WO2001092993A2

WO2001092993A2 - System and method for licensing management

Info

Publication number: WO2001092993A2
Application number: PCT/US2001/018045
Authority: WO
Inventors: John Denton Biddle; Thomas Allen Clarke; Scott Allan Woods; Keith Wayne Rupp
Original assignee: Vigilant Systems, Inc.
Priority date: 2000-06-02
Filing date: 2001-06-04
Publication date: 2001-12-06
Also published as: AU2001266692A1; US20020107809A1; WO2001092993A3

Abstract

The present invention discloses an improved system and method for managing licensing data that may be applied to any property, product and/or service licensing model. The licensing management system (20) and method may further include client (30) and server managed security features to control or otherwise monitor and/or restrict the use and re-distribution of licensed subject matter. In one specific application, the present invention provides, for example, a system and method for licensing software applications over a network (35) on a user (30) self-serve, subscription-based model. The present invention, in addition to providing 'out-of-the-box' functionality, also provides the user (30) with the ability to optionally customize the implementation of the licensing management system (20) to uniquely conform to specific user goals.

Description

TITLE: SYSTEM AND METHOD FOR LICENSING

MANAGEMENT

INVENTORS : John Biddle, Thomas Clarke, Scott Woods and Keith Rupp

RELATED APPLICATIONS

The present application claims the benefit of and priority to U.S. Provisional Application No. 60/208,901 filed June 2, 2000; the entire content of which is hereby incorporated by reference.

F ELD OF THE INVENTION

The present invention generally relates to the management of licenses, hcensing data and/or other information. More particularly, the present invention relates to a system and method for managing licensee and licensor licensing of, inter alia, property, products and/or services. In one specific aspect, the present invention further relates to a system and method for hcensing of software applications over a network.

BACKGROUND OF THE INVENTION

Many commercial transactions are based on the hcensing of property, products or services which may involve a limitation of the scope and/or duration of their use. Accordingly, licensing contracts may operate to restrict or otherwise hmit the user's ability to assign, redistribute, resale or otherwise alter the intended beneficiary of the license, while other restrictions may be directed to how, when, where and for how long the use may occur. Both parties generally derive an economic benefit from structuring a transaction in such a fashion: (1) the licensor retains ownership interest in the subject of the license and control over who may make, use or sell the same; and (2) the licensee enjoys the benefit of using the property, product or service at a reduced cost as compared to the licensee having to (a) acquire the subject of the license by freehold, or (b) develop the property, product or service at the expense of other capital resources.

With respect to licensor transactions, the growth of the global market has been a factor in hcensing being refined and developed to better serve both economic and strategic business goals. For example, where licensor 'A' grants a license to Ucensee 'B', such a license may be granted in consideration of a license granted back from licensee 'B' to original licensor 'A' (e.g., a cross license). In these circumstances, both party 'A' and party 'B' will be deemed to have determined that the granting of a cross license strengthens or otherwise prospectively improves their relative positions in the marketplace. Moreover, licenses that have been granted, received and/or traded may be accumulated into a hcensing portfolio having tangible economic value which, for example, may be leveraged or borrowed against to fund further capital resource development.

With respect to Ucensee transactions, individuals encounter a variety of circumstances in their daily lives that involve the hcensing of goods and services, such as, for example: renting a house or apartment; renting a hotel room; purchasing a ticket to an amusement park; watching a film at a movie theatre; renting or leasing a car; purchasing a parking pass; obtaining permission from the state to operate a motor vehicle or to place a particular motor vehicle in service; purchasing a membership at a discount warehouse store; flying on a commercial airline; using a passport or obtaining a visa to enter a foreign country; making a telephone call with a caUing card; using computer software applications; casting a vote at a shareholder's annual meeting; or joining a country club; etc.

With the growth of hcensing business models, problems involving the efficient distribution, authorized conveyance, tracking, and management of hcenses, both by licensees and Ucensors, has grown as weU. By way of example, in the commercial software industry, for instance, software application products have generally been sold on a purchase basis with license agreements for Umited use of the software. Sales representatives often market the software to prospective end-users and, upon purchase in a conventional fashion, the software is then provided to the user on diskettes or other media along with, for example, user manuals. As such, many software applications have been sold primarily on a long-term or permanent Ucense basis with support service being provided under long-term, fixed-price contracts.

From an end-user's perspective, software acquisition under a conventional purchase based Ucense agreement can be expensive. Specifically, once an end-user initially invests in a conventional software purchase, the purchase based acquisition of additional software titles from other vendors may not be feasible. Moreover, the vendor may charge the user for appUcation upgrades and continuing product support. In this regard, many end-users may become overly dependent on a particular vendor and/or appUcation product. Under such circumstances, the end-user may not have the flexibility to manage costs efficiently. Moreover, even though the software may only be required several months out of a year or relatively few times in the user's development cycle, the user typically stiU obtains a long- term Ucense in order to use the software under the terms of a conventional purchase based Ucense agreement. This can be disadvantageous for end-user's, particularly considering the limited shelf-life of most software titles. Moreover, because resources are already aUocated, end-users may experience constraints on their ability to acquire or convert to superior software tools and services as they may become available.

From a software appUcation vendor's perspective, a large portion of revenue is generally spent on sales, marketing and user support through direct sales and the use of VAR (value added reseller) channels. However, Internet access and the proliferation of high speed connections (i.e., Tl, cable and DSL) have made the electronic distribution of software appUcation products more feasible. As the popularity and accessibility of the Internet has grown, vendors have increasingly looked to the Internet as an effective medium for reducing sales and marketing costs. As a result, some vendors have expanded to support electronic purchase and delivery of software apphcations over the Internet, but generaUy under the conventional purchase based hcense agreement model discussed immediately above. However, the prior art has not solved the problem of providing a comprehensive method to manage, track and customize, inter alia, software apphcation hcenses.

In addition to cost and efficiency concerns, vendors often are confronted with the issue of software piracy and other unhcensed, unauthorized or illegal use. As a result, vendors have generally implemented certain security features within software products to protect the apphcation from unlicensed use. The vendor may therefore find that expensive additional resources are required to support the hcensing security features in addition to support for the apphcation itself. In many instances, the support for an apphcation may include live telephone support; however, as many as 50% of the technical support caUs that a vendor receives may involve hcensing issues. Often, this can prove to be a burden on the vendor's available development resources. Accordingly, having an extensible hcensing management system to use, in one exemplary aspect, for the electronic distribution of appUcation products would substantially improve the abihty of software vendors to more efficiently reallocate resources to, for example, appUcation development. The electronic distribution of software apphcations also poses a security risk for many vendors. Conventionally, where an encryption method may be employed to protect the software code, protection after decryption of the software may be minimal or nonexistent. Accordingly, once the software has been delivered to the end-user's platform, it may be difficult for the vendor to protect against tampering and software piracy. Furthermore, the electronic security solutions implemented by vendors are not necessarily safe for the user. For example, the user may be required to maintain a data connection with the AppUcation Service Provider (ASP) while using the distributed software. An ASP working environment may also require the user to upload potentially sensitive data to the vendor site, thereby introducing security issues in those circumstances where the user may be excluded from running the distributed apphcation if access to the vendor site is occupied by other users.

Software apphcation vendors, therefore, are faced with several challenges when trying to estabUsh and manage product hcensing for their products, such as: managing order entry; tracking product use; offering multiple hcensing options; integrating license management into product instaUation; ensuring hcensing information and product source are secure; managing distributed support across a network; customizing the hcensing process; giving end-user's control over how their hcenses are dynamicaUy distributed and employed; and controUing the cost and complexity of hcense management; etc.

There is therefore a need to address these and similar deficiencies associated with the effective and efficient management of hcensing in a wide variety of hcensee and licensor market environments. With respect to the software apphcation industry in particular, a need exists for a turnkey electronic method for obtaining hcenses and distributing software apphcations on an as needed basis. A need also exists for a network-based system that aUows software user's online access to a variety of application tools that may be used on a trial basis to determine product usefulness and then purchased in a secure, convenient fashion for as long as the apphcation product is needed or on a subscription basis. A need also exists for a secure method for vendor distribution of software and for maintaining security on the end-user's platform. Additionally, a need also exists for dynamic user-level management of the distribution and use of software apphcation licenses.

SUMMARY OF THE INVENTION

The present invention discloses an improved system and method for managing licenses. The system may be embodied as a comprehensive computer implemented method for permitting Ucensor and Ucensee management of the hcensing of property, products, and/or services. In one exemplary embodiment, the hcensor features permit distribution, tracking and information management of hcenses sold or otherwise granted to merchants or consumers. In another exemplary embodiment, the hcensee features permit redistribution, reaUocation, renewal, tracking, organization and information management of Ucenses purchased or otherwise granted to the consumer.

The present invention also describes, in one exemplary application, a system and method for the effective management of software apphcation hcensing implemented with, for example, a chent-server model which includes a method of wrapping licensing instructions around a software product and integrating hcensing management as part of the instaUation process. A database is generally maintained on a Ucense server while other chent-side activities may be performed, whereby database administration, product definitions, scripting, product wrapping, purchase orders, and user instaUations may be handled remotely using a data messaging protocol with the hcensing server. The structure and flow of licensing management is improved, resulting in reduction of cost and minimization of complexity associated with vendor and end-user hcensing management. Moreover, the system and method permits a software vendor to optionally customize the implementation of the hcensing management system to uniquely conform to specific vendor goals. Additionally, the system and method aUows the end-user to distribute, track and manage an application Ucense Ubrary for administering multiple Ucenses.

The software hcensing management method includes the foUowing exemplary steps: (1) the vendor/developer creates a software apphcation product to be hcensed; (2) the vendor/developer identifies a hardware system to act as a hcensing management platform and instaUs the Ucense management server software on that system; (3) using tools integrated with the hcensing management software, the vendor/developer generates optionally customized instructions for wrapping hcense management code around the apphcation to create a hcense management protected apphcation; (4) the protected apphcation may then be packaged and dehvered to end-user hcensees for subsequent instaUation and use; (5) when a local instance of the protected apphcation is instantiated by the end-user hcensee management chent, the management chent requests authorization from the Ucense management server to provide appropriate access to the wrapped apphcation; and (6) the vendor/developer instaUs optionally customized database views for order fulfillment and field support systems to receive product orders and/or to manage sales.

A global location for third party software development companies to distribute software tools is also disclosed. The hcensing model may be implemented using an electronic storefront provided through, for example, a website that may be owned and maintained by a distributor. Users access and search the electronic store by using, for example, a web browser and then download third party software applications wherein the downloaded software includes security to control the use and re-distribution of the apphcation. A hcense to use or redistribute the software may then be purchased by a user for a specified time period. The distributor may be responsible for handling security violations thereby reducing the vendor's/developer's reallocation of development resources to monitor or to support hcensing of software. The global location distribution model is especially appUcable for design engineers who may download software apphcations which are used as design tools in the Electronic Design Automation (EDA) field. The end-user can elect to use the software on a trial basis to determine if the software conforms to user expectations and requirements or on a subscription basis for a period of time. Moreover, the user may use the software for the subscribed period of time and then either renew or cancel the subscription.

