j INTERNETI /
Contents
1. automatically collecting information regarding the user s machine forming a digital asset identifier including the collected user and machine information associating the digital asset identifier with the digital asset and storing said digital asset identifier in a database associated with the server 2 The method of claim 1 wherein said digital asset identifier is inserted into the digital asset 3 The method of claim 1 wherein said digital asset identifier 15 attached to the digital asset 4 The method of claim 2 further comprising the acts of segmenting a digital video asset into frames and replacing the edge tag of each video frame with an edge tag including said digital asset identifier 5 The method of claim 1 further comprising the act of presenting the user a new user template for allowing a user to select a desired digital asset 6 The method of claim 5 further comprising the act of executing a script to guide the user through the license process and checkout process responsive to the selection of a digital asset by the user 7 The method of claim 6 further comprising the act of processing payment for the digital asset 8 The method of claim 7 further comprising the act of including financial information collected during the pay ment process in said digital asset identifier 0 2006 0265336 1 9 The method of claim 1 further comprising storing said digital asset identifier and associated user i2. IS LOADING OF THIS SOFTWARE PERMITTED RECORDS INDICATE THAT THIS SOFTWARE HAS ALREADY BEEN LOADED YOU MAY BE IN VIOLA TION OF YOUR LICENSE AGREEMENT However reloading of software may be normal in the event of hard disk failure Consequently software providers cannot feasi bly prevent the software application from being loaded more than once Furthermore if first run registration enablement 15 required copiers can simply copy the software repeatedly prior to registering the original copy 0009 Another security technique is to enable a software application for a defined period of time This usually involves incorporating a date time checking mechanism into the software application Such a mechanism may be used where a software provider wants to supply for example a 30 day demonstration version of a software application for user evaluation If the user decides to purchase a license following the evaluation period the user may contact the software provider and supply payment information Follow ing approval e g credit card or receipt 1 check of the payment the software provider may supply the user with a regular copy of the software or provide instructions or a codeword to disarm or reset the date time checking mecha nism 0010 In operation a date time checking mechanism records a date time stamp when a software application is 0 2006 0265336 1 first brought up Alternatively or in addition the date time
3. or floating A fixed license permits a software application to run on certain designated computers e g computer numbers one through five in a ten computer file server group are designated for the licensed software appli cation A floating license permits a certain number of applications to run on any number of computers at a given time So an application operating under a floating license may be allowed to simultaneously run on no more than ten of twenty computers in a network at any given time Licensing management software is maintained in the net work file server to monitor the number of floating licenses being used 0013 Commercial software is prone to installation inter ruptions as it almost always requires involved enablement procedures In accordance with regular industry practices commercial software applications are ordinarily enabled following their installation by contacting the software pro vider for enablement instructions and or enabling codes This process is rarely instantaneous The software provider usually confirms that the software license is proper and paid for before faxing e mailing or even using regular mail to provide a set of enabling instructions enabling codes or disk s with which to bring the application up Conse quently the software remains disabled until additional instructions are supplied and followed which are usually sent only after an enablement request is approved 0014 Manage
4. as an initial check of whether the demonstration period has expired If there is date time corruption the client application can be disabled 0079 an audit function the contents of a message generated by the Check Out License procedure can be recorded in the license server or upstream licensing module 0 2006 0265336 1 Relevant information recorded by the license server can include but is not limited to the hardware identifier of the computer upon which the client application is loaded e g the IP address the application name feature names and the application version number Additionally a client module registration number or like identifying means can be nested in a client application This registration number also can be passed upstream in a request message for audit recordation A client module registration number allows a software provider to track the proliferation paths and patterns of copied client applications Consequently a software pro vider can determine the source of copied software A soft ware provider can force a user to attach a non connected computer to a network access point by supplying a prompt indicating to the user that a client application will not enable unless and until it checks in Consequently if the user chooses to use the client application i e attach com puter to a network access point the software provider is informed of the client application s use 0080 second proc
5. authorization ID In a subsequent client to agent commu 0 2006 0265336 1 nication the key is used for client encryption of message The message is then decrypted at the agent using the common key 0093 In order to allow encryption synchronization all of the data structure fields in an initial communication between a client agent pair are unencrypted Subsequent communi cations have certain fields encrypted In response to an initial communication the agent passes back a first key The message is then re sent having designated fields of the client data structure encrypted The response passed back by the agent in a next communication contains a new key for use in a subsequent communication In this way the client and agent maintain encryption synchronization by supplying the same key to their respective encryption engines In accor dance with a preferred embodiment the key is a random number generated by an agent 0094 The encrypted fields of the data structure contents passing between a client and agent include the license and authorization Ids and any proprietary data required for validation such as floating license information All of the fields of the data structure contents can be encoded how ever the application name feature name hardware identi fier and a licensing system version number are preferably left unencoded In the event that there is lack in synchroni zation a client or agent can look to the unenc
6. class sub class designation a single license validity inquiry generated by for example a file server s licensing module can enable a sub class license that covers the client applications of all of the desktop computers 500 in the file server s group This is generally more efficient than having each desktop computer 500 individually vali date its own license through the license server 526 Further more because the sub class license maintained on the file 0 2006 0265336 1 server itself fall under a class license maintained on the minicomputer the validity inquiry by the file server may be addressed by the minicomputer rather than forwarding the request further upstream 0070 In accordance with a preferred embodiment of the invention licensing modules periodically and systematically initiate license validity inquiries upstream The responses to the periodic inquiries are recorded into the cache compo nents of the licensing modules As a result client modules and client components need ordinarily communicate with a next upstream agent to be enabled re enabled or to update their caches Periodic self validation updating of the licens ing modules also provides for more uniform request traffic on the licensing server 526 This can provide efficiencies in propagating license information from the licensing server in response to license validity inquiries Of course the fore going system can operate by passing individual li
7. file server computers 402 The licensing modules in the file server computers 402 communicate with a licensing module in the minicomputer 406 which licensing module in turn communicates with a licensing module in the main computer 412 at the corporation headquarters The licensing module in the main computer 412 uses a public network such as the Internet 414 to communicate with a license server 416 maintained by a software provider who developed the soft ware application s on the desktop computers 400 Main computers 413 and 415 at other corporations or institutions also can communicate with the license server 416 to com municate license inquiry and response messages 0064 A representation of the network scenario depicted in FIG 4 illustrating licensing system components in accordance with an exemplary embodiment of the invention is shown in FIG 5 Various network computers are depicted in symbolic form to assist in illustrating the components involved in the exemplary embodiment of the invention Desktop computers 500 contain software applications 514 having licensing system client modules 516 attached thereto The desktop computers 500 are tended by group file servers 502 on networks 504 Each of the group file server com puters 502 minicomputers 506 508 and 510 and a main computer 512 contain a licensing module A licensing mod ule comprises an agent component 518 a cache memory component 520 and a client component 522 The
8. file servers minicomputer main computers that form the net work hierarchy Operation of such a system is substantially similar to that of a network embodiment of a license management system described above Alternatively client modules can communicate directly with a license server 604 over a public network such as the Internet 616 0088 As mentioned in the Background above software licensing management systems conventionally maintain pro prietary that is application specific licensing code in soft ware applications 1 application portion Corresponding proprietary licensing code also is maintained in the file server or like network element i e authenticator portion Consequently a conventional system typically has to main tain several separate licensing validation programs on a file server to check each of the software applications loaded on sub tended computers A system in accordance with the latter embodiment of the invention provides for a generic Nov 23 2006 solution whereby a single client module is maintained on the desktop computer that handles all of the licensing manage ment for the computer s client applications Hence the computers and corresponding servers need not contain sev eral licensing system applications each having proprietary code 0089 Because the exemplary embodiments described above describe use of the Internet as a communications medium the hardware identifier maintained in the c
9. information can be passed upstream in the context of a license validity inquiry request message If the software version has expired a message can be passed back in the status field of the authorization ID indicating this informa tion to a user The user may then be asked to license and procure a new version of the software Software version control can be used to prevent version collision and to force users to stop using expired software versions by simply disabling them 0101 Another aspect of the invention is license system version control By monitoring and controlling the version of the license system that is operating a common denomi nator between client and agent Communications can be maintained Alternatively in the event that different versions are allowed appropriate translations of data fields can be made to ensure the different versions can still communicate In a preferred embodiment a given client can only commu nicate with an agent of the same or newer version Licensing system version control also permits modifications to be made to improve enhance or entirely change an encryption schemes used by the licensing system 0102 The present invention also can be used to maintain a software use billing system for use with commercial client applications A billing system in accordance with the inven tion can use client application and feature use information from the audit system The audit system information can be trans
10. license server 526 maintained by the software provider contains an agent module 524 For any of the licensing modules in the intermediate computers between the desktop computer 500 and the license server 526 the licensing module s client component 522 communicates with the agent component 518 of an upstream licensing module or with the agent module 524 of the license server The licensing module s agent component 518 communicates with a downstream licensing module s client component 522 or a client module 516 in desktop computer 500 Communication between the upper most licensing module in the internal network 1 licensing module 512 and the agent module 524 in the license server 526 is conducted over a public network such as the Internet 528 0065 An audit function can be implemented in a net worked embodiment of the present invention in a number of ways For example the upper most licensing module 512 can maintain software such as an audit tool 530 that tracks use of client applications in underlying computers in the network An audit report can be periodically generated and sent upstream to the license server 526 The license server 526 can record and interpret the audit report to monitor use of client application software Alternatively license validity inquiry request message traffic from individual client appli Nov 23 2006 cations can be recorded in the license server 526 Audit information can be used to ge
