1. Field
The present invention relates generally to object oriented programming and object security and, more specifically, to a method for controlling the use of software components with an application program in a computer system.
2. Description
Creation of software as individually marketed object oriented programs or components is a recent trend being embraced by many software developers. A software component is a portion of software that is intended to inter-operate with other software, such as an application program. In some cases, the software component is developed independently from the application program. Developers want to provide greater flexibility with their application programs by structuring portions or features of the software as separate components. This allows the end user to license only those features that the end user desires.
Some components are written using a well-known technology called ActiveX controls. ActiveX controls are a subset of component object module (COM) technology developed by Microsoft Corporation. COM technology may be written in one of several object oriented programming languages such as C++, Java, and Visual Basic, for example. ActiveX controls are typically linked or xe2x80x9cplugged inxe2x80x9d to a portion of an application program called a control container. An ActiveX control registers itself for use by an application program running on a computer system. In systems executing versions of the Windows operating system, commercially available from Microsoft Corporation, a database called a registry is used to store registration information for authorized components. The registry provides a way for a component, such as an ActiveX control, to advise the application program about the component""s functionality. The registry typically includes information which identifies particular components, such as global unique identifiers (GUIDs), category identifiers (CATIDs), and class identifiers (CLSIDs).
Access to a component, such as a COM object, for example, may be obtained through a source code interface definition called a layer class. The layer class provides an interface between the application program and the component (which may be an ActiveX control, for example). A GUID is typically xe2x80x9chard-codedxe2x80x9d or preset into a given layer class. Additional components may be coupled or xe2x80x9cplugged inxe2x80x9d to an application program that may already have one or more components. A plug-in component is said to be xe2x80x9csource compatiblexe2x80x9d if a new version of the component works unchanged in an application program, but the application program must typically be rebuilt. That is, the application program may be recompiled and re-linked before the application program executes with the functionality provided by the new component.
The use of components in this software architecture model presents problems for software developers when they try to market and license the individual components. Currently, there are at least three main approaches used by developers to structure and license application programs having one or more components. In a first approach, an application program may be partitioned into components at the source code level. In many cases, the components may be combined with the application program in various ways. This results in a different xe2x80x9cbuildxe2x80x9d or release of the software for each new combination. Hence, as the number of component and application program combinations increases, the number of different versions grows rapidly, thereby increasing the cost to distribute and support the software. In a second approach, an application program uses dynamic link library (DLL) files to implement the components. A major disadvantage to the use of DLL files is that DLL files are typically not registered by an end user and may easily be copied from one computer system to another. In a third approach, an application program uses component object modules (COM) or a similar technology to register the components, as discussed above for ActiveX controls. However, these objects may also easily be copied from one computer system to another.
These approaches do not provide adequate protection from unauthorized use of a developer""s software by limiting application programs to inter-operate only with licensed versions of the developer""s components. Therefore, what is needed is a method for ensuring that unlicensed copies of software components cannot operate with associated application programs.
An embodiment of the present invention is a method of generating a password for controlling usage of a software component by an application program. A first key is created from an identifier of the application program, a second key is created from an identifier of the component, and the password is created from the first and second keys.
Another embodiment of the present invention is a method of controlling the usage of a software component with an application program in a computer system. The method includes obtaining an identifier of the application program and generating a first password from the application program identifier and an identifier of the component. The method also includes registering the component with the application program, generating, by the application program, a second password from the application program identifier and the component identifier, comparing the first password and the second password; and allowing use of the component with the application program on the computer system when the first password matches the second password.