In one aspect of the present invention, the vendor may be a third party developer, wherein the vendor may also maintain substantial control of the distribution, tracking and management of software hcenses granted to customers and where vendors may also prefer to control the processes of integrating the appropriate hcensing information and security measures into the software apphcation instead of allowing a distributor to perform those functions. A vendor may also prefer to have improved control over the distribution of their own and other third party software to customers thus taking on the role of distributor as weU as third party developer/vendor. In an alternative embodiment, the distributor provides the vendor with a software licensing system (SLS) whereby the vendor receives the tools to: (1) instaU a hcensing server and establish a default database on existing vendor hardware; (2) customize and integrate hcensing information into the software product; and (3) administer or otherwise manage licenses for vendor software products. In this particular embodiment, the vendor would not need to aUocate valuable resources to develop the software hcensing and security code; rather, the vendor may purchase the Ucense management code, in the form, for example, of a pre-packaged system from the distributor on a subscription basis. The hcense management system also allows the vendor to set up a database and a server to distribute, track and manage software hcenses over a network. Additionally, the distributor of the SLS may optionally host the database for the vendor remotely, if the vendor so desires. A user may then access and search, for example, a vendor's website using a web browser to download a desired software apphcation. The first time the user runs the software apphcation after instaUation, the user is prompted to provide registration information to obtain a hcense. In an alternate embodiment of the present invention, the distributor for the SLS may also have the SLS instaUed to distribute, track and manage the licensing of the SLS to various vendors.

The hcensing management system and method may provide the foUowing advantages, features, improvements and services in the software apphcation industry: (1) a software-only implementation that eUminates the cost and administration associated with hardware-based keys; (2) a turnkey vendor implementation with a simplified instaUation for the end user; (3) network-enabled hcensing and upgrades through direct and/or third-party channels administered from a centralized location; (4) flexible, term-based hcensing models (such as variable durations and trial offerings) that the vendor/developer can specify and modify dynamically; (5) support for customer self-service access to prepaid subscription offerings where the customer acquires additional licenses or other software titles over the internet without direct vendor contact; (6) comprehensive database tools that coUect and maintain, for example, product, license, and user information and that provide reports and other services to assist in customer retention management programs; (7) support for extensible scripting that can be used to generate custom messages and gather information for marketing, field support, or other interested parties; (8) hcense portabUity in which licenses may be dynamicaUy managed by end-users and transferred from one machine to another; and (9) multiple security layers to protect against unhcensed access.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other features and advantages of the present invention are hereinafter described in the foUowing detahed description of iUustrative embodiments to be read in conjunction with the accompanying drawings and figures, wherein like reference numerals are used to identify the same or similar system parts and/or method steps in the similar views and:

FIG. 1 is a block diagram depicting an exemplary overview of one embodiment of the present invention;

FIG. 2 is a block diagram expanding on Fig. 1 by depicting exemplary detaUs of one embodiment of the present invention;

FIG. 3 is a diagram depicting exemplary database structure in accordance with another embodiment of the present invention. FIG. 4 is a table depicting an overview of various exemplary view options for a licensing server access tool in accordance with another embodiment of the present invention;

FIG. 5 is a screenshot showing exemplary detaUs of a database administration utUity in accordance with another embodiment of the present invention; FIG. 6 is a screenshot showing exemplary detaUs of a user administration utUity feature in accordance with another embodiment of the present invention;

FIG. 7 is a screenshot showing further exemplary details of the user administration utUity depicted in Fig. 6 in accordance with yet another embodiment of the present invention; FIG. 8 is a screenshot showing exemplary detaUs of a product administration utility feature in accordance with another embodiment of the present invention;

FIG. 9 is a screenshot showing exemplary detaUs of a script administration utUity feature in accordance with another embodiment of the present invention;

FIG. 10 is a screenshot showing exemplary detaUs of a script editing and building utUity feature in accordance with another embodiment of the present invention;

FIG. 11 is a screenshot showing exemplary detaUs of a wrapping utUity feature hi accordance with another embodiment of the present invention;

FIG. 12 depicts exemplary client default hcense script code in accordance with another embodiment of the present invention; FIG. 13 is a screenshot showing exemplary detaUs of a product ordering utility feature hi accordance with another embodiment of the present invention;

FIG. 14 is a screenshot showing further exemplary details of the product ordering utUity depicted in Fig. 13 in accordance with yet another embodiment of the present invention; FIG. 15 is a screenshot showing exemplary detaUs of a client Ucense management user interface in accordance with another embodiment of the present invention;

FIG. 16 is a screenshot showing further exemplary detaUs of the chent hcense management user interface depicted in Fig. 15 in accordance with yet another embodiment of the present invention; FIG. 17 is a block diagram depicting exemplary functions of an online commerce system in accordance with another embodiment of the present invention;

FIG. 18 is a block diagram depicting an exemplary process for preparing vendor software in accordance with another embodiment of the present invention; FIG. 19 is a flow chart Ulustrating an exemplary method for hcensmg the software to a user in accordance with another embodiment of the present invention;

FIG. 20 is a flow chart Ulustrating an exemplary process for subscribing for a Ucense in accordance with another embodiment of the present invention; FIG. 21 is a screenshot of an exemplary software apphcation to be hcensed in accordance with another embodiment of the present invention;

FIG. 22 is a screenshot showing exemplary selectable features and options associated with a software appUcation to be licensed hi accordance with another embodiment of the present invention; FIG. 23 is a screenshot showing exemplary confirmation of selected levels and options of a software apphcation to be hcensed in accordance with another embodiment of the present invention;

FIG. 24 is a screenshot showing exemplary confirmation of the licensee user computer information in accordance with another embodiment of the present invention; FIG. 25 is a screenshot showing exemplary confirmation of the hcensee 's selected payment method in accordance with another embodiment of the present invention;

FIG. 26 is a screenshot showing an exemplary receipt for the purchase of a hcense in accordance with another embodiment of the present invention; and

FIG. 27 is a screenshot showing exemplary detaUs of subscription information associated with a particular account in accordance with another embodiment of the present invention;

Other aspects and features of the present invention will be more fully apparent from the detaUed description that foUows.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Various exemplary implementations of the present invention may be apphed to any property, product, service and/or inteUectual property licensing model utilizing a computer- based system and method for the management of hcensing portfolios. The implementations include, for example: the leasing of real property; the leasing of chattels; the hcensing of copyrights, trademarks, patents, and/or trade secrets; the hcensing of any other form of intellectual property hereafter derived by those skiUed hi the art; the hcensing of services; and the hcensing of non-possessory interests and/or rights, such as, for example, a right of reentry to land, a remainder interest, a hfe estate, a right to exercise an option under an options contract; etc. As used herein, the terms "license" and "licensing", or any variation thereof, are intended to denote anything that is currently susceptible to being hcensed or otherwise abstractly or concretely transacted between at least two parties where at least one party retains at least partial control over the nature and/or duration of use of the subject of the transaction, or anything that may hereafter lend itself to the same or similar characterization. The same shall properly be regarded as within the scope and ambit of the present invention. By way of example, a detaUed description of an exemplary application, namely the hcensing of computer software, is provided as a specific enabling disclosure which may be generalized by those skiUed in the art to any apphcation of the disclosed computer-based system and method of hcensing management in accordance with the present invention.

Systems and methods in accordance with exemplary computer software implementations of the present invention may provide for, inter alia, a subscription-based, cost-effective, software hcensing model enabling access to a variety of software apphcations over a computer network, such as, for example, the Internet. Referring now to Fig. 1 and 2, in one exemplary embodiment, a distribution system 20 is utUized to provide for the downloading of software from a distributor computer 25 to a user computer 30 and a licensing model is executed through secure, online transactions between the distributor 25 and the user 30. The distributor computer 25 and the user computer 30 are interconnected via respective data links 45, 50 and 55 to a network, such as Internet 35, for data communications. Thus, distribution system 20, namely the downloading of software and the secure online transactions enabling the purchase of a hcense to use the software on a subscription basis, can be conducted over the Internet 35.

User 30 represents, for example, individual people, entities or businesses, and is equipped with a computing system to facilitate online commerce transactions. The user computer 30 can be any type of computing device, such as, but not limited to, desktop computers, workstations, laptops, handheld computers and/or mainframe computers. As those skUled in the art will appreciate, user computer 30 wUl typicaUy include an operating system (e.g., Windows 95/97/98/2000, Linux, Solaris, etc.) as weU as various conventional support software and drivers typically associated with computers. User computer 30 may be located, for example, in a home or business environment with access to a network. In an exemplary embodiment, access is through the Internet 35 through a commercially-available web-browser software package. Distributor computer 25 comprises any combination of hardware, software, and networking components configured to receive and process requests from users 30. In addition, distributor computer 25 provides a suitable website or other Internet-based graphical user interface which is accessible by users 30. In one embodiment, the Internet Information Server, Microsoft Transaction Server, and Microsoft SQL Server, are used in conjunction with the Microsoft operating system, Microsoft NT web server software, a Microsoft SQL database system, and a Microsoft Commerce Server. Additionally, components such as Access Sequel Server, Oracle, Mysequel, Interbase, etc., may be used to provide, for example, an ADO-comphant database management system. The term "webpage" as it is used herein is not meant to limit the type of documents and applications that might be used to interact with the user 30. For example, a typical website might include, in addition to standard HTML documents, various forms, Java applets, Javascript, active server pages (ASP), common gateway interface scripts (CGI), extensible markup language (XML), dynamic HTML, cascading style sheets (CSS), helper apphcations, plug- ins, and the like.

The vendor computer 40 comprises any combination of hardware, software, and networking components configured for a software development environment and that suitably provides the vendor access to the Internet 35. A variety of conventional communications media and protocols may be used for data links 45, 50 and 55. Such links might include, for example, a connection to an Internet Service Provider (ISP) over the local loop as is typicaUy used in connection with standard modem communication, cable modem, Dish networks, ISDN, Digital Subscriber Line (xDSL), or various wireless communication methods. User computer 30 might also reside within a local area network (LAN) which iterfaces to network 35 via a leased line (Tl, DS3, etc.). Such communication methods are weU known in the art, and are covered in a variety of standard texts. See, for example, GILBERT HELD, UNDERSTANDING DATA COMMUNICATIONS (1996), incorporated herein by reference. In an exemplary embodiment, the present invention is suitably deployed in the context of a large user-base, so network 35 as depicted in Fig. 1 preferably corresponds to the Internet 35. As used herein, the term "Internet" refers to the global, packet-switched network utilizing the TCP/IP suite of protocols or any other suitable protocols. Nevertheless, the present invention may be implemented in other network contexts, including any future alternatives to the Internet, as weU as other suitable "Internetworks" based on other open or proprietary protocols. For further information regarding specific information related to the protocols, standards, and apphcation software utUized in connection with the Internet, see, for example, DlLIP NAΓK, INTERNET STANDARDS AND PROTOCOLS (1998); JAVA 2 COMPLETE, various authors, (Sybex 1999); DEBORAH RAY AND ERIC RAY, MASTERING HTML 4.0 (1997). LOSFΠN, TCP/IP CLEARLY EXPLAINED (1997). All of these texts are hereby incorporated by reference.

In an exemplary embodiment, distribution system 20 as represented in Fig. 1, is implemented between the distributor 25, the vendor 40, and the user 30. Alternatively, the vendor 40 does not have to be connected to the Internet; however, the vendor may enter an agreement with the distributor to aUow the vendor's software to be offered as one of the products in the online distribution system 20. Additionally, a vendor 40 can also assume the role of distributor 25 by purchasing a hcensing system from a distributor 25 and carrying out the function of distributing software products directly to the user rather than giving the software product back to the distributor for distribution. For general discussion purposes, one vendor 40 and one user 30 is shown. However, multiple vendors 40 can have agreements with the distributor 25 or the distributor 25 can offer software apphcations developed by, or acquired by, the distributor. Also, multiple users 30 can have access to the distributor. Distributor 25 may include a website to offer and engage in an online commerce system such that the distributor can make contact with users 30 and vendors to offer the products and services associated with the system. Alternatively, in the instance where the vendor 40 is also the distributor 25, contact can be made between multiple users and a particular vendor 40.

