This invention relates generally to software protection and license monitoring of application software and information files for remote applications.
One example of a remote application is remote monitoring and diagnosing of equipment or systems. Currently, many companies are developing capabilities for remote monitoring and diagnosing of equipment or systems. The remote equipment or systems (hereinafter referred to as remote systems) span the gamut from industrial steam turbines to networked printers, from medical imaging equipment to home appliances. In almost all cases, there is some computational capability resident on the remote systems, such as a processor. Generally, the processor performs functions such as data gathering, operation monitoring, executing diagnostic applications, and providing the end-user or customer access to information and applications on the remote systems.
In a typical remote monitoring application, software and other information files resident on a remote system are out of the direct control of the vendor because they reside in the customer""s environment. But some of the software applications and information files within that processing environment are highly sensitive and need to be protected from tampering (e.g., inadvertent modification and malicious vandalism). Tampering with software applications or information files, such as configuration files that are resident on the remote system, may prevent a user from having access to a needed functionality. Alternatively, tampering could allow a user to access to a restricted functionality. It is even possible that tampering could lead to equipment failure.
Therefore, a system has been created for protecting software applications and configuration information files that are resident on a remote system from tampering. This known system uses mechanisms for ensuring that files are not accessible to a customer that has not paid for them and whose access has been terminated. These mechanisms also ensure that diagnostic utilities are not accessible to non-vendor service providers that may service the remote system.
In accordance with one known method for protecting files for licensing to a remote system, a list of files to be licensed to a remote system is input to a license generator. A file checksum generator generates respective checksum values for specified files. A license file generator generates a license file for storing references to each of the files and their corresponding checksum values. A digital signature generator generates a digital signature for the license file. A license file assignor then assigns the digitally signed license file to the remote system.
All of the foregoing steps of generating a license file are performed automatically, e.g., by a computer or data processor programmed with appropriate software. However, the list of files to be licensed is input to the license generator via a manual feed. There is a need for a system whereby essential licensing data can be automatically extracted from the contract and subscription information acquired by business contract systems and automatically fed to the license generator.
The present invention is directed to a system for managing the generation of licensed end-user software applications based on contracting information which is automatically fed from one or more business contract systems. The system comprises a license manager which communicates with a license database, a license generator and one or more business contract systems. The license manager receives an automated feed of contract and subscription information from each business contract system, interprets which of the bundled features require a license, filters or strips out the information needed to generate the required license, and then logs that licensing information in the license database.
The license manager then determines whether a license file should be presently generated based on the extracted licensing information. If the determination is in the affirmative, the license manager outputs the licensing information to the license generator with a request that the latter generate a tamper-proof encrypted license file. The license generator then generates a license file which contains remote system identification information (to prevent the license file being moved to a different system), license expiration date, a checksum value, a digital signature, and other information.
After the license generator has generated the license file and stored it in temporary storage, the license manager retrieves the license file from the temporary storage and assigns the license file to the remote system identified by the subscriber or site identification information, e.g., via a network. After downloading of the license file to the remote system, the license manager deletes the license file from temporary storage, but retains the data in the license database so that the license could be recreated at any time.
In accordance with a further feature, the system allows for the purchase of a license or subscription by a customer at a remote site. In this case, a web page is downloaded to the remote site by the license manager which comprises fields to be filled in with license information by the customer. The license information is then transmitted to the license manager, which takes the appropriate action, e.g., storing the license information in the license database and then instructing the license generator to generate a license based on that license information. In addition, the license manager sends the license information or relevant portions thereof to the business contract system to update the records of the latter.