11. managers who wish to audit software application use activity in a network In an exem plary embodiment a client module installed in an individual desktop computer wraps around software applications selected for monitoring When the wrapped application 0 2006 0265336 1 used or seeks a floating license from a file server a licensing module installed in the file server computer records the activity In a floating license system the licensing module can be configured to always reserve a license for use by certain individual computers e g the CEO s computer Audit records generated by the licensing module can be periodically checked by the MIS manager to see if adjust ments are needed e g purchase a greater number of floating licenses 0086 A variation of the latter system also can be installed in existing network to retrofit a licensing management system Client modules wrap previously installed applica tions thereby converting them into client applications The client modules on individual computers monitor and or control client application use The client modules can report to licensing modules in upstream file servers or report directly to a license server over a public network Such a system can be used by software providers as an aftermarket component installed on top of existing software systems In such a setting a client module can be responsible for handling license validation of more than one client applica
12. message generated by a client module A database can be used to store the information A software provider or vendor can access recorded information stored in the database to generate client application use reports Such an auditing system can be a part or a function of a system for enabling validating and or disabling licensed software 1 client applications When configured as such audit data can be derived from license inquiry request messages Furthermore the license record database in the license server can be used to store the collected audit data Alternatively a separate database can be used 0023 Ina personal computer setting an exemplary cess in accordance with the invention may involve utilizing a modem or like device in the computer The client module generates and sends a license validity inquiry request mes sage to a regional or central license server maintained by the software provider The license server contains an agent module for communicating with the client module and a database containing license records The database in the license server is checked to see if a valid license record exists for the requesting client application and computer If 50 a message is transmitted back that allows enablement or re enablement of the client application The licensing server also can record information corresponding to the request in the database containing the license records or in a different database 00
13. nulled A license validity inquiry response message containing the client data structure is then formed by the agent and returned to the client module 0082 The client module investigates the data structure contents returned in the response message to analyze license and authorization ID information If the authorization ID indicates the continued presence of a valid license the client module allows the client application to remain enabled The new authorization ID is stored in the client data structure in the client module for future license validation checks or to check in the license If the data structure fields for the license and authorization IDs are null the client application is disabled and the client data structure is deleted Alterna tively the user can be prompted to indicate whether a new license would be desirable If so any of the procedures previously described can be used to procure a new license e g access Web homepage The Check In License procedure can be used to return a license or disable a feature Nov 23 2006 when a user has completed use of the client application or a feature contained therein The procedure in accordance with an exemplary process incorporating the invention generates a new client data structure containing the name of the software application any feature name s that is to be disabled the name of the upstream agent component mod ule the license ID the authorization ID a date tim
14. of licensed software 0003 It is well known that software is not purchased but only licensed for use Software unlike manufactured prod ucts can be freely copied and distributed Hence software providers are largely limited in their choice of control means Unfortunately a software license is merely a legal mechanism and cannot literally prevent illicit copying of proprietary software A typical software license grants a permit to use the licensed software application on a particu lar machine and perhaps the generation of backup copies for personal use A software license provides a software provider with a legal instrument against impermissible use of licensed software However there remains no effective mechanism for preventing or monitoring illicit copying or illegal proliferation in the first place Hence software pro viders must rely on the public to not pirate software and rely on their licensees to abstain from furnishing copies of software to friends or others A significant amount of soft ware piracy occurs in commercial settings Commercial licensees are usually vigilant about license compliance However even the most attentive MIS manager Manage ment Information Systems cannot prevent employees from copying software off of company machines for their per sonal use As a result of illicit copying software providers must adjust their prices forcing legitimate buyers to pay higher prices to offset revenue losses 0
15. public network encompasses not only networks that are freely available to the public generally but also any private network that can be subscribed to The depiction of the client module 108 is merely for descriptive and illustrative pur poses The client module 108 can be code nested within the software application 102 0046 In accordance with an exemplary embodiment of the invention the client module 108 automatically initiates a process to determine whether the software application 102 is validly licensed This can happen each time the client application 103 is brought up The licensing module 108 operates transparently and utilizes the modem 106 to form a connection with the licensing server 110 Once the connec tion is made the client module 108 sends a license validity inquiry request message to the license server 110 The agent module 114 receives the request and queries the database 112 to determine whether a license record exists that corre sponds to the client application 103 and computer 100 The license server 110 also can record relevant information contained in the license validity inquiry request message to audit the use of client application 0047 Pursuant to the query a response message is gen erated and returned back to the client module 108 by the agent module 114 If the query finds a valid license record the response message indicates the license record s exist ence and location in the database 112 The client m
16. server can be performed in a variety of ways Software can be purchased and paid for in an interactive commercial transaction conducted over the Internet as described above The result of such a transaction is to establish a license record in the licensing server database A subsequent vali dation check by the client application will allow the software to be enabled The database entry also can be formed by pre authorization If the software is purchased from a ven dor the vendor in the context of the transaction can perform the database entry shortly after the software 15 supplied to the user or company When the software is brought up on the client computer an initial validity check will return an Nov 23 2006 enablement response because a license record has already been established Alternatively software can be pre enabled with a temporary term license thereby providing a software provider with a time window in which to establish a license record Other techniques for establishing an entry in the database and thus enabling the corresponding client appli cation include using automated telephone operator systems A client can call a telephone number and use a touch tone phone to respond to prompts presented by an automated operator Hence any mechanism for initializing the data base and consequently automatically enabling the software is deemed suitable 0097 Another aspect of systems operating in accordance with the inventi
17. software application is configured to report back the first time that the software application is brought up a software provider can keep track of or audit which and how many machines the software application 1 operating on The licensing server can be set to initially enable any request received for the software application being audited At the discretion of the software provider the software application can be turned off at anytime The software provider can respond to subsequent licensing enablement or validation requests by supplying a prompt inviting the user to purchase a license variation on the audit function can be used to log questionable user activity 0099 additional security aspect of systems in accor dance with the invention is the provision of an activities log in the client module licensing modules or license server Such a log gathers information associated with any or all validation requests or irregularities Information gathered in such a log may include but is not limited to data time stamps to ensure periodic checking is not interfered with and the identity of a machine corresponding to the origin of an inquiry request The foregoing information can be used to facilitate the investigation of a pirate if the pirate s activities require legal attention 0100 Software version control can be provided in accor dance with another aspect of the invention Software version 0 2006 0265336 1 number
18. tion loaded on the computer If two or more client software applications on a computer are by a same software provider the client module can generate a single validity request message covering each wrapped client application Such a system has the effect of providing a generic licensing validation system for all of the licensed software on a desktop machine supplied by a particular software provider 0087 An exemplary licensing system that can be retro fitted in an existing computer network is depicted in FIG 6 An individual computer 600 has a client module 618 installed therein The client module 618 is wrapped around one or more software applications 620 622 624 and 626 to create client applications In a preferred embodiment the client applications are specific to the software provider who is retrofitting their networked software with the licensing system However if a license record database is configured as a clearing house whereby a multitude of software providers consolidate license information in a single server or a network of license servers the client module 618 can validate software licenses by a variety of software providers The client module 618 can enable or validate the client applications by communicating with a licensing module in a file server 602 The licensing module in the file server 602 also is a retrofitted component in the license system Licens ing modules are installed in each of the computers e g
19. 004 Although the estimates for losses due to piracy are estimated in the billions of U S dollars such estimates remain mere projections This is because of their way of determining how widely software is copied More specifi cally there is no mechanism by which to monitor the proliferation and use of software copied or otherwise Statistics regarding the use of legitimately purchased soft ware also remains unknown to software providers and vendors Despite sales data purchased software may be found ineffective by users and sit unused on hard drives Consequently software providers may not have a firm understanding of how their products are being received by users Whether used or not most proprietary software con tains some security mechanism and or registration mecha nism Nov 23 2006 0005 There are number of schemes designed to prevent software from being copied or to make use of copied software unduly burdensome These schemes however are largely ineffective complex and add to development costs Furthermore for every protection scheme devised by pro grammers there are hackers who will diligently go about undermining them A first line of defense is to encourage legitimate users to register their licensed software 0006 Registration of software provides a software pro vider with a record of a valid license Registration typically involves filling out and mailing a registration card that is provided in an off t
