US20010011254A1 - Distributed execution software license server - Google Patents
Distributed execution software license server Download PDFInfo
- Publication number
- US20010011254A1 US20010011254A1 US09/212,373 US21237398A US2001011254A1 US 20010011254 A1 US20010011254 A1 US 20010011254A1 US 21237398 A US21237398 A US 21237398A US 2001011254 A1 US2001011254 A1 US 2001011254A1
- Authority
- US
- United States
- Prior art keywords
- software
- license server
- computer
- user
- software object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 130
- 238000004891 communication Methods 0.000 claims description 151
- 238000012545 processing Methods 0.000 claims description 5
- 230000004224 protection Effects 0.000 description 28
- 230000008569 process Effects 0.000 description 22
- 230000002441 reversible effect Effects 0.000 description 16
- 238000004590 computer program Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 12
- 230000003993 interaction Effects 0.000 description 9
- 230000004044 response Effects 0.000 description 9
- 230000003068 static effect Effects 0.000 description 8
- 238000012546 transfer Methods 0.000 description 6
- 238000003860 storage Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 4
- 238000012360 testing method Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000002950 deficient Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000002829 reductive effect Effects 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 230000002301 combined effect Effects 0.000 description 1
- 238000012962 cracking technique Methods 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Definitions
- the Modified Software 7 When the Modified Software 7 needs to execute a missing portion of the executable image of the Original Software 9 , the Modified Software 7 (in conjunction with the Trap Software 6 ) contacts the License Server 4 with a set of inputs, and the License Server 4 then executes the missing portion(s) of the Original Software 9 and returns the result of the execution to the Software User 2 for continued local execution of the Modified Software 7 . License Server 4 access is granted to only to licensed Software Users 2 . Though the Modified Software 7 may be copied freely it will not execute properly without an authorized license (User Key 5 ) authenticated by the License Server 4 .
- the final stage of a program's execution, shutdown is where the program frees up the resources it has allocated in the previous stages and quits.
- Resources that might have been allocated include files, windows, and memory.
- This stage of execution is generally not important to a user because by the time it occurs, all the useful work has been accomplished. If this stage does not execute at all the user will have already have used the software package to the full extent that the user needed. In most modem operating systems, resources are automatically freed by the system when a program quits, so this stage can often be skipped without adverse effects. Removing instructions from this execution stage would produce no enhanced security for the program and if all removed instructions are selected from this execution stage, no security for the program is provided.
- An automatic method of code (understood to be a block of instruction sequences such as instruction sequence 298 ) removal from the Original Software 9 is implemented in the instant invention by the Software Profiler 10 (detailed in FIG. 6) which records the execution flow of a typical usage of the Original Software 9 and analyzes the results.
- the Software Profiler 10 starts executing the Original Software 9 , using either machine emulation or hardware step/trace functionality, by having software object 55 prompt the user (Software Vendor 3 ) for a program (the Original Software 10 ) to profile, loading the program identified by the user, and finding the starting execution point of the program.
- the Original Software 9 is communicated 18 to the Software Profiler's 10 software object 55 .
- software object 284 determines that more than 8 k bytes of read/writes occurred, then it communicates 285 this fact to software object 289 , otherwise the fact that more than 8 k of reads/writes did not occur is communicated 286 by software object 284 to software object 287 .
- Software object 289 determines whether more than 50% of the instructions removed (by the Software Profiler 10 ) from the Original Software 9 have already been communicated 114 to any of the Software Users 2 , by any License Server 4 . In the preferred embodiment all instruction sequences 298 that have ever been released by any License Server 4 to any Software User 2 must never total more than 50%. The percentage selected, 50%, can be changed by the Software Vendor 3 to reflect the level of security desired.
Abstract
A method of protecting software from unlicensed use is provided by placing a portion of the executable software code on a secure server and providing for the proffer of a digital key to the secure server by a client who wishes to run the software application. The executable software is, provided that such digital key is authenticated, then run in distributed fashion on both the client and secure server. Selection means to determine the portion of the executable software code to be placed on the secure server is also provided.
Description
- 1. Field of the Invention
- The instant invention relates to the field of methods of protecting software from unlicensed use. More particularly, the instant invention relates to methods of protecting software from unlicensed use which utilize authentication of digital keys and distributed execution of executable software.
- 2. Prior Art
- It is known in the prior art of protecting software from copying to utilize a system for providing secure access and execution of application software stored on a first computer by a second computer using a communication device while a communication link is maintained between the first and second computers. More specifically, it is known in the prior art to utilize a secure software rental system. The secure server rental system enables a user in a remote location using a personal computer and a modem to connect to a central rental facility, transfer application software from the central rental facility to the remote computer, and execute the application software on the remote computer while electronically connected to the central rental facility. When the communication link between the central rental facility and the remote computer is interrupted or terminated, the application software no longer executes on the remote computer. This interruption or termination is accomplished by integrating header software with the application software. The application software stored on the central rental facility is integrated with the header software to provide the security feature. The use of header software allows the user to execute the application software only while the user is electronically connected to the central rental facility continuously. This use of the header software is intended to prevent the user from copying the application software to a storage device on the remote computer, and subsequently executing the application software after interrupting or terminating the communications link between the central rental facility and the remote computer.
- The methodology of utilizing a system for providing secure access and execution of application software stored on a first computer by a second computer using a communication device while a communication link is maintained between the first and second computers fails as a protection against copying because the system downloads the complete executable to the user's machine (with the inclusion of “header software”) making it susceptible to simple cracking techniques which can avoid the protection system by removing the header software. Other forms of header software, such as those that require serial numbers before running the application software, have been shown to be ineffective in protecting software from copying and automated methods of removing the header software have been developed.
- It is further known in the prior art of protecting software from copying to repetitively transmit portions or sequences of a retailed (distributed or delivered to an end user) computer program through one way media to a computing device, such that the computing device sequentially executes the transmitted portions or sequences of the retailed computer program, such that a user of the computing device has full use of the retailed computer program, and such that the computing device at no single time has a true, accurate and complete copy of the retailed computer program within the computing device, thereby preventing unauthorized duplication of the retailed computer program by eliminating the presence within the computing device, at any single time, of a true, accurate and complete copy of the retailed computer program.
- The method of repetitively transmitting portions or sequences of a retailed computer program through one way media to a computing device, such that the computing device sequentially executes the transmitted portions or sequences of the retailed computer program, such that a user of the computing device has full use of the retailed computer program, and such that the computing device at no single time has a true, accurate and complete copy of the retailed computer program within the computing device fails as a protection against copying because the method allows a complete copy to be assembled from the transmitted pieces of the retailed computer program. No method that operates on a one way medium can be fully secured against unlicensed copying, because simply recording and replaying the transmitted data results in a working copy of the retailed computer program.
- It is further known in the art of protecting software from copying to create an encoding technique to protect software programs and hardware designs from being copied, tampered with, and their functions from being exposed. The software programs and hardware designs (collectively called programs) thus encoded still remain executable. The encoding technique employs the concept of complexity of programs and produces proximity inversion in terms of functions contained in the programs, while preserving the behaviors. Various embodiments are possible to achieve this encoding which includes, for example, cascading and intertwining of blocks of the programs. This method of encoding software, while making tampering with the software much more difficult, does not prevent the software from being copied. This technique of encoding software might be combined with other methods of copy protection to make tampering more difficult. But, because this method allows the user complete access to the software, the software can be disassembled, studied, and modified. Given a determined user, software protected from tampering by this method can be reverse engineered because all of the software, in unencrypted form, resides physically on the user's machine.
- Other and further copy protection methods are known in the art. For example, it is known to mark a sector on the disk containing the software to be protected as “bad” and store valid data in it. At one time most disk copy software would not copy bad tracks or sectors from a disk. However, such disk copy software is now common.
- It is further known in the art of protecting software from copying to copy protect a software being delivered to the customer on a disk (or other physical storage media) by physically manufacturing a defective sector on the disk (or other physical storage media) containing the software to be protected and then to check for this defective sector when the software is loaded into the customer's volatile memory for operation. This software protection mechanism is readily defeated by reverse engineering the software to no longer check for bad sectors (method of modifying is discussed later). Furthermore, this technique of software copy protection requires special manufacturing capabilities, depends on the error detection capability of the software user's drive which may not be consistent across all users, and has the additional drawback that it doesn't allow the software purchaser, the authorized user, to backup his software.
- It is further known in the art of protecting software from copying to utilize password based systems to protect software from copying. Typically, in such a system, the user is asked to enter a phrase from the user manual or from a sticker placed on the product's packaging when the software starts. The user manual, itself, was sometimes protected from copying by use of photocopy resistant paper. This method of copy protection for software is easily defeated by manually typing the required information and making it publicly available, or by reverse engineering the software to bypass the password check.
- It is further known in the art of protecting software from copying to attach a hardware device (sometimes referred to as a “dongle” or “smart card”) to a communication port as a protection against software copying. The software checks for the dongle sporadically during the software's execution and shuts down if the dongle is missing. This software copy protection mechanism is defeated by finding the code sequence within the software that checks for the dongle and removing that sequence of code. Additionally, this method requires the Software Vendor3 to distribute expensive hardware with each copy of his software product limiting it's use to expensive software packages.
- It is further known in the art of protecting software from copying to utilize a dongle protection method that stores part (a few bytes) of the software program's data inside the dongle's memory. In this manner, the software cannot function completely without the missing data. However the data or few bytes of executable code, are static (they never change) and once the data or bytes of executable code are read into memory from the dongle, the software copy protection can be defeated by replacing the data or bytes of executable code intended to be provided by the dongle with the data or lines of code as read from the active (RAM) memory.
- It is further known in the art of protecting software from copying to encrypt portions of or entire software programs and decrypt them at the point they are run by using a user supplied key. A key may be in the form of a serial number, a card, or a dongle. This method fails to protect the software in question because the decrypted instructions are stored in the memory of the user's computer where they can easily be read and copied. Also, because the software program protected by the method in question uses locally executing software to verify a key, the locally available software can be modified such that any key appears to be the correct key. Further, if the key is in the form of a serial number, the serial number can be copied without limit. Finally, if the key is in the form of a hardware device, additional costs are incurred by the
Software Vendor 3 for each copy of software sold. - It is further known in the art of protecting software from copying to produce software that stores specific information about the software's user, such as the user's software version number, the user's CPU identification number, BIOS version, the user's hard drive size and partition information, or the user's Ethernet card address, during the software unlocking process so that when the software next loads up to RAM it will check for that value. The unlocking process usually occurs by telephone or by network, where the user receives a secret key that decrypts the executable and also has the user's information encoded into the key. This method also suffers from the fact that the executable is resident on the user's machine and can be reverse engineered to no longer make checks for the above mentioned secret key or data. Additionally, this method of software copy protection is very inconvenient as the authorized user, software licensee, cannot run the copy protected software on another, perhaps upgraded, CPU nor can the user install a new hard-drive and still have the software function.
- It is also known, in the art of protecting software from copying and license management, to store a file on the user's computer which represents a software license. When a user tries to execute protected software, the software checks to ensure that the license file is available locally. If the license file is not available locally, a search is performed for a license file that is not in use on another computer and if a license file is found, it is transferred from one computer to another. This method allows a group of users to share a license as long as the number of simultaneous users doesn't exceed the number of licenses. This method suffers from the same weaknesses described in the preciously mentioned prior art, which is that the software is available locally in a complete form and can be reverse engineered such that the software no longer checks for the license file when starting up. The License Server provides no needed service to the running software so removing the interaction with the License Server is a straight forward task.
- Finally, it is known in the art of protecting software from copying to design a specialized microprocessor that decrypts programs on chip as they run. This method gives each decrypting microprocessor it's own decryption key stored locally within a tamper resistant casing. Because each processor has it's own decryption key, only software specifically encrypted using that key will operate correctly on that microprocessor. The microprocessor further encrypts and decrypts memory as it is written to and from an external bus. This invention offers much higher security than the above mentioned prior art, but has the disadvantage that the microprocessor can only run one application provided by one
Software Vendor 3 because the decryption key uses a symmetrical block cipher. Because a new decrypting microprocessor is needed for each new software product, such microprocessors are unlikely to reach a mass market. This problem could be overcome by using public key encryption, however, the speed lost by encryption/decryption of every instruction and memory access prevents this microprocessor from running as fast as more general purpose microprocessors on the market. Further, the need for high security results in chip prices for the decrypting microprocessor to be much higher than the prices for currently available general purpose microprocessors on the market and requires additional batteries and tamper detecting circuitry. Furthermore, recent advances in cryptoanalysis such as differential power analysis could be used to recover the key from the device by measuring current draws and or electromagnetic emissions. Once the key has been recovered, the software can be decrypted and copied. - Various additional schemes for protection of software from copying are known in the prior art, however all appear to be variations on the above described methods.
- All of the methods known in the prior art, save and except the method utilizing a specialized microprocessor that decrypts programs on chip as they run, share a characteristic, they each permit all of the software that is to be protected into the possession and control of the user. Thus, almost every one of the methods known in the prior art shares the problem that if the user has complete access to the executable software and its copy protection system the user can figure out how the system works and use this information to defeat the software's copy protection system, certainly to disable the software's copy protection scheme.
- The instant invention is of a method of protecting from unauthorized, unlicensed use. The method requires modification of the executable code of the software to be protected such that certain portions of the executable code operate on a License Server while the software to be protected operates on the authorized user's computer. A License Server may be any computing device that can secured against access by the Software User and which can communicate across potentially unsecured channels to the Software User's computing device. The preferred embodiment is described in terms of potentially long range communication channels such as found in the internet and telecommunication networks, however the License Server can be, as indicated in the description of alternate embodiments, located within the Software User's computing system, as long as it can be secured against observation and tampering by the Software User. Careful selection of the portions of the executable code to be run on the License Server connected by said data communications channel assure that no noticeable degradation of software performance is detected by the Software User.
- Accordingly, it is an object of this invention to provide a method of protecting software operating on a computer which may be put in communication with a License Server from unauthorized, unlicensed use.
- It is a further object of this invention to provide a method of protecting software operating on a computer which is connected to a network from unauthorized, unlicensed use which requires some selected portion of the executable code of the protected software to be run on a License Server connected to that same network.
- It is a yet further object of this invention to provide a method of selecting the portions of the executable code of the protected software to be run on a License Server that does not degrade the performance of the protected software while making it computationally not feasible to recover the selected portions of the executable code.
- Yet other and further objects of this invention will become apparent upon a reading of the following detailed description of the preferred embodiment.
- A better understanding of the present invention can be obtained from the detailed description of exemplary embodiments set forth below, to be considered in conjunction with the attached drawings, in which:
- FIG. 1 depicts a block diagrammatic overview of the communication between the License Server, the Software User, and the Software Vendor during practice of the method of the instant invention.
- FIG. 2 depicts a block diagrammatic overview of the communication between the License Server and the Software User during practice of the method of the instant invention.
- FIG. 3 depicts a block diagrammatic overview of the communication between the License Server and the Software Vendor during practice of the method of the instant invention.
- FIG. 4 depicts a block diagrammatic overview of a typical instruction sequence encountered/utilized during the practice of method of the instant invention.
- FIG. 5 depicts a block diagrammatic overview of a Key's components during practice of the method of the preferred embodiment of the instant invention.
- FIG. 6 depicts a block diagrammatic overview of the operation of the Software Profiler during practice of the method of the instant invention.
- FIG. 7 depicts a block diagrammatic overview of the Software Profiler's operation during determination of the length of the instruction sequence during practice of the method of the instant invention.
- FIG. 8 depicts a block diagrammatic overview of the Software Profiler's operation during determination of whether to reject an instruction sequence during practice of the method of the instant invention.
- FIG. 9 depicts a block diagrammatic overview of the Software Profiler's operation during selection of the instruction sequences to be placed on the License Server during practice of the method of the instant invention.
- FIG. 10 depicts a block diagrammatic overview of the operation of the Trap Software and its interaction with the License Server during practice of the method of the instant invention.
- FIG. 11 depicts a block diagrammatic overview of the operation of
Software Object 74, within the License Server, upon receipt of request for service from a licensed Software User during practice of the method of the instant invention. - FIG. 12 depicts a block diagrammatic overview of the operation of
Software Object 39, within the License Server, upon receipt of a User Key from a licensed Software User during practice of the method of the instant invention. - FIG. 13 depicts a block diagrammatic overview of the operation of
Software Object 84, within the Trap Software, when selecting a License Server during practice of the method of the instant invention. - FIG. 14 depicts a block diagrammatic overview of the operation of the Trap Software determining, connecting to, and executing the Modified Software over the License Server providing the fastest network response time during practice of the method of the second embodiment of the instant invention.
- FIG. 15 depicts a block diagrammatic overview of the operation of the License Server transferring poorly chosen instruction sequences to the Software User to execute locally without compromising the security of the licensed software during practice of the method of the instant invention.
- FIG. 16 depicts a block diagrammatic overview of the communication between the License Server, the Software User, and the Software Vendor where the removed instructions are stored locally in an encrypted form on the Software User's computer during practice of the method of the second embodiment of the instant invention.
- FIG. 17 depicts a block diagrammatic overview of a Key's components during practice of the method of the second embodiment of the instant invention.
- FIG. 18 depicts a block diagrammatic overview of operation of the Software Profiler while producing Modified Software and Keys, without communication between the Software Profiler and the License Server and using encryption during practice of the method of the second embodiment of the instant invention.
- No. Description
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Software Object 24 andSoftware Object 39 -
Software Object 39 toSoftware Object 25 -
Software Object 27 toSoftware Object 72 -
Software Object 45 andSoftware Object 28 -
-
-
-
-
-
-
-
-
Software Objects -
Software Object 72 -
Software Object 28 and Software Object 26 (encompassed within Software Object 43) -
Software Object 23 andSoftware Object 24 -
-
Software Object 25 andSoftware Object 26 -
Software Object 26 andSoftware Object 27 -
-
-
Software Object 39 andSoftware Object 72 -
-
Software Object 72 andSoftware Object 74 -
Software Objects 26 and 27) -
Software Object 74 andSoftware Object 45 -
-
-
-
-
-
Software Object 47 andSoftware Object 48 -
Software Object 48 andSoftware Object 49 -
-
Software Object 62 andSoftware Object 47 -
-
-
Software Object 55 and Software Object 144 (encompassed within Software Object 119 (encompassed within Software Object 57)) -
-
-
-
Software Object 59 andSoftware Object 61 -
-
-
-
-
-
-
Software Object 59 -
-
-
-
Software Object 31; emulates in License Server the instructions missing from the Modified Software, which were removed from the Original Software) -
-
Software Object 39 andSoftware Object 84 -
-
-
Software Object 84 andSoftware Object 86 -
-
Software Object 86 andSoftware Object 88 -
-
-
Software Object 74 andSoftware Object 28 -
-
-
-
-
-
-
-
-
-
-
-
-
Software Object 54 andSoftware Object 55 -
-
Software Object 120 andSoftware Object 119 -
Software Object 123 andSoftware Object 121 -
Software Object 124 andSoftware Object 122 -
-
-
Software Object 119 andSoftware Object 123 -
Software Object 123 andSoftware Object 124 -
Software Object 124 andSoftware Object 125 -
Software Object 125 andSoftware Object 126 -
Software Object 126 andSoftware Object 128 -
Software Object 127 andSoftware Object 119 -
Software Object 128 andSoftware Object 127 -
Software Object 128 andSoftware Object 54 -
-
Software Object 144 andSoftware Object 146 -
-
Software Object 146 andSoftware Object 148 -
-
Software Object 148 andSoftware Object 152 -
Software Object 148 andSoftware Object 151 -
-
-
-
Software Object 151 andSoftware Object 157 -
-
Software Object 157 andSoftware Object 146 -
-
Software Object 157 andSoftware Object 160 -
Software Object 152 andSoftware Object 160. -
-
-
Software Object 161 andSoftware Object 163 -
-
Software Object 163 andSoftware Object 167 -
-
-
-
Software Object 167 andSoftware Object 169 -
-
Software Object 161 and Software Object 280 -
Software Object 163 and Software Object 280 -
-
Software Object 167 and Software Object 280 -
-
-
Software Object 196 andSoftware Object 198 -
-
Software Object 198 andSoftware Object 200 -
-
Software Object 200 andSoftware Object 202 -
-
Software Object 202 andSoftware Object 204 -
-
-
-
-
Software Object 207 andSoftware Object 209 -
-
Software Object 209 andSoftware Object 211 -
-
Software Object 211 andSoftware Object 215 -
-
-
-
Software Object 215 and Software Object 219 -
Software Object 215 andSoftware Object 214 -
Software Object 214 andSoftware Object 213 -
-
Software Object 222 andSoftware Object 215 -
Software Object 222. -
-
-
-
Software Object 227 andSoftware Object 229 -
-
Software Object 229 andSoftware Object 231 -
-
Software Object 231 andSoftware Object 233 -
-
Software Object 233 andSoftware Object 235 -
-
Software Object 229 andSoftware Object 238 -
Software Object 231 andSoftware Object 239 -
-
-
-
Software Object 240 andSoftware Object 242 -
-
Software Object 242 andSoftware Object 244 -
-
Software Object 244 andSoftware Object 246 -
-
Software Object 246 andSoftware Object 248 -
-
Software Object 240 andSoftware Object 250 -
-
Software Object 250 andSoftware Object 252 -
-
Software Object 252 andSoftware Object 248 -
Software Object 242 andSoftware Object 248 -
-
Software Object 266 andSoftware Object 4 -
Software Object 4 andSoftware Object 269 -
-
-
Software Object 267 andSoftware Object 25 -
-
-
-
Software Object 271 andSoftware Object 269 -
Software Object 270 andSoftware Object 269 -
Software Object 266 andSoftware Object 267 -
-
Software Object 25 andSoftware Object 269 -
Software Object 269 andSoftware Object 270 -
Software Object 270 andSoftware Object 271 -
-
-
-
-
Software Object 281 andSoftware Object 284 -
-
Software Object 284 andSoftware Object 289 -
Software Object 284 andSoftware Object 287 -
-
Software Object 287 andSoftware Object 289 -
-
Software Object 289 andSoftware Object 291 -
-
-
Software Object 287 andSoftware Object 45 -
Software Object 289 andSoftware Object 45 -
Software Object 45 andSoftware Object 72 -
-
-
-
-
-
-
-
-
Software Object 303 andSoftware Object 305 -
-
Software Object 306 andSoftware Object 307 -
-
-
-
Software Object 309 andSoftware Object 311 -
-
Software Object 311 andSoftware Object 313. -
-
-
-
-
-
-
- Software authors have long struggled to make copyright laws automatically enforceable; that is, to protect their software from being copied or utilized without the
Software User 2 possessing a proper license from the author. With the advancements in computers, storage devices, and communications (including in particular the advent of high speed data communications over the internet), movies, music, books, and computer software all become easily copied and transmitted around the world. Current methods of distributing data involve making a static representation of the data and storing and/or transmitting that static representation of the data via a one-way source such as disk, CDROM, television broadcast, or internet download. Static data cannot be protected against illegal duplication because of the nature of static data. For example, music must be played in a way that the human ear can hear it. The music sounds the same each time it is played, so recording the sound waves as they travel to the ear cannot be stopped. - Dynamic data sources produce different results each time the results are displayed. A simple example of a dynamic data source might be a weight scale. The scale produces different outputs depending on it's input, i.e. how much weight is placed on it. A user can copy some of the results from the scale but these copies do not capture the usefulness of the device.
