufacturer.
In contrast, software piracy today only requires the legitimate appearance of the download link and corresponding product activation key. For example, any wholesaler or retailer can purchase a product activation key intended for a group or a geographic region of use that has a favorable price from the software publisher, then sells the product activation key to a group or geographic region usually sold from the software publishers at a higher price. This is mischanneling is typically unknown through most of the supply chain.
While there are many examples of this buy-low, sell-high form of software piracy, the following examples are particularly prevalent. A product key is given or sold at a significant discount to an organization that is an educational customer, then sold to another party or business that is not an educational customer at full commercial price. A product key is given or sold at a discount to a computer builder, but once again mis-channeled and sold to a business or wholesaler at the full commercial price. A product key is given to a company or a person for free (perhaps as a special program), but again mis-channeled and sold to another company or person other than to whom the product key was intended. A product key is often offered at a lower price in regions of the world associated with lower income, such as China, India, and other developing nations, but again mis-channeled and sold in a higher-cost region of the world, such as the UK, the US, or other developed nations that command a higher MSRP. A product key could even be stolen and not paid for, and then gets into the marketplace at a low cost to the end user.
Other product classifications that are commonly mis-channeled to improper end users include consignment products, beta products, trial products, marketing products, promotional products, employee products, OEM products, and corporate licenses.
In each of these examples, the principle of mis-channeling is simple—the wholesaler or retailer buys low and sells high. However, this piracy practice is not simply a matter of supply and demand economics. The practice exploits good will discounting provided for a special group of intended users to wrongfully extract additional profits by selling these product activation keys to end users that are not intended to receive this discounting.
The present applicant has identified that in most cases, this mis-channeling occurs without the retailer's or end user's awareness. Generally, the software downloads the same, installs the same, and activates the same whether or not mis-channeling has occurred. In many cases, a user of mis-channeled software can even call or chat with the publisher's customer service line without any of the parties being aware of the problem. To the user, there is no difference in the process, provided that the entered key is within the database of allowable keys and, therefore, allows the software to properly activate. Therefore, the user blindly assumes that the product activation key received and entered was intended for them. The end user either does not, or cannot, notice that they have enabled the retailer to involve them in an act of piracy. In other words, the end user and retailer is unintentionally participating in piracy.
Another type of software piracy involves selling a unique key for multiple activations, and specifically for more activations than the license permits. In many cases, a software publisher permits a product activation key to be used for activation more than once, often with repeated activation subject to a set minimum timeframe between activations. This allows a legitimate purchaser of a product activation key to reinstall software after a computer has been reinstalled, or to accommodate other reasonable circumstances that require a typical user to legitimately reactivate during the useful life of the software.
Since the software anticipates multiple activations for this legitimate use under the license, no indication is provided to the end user that previous activations have occurred. Therefore, when the multiple activations violate the terms of the software license, is again unaware of the underlying piracy. To exploit this accommodation by software publishers, some wholesalers or retailers intentionally sell the same product activation key to multiple end users. This increases profits for the retailer by reducing the relative cost of each sale.
For example, a product activation key bought by a retailer for $200.00 has an effective relative cost of only $100.00 if the retailer then sells it twice. This allows the retailer to undercut the competition, double profits, or both, by simply delaying the second sale to accommodate the minimum timeframe between allowed activations. Once again, each individual end user is generally oblivious to this multiple activation occurring. Instead, each end user believes that they have purchased a legitimate product activation key intended for their activation as the intended end user, in accordance with the software publisher's expectations. In this case, too, the end user is unintentionally participating in piracy.
In other cases, the end user may be fully-aware of exploiting the ability to activate software multiple times. For example, one user may allow a friend to install a copy of the software, or may install the software on multiple machines in violation of the associated end user licensing agreement. In these cases, the additional step of visually notifying the user about intended end user information corresponding to the key the user entered, along with requiring the user to confirm that they are indeed the intended, may dissuade intentional piracy in some percentage of users.
Another form of piracy, which is generally an intentional act by the end user, is known as “cracking”. Cracking occurs when software is made to operate outside of its designed behavior. End users crack software for a number of reasons. Some do it because they cannot afford to buy a license, or simply do not want to buy a license. Others may not wish to buy a license based on a perceived temporary need for the software. Still others may be able to afford the license, but enjoy the intellectual challenge and the social element of the pride in successfully circumventing security measures and “gaming the system”.
There are multiple common methods for cracking software. A first exploits a trial period provided within the software to enable the software to run indefinitely. One common method for cracking software in this manner is to intercept the date checking from software to the operating system and back to the software again such that the software incorrectly determines that the trial period is still active. When the software calls the date from the operating system, it is intercepted by an intermediate code that returns a fake time/date back to the software. This method requires no change to the software itself. Instead, the faux time/date transmission is handled by an intermediate code outside of the software in question.