20. 24 Ifa license record is not found the client applica tion is not enabled A menu can be presented asking whether Nov 23 2006 the user would like to purchase a license and thus enable the software The menu may direct a user to a Web homepage where a license can be purchased automatically open a session to such a homepage or provide a telephone number of a sales representative or automated operator Optionally the user can initiate a demonstration mode of operation to evaluate the client application 0025 In a commercial or institutional computer environ ment ie networked computers a licensing system in accordance with exemplary embodiments of the invention can involve a hierarchical arrangement of licensing modules arranged between client application s and a license server At the desktop computer level a client module monitors one or more software applications on the desktop com puter Computers such as file servers residing at each level of the network between the desktop computers and the license server contain licensing modules Licensing mod ules include an agent component for communicating with a downstream client a cache component for interim storage of license information and a client component for communi cating with an upstream agent 0026 Operation in an exemplary process involves the client module in a desktop computer communicating upstream with an agent component in a licensing module A client c
21. 8 306 gt en CLIENT DATABASE AGENT 310 0 2006 0265336 1 gt T oe 0 en 308 306 300 CLIENT DATABASE AGENT INTERNET 310 316 08 306 302 300 2 9 gt j B 31 Patent Application Publication Nov 23 2006 Sheet 4 9 US 2006 0265336 1 qu ai me SED J Leo T 7 HIT Hae L nu A ail 5 Dr lae A C pro 400 404 FIGURE 4 416 414 413 415 INTERNET 490 412 Patent Application Publication Nov 23 2006 Sheet 5 9 US 2006 0265336 1 FIGURE 5 526 10 0 515 lt 888 wo c C C uw us 5 Patent Application Publication Nov 23 2006 Sheet 6 9 US 2006 0265336 1 5 SOFTWARE APPLICATION 2 SOFTWARE APPLICATION 4 Patent Application Publication Nov 23 2006 Sheet 7 of 9 US 2006 0265336 1 WEB SERVER m i 5 700 704 705 0 2006 0265336 1 Patent Application Publication 23 2006 Sheet 8 of 9 LL PUA isar Qi ast acn 50 pog zq 402 pou m gg 914 13 914 LOIS Q Patent Application Publication Nov 23 2006 Sheet 9 9 US 2006 0265336 1 99 DAI Digital Asset ID Public Pr
22. The invention provides the benefit of being able to freely distribute licensed software incorporating the invention with reduced apprehension of the software being illicitly copied or used without its being properly licensed Alternatively a system in accordance with the invention can be used to track and maintain records of the proliferation and use of software incorporating the invention 0130 invention has been described with reference to particular embodiments However it will be readily appar ent to those skilled in the art that it is possible to embody the invention in specific forms other than those of the embodi ments described above Embodiment of the invention in ways not specifically described may be done without depart ing from the spirit of the invention Therefore the preferred embodiments described herein are merely illustrative and should not be considered restrictive in any way The scope of invention is given by the appended claims rather than by the preceding description and all variations and equiva lents which fall within the range of the claims are intended to be embraced therein What is claimed is 1 A method for forming a digital asset identifier for a digital asset comprising receiving a request from a user to download a digital asset from a server over an IP compliant network collecting information through a user interface regarding the user and the digital asset desired to be downloaded
23. US 20060265336 1 as United States a2 Patent Application Publication ao Pub No US 2006 0265336 A1 Wesinger 43 Pub Date Nov 23 2006 54 AUTOMATED SYSTEM FOR MANAGEMENT Aug 4 1998 now abandoned which is a continua OF LICENSED DIGITAL ASSETS tion of application No 08 607 081 filed on Feb 26 1996 now Pat No 5 790 664 75 Inventor Ralph E Wesinger Palo Alto CA Said application No 10 079 221 is a continuation in US part of application No 09 189 697 filed on Nov 10 1998 now Pat No 6 647 422 which is a division of Correspondence Address application No 08 607 068 filed on Feb 26 1996 SIERRA PATENT GROUP LTD now Pat No 5 870 550 1657 Hwy 395 Suite 202 Minden NV 89423 US Publication Classification 73 Assignee GRAPHON CORPORATION Santa 51 Int Cruz CA US G06Q 99 00 2006 01 52 US CL an naan 705 65 21 Appl No 11 460 935 57 ABSTRACT 22 Filed Jul 28 2006 245221 A method of distributing licensed digital assets across a Related U S Application Data public computer network is disclosed The method com prises generating a digital asset identifier the digital asset 60 Division of application No 10 371 759 filed on Feb identifier identifying a digital asset and a source for the 20 2003 which is a continuation in part of applica tion No 10 079 221 filed on Feb 19 2002 which is a continuation of application No 09 128 652 filed on digital asset
24. abling a license or feature A after its use in the event that there is a per use cost associated with the software The following exemplary process descriptions are provided for a case wherein a client application is validating itself directly or indirectly 1 through one or more licensing modules over the Internet 0073 Each of the procedures involves initially forming a connection with a corresponding upstream agent The agent can be the agent component of a licensing module in an upstream network file server or like machine containing a licensing module Or the upstream agent may be the agent module in a license server in which case the connection is formed over a public network such as the Internet 0074 When a client application is first brought up the Check Out License procedure is initiated The purpose of the Check Out License procedure is to enable the software application to which the client module is attached In addi tion the Check Out License procedure can be used by to track the proliferation of a client application In accordance with an exemplary process incorporating the invention the Nov 23 2006 client module s Check Out License call generates a client data structure containing the name of the software applica tion any feature name s that is to be enabled the name of the upstream agent component module a hardware identifier ofthe computer containing the client application a date time stamp and a ve
25. ample the channel processing module can verify the user s identity by obtaining the user s reverse DNS on the user s email address search for a published phone number associated with the user query a local database to find a network interface card NIC asso ciated with the user or query the database on license server 304 to determine license information and or user informa tion 0116 At reference numeral 805 the channel processing module may if necessary use the parameters and or infor mation to test the user s machine for capabilities related to using the requested digital asset 0117 In embodiments of the present invention if the requesting client is unable to process the requested digital asset due to resource problems such as in cases where the requesting client lacks certain software or other resources to play the digital asset or in other cases where the requesting client evidences a license must be obtained before playing the requested asset the requesting client can be directed at reference numeral 806 to a resource that can provide to the requesting client technical resources necessary to play the requested digital asset a license associated with use of the requested digital asset or a subset of the digital asset as described above 0118 However if the requesting client is capable of processing the requested digital asset either by possessing the necessary technical resources or evidencing a license associa
26. ate with any agent and vice versa This arrange ment facilitates network configuration flexibility 0028 Operation of an exemplary system incorporating the invention in the network environment involves a client module in a client application forming and communicating a license validity inquiry request message upstream An agent component in a nearest upstream licensing module receives the request The licensing module checks its cache to determine if a license record exists corresponding to the request The licensing module can then respond with an appropriate message If the license information is not found at that level the licensing module can forward the request 0 2006 0265336 1 upstream to determine if the license is of record in upstream cache This may continue up to the license server When and if a license record is found the information is copied into the cache of the licensing module nearest to the computer originating the request for future reference In accordance with another aspect of systems incorporating the invention the licensing modules periodically communicate upstream to fetch license information in order to revise and maintain currency of their cached license records By doing so a validity request can be addressed by a nearest upstream agent Furthermore periodic checking can permit manage ment of request message traffic on the license server 0029 In accordance with an exemplary embodiment of the in
27. cense validity request and response messages through the licensing modules 0071 The result of the hierarchical arrangement is to control the flow of validity inquiry traffic received and responded to by the licensing server If a license server dedicated to a particular client application is employed the license server may be able to handle all ofthe license inquiry traffic received However if a single license server handles license validity inquiry requests for a variety of client applications request traffic management may be needed By arranging the system in a hierarchical fashion and designat ing the licenses in accordance with class and hierarchical subclass designations the licensing server can manage request traffic for a several different client applications 0072 Client components and modules contain a set of license management procedures for handling license record information In accordance with an exemplary embodiment ofthe invention three validation procedures are used Check Out License Validate License and Check In License Check Out License is responsible for the initial enablement of a client application Validate License is responsible for peri odic re enablement of a client application Check In License can be used for decrementing a floating license count or indicating client application status in a database license record when use of a client application is completed Check In License also may be used for dis
28. ch frame at reference numeral 912 The random seed is different for every frame generating a fixed m series in an audio track While FIG 9B shows only a single track being processed other tracks in the digital asset can also be generated this way To embed the DAI the wave value can be changed Building this change into the digital asset should be done in a frequency range about that of normal human hearing As shown in FIG 9B the original digital asset is not disturbed and the DAT and the seed algorithm are stored in the user information in the database on license server 304 This DAI can serve as a key for detecting the digital asset should it be pirated 0127 In an exemplary commercial embodiment the present invention can take the form of a software package comprised of floppy disks a CD ROM or even a down loadable package The software package may consist of a library of object modules that can be selected as needed by a software applications designer The designer may select various object modules from the library for insertion into a pre compiled version of a software application The entire software application including the selected object modules is compiled to create a single executable client application The selection of insertion points and frequency is left to the discretion of the designer Validation check watchdog timers can be distributed throughout a software application Vali dation checks can be inserted to corres
29. ct the computer user to a Web homepage maintained by the software pro vider Alternatively the client module 108 can directly initiate a session with the Web server 118 that supports a homepage through which the user can purchase a license A first screen on such a homepage can prompt the user to indicate whether the purchase of a full license would be desirable or whether a demonstration period is preferable to evaluate the application If neither of these options is selected the session is terminated If the user opts to take a license the user can be prompted with questions asking which features in the software application are to be enabled the price of the license can be adjusted accordingly The session can conclude with the presentation of a payment screen inviting the user to enter credit card information or to call a sales representative in order to supply payment information 0057 If credit card information is supplied in the home page session it can be gathered using the system disclosed in the U S patent application Ser No BDSM Attorney Docket No 025553 014 entitled System for Securely Storing Information Received Over a Public Network by Coley and Wesinger filed on Feb 6 1996 and incorporated herein by reference in its entirety Once the credit card information is entered a response message can be sent to the client module 108 temporarily enabling the software appli cation 102 The database 112 can then au