- Computer software is largely used in a static form. An executable image of the software is created by a compiler. The executable image is then transferred in its entirety to a user who loads the executable image into his computer memory and executes it. Because the user has full access to the software there is nothing to stop him from copying it and transferring it to others without limit.
- Some recent inventions/innovations have attempted to prevent the user's full access to the software and these inventions/innovations are above-noted in the statement of prior art. The most successful of such currently known methods of protecting software from illegal duplication operates by attaching additional code (instructions) to the software program that checks for the presence of some special hardware (a dongle). If the hardware exists, then the software continues to execute, otherwise it shuts down. In this manner a physical medium is used to represent each licensed copy of the software. Some implementations of this method store special data (or instructions) on the hardware device that is needed by the software.
- These recent inventions/innovations do not defeat the efforts of a very determined user to reverse engineer the software and illegally duplicate the software. The software can be modified to exclude checks to the hardware (dongle), and the communication channels between the software and the hardware can be monitored to collect any missing data. Most users will not have the patience to undertake the intensive task of studying and tampering with the software, but once a single user has completed the task the software can then be copied without limit. Furthermore, these hardware devices (dongles) cost additional money, making them unacceptable for use with low cost software packages. The dongles limit sales of the software to the sale of a physical item, and they add inconvenience that many software users have expressed anger about.
- There is a serious need for a stronger software copy protection scheme than is currently available that has a low-implementation cost. A dramatic illustration of this fact is seen by examining the software piracy rates in many countries. According to the Software Publisher's Association (SPA): Vietnam 99%, China 96%, Russia 91%. In these countries it is very difficult to sell software because it is readily available in a pirated form for a fraction of the retail price. Efforts to prevent piracy in these countries have not been effective because previous automatic methods (discussed above in the prior art statement) of enforcement fail when pitted against a user determined to reverse engineer the software, and the cost of manual (physical) enforcement far outweighs the gains made in software sales. Further, with the growing popularity of public networks such as the internet, reverse engineered software (pirated copy) is freely exchanged and universally available for anyone who looks in the right places (for example on the internet). The means of enforcing licenses by reliance upon the currently available legal processes has become unfeasible.
- Object level programming is well known and understood in the current art as are systems built upon a client-server architecture. The detailed description of the instant invention will be made and understood in terms of software objects operating within a client-server architecture which are not specific to any particular programming language as the instant invention may be implemented and used in any of a number of programming languages.
- As seen in FIG. 1, the instant invention anticipates a three party system. The three parties are the
Licensing Agent 1, theSoftware User 2, and theSoftware Vendor 3. TheLicensing Agent 1 operates aLicense Server 4. TheSoftware User 2 operates a computer wherein resides three software objects, theUser Key 5, theTrap Software 6, and theModified Software 7. The third party is theSoftware Vendor 3 whose computational system contains the four software objects, as follows: theOriginal Software 9, the Software Profiler 10 (whose operation is detailed in FIG. 6), multipleunsold Keys 11, and a Software Vendor's 3 copy of theModified Software 7. - From FIG. 1, the method of the instant invention can be seen. The method begins with a
Software Vendor 3 who is in possession ofOriginal Software 9 that theSoftware Vendor 3 wishes to sell to aSoftware User 2. TheOriginal Software 9 is in fully compiled, executable form. TheSoftware Vendor 3 causes theSoftware Profiler 10 to operate on theOriginal Software 9. TheSoftware Profiler 10 acts to remove certain selected executable instructions from theOriginal Software 9, creating the Software Vendor's 3 copy of theModified Software 7. TheSoftware Vendor 3 then transfers, or communicates 13, the removed executable instructions from theOriginal Software 9 to theLicense Server 4. TheLicense Server 4 then creates a series ofKeys 11 and communicates 14 theKeys 11 to theSoftware Vendor 3. TheSoftware Vendor 3 then sells and communicates 15 (by any transfer means, including without limitation on disk, by internet download, on CD-ROM, or otherwise) the ModifiedSoftware 7 to theSoftware User 2. TheSoftware Vendor 3 also communicates 16 (again, by any transfer means) to theSoftware User 2 the User Key 5 (User Key 5 is a single one of the Keys 11) and theTrap Software 6. All three objects, theModified Software 7, theUser Key 5 and theTrap Software 6 must be installed on the Software User's 2 computer for the method of the instant invention to work. After installation of the three objects on the Software User's 2 computer,communication 17 between theSoftware User 2 and theLicense Server 4 permits theLicense Server 4 to execute the removed executable instructions from theOriginal Software 9 and permits theModified Software 7 to run/execute as expected by theSoftware User 2, provided thatsuch communication 17 is over a link networking theLicense Server 4 and the Software User's 2 computer. - FIG. 1. provides an overview of the communication between the three parties involved in the instant invention; the
Licensing Agent 1, theSoftware Vendor 3, and theSoftware User 2. TheLicensing Agent 1 may own and/or operate a plurality ofLicense Servers 4. The License Server's 4 responsibilities include, receiving instructions removed fromOriginal Software 9, generating and communicating 14Keys 11 forOriginal Software 9, and communicating 17 withTrap Software 6 to provide service toSoftware User 2. TheSoftware Vendor 3 communicatesOriginal Software 9 toSoftware Profiler 10. TheSoftware Profiler 10 executesOriginal Software 9 and determines which instructions to remove. The instructions to be removed are communicated 13 to theLicense Server 4 bySoftware Profiler 10. After the instructions to be removed are communicated 13 to theLicense Server 4, theSoftware Profiler 10 creates the ModifiedSoftware 7 by removing the instructions from theOriginal Software 9 and saving the instructions remaining in theOriginal Software 9 to a permanent form. TheLicense Server 4 communicates 14Keys 11 which are associated with theOriginal Software 9 to theSoftware Vendor 3. TheseKeys 11 allowSoftware Users 2 to execute the instructions removed from theOriginal Software 9 through use of theTrap Software 6. TheSoftware Vendor 3 transmits 16 aUser Key 5, a copy of theTrap Software 6, and a copy of theModified Software 7 to aSoftware User 2, presumably when theSoftware User 2 has purchased a license to execute the Software from theSoftware Vendor 3. TheSoftware User 2 begins running theTrap Software 6 which obtains aUser Key 5 from theSoftware User 2 and begins running theModified Software 7. TheTrap Software 6 communicates 17 theUser Key 5 to theLicense Server 4, where theUser Key 5 is accepted or rejected. If theLicense Server 4 accepts theUser Key 5 then theLicense Server 4 permits the Trap Software's 6 request for the License Server's 4 execution of the instructions missing (removed by the Software Profiler 10) from the ModifiedSoftware 7. - FIG. 2. Provides a block diagrammatic overview of the communication between the
License Server 4 and the Trap Software 6 (located on theSoftware Users 2 computer) during practice of the method of the preferred embodiment of the instant invention.License Agent 1 begins executingLicense Server 4.Software User 2 begins executingTrap Software 6 which causessoftware object 23 to initialize theTrap Software 6.Software object 23 communicates 34 that it has been initialized tosoftware object 24.Software object 24 obtains aUser Key 5 from theSoftware User 2.Software object 24, upon receipt of aUser Key 5 fromSoftware User 2, communicates 19, over a network, theUser Key 5 to License Server's 4software object 39. License Server's 4software object 39 acts to verify or refute the User Key's 5 validity and communicates 20 the state of validity to the Trap Software's 6software object 25. FIG. 2 does not show the operational result of the License Server's 4 receipt of aUser Key 5 which is refuted (not verified) bysoftware object 39, but it should be obvious thatSoftware User 2 cannot operate theModified Software 7 when the User'sKey 5 has been refuted because theLicense Server 4 will not thereafter (after theUser Key 5 is refuted) honor further requests from theTrap Software 6 being run by theSoftware User 2. Trap Software's 6software object 25, upon receipt ofcommunication 20 of asuccessful User Key 5 verification message from License Server's 4software object 39, begins executing theModified Software 7. Trap Software's 6software object 25 communicates 36 that it has started executing theModified Software 7 tosoftware object 26.Software object 26 causes theTrap Software 6 to pause and monitor the status of theModified Software 7 until a Trap/Breakpoint occurs. A Trap/Breakpoint is a special instruction that, when executed, causes a CPU to halt it's normal progress, save it's context and execute a special debugging routine. In this case breakpoint instructions were inserted into theModified Software 7 in place of the removed instructions by theSoftware Profiler 10. The Trap Software's 6software object 26, at some point in the execution of theModified Software 7, encounters a Trap/Breakpoint instruction.Software object 26, upon determining that a Trap/Breakpoint has occurred, communicates 37 this fact tosoftware object 27.Software object 27 communicates 21 the state of the CPU when theModified Software 7 reached the Trap/Breakpoint to the License Server's 4software object 72.Software object 72 acts to verify that there is aUser Key 5 that has been verified associated with the network address used by theSoftware User 2. If the network address is verified,software object 72 communicates 42 such verification tosoftware object 74. If the network address is not verified bysoftware object 72, the request from theTrap Software 6 is ignored by theLicense Server 4.Software object 74 acts to emulate the missing (removed) instructions from theOriginal Software 9 and communicates 44 the results of the emulation tosoftware object 45.Software object 45 communicates 22 the new state of theModified Software 7 after the execution of the missing (removed) instructions from theOriginal Software 9 has completed across the network to the Trap Software's 6software object 28. Trap Software's 6software object 28 acts to insert the results of the execution of the instructions on theLicense Server 4 into the process of theModified Software 7 by setting the CPU registers and memory on the Software User's 2 computer to the modified values that were obtained during execution on theLicense Server 4.Software object 28 causes theModified Software 7 to continue execution by communicating 33 tosoftware object 26 the fact thatsoftware object 28 has replaced the CPU registers and memory on the Software User's 2 computer.Software object 26 continues to execute theModified Software 7, as described above, until another Trap/Breakpoint is encountered or theModified Software 7 completes its execution. - FIG. 3 depicts a block diagrammatic overview of the communication between the
License Server 4 and theSoftware Vendor 3 during practice of the method of the preferred embodiment of the instant invention. TheSoftware Vendor 3 begins the process by executing theSoftware Profiler 10 and supplying theOriginal Software 9. Software Vendor's 3software object 55 begins execution of theOriginal Software 9 in a routine fashion.Software object 55 communicates 56 the fact that theOriginal Software 9 has begun execution tosoftware object 57.Software object 57 examines the execution patterns of theOriginal Software 9.Software object 57 communicates 67 selected code sequences which are candidates for removal tosoftware object 59 together with the fact of the termination of the execution of theOriginal Software 9 when theOriginal Software 9 terminates execution.Software object 59 makes the determination of which instructions (code sequences) to remove from theOriginal Software 9 for execution on theLicense Server 4. When software object 59 has determined which instructions to remove from theOriginal Software 9,software object 59 communicates 60 these selected instructions tosoftware object 61 which communicates 13 the selected instructions to the License Server's 4software object 46 and removes the instructions from theOriginal Software 9 creatingModified Software 7. TheModified Software 7 is then (normally at time of Software User's 2 purchase of the software) communicated 15 toSoftware User 2.Software object 61 acts to communicate 13 the instructions removed from theOriginal Software 9 to the License Server's 4software object 46 where the instructions are stored for further use. At any point after the instructions removed from theOriginal Software 9 have been communicated 13 to theLicense Server 4, theSoftware Vendor 3 may decide to purchaseKeys 11 from theLicense Agent 1. The process of theSoftware Vendor 3purchasing Keys 11 from theLicense Agent 1 begins insoftware object 62 which communicates 53 the desire to purchaseKeys 11 from theSoftware Vendor 3 to the License Server's 4software object 47.Software object 47 generatesunique Keys 11 in a number responsive to the request of theSoftware Vendor 3. These generatedKeys 11 are communicated 50 bysoftware object 47 tosoftware object 48 which acts to associate theKeys 11 with the removed instructions obtained fromsoftware object 61 and stored insoftware object 46. - Software object48 acts to communicate 51 the associated
Keys 11 tosoftware object 49 which transmits 14 theKeys 11 to the Software Vendor's 3software object 64.Software object 64 acts to store theKeys 11 and allow theSoftware Vendor 3 to transmit 16 asingle User Key 5 to eachSoftware User 2 who purchases a license to executeOriginal Software 9. A second embodiment of the instant invention's method of operation is depicted in FIG. 17 in whichKeys 11 can be generated bySoftware Vendor 3 without the need for communication with aLicense Server 4. - The instant invention implements a method for converting static computer programs (Original Software9) into a dynamic medium that is highly resistant to reverse engineering and provides a static component (Modified Software 7) that executes locally at high speed. In essence the instant invention uses an electronic network (
communication 17 between theLicense Server 4 and the Software User's 2 computer) to create a barrier between theSoftware User 2 and theOriginal Software 9. TheOriginal Software 9 is modified (creating a Modified Software 7) in such fashion that portions of the executable image are placed on aremote License Server 4. When theModified Software 7 needs to execute a missing portion of the executable image of theOriginal Software 9, the Modified Software 7 (in conjunction with the Trap Software 6) contacts theLicense Server 4 with a set of inputs, and theLicense Server 4 then executes the missing portion(s) of theOriginal Software 9 and returns the result of the execution to theSoftware User 2 for continued local execution of theModified Software 7.License Server 4 access is granted to only to licensedSoftware Users 2. Though theModified Software 7 may be copied freely it will not execute properly without an authorized license (User Key 5) authenticated by theLicense Server 4. - The method of the instant invention is low cost because the
Software User 2 is presumed to already have the equipment needed to make a network connection and, thuscommunication 17 between theSoftware User 2 and theLicense Server 4. The method of the instant invention is also secure because although theSoftware User 2 can examine the input and output going across thenetwork communication 17, theSoftware User 2 cannot determine the Modified Software's 7 missing functionality. TheSoftware User 2, in order to defeat the copy protection of the instant invention, must determine the missing functionality of theModified Software 7, which can only be determined by trial and error. As the number of inputs and outputs of a “function” being executed in theModified Software 7 grows in size, a 100% correct interpretation of what the functionality is that is being supplied by the remote execution in theLicense Server 4 of the removed code sequences becomes impossible to guess. - Mathematically this can be shown as:
- y=f(x)
- This is the simplest function. Assuming x is a 32 bit number, in order to test that you have guessed the correct function f( ) you would need to send over 4 billion test is to the
License Server 4 to execute. Assuming that the network medium,communication 17, takes 5 milliseconds to complete each transaction, this would take 4.7 years. As the functions become more complex, the time required to make sure they are correct tends toward infinity. For example, by adding one more input into to the function, y=f(a, b) the time required to test becomes 20,529,229,070 years. In this invention, the inputs to f( ) (communicated 17 from theSoftware User 2 to the License Server 4) include all of the Software User's 2 RAM memory and CPU registers, making it computationally unfeasible to test even a fraction of the input space. TheSoftware Profiler 10 attempts to determine functions f( ) which are non-trivial and hence difficult to deduce. If f( ) always produces the same output, regardless of it's inputs, or has a limited number of actual inputs that are used, it would be possible to deduce f( ). The problem of deducing f( ) is analogous to using cryptoanalysis to determine a secret password, but instead of deducing the key, the task of a person attempting to reverse engineer software protected by the method of the instant invention is to deduce the algorithm that produces the key. The instant invention uses a measure of the difference between the inputs and outputs resultant from two executions of the same program to determine which instructions or group of instructions (seeexample instruction sequence 298 in FIG. 4) execute non-deterministically. This ensures the selection of aninstruction sequence 298 that can not be eliminated by replay attack, which occurs when an individual who is attempting to reverse engineer the software protection provided by the instant invention (an attacker or pirate) captures and records the inputs and outputs of the execution of theinstruction sequence 298 and replays them later attempting to circumvent the protection of the instant invention by providing the outputs of the execution of theinstruction sequence 298 to theModified Software 7 upon the occurrence of a request to theLicense Server 4 for execution of theinstruction sequence 298. - A typical computer program executes in three stages, initialization, user interaction, and shutdown. The first stage, initialization, occurs when a program first begins executing and allows the program to prepare to handle user interaction. The initialization stage typically involves opening interaction windows, loading resource files, and initializing data structures the program will use in the interaction state. Because this stage generally executes without any user input and typically does the same thing every time the program runs, it is difficult to protect
instruction sequences 298 executed here. It is assumed that a person desiring to reverse engineer the protection provided by the method of the instant invention has access to all of the program's memory and all communication with theLicense Server 4. If aninstruction sequence 298 is executed exactly the same way each time it is run on theLicense Server 4, communication with theLicense Server 4 can be replayed at the next time the program is run, producing the effect of executing theinstruction sequence 298. Further, any software protection methodology which depends on removinginstruction sequences 298 from the initialization section could be bypassed by storing the entire state of the computer software in memory after it has loaded and then the loading it back into memory the next time the computer software is run. This is one of the reasons many of the prior art protection mechanisms fail to fully protect software, the initialization stage executes in a manner that is deterministic. - The next stage of a program's execution is the user interaction stage. This stage takes input from the user, applies some computation and displays or produces a result in accordance with the function of the software. In most modem software packages the user interaction occurs through the use of a graphical interface and the user inputs are considered to be mouse clicks, keyboard presses, menu selections, and other forms of program input/guidance. Many software packages may also take input from input files which input acts to control the software package's (program's) execution flow and processing. An example of this type of input might include a word processor that loads up a previously saved file. The program (word processor in this example) produces different results depending on the contents of the file it is loading. Instructions executed during this stage can be protected using the method of the instant invention because the results of the program's execution cannot simply be replayed if the program is protected by the method of the instant invention.
- The final stage of a program's execution, shutdown, is where the program frees up the resources it has allocated in the previous stages and quits. Resources that might have been allocated include files, windows, and memory. This stage of execution is generally not important to a user because by the time it occurs, all the useful work has been accomplished. If this stage does not execute at all the user will have already have used the software package to the full extent that the user needed. In most modem operating systems, resources are automatically freed by the system when a program quits, so this stage can often be skipped without adverse effects. Removing instructions from this execution stage would produce no enhanced security for the program and if all removed instructions are selected from this execution stage, no security for the program is provided.
