There is an active business in "license manager software", i.e. attempting to insure that the user of software is someone who has paid the appropriate purchase or licensing fees. Most of the current systems are either "trust-based", i.e. essentially no actual protection, or hardware-based. Most hardware-based protection systems depend upon a hardware serial number (such as on Sun Microsystem's workstations), an attached small hardware device (called a "dongle") a physically unique diskette that must be mounted, or a serial number in the network software. Some methods depend upon the presence of one or more files whose sole purpose is to enforce the license authentication.
According to the present invention, a method and apparatus are provided for authentication of computer software programs that is at an intermediate level, i.e. between trust-based licensing and hardware-based protection. The invention to a large extent still requires a level of "trust", however by periodically querying users of the software it reminds the user of the need for a license while requiring some positive action on the part of the user to confirm the legitimacy of his/her use, and according to some aspects of the invention if the user is clearly unauthorized will preclude the user from utilization until authorization is obtained. However the invention is not designed to be a fail-safe system, and does not require the burdens on the legitimate user, or the expense, that often accompany hardware-based authentication systems. The invention makes use of a file which is itself of intrinsic usefulness to the end user, and makes the authentication process easy and convenient for the end user in the software distribution channel. However it is overtly vulnerable to abuse by any users who are willing to repetitively and regularly and purposefully make explicit interactive responses to lie about their identity while knowing a correctly licensed entity.
The invention will be primarily described with respect to Shell++ based software products, but it is to be understood that the invention has much broader applicability, and in fact is applicable to a wide variety of different software products. The term "Init-File" as used in the specification in claims is intended to not only relate to conventional Shell++ products' Initialization Files, but to relate to a variety of functionally equivalent files. Shell++ can be used for any number of different projects on the same system or on different systems. Each project resides in one specific directory, and in that directory there must be an initialization file, typically SPP.INI (or spp.rc on UNIX systems). The Init-File contains user-defined information that is necessary for the compilation and linking of Shell++ programs. It is therefore a file with which the end user will become familiar in the course of daily work. The installation procedures will also place into that file some simple, readily recognizable, human-readable entries for the Serial Number of the licensed copy of the software and for a Checksum. The Checksum is a deterministic function of the Serial Number (which is visible in the Initialization File), and the Licensed User Name (which is not recorded in the Initialization File). An example of an Init-File is:
Serial Number: 1234567 PA1 Checksum: 1234ABCD5678EFGH PA1 Extensions: .c. .C .cpp .cxx .spp PA1 Compiler PATH: /vendor/bin
According to one aspect of the present invention there is provided a method of providing a level of authentication for a computer software program sign-on intermediate trust-based licensing and hardware-based protection, using a computer and a display screen having a standard sign-on procedure. The method comprises the steps of: (a) Requiring entry of a registration name at the time of initial use of the computer software program which is provided in an Init-File. (b) Providing a freshness interval based upon number of sign-ons or the passage of time [the terminology "number of sign-ons or the passage of time" inherently also includes combinations of those two parameters] as the maximum allowable hiatus between re-authentication sign-ons. (c) At each invocation of the computer software program determining if an invocation is within the freshness interval. (d) If the invocation is within the freshness interval, controlling the computer and display screen to provide standard sign-on. (e) If the invocation is not within the freshness interval, controlling the computer and display screen to provide a re-authentication query on the display screen which requires a response before standard sign-on will be allowed. (f) If a correct response to the query in step (e) is given, controlling the computer and display screen to provide standard sign-on; and (g) if an incorrect response to the query in step (e) is given, controlling the computer and display screen to provide information about authorized registration.
The term "standard sign-on" as used in the present application and claims encompasses any and all sign-on procedures. Most sign-on procedures require entry of some sort of information (e.g. key strokes on a keyboard, click on a mouse, etc.), however some sign-ons merely open up to the program and do not require anything except a previous selection of the program. The term "standard sign-on" encompasses all of these contingencies.
Step (g) may be further practiced to preclude standard sign-on to the computer software until an authorizing registration sequence has been entered into the computer, and typically is practiced, at least in part, by providing a phone or fax number or electronic address, or combinations thereof, which may be contacted for appropriate registration information on the display screen. Step (e) is typically practiced to control the display screen to query what name, using the same spelling, the software program was initially registered under, or step (e) is practiced to control the display screen to display the name of one or more registered users and inquire as to whether or not sign-on is being practiced by a registered user.