30. e stamp and the version number of the licensing system 0083 Following completion of the upstream connection the Check In License procedure sends a license check in request message to the upstream agent which request mes sage contains the new client data structure contents The license ID information in the client data structure is used by the upstream agent to directly access the memory location where the license record was previously located The exist ing license record is modified to indicate the disablement of a feature or is deleted if the agent is the agent module in the license server If the agent is an agent component in a licensing module the license is designated for deletion This information is passed upstream in a license check in request message subsequently sent up stream by the licensing mod ule in its next periodic self validation The license and authorization ID fields of the client data structure are nulled and a license check in response message containing the client data structure is then formed by the agent and returned to the client module The client module then deletes the client data structure 0084 It is important to note that in a network setting incorporating the aforementioned exemplary processes the client components of the licensing modules also can use the Check Out Check In and Validate License procedures to update licensing records stored in their cache components Performance of these proc
31. edures by the licensing modules is substantially similar to performance of the procedures by a client module However the corresponding license ID instead of referring to an individual client application can refer to a class or sub class license that covers a block of underlying client applications or licensing modules As previously mentioned the Validate License procedure can be periodically initiated by the licensing modules to sys tematically update the contents of their caches and to provide for request traffic management received at the license server Automatically auditing cached license records improves the likelihood of a client application or client component finding a current license record in a next upstream agent in the context of a Check Out or Validate License procedure 0085 licensing system in accordance with the inven tion in a preferred embodiment involves inserting licensing system code into a pre compiled version of a software application and then compiling that application into a single executable client application However in accordance with another embodiment of the invention the licensing system can be provided as a module that is inserted into to an existing software structure on a computer network Such a system can be used to monitor software application use in a computer network that does not otherwise have a means to audit application use This type of system can be used by individuals such as MIS
32. ess initiated by a client module or a client component is the Validate License procedure This process determines whether a previously enabled client application is still validly licensed The procedure can be called at any time For instance the initiation of the Validate License procedure can be in response to a timer expiration 1 a periodic check or at the appearance of a system interrupt e g printing is selected The Validate License procedure in accordance with an exemplary process incor porating the invention generates a new client data structure containing the name ofthe software application any feature name s that is to be enabled the name of the upstream agent component module the license ID the authorization ID a date time stamp and the version number of the licensing system 0081 Following completion of the upstream connection the Validate License procedure sends a license validity inquiry request message to the upstream agent which request message contains the new client data structure contents The license ID information in the client data structure is used by the upstream agent to directly access the memory location where the license record was previously located If the query finds a license record a new authori zation ID is generated by the agent and stored in the authorization ID field in the client data structure If a license record no longer exists the license ID field and authorization ID field are
33. gned based on the port number associ ated with an incoming access request In the present case however a proxy agent for validating a license is assigned for a request originating from a desktop machine that resides behind the firewall 1 is protected by the firewall Hence the proxy agent acts as licensing module performing all of the previously described tasks associated with licensing modules For example a proxy agent licensing module can receive and forward a license validity inquiry request mes sage from a client application residing on a protected computer The proxy agent also acts on behalf of the responding agent to accept an inquiry response message and then pass the response back to the protected computer on behalf of the responding agent The proxy agent also can facilitate periodic updates of a cache component maintained therein The proxy agent is the only IP address visible outside of the firewall The foregoing system protects the identity of the client application computer because the proxy agent acts on behalf of the computer when communicating with the outside world 0110 FIGS 8A 8D illustrate various embodiments of methods 800 1 through 800 4 for handling a digital asset in accordance with the present invention While FIGS 8A 8D illustrate specific sequences of acts other sequences can be realized in different embodiments of the present invention As referred to herein a digital asset includes any file docume
34. hat is preferably nested in a compiled version of a software application 1 to form a client application However the client module can in alternative embodiments of the invention be attached to a previously compiled software application Whether it is referring to a program nested in or attached to a software application the term client module is used throughout the present disclosure 0019 client module utilizes the public network as a means to transparently send license inquiry request mes sages to and receive license inquiry response messages from a license server maintained by a software provider The license server has a database on which license infor mation records are stored The license server also can record information contained in license inquiry request messages and thereby audit use of client applications The license record can identify a license in accordance with a hardware address or hardware identifier of the computer such as an IP address 0 2006 0265336 1 0020 Operation of an exemplary system incorporating the invention involves the client module in a client appli cation generating inquiries that are sent to the license server in the context of an Internet communication session The license server responds to the inquiry by investigating its database to determine whether a corresponding license record is present The license server then forms an appro priate response message that is
35. he DAI desired In embodiments of the present invention a new user template can be displayed to the user The new user template serves as a user interface to allow a user to select a desired digital asset and provide information to the channel pro cessing module Once the user makes a selection from the new user template a script executes to guide the user through the license process and checkout process described above During these license and checkout processes various information may be collected from the user and deposited in various databases such as the database on license server 304 or even database 308 on the client side Additional data bases such as transaction databases and purchase databases may also be implemented In embodiments of the present invention outside servers can be utilized to process various functions such as payment For example a credit card server or other financial transaction server can be utilized to process payment information provided by the user in order 0 2006 0265336 1 to purchase license associated with the selected digital asset Other data may also be collected from the user during these processes and used to construct a DAI that is inserted into or attached to the digital asset to be delivered to the user or communicated across the Internet 116 0115 In other embodiments of the present invention at reference numeral 804 the channel processing module may obtain user parameters For ex
36. he shelf software package A user may be asked to write in the serial number of the software set along with other pertinent information The defense mechanism in registration albeit weak is that a software provider will only render assistance and support to properly registered users That is a software provider will refuse to grant assistance to a user unless the user has properly registered their software 0007 The registration process also may involve respond ing to prompts generated by the software when it is first run The prompt may be a security system asking the user to enter the serial number and or a codeword to enable the software The codeword may be a word appearing at prompt desig nated locations in a user manual This security scheme operates on the premise that a pirate will not ordinarily have a copy of the user manual After the software is up and running it may periodically prompt the user to re enable the software by entering a different codeword appearing at varying locations in the user manual This scheme is sub verted by copying the manual and registration number 0008 An on screen registration enablement process may involve writing the registration number to disk This is only possible with floppy disks as CD ROMS are at present a largely read only medium If the disk is used again to load the software application the software may prompt the user with a warning that the software has already been loaded e g
37. inserting the digital asset identifier in the digital asset and communicating the digital asset and the digital asset identifier to a user across the public computer network WEB SERVER Patent Application Publication Nov 23 2006 Sheet 1 of 9 US 2006 0265336 1 100 104 103 118 FIGURE 1 SN n uw f T ER gt leni bel gt INTERNET gt Patent Application Publication 23 2006 Sheet 2 9 200 BRING UP CLIENT A APPLICATION 227 PROMPT USER 202 INIT 1 VALIDITY CHECK APPROPRIATE ACTION 04 CONNECTION TO LICENSE SERVER OVER INTERNET 2 DO NOT ENABLE OR DISABLE SOFTWARE APPLICATION INQUIRY REQUEST MESSAGE 240 SEND REQUEST MESSAGE RECEIVE REQUEST MESSAGE FORM LICENSE ID FIELD 212 224 QUERY LICENSE ID IN 213 RECORD AUDIT RESPONSE INFORMATION MESSAGE PERFORM 214 QUERY OF 222 CLOSE INTERNET DATABASE CONNECTION INSERT NULL INTO LICENSE ID FIELD OF RESPONSE MESSAGE INSERT LICENSE RECORD RETURN LOCATION POINTER INTO RESPONSE LICENSE ID FIELD OF MESSAGE TO RESPONSE MESSAGE CLIENT MODULE CONTAIN LICENSE ID US 2006 0265336 A1 228 RECORD LICENSE ID IN CLIENT MODULE 230 ENABLE SOFTWOARE APPLICATON TIMER EXPIRED FIGURE 2 Patent Application Publication 23 2006 Sheet 3 of 9 FIGURE 3 0
38. ion that the user does not have the technical resources necessary to play the requested digital asset wo
39. ivet Key public privet key encryption Replace Frame pr pina edge or edge s Video out DAl Encryption Digital Asset ID xxx tag Frame edge tag FIG 9A DAI PNsequence Digital Asset ID Random Seed length 2p 1 File Segmentation Replace LSB Digital Asset ID xxx Digital Asset ID File With Frame size 2p 1 FIG 9B 0 2006 0265336 1 AUTOMATED SYSTEM FOR MANAGEMENT LICENSED DIGITAL ASSETS CROSS REFERENCE TO RELATED APPLICATIONS 0001 This application is a Divisional of co pending U S patent application Ser No 10 371 759 filed Feb 20 2003 which is a continuation in part of U S patent application Ser No 10 079 221 filed Feb 19 2002 incorporated herein by reference in its entirety which is a continuation of U S patent application Ser No 09 128 652 filed Aug 4 1998 which is a continuation of U S patent application Ser No 08 607 081 filed Feb 26 1996 now issued as U S Pat No 5 790 664 U S patent application Ser No 10 371 759 is also a continuation in part of U S patent application Ser No 09 189 697 filed Nov 10 1998 incorporated herein by reference in its entirety which is a Divisional of U S patent application Ser No 08 607 068 filed Feb 26 1996 now U S Pat No 5 870 550 BACKGROUND 0002 The present invention relates to software licensing and in particular to a system for automated monitoring and management
40. lated into billing statements Consequently a commer cial client can optionally be billed only for what they have used rather than a set up front annual or monthly amount 0103 Most computers sold today have pre installed modems Individual desktop machines operating in a DOS Windows OS 2 or like environment can utilize their pre installed or aftermarket modems to initiate communications with an upstream agent or license server Most commercial computers are designed for incorporation into network set tings Commercial computing systems such as worksta tions may operate in a UNIX environment The UNIX environment is well suited to operation in accordance with the invention Most UNIX workstations are furnished with network cards permitting them to be network connected Such networked computers thus have ready direct access to Internet or gateway nodes through which a license server or licensing module can be accessed 0104 The particular connectivity associated with a sys tem incorporating the invention is not critical For example a desktop machine can contain an Ethernet network card ISDN connection card Internet card conventional modem terminal adapter or like device with which to gain access to and communicate with a license server or licensing module Any accepted form of connection between two more com puters can be used A communications protocol in an Inter net environment is based on a TCP IP protocol or a de