- There are two methods of identifying which instructions belong to which stage of execution. The first method depends on the
Software Vendor 3 to signal to theSoftware Profiler 10 when each stage begins and ends. This signaling process can be performed interactively by theSoftware Vendor 3 or signals can be embedded into the software application, such that it automatically signals to theSoftware Profiler 10 when the program has completed the initialization stage and again when it is beginning the shutdown stage. Because some initialization sections may be delayed until the first time they are needed, this method may be time consuming and prone to errors on the part of theSoftware Vendor 3. A second and preferred method automatically studies the execution flow of two complete executions of the same program. The two executions can be later examined for differences. These differences disclose the exact set of instructions that can be protected by the instant invention. - FIG. 4 depicts an
instruction sequence 298 as applied to the 8086 computer architecture. Aninstruction sequence 298 is composed of any number of sequential instructions. Instructions can be any form of data that controls the flow of execution of a computing device. TheSoftware Profiler 10 of the preferred embodiment as depicted in FIG. 7 usually selectsinstruction sequences 298 that end with a Call instruction. A Call instruction, when executed, will cause the current address of the instruction pointer to be pushed onto the stack and then cause program execution to jump to another location. A Call instruction is usually paired with a RETurn instruction which causes the CPU to pop the return address and jump to that location. Thus by ending aninstruction sequence 298 at a Call the number ofinstruction sequences 298 that need to be executed remotely will be reduced because when the CPU returns from the call it need not start another remote execution. The instant invention can be applied to any computer architecture and is not limited to 8086 machines. For example, the Java Virtual Machine hasinstruction sequences 298 that can be utilized by the instant invention. - The removal of a single instruction from a computer program typically does not result in a sufficiently complex relationship between inputs and outputs of the execution of the single instruction to permit protection because most computer systems have a small set of instructions that have a limited effect. By watching the inputs and outputs of the operation of a single missing instruction the instruction could be easily guessed, derived, or reverse engineered. For this reason, the instant invention uses a sequence of instructions which when grouped together have a combined effect that is much more complex and difficult to determine. The length of an
instruction sequence 298 to be removed from theOriginal Software 9 and placed on theLicense Server 4 for remote execution is determined by the process shown in FIG. 7. Aninstruction sequence 298 can be thought of as a black box having only inputs and outputs. The inputs include any memory or CPU registers that are to be accessed by the execution of theinstruction sequence 298. The outputs are any memory or CPU registers that are modified by the execution of theinstruction sequence 298. Because the instant invention operates oninstruction sequences 298 rather than on individual instructions, information for determining the execution differences (as discussed above) can be stored for an entire instruction sequence, thereby saving memory space and time. By running the program twice and recording the inputs and outputs of each of theinstruction sequences 298, differences will result if theSoftware User 2 operates the software differently on the two runs. These differences are easily identified by matching the inputs of one run with those of another run. A difference is identified when no matches occur or the outputs differ for matched inputs. - By selecting
instruction sequences 298 for removal from theOriginal Software 9 and remote execution on theLicense Server 4 that execute differently (i.e. have different inputs and outputs) during successive runs, the potential security problems due to playback or memory dumps/loads are eliminated. A problem exists, in that theSoftware Profiler 10 may remove instructions solely from the shutdown stage, in which case no real security is provided. In most applications, the shutdown stage is initiated by theSoftware User 2 selecting a quit option. After theSoftware User 2 has selected the quit option, the program in question begins shutting down and no longer needs user input. TheSoftware Profiler 10 can thus watch the program as it reads input from the operating system during execution. After the program has finished execution, theSoftware Profiler 10 can determine the shutdown stage as beginning at the last location where the program read input from the operating system. That is, the program is considered to be in the shutdown stage when it no longer reads user input. The problem is thus solved in the preferred embodiment by having theSoftware Profiler 10 identify the last instruction sequence which reads input from the operating system as the beginning of the Original Software's 9 shutdown state of operation. - Some programs, now becoming rare, may not communicate directly with the user. Instead such programs only operate on a set of input files supplied by the user. In these programs, the shutdown stage must be signaled by the
Software Vendor 3 or the application because there is no automatic method of detecting when the useful work has been accomplished and the shutdown stage begins. These types of non-interactive programs generally have very short shutdown stages and so the chances of selectinginstruction sequences 298 strictly from the shutdown stage are very small. To eliminate the possibility that such an event could occur, theinstruction sequences 298 could be selected by time, such that those executed the earliest in the program's history are most likely to be selected for remote execution by theSoftware Profiler 10. - FIG. 5 depicts a block diagrammatic overview of a Key11 during practice of the method of the preferred embodiment of the instant invention. A
Key 11, in the preferred embodiment, consists solely of aRandom Number 315. Because the preferred embodiment of this method generates theKey 11 on theLicense Server 4, any information needing to be associated with theKey 11 can be associated and stored on theLicense Server 4 at the time of generation. Properties that can be assigned to theKey 11 include the identity of the software package that theKey 11 enables and additional License Information 301 (as seen in FIG. 17 depicting the second embodiment of the instant invention).License Information 301 can include, but is not limited to, the maximum number ofsimultaneous Software Users 2 perKey 11, network addresses allowed to useKey 11, time intervals thatKey 11 may be used, cost per use ofKey 11, and maximum uses ofKey 11. By setting a maximum number ofsimultaneous Software Users 2 perKey 11, a group license can be created. As an example, if a company buys a license to run 200 copies of a software package, that company and all of its employees can share oneKey 11 which allows a maximum of two hundredsimultaneous Software Users 2. TheLicense Server 4 keeps track of how many instances of theKey 11 are in use and only allows a maximum of two hundredSoftware Users 2 to simultaneously operate the licensed copy of theModified Software 7. By associating a set of network addresses with aKey 11, a site license can be created. As an example, if a company has control over internet addresses 212.392.193.* where * represents any three digit number, then a Key 11 can be associated with a network mask that only allows access fromSoftware Users 2 sending communications to theLicense Server 4 from addresses within the range defined by the network mask, effectively giving the company (Licensed User 2) unlimited usage of the software when operated within the company's network. By associating time intervals with theKey 11, time usage periods can be established, thus enabling trial versions, rental periods, and monthly/yearly subscription usage. Establishment of a time interval authorization for a Key II allows theSoftware Vendor 3 to sell usage of the software on a hourly or daily basis. By setting a maximum number of uses perUser Key 5, theSoftware Vendor 3 can limit how many times the software can be run before theUser Key 5 expires. Further categories of information can easily be associated with theUser Key 5 to allow theSoftware Vendor 3 to gain very specialized control of the license and thus of the protected software. TheRandom Number 315 should be sufficiently large that it will not collide with (and thus not be unique)other Keys 11. Because theKey 11 can only be tested through the network, efforts to findKeys 11 through brute force can be detected and stopped. - A problem encountered with the method of the instant invention is that code executing remotely (on the License Server4) executes more slowly because of the time of network transfer (communication 17). The selection of code to be removed from the
Original Software 9 by theSoftware Profiler 10 is important to the level of security and to the speed at which theModified Software 7 can execute. Finding code that will execute infrequently allows for faster execution time becausefewer network communications 17 are required. Performance profilers which give a programmer an accurate view of where a program is spending most of its execution time by using statistical sampling methods are not applicable to the instant invention. The instant invention tries to find sections of code in theOriginal Software 9 that are not executed often and using a statistical sampling method will have a high probability of missing these sections. Thus, the instant invention uses CPU emulation to trace through the complete execution cycle of theOriginal Software 9. Because CPU emulation is typically hundreds of times slower than normal execution, the instant invention will reject some instruction sequences 298 (as candidates for remote execution on the License Server 4) during the profile stage. These rejected sequences can then be allowed to execute natively on the Software Vendor's 3 CPU allowing theSoftware Vendor 3 to operate theOriginal Software 9 at interactive speeds during the profiling process. - An automatic method of code (understood to be a block of instruction sequences such as instruction sequence298) removal from the
Original Software 9 is implemented in the instant invention by the Software Profiler 10 (detailed in FIG. 6) which records the execution flow of a typical usage of theOriginal Software 9 and analyzes the results. TheSoftware Profiler 10 starts executing theOriginal Software 9, using either machine emulation or hardware step/trace functionality, by havingsoftware object 55 prompt the user (Software Vendor 3) for a program (the Original Software 10) to profile, loading the program identified by the user, and finding the starting execution point of the program. TheOriginal Software 9 is communicated 18 to the Software Profiler's 10software object 55. After thesoftware object 55 has found the starting execution point, it communicates 56 theOriginal Software 9 to thesoftware object 119 which determines the length of theinstruction sequence 298 starting at the starting point instruction pointer (IP). After the length of theinstruction sequence 298 starting at the IP (instruction pointer) that has been determined by software object 119 (detailed in FIG. 7) the length of theinstruction sequence 298 is communicated 136 to thesoftware object 123 which determines whether theinstruction sequence 298 has already been rejected. If thesoftware object 123 determines that theinstruction sequence 298 has already been rejected, then this information is communicated 132 tosoftware object 121 which acts to permit theinstruction sequence 298 to execute natively in theModified Software 7.Software object 121 executes the program being profiled (a copy of the Original Software 9) until it hits a breakpoint. This breakpoint is communicated tosoftware object 120 which acts to restore the instructions replaced by the breakpoint and returns to emulation mode. The fact that the software is now executing in emulation mode is communicated 131 tosoftware object 119. If thesoftware object 123 determines that theinstruction sequence 298 has not already been rejected, theinstruction sequence 298 is communicated 137 to asoftware object 124 which determines whether theinstruction sequence 298 can be rejected. If thesoftware object 124 determines that theinstruction sequence 298 can be rejected, thensoftware object 124 communicates 133 this information tosoftware object 122.Software object 122 then places breakpoint instructions (in RAM) at the end of theinstruction sequence 298 as well as any point in RAM where the CPU would jump out of theinstruction sequence 298. The memory at the locations where the breakpoints have been placed should be saved such that when the CPU hits a breakpoint in the operation, the process is interrupted and the original instructions can be restored.Software object 122 communicates tosoftware object 121 that the program is ready to begin native execution. If thesoftware object 124 determines that theinstruction sequence 298 can not be rejected, it communicates 138 theinstruction sequence 298 tosoftware object 125 which then records theinstruction sequence 298 input state and communicates 139 this information together with theinstruction sequence 298 tosoftware object 126. Thesoftware object 126 then emulates the operation of theinstruction sequence 298 and records the outputs of theinstruction sequence 298. The input and output of aninstruction sequence 298 is considered to be all of memory and all CPU registers, however, storing the entire state of the input and output would require too many resources, so instead the changes (or differences) between the input and output can be stored. These changes can be determined during the process of emulating theinstruction sequence 298. - The
instruction sequence 298 emulated, as described in the preceding paragraph, is communicated 140 fromsoftware object 126 tosoftware object 128.Software object 128 then makes a determination as to whether the execution of theOriginal Software 9 has completed, i.e. whether the end of the program has been reached, and communicates 142 a “no” determination tosoftware object 127 or communicates 143 a “yes” determination tosoftware object 54. Receipt of a “no” determination bysoftware object 127 fromsoftware object 128 causessoftware object 127 to change the instruction pointer to the end of theinstruction sequence 298 just emulated and to continue operation of theOriginal Software 9. Receipt of a “yes” determination bysoftware object 54 fromsoftware object 128 causessoftware object 54 to save the inputs and outputs for the entire execution of theOriginal Software 9 as recorded bysoftware objects Software object 54, then determines if this was the first or second execution of theOriginal Software 9. If this was the first execution,software object 54 communicates 129 this fact tosoftware object 55 which acts to begin the profiling process again. If this was the second execution of theOriginal Software 9, thensoftware object 54 communicates 67 this fact tosoftware object 59.Software object 59 acts to determine whichinstruction sequences 298 are eligible for removal and communicates 60such instruction sequences 298 tosoftware object 61.Software object 61, upon receipt ofcommunication 60 fromsoftware object 59, acts to selectN instruction sequences 298 sorted by fitness (discussed below), remove them from the Original Software 9 (creating Modified Software 7), and send/communicate 13 the removedinstruction sequences 298 to theLicense Server 4. Detail of the operation ofsoftware object 61 is depicted in FIG. 9. The number N can be chosen to reflect the level of security desired. The fitness of aninstruction sequence 298 is determined by matching the inputs and outputs recorded bysoftware objects execution # 1 andexecution # 2 of theOriginal Software 9. The fitness (or security) of aninstruction sequence 298 is equal to the number of input matches with corresponding output differences plus the number of input differences. To further explain this, suppose “A” is aninstruction sequence 298 which was executed 50 times duringexecution # execution # 2. For each input fromexecution # 1 that matches the input inexecution # 2, the output is tested for a match. If 49 of the executions match inputs, the outputs of those 49 executions are tested to see if they produced the same result. If 40 of those 49 executions resulted in the same output, then a starting fitness of 9 is used (49−40). Next, the inputs to theinstruction sequence 298 “A” (fromexecution # 1 and #2) are tested for non-matches. Assuming that redundancies are removed when aninstruction sequence 298 has the same input and output more than once, this would make 51 mismatches (100−49). The total fitness for theinstruction sequence 298 “A” would be 60 (9+51). - As seen in the detailed description in the foregoing paragraphs, the
Software Profiler 10 acts to determine whichinstruction sequences 298 should be executed locally and which should be executed on theLicense Server 4. This determination occurs partially while theSoftware Profiler 10 is executing theOriginal Software 9, and partially after theSoftware Profiler 10 has traced two complete executions of theOriginal Software 9 and examined the executions for differences as described above. Thoseinstruction sequences 298 that are selected by theSoftware Profiler 10 to execute on theLicense Server 4 are transferred to theLicense Server 4. Thoseinstruction sequences 298 which are determined to execute locally are used to form theModified Software 7, which is later communicated 15 to aSoftware User 2. TheSoftware Profiler 10 inserts Breakpoint/Trap instructions into theModified Software 7 at the locations where instructions were removed so that when there is an attempt to execute them, theTrap Software 6 will be able to request they be executed by theLicense Server 4. - FIG. 7 provides detailed information regarding the Software Profiler's10 determination of the length of an
executable instruction sequence 298 to be removed from the ModifiedSoftware 7 and placed on theLicense Server 4. As seen in FIG. 7,software object 119, and more preciselysoftware object 144 withinsoftware object 119, has communicated 141 to it from software object 127 (FIG. 6) the current execution point of theModified Software 7. This current execution point is IP_Start, the current instruction pointer.Software object 144 also sets IP_Current to the current instruction pointer of theModified Software 7 and sets IP_Max to IP_Start plus an arbitrary number, shown in FIG. 7 as 256.Software object 144 then communicates 145 these parameters, IP_Start, IP_Current, and IP_Max tosoftware object 146.Software object 146 determines the length of the instruction at IP_Current and communicates 147 this information tosoftware object 148.Software object 148 determines whether the instruction communicated 147 to it is a Call. If the determination bysoftware object 148 is that the instruction is a Call, then this information is communicated 149 tosoftware object 152.Software object 152 determines whether the destination address of the Call resides in a rejected code sequence. If the destination address of the Call does reside in a rejected code sequence, this information is communicated 159 tosoftware object 160. If the destination address of the Call does not reside in a rejected code sequence, this information is communicated tosoftware object 151.Software object 160 sets the instruction pointer for the end of theinstruction sequence 298 as being IP Current minus IP Start and communicates 136 this information to software object 123 (FIG. 6).Software object 151 sets IP_Current at IP_Current plus the length of the current instruction and then communicates 154 IP Current tosoftware object 157.Software object 157 determines whether IP_Current is greater than IP_Max and, if so, communicates 158 this information tosoftware object 160. Ifsoftware object 157 determines that IP_Current is not greater than IP_Max, thensoftware object 157 communicates 156 this information tosoftware object 146 which, again, acts to determine the nature and length of the instruction at IP_Current. - FIG. 8 provides detail of the operation of
software object 124, which acts to determine if aninstruction sequence 298 can be rejected as a candidate for removal fromOriginal Software 9. Software object 161 (contained within software object 124) receivescommunication 137 of theinstruction sequence 298 under consideration and the fact thatsuch instruction sequence 298 has not previously been rejected as a candidate for removal to theLicense Server 4.Software object 161 then acts to make a determination as to whether theinstruction sequence 298 has been executed more than ten times and consumed more than 0.01% of the processing time over the past one hundred thousand instructions. The criteria stated are those arbitrarily selected and used in the preferred embodiment, obviously the criteria could be selected differently (for example, executed more than 33 times or consumed more than 0.002% of the processing time during the last 21,000 instructions) without departing from the instant invention. If thesoftware object 161 determines that yes, the selection criteria has been met, then this fact is communicated 170 tosoftware object 172 which, in turn, produces a reject sequence signal and communicates 133 that signal to software object 122 (FIG. 6). If thesoftware object 161 determines that the selection criteria has not been met, then this fact is communicated 162 tosoftware object 163.Software object 163 then determines whether theinstruction sequence 298 under consideration has caused the movement of more than two kilobytes of data in RAM (volatile memory) from one location to another. Again, the two kilobyte size is arbitrarily selected and could be selected as five kilobytes or 500 bytes, a larger size selection will result in a slower execution of theModified Software 7 over the network because of the volume of data to be communicated 17 to and from theLicense Server 4. If thesoftware object 163 determines that theinstruction sequence 298 under consideration has occasioned the movement of more than two kilobytes of data from one location to another in RAM, this information is communicated 171 tosoftware object 172. If thesoftware object 163 determines that theinstruction sequence 298 under consideration has not occasioned the movement of more than two kilobytes of data from one location to another in RAM, then information is communicated 164 tosoftware object 167.Software object 167 acts to determine whether theinstruction sequence 298 under consideration resides in a standard library ofinstruction sequences 298, such as libc. Ifsoftware object 167 determines that theinstruction sequence 298 under consideration does reside in a standard library, this information is communicated 173 tosoftware object 172. Ifsoftware object 167 determines that theinstruction sequence 298 under consideration does not reside in a standard library, this information is communicated 168 tosoftware object 169.Software object 169 then acts to communicate 138 to software object 125 (FIG. 6) the information that theinstruction sequence 298 under consideration is not rejected yet. - FIG. 9 details the method by which the
Software Profiler 10 determines whichinstruction sequences 298 to remove from theOriginal Software 9 when creating theModified Software 7. As seen in FIG. 9,software object 196 has communicated 60 to it, from software object 59 (FIG. 6), the information that the running of theOriginal Software 9 in emulation mode has ended. Upon receipt of such information,software object 196 sorts thenon-rejected instruction sequences 298 by the measured fitness (discussed above).Software object 196 then communicates 197 the sortedinstruction sequences 298 tosoftware object 198 which acts to select the best (most fit)N instruction sequences 298, where N is a number dependent upon the level of security selected by theSoftware Vendor 3. The selectedN instruction sequences 298 are then communicated 199 bysoftware object 198 tosoftware object 200.Software object 200 acts to replace the N selectedinstruction sequences 298 in the executable image (on disk) of the software being modified for use pursuant to the method of the instant invention. Each selectedinstruction sequence 298 is replaced in theModified Software 7 with a series of traps or break points.Software object 200 next communicates 201 the replacedinstruction sequences 298 tosoftware object 202.Software object 202 then acts to communicate the selected instructions to theLicense Server 4.Software object 202, upon completion of the transfer to theLicense Server 4, communicates 203 the fact of completion tosoftware object 204.Software object 204 then acts to receive from theLicense Server 4 theKeys 11 which may be distributed by theSoftware Vendor 3 to the Software Users 2 (see FIG. 1) at which time they are refered to asUser Key 5. The process of receiving (purchasing)Keys 11 from theLicense Agent 1 through theLicense Server 4 may occur at any later time as well as theSoftware Vendor 3 desires to purchase more keys.Software object 204 communicates the fact of the receipt of theKeys 11 tosoftware object 206 which then acts to rename executable.exe to executable.bin andcopy Trap Software 6 to exectable.exe, theModified Software 7.Software object 204 then communicates 13 the selectedinstruction sequences 298 to software object 46 (FIG. 3). - FIG. 10 depicts a block diagrammatic overview of the operation of the
Trap Software 6 and its interaction with theLicense Server 4 during practice of the method of the instant invention.Trap Software 6 begins execution upon receipt of a signal communicated 34 by the Software User's 2 operating system tosoftware object 84.Software object 84 acts to request aUser Key 5 from theSoftware User 2 and communicates 85 theUser Key 5 tosoftware object 86.Software object 86 acts to determine whichModified Software 7 is to be executed and communicates 87 the address/location of suchModified Software 7 together with theUser Key 5 tosoftware object 88. One method of determining whichModified Software 7 to execute would be for theTrap Software 6 to execute thatModified Software 7 that has the Trap Software's 6 filename with a different extension. I.e. if theTrap Software 6 is named executable.exe, then it determines the ModifiedSoftware 7 as being executable.bin. This method of associating theTrap Software 6 with theModified Software 7 to executed is utilized in the preferred embodiment.Software object 88 acts to communicate 19 theUser Key 5 obtained bysoftware object 84 to the License Server's 4software object 39. After theUser Key 5 has been communicated 19 to theLicense Server 4,software object 39 communicates 20 the fact of the License Server's 4 acceptance of theUser Key 5 tosoftware object 25 or communicates 76 the License Server's 4 denial of theUser Key 5 tosoftware object 84. If theLicense Server 4 rejects theUser Key 5, software object 39 acts to communicate 76 this information tosoftware object 84 which requests anew User Key 5 from theSoftware User 2 and repeats the process (of requesting and obtaining a User Key 5) again. If theLicense Server 4 accepts theUser Key 5, thesoftware object 39 communicates 20 this fact tosoftware object 25.Software object 25 acts to load theModified Software 7 and install trap/breakpoint handlers. These trap/breakpoint handlers are called by theTrap Software 6 when theModified Software 7 tries to execute a breakpoint instruction.Software object 25 acts to communicate 36 the fact that theModified Software 7 has begun to execute tosoftware object 43. When theModified Software 7 encounters a breakpointinstruction software object 43 acts to communicate 21 the instruction pointer, CPU registers, and cache memory to the License Server's 4software object 31.Software object 43 also communicates 21 tosoftware object 31 thatsoftware object 43 has sent the state (the instruction pointer and CPU registers) of theModified Software 7 to theLicense Server 4.Software object 31, upon a receiving a message from theLicense Server 4 communicating successful execution completion, communicates 22 this message tosoftware object 28.Software object 28 acts to change the Modified Software's 7 memory and CPU registers according to the results of the License Server's 4 execution.Software object 28 then communicates 33 the fact that theModified Software 7 is ready to continue execution tosoftware object 43 which acts to continue execution of theModified Software 7 and this process (executing until a breakpoint is encountered and then executing a request on the License Server 4) is repeated until the Modified Software's 7 execution has terminated. - FIG. 11 provides detail regarding the License Server's4 execution of instructions for the
