1. Field of the Invention
The present invention relates generally to preventing unauthorized access to electronic data, such as for example computer software, music, movies, e-books, and the like. More specifically, the present invention relates to an access authorization system and method in which a client electronic device communicates with a licensing medium that stores license data identifying the electronic data to which the user is authorized to have access. The client electronic device also communicates with a central registration authority that contains a database used to verify the license data.
2. Related Art
Electronic devices, both wired and wireless, such as personal computers, handheld computing devices, personal data assistants, cellular telephones and CD and DVD players, are ubiquitous. These devices perform an increasing array of functions, including business, entertainment and educational type functions, just to name a few.
The common link between these electronic devices is their use of electronic data to perform their respective functions. The electronic data may be used to control the device itself, such as, for example, when the data comprise a computer software program. Alternatively, the electronic data may be intellectual content that is manipulated by these devices, such as, for example, when the data comprise music, movies, e-books, database information, or other forms of data that are privileged, copyrighted, proprietary or otherwise protected from unauthorized access.
In either case, the electronic data are valuable because of the time and effort that was expended in their creation. For example, a computer software program typically is the product of a labor-intensive development that involves software engineers, programmers, artists and marketers, just to name a few. Similarly, music, movies and e-books typically are the product of creative endeavors of artists and authors. In addition, the creation of all of these forms of electronic data may involve extremely costly production and marketing efforts.
By contrast, copying such electronic data typically requires very little time, effort and money. Consequently, unauthorized copying and distribution of electronic data is rampant. With regard to personal computer software, for example, it is estimated that 30% of software used in the United States is unlicensed and therefore unauthorized.
In certain foreign nations, in excess of 95% of the software programs in use are unauthorized copies, which were created in the United States or elsewhere and sold at a small fraction of their U.S. retail price. In some of these foreign nations, software piracy has become a large industry. This widespread unauthorized use of software and other electronic data has a potential chilling effect on the artists, entrepreneurs, and others who would create it.
The law, of course, provides some mechanisms for preventing or discouraging such piracy. Copyright protection, for example, is one of the most common legal means of protecting electronic data. Patent protection, also, is increasingly being used to protect some electronic data, particularly various aspects of computer software. Contractual provisions, such as licenses, are widely used as an adjunct to other forms of protection.
The right to use software under a license agreement may be restricted to a single user or a single computer. Where use on more than one computer is contemplated, such as in a local area network (LAN), the license may allow use on a number of computers. This sort of multiple computer license is often referred to as a site license, since it typically is implemented to allow several computers at a particular site to run the licensed software.
However, the effectiveness of these legal and contractual measures has been inadequate. Accordingly, vendors of electronic data have turned to technological means of protecting their intellectual content.
For example, licensed electronic data, such as computer software, may be protected from unauthorized use and/or copying by using a protection scheme that requires the user to register the licensed software with the vendor. Generally, such protection schemes use a registration program that is included with the software and executes upon installation of the software.
The registration program requires the user to enter a code sequence that was provided by the vendor with the software, e.g., printed on a CD-ROM case. The code sequence is checked by the registration program to determine whether it is valid. If it is valid, the registration program enables the user to use the software.
Conventional registration programs determine the validity of the code sequence using mathematical algorithms. Typically, such algorithms are simply the inverse of the algorithm initially used by the vendor to generate the set of valid code sequences that are distributed with the software.
While such conventional schemes do provide a rudimentary measure of security, they are far from unbeatable. In fact, such security systems are often thwarted by pirates who ascertain the algorithms for determining validity by analyzing the code sequences that they generate. Once an algorithm has been ascertained, it may be used by unauthorized users to generate valid code sequences for the licensed software. These valid code sequences or the algorithm itself, which is known as a keygen, then may be distributed widely to large numbers of unauthorized users. Indeed, keygens for many commercially successful licensed software products are freely available on the Internet.
Some vendors have attempted to improve upon the code sequence protection scheme by requiring users to enter certain personal information, such as the user's name and telephone number. This information is transmitted to the vendor where it is encoded and used in the code sequence generation process. The code sequence is sent back to the user, who uses it to unlock the software. However, this approach, like the code sequence approach discussed above, is also based on an ascertainable mathematical algorithm and therefore also may be circumvented for the same reason.
Another approach to preventing unauthorized access to licensed software is to require the user to have hardware keys, which are referred to as dongles, connected to the user's computer in order to use the licensed software. Typically, dongles are connected to the input/output (I/O) port of a computer.
There are numerous disadvantages in the use of dongles. For example, each piece of licensed software requires a separate dongle, but computers typically have a limited number of I/O ports. Consequently, a number of dongles may have to be connected to a single I/O port if several pieces of license software are to be used. This may result in interference between the attached dongles, which may cause the dongles or the associated software to fail. Another disadvantage is that dongles may be easily lost or stolen. Software licensors typically replace lost or stolen dongles for a nominal fee, which may allow unauthorized users to easily obtain dongles.
Another approach to preventing unauthorized use and/or copying of licensed software is to require the user to have a licensing module connected to the user's network in order to use the licensed software. This approach is discussed in U.S. Pat. No. 6,101,606 (Diersch et al.). The module may contain an identification code and other licensing information. The licensed software periodically communicates with license management software on a network server. The license management software, in turn, communicates with the licensing module to determine whether a valid module is connected to the network.
There are several disadvantages to the licensing module approach. The licensing module contains a fixed identification code that may be ascertained through analysis of the module. Ascertaining the identification code would allow an unauthorized user to duplicate the module. Another disadvantage of the licensing module approach is that the licensing module is vulnerable to tampering. For example, a user may seek to increase the number of authorized users for a site licensing by changing licensing data stored in the module.
Yet another disadvantage of the licensing module approach is that authorized users are unable to use the licensed software on computers that are not connected to the single, fixed network. For example, an authorized user would not be able to use the licensed software on a laptop computer, personal digital assistant or other type of mobile computing device.
Another approach to preventing unauthorized use and/or copying of licensed software is to provide license management software that is installed on the user's server, as discussed in U.S. Pat. No. 6,049,789 (Frison et al.). The management software transmits pay-per-use license requests for the licensed software to a central license management system. The central license management system grants pay-per-use licenses to the user upon receiving these requests and maintains billing records.
This approach, however, suffers from the disadvantage that the user must be connected to the central license management system in order for a pay-per-use license to be granted. Consequently, as in the case of the licensing module, the software cannot be easily used on mobile electronic devices such as a laptop or personal data assistant.
There is a need, therefore, for a system and method for preventing unauthorized access to electronic data that takes an entirely fresh approach and overcomes the drawbacks of the conventional techniques.