Apparatus and method for controlling access to software
First Claim
1. An apparatus for controlling the use of a software module executing on a computer system, said computer system comprising:
- means for granting entitlement for said computer system to execute said software module, said software module being a program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading;
a plurality of independent triggering means in said software module for triggering entitlement verification;
entitlement verification means, responsive to each of said plurality of independent triggering means, for verifying that said computer system has entitlement to execute said software module; and
means, responsive to said entitlement verification means, for aborting execution of said software module if said entitlement verification means determines that said computer system lacks entitlement to execute said software module.
0 Assignments
0 Petitions
Accused Products
Abstract
Software is distributed without entitlement to run, while a separately distributed encrypted entitlement key enables execution of the software. The key includes the serial number of the computer for which the software is licensed, together with a plurality of entitlement bits indicating which software modules are entitled to run on the machine. A secure decryption mechanism contained on the computer fetches its serial number and uses it as a key to decrypt the entitlement information, which is then stored in a product lock table in memory. The distributed software contains a plurality of entitlement verification triggers. Each trigger is a single machine instruction in the object code, identifying a product number of the software module. When a trigger is encountered during execution, the computer checks the product lock table entry corresponding to the product number of the software. If the product is entitled to run, execution continues normally; otherwise execution is aborted. Because this verification involves only a single machine instruction, it can be done with virtually no impact to overall system performance. As a result, it is possible to place a substantial number of such entitlement verification triggers in the object code, making it virtually impossible for someone to alter the code by "patching" the triggers. The triggering instruction may alternatively perform some useful work in parallel with entitlement verification.
-
Citations
26 Claims
-
1. An apparatus for controlling the use of a software module executing on a computer system, said computer system comprising:
-
means for granting entitlement for said computer system to execute said software module, said software module being a program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading; a plurality of independent triggering means in said software module for triggering entitlement verification; entitlement verification means, responsive to each of said plurality of independent triggering means, for verifying that said computer system has entitlement to execute said software module; and means, responsive to said entitlement verification means, for aborting execution of said software module if said entitlement verification means determines that said computer system lacks entitlement to execute said software module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for controlling the use of a software module executing on a computer system, said software module comprising a plurality of object code instructions, said method comprising the steps of:
-
granting entitlement for said computer system to execute said software module, said software module being a program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading; placing in said software module a plurality of independent triggering means for triggering entitlement verification; executing object code instructions contained in said software module; triggering an entitlement verification in said computer system to verify that said computer system has entitlement to execute said software module whenever one of said plurality of independent triggering means is encountered during execution of said object code instructions contained in said software module; aborting execution of said software module if said entitlement verification determines that said computer system lacks entitlement to execute said software module. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A program product apparatus for controlling entitlement, wherein said program product apparatus executes on a computer system having means for receiving entitlement to execute a software module, and having entitlement verification means responsive to triggering means in said software module for verifying that said computer system has entitlement to execute said software module, said program product apparatus comprising:
-
at least one software module recorded on recording media, said software module being a program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading; and a plurality of independent triggering means in said software module for triggering said entitlement verification means on said computer system. - View Dependent Claims (17, 18, 19)
-
-
20. A method for distributing a software module, wherein said software module is capable of executing on any one of a plurality of computer systems, each of said computer systems having means for receiving entitlement to execute said software module, and having entitlement verification means responsive to triggering means in said software module for verifying that said computer system has entitlement to execute said software module, said method comprising the steps of:
-
placing in said software module a plurality of independent triggering means for triggering said entitlement verification means, said software module being a program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading; distributing a copy of said software module to each of said computer systems; and granting entitlement for at least one of said computer systems to execute said software module. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
Specification