Another method for cracking software involves changing some of the code itself such that it will bypass checking functions, or even communicate to alternative activation servers. In one example, the code changes involve modifying one or more configuration files that the software uses to determine whether the software has already been activated. Specifically, the configuration file or files are modified such that the software appears to have been successfully and validly activated, when it in fact has not. These alternative configuration files are often referred to as “patches”. The development and deployment of such patches does not require modifying the core software, but simply the files that the core software communicates with.
Yet another method for cracking software is to change the code of the core software itself. This generally involves accessing the binary code of the software, often through the use of a hex editor or file comparator. By editing the hex or binary code itself, a pirate can manipulate the software to function differently than it was designed to function. In some cases, this involves bypassing communication between the software and the manufacturer's activation server or another server, bypassing a time check, or bypassing various other checks and communication pathways. Specifically, the pirated version of the code may be reprogrammed to check another file location or to communicate with a server other than the manufacturer's. Since this method generally requires manipulation of the core software code, the modified code has different hash values than the original code.
To date, software publishers have spent an enormous amount of time, money, and energy investing in physical mechanisms for detecting and thwarting software piracy. This also includes the extensive legal and other related costs for enforcing rights in software against pirates, much of which is against those who had no idea that they were violating the license agreement In view of the issues that the present inventor has identified and described above, the presently disclosed methods and systems have been developed for preventing software piracy in the modern age.
In certain embodiments, preventing and/or identifying software piracy targets the fact that most retailers and end users are not even aware that piracy has occurred, particularly in the cases of mis-channeling and multiple activation piracy as previously described. Specifically, the applicant has developed methods and systems for preventing the piracy of software by catering the principled good nature of typical end users purchasing the software.
Generally, an honest person does not want to pay for software knowing that it was not intended for them, but for someone in another country, for use in a school, or someone else that already activated it using the same product activation key in the past. Certain embodiments of the presently disclosed solutions involve interactions and feedback directly with the end user or consumer during the activation process, which the present inventor also refers to as Intelligent Interactive Activation, or Active Customer Engagement Anti-Piracy Protection. Unlike systems and methods for preventing piracy known in the art today, the presently disclosed systems and methods empower the end user to keep retailers honest, effectively halting the demand for this type of piracy.
In one embodiment, during the software activation process as otherwise generally known, a dialogue box is presented to the user that indicates the intended end users and/or circumstances of use covered by that unique key. If this information is not aligned with that particular user, the user is then empowered to identify the discrepancy and to demand a return, an exchange for a legitimate product activation key, or some other credit for not receiving what was advertised. Because there would no longer be a consumer demand for these pirated product activation keys, this form of piracy could be nearly eliminated all together.
In certain embodiments, the user is further prompted to provide information about where the software was purchased, avoiding costly investigation for identifying the pirating sources.
  
The software is installed onto the computing device 10 in step 106. This entails communication with a processing unit 12 and memory device 14 as known in the art. During installation, step 108 includes the software requesting the user to enter the product activation key provided in step 104, for example through input devices 16 in communication with an input/output module 15 as known in the art. For example, the input devices 16 may include a keyboard, mouse, and/or touch screen. Other inputs, such as the time, date, and location of the computing device 10 may also be inputted. It should be recognized that the location may include at least a physical, geographic location and/or an IP address. Any and all input information may be stored as activation information for later reference, which is discussed further below.
In step 110, the software compares the product activation key to a database of allowed keys stored, for example on an activation server 20, to determine whether that product activation key is among those allowed. In the embodiment shown in 
It should be noted that in most cases, a given variable can be asked of the user for later comparison, shown to the user during or after the activation process, or any combination thereof. Likewise, information obtained from the end user or consequent to an activation attempt may be incorporated into these variables for later use (such as shown by step 714).
The intended end user information may include the intended user for that product activation key, such as a particular company or individual, a type of company such as a non-profit versus a corporation, and/or an educational or other specific-purpose use. This intended end user information is stored for comparison in step 115 may also include different regions of intended use, including specific countries or continents as previously discussed. The IP address or location of a last activation may also be stored in the activation server among the activation information of interest when the present user attempts to activate the software. This activation information may be of particular interest if the IP address or location of last activation indicates that a previous activation using the same product key likely originated with a different party. Likewise, the number of activations may be provided in the activation server 20 as further activation information of interest for the present user to determine whether the newly purchased product key is new, or has been sold and activated previously.
