1. Field of the Invention
The present invention relates to software security.
2. State of the Art
Conventionally, software has been distributed in shrinkwrap form. That is, disk copies of a piece of software have been packaged and shrinkwrapped, usually together with user's manuals. Boxes of shrinkwrapped software are then moved through distribution channels, with payment being made in the usual commercial fashion.
With the widespread use of CD ROMs, expensive manuals are increasingly being dispensed with in favor of on-line manuals, i.e., manuals stored on CD ROM. The software and its documentation have been merged together. Furthermore, with the proliferation of inexpensive, high capacity hard drives, either on a stand-alone computer or a network server, and widespread Internet access (through increasingly high-speed "pipes"), it is now possible to distribute software electronically by allowing customers to download the software from a server. So long as the owner of the software (i.e., the software publisher) retains possession and control of the software being distributed, things go relatively smoothly. The threat of unauthorized copying still remains, but is not especially aggravated as compared to the same threat in the case of conventional software distribution.
Software publishers, however, often do not wish to open and maintain a "storefront" for electronic software distribution, and often do not have sufficient market reach or presence to effectively distribute the software that they have produced. A software publisher may therefore wish to "team up" with one or more "channel partners" in order to effectively carry out electronic software distribution. In such an arrangement, the software publisher puts a software product within the possession and control of one or more (and possibly hundreds of) channel partners.
To facilitate electronic software distribution, clearinghouses have emerged. A clearinghouse functions as a kind of escrow agent for the software publisher and channel partners. Software products for electronic distribution are locked (using encryption). The clearinghouse holds unlock keys for software products and reports to the other parties whenever an unlock key is requested by and released to a customer. The clearinghouse typically also receives payment from the customer and credits the account of the appropriate channel partner.
Electronic software distribution may follow a buy-before-you-try (Buy/Try) model or a try-before-you-buy (Try/Buy) model. Buy/Try is the conventional model used in packaged software distribution: the customer must first buy the package before the customer is able to use it. In the Try/Buy model, the customer is allowed to try the software for a period of time before being required to either buy the software or discontinue use of the software. Try/Buy can operate to the advantage of both the customer (allowing the customer to become acquainted with the product before deciding whether to buy it) and the software publisher (affording more customers an opportunity to try and ultimately buy the product). Try/Buy, however, does introduce further complexity into electronic software distribution. The Software Publishers Association has issued guidelines for Try/Buy electronic software distribution, available at the Web page http://www.spa.org.
Wrapper technology providers are responsible for providing secure encryption technology for Buy/Try and Try/Buy purchases. In the case of Try/Buy, the user downloads and installs the product. The product is altered in such a way that the potential customer can use the product a limited number of times, a limited amount of time, or is functionally "crippled" in some way. At the end of the trial period, the user either purchases the product or deletes the "wrapped" version. If the product is purchased, the clearinghouse provides the customer a key that "breaks the shrinkwrap" and permanently installs the product.
One impediment to the widespread use of wrapping technologies has been their inflexibility, especially in the area of software protection mechanisms, i.e., mechanisms for allowing limited authorized use and disallowing unauthorized use. Software protection necessarily entails a trade-off between security for the software publisher and convenience for the software end user. Security may be increased by binding a file containing software protection information to the end user's operating environment. In general, various mechanisms for achieving this binding are known, some of which are described hereinafter.
There nevertheless remains a need for a mechanism that allows a software publisher to conveniently configure a software protection mechanism for a particular software product to achieve an appropriate trade-off between security and user convenience for that product.