License management system using daemons and aliasing
First Claim
1. An article of manufacture comprising:
- a computer-readable medium having stored thereon a computer program for controlling one or more computers such that license restrictions on the number of copies of a licensed application program that can be simultaneously executing can be managed, said computer program comprising;
a first code segment for controlling one or more computers to carry out a license restriction management process of receiving messages regarding launch requests for licensed applications, determining if each launch request is authorized and sending back an authorization or denial message to a requesting process;
a second code segment for controlling one or more computers being controlled by a 32-bit operating system to carry out a 32-bit agent service by detecting at least some task launching activities on said computer including detection of launching of each 32-bit licensed application by whatever method of invocation is used to launch said licensed applications, said detection of launching of 32-bit licensed applications being performed by detection of loading of a predetermined Dynamic Linked Library, and, when said predetermined Dynamic Linked Library is loaded, sending a message to said license restriction management process informing it of the launching of at least each 32-bit licensed application, receiving an authorization or denial messages from said license restriction management process for each request to launch a 32-bit licensed application, and allowing continued execution of said 32-bit licensed application if said received message is an authorization and stopping execution of said 32-bit licensed application if said received message is a denial, said second code segment also for controlling said computer to alter each virtual 16-bit operating system emulation process which is launched to make one or more of said computers emulate a computer which is controlled by a 16-bit operating system, hereafter referred to as a virtual machine process such that said virtual machine process has a 16-bit agent application programmatic interface which can receive inquiries regarding the user name and path of each 16-bit licensed application being executed by said virtual machine process;
a third code segment for controlling one or more computers being controlled by a 32-bit operating system to carry out a 16-bit agent process which is initiated each time a virtual machine process is launched, said 16-bit agent process controlling said one or more computers to respond to function calls made through said 16-bit agent application programmatic interface to give the user name and path for each 16-bit licensed application executing under said virtual machine process by obtaining the user name and path of each 16-bit licensed application executing under said virtual machine process and sending a message including said user name and path to said 32-bit agent service executing on said one or more computers, and controlling said one or more computers to stop execution of a 16-bit licensed application if a message to that effect is received by said 16-bit agent process from said 32-bit agent service, said 32-bit agent service controlling said one or more computers to;
receive said message from said 16-bit agent process and use the information therein to send a message to said license restriction management process identifying all 16-bit licensed applications that have been launched on said one or more computers controlled by said 32-bit operating system;
receive authorization or denial messages from said license restriction management process;
if said message is an authorization, allowing said 16-bit licensed application to continue executing; and
if said message is a denial, controlling said computer to send a message to said 16-bit agent process instructing it to stop the execution of said 16-bit licensed application which was denied.
10 Assignments
0 Petitions
Accused Products
Abstract
A license restriction management system having wrapper programs and agents as appropriate to manage launches of application programs in distributed systems of computers having a multiplicity of different operating systems. The system includes passive monitoring where only data regarding launches is collected or active monitoring where the number of copies of licensed programs in execution at any particular time is actively controlled by the agents and wrappers in cooperation with a license restriction management process. Configuration of the agents to use TCP or UDP communication protocols and to do automatic denial of unauthorized applications based upon either locally kept or centrally kept lists of authorized applications.
