The invention relates to a system and method for distributing software over a network. More particularly, the invention relates to a method for controlling software distribution by embedding a sub-component of the distribution control software in each software application, and having a central monitoring software for monitoring the distribution of the software applications.
Digitally encoded information, or software, is one of the most economically important commodities of the era The ease and economy with which perfect copies can be made and distributed has promoted the spread of software and related technologies through traditional commercial channels such as retail and mail-order sales. More recently, non-traditional distribution channels such as distribution over networks of interconnected computers such as the Internet have become more viable. These non-traditional distribution channels have made it difficult for software creators and copyright holders to regulate the use of their creations or to receive payment and registration information from their users. Consequently, software producers forfeit substantial revenues and valuable information about their customer base and potential markets.
Various security methods have been employed in an attempt to inhibit illegal copying of software. Such attempts have included software security, such as password protection and requiring original diskettes to initiate startup, for example, and hardware security, such as a dongle, for example, inter alia. Further, hardware-based copy protection techniques, as well as those which involve modification or customization of executable programs, prevent software vendors from exploiting the non-traditional distribution networks that are becoming a mainstay of software distribution in the software marketplace. Therefore, these protection methods have generally proved inadequate for large-scale commercial distribution of software. Thus, most large software companies have relied on shrink-wrap licenses and legal remedies to enforce their copyrights which have proved moderately effective.
Another challenge to the software industry is regulating the installation of software. Since individual users perform most installations of software, the vendor has no control over the software installation. A user can currently purchase software that will not run on the user's computer. The user may not know the limitations of the user's computer hardware or may not understand the software's hardware requirements. If a user purchases software and the user's computer hardware is inadequate to run the software, then various problems are going to occur in the installation and execution of the software on the user's hardware. The user will have to spend much time and effort attempting to resolve the problem, often including multiple calls to the vendor's technical support lines at a cost to both the vendor and potentially the user.
Additionally, companies having large networked facilities can internally have thousands of networked computers accessible by numerous content servers on a single network. Each of the content servers can be running any of various operating systems as can the computers with which the servers are communicating. From an information management standpoint, maintaining such a computer base can be very difficult given that each user may have to install their own software or, in the case of networked software, each server has an individual copy of networked software for a subset of the users.
Many computer users are reluctant to purchase software on-line due to security issues. The possibility of piracy of the software and, more importantly to the user, personal information inhibits many users from taking advantage of this method of transaction. Some on-line services include security features for such information, but generally lack an ability for the user or the service to audit the security of the transmission. In addition, on-line services generally do not allow the service to keep users informed of new products and releases, unless the users release personal information to the service.
In some environments, the security of the network and data transmitted and stored thereon is critical. Such networks and environments include military, legal, business, and financial services. As a financial services example, an investment trading system may be linked to a bank custody and accounting system, wherein the two systems exchange data so that the bank system can provide “settlement” services related to the trading system's investment transactions. Attempts to make such networks secure, preventing the theft or manipulation of data by insiders and outsiders, often involves using human entered passwords to gain access to the network. However, because such passwords exist in human readable form, it is possible to steal such passwords and gain access to the system. Such systems may also implement key encryption to secure the data, but if the system is violated through password detection or other means, the keys may be obtained and used, unknown to network administrators. As an example, a method presently used to protect transmission of data over a network is a virtual private network that uses digital certificates, which involves the use of various root private keys which are manually protected in a secure environment. If these root keys can be discovered or broken, the network can be compromised. These keys generally have a life of one or two years. If a key in one of these system is stolen, the theft cannot be detected. Consequently, these networks may be unacceptably vulnerable.
Additionally, these networks are typically large and complex and susceptible to the inclusion of “trap doors” during their generation and installation. A “trap door” is hidden software code that allows an application to secretly send data to unauthorized recipients, for example. Furthermore, the generation and installation is typically labor intensive, requiring programmer generation and manipulation of software files to build the necessary components and hand installation of these components at remote sites to build the network. Since the generation and installation is piecemeal and disjoint, it is not a quick process. Also, it does not lend itself to generating billing information of the clients receiving access to the network as it is being installed, since account services are not typically included until after the system or network installation is complete. Therefore, additional resources are required to generate necessary billing information.
Accordingly, it is an object of the invention to provide a private secure network and method for protecting electronically distributed and stored data from theft, both by outsiders and technologically sophisticated insiders. It is another object of the invention to provide an auditable secure network and method for auditing a secure network during generation, installation, and operation of the secure network. It is yet another object of the invention to provide a secure network and method for establishing and maintaining a high degree of data security in the direct connection between a trading desk in a securities firm and the settlement application in a custody bank, thereby facilitating real-time, or near real-time, settlement. It is a further object of the invention to provide a system and method for rapidly generating and installing an auditable secure network remotely. It is yet a further object of the invention to provide a system and method for systematically defining the types of data to be sent over a network to be generated and installed and for auditing performance against this definition. It is still another object of the invention to provide a system and method for generating billing information from a network installation. It is also an object of the present invention to provide a system and method for resolving security violations in a private secure network that requires verification by auditors.
It is further an object of this invention to protect transfers of cash among large financial institutions. When cash is transferred through electronic means, large quantities of cash can be transferred in a short period of time. Insiders who have access to the networks of large financial institutions might plan to install software that, at the appropriate moment, could overcome the security system and process a large illegal cash transfer. A further object of this invention is to install systems that can protect against insider theft of cash through electronic means, particularly where the insiders have time and technical knowledge to install sophisticated software to accomplish an illegal theft of cash.
These and other objects of the invention are achieved by the system and methods described herein.