41. lient data structure is preferably the IP address of a computer However any other suitable hardware identifier can be used to identify the computer on which a client application or licensing module is loaded For example Intels Pentium processor contains an internal serial number that can be used as a hardware identifier Alternatively a hard ware module can be provided that is designed specifically for a licensing system in accordance with the present inven tion Such a hardware module can be attached to a parallel port on a computer can be used as a tag to identify the computer The client module in the computer scans the parallel port to acquire the computer s hardware ID for insertion into a client data structure 0090 The license ID maintained in the client data struc ture is used as a pointer to a location in the cache or database of a corresponding upstream licensing agent or server The pointer designates the location of the licensing record A license record at any given level can represent a relationship between the agent and an underlying client That relation ship as designated by the license ID can be used as a universal designator to replace designating a particular cli ent agent pair by application name feature name IP address agent name etc Use of a license ID provides a more efficient means with which to track and communicate information regarding a particular license 0091 The authorization ID is used as a
42. lishes contact with the server or the date and time a client requests delivery of a digital asset may also Nov 23 2006 be stored as a value that is inserted into the DAI or combined with other values and inserted into the DAI Date and time information can be expressed in various ways such as by using seconds and tenths of seconds or other indicia of date and or time 0120 In embodiments of the present invention com puter collected information such as DNS information reverse DNS information router information time delay phone directory lookup internal information verification etc can also be included in the DAI In embodiments of the present invention agent collected hardware information such as NIC id MAC address dynamic info etc can also be included in the DAI In embodiments of the present inven tion agent collected software information such as cache key cache ID software version cookie information referral information etc can also be included in the DAI In embodiments of the present invention user supplied com puter verified information such as user name address phone number name zip code email address email name address network name machine name firewall name gate way name address information about a user s previous visit to a site etc can also be included in the DAI 0121 In other embodiments of the present invention an interactive exchange between client and server can provide infor
43. mation to be used in the DAI Such interactive exchange can generate items such as keys PINs and might include public as well as privet key information A random izing algorithm may also be utilized in the interactive exchange to assist the user in the selection of a key For example the server can provide a path to establish a key through an interactive exchange with the client where the user provides a color and the server then provides a list of something that might correspond to the color such as a list of choices 0122 At reference numeral 810 the DAI is inserted into the digital asset or attached to the digital asset depending on the type of digital asset This process is explained in detail below 0123 In embodiments of the present invention a channel processing file extension detection process checks the digital asset to determine what type of file extension it has and then passes the digital asset to the appropriate digital asset handler The digital asset handler then verifies that the digital asset can be processed The digital asset handler then tests the digital asset handler for DAI insertion Depending on the type of digital asset the digital asset handler then passes the digital asset to the appropriate insertion handler The inser tion handler process then inserts the DAI into the digital asset or attaches the DAI to the digital asset depending on the type of digital asset 0124 In embodiments of the present in
44. may then prompt the user with any variety of messages step 227 For example the user may be prompted to assess whether a demonstration period of operation would be acceptable If so this information can be recorded in the client module 108 and be passed upstream in the context of a next validity inquiry request message The server 110 will record this information in the database 112 Alternatively the user can be prompted to contact a sales representative or automated operator to purchase a license or directed to a Web home page where a license for the software application can be purchased In the event of a license purchase the database 112 can be automatically updated to record the license Thereafter a validity check will find a license record and allow the client application 103 to be enabled 0053 If the license ID field contains a license ID this information is recorded by the client module 103 for future use step 228 The client module 108 then enables the 0 2006 0265336 1 software application 102 step 230 client module may at this point start a timer step 232 for periodic checking of license validity Such a validity check is automatically initiated when the timer expires step 234 The client module also can be configured to initiate a validity check whenever an interrupt is present indicating a certain activity step 236 such as printing or saving 0054 Periodic checks performed at timer expiratio
45. means to indicate the status of a license in response to an enablement or validation inquiry The authorization ID also can be used as an acknowledgement to a Check In License procedure that permits a client application to delete a client data structure Furthermore the authorization ID also can be used to return a status message containing an error code an indication that the server or agent is presently too busy to handle a query an indication of a connection or communication failure or any other like message Another important task facilitated by the authorization ID is its use in supporting encrypted communication between a client and an agent 0092 Communication between clients and agents in accordance with preferred embodiments of the invention is encrypted In an encryption scheme according to an exem plary embodiment the authorization ID is used to pass back a key for use in encryption processing The encryption scheme involves maintaining identical encryption engines in corresponding clients and agents The key passed by the authorization ID is used as a common seed or initialization vector for initializing the respective encryption engines for encryption and decryption of messages A new key is generated and passed back each time an agent responds to a client inquiry which key is used in a next round of com munications The key is stored in the client module in the context of storing the client data structure containing the
46. mechanism may start a timer when the application is brought up The date time stamp is compared with the system date time information maintained by the computer to deter mine if the software application is to be disabled To subvert such a system users have been known to reset the system date and system time to prevent expiration In response some software providers have resorted to writing complex code schemes to disable the software in the event that the system date is tampered with Such a security mechanism is often used to control licensed software used in a commercial setting 0011 Software sold for use in a commercial or institu tional setting is frequently licensed for a predefined period of time When such software is used on desktop computers such computers are typically networked The networked computers are usually connected to a file server which file server may itself be tended by a computer management system that monitors and controls various file server groups The file server computers act as a central location at which the desktop computers in the file server group can access files and applications The file server also may facilitate the control of licensed software on the desktop computers This occurs in the situation where the commercial software license is a so called floating license 0012 Commercial software licenses for operating a plu rality of desktop computers normally are of two varieties fixed
47. ment of floating licenses on networked computers involves two control software components an application portion and an authenticator portion The appli cation portion is nested within an application running on a desktop computer The authentication portion is a code module contained in the file server that monitors and autho rizes applications running on the desktop computers When a user attempts to open the application software the appli cation portion code communicates with the authenticator Nov 23 2006 code module to check to see if a floating license is available If the maximum number of floating licenses are already being used the software application is not allowed to open Licensing control software also may be used to monitor defined term licenses to disable software in networked machines after license expiration 0015 Ifa commercial license expires the software may be disabled midstream preventing users from completing projects Re enablement requires contacting the software provider to purchase an additional license or extension This may require re execution of enablement procedures with new instructions or codes Hence it may take some time before the software application is up and running again which situation can seriously inconvenience users 0016 common shortcoming shared by all licensed software is that it requires some form of manual interven tion for registration enablement and or re enableme
48. meters maintained by and passed between various license system elements define the licensing system struc ture 0068 accordance with a preferred embodiment of the invention the license system operates by distributing licens ing information to the cache components 520 in the licens ing modules in response to inquiry requests The information contained in a particular cache component 520 is specific to subordinate software applications 514 or licensing modules In accordance with a preferred embodiment license infor mation is organized by class designations Individual licenses for client applications on desktop machines 500 can be covered by sub class licenses maintained in the cache components 520 in the file server computers 502 The sub class licenses on the file server machines 502 can in turn fall under a class license maintained in the cache component 520 of the minicomputer 506 The class license maintained on the minicomputer s licensing module can be designated under a block license maintained in a cache component 520 of the main computer 512 The client component 522 of the main computer s licensing module communicates with the license server 526 to verify block licenses 0069 Validity inquiry traffic is managed in the exemplary system of FIG 5 through the use of the aforementioned license class designation structure and through periodic updating of caches in licensing modules By maintaining license information in a
49. n or upon appropriate interrupt use the license ID which is a pointer to directly access the database record corresponding to the license If the license record is found a response message indicates so the software remains enabled and the timer is reset If the record is found empty it may indicate that the license has expired The response message will indicate this and the software can be disabled Alternatively the user may be requested to renew the license within a certain period of time before the software application 102 is disabled 0055 The date time stamp information passed upstream in the license validity inquiry request message can be used to detect whether the system date time information on the computer 100 has been tampered with This is done by comparing the date time information passed in the request message with the date time information maintained on the licensing server 110 Furthermore in preferred embodi ments of the invention license ID information is commu nicated between the client module 108 and the agent module 114 in an encrypted form as explained in greater detail below 0056 In the event that no license is found several response options are available which vary according to the requirements of and discretion of a designer of the software application 102 As previously mentioned a response can be to provide the user with a phone number through which a software license can be purchased or to dire
