Software products such as operating systems and application programs often contain materials that are protected under copyright law, which grants the author of a piece of original work (e.g., software code) exclusive rights over the usage and distribution of the work. To obtain a copy of a software product from a vendor who owns rights to that software product, a user and the vendor typically enter into a license agreement, which governs how the user may use and/or distribute the software product. For example, the license agreement may restrict the number of times the user can install the software and/or the number of computers on which the software may be installed.
It is damaging to vendors selling software product licenses, if users obtain copies of software products without paying for them. To prevent use of such unauthorized copies, software vendors often require that an “activation” process be completed when an attempt is made to install a copy of a software product. This process typically involves determining whether the copy is authorized for installation (e.g., whether the copy was legitimately purchased by the user) and/or whether the installation is in compliance with one or more applicable license agreements (e.g., whether the user has exceeded a maximum number of permitted installations).
Some conventional software activation techniques make use of a so-called “proof-of-purchase,” which is a piece of information made available to a user when the user legitimately purchases or otherwise legitimately obtains a copy of a software product, and which serves as “proof” of legitimacy of the purchase. When such proof is accepted or validated, the user is given permission to complete the installation, and appropriate features in the software product are enabled depending on the license(s) granted to the user for that particular installation.
Often, it is the case that a computer system purchased from a retailer has software pre-installed by an original equipment manufacturer (OEM) or an original design manufacturer (ODM). Hereinafter, the terms OEM and ODM are used interchangeably. In this setting, one of the conventional approaches to software activation is based on the so-called “bypass” mechanism, wherein the OEM buys a generic license from a software vendor and stores a static token associated to the generic license on the computer system's hardware (e.g., the motherboard BIOS). Next, an individual proof-of-purchase paper sticker—called a certificate of authenticity (COA)—is affixed to the computer. The COA allows users to visually verify whether or not the software they purchased is genuine. Users may input the COA to activate the software pre-installed by the OEM without interfacing with, and thereby bypassing, the software vendor.