In general, an exemplary process by which a global on-line commerce system may be constructed is represented in Fig. 17. It should be understood that the exemplary process illustrated anywhere herein may include more or less steps or may be performed in the context of a larger processing scheme. Furthermore, the various flowcharts presented in the drawings are not to be construed, inter alia, as limiting the order, number, omission, addition or other variation of individual process steps that may be performed. After an agreement between a software vendor 40 and distributor 25 (step 102) has been finalized, the distributor 25 sends a "toolkit" to the vendor (step 106). Vendor 40 uses the toolkit to prepare the vendor software by making modifications to the software apphcations (step 110). Vendor 40 then compUes the software apphcation with the new modifications and additions and sends the compUed version of the software to the distributor 25. The distributor 25 wraps the software and sends it back to the vendor 40 (step 114). The vendor 40 then adds the wrapped software apphcation to an instaU program (step 118) and sends it back to the distributor 25. The distributor 25 then adds the software apphcation to the electronic store (step 122) to aUow users 30 to download the software apphcation to a user computer (step 126). After downloading and installing the apphcation, user 30 has the option of obtaining a Ucense for the apphcation, for example, either in the form of a free trial period, by purchasing a subscription, or purchasing a long-term license (step 128). After obtaining a license, user 30 can then run the apphcation (step 132).

In an alternative exemplary embodiment, a vendor purchases a software Ucensing system (SLS) from the distributor 25 which includes at least a hcensing server module 82 and at least an access tool 67, 68, 69 or 71, for example, as shown in Fig. 2. Distributor 25 sends the system to the vendor 40 with vendor 40 using the tools in the SLS (82 and at least one of 67, 68, 69, or 71) to integrate Ucensing information and security measures into the software apphcation. Various methods for securing the executable code now known or hereafter derived by those skUled in the art may be used to secure the software apphcation. The SLS (82 and at least one of 67, 68, 69, or 71) aUows the vendor 40 to customize the hcensmg and security information to fit the needs of a particular software apphcation. In addition to modifying the vendor software, vendor 40 uses the SLS (82 and at least one of 67, 68, 69, or 71) to estabhsh a database and a method for tracking and managing software licenses. The SLS (82 and at least one of 67, 68, 69, or 71) is composed of several programming tools. There are at least two install programs that instaU on the vendor 40 hardware: the code for establishing a hcensing server with a database (server-side tools); and the code to modify software applications, manage, track and distribute Ucenses (client-side tools). The first instaU program for server-side tools instaUs the hcensing server onto the vendor's server system.

The hcensing server instaUation program may use, for example, the InstaUShield mechanism to instaU the product. InstaUing the hcensing server typicaUy includes minimal input by vendor 40. Thereafter, a database management system, such as, for example, an ADO-compliant database management system, is confirmed to exist on the server. A database is then specified that can be used as the hcensing database 49. The Ucensing server instaUation program populates the hcensing database 49 with default data and the hcensing table structure 52 as shown, for example, in Fig. 3. Thereafter, in another exemplary embodiment, database objects may be optionally customized using a database administration utUity, such as the one substantially as shown, for example, in Fig. 5, 6, 7 and 8. In a preferred exemplary embodiment, a 'create hcense database' program is run by the instaU program to estabUsh on an existing, ADO-compatible database 49 management system, the fields and default values to store customer and hcensing information. Using a development environment, vendor 40 can add additional fields to the database 49 to track additional data. If vendor 40 does not have a database management system, a copy of, for example, an ADO compliant database may optionaUy be included in the SLS (82 and at least one of 67, 68, 69, or 71). If an existing database 49 is designated, the program may be adapted to add the licensing tables to that database 49. In one embodiment, the program may generate an error and prevent overwriting if tables with the same names as the hcensing tables exist.

Additionally, in one exemplary embodiment, the server side instaUation program instaUs at least one object that the hcensing server supports. The objects are independent program modules designed to work together at runtime without prior linking or compiling and may be addressed by script writers to access the hcensing database 49 using, for example, a script editing or buUding tools, such as the scripting utUities shown in Fig. 9 and 10. These objects provide an abstraction level that shields the script writer from having to understand the underlying schema and insert a layer of protection to the underlying database 49. The SLS (82 and at least one of 67, 68, 69, or 71) provides an apphcation programming interface (API) to address these objects. In addition to these objects the vendor may add additional objects to support the distribution of software over the internet or for any other purpose that the vendor may have. Exemplary default objects may include the following: (1) a security object 61 which may be used to control access to information stored in the licensing database 49 (see, for example, Fig. 6 and 7); (2) a hcense object 62 which may be used to generate Ucense files for protected software; (3) a product object (see, for example, Fig. 8) 63 which may be used to configure and customize the protection for a product to be wrapped by the wrapping tool (Fig. 11); (4) a customer object 64 which may be used to record information about the vendor's customers; and (5) a field support object 66 which may be used to record field support information.

Another feature instaUed as part of the server-side tools is a license management and access control service 72 (Ucensing server service). This is instaUed, in one preferred exemplary embodiment, as a system service on the hcensing server for controlling access to the database 49 by the vendor 40 using an access tool 67, 68, 69 or 71 and by the user 30 running a protected apphcation. The table in Fig. 4 shows exemplary program features and various views available to the user 30 when using access tool 67, 68, 69 or 71. The service 72, in one exemplary aspect, listens for incoming requests on a specified port, determines how many Ucense requests may be processed at one time and the length of time that a hcense request wUl run before being terminated; and processes license requests. In one embodiment of the present invention, when an inbound hcense request arrives, an instance of the script engine is spawned to process the request. The service keeps track of how long a request has been running and requests that exceed the timeout value are aborted. Requests are logged, for example, according to log settings after the request is completed. The log settings control the folder set up to receive log files and the level of detail captured in the log file. Information captured may include the originating IP address, the time the request arrived, the size of the request, the product ID/version number, the machine ID, the name of the script executed, the time taken to process the request, and the overall results of the request. In addition, the actual content of the request may be captured and used by, for example, an Integrated Development Environment (IDE) for debugging purposes. In another exemplary aspect of the present invention, the access control service is responsible for creating the appropriate session to process requests. There may be at least two kinds of sessions: a wrapped session 73 created to process each hcense request sent by protected apphcations where the request is vahdated by the session and server-side scripts are executed to process the request; and a chent session 74 created for each instance of the access tool connected to the hcensing server where the request is validated and the hcensing database 49 is accessed using server objects. The chent session 74 remains active untU the access tool 67, 68, 69 or 71 exits or the network connection is lost.

Script files 77 may also be installed on the server as part of the server-side tools. Default scripts come with the SLS (82 and at least one of 67, 68, 69, or 71); however, the access tool with a developer option 67 can be used to customize the scripts and create new ones using a script buUder tool 78, as shown, for example, in Fig.'s 9 and 10. The scripts are executed by either the wrapped session 73 or chent session 74 created by the access control service 72.

A second instaU program may be adapted to instaU client side tools including the access tool 67, 68, 69, or 71 used to configure, manage, and view the data stored in the licensing database 49. The functions in the access tool 67, 68, 69, or 71 may be partitioned into several operational modes. When the vendor 40 purchases the SLS (82 and at least one of 67, 68, 69, or 71) from the distributor 30, the desired areas of the access tool are specified and the hcense for the SLS (82 and at least one of 67, 68, 69, or 71) includes access to those specified areas. The access tool provides a common user interface with appropriate screens and access for each of the areas. The access tool is used to address the database 49 once the Ucensing server is instaUed. Because these are chent-side tools, they may reside on distributed systems and interact with the hcensing server 82, for example, through a network 76 or across the Internet.

One operational mode of the access tool may include an administration option 68 to aUow administrators substantially full access to all client tool capabUities. In a preferred exemplary embodiment, vendors are given at least one administration option license. Exemplary functionaUty provided in this operational mode aUows an administrator to setup and maintain SLS (82 and at least one of 67, 68, 69, or 71) users, groups, and their permissions to control access to the data stored in the hcensing database 49; setup and maintain products and their hcense terms; control which users or groups of users can issue which types of licenses; create and execute administrative reports from the licensing database 49.

The administration option 68 aUows the vendor 40 to function as a traditional database administrator. The SLS (82 and at least one of 67, 68, 69, or 71) may, in one embodiment, be based on a standard relational database. In this alternative embodiment, the database schema is automatically created when the Ucensing server 82 is installed and the administrator performs standard tasks of a database admimstrator (for example, creating user access and setting permissions).

Another operational mode of the access tool may be a developer option 67. The access tool with the developer option 67 may include, for example, a script builder and wrapper 78 (Fig.'s 9, 10 and 11). These tools provide functionality to allow a vendor's developers to login to the hcensing server to create a secure chent session 74; develop and test scripts to be used by protected apphcations 83 and wrapped sessions 73; and create protected apphcations 83 by wrapping a script and a vendor's apphcation into a secured program using a wrapping tool 78, such as, for example, the one shown in Fig. 11.

In an alternative embodiment, the developer may convert the vendor's apphcation to a protected apphcation 83 by combining SLS (82 and at least one of 67, 68, 69, or 71) or vendor-defined scripts and dialogs with the unprotected apphcation 84. Depending on the script wrapped with the appUcation, such as, for example the exemplary script shown in Fig. 12, a protected apphcation 83 may check for a vahd license for the protected application 83; prompt the user for identifying information (name, emaU address, customer number, etc); send such information, which may be optionally encrypted, along with, for example, a product number and machine ID to the hcensing server 82 to obtain a trial, subscription, or permanent hcense; monitor the apphcation 83 for tampering before and/or during program execution; perform other user 30 communication functions, such as announcing new releases or reminding user 30 of upcoming renewal dates. The developer option 67 provides the interface for creating, for example, an encrypted hcensing wrapper around the apphcation, and may allow the developer to add custom scripts as desired.

Another operational mode of the access tool, for example, may be a field support option 71. The access tool with the field support option 71 provides functionality to allow a vendor's field support representatives, depending on permissions granted by the administrator, to login to the hcensing server 82 to create a secure chent session 74, setup and maintain field support representatives and regions, setup and maintain customers and field support contacts; create and execute sales reports from the hcensing database 49; and issue demonstration or trial Ucenses.

The field support option 71 may be adapted to display a user-level view of the database 49 that aUows the vendor's 40 field support staff to review user 30 history, identify user 30 leads, and provide product samples to prospective users 30. The field support option may include access to multiple predefined reports, such as product reports (i.e., name, version, hcense type, etc.), sales reports (i.e., sales by user, product, region, etc.), and user status reports (i.e., issued licenses by term, product level, termination date, etc.).

Yet another operational mode of the access tool may include an order fulfillment option 69 as shown, for example, in Fig. 13 and 14. The access tool with the order fulfillment option 69 aUows a vendor's order fulfiUment department to manage orders by login to the hcensing server 82 to create a secure chent session 74; setup and maintain user and order contacts; entering and approving orders; issuing hcenses to fulfiU orders; creating and executing order and accounting reports from the hcensmg database 49; and generating license usage reports for users. The order fulfillment option may be adapted, in one exemplary embodiment, to display another user-level view of the database 49 that provides, for example, access and permission to record and/or track user 30 orders.

In addition to the access tool, the chent instaUation program may also include a dynamic link library (e.g., DLL) 86, which, in one exemplary embodiment, may be implemented as a shell namespace extension. The DLL 86 may be packaged with the completed software apphcation 83 and instaUed with the apphcation on the user 30 machine. The DLL 86 may, inter alia, extend the user interface of, in one exemplary embodiment, the Windows Explorer 87 to provide a central location for users 30 to manage their hcenses. The DLL 86 may be adapted to present hcensing information for SLS protected apphcations in, for example, a hierarchical format with a root file folder architecture thereby providing the user a high-level view 88 of the user's current licensing portfolio. This view 88 may contain, for example, information from the root folder 89 showing machine ID information for the system, the size and status of a datastore 91 that may be optionally encrypted, and total counts of current hcenses, hcenses about to expire, and exphed hcenses. The file folder view 88 may also contain information for hcensed software obtained from various vendors, along with sub-folders displaying, for example, base product information.