50. n also encrypt the digital asset In embodiments the wrapped and or encrypted digital asset can also be stored at reference numeral 802 0112 At reference numeral 804 the server obtains infor mation from the client or other device requesting delivery of Nov 23 2006 a digital asset In some embodiments the information obtained is used to form a DAI to accompany a digital asset that may be sent to the client over Internet 118 or other computer network The DAI identifies not only the digital asset itself but also the source of the digital asset 0113 Information collected at reference numeral 804 may include items such as a hardware identifier or other indicia related to the client date and time data computer collected information such as DNS router identification or details time delay phone directory lookup internal infor mation verification etc Information collected at reference numeral 804 may also include agent collected information hardware such as a network interface card NIC identifier Media Access Control MAC address dynamic informa tion international mobile equipment identifier identity of a Bluetooth compatible device a user s personal identifica tion number PIN or other client specific identifier Infor mation collected at reference numeral 804 may also include agent collected information software such as a cache key cache id software version cookie information referral information etc Info
51. nablement information the client application is not enabled or is disabled Hence any software application that contains a client module accordance with the invention can be auto matically enabled or disabled Furthermore use of client module equipped applications can be tracked Such a system allows software to be freely distributed while ensuring that a license is taken for its use or at the very least ensuring that the use of the software can be tracked BRIEF DESCRIPTION OF THE DRAWINGS 0035 foregoing and other objects features and advantages of the present invention will be more readily understood upon reading the following detailed description in conjunction with the drawings in which 0036 FIG 1 depicts a desktop computer in accordance with an exemplary embodiment of the invention 0037 FIG 2 depicts a flow diagram for operating the arrangement of FIG 1 in accordance with an exemplary process incorporating the present invention 0038 3 depicts a regional server scenario in accor dance with an exemplary embodiment of the invention 0039 4 depicts a computer network arrangement in accordance with an exemplary embodiment of the invention 0040 5 depicts a symbolic representation of the computer network of FIG 4 0041 6 depicts an additional exemplary embodi ment of the invention wherein multiple software application licenses are managed 0042 FIG 7 depict
52. nerate billing invoices 0066 additional aspect of the aforementioned audit system permits an MIS manager at a corporation or institu tion to monitor the use of client applications for internal audit purposes Such a system operates by monitoring license inquiry traffic passing through a network to and from a license server In an exemplary embodiment such a system involves maintaining internal auditing software e g a tool or utility program in an upper most level licensing module in an internal network A report can be generated by the internal auditing software tool Data in the report can be derived from information collected at the upper most licens ing module The MIS manager can use the internal audit reports to manage the licensing arrangements of the client applications on the network For example if a network of twenty desktop computers is frequently using a maximum number of floating licenses for a particular client applica tion the MIS manager can ascertain this by reviewing internal audit records and take appropriate action 0067 In accordance with preferred embodiments of the invention in a network setting each of the agent type components and each of the client type components are generic That is any given agent component 518 and the agent module 524 in the license server 526 is substantially similar The same is true of the client components 522 and the client modules in the desktop computers 500 The para
53. nformation in a database 10 The method of claim 9 further comprising the act of verifying the user s identity by obtaining the user s reverse DNS 11 The method of claim 9 further comprising the act of verifying the user s identity by using the user s email address 12 The method of claim 1 further comprising the act of determining whether the user has the technical resources necessary to play the requested digital asset 13 The method of claim 12 further comprising the act of providing to the user technical resources necessary to play the requested digital asset responsive to a determination that the user does not have the technical resources necessary to play the requested digital asset 14 An apparatus for forming a digital asset identifier for a digital asset comprising means for receiving a request from a user to download a digital asset from a server over an IP compliant net work means for collecting information through a user interface regarding the user and the digital asset desired to be downloaded means for automatically collecting information regarding the user s machine means for forming a digital asset identifier including the collected user and machine information means for associating the digital asset identifier with the digital asset and Nov 23 2006 means for storing said digital asset identifier in a database associated with the server 15 The apparatus of claim 14 further c
54. nt Manual intervention is cumbersome and can render software useless until it is enabled or re enabled The paramount issue is however that software providers have no mechanism for monitoring and controlling the actual use whether legiti mate or illicit of their product Proprietary software is misappropriated on a global scale causing massive losses to software providers which losses are inevitably passed on to legitimate licensees 0017 What is needed is a licensing system that allows software use to be monitored in an automated fashion without user input Moreover a software licensing system is needed that permits a software provider to transparently control the use of licensed software SUMMARY 0018 present invention addresses the foregoing problems by providing a system for automatically determin ing whether a software application is licensed In accordance with the invention a generic licensing module or client module is provided that a software provider can attach to a software application A software application having a client module attached thereto is hereinafter referred to as a client application In accordance with preferred embodi ments of the invention a client application loaded on a computer having access to a public network such as the Internet automatically reports to a computer maintained by a software provider The client module is a program appli cation or like composition of code t
55. nt or other collection of binary values that can be communicated across a computer network or other commu nication network The methods illustrated in FIGS 8A 8D can be utilized in a client server environment wherein users upload and download digital assets across Internet 118 or incorporated as local modules on a single machine or group of machines for use with locally stored digital assets As referred to herein server refers to a device that controllably communicates a digital asset to one or more other devices referred to herein as clients that enable users to see hear or otherwise use the digital asset In the embodiments dis cussed below a channel processing module can be located on either the server the client or other intermediary device to perform processing and handling functions on the digital asset the digital asset identifier DAI and various elements of the server and or client devices 0111 Directing attention to FIGS 8A 8D at reference numeral 802 a channel processing module can process a digital asset in various ways according to specific embodi ments The channel processing module can be implemented on either the client side or the server side depending on processing requirements of devices in different embodi ments Processing may be performed for example by wrapping the digital asset such as in an INET wrapper described above each time the asset is requested by a user The channel processing module ca
56. ocate a license record the license ID field and authorization ID field are left blank i e nulled Following the query a license validity inquiry response message is formed by the agent and returned to the client The response message contains the license and autho rization IDs if any that are to be stored in the client data structure 0077 The client module investigates the client data struc ture content returned by the agent component module to analyze the license and authorization ID information con tained therein if any If these fields indicate the presence of a valid license the client module enables the software application The license and authorization IDs are stored in the client data structure in the client module for future license validation checks If the data structure fields for the license and authorization IDs are null the client application is not enabled and the client data structure is deleted from the client module 0078 The database or cache query also may involve a comparison of the date time stamp contained in the client data structure with date time information maintained by the license server or license module system This added security measure can detect a user s tampering with system time and date information on their computer Ifthe particular software application is operating in a demonstration mode for a predefined period of time the date time stamp passed in the client data structure can be used
57. oded infor mation and revert back to a most recent encryption key If there is still lack of synchronization a request is passed that the client return to the initial message state thereby allowing both the client and agent encryption engines to reset 0095 The frequency of validation checks is application dependent A software designer can select when and how often validation checks are to occur if at all The licensing system can be configured in accordance with the needs of a particular application The software license can be validated or enabled each time the application is brought up on a computer or each time a particular feature is used e g printing The software license also can be validated in response to the expiration of timer 1 periodic valida tion Ifthe response to the validation check is returns a null license ID the client application 1 disabled To prevent a user from tampering with a client application or a licensing module associated therewith in an effort to disable valida tion checking any number of watchdog timers can be nested in the client application The nested watchdog timer can be used to periodically self check the client application to determine whether it has been validated within the watchdog period If so the watchdog timer 1 reset If not a validation check can be initiated or the client application can be disabled 0096 Establishing a database license record in the licens ing
58. odule 108 can record the license record location for future reference If a license record is not located in the database 112 an appropriate response message is generated and returned The presence of a record permits the client module 108 to enable or to allow continued operation of i e re enable the software application 102 0048 Ifthe query of the database 112 returns an indica tion that a license does not exist the client module 108 can pursue any one of many courses of action The first possible course of action is to not enable the software application 102 or to it if it is presently operating The client module 108 also may supply an appropriate message to the user indicating that a license does not exist for the client appli cation Alternatively the client module 108 can supply a message instructing the user as to where and how a license can be purchased This may involve directing the user to telephone the software provider s sales department or the message can direct the user to an appropriate Web site homepage on a Web server 118 where the software can be purchased 0049 If a license is purchased via a homepage on the Web server 118 the Web server 118 can automatically update the database 112 with the information supplied by the user or the computer 100 e g IP address supplied in the context of a Web session thereby creating a valid license record subsequent client module license inquiry will allow the clien
59. omponent in that licensing module communicates upstream with an agent component in a next licensing module whose client component in turn communicates with a next upstream agent and so on This arrangement is continued upward to converge on a license server which contains an agent module However the license server is maintained by the software provider Consequently the uppermost licensing module in the institutional network communicates with the license server by initiating a con nection over a public network such as the Internet License enablement information is supplied to the upper most licens ing module by the license server which information is propagated back downstream via the licensing modules The cache components in the licensing modules can be used to store license records so that license inquiries can be addressed without having to forward the validation inquiry request messages to the license server 0027 In a preferred embodiment of the invention as applied in a network environment the client and agent elements are generic That is client modules in the desktop computers and client components in each of the network level computers are substantially similar Agent components in the licensing modules and the agent module in the license server also are substantially similar The cache components of the licensing modules are used to store information that defines the structure of license records Any client can communic