Trap Software 6. After thesoftware object 72 determines that theTrap Software 6 address has been properly verified, it communicates 42 this information tosoftware object 207.Software object 207 reads the instruction pointer (IP), CPU registers and memory cache from the client (Trap Software 6).Software object 207 then communicates 208 the client's (Trap Software's 6) instruction pointer (IP), CPU registers and the client's (Software User's 2) network address tosoftware object 209.Software object 209 then uses the network address of the client (Software User 2), as communicated 208 tosoftware object 209 bysoftware object 207, to determine which set of many sets ofinstruction sequences 298, one (ideally, theoretically, and in the preferred embodiment) set for each copy of theModified Software 7, to use. The set to be used is determined by the key (User Key 5) supplied earlier by the client (Trap Software 6/Software User 2). The information regarding whichinstruction sequence 298 set to use is communicated 210 fromsoftware object 209 tosoftware object 211.Software object 211 then begins emulation of the removed Original Software's 9 instructions, the instructions having been earlier communicated 13 to theLicense Server 4 by theSoftware Profiler 10, by determining what theinstruction sequence 298 is at IP (client's Instruction Pointer). As Software object 211 emulates theinstruction sequence 298, it communicates 212 the current instruction pointer tosoftware object 215.Software object 215 makes a determination of whether theinstruction sequence 298 references a memory location. Ifsoftware object 215 determines that a memory location is referenced by theinstruction sequence 298, this information is communicated 217 tosoftware object 214. Ifsoftware object 215 determines that a memory location is not referenced by theinstruction sequence 298, this information is communicated 216 to software object 219.Software object 214 makes a determination of whether the memory address referenced by theinstruction sequence 298 is present in the memory cache already sent by theTrap Software 6. If the memory address referenced by theinstruction sequence 298 is present in the cache sent by theTrap Software 6, this fact is communicated to software object 219. If the memory address referenced by theinstruction sequence 298 is not present in the cache sent by theTrap Software 6, this information is communicated 218 tosoftware object 213.Software object 213 makes a request of the client (Trap Software 6) for the referenced memory address contents and, upon receipt, adds those contents to the cache previously sent by the client (Trap Software 6).Software object 213 communicates to software object 219 the completion of software object's 213 action of adding the contents to the cache. Software object 219 can now fully act to emulate the current instruction and advance the instruction pointer to the next instruction. Software object 219 communicates 221 the completion of the execution of the instruction tosoftware object 222.Software object 222 makes a determination of whether the instruction pointer is still in thecurrent instruction sequence 298. If the instruction pointer is still in thecurrent instruction sequence 298,software object 222 then communicates 220 this fact tosoftware object 215 which repeats its prior action until all of the instructions in theinstruction sequence 298 have been executed. If the instruction pointer is not still in thecurrent instruction sequence 298,software object 222 then communicates 44 this information tosoftware object 45.Software object 45 acts to communicate 22 the new instruction pointer, CPU registers, and memory cache tosoftware object 28 in theTrap Software 6. - FIG. 12 provides detail regarding the License Server's4 request to the
Trap Software 6 for theUser Key 5. As seen in FIG. 10, thecommunication 19 fromsoftware object 88 is that aTrap Software 6 request has been received, but that theTrap Software 6 address has not been verified.Software object 227 reads theTrap Software 6 request,communication 19, and thereby obtains theUser Key 5.Software object 227 then communicates 228 theUser Key 5 tosoftware object 229.Software object 229 determines whether theUser Key 5 is valid. If theUser Key 5 is valid this fact is communicated 230 bysoftware object 229 tosoftware object 231. If theUser Key 5 is not valid, this fact is communicated 236 bysoftware object 229 tosoftware object 238.Software object 238 acts to notify theSoftware User 2 through communication with the client (Trap Software 6) that theUser Key 5 is invalid.Software object 231 acts to determine whether theUser Key 5 has already reached its maximum number of clients (Trap Softwares 6) (typically theSoftware Vendor 3 sets this maximum number at one). If theUser Key 5 has already reached its maximum number of clients (Trap Softwares 6), thensoftware object 231 communicates 237 this fact tosoftware object 239. If theUser Key 5 has not already reached it's maximum number of clients (Trap Softwares 6), thensoftware object 231 communicates 232 this fact tosoftware object 233.Software object 239 acts to send a message to theSoftware User 2 through communication with the client (Trap Software 6) stating that theUser Key 5 is in use and to ask theSoftware User 2 to abort the operation of theModified Software 7 or to try anotherUser Key 5.Software object 233 acts to decrement the maximum number of clients (Trap Softwares 6) that are available for use with theparticular User Key 5.Software object 233 communicates 234 the completion of the process of decrementing the maximum number of clients (Software Users, each identified by their Trap Software 6) tosoftware object 235.Software object 235 acts to permit theTrap Software 6 to request remote execution of instructions on theLicense Server 4.Software object 235 communicates 20 the fact that theUser Key 5 tendered by theSoftware User 2 is valid to software object 25 (FIG. 10), and also communicates 40 such fact to software object 72 (FIG. 2). - FIG. 13 details the method by which the
Trap Software 6 obtains aUser Key 5 from theSoftware User 2. The request for aUser Key 5 is communicated 76 from the License Server's 4 software object 39 (see FIG. 10). Software object 240 (encompassed within Trap Software 6) receives the request and checks for the presence of theUser Key 5 on the Software User's 2 long term storage disk (hard drive). Ifsoftware object 240 determines that theUser Key 5 is present, this fact is communicated 241 tosoftware object 242. Ifsoftware object 240 determines that theUser Key 5 is not present, this fact is communicated 249 tosoftware object 250.Software object 250 prompts theSoftware User 2 to provide aUser Key 5 and communicates 251 the fact of having made such prompt tosoftware object 252.Software object 252 asks theSoftware User 2 if he wishes to password protect hisUser Key 5 and stores the receivedUser Key 5 to disk (possibly encrypted with a password).Software object 252 communicates 253 theUser Key 5 tosoftware object 248. If theUser Key 5 is password protected,software object 242 communicates 243 this information tosoftware object 244. If theUser Key 5 is not password protected,software object 242 communicates 254 this information tosoftware object 248.Software object 244 prompts theSoftware User 2 for the required password and communicates 245 the received, if any, password tosoftware object 246.Software object 246 utilizes the password to decrypt theUser Key 5 and communicates 247 the decryptedUser Key 5 tosoftware object 248.Software object 248 communicates 85 (see FIG. 10) theUser Key 5 tosoftware object 86. - FIG. 14 depicts a block diagrammatic overview of the operation of the
Trap Software 6 determining, connecting to, and executing theModified Software 7 in cooperation with the License Server 4 (selected from a set of available License Server's 4) having the fastest network response time at the time of the Trap Software's 6 request for service from theLicense Server 4. In order to locate the fastest network route to aLicense Server 4, software object 266 (contained within the Trap Software 10) communicates 264 a “ping” message to eachLicense Server 4 known tosoftware object 266 in order to determine whichLicense Server 4 has the fastest network response time. A “ping” measures the amount of time it takes a small packet of bytes to travel to and from a given network address, in this instance the address of each of the knownLicense Servers 4. By measuring the average ping time to eachLicense Server 4, an estimate can be formed as to whichLicense Server 4 will provide the fastest service for the Trap Software's 6 request.Software object 266 communicates 274 the ping information (network address of theLicense Server 4 providing the quickest response time) tosoftware object 267 which then acts to make a network connection from theSoftware User 2 to the best (smallest average ping time)License Server 4.Software object 267 communicates 268 tosoftware object 25 that the connection to theLicense Server 4 has been established, andsoftware object 25 begins executing theModified Software 7. TheModified Software 7 continues to execute as described previously until a Trap/Breakpoint is encountered or the execution terminates. While theModified Software 7 executes,software object 25 periodically communicates 276 tosoftware object 269 the request to search for theLicense Server 4 having the quickest network response time.Software object 269 communicates 265 an identical ping query to each of the knownLicense Servers 4. The results of the network ping query is communicated 277 bysoftware object 269 tosoftware object 270 which checks to see if a faster route to aLicense Server 4 was found. Ifsoftware object 270 determines that a faster route than the route to the currently connectedLicense Server 4 was found, then the network address of theLicense Server 4 having the faster ping query response time is communicated 278 bysoftware object 270 tosoftware object 271 which terminates the connection with theLicense Server 4 having the slower ping query response time and makes a connection to theLicense Server 4 having the faster ping query response time.Software object 271 then communicates 272 a control signal tosoftware object 269 where the process of making a ping query of all knownLicense Servers 4 is repeated periodically while theModified Software 7 continues to execute. Ifsoftware object 270 determines that a faster route (a network connection having a lower ping query response time) to aLicense Server 4 was not found, thensoftware object 270 does not communicate 278 anew License Server 4 network address tosoftware object 271 whereby theSoftware User 2 stays connected to the previously selectedLicense Server 4 andsoftware object 270 communicates 273 a reset signal tosoftware object 269. In this manner, theTrap Software 6 always maintains a connection to the fastest route to aLicense Server 4, protecting theSoftware User 2 against the possibility of aLicense Server 4 crashing or becoming unavailable during the Software User's 2 execution of theModified Software 7, and also providingSoftware User 2 with the highest possible execution speed ofModified Software 7. - FIG. 15 depicts a block diagrammatic overview of how poorly selected (by the Software Profiler10)
instruction sequences 298 can be transferred to theSoftware User 2 to execute locally without compromising the security of the software. BecauseSoftware Profiler 10 examines theOriginal Software 9 under run conditions established by theSoftware Vendor 3, it is possible for theSoftware Profiler 10 to underestimate the frequency at which aninstruction sequence 298 within theOriginal Software 9 will be executed by theSoftware User 2. This could result in a large number ofnetwork communications 17 between theTrap Software 6 and theLicense Server 4, which would result in slower than expected ModifiedSoftware 7 execution speeds. To correct for this problem,instruction sequences 298 which are determined by theLicense Server 4 to be poor candidates for remote execution on theLicense Server 4 may be transferred to theTrap Software 6 and reinserted into theModified Software 7 where they can be executed locally on the Software User's 2 computer at full speed. The number ofinstruction sequences 298 that are transferred from theLicense Server 4 to theSoftware User 2 for local execution directly affects the security of the method of software protection of the instant invention. The larger the number ofinstruction sequences 298 transferred from theLicense Server 4 to theSoftware User 2 for local execution, the more security is sacrificed. Aninstruction sequence 298 that is transferred to anySoftware User 4, must be considered to have been transferred to allSoftware Users 4 to protect against the possibility of an orchestrated attempt to reverse engineer the software being protected by the method of the instant invention. The License Server's 4software object 72 has communicated 17 to it a request from theTrap Software 6 to execute aninstruction sequence 298.Software object 72 communicates 42 this request (including theinstruction sequence 298, as previously discussed) tosoftware object 281 which then acts to execute the communicated 42instruction sequence 298 emulating operation of theOriginal Software 9. The results of the emulation are communicated 283 bysoftware object 281 tosoftware object 284 which determines whether the results of the remote execution on theLicense Server 4 caused the movement of more than 8 k bytes of read/writes across the network. 8 k bytes is chosen arbitrarily and other numbers may suffice. Ifsoftware object 284 determines that more than 8 k bytes of read/writes occurred, then it communicates 285 this fact tosoftware object 289, otherwise the fact that more than 8 k of reads/writes did not occur is communicated 286 bysoftware object 284 tosoftware object 287.Software object 289 determines whether more than 50% of the instructions removed (by the Software Profiler 10) from theOriginal Software 9 have already been communicated 114 to any of theSoftware Users 2, by anyLicense Server 4. In the preferred embodiment allinstruction sequences 298 that have ever been released by anyLicense Server 4 to anySoftware User 2 must never total more than 50%. The percentage selected, 50%, can be changed by theSoftware Vendor 3 to reflect the level of security desired. Ifsoftware object 289 determines that 50% of the removed instructions have already been communicated 114 toSoftware Users 4, thensoftware object 289 communicates 294 this fact tosoftware object 45 which acts to send the results of the execution ofinstruction sequence 298 to theTrap Software 6 as it would under normal circumstances. Ifsoftware object 289 determines that 50% of theinstruction sequences 298 have not yet been communicated toSoftware Users 4, thensoftware object 289 communicates 290 a “no” tosoftware object 291 which acts to communicate 114 the currently executing instruction sequence 298 (which has been determined as a poor choice for remote execution) to theTrap Software 6 where it can be reinserted into ModifiedSoftware 7 and allowed to execute locally.Software object 291 communicates 32 tosoftware object 72 information thatsoftware object 291 has received theinstruction sequence 298 which causessoftware object 72 to continue to process further request from the client (Trap Software 6). Ifsoftware object 284 determines that less than 8 k bytes of network read/writes occurred then this fact is communicated 286 tosoftware object 287.Software object 287 determines if theinstruction sequence 298 has executed more than 100 times in the last minute. Thenumber 100 is chosen arbitrarily and other values, such as 80 and 300, will suffice. Ifsoftware object 287 determines that theinstruction sequence 298 has been executed more than 100 times in the last minute, it communicates 288 this fact tosoftware object 289, otherwisesoftware object 287 communicates 293 the information that theinstruction sequence 298 has not executed more than 100 times in the last minute tosoftware object 45.Software object 45 communicates 295 tosoftware object 72 thatsoftware object 45 has finished communicating 17 the results of the remote execution of selectedinstruction sequences 298 on theLicense Server 4 to theTrap Software 6, causingsoftware object 72 to continue to process further requests from theTrap Software 6. - A second embodiment of the instant invention is depicted in FIGS. 16 and 18. Such second embodiment provides that the
Software Vendor 3 need not communicate with theLicense Server 4 to createModified Software 7 nor to createnew Keys 316. - FIG. 16 depicts a block diagrammatic overview of the communication between the
License Server 4, theSoftware User 2, and theSoftware Vendor 3 during practice of the method of the second embodiment of the instant invention wherein selectedinstruction sequences 298 are stored locally on the Software User's 2 computer in an encrypted form andKeys 316 are generated by theSoftware Vendor 3. The method of the second embodiment as depicted in FIG. 16 should be compared to the method of the first embodiment as depicted in FIG. 1. Similarly to the first embodiment, as previously discussed in the detailed description of FIG. 1, in the second embodiment (see FIG. 16) theOriginal Software 9 is communicated 18 to theSoftware Profiler 320 which acts to removeinstruction sequences 298 from theOriginal Software 9 and outputs 8 aModified Software 7. Unlike the first embodiment (FIG. 1) in the second embodiment theinstruction sequences 298 removed by theSoftware Profiler 320 are not communicated to theLicense Server 4. Instead, the removedinstruction sequences 298 are appended to arandom identification number 299 and encrypted using an asymmetrical (public/private key) encryption algorithm. In the second embodiment, the License Server's 4Public Key 317 is used for the encryption process and can be stored in theSoftware Profiler 320. Furthermore,Keys 316 can be created by theSoftware Profiler 320 without need for communication with theLicense Server 4 as depicted by FIG. 18. Thus, in the practice of the second embodiment of the instant invention, theSoftware Vendor 3 need not communicate at all with theLicensing Agent 1 or LicenseServer 4 except for accounting purposes. After theSoftware Vendor 3 has created ModifiedSoftware 7,Encrypted Instructions 296,Identification Number 299, andKeys 316, they can be communicated to theSoftware User 2. TheModified Software 7,Encrypted Instructions 296, andIdentification Number 299, are grouped together, appended to formsoftware object 65, and communicated 314 to theSoftware User 2. TheUser Key 5, asingle Key 316, is communicated 16 to theSoftware User 2 from theSoftware Vendor 3, potentially but not necessarily a different communication path than that of communication 314.Software User 2 then runsTrap Software 6 which obtains theUser Key 5 and communicates 17 theUser Key 5, together withInstructions 296 and Identification Number 299 (Instructions 296 andIdentification Number 299 are encrypted with License Server's 4 Public Encryption Key 317) toLicense Server 4.License Server 4 uses itsPrivate Encryption Key 297 to decrypt theInstructions 296,Identification Number 299, and theUser Key 316. After decryption, theLicense Server 4, compares theIdentification Number 299 with the identification number stored in the decryptedUser Key 5. If the two identification numbers do not match, theUser Key 5 is invalid. If theUser Key 5 is valid, theLicense Server 4 uses the serial number as decrypted fromUser Key 5 to check to make sure noother Software User 2 is using thesame User Key 5. In this manner, theLicense Server 4 does not know howmany Keys 11 have been created by theSoftware Vendor 3 nor does it need to keep track of the removedinstruction sequences 298 for different software packages. A third party cannot discover the identification number because it is stored in an encrypted form. Because no third party can discover the identification number, no third party can forge or reverse engineer theirown User Key 5. After theLicense Server 4 has verified that theUser Key 5 is valid and not in use by anotherSoftware User 2, theLicense Server 4 allowsTrap Software 6 to execute missinginstruction sequences 298 as discussed previously. This method of the second embodiment of the instant invention has the advantage that LicenseServers 4 do not keep a list of existing nor removedinstruction sequences 298 for the various ModifiedSoftwares 7 being run or executed by thevarious Software Users 4. This method of the second embodiment of the instant invention has the disadvantage that theinstruction sequences 298 are locally available to persons who might try to reverse engineer the protections of the instant invention through decryption ofsoftware object 65 and the safety (security) of theinstruction sequences 298 to be executed on theLicense Server 4 depends on the strength of the encryption algorithm. This method also has the disadvantage that theencrypted instruction sequences 298 must be transmitted by theTrap Software 6 before they can be decrypted and executed resulting in slower start up times of theModified Software 7. - FIG. 17 depicts a block diagrammatic overview of a Key316 during practice of the second embodiment of the practice of the method of the second embodiment of the instant invention. The
second embodiment Key 316 can be generated by theSoftware Vendor 3 without communication with theLicense Server 4 as shown in FIG. 16. Because theLicense Server 4 has no knowledge of theKey 316, theLicense Server 4 must be able to verify that theKey 316 was generated by theSoftware Vendor 3 and not some other person. Also, because theLicense Server 4 has no knowledge of theKey 316, theKey 316 must contain all of thelicense information 301 which was discussed in the detailed description of FIG. 5. Thesecond embodiment Key 316 contains anidentification number 299. Theidentification number 299 is also stored along with the encrypted instructions as described in the detailed description of FIG. 16. Because the entire Key 316 (including the identification number 299) is encrypted with the License Server's 4Private Encryption key 317; and the encrypted instructions with the appendedidentification number 299 are also encrypted with the License Server's 4Public Encryption Key 317, the only entity capable of decrypting the two is theLicense Server 4. Thus, only aLicense Server 4 is capable of verifying that aUser Key 5 is valid by comparing theidentification number 299 included as part of the User Key 5 (FIG. 17) with theidentification number 299 appended to the modified software 7 (FIG. 16). TheSoftware Vendor 3, who generated theidentification number 299, is capable of creatingnew Keys 316.Keys 316, in the second embodiment, also contain aserial number 300. Theserial number 300 is used to distinguish betweenvarious Keys 316 by theLicense Server 4. TheSoftware Vendor 3 can generate asmany Keys 316 as is desired by using differentserial numbers 300. If theLicense Server 4 is to bill theSoftware Vendor 3 for the use of each Key 316, this can happen the first time theLicense Server 4 sees a newserial number 300 being used. TheLicense Server 4 has no knowledge of whichserial numbers 300 were generated by theSoftware Vendor 3 before theserial numbers 300 are used bySoftware User 2. If theKey 316 is lackinglicense information 301License Server 4 will only honor oneUser Key 5 with the sameserial number 300 at a time. However, if theUser Key 5 also containslicense information 301, then it may be a group license key as discussed in the detailed description of FIG. 5. - FIG. 18 depicts in detail the Software Profiler's320 production of
Modified Software 7 andKeys 316 without communicating with theLicense Server 4 using encryption during the practice of the method of the second embodiment of the instant invention.Software Object 303 acts to remove instructions from theOriginal Software 9 in a manner similar to that shown in FIG. 6. At the end of the profiling process the Software Profiler's 320 produces ModifiedSoftware 7 as shown in FIG. 6, however instead of communicating the removedinstruction sequences 298 to theLicense Server 4, the removedinstruction sequences 298 are communicated 304 tosoftware object 305.Software object 305 acts to generate arandom identification number 299. Theidentification number 299 is a secret to theSoftware Vendor 3 and is used by theLicense Server 4 to verify the identity of theSoftware Vendor 3. Theidentification number 299 is communicated 306 tosoftware object 307 which acts to append theidentification number 299 to the removedinstruction sequence 298 and encrypt both theidentification number 299 and the removedinstruction sequence 298 using the License Server's 4Public Encryption Key 317.Software object 307 communicates completion of the encryption tosoftware object 309 which then acts to generate aserial number 300. Aserial number 300 is simply any unique numerical value, one value perKey 316 to be generated.Software object 309 acts to communicate 310 the generatedserial number 300 tosoftware object 311.Software object 311 acts to concatenate theidentification number 299, theserial number 300, and thelicense information 301. Aftersoftware object 311 concatenates theidentification number 299, theserial number 300, and licenseinformation 301 into a single information packet, it communicates 312 this information packet tosoftware object 313.Software object 313 acts to encrypt the information packet using thePublic Encryption Key 317 of theLicense Server 4. The License Server's 4Public Encryption Key 317 can be stored within theSoftware Profiler 320. The encrypted information packet now becomes aKey 316. The resultingKey 316 can be communicated 16 to theSoftware User 2. As well,Removed Instructions 296 combined with the Identification Number 299 (which are encrypted), andModified Software 7 can be communicated 314, to theSoftware User 2 for immediate use. - The third embodiment of the instant invention is identical to the second embodiment of the instant invention with the sole exception that the
License Server 4 is a secure server software object residing on the Software User's 2 computer. The operation and functions of the software objects described in detail for the second embodiment of the instant invention are identical for the third embodiment of the instant invention, the only difference being the length of thecommunication 17 line. An example of a third embodiment might include a microprocessor within a tamper resistant casing, residing inside or connected locally to the Software User's 2 computer. This microprocessor can execute at much slower speeds than the Software User's 2 main processor because it executes instructions infrequently, allowing for lower cost and higher overall execution speed than prior art encrypting microprocessors. As well, any microprocessor with sufficient memory can be used because instruction sequences are emulated for another computer architecture. This also reduces the hardware design and manufacturing cost. For example an 8 bit microprocessor can be used to emulate the instructions of a 32 bit microprocessor through the use of multiple 8 bit instructions for each 32 bit instruction. - As can be readily seen from the foregoing description of the preferred embodiment, the essence of the invention is the distributed execution of an executable file with the execution of a chosen portion of the executable taking place on a
License Server 4. TheLicense Server 4, and its contents, are maintained in a state of high security, both physically and electronically. The security afforded to theLicense Server 4 and its contents becomes the security afforded to theOriginal Software 9, as only the ModifiedSoftware 7 is distributed publicly toSoftware Users 2. - In this time of rapidly increasing accessibility to high bandwidth network connections, the applicability of the instant invention is expected to be close to universal. All
Software Vendors 3 whose customer base is internet connected may benefit from the copy protection afforded by the instant invention. Further, due to the reduced copying of software and presumed continued widespread use for and of such software, it may reasonably be expected thatSoftware Vendors 3 will be able to obtain a reasonable return on their software development investment while selling the software to the public at a lower price.