After the product activation key is checked against the activation server 20 in steps 110 and 115 including the information and variables from steps 115 and 715 previously discussed, values are returned to the installation software in step 120. In step 130, if the note of intention showing some of all of the intended end user information and/or activation information is empty and/or if the number of activations is zero, the software may display a normal “thank you” message to state that the product has just been activated, as shown in step 140. However, if the activation server contains notes of intention and/or other variables from step 115, and/or if the number of activations is greater than zero, such information may be provided to the user in step 150. For example, step 150 may display a message that the particular product activation key is intended for a specific school, and that if the user is not affiliated with that school, that the user is a victim of software piracy.
In addition to displaying such results to the user, the results may provide the user with options to report the software piracy or to buy a genuine key in place of the pirated one previously purchased. For example, the exemplary embodiment shown in 
In another example, the display results provided in step 150 inform the user that the key has already been activated, that it was activated on a particular date, and in a particular location. For example, the display may show that “The software was activated on Jan. 1, 2017 in Chicago, Ill. USA. If this is not you, then you are a victim of software piracy. Please obtain a refund from where you bought it.” However, this message may be withheld from being displayed in step 150 if the IP address or geographic location of the present user is determined to be from the same vicinity as the first activation. Such a determination may indicate that the same user is merely reinstalling the software under normal use. Alternatively, the software may confirm this possibility by prompting the user to ask whether the present activation is a reinstallation. In this case, the previously described content may be shown during the prompt, or displayed only if the user replies that the present installation and activation is not a reinstallation.
The variables and information to store in the activation server 20 for comparison, along with corresponding display messages, are infinitely customizable. By way of example, the information to be provided to the user in step 150 may include:
This product key was for an educational facility.
This product key is intended for students only.
This product was activated previously X times. The last time was on XX/XX/XXXX in the state of XX. If this was not you, then this product key does not belong to you.
This product key is part of a free usage program.
This product key is for developers and testing only and not to be used in commercial or home use settings.
This product key was registered to Acme Company.
This product key is intended for use in China only.
Another embodiment of the present disclosure that includes additional exemplary intended user information and information that may be provided to the user is shown in 
Alternatively, the user may be engaged in step 730 to respond to further questions presented on the user interface in step 750. Based on the user responses provided in step 760, the software will either accept or deny activation in step 770. If the responses from the user provided in step 760 are accepted, the activation is completed in step 772 and the database of information relating to that serial number is updated in step 775. If instead the responses from the user are denied, the embodiment of 
As previously stated, in addition to providing the note of intention and other variables and information from the activation server to the user in step 150, certain embodiments of the presently disclosed methods and systems further empower the user to take actions in response to this information. For example, the user may activate the software (perhaps even if the user is not the intended user, as previously discussed), may choose to not activate the software, to report the piracy to the software developer 30, software publisher 32, individual retailer 34, retail host 36, or enforcement agency 38 (see 
Likewise, certain embodiments of the activation process are configured to automatically provide feedback to the retailer based on information about the present user and the variables associated with the intended end user. This feedback may further be bolstered by asking additional questions of the user, such in step 760 of 
It should be recognized that the system 1 shown in 
Other embodiments of the present disclosure particularly focus on preventing and/or identifying intentional piracy by users, including cracking and counterfeiting. 
The process 400 shown in 
One solution to the intentional piracy presented herein is generally referred to as Application Splitting (AS) or Application Fissure. In presently disclosed embodiments incorporating AS, the software is divided such that some local portion is stored or installed on the local machine, and another remote portion is stored elsewhere. It should be recognized that in the present disclosure, storing and installing are used interchangeably. In this manner, a real-time connection to a server or other location storing the remote portion of software is required in order to execute any features (also referred to as remote features) corresponding to that remote portion of software. In certain embodiments, the remote portion includes one or more high-value features, such as opening or saving a file. In other cases, the remote portion includes software code necessary for starting up the application, for example. It should be recognized that a given feature may also be divided among the local portion and the remote portion to provide the piracy prevention presently disclosed.
As will be recognized, the remote portion of the code is thereby protected from cracking if it is stored in a location in the control of the publisher, for example. Thus, certain embodiments of AS also store the actuation file indicating the software activation status, software to confirm activation, or some combination thereof, within this protected space, thereby eliminating this vulnerability for piracy. Alternatively or additionally, the remote portion may be protected by other means, such as requiring a unique username and password.
It should be noted that, for clarity, the activation file is described as it being distinct from the software. However, the software code itself may include the activation file, for example, in the remote portion as described below.
  
It should be recognized that the local portion of the software corresponding to the local features need not be stored on a local machine, but in a location that is different from the remote portion, which may not be as protected from privacy. For example, local features could be installed on a user's cloud that is not secured by the publisher. The remote feature stored in the remote portion are then only available when the software is connected to the server or other storage site containing the code. As described above, certain embodiments require a username and password to access the cloud. This process of requiring and maintaining engagement with end users also allows the server or other storage site to revoke or modify activation status if a unique key is determined to be compromised.