With reference now to Fig. 17, an e-commerce solution, in accordance with one exemplary aspect of the present invention, may be implemented as a distribution system, wherein a software vendor 40 interested in becoming a partner with a distributor 25 may enter into an agreement (step 102) to assign to the distributor 25 the responsibility for electronically marketing and Ucensing software appUcations developed by the vendor 40. When the agreement is completed, the distributor 25 sends a "toolkit" to the vendor 40 (step 106). In one embodiment of the present invention, the toolkit contains: a hcense manager module which may include, for example, a Java Runtime environment and a Java program that handles interactions between the Ucensing application programming interface, the website, and the user; at least two versions of the hcensing software library, at least one test version and one real version; and information manuals in, for example, Adobe Acrobat PDF format. The software libraries may be distributed as static libraries and the manuals may include a hcensing API reference and a hcensing overview. The toolkit aUows the vendor 40, inter alia, to make modifications to the software apphcation hi preparation for distribution over the Internet 35 (step 110). Multiple versions of the software hbrary included in the toolkit allow the vendor 40 to test the modifications and help correct functionality. The hcense manager provided in the toolkit, further described hereinafter, acts, for example, as a simulator to aid the vendor 40 in testing the software application with the modifications and additions. Modifications may include, for example, taking out existing licensing information, adding distributor-provided hcensmg information, adding or removing product levels and options that can be included in the apphcation. The level and option selections become part of the subscription information and play a part in determining the cost of the subscription. The level and option information the vendor programs into the software apphcation may be displayed to the user 30 via, for example, a distributor webpage. The hcense manager provided in the toolkit gives the vendor 40 the abUity to simulate the user display and determine what options and levels should be aUowed. The vendor 40 can also include in the software the option to use the apphcation on a trial basis or on a subscription basis.

A version ID may also added to the software apphcation to allow vendors 40 to upgrade their applications in the field without necessarily invalidating current user hcenses. For example, a user 30 downloads a particular version of the application and the version ID from the apphcation is stored in, for example, a hcense file described infra. When the license is renewed, the current version ID of the application may, for example, be compared with the version ID in the hcense file. Pricing information may include vendor prescribed actions in the case where the version ID's do not match. For example, the vendor 40 may incorporate into the pricing information the ability to allow the user 30 to continue paying the same price for the new version, or the vendor 40 may alternatively require the user 30 purchase an upgrade hcense for the new version. The vendor may also optionally require the user 30 to obtain the newest version in order to complete the renewal process.

The software code provided in the toolkit may also include licensing apphcation programming interface (API) caUs which are substituted during the wrapping process with a final version of the Ucensing API code provided by the distributor 25. This code may, for example, run security checks when the vendor software is running on the user computer 30 and contributes to the overaU security that the distributor provides for the vendor software apphcation. In accordance with one embodiment of the present invention, the software code, provided by the distributor and integrated by the vendor 40 into the software apphcation, aUows the distributor 25 to add appropriate anti-piracy and tampering checks during the wrapping process described herein. This, inter alia, reduces the vendor's responsibility for spending additional time and/or resources to engineer the appropriate security measures in each software apphcation. In addition, the present invention reduces the vendor involvement in security violation issues and transfers the responsibihty to the distributor or to the security technology provider.

In another exemplary embodiment, at least two calls may be included in the initialization of the vendor software for invoking distributor code and performing security checks. CaUs to the distributor code may also be placed by the vendor 40 at strategic locations throughout the software. The vendor 40 can add a call to invoke the hcensing API code and a caU that wUl perform a security check against the hcensing information. The software may be tested using the toolkit's test version of the hcensing calls and the Ucensing manager. When the testing cycle is complete, the vendor 40 may re-link the software with the original version of the distributor software provided in the toolkit. Any method of relinking the software, now known or hereafter derived by those skUled in the art, may be used. The distributor software provided in the toolkit is substituted, for example, with the actual hcensmg API code during the wrapping process. By not providing the final version of the hcensing code, the distributor 25 maintains security and proprietary security of the code, which otherwise could be compromised or unwittingly passed on to a potential hacker if provided to the vendor in the toolkit. Moreover, aUowing the vendor 40 to integrate the licensing calls in-house reduces potentially unwanted exposure to the vendor's intellectual property.

Alternatively, the vendor 40 may choose to leave existing hcensing mechanisms in the appUcation in which case the software apphcation itself is not encrypted. The wrapping program adds code to handle licensing detaU and only the hcensing code provided by the distributor 25 is encrypted. The existing licensing structures in the apphcation (i.e., FlexLM, etc.) may be adapted or otherwise configured as standalone structures. If the vendor 40 chooses to leave existing licensing structures instead of incorporating the distributor licensing code, the product may be alternatively distributed in a less secure format.

Once the software apphcation has been modified, the vendor 40 provides an executable version of the software application 83a to the distributor 25, wherein "executable" means that the apphcation has been compUed with the code provided in the toolkit and it has been converted from source code to object code containing machine code instructions. If the vendor 40 chooses, this exchange of code can take place over, for example, the Internet 35; however, other data mediums, such as, for example, CD-ROMs, DVDs, VCDs, can be used to provide further security. The distributor 40 then wraps the software appUcation, described infra, and gives it back to the vendor 40 to incorporate into an instaU program. The vendor 40 then gives the completed version back to the distributor 25 to be made avaUable, for example, over the Internet 35 (step 140 of Fig. 18).

In an alternative embodiment where the vendor 40 is also the distributor, it may be left to the vendor 40 to integrate Ucensing information and protection code into the software apphcation. This may be accomphshed by using script builder and wrapping tools 78 supphed with the SLS (82 and at least one of 67, 68, 69, or 71) and accessed with the developer option of the access tool 67. In order to use these tools, the vendor 40, in one exemplary embodiment, purchases the developer option with the SLS (82 and at least one of 67, 68, 69, or 71). The script buUder 78 provides, inter alia, the functionality to integrate, for example, hcensing information into the software apphcation 84 using, for example, a scripting language. Together, these tools may support creating, implementing, debugging and applying customized scripts. The script buUder 78 is used, inter alia, to create scripts for the hcensing of the software appUcation 83 (i.e., cUent side scripts) and/or scripts for the license server 82 (i.e., server side scripts). The software Ucensing scripts may be used, for example, to obtain user information, to instruct the user how to obtain a hcense, and/or to inform the user of the hcense status for a particular apphcation. The hcense server scripts may be used to update the database 49, generate valid licenses for a particular user, access information about a particular product, access security information for a user, access general user information, and/or access sales representative information. In one embodiment, the chent-side scripts interact with the wrapped apphcation 83 using, for example, global functions and events. The SLS (82 and at least one of 67, 68, 69, or 71) may be adapted to provide default chent and server scripts to dehver "out-of-the-box" rapid deployment. Additionally, the script builder 78 may be used to permit the vendor 40 to provide specific and unique information or services for the user. Accordingly, a preferred embodiment of the present invention offers substantial advantages in that the SLS (82 and at least one of 67, 68, 69, or 71) is extensible and may be customized to fit and grow with the needs of the user. That is to say that the SLS does not constrain the user to use "out-of-the-box" functionality, but such "out-of-the-box" functionality is made available for those users desiring a "plug- and-play" solution. Modification of a script may include, for example, adding additional fields for obtaining user information. The database 49 may also be modified with the same or similar fields if more fields are added. The script buUder also may optionally include a form builder (i.e., a dialog editor) tool used to create custom dialogs by, for example, aUowing dialog fields to be scripted from within the script buUder 78. The script builder 78 may be adapted to provide, for example, a debug environment that permits the setting of breakpoints, watching program variables, setting of licensing object variables, and/or checking of script execution. In yet another exemplary embodiment, after construction of the scripts, the vendor 40 wraps the chent script, information about the server script and/or other information around the apphcation using the wrap tool 78. The wrapping tool 78 aUows information to be specified, such as, for example: vendor ID, product ID for the apphcation, server name and port number, server hcensing script, chent Ucensing script, header script, appUcation file name and location, and wrapped file name and location. The wrapped application 83a may be optionaUy configured not to run a script on apphcation invocation, which may be used when the vendor 40 desires to have licensing checks derive directly from the appUcation instead of the script. If, for example, no script runs and the apphcation does not check Ucensing, the wrapped application wUl not be deemed to be secured from unhcensed use but wUl be secured from, for example, tampering. After the protected appUcation is generated, it may be packaged with, for example, a chent hcense management instaU program 94 or any other component the vendor 40 deems appropriate, into a integrated product 92 adapted to be distributed to users 30. In another exemplary embodiment of the present invention, the chent hcense management instaU program 94 may additionally instaU a cUent license management DLL onto the user's system 30.

With respect to an exemplary embodiment for the protection of executable code 83a, in accordance with one aspect of the present invention, once the distributor 25 has received the executable version 83a of the software apphcation from the vendor 40, modifications may be made to the executable file (step 110 of Fig. 17) to aUow the distributor to protect and monitor the use of the software. In one embodiment of the present invention, this process is referred to as "wrapping" (step 114 of Fig. 17) and may be accomplished by code injection or by other alternative mechanisms now known or hereafter derived by those skilled in the art. The wrapping process is comprised of, for example, a wrapping tool the distributor

25 uses to: compress and/or encrypt the software apphcation; add a software module to check for vahd hcenses and tampering; add new start-up code and change the starting address to point to the new code; and add TD's to identify the software application. The present invention provides, inter alia, an encryption utUity (step 144 in Fig. 18) using, for example, any encryption method now known or hereafter derived by those skUled in the art. The encryption process, in one preferred exemplary embodiment, is a standard encryption process such as DES or RSA. During the wrapping process, vendor start-up code may be replaced with distributor start-up code (step 148 in Fig. 18). In an exemplary embodiment of the present invention, the distributor start-up code becomes part of the key for decrypting the software apphcation and the hcensing code. Moreover, in a preferred exemplary embodiment, the decryption key is stored with the software apphcation itself and not at a remote location. The present invention also provides security features, such as, for example, random codebase offset entry points and other methods known in the art to subvert attempts to hack, crack or otherwise decompile and/or access executable code. Specifically, during the wrapping process, a random codebase offset entry point may be selected in the start-up code (step 152 in Fig. 18) which can be changed, for example, each time an application is wrapped. Accordingly, since the start-up code may be altered for each instance of a wrapped application, the code is less susceptible to being compromised. In another exemplary embodiment, during the decryption process on the user computer 30, the start-up code, used as the decryption key, performs a hashing algorithm on each byte of code as it is decrypted and creates a checksum table in memory to provide further security.

In another embodiment of the present invention, a software module, referred to as a license monitor, may be added to the apphcation during the wrapping process, (step 156 in Fig. 18) to enable the distributor 25 to check for piracy attempts at the user site. The hcense monitor is initialized, for example, by the start-up code running as a thread or, in other words, as an independent sub-process of the main program process which shares the same memory space. As the start-up code begins the decryption process, the Ucense monitor may be decrypted first. The start-up code then performs a CRC or MD5 checksum calculation on the program code stored in memory. This checksum may be compared against the value that was computed and injected into the program when the program was wrapped. If the values do not match, the decryption process may be halted before the software apphcation is decrypted which helps further protect the security of the vendor's software apphcation.

In another embodiment of the present invention, the API caUs instaUed by the vendor 40, with the aid of a toolkit, may be substituted with, for example, distributor-created software routines, or hcensmg API caUs, during the wrapping process. These API calls provide information to the hcense monitor to perform security checks before the apphcation initializes and whUe the software apphcation is running in memory. In an exemplary embodiment of the present invention, after the hcense monitor has been decrypted and initialized by the start-up code, the Ucense monitor begins performing further security checks on the software appUcation. The inclusion of distributor code to monitor security assists the distributor in maintaining control and responsibility for tampering and piracy attempts, whUe generally reducing the aUocation of additional vendor resources to that function. Moreover, if users 30 have hcensing issues, the distributor 25 may be contacted directly rather than the vendor 40.

