SOFTWARE LICENSE ENFORCEMENT

US 20110167259A1
Filed: 02/22/2011
Published: 07/07/2011
Est. Priority Date: 12/03/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented license enforcement method comprising:

intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module;

causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information;

when the cryptographic hash value matches one of the cryptographic hash values of approved code modules;

further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and

allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check; and

wherein the kernel mode driver is implemented in one or more processors and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more processors.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for performing software license enforcement are provided. According to one embodiment, file or operating system activity relating to a code module are intercepted by a kernel mode driver of a computer system. The kernel mode driver causes a cryptographic hash value of the code module to be authenticated with reference to a local whitelist containing cryptographic hash values of approved code modules known not to contain malicious code. The local whitelist also contains licensing control information. If the cryptographic hash value matches a cryptographic hash value of an approved code module, then (i) authority to execute the code module is further validated if the licensing control information so indicates by performing a license check regarding the code module; and (ii) the code module is allowed to be loaded and executed within the computer system if the authority is affirmed by the license check.

58 Citations

View as Search Results

48 Claims

1. A computer-implemented license enforcement method comprising:
- intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module;
  
  causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information;
  
  when the cryptographic hash value matches one of the cryptographic hash values of approved code modules;
  
  further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and
  
  allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check; and
  
  wherein the kernel mode driver is implemented in one or more processors and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more processors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein said performing a license check regarding the code module comprises determining the existence of a valid license for the code module.
  - 3. The method of claim 2, wherein the licensing control information indicates the code module is being monitored by a floating license server and wherein said determining the existence of a valid license for the code module comprises querying the floating license server.
  - 4. The method of claim 1, wherein the code module comprises an executable object.
  - 5. The method of claim 1, wherein the cryptographic hash value covers a code segment of the executable object but not a data segment of the executable object.
  - 6. The method of claim 1, wherein the cryptographic hash value covers both a code segment and a data segment of the executable object.
  - 7. The method of claim 1, wherein the cryptographic hash value is computed using Message Digest #5 (MD-5).
  - 8. The method of claim 1, wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA).
  - 9. The method of claim 8, wherein the cryptographic hash value is computed using SHA-1.
  - 10. The method of claim 8, wherein the cryptographic hash value is computed using SHA-256.
  - 11. The method of claim 1, further comprising calculating, by the kernel mode driver, the cryptographic hash value of the code module.
  - 12. The method of claim 1, wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system.
  - 13. The method of claim 1, wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system.
  - 14. The method of claim 1, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver monitoring operating system process creation or module load activity.
  - 15. The method of claim 1, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity.
  - 16. The method of claim 12, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises an operating system process creation activity monitor intercepting new process creation activity within the computer system by hooking to a Windows CreateSection API call and temporarily turning control over to the kernel mode driver.

17. A code execution authorization system comprising:
- a kernel mode driver of a computer system implemented in one or more computer processors of the computer system and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more computer processors, the kernel mode driver operable to perform a method of license enforcement comprising;
  
  intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module;
  
  causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information; and
  
  when the cryptographic hash value matches one of the cryptographic hash values of approved code modules;
  
