A modern computer system is an enormously complex machine, incorporating the results of countless hours of engineering and programming skill in its design. A computer system contains many elements, but these may generally be broken down into hardware and software. Hardware is the tangible circuits, boards, cables, storage devices, enclosures, etc. that make up the system. But the hardware, in and of itself, can not solve problems in the real world, any more than a typewriter can compose a Pulitzer-winning play. The hardware requires instructions which tell it what to do. In it purest form, "software" refers to these instructions which make the hardware perform useful work (although it is sometimes loosely applied to the media on which software is stored and distributed). Like hardware, software is the product of human ingenuity. High quality software requires considerable creativity, training and intelligence on the part of the creator, also known as the programmer. Universities offer courses of instruction in "computer science" and similar disciplines, for the purpose of teaching people the art of creating software. An entire industry, encompassing thousands of careers, has grown up to create software which performs useful work. As a result of the extensive effort that can be expended in the development of software, it is not uncommon for the value of the software which is part of a computer system to exceed the value of the hardware.
One of the characteristics of a modern computer system is its ability to transmit and copy data with great speed and ease. In general, this is a necessary and beneficial capability. But it also means that software which may have taken years of creative effort to develop can be replicated in a fraction of a second on relatively inexpensive magnetic media, a capability which can be abused. Unauthorized persons can, with little cost or effort, replicate valuable software. This practice is generally known as software piracy. In recent years, various laws imposing criminal and civil liabilities have been enacted to curb software piracy. However, given the relative ease with which one may copy software, and the temptation to do so which arises from the value of the software, software piracy remains a problem.
In the case of inexpensive mass distributed software for small computers known as "personal computers", it is common to license the software for a fixed one-time charge which is the same for all customers. This is less practical for large mainframe computer systems. Software for such systems can involve millions of lines of code, requiring a very large investment to develop and maintain. A single fixed one-time charge sufficient for the developer to recoup this investment is likely to be prohibitively expensive for many smaller users. Therefore, it is common in the mainframe environment to charge license fees for software based on usage. On such method, known as "tiered pricing", involves charging according to a variable fee scale based on the capability of the customer's machine. The customer with a faster machine, with more terminals attached, will pay a higher license fee for the same software than a customer with a less capable machine. Another common practice is to charge separately for maintenance upgrades of the software.
Given the level of expertise required to create quality software, and the amount of time and effort that must be expended, creation of such software requires money. If software developers are not paid proportionate to their training and effort, it will not be possible to find people to create software. It is not merely a practical imperative that the investment in software made by its developers be protected, but a moral one as well. Legitimate owners of software have therefore sought to develop ways to distribute software which will make it difficult to use the software in an unauthorized manner, and ensure that software developers are fairly compensated for their products.
Software may be distributed by the legitimate owner in a number of different ways. From the standpoint of preventing unauthorized use, these distribution methods may broadly be classified in three groups: unrestricted entitlement methods, restricted entitlement methods, and non-entitlement methods.
Unrestricted entitlement means that the software as distributed will run on any machine for which it was designed, without restriction. An owner distributing software with unrestricted entitlement must distribute to each user only the software which that user has paid for and is entitled to run. Apart from legal and contractual obligations, there is nothing to prevent the recipient of such software from copying or using it in an unauthorized manner. For inexpensive software which is licensed for a one-time charge, such as that used on most personal computers, this is the most common method of distribution.
Restricted entitlement means that the software contains some built-in restriction, limiting the ability of a user to copy and run it on any number of machines. There are several varieties of restricted entitlement methods. One of these is copy protection, which restricts the number of copies that can be made from the distributed original. While it achieves some level of protection from software piracy, copy protection has certain disadvantages. Like unrestricted entitlement, copy protection requires that the owner distribute to each user only the software that the user is entitled to run. It is not foolproof, and some programs exist which can make literal copies of copy protected software, defeating the protection mechanism. Finally, it interferes with the user's ability to make legitimate copies for backup purposes or to run the software from a fast storage device. Another restricted entitlement method is to encode user or machine specific information in the software itself. When the software is run, the machine will perform a check to make sure the software is authorized for that machine or user. This method achieves protection without interfering with the user's ability to make legitimate copies. However, it requires a very expensive distribution system, since each copy of the distributed software must be uniquely compiled, placed on distribution media, and shipped.
Non-entitlement means that the software as distributed is disabled, and requires a separately distributed authorization to be able to run. A non-entitlement method has the potential of avoiding customized software distribution entirely, although not all such methods have this capability. For example, the owner can distribute the same set of multiple software programs on a single generic medium to all its customers, and separately distribute individualized authorization keys to the each customer which allow the customer to run only those programs he has paid for. While non-entitlement methods avoid many of the problems associated with other methods, current designs suffer a high exposure to fabricated entitlement or significant performance degradation. In most cases, the mechanism used to withhold entitlement to run the software requires that the provision for entitlement verification be centralized in the software module (either as data or instructions), to avoid performance degradation overhead of the verification. In some cases, this entitlement overhead is due to the size of the product identifier and the packaging of protection routines within the distributed software. In other cases, the overhead is due to the need to perform complicated decode procedures while running the software. As a result of this centralization of the entitlement check, it is relatively easy for an experienced programmer to nullify the protection mechanism by "patching", i.e., modifying a small, selected portion of the object code. In another case, the object code doesn't provide for entitlement verification, but a secure call path does, which identifies the module by producing a bit signature from it. While this avoids exposure to patching, it unavoidably causes severe performance degradation of the call mechanism.
The protection methods taught by prior art involve trade-offs between level of protection and ease of use. It is possible to obtain a relatively high level of protection by encoding machine specific information in the software, but at a cost of maintaining a very complex distribution system in which each distributed copy of the software is unique. Less costly distribution is possible, but at the expense of losing some of the protection. A need exists for a method which achieves a high level of protection, can be easily distributed using mass distribution techniques, and does not unduly interfere with system performance, the user's ability to make legitimate back-up copies, or other necessary functions. At the same time, there is a need for a method which supports tiered pricing, and separate licensing fees for different versions of a software product.
It is therefore an object of the present invention to provide an enhanced method and apparatus for controlling the use of software in a computer system.
Another object of this invention is to provide a greater level of protection against unauthorized use of software in a computer system.
Another object of this invention is to reduce the cost of protecting software against unauthorized use.
Another object of this invention is to increase the performance of a computer system running software which is protected against unauthorized use.
Another object of this invention is to simplify the distribution system of a distributor of software protected against unauthorized use.
Another object of this invention is to provide a method and apparatus of protecting software from unauthorized use which reduces the impact of such protection on legitimate uses of the software.
Another object of this invention is to provide an enhanced method and apparatus of protecting software from unauthorized use while allowing the user to make legitimate back-up copies of the software.
Another object of this invention is to make it more difficult to alter software in a manner that will enable unauthorized use.
Another object of this invention is to provide an enhanced method and apparatus for distributing tier-priced software.