SOFTWARE LICENSE ENFORCEMENT
First Claim
1. A computer-implemented license enforcement method comprising:
- intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module;
causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information;
when the cryptographic hash value matches one of the cryptographic hash values of approved code modules;
further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and
allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check; and
wherein the kernel mode driver is implemented in one or more processors and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more processors.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for performing software license enforcement are provided. According to one embodiment, file or operating system activity relating to a code module are intercepted by a kernel mode driver of a computer system. The kernel mode driver causes a cryptographic hash value of the code module to be authenticated with reference to a local whitelist containing cryptographic hash values of approved code modules known not to contain malicious code. The local whitelist also contains licensing control information. If the cryptographic hash value matches a cryptographic hash value of an approved code module, then (i) authority to execute the code module is further validated if the licensing control information so indicates by performing a license check regarding the code module; and (ii) the code module is allowed to be loaded and executed within the computer system if the authority is affirmed by the license check.
58 Citations
48 Claims
-
1. A computer-implemented license enforcement method comprising:
-
intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module; causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information; when the cryptographic hash value matches one of the cryptographic hash values of approved code modules; further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check; and wherein the kernel mode driver is implemented in one or more processors and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A code execution authorization system comprising:
a kernel mode driver of a computer system implemented in one or more computer processors of the computer system and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more computer processors, the kernel mode driver operable to perform a method of license enforcement comprising; intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module; causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information; and when the cryptographic hash value matches one of the cryptographic hash values of approved code modules; further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
33. A non-transitory program storage device readable by a computer system, tangibly embodying a program of instructions executable by one or more computer processors of the computer system to perform method steps for license enforcement comprising:
-
intercepting, by a kernel mode driver of the computer system, file system or operating system activity relating to a code module; causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information; when the cryptographic hash value matches one of the cryptographic hash values of approved code modules; further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
Specification