In order to uniquely identify the vendor software apphcation, apphcation TD's may be injected into the appUcation code by the wrapper program (step 160 in Fig. 18). In an exemplary embodiment of the present invention, the apphcation ID consists of a partner ID which is, for example, eight characters; a product ID which is also, for example, eight characters and which is unique for each product under a partner ID; a level ID which is, for example, two characters and aUows, for example, sixteen levels for each product; an option ID which is, for example, eight characters and allows, for example, thirty-two options per product. In one exemplary embodiment of the present invention, this unique number becomes part of the start-up code and may also become part of the key used in the decryption process which adds additional security protection since the apphcation wUl not decrypt properly if the TD's are altered. The apphcation ID for each software apphcation may also be stored in a database that is accessed by, for example, a webpage server, thereby aUowing a webpage display of software appUcations available for downloading. Once the wrapping process is complete, the wrapped software includes the vendor software apphcation, the distributor hcensing code, the hcense monitor, and the start-up code which also includes the apphcation JD's. The wrapped software may then be returned to the vendor 40 to be added to the vendor instaU program 92 (step 118 in Fig. 17). In an alternative embodiment, where the vendor is also the distributor and the vendor has purchased the SLS (82 and at least one of 67, 68, 69, or 71) from the distributor, the distributor for the SLS (82 and at least one of 67, 68, 69, or 71) does not have to do anything further to the vendor software.

As mentioned supra in accordance with one embodiment of the present invention, the software apphcation is given a unique ID which may be stored in a database on the distributor's web server. After the software apphcation has been added to an instaU program 92 and returned to the distributor 25, it is added to, for example, an electronic store (step 122 in Fig. 17) via the web server and made available for downloading to user computers 30. When a user 30 loads and views the website information, the screen displays a hst of vendors 401, along with a hst of categories of avaUable software appUcations 402. After a user 30 selects one of the categories 402, the system displays a hst of the actual software apphcations 504 that can be downloaded to the user computer 30. After the user 30 selects one of the apphcations 504, the system displays (as shown in Fig. 21), for example, a brief description of the software 771, avaUable features and options 772, subscription pricing information 773, system requirements 774, the size of the file 775 and/or the like.

Alternatively, the distributor 25 may create a webpage specifically for a particular vendor 40 which is accessible by the user 30. In another exemplary embodiment, if a vendor website exists, the vendor webpage may include a hyperlink to the distributor webpage. As such, a user browsing the vendor website could select the hyperlink to the distributor webpage and be able to view a customized version of the software applications available. In an exemplary embodiment, the displayed webpage shows only the software apphcations for that specific vendor. Yet, consistent with an exemplary embodiment of the present invention, the distributor 25 would provide the security and marketing of the software apphcations added to the electronic store. Also, the distributor 25 can provide links to individual vendor websites or contact information for a vendor 40 that offers a particular service.

In an alternative embodiment, where the distributor 25 provides the vendor 40 with the SLS (82 and at least one of 67, 68, 69, or 71), the vendor 40 may be responsible for the distribution of the protected software apphcations. The distributor can provide the SLS (82 and at least one of 67, 68, 69, or 71) over the internet or by means of a CD or any other data medium now known or hereafter derived by those skUled in the art. The vendor 40 may then distribute the applications over, for example, the internet, intranet, CD or any other data medium now known or hereafter derived by those skUled in the art.

After the software apphcation has been added to an electronic store by the distributor 25, the user 30 may then download the apphcation to the user computer 30 (step 126 of Fig. 17). With reference to Fig. 19, an exemplary data flow associated with the downloading of a particular software apphcation between a user computer 30 and a distributor server computer 25 is shown. In one embodiment, user 30 begins the process by engaging a browsing session (step 202 of Fig. 19), where pages may be downloaded from the distributor via, for example, an Internet browser such as, for example, Netscape, Microsoft Internet Explorer or any information chent now known or hereafter derived by those skiUed in the art.. As described supra, Fig.'s 5-7 depict exemplary screenshots which may be viewed by the user 30. The user 30 can select a software apphcation from a displayed list of applications. User 30 then selects the software apphcation to be downloaded (step 206 of Fig. 19) by using a mouse, or any other input device now known or hereafter derived by those skilled in the art and associated with the computer to select, for example, a control embedded within the screen page indicative of the item to be downloaded. The application to be downloaded may thereafter be selected, for example, by clicking on the associated control as shown in Fig. 21 where the user 30 may select the word 'Download' 702. The distributor computer 25 then suitably downloads the selected software apphcation as an executable file to the user computer 30 by methods generaUy well known in the art.

Alternatively, a shopping cart method may be used to select software applications wherein aU selected appUcations are downloaded when the user 'checks-out' the shopping cart. Any shopping cart methods of selecting items from a webpage well known in the art may be used.

In an exemplary embodiment of the present invention, another software module, referred to as a hcense manager, may also be downloaded to the user computer 30. This module, which in one embodiment acts as a simulator in the toolkit, is provided by the distributor to, inter alia, facilitate interaction between the user computer 30 and the distributor web server 25. License manager software may optionally include a Java runtime environment and/or a Java applet that handles interactions between the hcense monitor, the website, and the user 30. Appropriate hcensing API caUs may initiate the license manager to begin, for example, a browsing session with the distributor web server 25. In one embodiment of the present invention, obtaining a license file for the first time causes the Ucense manager to begin a browsing session.

After the user 30 has downloaded a copy of the software apphcation, the user 30 may then instaU the application. In one exemplary embodiment, when the user 30 runs the appUcation, the hcense monitor, added during the wrapping process, is decrypted in RAM and then initialized (step 214 of Fig. 19). The software apphcation itself may then be decrypted and decompressed in RAM by the start-up code (step 226 of Fig. 19), thereby avoiding a temporary, insecure location. As the decryption/decompression algorithm runs, various randomized and un-randomized sections of code may be mathematically evaluated using, for example, CRC or MD5. The resulting one-way function value may then be stored, for example, in a checksum table in memory, along with the codebase offsets within the memory image on which such a calculation was performed. A security check may optionally be included in the start-up code and performed on the hcense monitor, for example, before the software apphcation is decrypted. A checksum evaluation may be performed on random parts of the hcense monitor code to determine if tampering attempts have occurred. In a preferred exemplary embodiment, if tampering is detected, the decryption process terminates. Moreover, as the software appUcation itself is being decrypted by the start-up code, as one of the security checks performed by the hcense monitor, a debugger running, for example, during the decryption process may be detected and interpreted as a security violation. In an exemplary embodiment, if a security violation is detected, the hcense monitor wUl allow the decryption to continue, but wUl cause the apphcation to decrypt incorrectly, thereby prohibiting the application from running correctly (step 222 of Fig. 19). Therefore, in an exemplary apphcation of the present invention, security is maximized throughout the decryption process as well as at run time.

In another exemplary embodiment of the present invention, the hcense monitor performs additional security checks while the apphcation is running in memory. Although the hcense monitor may not be continuously active while the apphcation is running, it may be activated by, for example, hcensing API caUs that are incorporated by the vendor 40 and substituted with distributor code during the wrapping process. By adding these calls throughout the software apphcation, the vendor 40 substantially increases the amount of security the distributor 25 is able to provide. When the hcense monitor is not inactive, it generally stays dormant for a semi-random amount of time to minimize CPU usage; however, when activated, it performs CRC, MD5 calculations, or the like, on data stored in, for example, the checksum table in memory. If the values do not match, it may be assumed that piracy attempts have occurred and the hcense monitor wUl disable the apphcation prohibiting further use. Alternatively, a TCP/IP socket can be opened broadcasting the attempted protection violation. Also, the vendor 40 integrated caUs may activate the hcense monitor to perform various checks using the hcense file described infra.

In an exemplary embodiment of the present invention, before an application can be executed, the hcense monitor may communicate, for example, with the hcensing API to determine if a hcense has been obtained for the apphcation (step 230 of Fig. 19). When a license has been obtained, the hcense information may be stored in a file designated a "Ucense file". In a preferred exemplary embodiment, an XML format may be used to obtain the desired information for the hcense file. Active server pages (ASP) may also be created using VBScript, SQL, ActiveX Data Object, XML and the like. ASP may then used to retrieve and store data in the database. While the present invention suggests the use of an XML format to represent the data in the hcense file, other formats can be used such as, for example, extensible style language (XSL), hypertext markup language (HTML), standard generalized markup language (SGML), or other formats now known or hereafter derived by those skUled in the art.

In yet another preferred exemplary embodiment of the present invention, the hcense file contains information such as, for example, the machine ID for the user computer 30 running the apphcation, name of the product, product number, hcense type, expiration date, options, level, version ID, and/or a digital signature. The digital signature may be added to the hcense file, for example, by using the MD5 algorithm. MD5 is weU known in the art and is typically provided as a utUity in Java development kits for verifying the authenticity of a signature and associated data. In one exemplary aspect, the digital signature can provide security against a user modifying the machine ID in an effort to permit the apphcation to run on an unlicensed machine and may also guard against a user 30 getting an unlimited number of free trials. The machine ID may be generated from various configuration parameters associated with a fingerprint of the user computer 30 (i.e., OS and version, machine name, etc.) which may be stored in the hcense file.

If the hcense file does not exist on the user computer 30, the hcense monitor can be configured to initialize the hcense manager to communicate with, for example, the website. Moreover, the database on the distributor computer 25 may be checked by the hcense manager to determine if a Ucense file exists. If a hcense file is found not to exist on the database, information may be provided by the user 30 to create a hcense file which is capable of enabling the apphcation to run (step 254 of Fig. 19).

In an exemplary embodiment of the present invention, the hcense manager communicates with the website to obtain, for example, the appropriate webpages for guiding the user 30 through an appropriate process to input information. In an exemplary preferred embodiment of the present invention, the vendor 40 incorporates the terms of use into the software apphcation which will instruct the user 30 whether the hcense can be given automatically for use on a free trial basis or the hcense can be purchased on a subscription basis with, for example, a credit card (step 258 of Fig. 19) for a set period of time via any electronic commerce server now known or hereafter derived in the art.

Alternatively, the software apphcation may be purchased on a substantially permanent basis, in which case user 30 may use the purchased version of the software apphcation in perpetuity. Those skUled in the art will appreciate that other payment methods may be used to complete the purchase such as, for example, purchase orders, pre-paid accounts, bank drafts, etc. In an exemplary aspect of the present invention, the user 30 may select one or more payment types from the displayed webpage and provide the appropriate mformation.

The time period for the subscription, as determined by the vendor 40, may be any length of time (i.e., hourly, daily, weekly, monthly, etc.). The terms are preferably part of the pricing information the vendor 40 adds to the appUcation using the toolkit provided by the distributor. The hcense monitor evaluates the information and instructs the hcense manager what information is needed, thereby allowing the hcense manager to display the appropriate screens. In an alternative exemplary embodiment of the present invention, a user 30 can be charged on a usage-based model.

The present invention aUows, inter alia, the user 30 to acquire desired software apphcations via, for example, the Internet 35. Accordingly, an exemplary electronic store embodied in a webpage is not merely a catalog where the user estabhshes contact with the vendor to wait for the software to be dehvered; but also, the user is given substantially immediate access to the software displayed. Alternatively, if the software apphcation is large and the user 30 does not have access to a high-speed connection such as, for example, a Tl or DSL, the software can be sent to the user 30 in the form of a CD or any other data medium now known or hereafter derived by those skilled hi the art.