Likewise, the remote features may be stored elsewhere than a site secured by the publisher, for example, a dedicated third party host that ensures the intensity of files stored thereon against piracy.
In further embodiments as described above, the remote portion of software stored on the server or other storage site also contains the activation file and/or activation-checking portion of the software itself. This protects and maintains the ability of the software to confirm activated state, since status and confirmation portions of code cannot be cracked to falsely indicate activation when the software has not been validly activated. Likewise, this configuration precludes cracking or otherwise modifying the software to direct activation confirmation to an unauthorized server (i.e., a pirate server), since only the legitimate server would contain the remote portion of the software corresponding to the desired, remote features.
Therefore it should be recognized that in certain embodiments, the remote feature may simply be maintaining an activation status and/or confirming this status. For example, an end user may be required to log onto the cloud for activation checking only. However in other embodiments, the remote portion includes, alternately or additionally, more substantive substitute features such as executing conversions, exporting, or enabling streaming, for example.
To maintain fast and responsive performance of the software, the remote features in some embodiments that are stored in the remote portion are features that are not used frequently, but which nonetheless have a high value to the end user (for example, saving or exporting files). Thus, while many functions are executed at the speed of the local machine, full use of the software requires use of the remote portion as well. In this manner, the software is never fully or permanently installed on the local machine, allowing the developer or publisher to retain control of at least the portion of the code remaining on its online server or in the cloud.
As previously mentioned, another solution to the intentional piracy presented herein is generally referred to as Asynchronous Continuous Activation (ACA). In certain embodiments, ACA does not allow the software to perform one or more functions (restricted functions) without confirming that the software has been activated. In certain embodiments, ACA requires confirmation of activation before high-value features can be executed, such as opening, saving, or exporting a file. In some embodiments, this confirmation is required every time a user attempts to perform a restricted feature. In other embodiments, confirmation is required periodically, depending on a delay or number of occurrences since the last confirmation for a restricted feature, for example.
In other ACA-incorporating embodiments, the requirement to confirm activation is tied to other triggers (alternatively, or in addition, to the execution of high-value features). By way of example, these include confirming activation when a user's IP or physical address changes or is different than expected, when other programs are detected to be running on the local machine, when a publisher so requests (such as in response to a newly identified vulnerability), or in other circumstances.
It should be recognized that Application Splitting and Asynchronous Continuous Activation may be incorporated independently, or together. However, it should also be noted that ACA does not require splitting into local and non-local portions of software.
An exemplary embodiment incorporating both Asynchronous Continuous Activation and Application Splitting is depicted as process 600 in 
The embodiment shown in 
As shown in 
It should be recognized that in addition to identifying activation files that have been cracked to incorrectly indicate an activated state, this process also identifies software that has been cracked to redirect activation confirmation efforts to pirate servers, rather than legitimate servers, to confirm a valid activation state.
In addition to performing hash value comparisons, the embodiment of 
In embodiments configured such that attempting to save a file triggers activation confirmation in step 627—thus requiring a real-time internet connection to function—the embodiment of 
If instead the file opened is determined to be from activated software in step 633 and both the file and the software activation status are confirmed to be properly activated in step 635, the file can be opened in step 637 and modified by the user (step 639).
It should also be recognized that while some embodiments were generally described as preventing unintentional piracy, and others with intentional piracy, the presently disclosed methods and systems may be combined and used together for further benefit. For example, an unsuspecting purchaser of pirated software may, upon receiving information of such piracy by the presently disclosed systems and methods, decide to continue using the software without reporting it. In this case, the additional implementation of Asynchronous Continuous Activation would nevertheless prevent the software from being operational, forcing the user to do the right thing by reporting the piracy. Similarly, an unsuspecting user may be told to install a patch that is in fact an unauthorized crack. By informing the user about the intended user for the given activation code, the otherwise-secret piracy can be detected and reported by that user.
The present disclosure further depicts a method for resolving situations in which hacked software communicates with an unauthorized activation server. 
In the above description, certain terms have been used for brevity, clarity, and understanding. No unnecessary limitations are to be inferred therefrom beyond the requirement of the prior art because such terms are used for descriptive purposes and are intended to be broadly construed. The different assemblies described herein may be used alone or in combination with other devices. It is to be expected that various equivalents, alternatives and modifications are possible within the scope of any appended claims.
This application claims the benefit of U.S. Provisional Patent Application No. 62/487,030, filed Apr. 19, 2017, which is incorporated herein by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 62487030 | Apr 2017 | US |