Claims (15)
1. A method of preventing unauthorized use of an executable file comprising the steps of:
replacing portions of said executable file with remote calls to a license server,
installing said executable file in a first computer,
installing said replaced portions in said license server,
executing said executable file in said first computer,
having said license server determine whether said first computer is authorized, and
permitting execution of said replaced portions only if said first computer is authorized.
2. A method of preventing unauthorized use of an executable file comprising the steps of:
replacing portions of said executable file with remote calls to a license server,
installing said executable file in a first computer,
providing a digital key to said first computer,
installing said replaced portions in said license server,
communicating said digital key from said first computer to said license server,
executing said executable file in said first computer,
having said license server determine whether said digital key is authorized, and
permitting execution of said replaced portions only if said digital key is authorized.
3. A system which protects an executable file from unauthorized use comprising
a license server;
a user's computer;
a vendor's computer;
a first software object which executes on said vendor's computer,
replaces selected portions of said executable file with remote calls to said license server,
communicates said replaced portions of said executable file to said license server, and
communicates said executable file to said user's computer;
a second software object which executes on said user's computer, and
provides communication of intermediate execution data between said user's computer and said license server upon the occurrence of a remote call in said executable file when said executable file is executing on said user's computer; and
a third software object which executes on said license server,
determines whether said user's computer is authorized,
receives said intermediate execution data,
executes said replaced portions if said user's computer is authorized, and
communicates the results of the execution of said replaced portions to said user's computer.
4. A system which protects an executable file from unauthorized use comprising
a license server,
a user's computer, and
a vendor's computer,
a first software object which executes on said license server,
creates a digital key, and
communicates said digital key to said vendor's computer;
a second software object which
executes on said vendor's computer,
replaces selected portions of said executable file with remote calls to said license server,
communicates said digital key to said user's computer,
communicates said replaced portions of said executable file to said license server, and
communicates said executable file to said user's computer;
a third software object which
executes on said user's computer,
communicates said digital key to said license server, and
communicates intermediate execution data to said license server upon the occurrence of each of said remote calls; and
a fourth software object which
executes on said license server,
authenticates said digital key received from said user's computer,
receives said intermediate execution data,
executes said replaced portions if said digital key is authorized, and
communicates the results of the execution of said replaced portions to said user's computer.
5. The system of wherein said digital key comprises said license server's public key, said removed portions of said executable file are encrypted, using a private key public key system, by software running on said vendor's computer before said remaining portion of said executable file is communicated to said user's computer, and said license server authenticates said digital key received from said user's computer by decrypting said removed portions of said executable file.
claim 4
6. A system which protects an executable file from unauthorized use comprising
a license server;
a user's computer;
a vendor's computer;
a first software object which executes on said license server,
creates a public key using a public key private key algorithm, and
communicates said public key to said vendor's computer;
a second software object which executes on said vendor's computer,
replaces selected portions of said executable file with remote calls to said license server,
creates a digital key,
encrypts said replaced portions and said digital key with said public key,
communicates said encrypted replaced portions and said encrypted digital key to said user's computer, and
communicates said executable file to said user's computer;
a third software object which executes on said user's computer,
controls execution of said executable file,
communicates said encrypted replaced portions and said encrypted digital key to said license server,
communicates intermediate execution data to said license server upon the occurrence of each of said remote calls; and
a fourth software object which executes on said license server,
decrypts said encrypted replaced portions and said encrypted digital key received from said user's computer with said private key,
receives said intermediate execution data,
executes said replaced portions, and
communicates the results of the execution of said replaced portions to said user's computer.
7. A method of preventing unauthorized use of an executable file comprising the steps of:
replacing portions of said executable file with remote calls to a license server,
installing said executable file in a plurality of computers,
installing said replaced portions in said license server,
executing said executable file in one or more of said plurality of computers,
having said license server determine whether each of said plurality of computers in which said executable file is executing is authorized, and
permitting execution of said replaced portions only if said license server determines that the particular one of said plurality of computers in which said executable file is executing is authorized.
8. A method of preventing unauthorized use of an executable file comprising the steps of:
replacing portions of said executable file with remote calls to a license server,
installing said executable file in a plurality of computers,
providing a digital key to each of said plurality of computers,
installing said replaced portions in said license server,
communicating said digital key from one of said plurality of computers to said license server,
executing said executable file in one or more of said plurality of computers,
determining whether said digital key is authorized, and
executing said replaced portions in said license server only if said digital key communicated from said one or more of said plurality of computers is authorized.
9. The method of wherein said digital key is valid for a subset of said plurality of computers and said license server executes said replaced portions if and only if said one or more of said plurality of computers is determined to be within said subset.
claim 8
10. The method of wherein said digital key is restricted for use on a limited set of network addresses.
claim 8
11. The method of wherein said digital key is authorized for a set time period.
claim 8
12. A method of preventing unauthorized use of an executable file comprising the steps of:
replacing portions of said executable file with remote calls to a license server,
creating a digital key in a software vendor's computer,
encrypting said digital key with the public key of a license server's public key private key encryption system,
installing said executable file in a plurality of computers,
providing said encrypted digital key to each of said plurality of computers,
installing said replaced portions in said license server,
communicating said encrypted digital key from one of said plurality of computers to said license server,
executing said executable file in one or more of said plurality of computers,
determining whether said digital key is authorized and decryptable by said license server, and
executing said replaced portions in said license server only if said encrypted digital key communicated from said one or more of said plurality of computers is decryptable by said license server and authorized.
13. A system which protects an executable file from unlicensed use comprising
a license server,
a user's computer, and
a vendor's computer;
wherein
selected portions of said executable file are removed by software in said vendor's computer,
said license server has a public key private key algorithm encryption software installed,
said removed portions of said executable file are encrypted by software running on said vendor's computer using said license server's public key,
software in said vendor's computer replaces said removed portions of said executable file with remote calls to said license server,
said encrypted removed potions of said executable file are communicated to said user's computer,
the remaining portion of said executable file is communicated to said user's computer,
said user's computer communicates said encrypted removed portions of said executable file to said license server; and
said encrypted removed portions of said executable file are decrypted by software running on said license server utilizing said license server's private key;
whereby when said remaining portion of said executable file is run on said user's computer, said removed portions are executed on said license server.
14. The system of wherein
claim 13
a digital key is created by software in said vendor's computer,
said digital key is encrypted with the public key of said license server's public key private key encryption system,
said encrypted digital key is communicated from said vendor's computer to said user's computer,
said encrypted digital key is communicated from said user's computer to said license server,
said encrypted digital key is decrypted by software running on said license server; and
said encrypted digital key is authenticated by software running on said license server;
whereby said removed portions of said executable file are permitted to run on said license server if and only if said digital key is authenticated.
15. A method of selecting executable instructions to be removed from an executable file and replaced by remote calls to a license server comprising
executing said executable file,
observing said execution to determine
whether each current instruction sequence is a call,
whether the destination address of said call resides in a previously rejected sequence,
the number of times said instruction sequence executes
the percentage of processing time said instruction sequence consumes
how much memory space is moved by the execution of said instruction sequence
whether said instruction sequence resides in publicly available code, and
selecting said instruction sequence if the observed conditions meet user defined predetermined criteria.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/212,373 US6343280B2 (en) | 1998-12-15 | 1998-12-15 | Distributed execution software license server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/212,373 US6343280B2 (en) | 1998-12-15 | 1998-12-15 | Distributed execution software license server |
Publications (2)
Publication Number | Publication Date |
---|---|
US20010011254A1 true US20010011254A1 (en) | 2001-08-02 |
US6343280B2 US6343280B2 (en) | 2002-01-29 |
Family
ID=22790737
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/212,373 Expired - Fee Related US6343280B2 (en) | 1998-12-15 | 1998-12-15 | Distributed execution software license server |
Country Status (1)
Country | Link |
---|---|
US (1) | US6343280B2 (en) |
Cited By (100)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010037403A1 (en) * | 2000-04-28 | 2001-11-01 | Masao Mougi | Program license key issuing method and issuing system |
US20020087870A1 (en) * | 1999-12-29 | 2002-07-04 | Ralf Rick | Device and method of preventing pirated copies of computer programs |
US20020124168A1 (en) * | 2000-07-17 | 2002-09-05 | Mccown Steven H. | Method and system for upgrading a user environment |
US20020174354A1 (en) * | 2001-03-12 | 2002-11-21 | Bel Hendrik Jan | Receiving device for securely storing a content item, and playback device |
US20030014635A1 (en) * | 2001-03-20 | 2003-01-16 | Laforge Laurence E. | Method and mechanism for authenticating licenses of software and other digital products |
US20030110417A1 (en) * | 2001-12-10 | 2003-06-12 | Adrian Jascau | Method of executng a program on a computer, and computer program product |
US20030120938A1 (en) * | 2001-11-27 | 2003-06-26 | Miki Mullor | Method of securing software against reverse engineering |
EP1355217A2 (en) * | 2002-04-19 | 2003-10-22 | Helmut A. Lotze | Method for copyprotection |
US20040073670A1 (en) * | 1999-02-22 | 2004-04-15 | Chack Michael A. | Method of queuing requests to access a communications network |
US6766305B1 (en) * | 1999-03-12 | 2004-07-20 | Curl Corporation | Licensing system and method for freely distributed information |
US20040255292A1 (en) * | 2003-06-16 | 2004-12-16 | Microsoft Corporation | Delivering multiple installation images and computer-readable installation keys on installation media |
US20050071657A1 (en) * | 2003-09-30 | 2005-03-31 | Pss Systems, Inc. | Method and system for securing digital assets using time-based security criteria |
US20050076334A1 (en) * | 2003-10-03 | 2005-04-07 | Michael Demeyer | System and method for licensing software |
US20050091216A1 (en) * | 2003-10-23 | 2005-04-28 | Curl Corporation | URL system and method for licensing content |
EP1591905A1 (en) * | 2003-02-05 | 2005-11-02 | Sony Corporation | Information processing device, license information recording medium, information processing method, and computer program |
US20050262481A1 (en) * | 2003-09-30 | 2005-11-24 | Coulson Julia C | Customizable toolbar creation and control |
US20060021068A1 (en) * | 2000-09-12 | 2006-01-26 | Bin Xu | System for permitting off-line playback of digital content, and for managing content rights |
US7028298B1 (en) * | 1999-09-10 | 2006-04-11 | Sun Microsystems, Inc. | Apparatus and methods for managing resource usage |
US20060174346A1 (en) * | 2005-01-31 | 2006-08-03 | Lieberman Software Corporation | Instrumentation for alarming a software product |
US20060184531A1 (en) * | 2004-10-27 | 2006-08-17 | Lars Russlies | Navigation system for accessing navigation data stored in an access-protected manner |
US20060255980A1 (en) * | 2005-05-13 | 2006-11-16 | Manisha Agarwala | Behavior of Trace in Non-Emulatable Code |
US20070041584A1 (en) * | 2005-08-16 | 2007-02-22 | O'connor Clint H | Method for providing activation key protection |
US20070130179A1 (en) * | 2000-12-22 | 2007-06-07 | Star Bridge Systems, Inc. | Resolving variant data set type into explicit data set type |
US20070174202A1 (en) * | 2003-07-03 | 2007-07-26 | Walter Dorsch | System and method for enabling software programs which need to be enabled |
US20080010371A1 (en) * | 2002-02-01 | 2008-01-10 | Masaya Yamamoto | License information exchange system |
US20080016570A1 (en) * | 2006-05-22 | 2008-01-17 | Alen Capalik | System and method for analyzing unauthorized intrusion into a computer network |
US20080235473A1 (en) * | 2007-03-12 | 2008-09-25 | Secunet Security Networks Aktiengesellschaft | Protection unit for a programmable data-processing system |
US20090055656A1 (en) * | 2006-01-30 | 2009-02-26 | Mstar Semiconductor Pte. Ltd. | Method of Maintaining Software Integrity |
US7509417B1 (en) * | 2002-02-28 | 2009-03-24 | Palm, Inc. | Method for intelligently selecting a wireless communication access point |
US7571467B1 (en) * | 2002-02-26 | 2009-08-04 | Microsoft Corporation | System and method to package security credentials for later use |
US20090235090A1 (en) * | 2008-03-13 | 2009-09-17 | Chih-Chung Chang | Method for Decrypting an Encrypted Instruction and System thereof |
US20100031373A1 (en) * | 2008-07-29 | 2010-02-04 | Memory Experts International Inc. | Method and system for secure flexible software licensing |
US7681034B1 (en) | 2001-12-12 | 2010-03-16 | Chang-Ping Lee | Method and apparatus for securing electronic data |
US7703140B2 (en) | 2003-09-30 | 2010-04-20 | Guardian Data Storage, Llc | Method and system for securing digital assets using process-driven security policies |
US7707427B1 (en) | 2004-07-19 | 2010-04-27 | Michael Frederick Kenrich | Multi-level file digests |
US7730543B1 (en) | 2003-06-30 | 2010-06-01 | Satyajit Nath | Method and system for enabling users of a group shared across multiple file security systems to access secured files |
US7729995B1 (en) | 2001-12-12 | 2010-06-01 | Rossmann Alain | Managing secured files in designated locations |
US7748045B2 (en) | 2004-03-30 | 2010-06-29 | Michael Frederick Kenrich | Method and system for providing cryptographic document retention with off-line access |
US7752600B2 (en) | 2004-09-30 | 2010-07-06 | Citrix Systems, Inc. | Method and apparatus for providing file-type associations to multiple applications |
USRE41546E1 (en) | 2001-12-12 | 2010-08-17 | Klimenty Vainstein | Method and system for managing security tiers |
US7836310B1 (en) | 2002-11-01 | 2010-11-16 | Yevgeniy Gutnik | Security system that uses indirect password-based encryption |
US20100318375A1 (en) * | 2007-09-07 | 2010-12-16 | Ryan Steelberg | System and Method for Localized Valuations of Media Assets |
US7865443B1 (en) * | 2000-09-05 | 2011-01-04 | Ixys Ch Gmbh | Method and system for electronic data sales and distribution over wide area networks |
US7890990B1 (en) | 2002-12-20 | 2011-02-15 | Klimenty Vainstein | Security system with staging capabilities |
US7921284B1 (en) | 2001-12-12 | 2011-04-05 | Gary Mark Kinghorn | Method and system for protecting electronic data in enterprise environment |
US7921288B1 (en) | 2001-12-12 | 2011-04-05 | Hildebrand Hal S | System and method for providing different levels of key security for controlling access to secured items |
US7921450B1 (en) * | 2001-12-12 | 2011-04-05 | Klimenty Vainstein | Security system using indirect key generation from access rules and methods therefor |
US7930756B1 (en) | 2001-12-12 | 2011-04-19 | Crocker Steven Toye | Multi-level cryptographic transformations for securing digital assets |
US7950066B1 (en) | 2001-12-21 | 2011-05-24 | Guardian Data Storage, Llc | Method and system for restricting use of a clipboard application |
US20110184871A1 (en) * | 2010-01-25 | 2011-07-28 | Richard Stahl | Automated Digital Express Gateway For Licensing And Acquiring Rights & Permissions For 3rd Party Copyrighted Content |
US8006280B1 (en) | 2001-12-12 | 2011-08-23 | Hildebrand Hal S | Security system for generating keys from access rules in a decentralized manner and methods therefor |
US8042120B2 (en) | 2004-09-30 | 2011-10-18 | Citrix Systems, Inc. | Method and apparatus for moving processes between isolation environments |
US8065713B1 (en) | 2001-12-12 | 2011-11-22 | Klimenty Vainstein | System and method for providing multi-location access management to secured items |
US20110321165A1 (en) * | 2010-06-24 | 2011-12-29 | Alen Capalik | System and Method for Sampling Forensic Data of Unauthorized Activities Using Executability States |
US8090797B2 (en) | 2009-05-02 | 2012-01-03 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US20120005379A1 (en) * | 2010-06-30 | 2012-01-05 | Emc Corporation | Data access during data recovery |
US8095940B2 (en) | 2005-09-19 | 2012-01-10 | Citrix Systems, Inc. | Method and system for locating and accessing resources |
US8117559B2 (en) | 2004-09-30 | 2012-02-14 | Citrix Systems, Inc. | Method and apparatus for virtualizing window information |