In an exemplary embodiment, after the user information has been sent to the website, a Ucense file is sent back from the website to the user computer 30 via the hcense manager which allows, inter alia, the software apphcation to run after the appropriate checks have been performed by the hcense monitor. The hcense file may be stored in a pre-determined location on the user computer 30 and, as previously described, the hcense monitor may be adapted to perform various checks using information obtained from the hcense file. For example, one such check may determine if the machine ID in the Ucense file matches the machine ID of the computer running the apphcation (step 234 of Fig. 19). The machine ID for the user computer 30 is generated from scratch each time a hcense file is checked. The newly generated machine ID is compared with the machine JD stored in the hcense file. If the machine ID's do not match, the apphcation may be prevented from executing (step 242 of Fig. 19). If the machine ID's match, the hcense monitor determines if any tampering has occurred by evaluating the results of the checksum table in memory (step 238 of Fig. 19). If tampering has occurred, the appUcation may be disabled (step 242 of Fig. 19). The Ucense monitor may also be configured to check to determine if the subscription period or free trial period has expired (step 246 of Fig. 19). If the trial period has expired, the user 30 may be queried to begin a new subscription or the existing subscription may be automaticaUy renewed (step 250 of Fig. 19). Other checks may be performed at this time depending on the terms, option, and level information selected by the user 30 during the subscription process and included by the vendor 40 in the hcensing code. If aU checks performed by the hcense monitor are vahd, the software appUcation may then be allowed to run (step 262 of Fig. 19). Generally, the renewal process for software apphcations can be time consuming. The user 30 may contact the vendor 40 to renew a subscription and then wait for unlock codes to be provided. In contrast, the instant exemplary embodiment of the present invention may be adapted to aUow the renewal process to occur automatically, in the background, without any intervention, or with minimal intervention, from the user 30. One of the checks performed by the hcense monitor may be that of an expiration date check. If the hcense monitor detects that the current date matches or postdates the expiration date, the Ucense monitor may initialize the hcense manager to contact, for example, the web server. A new hcense file may then be generated with substantially identical or similar user information, machine ID and a new expiration date. The new hcense file may then be stored in the database 49 and the hcense manager may copy the file to the user computer 30. A charge may then be made to the user and a receipt, for example, e-mailed to the user 30. If the user 30 no longer desires the subscription, the user 30 may go to the distributor website 25 and select cancellation of the subscription. However, in an exemplary preferred embodiment, the subscription continues to be automatically renewed untU it is cancelled by the user 30. Once the user 30 has cancelled a subscription, data remains in the distributor database to aUow the subscription to be reactivated by the user 30. In the case where a user has cancelled a subscription and a new version of the apphcation is available at the time user 30 decides to reactivate the subscription, the user is given the choice to use the old version or upgrade to the current version.

In an alternative exemplary embodiment, the present invention can be used to provide software apphcations in a corporate setting with multiple users. The corporation can employ a procurement office model, such as a cost center or user group, with an administrator in charge of procuring the appropriate software apphcations. The administrator may be made responsible for interfacing with the distributor website 25 and completing the subscription process for the desired software apphcations. Since the apphcation security features are machine dependent, the administrator provides the correct machine ID for each apphcation subscription. If one software appUcation is to be run on several machines, the administrator completes the subscription process for each machine. The hcense file for each apphcation may then be copied to a pre-determined directory on, for example, an intranet server behind a firewall. The user 30 then copies the license file to the appropriate user computer 30. The hcense file may also be sent via e-mail to the user 30. Alternatively, the apphcation can be downloaded from any other medium, such as, for example, a CD or any data medium now know or hereafter derived by those skUled in the art.

In another exemplary embodiment, when the apphcation is run, the hcense monitor uses the mformation contained in the hcense file to execute the security checks. If the checks are successful and the machine ID's match, the apphcation runs without the user 30 having to provide any information to the distributor 25. As previously described, the apphcation can be purchased on a substantially permanent basis or on a subscription basis. In the case where it is a subscription basis, the administrator specifies that the hcense file automatically generated at renewal time be sent to the appropriate user via, for example, e- mail. If the individual users in the corporation do not have appropriate access to the network, the software apphcation may be downloaded to the appropriate server on the intranet and copied to the appropriate user computer 30. In a preferred exemplary aspect, the administrator is responsible for managing subscriptions. Details of each subscription may be viewed by the administrator on an account detaU screen, for example, described below. This screen may be printed and used as a report/record of transactions conducted with the distributor 25 and used to provide status information for subscriptions. In an alternative embodiment, where the vendor 40 uses an SLS (82 and at least one of 67, 68, 69, or 71) purchased from the distributor 25 to integrate hcensing information and security measures, the vendors 40 can create their own website and user interface to aUow the user 30 to browse and select a software apphcation. InstaUing a protected software appUcation on the user machine creates several components: the user 30 has a protected apphcation where the apphcation code and most of the data are encrypted and where startup and tamper-protection code, scripts that define the licensing user interface, vendor ID's, product ID's, vender server names and port numbers, server-side script names, and reference to the chent Ucense management DLL have aU been added to the appUcation. In a preferred exemplary embodiment of the present invention, user 30 may acquire the chent DLL 86 after apphcation installation shown, for example, in Fig. 2. The DLL 86 stores, for example, the Ucense information for the protected appUcations 83 in an encrypted file called the datastore 91. Protected apphcations may make hcensing checks by calling a hidden codebase offset entry point in the DLL 86. The chent DLL 86, inter alia, runs the script which has been added to the software apphcation 83 which calls the hcense management service on the vendor's 40 hcensing server 82, which communicates with the database 49 to obtain a Ucense. The chent DLL then stores the hcense in the datastore 91 created on the user machine and communicates the results back to the protected apphcation 83. The results are encrypted using, for example, a time-dependent encryption scheme which prevents the attempt by the user 30 to create a version of the client DLL 86 to bypass the hcensing process. Other security methods now known or hereafter derived in the art may also be employed to subvert attempt to bypass the licensing process.

In another exemplary embodiment, the user 30 may also have an encrypted datastore 91 after instaUation. License data is stored in the datastore 91 as, for example, a physical file on the user system 30. The datastore 91 may be configured or otherwise adapted to contain other information for the detection and prevention of copying the datastore 91 file to another system; setting the system clock back in time to attempt to extend the license duration; and/or manually altering the datastore 91 to grant/extend hcenses. As a result of the datastore 91 residing on the user 30 machine, network or Internet access 35, for example, is needed only when the user acquires a new hcense or performs some function requesting access to the vendor's hcensing server 82.

User 30 also may be provided with a modified Windows Explorer 87 user interface after instaUation as shown, for example, in Fig. 15 and 16. The chent hcense management DLL 86, in a preferred exemplary embodiment, is adapted to extend the user interface of Windows Explorer 87 to provide a central location for users 30 to manage their Ucensing information without having to run each of the hcensed applications. The chent DLL 86 may be further configured to present hcensing information for the protected apphcations 83 in, for example, a hierarchical format 88 with a root file folder 89. The chent DLL 86 may also further be adapted to integrate with Windows Explorer 87 giving customers a familiar user interface to perform, for example, the foUowing functions: (1) aUow users to import a license that was emailed to them and add it to the datastore 91; (2) display the status of licenses on the system and the system's identifying machine ID; (3) remove a hcense from the system; (4) move a hcense, subject to vendor-defined terms, from a first system to a second system; (5) execute a hcensing script for a protected apphcation 83; (6) obtain an updated hcense from the vendor's hcensing server 82; (7) display mformation about a license including, for example, start date, expiration date, vendor ID, product JD, and product options available and/or hcensed, etc.

In another exemplary embodiment of the present invention, in order for the user 30 to run the apphcation, a hcense may be obtained through the registration or subscription process (step 128 in Fig. 17). In a preferred exemplary embodiment, hcensing code integrated in the software apphcation by the vendor 40 helps determine if the downloaded apphcation can be used on a free trial basis or if a subscription is first obtained. If it is a free trial, the user 30 completes the registration process, for example, by providing information to the distributor 25 to obtain an automatic license. Registration information preferably includes, for example, a user name, company name, business e-mail, the software apphcation number and name. In yet another exemplary embodiment, apphcations offered on a free trial basis wUl not require payment information and, accordingly, a new account wUl not be created. As part of the information given to the distributor 25, the machine ID for the current user computer 30 may be provided substantially transparently by the license manager using aspects of the hardware configuration and the operating system. Information from the registration information and machine ID may then be added to the hcense file created, for example, on the web server.

Of particular relevance to the instant embodiment of the present invention is the ability of the recipient, in this case the distributor computer 25, to extract from the HTTP request header, the IP address of the source computer and a machine ID for the source computer, i.e. the user computer 30. Any other transfer protocols, now known or hereafter derived by those skilled in the art, that aUow the recipient to extract the sending computer's network address may also be used.

Once the registration process is complete, the Ucense manager performs an HTML post operation to send the registration information back to the website to retrieve the hcense file. The hcense manager performs this, and other operations, for example, in response to API caUs made by the application. After the appropriate checks are successfully completed by the hcense monitor using the information in the hcense file, the apphcation may then be permitted to run. In an exemplary aspect, the expiration date for the free trial may be predetermined by the vendor 40 and the apphcation will run untU that date. When the authorized term expires, the hcense monitor initializes the hcense manager with an API call and displays the appropriate webpages aUowing the user 30 to obtain a new license through the subscription process. If the user 30 does not obtain a subscription and a new hcense file, the hcensing API caUs wiU return an "expired" status back to the apphcation which will then terminate after displaying an error message to the user 30. In addition, the hcensing code is able to determine if the current date on the user computer 30 has been altered in an attempt to artificially extend the free trial. Other security countermeasures now known or hereafter derived by those skUled in the art may be used to subvert attempts to bypass the expiration date feature. If the apphcation is alternatively not provided on a free trial basis, the user 30 may obtain a hcense for the software apphcation by completing the subscription process. As with the registration process, when the subscription process is completed, the license file created on, for example, the website is retrieved by the license manager. After the appropriate checks are successfully run by the hcense monitor using the mformation in the hcense file, the apphcation is then allowed to run (step 132 of Fig. 18). As mentioned previously, a permanent hcense to use the software appUcation may be purchased. In the case where a vendor 40 does not have access or the resources to create a website, the distributor 25 can market the software apphcations for that vendor 40.

Fig. 20 illustrates an exemplary flow chart of the subscription process. The subscription process may be initiated by the license monitor or by selecting "subscribe" from the webpage. Fig. 20 shows the process initiated by the user selection. Even though the process may be initiated in a variety of alternative methods, the data flow is generally the same. After subscription has been selected (step 302), the user logs in (step 306) which involves accessing the database residing within, for example, the distributor's web server 25. Login preferably involves user 30 entry of a username and password previously acquired during a subscription process. Additionally, this login step may be performed using password and username information retrieved from the database, thereby streamlining the process for the user 30.

The database on the distributor computer 25 is checked to see if the user 30 has an existing account. If an account does not exist for the current user 30 (step 310), a new account is suitably created (step 314). For a new user 30, a new account is created and a subscription form is filled out (step 324). Preferably, subscription information includes for example, the user name, business name and address, e-mail, user ID, password, credit card info, appUcation name and a number assigned to the apphcation. After filling in the user information the user 30 may then select "submit" 902. The information may then be used by the distributor 25 to create a new account. If the vendor 40 has included various levels and options with the software apphcation, to obtain a hcense, the user provides additional information by selecting the level and options deshed as shown in Fig. 22. Prices for each option and level may be displayed along with features that are included in the software application. The user 30 can make selections from the displayed hst based on individual needs. The user 30 is also given an opportunity to change the selected levels and options before the subscription process is completed, as shown in Fig. 23, by confirming the selections. Allowing the user 30 to customize the software apphcation by selecting desired options provides a self-serviced environment for obtaining software via, for example, the Internet 35.

