The present invention relates to apparatus and methods for reducing unauthorized use of software.
Software developers are often victims of illicit copying and unauthorized use of their software in violation of contractual obligations imposed by licensing agreements and subject to civil and criminal penalties under various domestic and foreign laws. Unauthorized entities range from a relatively small percentage of the total users to an overwhelming majority of illegal users. Such unauthorized use not only amounts to theft of the developers"" intellectual property, but also reduces the number of programs sold and therefore the associated profitability of the developer. This may ultimately diminish the creative effort expended by the software developers due to the reduced financial incentive. The advent of the internet has contributed to the proliferation of pirated software, known as xe2x80x9cwarezxe2x80x9d, which is easily located and readily downloaded.
Various strategies have been employed to make unauthorized duplication and use of software more difficult. One such approach is to provide a hardware xe2x80x9ckeyxe2x80x9d which is typically installed in the parallel port of the computer to provide a software interlock. If the key is not in place, the software will not execute.
This method is relatively expensive for the developer and cumbersome for the authorized user while remaining vulnerable to theft by duplication of the hardware key.
Another approach requires the user to enter a serial number or customer identification number during installation of the software. Missing or invalid registration information prevents installation of the software. This approach is easily defeated by transferring the serial number or customer identification number to one or more unauthorized users.
Yet another approach requires registering the software with the manufacturer or distributor to obtain an operational code or password necessary for installation of the software. Again, once the operational code or password is obtained, it may be perpetually transferred along with pirated copies to numerous unauthorized users.
Various copy protection strategies have been employed to reduce the number of unauthorized copies available. This approach is generally disfavored by users who may have a legitimate need to make backup or archival copies or transfer a copy to a new computer or hard drive.
While prior art strategies have enjoyed various levels of success in reducing unauthorized use of software, they often impose a significant burden on the authorized users or are easily defeated by unauthorized users. As such, software developers need an apparatus and/or method for reducing unauthorized use of software which does not burden the authorized users to dissuade them from purchasing and using the protected software.
Thus, one object of the present invention is to provide an apparatus and method for improving software security throughout the lifetime of the software.
Another object of the present invention is to provide an apparatus and method for monitoring the number of users of a software product, both authorized and unauthorized.
Yet another object of the present invention is to provide an apparatus and method for the software manufacturer to maintain contact with the user over an extended period of time.
A further object of the present invention is to provide a method and apparatus for reducing unauthorized use of software which facilitate periodic software updates and forwarding of information, when and if desired.
A still further object of the present invention is to identify those entities responsible for unauthorized copying or use of software so that appropriate action may be taken, such as disabling the software, requesting payment from the user, or seeking civil or criminal penalties.
Another object of the present invention is to provide a method and apparatus for reducing unauthorized software use which deactivates unauthorized copies when an unauthorized user attempts to obtain a password.
In carrying out the above objects and other objects, features, and advantages of the present invention, a method for securing software includes associating a series of authorization codes with the software, repeatedly requiring the user to obtain a new authorization code to continue using the software, and encrypting information exchanged with the user during transfer of an authorization code for continued use of the software to reduce tampering with the information by unauthorized users. A password or authorization code series may be associated with each authorized copy or with a group of copies such as those distributed to a particular organization or site. Preferably, subsequent passwords or authorization codes are obtained from an authorized software developer, manufacturer, or distributor which gathers current information from the user to monitor compliance with licensing restrictions. The number and frequency of required password updates may be regular or irregular depending upon the application, user, or software manufacturer.
The present invention contemplates, but does not require, more frequent password updates for more complex software because it is generally more costly to develop (and therefore more valuable to users) whereas less costly software would require fewer password updates to reduce administrative costs associated with password maintenance.
Password or authorization code updates may be obtained automatically or manually. Automatic updates are accomplished using electronic communication between the manufacturer""s computer (or an authorized representative) and the user""s computer. Updates may be performed by a direct modem connection, via email, a web browser, or the like. The particular time and nature of updates and the user interface utilized to implement the updates may vary by manufacturer or product. Manual updates are performed by advance or periodic notifications generated by the software to alert the user that password updates are required or will be required in the near future. The user may then contact the manufacturer for the specific password update via telephone, mail, email, or the like. Password advisories normally occur prior to the periodic termination of the operating period which may be measured by program starts, elapsed running time, calendar period, etc. Password updates may be in the form of alphanumeric and/or encrypted passwords or of any other conventional type.
Preferably, the user must provide registration information prior to receiving the original or updated password or authorization code. Registration information may be entered by the user or automatically acquired (and transmitted for automatic updates) by the software. Registration information may include a serial number, registration number, TCP/IP address, user name, telephone number, computer specific information, etc. This information may be encoded and/or encrypted to make it less susceptible to tampering by unauthorized users. The registration information is preferably monitored and compared to previously captured information to control the number of authorized copies of software and/or identify unauthorized users. If unauthorized use is suspected, a password or authorization code may be provided which subsequently disables the software, either immediately or after some period of time so that an authorized user is provided an opportunity to rectify the information which caused deactivation.
A number of advantages result from various implementations of the present invention. For example, the present invention reduces unauthorized use of software without imposing a significant burden on authorized users. The present invention controls the number of copies of authorized software by monitoring registration information and deactivation of suspected pirated copies. Requiring authorized users to periodically update a password or authorization code provided by a password administrator improves accuracy of contact information for marketing related products and distribution of product updates. The present invention also provides a variable level of software security which can be tailored to the particular application depending upon the value of the application to potential software pirates.
The above advantages and other advantages, objects, and features of the present invention will be readily apparent from the following detailed description of the best mode for carrying out the invention when taken in connection with the accompanying drawings.