US8127366B2 (en) | 2003-09-30 | 2012-02-28 | Guardian Data Storage, Llc | Method and apparatus for transitioning between states of security policies used to secure electronic documents |
US8131825B2 (en) | 2005-10-07 | 2012-03-06 | Citrix Systems, Inc. | Method and a system for responding locally to requests for file metadata associated with files stored remotely |
US20120096504A1 (en) * | 2010-10-15 | 2012-04-19 | Samsung Electronics Co., Ltd. | Validation & fast channel change for broadcast system |
US8171479B2 (en) | 2004-09-30 | 2012-05-01 | Citrix Systems, Inc. | Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers |
US8171483B2 (en) | 2007-10-20 | 2012-05-01 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US8176334B2 (en) | 2002-09-30 | 2012-05-08 | Guardian Data Storage, Llc | Document security system that permits external users to gain access to secured files |
US8229858B1 (en) * | 2004-09-30 | 2012-07-24 | Avaya Inc. | Generation of enterprise-wide licenses in a customer environment |
US8266674B2 (en) | 2001-12-12 | 2012-09-11 | Guardian Data Storage, Llc | Method and system for implementing changes to security policies in a distributed security system |
US8307067B2 (en) | 2002-09-11 | 2012-11-06 | Guardian Data Storage, Llc | Protecting encrypted files transmitted over a network |
USRE43906E1 (en) | 2001-12-12 | 2013-01-01 | Guardian Data Storage Llc | Method and apparatus for securing digital assets |
US20130086643A1 (en) * | 2011-10-04 | 2013-04-04 | Kevin Dale Morgan | Tamper proof mutating software |
US20130144755A1 (en) * | 2011-12-01 | 2013-06-06 | Microsoft Corporation | Application licensing authentication |
US20130198038A1 (en) * | 2012-01-26 | 2013-08-01 | Microsoft Corporation | Document template licensing |
US8543827B2 (en) | 2001-12-12 | 2013-09-24 | Intellectual Ventures I Llc | Methods and systems for providing access control to secured data |
US8613102B2 (en) | 2004-03-30 | 2013-12-17 | Intellectual Ventures I Llc | Method and system for providing document retention using cryptography |
US8707034B1 (en) | 2003-05-30 | 2014-04-22 | Intellectual Ventures I Llc | Method and system for using remote headers to secure electronic files |
US8832855B1 (en) * | 2010-09-07 | 2014-09-09 | Symantec Corporation | System for the distribution and deployment of applications with provisions for security and policy conformance |
US20140258155A1 (en) * | 2013-03-11 | 2014-09-11 | Amazon Technologies, Inc. | Application marketplace for virtual desktops |
US8955152B1 (en) | 2010-09-07 | 2015-02-10 | Symantec Corporation | Systems and methods to manage an application |
US20150052368A1 (en) * | 1998-01-02 | 2015-02-19 | Cryptography Research, Inc. | Differential power analysis - resistant cryptographic processing |
US8966010B1 (en) * | 2000-06-09 | 2015-02-24 | Jordaan Consulting Ltd. I, Llc | Scalable transaction system for a network environment |
US9043863B1 (en) | 2010-09-07 | 2015-05-26 | Symantec Corporation | Policy enforcing browser |
US9047161B1 (en) * | 2013-01-16 | 2015-06-02 | Sprint Communications Company L.P. | Discovery, consolidation, and archival of multiple operating system software licenses |
US9106697B2 (en) | 2010-06-24 | 2015-08-11 | NeurallQ, Inc. | System and method for identifying unauthorized activities on a computer system using a data structure model |
US20150281190A1 (en) * | 2014-03-27 | 2015-10-01 | Arris Enterprises, Inc. | System and method for device authorization and remediation |
US9176974B1 (en) | 2013-01-18 | 2015-11-03 | Sprint Communications Company L.P. | Low priority, multi-pass, server file discovery and management |
US20170109526A1 (en) * | 2015-10-20 | 2017-04-20 | Intel Corporation | Systems and methods for providing anti-malware protection and malware forensics on storage devices |
US20170249477A1 (en) * | 2016-02-25 | 2017-08-31 | Red Hat, Inc. | Securing Delegated Remote Management with Digital Signature |
US20170300683A1 (en) * | 2016-04-13 | 2017-10-19 | Vmware, Inc. | Authentication source selection |
US10033700B2 (en) | 2001-12-12 | 2018-07-24 | Intellectual Ventures I Llc | Dynamic evaluation of access rights |
US10104099B2 (en) | 2015-01-07 | 2018-10-16 | CounterTack, Inc. | System and method for monitoring a computer system using machine interpretable code |
US10142406B2 (en) | 2013-03-11 | 2018-11-27 | Amazon Technologies, Inc. | Automated data center selection |
US10360545B2 (en) | 2001-12-12 | 2019-07-23 | Guardian Data Storage, Llc | Method and apparatus for accessing secured electronic data off-line |
US10430295B2 (en) | 2010-06-30 | 2019-10-01 | EMC IP Holding Company LLC | Prioritized backup segmenting |
US10528428B2 (en) | 2010-06-30 | 2020-01-07 | EMC IP Holding Company LLC | Dynamic prioritized recovery |
US10616129B2 (en) | 2013-03-11 | 2020-04-07 | Amazon Technologies, Inc. | Automated desktop placement |
US10623243B2 (en) | 2013-06-26 | 2020-04-14 | Amazon Technologies, Inc. | Management of computing sessions |
US10686646B1 (en) | 2013-06-26 | 2020-06-16 | Amazon Technologies, Inc. | Management of computing sessions |
US10977361B2 (en) | 2017-05-16 | 2021-04-13 | Beyondtrust Software, Inc. | Systems and methods for controlling privileged operations |
CN112740123A (en) * | 2018-08-21 | 2021-04-30 | 皮尔茨公司 | Automation system for monitoring safety-critical processes |
US20220318345A1 (en) * | 2019-05-21 | 2022-10-06 | Agilent Technologies, Inc. | Software licensing management and authentication |
US11528149B2 (en) | 2019-04-26 | 2022-12-13 | Beyondtrust Software, Inc. | Root-level application selective configuration |
Families Citing this family (180)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6266654B1 (en) * | 1992-12-15 | 2001-07-24 | Softlock.Com, Inc. | Method for tracking software lineage |
US7089212B2 (en) * | 1992-12-15 | 2006-08-08 | Sl Patent Holdings Llc | System and method for controlling access to protected information |
US7831516B2 (en) * | 1992-12-15 | 2010-11-09 | Sl Patent Holdings Llc | System and method for redistributing and licensing access to protected information among a plurality of devices |
US20050021477A1 (en) * | 1997-01-29 | 2005-01-27 | Ganapathy Krishnan | Method and system for securely incorporating electronic information into an online purchasing application |
US6567793B1 (en) | 1997-12-22 | 2003-05-20 | Christian Bielefeldt Hicks | Remote authorization for unlocking electronic data system and method |
US7171662B1 (en) * | 1998-03-18 | 2007-01-30 | Microsoft Corporation | System and method for software licensing |
US6389009B1 (en) | 2000-12-28 | 2002-05-14 | Vertical Networks, Inc. | Systems and methods for multiple mode voice and data communications using intelligently bridged TDM and packet buses |
US6181694B1 (en) | 1998-04-03 | 2001-01-30 | Vertical Networks, Inc. | Systems and methods for multiple mode voice and data communciations using intelligently bridged TDM and packet buses |
US7058607B1 (en) * | 1998-10-21 | 2006-06-06 | Fuji Xerox Co., Ltd. | Contents distribution method and system |
JP3994599B2 (en) * | 1998-10-21 | 2007-10-24 | 富士ゼロックス株式会社 | Recording device and recording method, fee calculation device, fee calculation method, and fee billing system |
GB2346989A (en) * | 1999-02-19 | 2000-08-23 | Ibm | Software licence management system uses clustered licence servers |
US7319759B1 (en) * | 1999-03-27 | 2008-01-15 | Microsoft Corporation | Producing a new black box for a digital rights management (DRM) system |
US7383205B1 (en) * | 1999-03-27 | 2008-06-03 | Microsoft Corporation | Structure of a digital content package |
US7103574B1 (en) * | 1999-03-27 | 2006-09-05 | Microsoft Corporation | Enforcement architecture and method for digital rights management |
US6829708B1 (en) * | 1999-03-27 | 2004-12-07 | Microsoft Corporation | Specifying security for an element by assigning a scaled value representative of the relative security thereof |
US6973444B1 (en) * | 1999-03-27 | 2005-12-06 | Microsoft Corporation | Method for interdependently validating a digital content package and a corresponding digital license |
US20020019814A1 (en) * | 2001-03-01 | 2002-02-14 | Krishnamurthy Ganesan | Specifying rights in a digital rights license according to events |
US7024393B1 (en) * | 1999-03-27 | 2006-04-04 | Microsoft Corporation | Structural of digital rights management (DRM) system |
US7073063B2 (en) * | 1999-03-27 | 2006-07-04 | Microsoft Corporation | Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like |
US6487718B1 (en) * | 1999-03-31 | 2002-11-26 | International Business Machines Corporation | Method and apparatus for installing applications in a distributed data processing system |
US6820203B1 (en) * | 1999-04-07 | 2004-11-16 | Sony Corporation | Security unit for use in memory card |
US7360252B1 (en) | 1999-04-30 | 2008-04-15 | Macrovision Corporation | Method and apparatus for secure distribution of software |
US20050246549A1 (en) * | 1999-06-09 | 2005-11-03 | Andres Torrubia-Saez | Methods and apparatus for secure distribution of software |
US6442559B1 (en) * | 1999-06-22 | 2002-08-27 | Microsoft Corporation | Dynamic SKU management |
EP1076279A1 (en) * | 1999-08-13 | 2001-02-14 | Hewlett-Packard Company | Computer platforms and their methods of operation |
US7343321B1 (en) | 1999-09-01 | 2008-03-11 | Keith Ryan Hill | Method of administering licensing of use of copyright works |
JP4352523B2 (en) * | 1999-09-10 | 2009-10-28 | ソニー株式会社 | Mobile device |
US6810411B1 (en) * | 1999-09-13 | 2004-10-26 | Intel Corporation | Method and system for selecting a host in a communications network |
GB9922665D0 (en) | 1999-09-25 | 1999-11-24 | Hewlett Packard Co | A method of enforcing trusted functionality in a full function platform |
JP2001175468A (en) * | 1999-12-20 | 2001-06-29 | Sony Corp | Method and device for controlling use of software |
US6832230B1 (en) | 1999-12-22 | 2004-12-14 | Nokia Corporation | Apparatus and associated method for downloading an application with a variable lifetime to a mobile terminal |
US7000144B2 (en) * | 1999-12-27 | 2006-02-14 | Canon Kabushiki Kaisha | Information management apparatus, information management system, and information management software |
US6603445B1 (en) * | 1999-12-30 | 2003-08-05 | Yeda Research And Development Co. Ltd. | Method and apparatus for factoring large numbers with optoelectronic devices |
AU2000269232A1 (en) * | 2000-01-14 | 2001-07-24 | Microsoft Corporation | Specifying security for an element by assigning a scaled value representative ofthe relative security thereof |
EP1134977A1 (en) * | 2000-03-06 | 2001-09-19 | Irdeto Access B.V. | Method and system for providing copies of scrambled content with unique watermarks, and system for descrambling scrambled content |
US20070271191A1 (en) * | 2000-03-09 | 2007-11-22 | Andres Torrubia-Saez | Method and apparatus for secure distribution of software |
US7249105B1 (en) * | 2000-03-14 | 2007-07-24 | Microsoft Corporation | BORE-resistant digital goods configuration and distribution methods and arrangements |
US6742177B1 (en) * | 2000-03-31 | 2004-05-25 | International Business Machines Corporation | Method and system for secure debugging of a secure software module |
US20020049716A1 (en) * | 2000-05-15 | 2002-04-25 | Hidenori Takata | Information management apparatus, information management system and storing medium storing information management software |
DE10023820B4 (en) * | 2000-05-15 | 2006-10-19 | Siemens Ag | Software protection mechanism |
CN1313897C (en) * | 2000-05-19 | 2007-05-02 | 网景通信公司 | Adaptive multi-tier authentication system |
US7174454B2 (en) * | 2002-11-19 | 2007-02-06 | America Online, Inc. | System and method for establishing historical usage-based hardware trust |
US20020104026A1 (en) * | 2001-01-29 | 2002-08-01 | Robert Barra | Method and apparatus for providing a service to transfer messages over a communications network |
US6816882B1 (en) * | 2000-05-31 | 2004-11-09 | International Business Machines Corporation | System and method for automatically negotiating license agreements and installing arbitrary user-specified applications on application service providers |
US7024696B1 (en) | 2000-06-14 | 2006-04-04 | Reuben Bahar | Method and system for prevention of piracy of a given software application via a communications network |
JP4973899B2 (en) | 2000-07-06 | 2012-07-11 | ソニー株式会社 | TRANSMISSION DEVICE, TRANSMISSION METHOD, RECEPTION DEVICE, RECEPTION METHOD, RECORDING MEDIUM, AND COMMUNICATION SYSTEM |
JP2002032135A (en) * | 2000-07-18 | 2002-01-31 | Mitsubishi Electric Corp | Software distribution system and its method |
JP2002073421A (en) * | 2000-08-31 | 2002-03-12 | Matsushita Electric Ind Co Ltd | Equipment for issuing license, equipment for reproducing contents, method for issuing license and method for reproducing contents |
US7237123B2 (en) * | 2000-09-22 | 2007-06-26 | Ecd Systems, Inc. | Systems and methods for preventing unauthorized use of digital content |
US20040193545A1 (en) * | 2000-10-30 | 2004-09-30 | Gady Shlasky | Method and system for digital licensing distribution |
US7006997B2 (en) * | 2000-12-05 | 2006-02-28 | Kenta Hori | Method and program for preventing unfair use of software |
US6785885B2 (en) * | 2000-12-28 | 2004-08-31 | Intel Corporation | Mechanism for automatically securing licensing for unlicenced codec |
US20020087483A1 (en) * | 2000-12-29 | 2002-07-04 | Shlomi Harif | System, method and program for creating and distributing processes in a heterogeneous network |
US7278164B2 (en) * | 2001-01-05 | 2007-10-02 | Revit Technology Corporation | Software usage/procurement management |
US20070219918A1 (en) * | 2001-01-19 | 2007-09-20 | Jonathan Schull | System and method for controlling access to protected information |
BR0208493A (en) * | 2001-03-28 | 2005-12-13 | Qualcomm Inc | Power control for point-to-multipoint services provided in communication systems |
US8077679B2 (en) * | 2001-03-28 | 2011-12-13 | Qualcomm Incorporated | Method and apparatus for providing protocol options in a wireless communication system |
US9100457B2 (en) * | 2001-03-28 | 2015-08-04 | Qualcomm Incorporated | Method and apparatus for transmission framing in a wireless communication system |
US7693508B2 (en) * | 2001-03-28 | 2010-04-06 | Qualcomm Incorporated | Method and apparatus for broadcast signaling in a wireless communication system |
US8121296B2 (en) | 2001-03-28 | 2012-02-21 | Qualcomm Incorporated | Method and apparatus for security in a data processing system |
US8909555B2 (en) * | 2001-04-24 | 2014-12-09 | Hewlett-Packard Development Company, L.P. | Information security system |
US7328453B2 (en) * | 2001-05-09 | 2008-02-05 | Ecd Systems, Inc. | Systems and methods for the prevention of unauthorized use and manipulation of digital content |
US7249029B2 (en) * | 2001-05-16 | 2007-07-24 | The Mechanical Copyright Protection Society Limited | Method of using a computerised administration system to administer licensing of use of copyright material |
US7103578B2 (en) * | 2001-05-25 | 2006-09-05 | Roche Diagnostics Operations, Inc. | Remote medical device access |
US7343297B2 (en) * | 2001-06-15 | 2008-03-11 | Microsoft Corporation | System and related methods for managing and enforcing software licenses |
US20020191032A1 (en) * | 2001-06-18 | 2002-12-19 | International Business Machines Corporation | Method and apparatus for viewing and managing information in a history |
US7103606B2 (en) * | 2001-06-18 | 2006-09-05 | International Business Machines Corporation | Method and apparatus for removing information from a server |
US20020191020A1 (en) * | 2001-06-18 | 2002-12-19 | International Business Machines Corporation | Method and apparatus for removing confindential information from a history |
US20040120527A1 (en) * | 2001-08-20 | 2004-06-24 | Hawkes Philip Michael | Method and apparatus for security in a data processing system |
US7185362B2 (en) * | 2001-08-20 | 2007-02-27 | Qualcomm, Incorporated | Method and apparatus for security in a data processing system |
WO2003021427A2 (en) * | 2001-08-29 | 2003-03-13 | Globespanvirata Incorporated | Secure access to software functionalities |
US7697523B2 (en) * | 2001-10-03 | 2010-04-13 | Qualcomm Incorporated | Method and apparatus for data packet transport in a wireless communication system using an internet protocol |
US7352868B2 (en) * | 2001-10-09 | 2008-04-01 | Philip Hawkes | Method and apparatus for security in a data processing system |
US7649829B2 (en) | 2001-10-12 | 2010-01-19 | Qualcomm Incorporated | Method and system for reduction of decoding complexity in a communication system |
US20030135741A1 (en) * | 2001-12-04 | 2003-07-17 | Applied Logical Systems, Llc | Almost independent logically integrated license enforcement framework |
SE524778C2 (en) * | 2002-02-19 | 2004-10-05 | Douglas Lundholm | Procedure and arrangements for protecting software for unauthorized use or copying |
US7415440B1 (en) * | 2002-02-22 | 2008-08-19 | Entriq, Inc. | Method and system to provide secure key selection using a secure device in a watercrypting environment |
SE524931C2 (en) * | 2002-02-26 | 2004-10-26 | Sightline Vision Ab | Procedure for starting a computer program |
US6996544B2 (en) * | 2002-02-27 | 2006-02-07 | Imagineer Software, Inc. | Multiple party content distribution system and method with rights management features |
US7421412B2 (en) * | 2002-03-18 | 2008-09-02 | Kumaresan Ramanathan | Computerized method and system for monitoring use of a licensed digital good |
US7080043B2 (en) * | 2002-03-26 | 2006-07-18 | Microsoft Corporation | Content revocation and license modification in a digital rights management (DRM) system on a computing device |
EP1353259B1 (en) * | 2002-04-08 | 2006-06-14 | Aladdin Knowledge Systems (Deutschland) GmbH | Method of upgrading and licensing computer programs and computer system therefor |
US20030212639A1 (en) * | 2002-05-06 | 2003-11-13 | Cronce Paul A. | Method and system for providing secure authoring services for protected software |
WO2003096136A2 (en) * | 2002-05-10 | 2003-11-20 | Protexis Inc. | System and method for multi-tiered license management and distribution using networked clearinghouses |
US7885896B2 (en) * | 2002-07-09 | 2011-02-08 | Avaya Inc. | Method for authorizing a substitute software license server |
US8041642B2 (en) * | 2002-07-10 | 2011-10-18 | Avaya Inc. | Predictive software license balancing |
US20040015440A1 (en) * | 2002-07-19 | 2004-01-22 | Lai Yu Cheng | Network resource management system |
GB2392262A (en) * | 2002-08-23 | 2004-02-25 | Hewlett Packard Co | A method of controlling the processing of data |
US7681245B2 (en) * | 2002-08-30 | 2010-03-16 | Avaya Inc. | Remote feature activator feature extraction |
US7966520B2 (en) * | 2002-08-30 | 2011-06-21 | Avaya Inc. | Software licensing for spare processors |
US20040078339A1 (en) * | 2002-10-22 | 2004-04-22 | Goringe Christopher M. | Priority based licensing |
AR042599A1 (en) * | 2002-11-19 | 2005-06-29 | Schiavoni Juan Jose | METHOD OF PROTECTION OF PROGRAMS AND EQUIPMENT TO PERFORM IT |
US7908352B2 (en) * | 2002-12-19 | 2011-03-15 | Converged Data Solutions, Inc. | Methods for managing a plurality of localized devices in geographically diverse locations |
US7739365B2 (en) * | 2002-12-19 | 2010-06-15 | Converged Data Solutions, Inc. | Methods for providing a report database for a plurality of localized devices using an abstraction layer and atomic error handling |
US7890997B2 (en) * | 2002-12-26 | 2011-02-15 | Avaya Inc. | Remote feature activation authentication file system |
US7200760B2 (en) * | 2002-12-31 | 2007-04-03 | Protexis, Inc. | System for persistently encrypting critical software data to control the operation of an executable software program |
US7599655B2 (en) * | 2003-01-02 | 2009-10-06 | Qualcomm Incorporated | Method and apparatus for broadcast services in a communication system |
