This specification relates to software copy protection for software installed on virtual machines or mobile devices.
Some software copy protection schemes tie a software license to a specific computer. Microsoft® Windows Product Activation (WPA) is an example. With WPA, activation occurs whenever Microsoft® Windows is installed on a computer. To identify the computer, WPA collects information about the hardware, including, for example, memory size, network MAC address (Media Access Control address), or hard disk model name. The activation module in Windows sends a representation of this information along with a product key to Microsoft over the Internet. The product key is intended to identify a single copy or license of Windows. If Microsoft has seen that product key with too many different computer representations, the activation server can refuse the activation. WPA also records the activation information including the hardware information on the hard drive of the computer on which Windows is installed.
On subsequent reboots, WPA checks the current hardware information against the recorded version—if the hardware differs too much then it assumes that the Windows copy has been moved to a different computer, in possible violation of the license, and requests that the user perform the activation process again.
More generally, in a hardware-based activation process for a software product, when the product is installed or run for the first time, the product gets one or more hardware descriptors from the computer on which the product is (or is being) installed. Each hardware descriptor identifies or describes an item of hardware installed on the computer and generally includes description information for a hardware feature that can be used to identify the computer, for example, memory size, network MAC address, or hard disk model name. The description information can take the form of a text string. The product can collect the hardware descriptor information from the underlying computer or operating system. The product sends the hardware descriptors to an authentication site, e.g., over the Internet, which will grant or deny authentication. The site might deny authentication if, for example, the product key had previously been activated with too many different hardware descriptors, suggesting that the product is being installed on a different computer, rather than on the same computer with upgraded hardware. If activation is granted, the product saves the hardware description as part of activation information for use when the product is run later.
When the product is run later, the product checks whether the computer on which the product is run shares enough similarities with the hardware description saved in the activation information at the time activation was granted. If the computer shares enough similarities, the product continues to run. Otherwise, the product asks the user to activate the product again, going through the actions described above.
This scheme will fail to tie the software to a product if the product is installed on a virtual machine. Because all its devices are virtual, a virtual machine monitor or a hypervisor will return the same hardware description information to a guest operating system or application regardless of the computer on which the virtual machine is run.