In the most sophisticated form of the invention, at each invocation of the computer software, the software/computer also determine if there is an Init-File in some directory in the current command search path for the software, and if there is not requiring re-authentication by initiating steps (e)-(g). Also, in the most sophisticated form, in response to step (a) there are the further steps of controlling the computer to compute a Chalkmark Checksum, and encoding the Chalkmark Checksum in a Chalk-File and recording the date encoded; and wherein at each invocation of the computer software also determines (i) if there is a Chalk-File in the same directory as Init-File, and (ii) if the system's file-version date for Chalk-File is the same as, within a predetermined deviation range, the date encoded into the Chalkmark Checksum; and if there is not, requiring re-authentication by initiating steps (e)-(g).
Especially where the software is a Shell++ product there is the further step of controlling the computer, in response to the query posed in step (e), to calculate a Checksum using the serial number from the Init-file and the entered registered user name, and to compare the calculated Checksum to the Checksum recorded in the Init-file.
In situations where there are at least two successive versions of the computer software, better control over licensing of successive versions is obtained by using two checksum algorithms, a current-version checksum, and a prior-version checksum. With dual checksums, a user who has not paid a fee for the current version could be advised that the current version needs a new checksum (requires a payment, giving a phone/fax number and/or electronic address), while still being allowed to use the software based upon the prior version license. This allows for a more cooperative transition period for licensed upgrades and new versions, compared to abrupt cutoff. To effect these purposes, the method comprises the further step of controlling the computer and display screen to provide a different Checksum for each of the versions to initiate steps (e)-(g) if one of the versions had not be properly registered.
To accommodate a time based demonstration period (many conventional software products can be used until a specific cutoff date) the method may comprise the further step of controlling the computer and display screen so that steps (e)-(g) are disabled for an initial predetermined period of time or number of sign-on procedures to provide a demonstration period. In implementing this procedure the method also preferably comprises the further step of controlling the computer and display screen to display a message on the display screen reminding the user, at least near the end of the demonstration period, that registration is necessary, and providing information about effecting registration.
According to another aspect of the present invention a method of providing an authentication procedure for a computer software program sign-on, using a computer and a display screen having a standard sign-on procedure, is provided which comprises the steps of: (a) Requiring entry of a registration name at the time of initial use of the computer software program which is provided in an Init-File. (b) Providing a freshness interval based upon number of sign-ons or the passage of time as the maximum allowable hiatus between re-authentication sign-ons. (c) At each invocation of the computer software program determining if an invocation is within the freshness interval. (d) If the invocation is within the freshness interval, controlling the computer and display screen to provide standard sign-on. (e) If the invocation is not within the freshness interval, controlling the computer and display screen to display the name of one or more registered users and inquire as to whether or not sign-on is being practiced by a registered user and to simultaneously provide information about authorized registration; and (f) after step (e) controlling the computer and the screen to provide standard sign-on.
Typically step (e) is further practiced to control the computer and the display screen to provide a query as to whether the user is one of the registered users displayed on the screen, and if the query response is negative, bypassing step (f) and controlling the computer to preclude standard sign-on to the computer software until an authorizing registration sequence has been entered into the computer. Step (b) may be practiced to provide a freshness interval of between one and five weeks.
According to another aspect of the present invention, apparatus is provided for authentication for a computer software program sign-on. The apparatus comprises the following elements:
A computer. A display screen connected to and controlled by the computer. Means for entering commands into the computer. And, means for providing a predetermined task to the computer, comprising: means for requiring entry of a registration name at the time of initial use of the computer software program and for storing the registration name in an Init-File; means for providing a freshness interval based upon number of sign-ons or the passage of time as the maximum allowable hiatus between re-authentication sign-ons; means for at each invocation of the computer software program determining if an invocation is within the freshness interval; means for, if the invocation is within the freshness interval, controlling the computer and display screen to provide standard sign-on; means for, if the invocation is not within the freshness interval, controlling the computer and display screen to provide a re-authentication query on the display screen which requires a response before standard sign-on will be allowed; means for, if the correct response to the query is given, controlling the computer and display screen to provide standard sign-on; and means for, if an incorrect response to the query is given, controlling the computer and display screen to provide information about authorized registration.
The software program may further comprise means for precluding standard sign-on to the computer software until an authorizing registration sequence has been entered into the computer. The means for, if an incorrect response is given, controlling the computer and display screen to provide information about authorized registration may comprise means for, at least in part, providing a phone or fax number, or both, which may be contacted for appropriate registration information, on the display screen. Also, the means for, if the invocation is not within the freshness interval, controlling the computer and display screen to provide a re-authentication query on the display screen which requires a response before standard sign-on will be allowed, may comprise means for controlling the display screen to pose thereon as a query what name, using the same spelling, the software program was initially registered under.
It is the primary object of the present invention to provide, in a simple and effective manner, a level of authentication for a computer based software program which is intermediate trust-based licensing and hardware-based protection. This and other objects of the invention will become clear from an inspection of the detailed description of the invention, and from the appended claims.