In addition to user mformation and the desired options, the user 30 also provides information about the computer where the software apphcation is to be run. This allows software apphcations to be downloaded to a server on an intranet and then distributed to the appropriate user computer 30. Fig. 24 shows a screenshot of exemplary information entered for the user computer 30 including, for example, the machine ID 930. Alternatively, if the subscription process is initiated by the hcense manager the user 30 provides information regarding the computer description 920 and the hcense manager generates the actual machine ID 930. Information regarding the payment method is also provided by the user 30. Confirmation of the payment method, as weU as other computer information, may also be provided to the user 30 before the subscription is submitted to the distributor 25 as shown in Fig. 25. In a preferred exemplary embodiment, Secure Sockets Layer (SSL) encryption, for example, may be used to secure the subscription information and maintain privacy for the user.

After payment information, such as credit card name and number, has been submitted to the distributor 25 (step 340) an e-commerce server determines if the credit card information is vahd (step 344). If the mformation is vahd, it is then submitted to the distributor. When the subscription and payment have been confirmed a subscription receipt is generated and displayed, for example, on the screen as shown in Fig. 26. The user information, computer information, and payment information are used to create a hcense file which is then stored in a database on, for example, a web server 25 (step 360). The hcense manager retrieves the Ucense file from the distributor web server 25 and stores it on disk on the user computer 30 (step 368). The hcense file can also be e-mailed to the user 30. If the credit card information is not vahd, the user 30 can edit the information (step 348) and resubmit the subscription or the subscription process can be canceled (step 364).

If the user 30 has an existing account, after a vahd user name and password is entered, the existing account may be displayed with a summary of current subscriptions (step 320). Selecting the displayed product/software apphcation 940/950, accesses, for example, a screen with the subscription information regarding the software apphcation as shown in Fig. 27. These webpages allow the user 30 to, inter alia, oversee and manage the hcenses obtained for software apphcations currently used. In this regard, the present invention offers the user 30 a turnkey solution to the acquisition and management of software tools. The present invention also aUows the user 30 to step through the process hi a self-serviced manner, thereby minimizing contact with, for example, high pressure sales representatives. From the account detaU webpages (Fig. 27), the user 30 can obtain new subscriptions (step 328), cancel subscriptions (step 332), update subscription information (step 352) and view the apphcations offered in the store. If the user 30 requests a new subscription (step 328), a new form may be provided to fill in the name of and number of the new software application. When the new subscription is submitted, the e-commerce server checks the validity of the payment option (step 344). If the payment information is not valid, the user 30 may edit the information (step 348) or cancel the new subscription (step 364). If the payment information is valid, the web apphcation (ASP) wUl charge the sale and create the license file on, for example, the web server (step 360). A subscription receipt may then be displayed on the screen for each new subscription.

Alternatively, if a user 30 does not have immediate or persistent access to the Internet, e-mail may be used to contact the distributor 25. The user 30 may provide the information in an e-mail and the distributor 25 can send a hcense file to the user 30 via return e-mail. The user 30 wUl then receive the software apphcation through, for example, a CD or any other data medium now known or hereafter derived by those skilled in the art.

In another exemplary embodiment of the present invention, the distributor may use the SLS to optionaUy distribute other third-party vendor/developer apphcations. In still another exemplary embodiment, the system and method of distributing and managing software hcenses according to the present invention includes a host server or other computing systems including a processor for processing digital data, a memory coupled to said processor for storing digital data, an input digitizer coupled to the processor for inputting digital data, an apphcation program stored in said memory and accessible by said processor for directing processing of digital data by said processor, a display coupled to the processor and memory for displaying information derived from digital data processed by said processor and a plurality of databases, said databases including data that could be used in association with the present invention. The database may be any type of database, such as relational, hierarchical, object-oriented, and/or the like. Common database products that may be used to implement the database include DB2 by IBM (White Plains, NY), any of the database products avaUable from ORACLE® CORPORATION (Redwood Shores, CA), MICROSOFT® ACCESS by MICROSOFT® CORPORATION (Redmond, Washington), or any other database product. The database may be organized in any suitable manner, including, for example, data tables, look-up tables or any matchable data structures now known or hereafter derived by those skUled in the art.

Association of certain data may be accomplished through any data association technique known and practiced in the art. For example, the association may be accomplished either manually or automaticaUy. Automatic association techniques may include, for example, a database search, a database merge, GREP, AGREP, SQL, and/or the like. The association step may be accomplished by a database merge function, for example, using a "key field". A "key field" partitions the database according to the high-level class of objects defined by the key field. For example, a certain class may be designated as a key field in both the first data table and the second data table, and the two data tables may then be merged on the basis of the class data in the key field. In this embodiment, the data corresponding to the key field in each of the merged data tables is preferably the same. However, data tables having similar, though not identical, data in the key fields may also be merged by using AGREP, for example. The present invention may be described herein in terms of functional block components, screen shots, optional selections and various processing steps. It should be appreciated that such functional blocks may be realized by any number of hardware and/or software components configured to perform the specified functions. For example, the present invention may employ various integrated circuit components, e.g., memory elements, processing elements, logic elements, matchable data structures, and the like, which may carry out a variety of functions under the control of one or more microprocessors or other control devices. SimUarly, the software elements of the present invention may be implemented with any programming or scripting language such as, for example, C, C++, Java, COBOL, assembler, PERL, extensible Markup Language (XML), etc., or any programming or scripting language now known or hereafter derived by those skilled in the art, with the various algorithms being implemented with any combination of data structures, objects, processes, routines or other programming elements. Further, it should be noted that the present invention may employ any number of conventional techniques for data transmission, signaling, data processing, network control, and the like. StUl further, the invention could be used to detect or prevent security issues with a chent-side scripting language, such as JavaScript, VBScript or the like. Again, for a basic introduction of cryptography, please read the text by Bruce Schneider entitled "Applied Cryptography: Protocols, Algorithms, And Source Code In C," published by John Wiley & Sons (second edition, 1996), which are hereby incorporated by reference.

It should be appreciated that the particular implementations shown and described herein are Ulustrative of the invention and its best mode and are not intended to otherwise limit the scope of the present invention in any way. Indeed, for the sake of brevity, conventional data networking, apphcation development and other functional aspects of the systems (and components of the individual operating components of the systems) may not be described in detail herein. Furthermore, the connecting lines shown in the various figures contained herein are intended to represent exemplary functional relationships and/or physical couplings between the various elements. It should be noted that many alternative or additional functional relationships or physical connections may be present in a practical system.

It wUl be appreciated, that many apphcations of the present invention could be formulated. One skUled in the art wUl appreciate that the network may include any system for exchanging data, such as, for example, the Internet, an intranet, an extranet, WAN, LAN, sateUite communications, and/or the like. It is noted that the network may be implemented as other types of networks, such as an interactive television (ITV) network. The users may interact with the system via any input device such as a keyboard, mouse, kiosk, personal digital assistant, handheld computer (e.g., Palm PUot®), ceUular phone and/or the like. Similarly, the invention could be used in conjunction with any type of personal computer, network computer, workstation, mhUcomputer, mainframe, or the like ranning any operating system such as any version of Windows, Windows XP, Windows Whistler, Windows ME, Windows NT, Windows2000, Windows 98, Windows 95, MacOS, OS/2, BeOS, Linux, UNIX, or any operating system now known or hereafter derived by those skUled in the art. Moreover, the invention may be readUy implemented with TCP/IP communications protocols, IPX, Appletalk, IP-6, NetBIOS, OSI or any number of existing or future protocols. Moreover, the system contemplates the use, sale and/or distribution of any goods, services or information having similar functionality described herein. The computing units may be connected with each other via a data communication network. The network may be a public network and assumed to be insecure and open to eavesdroppers. In one exemplary implementation, the network may be embodied as the internet. In this context, the computers may or may not be connected to the internet at aU times. Specific information related to data traffic protocols, standards, and apphcation software utUized in connection with the Internet may be obtained, for example, from DTLIP NAIK, INTERNET STANDARDS AND PROTOCOLS (1998); JAVA 2 COMPLETE, various authors, (Sybex 1999); DEBORAH RAY AND ERIC RAY, MASTERING HTML 4.0 (1997). LOSffiN, TCP/IP CLEARLY EXPLAINED (1997); aU of these texts having previous incorporation by reference. A variety of conventional communications media and protocols may be used for data links, such as, for example, a connection to an Internet Service Provider (ISP) over the local loop as is typically used in connection with standard modem communication, cable modem, Dish networks, ISDN, Digital Subscriber Line (DSL), or various wireless communication methods. Licensing management systems, in accordance with the present invention, might also reside within a local area network (LAN) which interfaces to a network via a leased line (Tl, D3, etc.). Such communication methods are generally well known in the art, and are covered in a variety of standard texts. See, e.g., GILBERT HELD, UNDERSTANDING DATA COMMUNICATIONS (1996), hereby incorporated by reference.

As will be appreciated by one of ordinary skill in the art, the present invention may be embodied as a method, a system, a device, and/or a computer program product. Accordingly, the present invention may take the form of an entirely software embodiment, an entirely hardware embodiment, or an embodiment combining aspects of both software and hardware. Furthermore, the present invention may take the form of a computer program product on a computer-readable storage medium having computer-readable program code means embodied in the storage medium. Any suitable computer-readable storage medium may be utUized, including hard disks, CD-ROM, optical storage devices, magnetic storage devices, and/or the Uke. Data communication is accomphshed through any suitable communication means, such as, for example, a telephone network, Intranet, Internet, point of interaction device (point of sale device, personal digital assistant, ceUular phone, kiosk, etc.), online communications, off-line communications, wireless communications, and/or the like. One skUled in the art wUl also appreciate that, for security reasons, any databases, systems, or components of the present invention may consist of any combination of databases or components at a single location or at multiple locations, wherein each database or system includes any of various suitable security features, such as firewalls, access codes, encryption, de-encryption, compression, decompression, and/or the like. The present invention is described herein with reference to screen shots, block diagrams and flowchart Ulustrations of methods, apparatus (e.g., systems), and computer program products according to various aspects of the invention. It wUl be understood that each functional block of the block diagrams and the flowchart Ulustrations, and combinations of functional blocks in the block diagrams and flowchart Ulustrations, respectively, can be implemented by computer program instructions. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus create means for implementing the functions specified in the flowchart block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.

Accordingly, functional blocks of the block diagrams and flowchart Ulustrations support combinations of means for performing the specified functions, combinations of steps for performing the specified functions, and program instruction means for performing the specified functions. It wUl also be understood that each functional block of the block diagrams and flowchart Ulustrations, and combinations of functional blocks in the block diagrams and flowchart Ulustrations, can be implemented by either special purpose hardware-based computer systems which perform the specified functions or steps, or suitable combinations of special purpose hardware and computer instructions.

In the preceding specification, the invention has been described with reference to specific embodiments. However, it wUl be appreciated that various modifications and changes can be made without departing from the scope of the present invention as set forth in the claims below. The specification and figures are to be regarded in an iUustrative manner, rather than a restrictive one, and aU such modifications are intended to be included within the scope of present invention. Accordingly, the scope of the invention should be determined by the appended claims and their legal equivalents, rather than by merely the examples given above. For example, the steps recited in any of the method or process claims may be executed in any order and are not limited to the order presented in the claims. Benefits, other advantages, and solutions to problems have been described above with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any element(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as critical, required, or essential features or elements of any or aU the claims. As used herein, the terms "comprises", "comprising", or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a hst of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Further, no element described herein is required for the practice of the invention unless expressly described as "essential" or "critical". Other combinations and/or modifications of the above-described structures, features, arrangements, apphcations, proportions, elements, materials or components used in the practice of the present invention, in addition to those not specifically recited, may be varied or otherwise particularly adapted by those skiUed in the art to specific environments, manufacturing or design parameters or other operating requirements without departing from the general principles of the same.

