The present invention relates to software licensing, and in particular to a system for automated monitoring and management of licensed software.
It is well known that software is not purchased, but only licensed for use. Software, unlike manufactured products, can be freely copied and distributed. Hence, software providers are largely limited in their choice of control means. Unfortunately, a software license is merely a legal mechanism, and cannot literally prevent illicit copying of proprietary software. A typical software license grants a permit to use the licensed software application on a particular machine and, perhaps, the generation of backup copies for personal use. A software license provides a software provider with a legal instrument against impermissible use of licensed software. However there remains no effective mechanism for preventing or monitoring illicit copying or illegal proliferation in the first place. Hence, software providers must rely on the public to not pirate software, and rely on their licensees to abstain from furnishing copies of software to friends or others. A significant amount of software piracy occurs in commercial settings. Commercial licensees are usually vigilant about license compliance. However, even the most attentive MIS manager (Management Information Systems) cannot prevent employees from copying software off of company machines for their personal use. As a result of illicit copying, software providers must adjust their prices, forcing legitimate buyers to pay higher prices to offset revenue losses.
Although the estimates for losses due to piracy are estimated in the billions of U.S. dollars, such estimates remain mere projections. This is because their way of determining how widely software is copied. More specifically, there is no mechanism by which to monitor the proliferation and use of software, copied or otherwise. Statistics regarding the use of legitimately purchased software also remains unknown to software providers and vendors. Despite sales data, purchased software may be found ineffective by users and sit, unused, on hard drives. Consequently, software providers may not have a firm understanding of how their products are being received by users. Whether used or not, most proprietary software contains some security mechanism and/or registration mechanism.
There are a number of schemes designed to prevent software from being copied, or to make use of copied software unduly burdensome. These schemes, however, are largely ineffective, complex, and add to development costs. Furthermore, for every protection scheme devised by programmers, there are hackers who will diligently go about undermining them. A first line of defense is to encourage legitimate users to register their licensed software.
Registration of software provides a software provider with a record of a valid license. Registration typically involves filling out and mailing a registration card that is provided in an off-the-shelf software package. A user may be asked to write in the serial number of the software set, along with other pertinent information. The defense mechanism in registration, albeit weak, is that a software provider will only render assistance and support to properly registered users. That is, a software provider will refuse to grant assistance to a user unless the user has properly registered their software.
The registration process also may involve responding to prompts generated by the software when it is first run. The prompt may be a security system asking the user to enter the serial number and/or a codeword to enable the software. The codeword may be a word appearing at prompt-designated locations in a user manual. This security scheme operates on the premise that a pirate will not ordinarily have a copy of the user manual. After the software is up and running, it may periodically prompt the user to re-enable the software by entering a different codeword appearing at varying locations in the user manual. This scheme is subverted by copying the manual and registration number.
An on screen registration/enablement process may involve writing the registration number to disk. This is only possible with floppy disks as CD-ROMS are, at present, a largely read-only medium. If the disk is used again to load the software application, the software may prompt the user with a warning that the software has already been loaded (e.g., “IS LOADING OF THIS SOFTWARE PERMITTED? RECORDS INDICATE THAT THIS SOFTWARE HAS ALREADY BEEN LOADED. YOU MAY BE IN VIOLATION OF YOUR LICENSE AGREEMENT.”). However, reloading of software may be normal in the event of hard disk failure. Consequently, software providers cannot feasibly prevent the software application from being loaded more than once. Furthermore, if first run registration enablement is required, copiers can simply copy the software repeatedly prior to registering the original copy.
Another security technique is to enable a software application for a defined period of time. This usually involves incorporating a date/time checking mechanism into the software application. Such a mechanism may be used where a software provider wants to supply, for example, a 30-day demonstration version of a software application for user evaluation. If the user decides to purchase a license following the evaluation period, the user may contact the software provider and supply payment information. Following approval (e.g., credit card) or receipt (i.e., check) of the payment, the software provider may supply the user with a regular copy of the software, or provide instructions or a codeword to disarm or reset the date/time checking mechanism.
In operation, a date/time checking mechanism records a date/time stamp when a software application is first brought up. Alternatively, or in addition, the date/time mechanism may start a timer when the application is brought up. The date/time stamp is compared with the system date/time information maintained by the computer to determine if the software application is to be disabled. To subvert such a system, users have been known to reset the system date and system time to prevent expiration. In response, some software providers have resorted to writing complex code schemes to disable the software in the event that the system date is tampered with. Such a security mechanism is often used to control licensed software used in a commercial setting.
Software sold for use in a commercial or institutional setting is frequently licensed for a predefined period of time. When such software is used on desktop computers, such computers are typically networked. The networked computers are usually connected to a file server, which file server may itself be tended by a computer management system that monitors and controls various file server groups. The file server computers act as a central location at which the desktop computers in the file server group can access files and applications. The file server also may facilitate the control of licensed software on the desktop computers. This occurs in the situation where the commercial software license is a so-called “floating license.”
Commercial software licenses for operating a plurality of desktop computers normally are of two varieties: “fixed” or “floating.” A fixed license permits a software application to run on certain designated computers (e.g., computer numbers one through five, in a ten computer file server group, are designated for the licensed software application). A floating license permits a certain number of applications to run on any number of computers at a given time. So an application operating under a floating license may be allowed to simultaneously run on no more than ten of twenty computers in a network at any given time. Licensing management software is maintained in the network file server to monitor the number of floating licenses being used.
Commercial software is prone to installation interruptions, as it almost always requires involved enablement procedures. In accordance with regular industry practices, commercial software applications are ordinarily enabled following their installation by contacting the software provider for enablement instructions and/or enabling codes. This process is rarely instantaneous. The software provider usually confirms that the software license is proper and paid for before faxing, e-mailing, or even using regular mail, to provide a set of enabling instructions, enabling codes, or disk(s) with which to bring the application up. Consequently, the software remains disabled until additional instructions are supplied and followed, which are usually sent only after an enablement request is approved.
Management of floating licenses on networked computers involves two control software components: an application portion, and an authenticator portion. The application portion is nested within an application running on a desktop computer. The authentication portion is a code module contained in the file server that monitors and authorizes applications running on the desktop computers. When a user attempts to open the application software, the application portion code communicates with the authenticator code module to check to see if a floating license is available. If the maximum number of floating licenses are already being used, the software application is not allowed to open. Licensing control software also may be used to monitor defined term licenses to disable software in networked machines after license expiration.
If a commercial license expires, the software may be disabled, midstream, preventing users from completing projects. Re-enablement requires contacting the software provider to purchase an additional license or extension. This may require re-execution of enablement procedures with new instructions or codes. Hence, it may take some time before the software application is up and running again, which situation can seriously inconvenience users.
The common shortcoming shared by all licensed software, is that it requires some form of manual intervention for registration, enablement, and/or re-enablement. Manual intervention is cumbersome and can render software useless until it is enabled or re-enabled. The paramount issue is, however, that software providers have no mechanism for monitoring and controlling the actual use, whether legitimate or illicit, of their product. Proprietary software is misappropriated on a global scale causing massive losses to software providers, which losses are inevitably passed on to legitimate licensees.
What is needed is a licensing system that allows software use to be monitored in an automated fashion, without user input. Moreover, a software licensing system is needed that permits a software provider to transparently control the use of licensed software.