Producers of software products are owners of intellectual property rights to their works. Most often, rather than being sold outright, software is licensed from the software vendor or producer to the customer. The software license agreement governs the rights and obligations of the apparent “seller” and “buyer.”
Unscrupulous users of software often use unlicensed copies of the products. As one means of discouraging the practice of using unauthorized copies, developers employ various techniques to limit the functionality of their products in response to a detection of a violation of their intellectual property rights to the software. One approach uses a registration process to associate a license key for a software product with a unique identifier of the computer on which it is installed, or with an instance of registration. Software updates or product support services can then be made contingent upon valid registration of the software product. Each time the software is updated or the subject of support being sought over the Internet, the validity of the license key may be checked prior to providing the update or support.
In the case where the license key is associated with the unique identifier of the computer, the unique identifier may be a computer's MAC address hard-coded into a network interface device of the computer, a hard disk drive serial number, or the like. Checking of the validity of the license key in this case may involve checking whether a known, registered license key is being used by more than one uniquely-identified computer concurrently. Thus, if two or more different uniquely-identified computers seek the same update, this suggests there may be improper use of the software.
In another approach, instances of product registration, and of updates or support services, modify the installed software product in some way, such as by modifying the license key or some other code associated with the product. If a updates or support is sought for a product that has already received similar updates or support, this may indicate unauthorized installation of the software product on more than one machine.
These primitive approaches have a number of drawbacks. Most notably, they are not practical in the context of business, or enterprise, software product customers. In the enterprise context, a company may license large numbers of concurrent users, or seats, of a software product. Enterprises also update their computer hardware more frequently than personal users. Additionally, updates and support for a software product are often handled differently across organizations with some organizations permitting individual users to register and update their copies directly with the software vendor, while others centralize updates and support at their respective information technology (IT) departments. Developing a unified approach to managing software licenses at enterprises is therefore not a simple matter.
In one approach, specialized software tools are offered to system administrators that monitor events in a network environment, including installation of software products, on client computers, for any changes. This approach is generally quite complicated, involving management of massive amounts of data. Similar approaches use specialized administrative tools deployed throughout the computers of the network to monitor software license compliance and report information back to a centralized node about the complete software configurations of each machine. This type of solution is typically a part of a comprehensive administration suite of software. Even if a software vendor desires that its enterprise customers institute a program for ensuring compliance with the terms of the software licenses, there is no practical way for the software vendor to require its customers to undertake the extra expense and complexity of such a comprehensive solution.
In a Web services model, where an application is hosted on one or more servers, one approach that has been proposed for monitoring the license compliance is disclosed in European Patent Pub. No. EP 2112612. In this particular context, web services push down application programs to client machines at their request. When this is done, each application is provided in a particular format with a “response wrapper” that includes a license tag unique to that copy of the program, (such as GUID) and a “broadcast license,” which is an encrypted version of the software license key. Search engines, such as Google, request Web applications from application servers. In so doing, the search engines cache response wrappers of the applications as they are returned in response to the search. The search engines can thus be queried for license tags, and results of the query (which include cached response wrappers with broadcast licenses) may be analyzed to determine unauthorized use.
This approach applies in the specific Web services context, and is not applicable in an enterprise context where applications are not pushed on-demand to be executed, but are instead installed locally on individual workstation computers. In the enterprise scenario, there is no cached collection of response wrappers to be readily queried for collection and analysis of license information to ascertain license compliance.
A solution is therefore needed to address these, and other, challenges in automatically determining and addressing software license compliance issues.