60. omprising means for inserting said digital asset identifier into the digital asset 16 The apparatus of claim 14 further comprising means for attaching said digital asset identifier to the digital asset 17 The apparatus of claim 15 further comprising means for segmenting a digital video asset into frames and replac ing the edge tag of each video frame with an edge tag including said digital asset identifier 18 The apparatus of claim 14 further comprising further comprising means for presenting the user a new user tem plate for allowing a user to select a desired digital asset 19 The apparatus of claim 18 further comprising further comprising means for executing a script to guide the user through the license process and checkout process responsive to the selection of a digital asset by the user 20 The apparatus of claim 19 further comprising further comprising means for processing payment for the digital asset 21 The apparatus of claim 20 further comprising further comprising means for including financial information col lected during the payment process in said digital asset identifier 22 The apparatus of claim 14 further comprising the act of determining whether the user has the technical resources necessary to play the requested digital asset 23 The apparatus of claim 22 further comprising the act of providing to the user technical resources necessary to play the requested digital asset responsive to a determinat
61. on can be utilized is in an audit system incorporating the invention A client application can generate and send a UDP message when it is initially brought up or whenever a computer upon which the client application is loaded is attached to a public network 0107 Ina non connected or portable computer such as a laptop an exemplary licensing system in accordance with the invention can involve running an internal licensing module or an agent component thereof on the laptop computer itself An exemplary embodiment of such an arrangement is depicted in FIG 7 The agent component 706 of the licensing module 702 acts on behalf of a license server 712 during the periods that the portable computer 700 is out of communication with the license server 712 The agent component 706 can receive and respond to license validity inquiries generated by a client module 704 on software application 705 that is loaded on the portable 700 while the portable 700 is in transit Audits of client appli cation use can be stored in the cache 708 of the licensing module 702 When the portable 700 is re connected to a network access point such as an Internet 716 gateway the client component 710 of the licensing module 702 can establish communication with the agent module 714 in the license server 712 to refresh the information in its cache component 708 and or supply any audit data upstream Ifthe user has not connected the laptop to a network access point for a prol
62. on is feature enablement The systems described above can be used to enable and disable particular features in a client application Such a situation may occur wherein a software application has several levels of oper ating capability For instance a user can selectively enhance operating capability by selecting features defined in a soft ware feature application menu In response an associated client module can invoke the Check Out License procedure wherein the desired feature name is passed upstream The license of course does not exist yet but the system can be configured to direct the user to or provide the user with a feature enablement menu that requests that the user enter credit card information as described above Alternatively the system can be organized to automatically initiate a process that creates a license when new software is brought up This can involve a mechanism that forms a Web server connection and supplies an authorization message that cre ates a database license entry For a commercial client a software provider can monitor the activation and use of client application features and bill the client accordingly 0098 As previously discussed systems in accordance with the present invention can be used to audit the use and proliferation of software Attachment of a licensing module to a software application causes that software application to report back to a licensing server at some point If the client module or
63. onged period of time the user can be prompted accordingly This can be done pursuant to the expiration of a timer 0108 Systems not having network or Internet access can still be enabled in an automated albeit semi manual fashion The licensing module in a software package to run on a non networked machine can contain a tag indicating this fact The user may be prompted to call a number and receive recorded information for enabling the software This information of course requires initial manual entry to enable the software and periodic manual entry to validate the software The validation check can be performed by prompting a user to call a number to automatically receive further enablement instructions Such instructions are only provided if the license remains valid Optionally instruc tions can be automatically be returned by fax in response to a validation request phone call 0109 licensing module can be operated as a proxy agent on a firewall separating a protected computer from a 0 2006 0265336 1 public network to which the computer is attached Such firewall proxy agent can operate in accordance with the system disclosed above The foregoing application describes a system for preventing unauthorized access to network elements protected by a firewall The firewall operates by maintaining a plurality of proxy agents that are assigned to verify and connect any incoming access requests A proxy agent is usually assi
64. pond to various interrupts or procedure calls within the software application e g printing saving n opening routine in the software application can be selected for insertion of an initial license validation or enablement check 0128 Because the present invention involves the opera tion of computing systems an exemplary embodiment of the invention can take the form of a medium for controlling such computing systems Hence the invention can be embodied in the form of an article of manufacture as a machine readable medium such as floppy disk computer tape hard drive disk CD ROM RAM or any other suitable memory medium The invention can also be embodied in a form that can be accessed and retrieved over a public network such as the Internet and downloaded onto a machine readable memory medium Embodied as such the memory medium contains computer readable program code which causes one or more computing systems upon which the licensing system is running to function or carry out processes in accordance with the present invention 0129 invention has been described with respect to several exemplary embodiments However one skilled in the art will readily appreciate and recognize that the licens Nov 23 2006 ing system or method of operation in accordance with the invention can be applied in any computing system using licensed software which systems are preferably attachable to a public network such as the Internet
65. riva tive thereof However use of other communication protocols such as IPX SPX NOVEL or like protocols also are suitable for facilitation of communication in the present invention 0105 When using the Internet as the medium through which to check license validity preferred embodiments of systems according to the invention operate using a TCP Transfer Control Protocol mechanism rather than a UDP Universal Datagram Protocol mechanism In a TCP com munication a connection is first formed before any infor Nov 23 2006 mation is transferred That is an interactive two way session is established In a UDP communication a message is sent without forming a connection The message is routed in accordance with its destination address information The message s receipt is not guaranteed More importantly response time to a messages sent by UDP is unknown More specifically if heavy network traffic is present a UDP based message may be delayed Consequently there can be an unacceptable delay in enabling a client application Using a TCP messaging format guarantees a response even if that response indicates that a connection cannot be made A decision can be made whether to re attempt communication immediately or at a later time connection also is more secure because data is not being cast into the network without guarantee of receipt as is the case with UDP communications 0106 scenario where UDP communicati
66. rmation collected at reference numeral 804 may also be supplied by a user such as computer verified information address phone number name zip code email address network name user name machine name firewall name gateway name name address etc Information collected at reference numeral 804 may also be computer supplied user verified information such as infor mation indicating whether the user has visited the site previously user address and phone number user name zip code email name address network name user name machine name firewall name gateway name name ad dress etc Information collected at reference numeral 804 may also include an interactively generated exchange between the user and the site Also between the client device and the server information can be generated such as keys personal identification numbers etc Such generated infor mation may include public as well as private key informa tion Also an interactive exchange can utilize a randomizing algorithm to assist the user in the selection of a key In an interactive exchange the server can provide a path to establish a key For example this can be achieved through the inclusion of an interactive exchange where the user provides a color and the machine then provides a list of something that might correspond to the color such as a list of choices 0114 There are many different ways to obtain informa tion to form a DAI depending on the structure of t
67. rsion number of the licensing system Other fields are created in the client data structure that are filled in by the upstream licensing module or license server 0075 Prior to concurrently or following the formation of the client data structure the client module forms a connection with the upstream agent component designated in the client data structure Once the connection is com pleted the Check Out License procedure sends a license validity inquiry request message to the upstream agent which request message contains the contents of the client data structure Alternatively the entire data structure can be sent The information from the client data structure is used by the upstream agent to form a query with which to determine the existence if any of a license record for the client application In the case where the upstream agent is the agent module in the license server the query is per formed on the server database In the case where the upstream agent is an agent component in a licensing module e g in a file server the query is performed on the licensing module s cache component 0076 Ifthe query finds a license record in the database or cache the location of that record in the form of a pointer is generated for storage in a license ID field in the client data structure The licensing module also generates an authori zation ID for storage in a field of the same name in the client data structure If the query does not l
68. rvers 302 in accordance with information supplied when the license is procured Alternatively the regional license servers 302 can systematically request license record information with which to update their database components 308 0062 A variation on the regional license servers 302 can be used in a licensing management system incorporating the invention for application in a commercial setting That is wherein computers are networked in a hierarchical arrange ment within a company or institution 0063 FIG 4 depicts a commercial network system in accordance with an exemplary embodiment of the invention 0 2006 0265336 1 Desktop machines 400 are organized in file server groups The file server groups are administered by file server com puters 402 through networks 404 The file server groups can for example serve various design teams in a research and development facility of a corporation The file servers 402 in the R amp D facility are in turn tended by a minicomputer 406 The minicomputer 406 and minicomputers 408 and 410 at other facilities e g manufacturing and sales are networked under a main computer 412 located e g at the headquarters of the corporation In accordance with an embodiment of the invention each desktop computer 400 contains a client module for monitoring one or more client applications The client modules in the desktop computers 400 communicate upstream with licensing modules contained respective
