A computer application distributor wishes to distribute such computer application to each of many users or recipients in exchange for a license fee or some other consideration. However, such distributor typically also wishes to restrict what each user or recipient can do with such distributed computer application. For example, the distributor would like to restrict the user from copying and re-distributing such application to a second user, at least in a manner that denies the distributor a license fee from such second user.
In addition, the distributor may wish to provide the user with the flexibility to purchase different types of use licenses at different license fees, while at the same time holding the user to the terms of whatever type of license is in fact purchased. For example, the distributor may wish to allow the application to be executed only a limited number of times, only for a certain total time, only on a certain type of machine, only on a certain type of rendering platform, only by a certain type of user, etc. Likewise, the distributor may wish to allow one user to pay a smaller license fee and access a smaller set of application functions and also to allow another user to pay a larger license fee and access a larger set of application functions, and the like.
However, after distribution has occurred, such distributor has very little if any control over the distributed application. This is especially problematic in view of the fact that the application may be copied and re-distributed to most any personal computer, presuming that the application is not otherwise protected in some manner from such copying and re-distribution. As should be appreciated, most any such personal computer includes the software and hardware necessary to make an exact digital copy of such application, and to download such exact digital copy to a write-able magnetic or optical disk, or to send such exact digital copy over a network such as the Internet to any destination.
Of course, as part of a transaction wherein the application is distributed, the distributor may require the user/recipient of the application to promise not to re-distribute such application in an unwelcome manner. However, such a promise is easily made and easily broken. A distributor may therefore attempt to prevent such re-distribution through any of several known security measures.
One such security measure is product activation. In such product activation, a customer acquiring a software application is provided with a product activation key corresponding thereto, which is a unique serial number and product identifier that acts as a proof of purchase or the like. The provided product key is then entered during installation of the application on a particular computer device to act as a proffer that the application was acquired legally and/or otherwise properly. The product activation key need not be and typically is not cryptographic in nature, although a digital signature (which is cryptographic in nature) may be included to act as a guarantee that the product key is genuine.
The entered product key and an ID representative of the computer device are then sent to a product activation service as part of the installation process. As may be appreciated, the product activation service determines whether the entered product key is valid, whether the product key has been employed before, and if so in connection with what computer device. Typically, each product key enables an installation or re-installation of the application on a single computing device, as is set forth in a corresponding license agreement, although a product key may also enable a set number of installations/re-installations on multiple computer devices also.
Accordingly, if the product activation service determines that the entered product key has already been employed to install the application on another computer device (or has been employed a maximum number of times, for example), such activation service will not allow the installation of the application on the computer device to proceed, will not allow a complete installation of the application on the computer device, will not allow the installed application to be used on the computer device, or the like, as the case maybe. Thus, activation as used herein may entail permission to install the application, permission to perform some level of installation of the application, permission to completely install the application, some level of permission to use the application, complete permission to use the application, or the like.
If the activation service declines to activate the application for the customer based on an entered product key already being used in connection with another computing device, or based on the entered product key not supporting the level of activation desired, the customer must acquire another appropriate product key to install/completely install/use the application on the computing device in the manner desired. Thus, the product key and the product activation service act to ensure that the application is not nefariously or wantonly installed/activated/used on multiple computing devices, such as may be in violation of any software license agreement associated with the software product.
Note that as part of the activation process, the activation service may return a digital version of the license to the computing device on which the application is associated. Such license may be tied to the computing device such that the license is not usable with any other computing device, and may express a level of activation, as well as license terms such as application functions that are to be made available, functions that are to be made non-available, a period of activation or a number of times the application may be executed on the computing device, and the like. In general, such license may express any limitations and/or rights and also may express any policies that should be honored in connection with the execution of the application on the computing device, all as set forth by the distributor of the application or another entity.
With such license, then, a rights client controller with a license evaluator or the like may be employed on the computer along with the distributed application to control operation and use of the application based on an evaluation of whether the license so permits. However, a need exists for an actual method and mechanism by which such rights client with such license evaluator may in fact control operation and use of the application based on the license. In particular, a need exists for such a rights client with such a license evaluator that executes certain portions of code on behalf of and as a proxy for the application, but only if the license evaluator determines that the license allows such execution.
Another threat to the security of a binary object is unauthorized reverse engineering. It is well known that a debugger is crucial to the successful reverse engineering of an executable binary. The ability to prevent debugging is a critical part of a successful protection strategy of an IP sensitive binary. While many anti-debugging techniques have been implemented in the past they typically rely on two approaches. The first is by leveraging all of the various programmatic interfaces provided by the operating system to detect a debugger. The second is by sprinkling these queries throughout the binary. This approach was limited by the fact that attackers could defeat this by either shimming the OS interfaces to return compromised results or find and remove the “sprinkled” checks from the binary. The combination of these techniques only slows down the use of debuggers and does not stop a debugging process.