US7644442B2 (en) * | 2003-01-31 | 2010-01-05 | Microsoft Corporation | Systems and methods for using machine attributes to deter software piracy in an enterprise environment |
US8181265B2 (en) * | 2003-01-31 | 2012-05-15 | Microsoft Corporation | Secure machine counting |
US7370212B2 (en) * | 2003-02-25 | 2008-05-06 | Microsoft Corporation | Issuing a publisher use license off-line in a digital rights management (DRM) system |
US7260557B2 (en) * | 2003-02-27 | 2007-08-21 | Avaya Technology Corp. | Method and apparatus for license distribution |
US7069553B2 (en) * | 2003-03-03 | 2006-06-27 | Computer Associates Think, Inc. | Universal deployment tool |
US7890758B2 (en) * | 2003-03-27 | 2011-02-15 | International Business Machines Corporation | Apparatus and method for generating keys in a network computing environment |
US20040249760A1 (en) * | 2003-06-03 | 2004-12-09 | Bea Systems, Inc. | Self-service customer license management application using encrypted universal resource locators |
US20040249653A1 (en) * | 2003-06-03 | 2004-12-09 | Bea Systems, Inc. | Self-service customer license management application allowing users to input missing licenses |
US20040249756A1 (en) * | 2003-06-03 | 2004-12-09 | Bea Systems, Inc. | Self-service customer license management application allowing software version upgrade and downgrade |
US20040249762A1 (en) * | 2003-06-03 | 2004-12-09 | Bea Systems, Inc. | Self-service customer license management application using configuration input pages |
US20040249761A1 (en) * | 2003-06-03 | 2004-12-09 | Bea Systems, Inc. | Self-service customer license management application providing transaction history |
US20050010532A1 (en) * | 2003-07-09 | 2005-01-13 | Bea Systems, Inc. | Self-service customer license management application using software license bank |
US8098818B2 (en) * | 2003-07-07 | 2012-01-17 | Qualcomm Incorporated | Secure registration for a multicast-broadcast-multimedia system (MBMS) |
US8718279B2 (en) * | 2003-07-08 | 2014-05-06 | Qualcomm Incorporated | Apparatus and method for a secure broadcast system |
US7712140B2 (en) * | 2003-08-04 | 2010-05-04 | Lsi Corporation | 3-prong security/reliability/real-time distributed architecture of information handling system |
US7308100B2 (en) * | 2003-08-18 | 2007-12-11 | Qualcomm Incorporated | Method and apparatus for time-based charging for broadcast-multicast services (BCMCS) in a wireless communication system |
US8724803B2 (en) * | 2003-09-02 | 2014-05-13 | Qualcomm Incorporated | Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system |
US8103592B2 (en) * | 2003-10-08 | 2012-01-24 | Microsoft Corporation | First computer process and second computer process proxy-executing code on behalf of first process |
US7788496B2 (en) * | 2003-10-08 | 2010-08-31 | Microsoft Corporation | First computer process and second computer process proxy-executing code on behalf thereof |
US7979911B2 (en) * | 2003-10-08 | 2011-07-12 | Microsoft Corporation | First computer process and second computer process proxy-executing code from third computer process on behalf of first process |
US7239705B2 (en) * | 2003-12-10 | 2007-07-03 | Motorola Inc. | Apparatus and method for broadcast services transmission and reception |
CA2552381A1 (en) * | 2003-12-30 | 2005-07-21 | Trans World New York, Llc | Systems and methods for the selection and purchase of digital assets |
WO2005086802A2 (en) | 2004-03-08 | 2005-09-22 | Proxense, Llc | Linked account system using personal digital key (pdk-las) |
US20060004667A1 (en) * | 2004-06-30 | 2006-01-05 | Microsoft Corporation | Systems and methods for collecting operating system license revenue using an emulated computing environment |
US7747851B1 (en) | 2004-09-30 | 2010-06-29 | Avaya Inc. | Certificate distribution via license files |
US8347078B2 (en) * | 2004-10-18 | 2013-01-01 | Microsoft Corporation | Device certificate individualization |
US8336085B2 (en) | 2004-11-15 | 2012-12-18 | Microsoft Corporation | Tuning product policy using observed evidence of customer behavior |
AU2005319019A1 (en) | 2004-12-20 | 2006-06-29 | Proxense, Llc | Biometric personal data key (PDK) authentication |
US7890428B2 (en) * | 2005-02-04 | 2011-02-15 | Microsoft Corporation | Flexible licensing architecture for licensing digital application |
US7458066B2 (en) * | 2005-02-28 | 2008-11-25 | Hewlett-Packard Development Company, L.P. | Computer system and method for transferring executables between partitions |
US7549051B2 (en) * | 2005-03-10 | 2009-06-16 | Microsoft Corporation | Long-life digital certification for publishing long-life digital content or the like in content rights management system or the like |
US8539587B2 (en) | 2005-03-22 | 2013-09-17 | Hewlett-Packard Development Company, L.P. | Methods, devices and data structures for trusted data |
US8438645B2 (en) | 2005-04-27 | 2013-05-07 | Microsoft Corporation | Secure clock with grace periods |
US7856404B2 (en) * | 2005-04-14 | 2010-12-21 | Microsoft Corporation | Playlist burning in rights-management context |
US8738536B2 (en) * | 2005-04-14 | 2014-05-27 | Microsoft Corporation | Licensing content for use on portable device |
US8725646B2 (en) * | 2005-04-15 | 2014-05-13 | Microsoft Corporation | Output protection levels |
US7693280B2 (en) | 2005-04-22 | 2010-04-06 | Microsoft Corporation | Rights management system for streamed multimedia content |
US9507919B2 (en) | 2005-04-22 | 2016-11-29 | Microsoft Technology Licensing, Llc | Rights management system for streamed multimedia content |
US9436804B2 (en) * | 2005-04-22 | 2016-09-06 | Microsoft Technology Licensing, Llc | Establishing a unique session key using a hardware functionality scan |
US9363481B2 (en) | 2005-04-22 | 2016-06-07 | Microsoft Technology Licensing, Llc | Protected media pipeline |
US8290874B2 (en) | 2005-04-22 | 2012-10-16 | Microsoft Corporation | Rights management system for streamed multimedia content |
US8091142B2 (en) * | 2005-04-26 | 2012-01-03 | Microsoft Corporation | Supplementary trust model for software licensing/commercial digital distribution policy |
US7832003B2 (en) * | 2005-04-28 | 2010-11-09 | Microsoft Corporation | Walled gardens |
US20060259981A1 (en) * | 2005-05-13 | 2006-11-16 | Yaron Ben-Shoshan | System and method of controlling and monitoring computer program usage |
US20060265758A1 (en) * | 2005-05-20 | 2006-11-23 | Microsoft Corporation | Extensible media rights |
US7684566B2 (en) * | 2005-05-27 | 2010-03-23 | Microsoft Corporation | Encryption scheme for streamed multimedia content protected by rights management system |
US8321690B2 (en) * | 2005-08-11 | 2012-11-27 | Microsoft Corporation | Protecting digital media of various content types |
JP5092288B2 (en) * | 2005-09-02 | 2012-12-05 | 三菱化学株式会社 | Adhesive resin composition and laminate |
JP2007150846A (en) * | 2005-11-29 | 2007-06-14 | Toshiba Corp | Contents reproducing system |
US7664215B2 (en) * | 2005-12-21 | 2010-02-16 | Intel Corporation | Signal alignment based on data signal |
US9113464B2 (en) | 2006-01-06 | 2015-08-18 | Proxense, Llc | Dynamic cell size variation via wireless link parameter adjustment |
US11206664B2 (en) | 2006-01-06 | 2021-12-21 | Proxense, Llc | Wireless network synchronization of cells and client devices on a network |
JP4920277B2 (en) * | 2006-03-24 | 2012-04-18 | 株式会社東芝 | Information processing device |
US20070244824A1 (en) * | 2006-04-13 | 2007-10-18 | Bowe Bell + Howell Company | Web-based method for accessing licensed products and features |
US7904718B2 (en) | 2006-05-05 | 2011-03-08 | Proxense, Llc | Personal digital key differentiation for secure transactions |
US9137043B2 (en) * | 2006-06-27 | 2015-09-15 | International Business Machines Corporation | System, method and program for determining a network path by which to send a message |
CN100555939C (en) * | 2006-09-20 | 2009-10-28 | 北京飞天诚信科技有限公司 | A kind of based on network method for protecting software |
US8522042B2 (en) * | 2006-10-31 | 2013-08-27 | Hewlett-Packard Development Company, L.P. | Method and apparatus for enforcement of software licence protection |
US9269221B2 (en) | 2006-11-13 | 2016-02-23 | John J. Gobbi | Configuration of interfaces for a location detection system and application |
US20080134348A1 (en) * | 2006-12-05 | 2008-06-05 | Microsoft Corporation | Conditional policies in software licenses |
US9147049B2 (en) * | 2007-08-16 | 2015-09-29 | Honeywell International Inc. | Embedded building conroller with stored software license information |
US8659427B2 (en) | 2007-11-09 | 2014-02-25 | Proxense, Llc | Proximity-sensor supporting multiple application services |
EP2223256A1 (en) * | 2007-11-17 | 2010-09-01 | Uniloc Usa, Inc. | System and method for adjustable licensing of digital products |
US8171528B1 (en) | 2007-12-06 | 2012-05-01 | Proxense, Llc | Hybrid device having a personal digital key and receiver-decoder circuit and methods of use |
US9251332B2 (en) | 2007-12-19 | 2016-02-02 | Proxense, Llc | Security system and method for controlling access to computing resources |
US8655785B2 (en) * | 2008-02-10 | 2014-02-18 | Safenet Data Security (Israel) Ltd. | Computer data product license installation / update confirmation |
WO2009102979A2 (en) | 2008-02-14 | 2009-08-20 | Proxense, Llc | Proximity-based healthcare management system with automatic access to private information |
WO2009126732A2 (en) | 2008-04-08 | 2009-10-15 | Proxense, Llc | Automated service-based order processing |
US8549093B2 (en) | 2008-09-23 | 2013-10-01 | Strategic Technology Partners, LLC | Updating a user session in a mach-derived system environment |
US8359655B1 (en) * | 2008-10-03 | 2013-01-22 | Pham Andrew T | Software code analysis and classification system and method |
WO2010047356A1 (en) * | 2008-10-22 | 2010-04-29 | ソニー株式会社 | Key sharing system |
US8423473B2 (en) * | 2009-06-19 | 2013-04-16 | Uniloc Luxembourg S. A. | Systems and methods for game activation |
US9633183B2 (en) | 2009-06-19 | 2017-04-25 | Uniloc Luxembourg S.A. | Modular software protection |
US20100324983A1 (en) * | 2009-06-22 | 2010-12-23 | Etchegoyen Craig S | System and Method for Media Distribution |
US9418205B2 (en) | 2010-03-15 | 2016-08-16 | Proxense, Llc | Proximity-based system for automatic application or data access and item tracking |
US9322974B1 (en) | 2010-07-15 | 2016-04-26 | Proxense, Llc. | Proximity-based system for object tracking |
TWI420339B (en) | 2010-11-10 | 2013-12-21 | Ind Tech Res Inst | Software authorization system and method |
US20120191803A1 (en) * | 2011-01-25 | 2012-07-26 | Microsoft Corporation | Decommissioning factored code |
US8857716B1 (en) | 2011-02-21 | 2014-10-14 | Proxense, Llc | Implementation of a proximity-based system for object tracking and automatic application initialization |
CN102760219B (en) * | 2011-12-20 | 2015-12-16 | 北京安天电子设备有限公司 | A kind of Android platform software protection system, method and apparatus |
US9405898B2 (en) | 2013-05-10 | 2016-08-02 | Proxense, Llc | Secure element as a digital pocket |
US20180322305A1 (en) * | 2017-05-05 | 2018-11-08 | Mastercard International Incorporated | System and method for data theft prevention |
US11074322B1 (en) | 2017-07-17 | 2021-07-27 | Juniper Networks, Inc. | Adaptive capacity management for network licensing |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4465901A (en) | 1979-06-04 | 1984-08-14 | Best Robert M | Crypto microprocessor that executes enciphered programs |
US4888798A (en) | 1985-04-19 | 1989-12-19 | Oms, Inc. | Modular software security |
US4924378A (en) * | 1988-06-13 | 1990-05-08 | Prime Computer, Inc. | License mangagement system and license storage key |
JPH04504794A (en) * | 1989-04-28 | 1992-08-20 | ソフテル,インコーポレイテッド | Method and apparatus for remotely controlling and monitoring the use of computer software |
GB9003890D0 (en) | 1990-02-21 | 1990-04-18 | Rodime Plc | Method and apparatus for controlling access to and corruption of information in computer systems |
AU2247092A (en) * | 1991-05-08 | 1992-12-21 | Digital Equipment Corporation | License management system |
US5657388A (en) * | 1993-05-25 | 1997-08-12 | Security Dynamics Technologies, Inc. | Method and apparatus for utilizing a token for resource access |
CA2074121C (en) | 1991-07-19 | 2000-09-26 | Lawrence David Benson | System and method for selectively preventing a software program from being operable |
US5222133A (en) | 1991-10-17 | 1993-06-22 | Wayne W. Chou | Method of protecting computer software from unauthorized execution using multiple keys |
US5530752A (en) | 1994-02-22 | 1996-06-25 | Convex Computer Corporation | Systems and methods for protecting software from unlicensed copying and use |
JPH07295800A (en) | 1994-04-22 | 1995-11-10 | Advance Co Ltd | Software protecting system |
US5606609A (en) * | 1994-09-19 | 1997-02-25 | Scientific-Atlanta | Electronic document verification system and method |
US5652793A (en) | 1995-05-08 | 1997-07-29 | Nvidia Corporation | Method and apparatus for authenticating the use of software |
US5754646A (en) | 1995-07-19 | 1998-05-19 | Cable Television Laboratories, Inc. | Method for protecting publicly distributed software |
US5923882A (en) * | 1995-08-29 | 1999-07-13 | Silicon Graphics, Inc. | Cross-module optimization for dynamically-shared programs and libraries |
US5757914A (en) * | 1995-10-26 | 1998-05-26 | Sun Microsystems, Inc. | System and method for protecting use of dynamically linked executable modules |
US5790664A (en) * | 1996-02-26 | 1998-08-04 | Network Engineering Software, Inc. | Automated system for management of licensed software |
US6009543A (en) * | 1996-03-01 | 1999-12-28 | Massachusetts Institute Of Technology | Secure software system and related techniques |
US5758069A (en) * | 1996-03-15 | 1998-05-26 | Novell, Inc. | Electronic licensing system |
US5905860A (en) * | 1996-03-15 | 1999-05-18 | Novell, Inc. | Fault tolerant electronic licensing system |
US6018712A (en) * | 1997-12-19 | 2000-01-25 | Pactong; Alberto | Method and apparatus for remote program execution to use in computer software protection without the use of encryption |
-
1998
- 1998-12-15 US US09/212,373 patent/US6343280B2/en not_active Expired - Fee Related
Cited By (168)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150052368A1 (en) * | 1998-01-02 | 2015-02-19 | Cryptography Research, Inc. | Differential power analysis - resistant cryptographic processing |
US9419790B2 (en) * | 1998-01-02 | 2016-08-16 | Cryptography Research, Inc. | Differential power analysis—resistant cryptographic processing |
US7552166B2 (en) * | 1999-02-22 | 2009-06-23 | Chack Michael A | Method of queuing requests to access a communications network |
US20040073670A1 (en) * | 1999-02-22 | 2004-04-15 | Chack Michael A. | Method of queuing requests to access a communications network |
US6766305B1 (en) * | 1999-03-12 | 2004-07-20 | Curl Corporation | Licensing system and method for freely distributed information |
US7028298B1 (en) * | 1999-09-10 | 2006-04-11 | Sun Microsystems, Inc. | Apparatus and methods for managing resource usage |
US20020087870A1 (en) * | 1999-12-29 | 2002-07-04 | Ralf Rick | Device and method of preventing pirated copies of computer programs |
US7363507B2 (en) * | 1999-12-29 | 2008-04-22 | Robert Bosch Gmbh | Device and method of preventing pirated copies of computer programs |
US20010037403A1 (en) * | 2000-04-28 | 2001-11-01 | Masao Mougi | Program license key issuing method and issuing system |
US8966010B1 (en) * | 2000-06-09 | 2015-02-24 | Jordaan Consulting Ltd. I, Llc | Scalable transaction system for a network environment |
US20020124168A1 (en) * | 2000-07-17 | 2002-09-05 | Mccown Steven H. | Method and system for upgrading a user environment |
US7865443B1 (en) * | 2000-09-05 | 2011-01-04 | Ixys Ch Gmbh | Method and system for electronic data sales and distribution over wide area networks |
US20060021068A1 (en) * | 2000-09-12 | 2006-01-26 | Bin Xu | System for permitting off-line playback of digital content, and for managing content rights |
US20070130179A1 (en) * | 2000-12-22 | 2007-06-07 | Star Bridge Systems, Inc. | Resolving variant data set type into explicit data set type |
US20070150858A1 (en) * | 2000-12-22 | 2007-06-28 | Star Bridge Systems, Inc. | Behavioral synthesis methods for generating computer-executable code |
US20070150501A1 (en) * | 2000-12-22 | 2007-06-28 | Star Bridge Systems, Inc. | Conversion of data sets between data set types |
US20070150860A1 (en) * | 2000-12-22 | 2007-06-28 | Star Bridge Systems, Inc. | Changing the locus of a synthesis process associated with behavior objects |
US7525457B2 (en) | 2000-12-22 | 2009-04-28 | Star Bridge Systems, Inc. | Transforming design objects in a computer by converting data sets between data set types |
US20020174354A1 (en) * | 2001-03-12 | 2002-11-21 | Bel Hendrik Jan | Receiving device for securely storing a content item, and playback device |
US7124304B2 (en) * | 2001-03-12 | 2006-10-17 | Koninklijke Philips Electronics N.V. | Receiving device for securely storing a content item, and playback device |
US20030014635A1 (en) * | 2001-03-20 | 2003-01-16 | Laforge Laurence E. | Method and mechanism for authenticating licenses of software and other digital products |
US20030120938A1 (en) * | 2001-11-27 | 2003-06-26 | Miki Mullor | Method of securing software against reverse engineering |
US7757230B2 (en) * | 2001-12-10 | 2010-07-13 | Aladdin Europe Gmbh | Method of executing a program on a computer, and computer program product |
US20030110417A1 (en) * | 2001-12-10 | 2003-06-12 | Adrian Jascau | Method of executng a program on a computer, and computer program product |
US8918839B2 (en) | 2001-12-12 | 2014-12-23 | Intellectual Ventures I Llc | System and method for providing multi-location access management to secured items |
US8543827B2 (en) | 2001-12-12 | 2013-09-24 | Intellectual Ventures I Llc | Methods and systems for providing access control to secured data |
US7921450B1 (en) * | 2001-12-12 | 2011-04-05 | Klimenty Vainstein | Security system using indirect key generation from access rules and methods therefor |
US9542560B2 (en) | 2001-12-12 | 2017-01-10 | Intellectual Ventures I Llc | Methods and systems for providing access control to secured data |
US10033700B2 (en) | 2001-12-12 | 2018-07-24 | Intellectual Ventures I Llc | Dynamic evaluation of access rights |
US7921288B1 (en) | 2001-12-12 | 2011-04-05 | Hildebrand Hal S | System and method for providing different levels of key security for controlling access to secured items |
US7921284B1 (en) | 2001-12-12 | 2011-04-05 | Gary Mark Kinghorn | Method and system for protecting electronic data in enterprise environment |
US7930756B1 (en) | 2001-12-12 | 2011-04-19 | Crocker Steven Toye | Multi-level cryptographic transformations for securing digital assets |
US10229279B2 (en) | 2001-12-12 | 2019-03-12 | Intellectual Ventures I Llc | Methods and systems for providing access control to secured data |
US7913311B2 (en) | 2001-12-12 | 2011-03-22 | Rossmann Alain | Methods and systems for providing access control to electronic data |
US9129120B2 (en) | 2001-12-12 | 2015-09-08 | Intellectual Ventures I Llc | Methods and systems for providing access control to secured data |
US8266674B2 (en) | 2001-12-12 | 2012-09-11 | Guardian Data Storage, Llc | Method and system for implementing changes to security policies in a distributed security system |
US7681034B1 (en) | 2001-12-12 | 2010-03-16 | Chang-Ping Lee | Method and apparatus for securing electronic data |
USRE43906E1 (en) | 2001-12-12 | 2013-01-01 | Guardian Data Storage Llc | Method and apparatus for securing digital assets |
US8006280B1 (en) | 2001-12-12 | 2011-08-23 | Hildebrand Hal S | Security system for generating keys from access rules in a decentralized manner and methods therefor |
US10360545B2 (en) | 2001-12-12 | 2019-07-23 | Guardian Data Storage, Llc | Method and apparatus for accessing secured electronic data off-line |