69. s an additional exemplary embodi ment of the invention in a portable computer 0043 FIGS 8A 8D depict in flowchart form methods for utilizing embodiments of the present invention and 0044 FIGS 9A and 9B depict in flow chart form meth ods of inserting a digital asset identifier into a digital asset DETAILED DESCRIPTION 0045 1 depicts a personal computer system in accordance with an exemplary embodiment of the invention system includes a personal computer 100 that has a client application 103 residing on a hard drive 104 The client application 103 is comprised of a software application 102 and a client module 108 The computer 100 includes a modem 106 The client module 108 operates to enable or disable the software application 102 pursuant to a response from a license server 110 in the context of license validity inquiries The license server 110 contains a database 112 having license records recorded thereon and an agent mod ule 114 that communicates with the client module 108 The licensing server 110 is typically maintained by the software provider who developed the software application 102 Alter natively the license server 110 can be maintained by a contracted service provider In a preferred embodiment the client module 108 and the agent module 114 communicate 0 2006 0265336 1 over the Internet 116 However the client and agent communicate over any public network As used herein the term
70. sed by the client module to select an appropriate autodial telephone number whereby a nearest software pro vider license server can be accessed 0060 Regional license servers can receive license infor mation propagated from a central licensing server Client modules can contact their regional license server to assess whether license records exist for their corresponding client applications Because use of the Internet is contemplated as a means for communicating licensing inquiry and response messages the regional license server designated for a par ticular client module can be assigned in accordance with efficient network and or geographic considerations This can facilitate provision of a swift response to license validity inquiry request messages 0061 An arrangement of regional licensing servers in accordance with an exemplary embodiment of the invention is depicted in FIG 3 Regional licensing servers 302 are comprised of an agent component 306 a database compo nent 308 and a client component 310 A client module in a desktop machine 300 communicates with an agent compo nent 306 in an assigned regional license server 302 over a public access network such as the Internet 316 The client component 310 in the regional license servers 302 commu nicates with an agent module 314 in a central license server 304 License information can be systematically directed from the central license server 316 to appropriate regional license se
71. sent back to the client module 0021 If it is determined that the client application is not licensed i e the database does not contain a corresponding license record the response sent by the licensing server does not allow the client application to be enabled If the client application is licensed i e the database contains a record of a license the response can allow the client application to be enabled or re enabled In sum the client application must be enabled for it to properly operate Communication between the computer and the licensing server is generally transparent to a user That is the client module automatically forms a connection with the license server sends a message and receives a response all without user input or notification 0022 Alternatively an exemplary embodiment of the invention can be used to monitor use of client applications Operation of an exemplary system incorporating the inven tion for monitoring client application use involves using the client module in the client application to generate messages that are sent to the licensing server Such messages can be sent over any public network to which a user computer upon which the client application is loaded is connected For example a message can be sent to the license server in the context of an Internet communication session The license server tracks or audits the use of client applications by recording pertinent information contained in a
72. st message step 208 The request message may contain information such as the application name the application version number a date time stamp the name of a license server 110 if several license servers are maintained by the software provider and a hardware identifier such as the IP address of the computer 100 After formation the request message is sent to the license server 110 step 210 over a public network The agent module 114 in the license server 110 forms a query step 212 to determine whether a corresponding license record is stored in the database 112 step 214 The agent module 114 also can record audit information from the request message step 213 If the query locates a record of a license for the request a response message is returned having a license ID field comprising a pointer to the location of the license record in the database 112 step 218 If the query does not locate a record of a license for the request a response message is returned having a null indication in the license ID field step 216 response message is returned to the client module 108 step 220 after which the Internet connection is closed step 222 0052 client module 108 investigates the response message to determine whether the license ID field contains a license ID step 224 If the license ID field is null the client module 108 fails to enable the software application or disables it step 226 The client module 108
73. t application 103 to be enabled If the license purchase transaction fails for any reason e g a credit card supplied is not approved the license record can be removed from the database 112 by the software provider This has the effect of disabling the client application in a next license validity inquiry The practical effect of such a system is to be able to provide software that is freely distributable Any user Nov 23 2006 in possession of the client application 103 will not be able to use it until a license is procured and a license record is established 0050 exemplary process of operating the arrange ment depicted in FIG 1 is shown in the flowchart of FIG 2 The frequency and timing for performing a license validation check can be selected according to the discretion of the software application designer In the exemplary pro cess depicted the client module performs an initial check each time the software application is brought up step 200 The license validity checking process is initiated step 202 by utilizing modem to form an Internet connection between the computer 100 and a licensing server step 204 This may be done by having the client module instruct the modem to dial a 1 800 number maintained by the software provider that accesses a local Internet gateway if used in the United States 0051 the connection is confirmed step 206 the client module 103 forms a license validity inquiry reque
74. ted with the requested digital asset control proceeds to reference numeral 808 where the channel processing module uses information collected at reference numeral 804 to form the DAI In embodiments of the present invention forming the DAI is performed by binding the MAC address obtained in reference numeral 805 with user information and optionally date and time information to form the DAI Insome embodiments of the present invention the DAI may have a predetermined length In other embodiments the DAI may have a variable length 0119 In embodiments of the present invention various information collected at reference numeral 804 can be combined to form the DAI For example user installed parameters collected user machine information collected user information can be combined in the DAI in various combinations User related information stored in the data base on license server 304 checksum or other value derived from the digital asset requested etc can also be combined with information collected at reference numeral 804 to form the DAI Additionally a random or pseudo random value can be generated and included in the DAI with other information For example in an embodiment of the present invention for any given user the unique DAI and a random seed can be combined in the Pnseries m which forms a polynomial series or sequence mask Date and time stamp information related to various actions such as the data and time a user estab
75. the client module sends license inquiry request messages back to the license server Alternatively the system can be used in an audit only mode whereby the client applications report relevant information back to the license server but do not require an enabling response message to continue operating the use of computers expands globally a licensing system in accordance with the present invention can assist in tracking client application use and proliferation 0032 Preferred embodiments of the present invention take advantage of the fact that an increasing number of computers and computer networks have direct access to the Internet Systems in accordance with the present invention can utilize the Internet as the medium over which license validity inquiry request inquiries and their corresponding responses are transmitted 0033 In another aspect of the present invention the present invention provides a method for distributing licensed assets to users across a public computer network The method comprises generating a digital asset identifier the digital asset identifier identifying a digital asset and a source for the digital asset inserting the digital asset identifier in the Nov 23 2006 digital asset and communicating the digital asset and the digital asset identifier to a user across the public computer network 0034 In accordance with exemplary embodiments of the invention ifa client application does not receive e
76. tomatically updated with a license record If a credit card turns out to be invalid Nov 23 2006 the license server database 112 can be updated accordingly by removing the license record and thereby disabling the software pursuant to a next inquiry 0058 The exemplary inventive system described above allows client applications i e software application having client modules to be freely distributed while reasonably ensuring that they are or will be licensed if used Any software application having a licensing system client mod ule attached will not operate unless and until the license system client module receives authority to enable the soft ware application Such a system allows global proliferation of the software even in the form of a copy However such widespread use of client applications may result in the license server 110 being inundated with validity request message traflic A dedicated license server can be set up to handle all of the license inquiry traffic for a particular software application Alternatively some form of traffic management can be invoked 0059 Traffic management can take many forms It can involve establishing regional license servers according to a geographic arrangement that permits efficient response to any licensing inquiry request messages A client application initialization process can be used wherein a user enters the location e g zip code city and country This information can be u
77. vention a DAI extension Specification Version is an attribute provided with the DAI This attribute specifies the minimum extension specification version that is required by the channel process ing module In these embodiments the channel processing module inserts the DAI into the digital asset and then compares the value of this attribute with the check sum attributed to this digital asset both the DAI and a pre wrapped file check sum are stored in the database on license server 304 and are associated with the user attributes of the digital asset Additional information such as download time and date can be stored as well 0 2006 0265336 1 0125 Directing attention to FIG 9A the channel pro cessing module segments the digital asset in the case a video file into frames at reference numeral 902 In embodi ments of the present invention for any given user the unique DAI and encryption are combined at reference numeral 904 to add an edge tag This replaces the edge of each frame at reference numeral 906 0126 As shown in FIG 9B the channel processing module at reference numeral 908 segments the digital asset in the case a wave file into frames represented with size 2p 1 In embodiments of the present invention for any given user the unique DAI and a random seed are combined at reference numeral 910 in the Pnseries m which forms Polynomial series or sequence mask The resulting DAI replaces the current sound feature in ea
78. vention license information is organized in class and sub class designations License information maintained on the license server covers blocks of underlying computers rather than the individual desktop computers themselves This provides for efficient communication of license infor mation between the license server licensing modules and desktop computers 0030 Whether used a personal or commercial com puting environment systems 15 incorporating the present invention allow client software to be enabled or re enabled at any time without significant delay Software applications operating in accordance with the present invention can be installed on any computer in the world having access to a public network such as the Internet If so desired a client application can be configured to not operate unless it receives acknowledgment of the presence of a valid license record As the use of computers expands globally a licensing system in accordance with the present invention can ensure that a client application operating on any computer in the world is properly licensed 0031 In addition a personal or network computing environment systems incorporating the present invention can be used to monitor client application use Such a system can operate by recording information from license validity inquiry requests messages that are received at the license server Client application use and corresponding details can be recorded when
Download Pdf Manuals
Related Search