1. Field of the Invention
The present invention relates to software components, software component management methods, and software component management systems, and particularly relates to a software component used as a “component” by various application software programs, a software component management method for managing the software component, and a software component management system for managing the software component.
2. Description of the Related Art
In today's form of software development, program segments obtained by dividing an existing software program into appropriate units are often treated as components (hereinafter referred to as software components). By combining a plurality of developed software components, a new software program can be created efficiently.
At the same time, as the size of software programs increases, the form of software development is shifting from a vertical integration type to horizontal division of work, in which a single software program is often developed by a plurality of companies. Additionally, it has become common to reuse software components to improve development efficiency. Under such circumstances, a software component developed by one company is often provided for use by other companies. To prevent unauthorized use of such a software component by a “user”, it is typically required for an “administrator” of the software component to put certain restrictions on the use of the software component.
“Administrator” of a software component is an operator who performs management tasks for the software component. Examples of such management tasks include delivery, use tracking, version control, collection and reporting of information about defects and extension, and support for the application of the software component.
“User” of a software component is an operator who uses the software component to develop an application software program. Here, an end user who indirectly uses the software component by using the developed application software program is not referred to as “user” of the software component.
Unauthorized use of a software component is, for example, use of the software component in systems for unintended clients, leakage of the software component to unintended third parties, or use of the software component beyond the contract period, such as a predetermined operation period or trial period for evaluation purposes.
Generally, “user” contracts with “administrator” for use of the software component. The contract normally prohibits unauthorized use of the software component.
However, unauthorized use of the software component may occur due to carelessness of “user”. For example, “user” may inadvertently forget about the contract period and continue to use the software component. It will be impossible to completely eliminate such human errors. Additionally, if a malicious user intentionally makes unauthorized use of the software component, it will be difficult to immediately stop such unauthorized use.
Exemplary techniques for preventing unauthorized use of software are disclosed in JP-A 2004-213057 or JP-A 2000-105696.
JP-A 2004-213057 discloses a technique in which, through a network, a license approval server periodically issues a software license to a user terminal connected to the network or periodically updates the software license, thereby preventing unauthorized use of the software. The software license is issued or updated by periodically issuing or updating an authentication file, which gives permission to use the software.
JP-A 2000-105696 discloses a technique in which public key data and device identification data encrypted with a private key corresponding to the public key are used to control the prohibition or permission of execution of software. When providing software, a provider of the software also provides, in the form of an appropriate recording medium, a user with a public key and device identification data encrypted with a private key. The device identification data identifies a device on which use of the software is permitted. To execute the software, the user uses the received public key to decrypt the received device identification data. Then, the decrypted device identification data is compared with identification data that is unique to the device on which the software is to be run. If they do not match, execution of the software is prohibited.
In the technique disclosed in JP-A 2004-213057, a software license is issued or updated through a network. Therefore, if a device on which the software is to be used is not connected to the network, it is not possible to prevent unauthorized use of the software on the device. Additionally, in this technique, the software license is provided in the form of an authentication file separately from the software to be used. This is inefficient because an additional means for associating the authentication file with the software is required. Moreover, since the software and the authentication file are separately provided, it is possible that a mismatched combination of software and authentication file may be provided by mistake. Also, separately providing them is inconvenient in handling.
In the technique disclosed in JP-A 2000-105696, software to be used and a recording medium in which encrypted device identification data and a public key are recorded are also provided separately. This involves human intervention to associate them with each other and thus may cause errors in the associating process.
Additionally, in the techniques disclosed in JP-A 2004-213057 and JP-A 2000-105696, unauthorized use is prohibited on an application software basis. This means that it is not possible to eliminate unauthorized use on a lower-level component basis. That is, it is not possible to eliminate unauthorized use of software components included in the application software.