Claims

CLAIMSWe claim:

1. A method for managing hcensing data, comprising the steps of: providing a host system having a processor for processing digital data; providing a client system having a processor for processing digital data and communicably connected to said host system; providing a hcense management host apphcation running on said host system, said host appUcation having access to a Ucensing database; providing a Ucense management cUent appUcation running on said chent system, said chent apphcation having access to a chent hcense datastore; providing a user interface configured to accept hcensing orders, said user interface providing a user with access for ordering a hcense, said user interface requesting the issuance of a Ucense; issuing a Ucense from said licensing database, using said management host apphcation, in response to a user interface request to add a hcense to said chent hcense datastore; monitoring usage of a hcense so issued using said management host apphcation; compiling and displaying at least a plurality of Ucenses stored in said client license datastore using said license management cUent appUcation; and communicating with said host apphcation, using said hcense management chent apphcation to modify terms corresponding to at least one hcense stored in said chent hcense datastore.

2. The method for managing hcensing data according to claim 1, wherein said host appUcation is administered by at least one of a vendor, a distributor, an agent, a manager, a reseUer, a value-added reseller (VAR), a contractor, a sub-contractor, a subsidiary, a partner, an Original Equipment Manufacturing (OEM) provider, a Ucensee, a sub-licensee, a trustee, and a fiduciary.

3. The method for managing hcensing data according to claim 1, wherein said communicable connection between said client system and said server system is selected from the group consisting of a LAN, a WAN, a VPN, the Internet, an extranet, an intranet, and any combination thereof.

4. The method for managing hcensing data according to claim 1, wherein said licensing database is at least one of an ADO compliant database, an ODBC database, a relational database, a flat file, and an SQL compatible database.

5. The method of managing hcensing data according to claim 1, further comprising the step of populating said database with default structure.

6. The method of managing hcensing data according to claim 5, further comprising the step of populating said database with default data.

7. The method of managing hcensing data according to claim 5, wherein said population of said database comprises hcensing terms.

8. The method for managing hcensing data according to claim 1, wherein said datastore is encrypted.

9. The method for managing hcensing data according to claim 1, wherein said datastore is stored locaUy on the chent system.

10. The method for managing licensing data according to claim 1, wherein said datastore is hosted from a remote location.

11. The method for managing Ucensing data according to claim 1, wherein a Ucense issued by said host apphcation is at least one of a trial Ucense, a time-limited Ucense, a perpetual Ucense, a subscription-based license, and an irrevocable license.

12. The method for managing hcensing data according to claim 1, wherein said client apphcation uses a graphic user interface (GUI) for compiling at least a plurality of Ucenses stored in said chent hcense datastore.

13. The method for managing hcensing data according to claim 12, wherein said GUI further comprises a native file management appUcation component of said cUent system's operating system.

14. The method for managing Ucensing data according to claim 1, wherein said modification of the terms corresponding to at least one hcense stored in said client hcense datastore further comprises a method step selected from the group consisting of deleting a license, expiring a hcense, terminating a hcense, renewing a hcense, manually subscribing a license, automatically subscribing a hcense, transferring a hcense, abandoning a hcense, reactivating a hcense, and any combination thereof.

15. The method for managing hcensing data according to claim 1, wherein said license management host appUcation further comprises at least one of a Terminate and Stay Resident program (TSR), an operating system service, a daemon, a stand-alone application, an applet, a protected mode appUcation, a multi-threaded application, a paraUel processed appUcation, and a distributed processing apphcation.

16. The method for managing hcensing data according to claim 1, wherein said host apphcation monitoring of usage of a Ucense further comprises a method step selected from the group consisting of coUecting machine identification data, collecting user identification data, tracking time of use data, tracking duration of use data, sending a cookie from said client system to said host system, and any combination thereof.

17. The method of managing hcensing data according to claim 1, further comprising the licensing of a software apphcation.

18. The method of managing hcensing data according to claim 1, wherein said chent system further comprises at least one of a computer, a kiosk, a web access portal, a Point of Sale (POS) terminal, a smartcard, a wireless transmitter, a portable digital assistant, a telephone, a mobile phone, a pager, and an information apphance.

19. The method of managing Ucensing data according to claim 1, wherein said host appUcation further comprises tools to customize the Ucensing database.

20. The method of managing hcensing data according to claim 1, wherein said user interface for accepting hcensing orders further comprises media adapted for display on a web browser.

21. A system for managing Ucensing data, comprising: a host system having a processor for processing digital data; a chent system having a processor for processing digital data and communicably connected to said host system; a hcense management host apphcation running on said host system, said host apphcation having access to a hcensing database; a hcense management chent apphcation running on said client system, said client appUcation having access to a chent license datastore; a user interface configured to accept Ucensing orders, said user interface providing a user with substantially self-service access for ordering a hcense, said user interface requesting the issuance of a hcense; a management host apphcation for issuing a hcense from said hcensing database in response to a user interface request to add a hcense to said client Ucense datastore, said management host appUcation monitoring usage of a Ucense so issued; and said license management cUent application compiling and displaying at least a plurahty of hcenses stored in said client license datastore and communicating with said host apphcation to modify terms corresponding to at least one hcense stored in said chent hcense datastore.

22. The system for managing hcensing data according to claim 21, wherein said host service is administered by at least one of a vendor, a distributor, an agent, a manager, a reseUer, a value-added reseller (VAR), a contractor, a sub-contractor, a subsidiary, a partner, an Original Equipment Manufacturing (OEM) provider, a hcensee, a sub-licensee, a trustee, and a fiduciary.

23. The system for managing hcensing data according to claim 21, wherein said vendor is also a distributor.

24. A method for managing the Ucensing of software, comprising the steps of: providing a host system having a processor for processing digital data; providing a client system having a processor for processing digital data and communicably connected to said host system; providing a Ucense management host appUcation running on said host system, said host apphcation having access to a hcensing database; providing a software application to be Ucensed; providing a substantiaUy turnkey wrapping utility for securing compiled instruction code and wrapping said software appUcation with licensing security code; providing a hcense management chent apphcation running on said chent system, said cUent appUcation having access to a client hcense datastore; providing a user interface configured to accept hcensing orders, said user interface providing a user with substantiaUy self-service access for ordering a Ucense, said user interface requesting the issuance of a Ucense; issuing a license from said licensing database, using said management host apphcation, in response to a user interface request to add a Ucense to said chent license datastore; monitoring usage of a Ucense so issued using said management host apphcation; compiling and displaying at least a plurality of licenses stored in said client license datastore using said license management cUent appUcation; and communicatmg with said host apphcation, using said hcense management client application to modify terms corresponding to at least one hcense stored in said chent hcense datastore.

25. The method for managing the Ucensing of software of claim 24, further comprising the step of said host service providing means for downloading said wrapped apphcation.

26. The method for managing the Ucensing of software of claim 24, further comprising the steps of: providing means for purchasing a hcense from said host service; and processing payment for said purchase of a hcense.

27. The method for managing the hcensing of software of claim 24, wherein said host appUcation further comprises tools to customize the hcensing database.

28. The method for managing the hcensing of software of claim 24, wherein said host apphcation further comprises tools to customize the wrapping of said software apphcation.

29. The method for managing the hcensing of software of claim 24, further comprising the step of encrypting said wrapped appUcation.

30. The method for managing the hcensing of software of claim 24, further comprising the step of obtaining information from a user of the hcense management chent apphcation to authorize access to execute said wrapped apphcation.

31. The method for managing the hcensing of software of claim 24, further comprising the step of downloading said wrapped apphcation over a communications network.

32. The method of managing the hcensing of software of claim 24, further comprising the distribution of wrapped vendor/developer software apphcations by a distributor.

33. The method of managing the Ucensing of software of claim 32, wherein the distributor is also the vendor/developer.

34. The method of managing the hcensing of software of claim 24, further comprising the step of offering user-selectable software options for the wrapped apphcation before issuing a hcense to execute the wrapped apphcation.

35. The method of managing the hcensing of software of claim 24, further comprising the step of providing tools to customize the functionality of said Ucense management host apphcation.

36. The method of managing the hcensing of software of claim 24, further comprising the step of providing tools to customize the functionality of said Ucense management cUent appUcation.

37. The method of managing the hcensing of software of claim 24, further comprising the step of providing tools to customize the distributor-created hcensing code.

38. A method for protecting software from unlicensed use, comprising the steps of: providing turnkey licensing code to vendors for wrapping a vendor-provided software apphcation; encrypting said vendor-provided software apphcation; wrapping distributor Ucensing code around said vendor-provided software appUcation.

39. The method for protecting software from unlicensed use of claim 38, wherein said vendor is also a distributor.

40. The iterative appUcation of the method for protecting software from unlicensed use according to claim 38, wherein the wrapped code produced in the preceding iteration is further wrapped to produce at least a second generation wrapped executable application.

41. The method for protecting software from unlicensed use according to claim 38, wherein the distributor code is compiled substantially concurrent with compilation of said vendor-provided software.

42. The method for protecting software from unlicensed use according to claim 38, wherein vendor-provided startup code is replaced with distributor-provided startup code.

43. The method for protecting software from unlicensed use of claim 42, further comprising the step of using the distributor-provided startup code as a decryption key.

44. The method for protecting software from unlicensed use according to claim 38, further comprising the step of executing said wrapped apphcation, wherein the wrapped software apphcation begins execution at a substantially random codebase offset entry point.

45. The method for protecting software from unlicensed use according to claim 38, further comprising the step of calculating a CRC for the wrapped apphcation at least prior to execution of said wrapped application to determine if the wrapped appUcation has been modified.

46. The method of protecting software from unlicensed use of claim 45, further comprising the step of disabling execution of said wrapped application if said wrapped appUcation has been determined to have been modified.

47. The method for protecting software from unlicensed use according to claim 38, further comprising the step of monitoring execution of said wrapped apphcation to determine if tampering attempts to said wrapped apphcation are being made.

48. The method for protecting software from unlicensed use according to claim 47, further comprising the step of terminating execution of said wrapped application in response to said tampering attempts.

49. The method of protecting software from unlicensed use accordmg to claim 38, further comprising the step of obtaining information from the user to validate hcensing information and to permit execution of said wrapped appUcation.

50. The method of protecting software from unlicensed use according to claim 38, further comprising the step of calculating a machine fingerprint for comparison with Ucensing information to authorize execution of said wrapped apphcation.

51. The method of protecting software from unlicensed use accordmg to claim 38, further comprising the step of providing a hcense on a subscription basis.

52. The method of protecting software from unlicensed use of claim 51, further comprising the step of automatically renewing said hcense subscription.

53. The method of protecting software from unlicensed use according to claim 38, further comprising the step of providing a distributor with a system for managing licensing data according to claim 21.

54. The method of protecting software from unlicensed use according to claim 38, further comprising the step of providing a vendor/developer with system for managing licensing data according to claim 21.

55. The method of protecting software from unlicensed use of claim 54, wherein the vendor/developer is also the distributor.

56. A system for providing substantiaUy self-serviced access in a network envkonment to a plurality of vendor-provided software applications for electronic distribution to a remote user, said system comprising: means for providing at least a plurality of software appUcations for distribution; means for electronically distributing at least one software appUcation; means for protecting at least one software appUcation so distributed from unlicensed access; means for storing hcense files in a hcensing database; means for issuing a hcense from said Ucenshig database to said remote user; and means for modifying the terms of the issued hcense, thereby aUowing said system to provide substantially self-service electronic distribution from the perspective of said remote user.

57. The system for providing substantially self-serviced access to a plurahty of vendor- provided software apphcations according to claim 56, further comprising means for said remote user to select optional software features.

58. The system for providing substantially self-serviced access to a plurahty of vendor- provided software appUcations according to claim 56, wherein said means for providing at least a pluraUty of software appUcations for distribution comprises a web-based storefront.

59. The system for providing substantially self-serviced access to a plurahty of vendor- provided software apphcations according to claim 56, wherein said issued hcense is a subscription based hcense.

60. The system for providing substantially self-serviced access to a pluraUty of vendor- provided software apphcations according to claim 56, wherein said means for modifying said hcense comprises an automatic renewal of said Ucense.