USRE41546E1 (en) | 2001-12-12 | 2010-08-17 | Klimenty Vainstein | Method and system for managing security tiers |
US10769288B2 (en) | 2001-12-12 | 2020-09-08 | Intellectual Property Ventures I Llc | Methods and systems for providing access control to secured data |
US8065713B1 (en) | 2001-12-12 | 2011-11-22 | Klimenty Vainstein | System and method for providing multi-location access management to secured items |
US8341406B2 (en) | 2001-12-12 | 2012-12-25 | Guardian Data Storage, Llc | System and method for providing different levels of key security for controlling access to secured items |
US8341407B2 (en) | 2001-12-12 | 2012-12-25 | Guardian Data Storage, Llc | Method and system for protecting electronic data in enterprise environment |
US7729995B1 (en) | 2001-12-12 | 2010-06-01 | Rossmann Alain | Managing secured files in designated locations |
US7950066B1 (en) | 2001-12-21 | 2011-05-24 | Guardian Data Storage, Llc | Method and system for restricting use of a clipboard application |
US8639751B2 (en) | 2002-02-01 | 2014-01-28 | Panasonic Corporation | License information exchange system |
US8745751B2 (en) | 2002-02-01 | 2014-06-03 | Panasonic Corporation | License information exchange system |
US8073939B2 (en) * | 2002-02-01 | 2011-12-06 | Panasonic Corporation | License information exchange system |
US20080010371A1 (en) * | 2002-02-01 | 2008-01-10 | Masaya Yamamoto | License information exchange system |
US8943316B2 (en) | 2002-02-12 | 2015-01-27 | Intellectual Ventures I Llc | Document security system that permits external users to gain access to secured files |
US7571467B1 (en) * | 2002-02-26 | 2009-08-04 | Microsoft Corporation | System and method to package security credentials for later use |
US8005952B2 (en) | 2002-02-28 | 2011-08-23 | Hewlett-Packard Development Company, L.P. | Method for intelligently selecting wireless access point |
US20090161582A1 (en) * | 2002-02-28 | 2009-06-25 | Palm, Inc. | Method for intelligently selecting wireless access point |
US7509417B1 (en) * | 2002-02-28 | 2009-03-24 | Palm, Inc. | Method for intelligently selecting a wireless communication access point |
EP1355217A2 (en) * | 2002-04-19 | 2003-10-22 | Helmut A. Lotze | Method for copyprotection |
EP1355217A3 (en) * | 2002-04-19 | 2004-03-17 | Helmut A. Lotze | Method for copyprotection |
US9286484B2 (en) | 2002-04-22 | 2016-03-15 | Intellectual Ventures I Llc | Method and system for providing document retention using cryptography |
US8307067B2 (en) | 2002-09-11 | 2012-11-06 | Guardian Data Storage, Llc | Protecting encrypted files transmitted over a network |
USRE47443E1 (en) | 2002-09-30 | 2019-06-18 | Intellectual Ventures I Llc | Document security system that permits external users to gain access to secured files |
US8176334B2 (en) | 2002-09-30 | 2012-05-08 | Guardian Data Storage, Llc | Document security system that permits external users to gain access to secured files |
US7836310B1 (en) | 2002-11-01 | 2010-11-16 | Yevgeniy Gutnik | Security system that uses indirect password-based encryption |
US7890990B1 (en) | 2002-12-20 | 2011-02-15 | Klimenty Vainstein | Security system with staging capabilities |
US7565352B2 (en) | 2003-02-05 | 2009-07-21 | Sony Corporation | Information processing device, license information recording medium, information processing method, and computer program |
US20060041585A1 (en) * | 2003-02-05 | 2006-02-23 | Munetake Ebihara | Information processing device, license information recording medium, information processing method, and computer program |
EP1591905A1 (en) * | 2003-02-05 | 2005-11-02 | Sony Corporation | Information processing device, license information recording medium, information processing method, and computer program |
EP1591905A4 (en) * | 2003-02-05 | 2009-01-07 | Sony Corp | Information processing device, license information recording medium, information processing method, and computer program |
US8707034B1 (en) | 2003-05-30 | 2014-04-22 | Intellectual Ventures I Llc | Method and system for using remote headers to secure electronic files |
US20040255292A1 (en) * | 2003-06-16 | 2004-12-16 | Microsoft Corporation | Delivering multiple installation images and computer-readable installation keys on installation media |
US7730543B1 (en) | 2003-06-30 | 2010-06-01 | Satyajit Nath | Method and system for enabling users of a group shared across multiple file security systems to access secured files |
US20070174202A1 (en) * | 2003-07-03 | 2007-07-26 | Walter Dorsch | System and method for enabling software programs which need to be enabled |
US8739302B2 (en) | 2003-09-30 | 2014-05-27 | Intellectual Ventures I Llc | Method and apparatus for transitioning between states of security policies used to secure electronic documents |
US20050262481A1 (en) * | 2003-09-30 | 2005-11-24 | Coulson Julia C | Customizable toolbar creation and control |
US7703140B2 (en) | 2003-09-30 | 2010-04-20 | Guardian Data Storage, Llc | Method and system for securing digital assets using process-driven security policies |
US8327138B2 (en) | 2003-09-30 | 2012-12-04 | Guardian Data Storage Llc | Method and system for securing digital assets using process-driven security policies |
US20050071657A1 (en) * | 2003-09-30 | 2005-03-31 | Pss Systems, Inc. | Method and system for securing digital assets using time-based security criteria |
US8127366B2 (en) | 2003-09-30 | 2012-02-28 | Guardian Data Storage, Llc | Method and apparatus for transitioning between states of security policies used to secure electronic documents |
US9015696B2 (en) | 2003-10-03 | 2015-04-21 | Cyberlink Corp. | System and method for licensing software |
US8898657B2 (en) | 2003-10-03 | 2014-11-25 | Cyberlink Corp. | System and method for licensing software |
US20050076334A1 (en) * | 2003-10-03 | 2005-04-07 | Michael Demeyer | System and method for licensing software |
US7516147B2 (en) | 2003-10-23 | 2009-04-07 | Sumisho Computer Systems Corporation | URL system and method for licensing content |
US20050091216A1 (en) * | 2003-10-23 | 2005-04-28 | Curl Corporation | URL system and method for licensing content |
US7748045B2 (en) | 2004-03-30 | 2010-06-29 | Michael Frederick Kenrich | Method and system for providing cryptographic document retention with off-line access |
US8613102B2 (en) | 2004-03-30 | 2013-12-17 | Intellectual Ventures I Llc | Method and system for providing document retention using cryptography |
US7707427B1 (en) | 2004-07-19 | 2010-04-27 | Michael Frederick Kenrich | Multi-level file digests |
US8301896B2 (en) | 2004-07-19 | 2012-10-30 | Guardian Data Storage, Llc | Multi-level file digests |
US8117559B2 (en) | 2004-09-30 | 2012-02-14 | Citrix Systems, Inc. | Method and apparatus for virtualizing window information |
US8042120B2 (en) | 2004-09-30 | 2011-10-18 | Citrix Systems, Inc. | Method and apparatus for moving processes between isolation environments |
US7752600B2 (en) | 2004-09-30 | 2010-07-06 | Citrix Systems, Inc. | Method and apparatus for providing file-type associations to multiple applications |
US8302101B2 (en) | 2004-09-30 | 2012-10-30 | Citrix Systems, Inc. | Methods and systems for accessing, by application programs, resources provided by an operating system |
US8132176B2 (en) | 2004-09-30 | 2012-03-06 | Citrix Systems, Inc. | Method for accessing, by application programs, resources residing inside an application isolation scope |
US8171479B2 (en) | 2004-09-30 | 2012-05-01 | Citrix Systems, Inc. | Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers |
US8229858B1 (en) * | 2004-09-30 | 2012-07-24 | Avaya Inc. | Generation of enterprise-wide licenses in a customer environment |
US8352964B2 (en) | 2004-09-30 | 2013-01-08 | Citrix Systems, Inc. | Method and apparatus for moving processes between isolation environments |
US9970773B2 (en) * | 2004-10-27 | 2018-05-15 | Harman Becker Automtoive Systems Gmbh | Navigation system for accessing navigation data stored in an access-protected manner |
US20060184531A1 (en) * | 2004-10-27 | 2006-08-17 | Lars Russlies | Navigation system for accessing navigation data stored in an access-protected manner |
US20060174346A1 (en) * | 2005-01-31 | 2006-08-03 | Lieberman Software Corporation | Instrumentation for alarming a software product |
US20060255980A1 (en) * | 2005-05-13 | 2006-11-16 | Manisha Agarwala | Behavior of Trace in Non-Emulatable Code |
US7797686B2 (en) * | 2005-05-13 | 2010-09-14 | Texas Instruments Incorporated | Behavior of trace in non-emulatable code |
US20070041584A1 (en) * | 2005-08-16 | 2007-02-22 | O'connor Clint H | Method for providing activation key protection |
US8095940B2 (en) | 2005-09-19 | 2012-01-10 | Citrix Systems, Inc. | Method and system for locating and accessing resources |
US8131825B2 (en) | 2005-10-07 | 2012-03-06 | Citrix Systems, Inc. | Method and a system for responding locally to requests for file metadata associated with files stored remotely |
US20090055656A1 (en) * | 2006-01-30 | 2009-02-26 | Mstar Semiconductor Pte. Ltd. | Method of Maintaining Software Integrity |
US8639916B2 (en) * | 2006-01-30 | 2014-01-28 | MStar Semiconductor Pte, Ltd. | Method of maintaining software integrity |
US9866584B2 (en) | 2006-05-22 | 2018-01-09 | CounterTack, Inc. | System and method for analyzing unauthorized intrusion into a computer network |
US20080016570A1 (en) * | 2006-05-22 | 2008-01-17 | Alen Capalik | System and method for analyzing unauthorized intrusion into a computer network |
US20080235473A1 (en) * | 2007-03-12 | 2008-09-25 | Secunet Security Networks Aktiengesellschaft | Protection unit for a programmable data-processing system |
US9778642B2 (en) * | 2007-03-12 | 2017-10-03 | Secunet Security Networks Aktiengesellschaft | Protection unit for a programmable data-processing system |
US20100318375A1 (en) * | 2007-09-07 | 2010-12-16 | Ryan Steelberg | System and Method for Localized Valuations of Media Assets |
US9021494B2 (en) | 2007-10-20 | 2015-04-28 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US9009721B2 (en) | 2007-10-20 | 2015-04-14 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US9009720B2 (en) | 2007-10-20 | 2015-04-14 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US8171483B2 (en) | 2007-10-20 | 2012-05-01 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US8826037B2 (en) * | 2008-03-13 | 2014-09-02 | Cyberlink Corp. | Method for decrypting an encrypted instruction and system thereof |
US20090235090A1 (en) * | 2008-03-13 | 2009-09-17 | Chih-Chung Chang | Method for Decrypting an Encrypted Instruction and System thereof |
US20100031373A1 (en) * | 2008-07-29 | 2010-02-04 | Memory Experts International Inc. | Method and system for secure flexible software licensing |
US20100031372A1 (en) * | 2008-07-29 | 2010-02-04 | Memory Experts International Inc. | Method and system for secure flexible software licensing |
US8090797B2 (en) | 2009-05-02 | 2012-01-03 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US8326943B2 (en) | 2009-05-02 | 2012-12-04 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US8438113B2 (en) * | 2010-01-25 | 2013-05-07 | Richard Stahl | Automated digital express gateway for licensing and acquiring rights and permissions for 3rd party copyrighted content |
US20110184871A1 (en) * | 2010-01-25 | 2011-07-28 | Richard Stahl | Automated Digital Express Gateway For Licensing And Acquiring Rights & Permissions For 3rd Party Copyrighted Content |
US20110321165A1 (en) * | 2010-06-24 | 2011-12-29 | Alen Capalik | System and Method for Sampling Forensic Data of Unauthorized Activities Using Executability States |
US8789189B2 (en) * | 2010-06-24 | 2014-07-22 | NeurallQ, Inc. | System and method for sampling forensic data of unauthorized activities using executability states |
US9954872B2 (en) | 2010-06-24 | 2018-04-24 | Countertack Inc. | System and method for identifying unauthorized activities on a computer system using a data structure model |
US9106697B2 (en) | 2010-06-24 | 2015-08-11 | NeurallQ, Inc. | System and method for identifying unauthorized activities on a computer system using a data structure model |
US10528428B2 (en) | 2010-06-30 | 2020-01-07 | EMC IP Holding Company LLC | Dynamic prioritized recovery |
US10430295B2 (en) | 2010-06-30 | 2019-10-01 | EMC IP Holding Company LLC | Prioritized backup segmenting |
US20120005379A1 (en) * | 2010-06-30 | 2012-01-05 | Emc Corporation | Data access during data recovery |
US10055298B2 (en) | 2010-06-30 | 2018-08-21 | EMC IP Holding Company LLC | Data access during data recovery |
US10922184B2 (en) | 2010-06-30 | 2021-02-16 | EMC IP Holding Company LLC | Data access during data recovery |
US9697086B2 (en) * | 2010-06-30 | 2017-07-04 | EMC IP Holding Company LLC | Data access during data recovery |
US11294770B2 (en) | 2010-06-30 | 2022-04-05 | EMC IP Holding Company LLC | Dynamic prioritized recovery |
US11403187B2 (en) | 2010-06-30 | 2022-08-02 | EMC IP Holding Company LLC | Prioritized backup segmenting |
US9443067B1 (en) | 2010-09-07 | 2016-09-13 | Symantec Corporation | System for the distribution and deployment of applications, with provisions for security and policy conformance |
US9350761B1 (en) | 2010-09-07 | 2016-05-24 | Symantec Corporation | System for the distribution and deployment of applications, with provisions for security and policy conformance |
US8832855B1 (en) * | 2010-09-07 | 2014-09-09 | Symantec Corporation | System for the distribution and deployment of applications with provisions for security and policy conformance |
US8955152B1 (en) | 2010-09-07 | 2015-02-10 | Symantec Corporation | Systems and methods to manage an application |
US9043863B1 (en) | 2010-09-07 | 2015-05-26 | Symantec Corporation | Policy enforcing browser |
US8826387B2 (en) * | 2010-10-15 | 2014-09-02 | Samsung Electronics Co., Ltd. | Validation and fast channel change for broadcast system |
US20120096504A1 (en) * | 2010-10-15 | 2012-04-19 | Samsung Electronics Co., Ltd. | Validation & fast channel change for broadcast system |
US20130086643A1 (en) * | 2011-10-04 | 2013-04-04 | Kevin Dale Morgan | Tamper proof mutating software |
US9262600B2 (en) * | 2011-10-04 | 2016-02-16 | Arxan Technologies, Inc. | Tamper proof mutating software |
US20130144755A1 (en) * | 2011-12-01 | 2013-06-06 | Microsoft Corporation | Application licensing authentication |
US8725650B2 (en) * | 2012-01-26 | 2014-05-13 | Microsoft Corporation | Document template licensing |
US20130198038A1 (en) * | 2012-01-26 | 2013-08-01 | Microsoft Corporation | Document template licensing |
US9047161B1 (en) * | 2013-01-16 | 2015-06-02 | Sprint Communications Company L.P. | Discovery, consolidation, and archival of multiple operating system software licenses |
US9176974B1 (en) | 2013-01-18 | 2015-11-03 | Sprint Communications Company L.P. | Low priority, multi-pass, server file discovery and management |
US10616129B2 (en) | 2013-03-11 | 2020-04-07 | Amazon Technologies, Inc. | Automated desktop placement |
US10142406B2 (en) | 2013-03-11 | 2018-11-27 | Amazon Technologies, Inc. | Automated data center selection |
US10313345B2 (en) * | 2013-03-11 | 2019-06-04 | Amazon Technologies, Inc. | Application marketplace for virtual desktops |
US20140258155A1 (en) * | 2013-03-11 | 2014-09-11 | Amazon Technologies, Inc. | Application marketplace for virtual desktops |
US10686646B1 (en) | 2013-06-26 | 2020-06-16 | Amazon Technologies, Inc. | Management of computing sessions |
US10623243B2 (en) | 2013-06-26 | 2020-04-14 | Amazon Technologies, Inc. | Management of computing sessions |
US10560439B2 (en) * | 2014-03-27 | 2020-02-11 | Arris Enterprises, Inc. | System and method for device authorization and remediation |
US20150281190A1 (en) * | 2014-03-27 | 2015-10-01 | Arris Enterprises, Inc. | System and method for device authorization and remediation |
US10104099B2 (en) | 2015-01-07 | 2018-10-16 | CounterTack, Inc. | System and method for monitoring a computer system using machine interpretable code |
US20170109526A1 (en) * | 2015-10-20 | 2017-04-20 | Intel Corporation | Systems and methods for providing anti-malware protection and malware forensics on storage devices |
US20170249477A1 (en) * | 2016-02-25 | 2017-08-31 | Red Hat, Inc. | Securing Delegated Remote Management with Digital Signature |
US9940480B2 (en) * | 2016-02-25 | 2018-04-10 | Red Hat, Inc. | Securing delegated remote management with digital signature |
US10140443B2 (en) * | 2016-04-13 | 2018-11-27 | Vmware, Inc. | Authentication source selection |
US20170300683A1 (en) * | 2016-04-13 | 2017-10-19 | Vmware, Inc. | Authentication source selection |
US10977361B2 (en) | 2017-05-16 | 2021-04-13 | Beyondtrust Software, Inc. | Systems and methods for controlling privileged operations |
CN112740123A (en) * | 2018-08-21 | 2021-04-30 | 皮尔茨公司 | Automation system for monitoring safety-critical processes |
US20210278815A1 (en) * | 2018-08-21 | 2021-09-09 | Pilz Gmbh & Co. Kg | Automation System For Monitoring A Safety-Critical Process |
US11528149B2 (en) | 2019-04-26 | 2022-12-13 | Beyondtrust Software, Inc. | Root-level application selective configuration |
US11943371B2 (en) | 2019-04-26 | 2024-03-26 | Beyond Trust Software, Inc. | Root-level application selective configuration |
US20220318345A1 (en) * | 2019-05-21 | 2022-10-06 | Agilent Technologies, Inc. | Software licensing management and authentication |
Also Published As
Publication number | Publication date |
---|---|
US6343280B2 (en) | 2002-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6343280B2 (en) | Distributed execution software license server | |
EP1342149B1 (en) | Method for protecting information and privacy | |
White | ABYSS: ATrusted Architecture for Software Protection | |
KR100200444B1 (en) | Method of distribute software object | |
KR100188505B1 (en) | Method and apparatus enabling software trial using an encryption header | |
US8510861B2 (en) | Anti-piracy software protection system and method | |
KR100200445B1 (en) | Method and equipment to protect access to file | |
EP1224516B1 (en) | Trusted computing platform for restricting use of data | |
US6195432B1 (en) | Software distribution system and software utilization scheme for improving security and user convenience | |
EP0895148B1 (en) | Software rental system and method for renting software | |
US4916738A (en) | Remote access terminal security | |
US7270193B2 (en) | Method and system for distributing programs using tamper resistant processor | |
US8359657B2 (en) | Method and apparatus for enabling secure distribution of digital content | |
CA2525376A1 (en) | System and method for authenticating software using hidden intermediate keys | |
EP0968585A1 (en) | Digital product rights management technique | |
JP2002503365A (en) | Networked installation method and system for uniquely customized, authenticated and trackable software applications | |
KR20010024212A (en) | Method and system of dynamic transformation of encrypted material | |
WO1999031842A1 (en) | Conditional use private key distribution | |
US6920563B2 (en) | System and method to securely store information in a recoverable manner on an untrusted system | |
CN114186199B (en) | License authorization method and device | |
EP0881558B1 (en) | Computer system for protecting software and a method for protecting software | |
KR20040058278A (en) | Method and device for protecting information against unauthorised use | |
US20030212639A1 (en) | Method and system for providing secure authoring services for protected software | |
JP2002352146A (en) | Method, system and program for charging contents parts and storage medium with contents parts charging program stored therein | |
Jin et al. | Forensic analysis for tamper resistant software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
REMI | Maintenance fee reminder mailed | ||
LAPS | Lapse for failure to pay maintenance fees | ||
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Expired due to failure to pay maintenance fee |
Effective date: 20060129 |