  further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and
  
  allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The code execution authorization system of claim 17, wherein said performing a license check regarding the code module comprises determining the existence of a valid license for the code module.
  - 19. The code execution authorization system of claim 18, wherein the licensing control information indicates the code module is being monitored by a floating license server and wherein said determining the existence of a valid license for the code module comprises querying the floating license server.
  - 20. The code execution authorization system of claim 17, wherein the code module comprises an executable object.
  - 21. The code execution authorization system of claim 17, wherein the cryptographic hash value covers a code segment of the executable object but not a data segment of the executable object.
  - 22. The code execution authorization system of claim 17, wherein the cryptographic hash value covers both a code segment and a data segment of the executable object.
  - 23. The code execution authorization system of claim 17, wherein the cryptographic hash value is computed using Message Digest #5 (MD-5).
  - 24. The code execution authorization system of claim 17, wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA).
  - 25. The code execution authorization system of claim 24, wherein the cryptographic hash value is computed using SHA-1.
  - 26. The code execution authorization system of claim 24, wherein the cryptographic hash value is computed using SHA-256.
  - 27. The code execution authorization system of claim 17, further comprising calculating, by the kernel mode driver, the cryptographic hash value of the code module.
  - 28. The code execution authorization system of claim 17, wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system.
  - 29. The code execution authorization system of claim 17, wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system.
  - 30. The code execution authorization system of claim 17, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver monitoring operating system process creation or module load activity.
  - 31. The code execution authorization system of claim 17, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity.
  - 32. The code execution authorization system of claim 28, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises an operating system process creation activity monitor intercepting new process creation activity within the computer system by hooking to a Windows CreateSection API call and temporarily turning control over to the kernel mode driver.

33. A non-transitory program storage device readable by a computer system, tangibly embodying a program of instructions executable by one or more computer processors of the computer system to perform method steps for license enforcement comprising:
- intercepting, by a kernel mode driver of the computer system, file system or operating system activity relating to a code module;
  
  causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information;
  
  when the cryptographic hash value matches one of the cryptographic hash values of approved code modules;
  
  further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and
  
  allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 34. The non-transitory program storage device of claim 33, wherein said performing a license check regarding the code module comprises determining the existence of a valid license for the code module.
  - 35. The non-transitory program storage device of claim 34, wherein the licensing control information indicates the code module is being monitored by a floating license server and wherein said determining the existence of a valid license for the code module comprises querying the floating license server.
  - 36. The non-transitory program storage device of claim 33, wherein the code module comprises an executable object.
  - 37. The non-transitory program storage device of claim 33, wherein the cryptographic hash value covers a code segment of the executable object but not a data segment of the executable object.
  - 38. The non-transitory program storage device of claim 33, wherein the cryptographic hash value covers both a code segment and a data segment of the executable object.
  - 39. The non-transitory program storage device of claim 33, wherein the cryptographic hash value is computed using Message Digest #5 (MD-5).
  - 40. The non-transitory program storage device of claim 33, wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA).
  - 41. The non-transitory program storage device of claim 40, wherein the cryptographic hash value is computed using SHA-1.
  - 42. The non-transitory program storage device of claim 40, wherein the cryptographic hash value is computed using SHA-256.
  - 43. The non-transitory program storage device of claim 33, further comprising calculating, by the kernel mode driver, the cryptographic hash value of the code module.
  - 44. The non-transitory program storage device of claim 33, wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system.
  - 45. The non-transitory program storage device of claim 33, wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system.
  - 46. The non-transitory program storage device of claim 33, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver monitoring operating system process creation or module load activity.
  - 47. The non-transitory program storage device of claim 33, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity.
  - 48. The non-transitory program storage device of claim 44, wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises an operating system process creation activity monitor intercepting new process creation activity within the computer system by hooking to a Windows CreateSection API call and temporarily turning control over to the kernel mode driver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Harper, Edwin L., Godwin, Kurt E., Rozga, Anthony A., Fanton, Andrew F., Gandee, John J., Lutton, William H.

Application Number

US13/032,001
Publication Number

US 20110167259A1
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/44   Program or device authentic...

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/602   Providing cryptographic fac...

G06F 2221/033   Test or assess software

G06F 2221/2141   Access rights, e.g. capabil...

G06F 9/445   Program loading or initiati...

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/145   the attack involving the pr...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/32   including means for verifyi...

H04L 9/3239   involving non-keyed hash fu...

Y10S 707/99934   Query formulation, input pr...

Y10S 707/99943   Generating database or data...

Y10S 707/99944   Object-oriented database st...

SOFTWARE LICENSE ENFORCEMENT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

SOFTWARE LICENSE ENFORCEMENT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links