297 Citations
24 Claims
-
1. An article of manufacture comprising:
a computer-readable medium having stored thereon a computer program for controlling one or more computers such that license restrictions on the number of copies of a licensed application program that can be simultaneously executing can be managed, said computer program comprising; a first code segment for controlling one or more computers to carry out a license restriction management process of receiving messages regarding launch requests for licensed applications, determining if each launch request is authorized and sending back an authorization or denial message to a requesting process; a second code segment for controlling one or more computers being controlled by a 32-bit operating system to carry out a 32-bit agent service by detecting at least some task launching activities on said computer including detection of launching of each 32-bit licensed application by whatever method of invocation is used to launch said licensed applications, said detection of launching of 32-bit licensed applications being performed by detection of loading of a predetermined Dynamic Linked Library, and, when said predetermined Dynamic Linked Library is loaded, sending a message to said license restriction management process informing it of the launching of at least each 32-bit licensed application, receiving an authorization or denial messages from said license restriction management process for each request to launch a 32-bit licensed application, and allowing continued execution of said 32-bit licensed application if said received message is an authorization and stopping execution of said 32-bit licensed application if said received message is a denial, said second code segment also for controlling said computer to alter each virtual 16-bit operating system emulation process which is launched to make one or more of said computers emulate a computer which is controlled by a 16-bit operating system, hereafter referred to as a virtual machine process such that said virtual machine process has a 16-bit agent application programmatic interface which can receive inquiries regarding the user name and path of each 16-bit licensed application being executed by said virtual machine process; a third code segment for controlling one or more computers being controlled by a 32-bit operating system to carry out a 16-bit agent process which is initiated each time a virtual machine process is launched, said 16-bit agent process controlling said one or more computers to respond to function calls made through said 16-bit agent application programmatic interface to give the user name and path for each 16-bit licensed application executing under said virtual machine process by obtaining the user name and path of each 16-bit licensed application executing under said virtual machine process and sending a message including said user name and path to said 32-bit agent service executing on said one or more computers, and controlling said one or more computers to stop execution of a 16-bit licensed application if a message to that effect is received by said 16-bit agent process from said 32-bit agent service, said 32-bit agent service controlling said one or more computers to; receive said message from said 16-bit agent process and use the information therein to send a message to said license restriction management process identifying all 16-bit licensed applications that have been launched on said one or more computers controlled by said 32-bit operating system; receive authorization or denial messages from said license restriction management process; if said message is an authorization, allowing said 16-bit licensed application to continue executing; and if said message is a denial, controlling said computer to send a message to said 16-bit agent process instructing it to stop the execution of said 16-bit licensed application which was denied.
-
2. A process carried out on one or more computers controlled by an operating system of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, comprising:
-
detecting when a particular event occurs which said operating system causes to occur whenever a native program is launched and determining the user name and path of the native application program which was launched; sending a message to a licensing restriction management process in execution on one or more computers informing said licensing restriction management process of the user name and path of the native application program which has been launched; receiving a message back from said licensing restriction management process which affirms or denies authorization for the launch of said native application program; if the message received from said licensing restriction management process affirms the launch of said native application program, allowing execution of said native application program to continue; and if the message received from said licensing restriction management process denies the launch of said native application program, causing said native application program to cease execution. - View Dependent Claims (3, 4)
-
-
5. An article of manufacture comprising:
one or more computer-readable medium having stored thereon one or more license policy enforcement computer programs for controlling one or more computers to implement a license policy enforcement process, said one or more computers being any of one or more different types or any of a plurality of computers of the same type but controlled by different operating systems, where a first type of computer is a computer controlled by an operating system designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, said license policy enforcement computer programs controlling said computers and said virtual computer processes such that license restrictions on the number of copies of a licensed application program that can be simultaneously executing on one or more of said computers can be managed to implement said license policy enforcement process, said one or more license policy enforcement computer programs comprising; a first code segment for controlling one or more computers to help carry out said license policy enforcement process by receiving messages regarding launches or launch requests for licensed application programs, determining if each launch request is authorized and sending back an authorization or denial message to a requesting process; a second code segment for controlling one or more computers to implement a wrapper protocol by intercepting a launch request attempting to invoke a licensed application program to execute on a computer, and in response to said interception, sending a message to said license policy enforcement process requesting permission for launch of the licensed application, and for controlling said one or more computers to receive one or more messages containing an authorization or a denial from said license policy enforcement process, and invoking said licensed application program if an authorization is received, or blocking the launch of said licensed application if a denial is received; a third code segment for controlling one or more computers to carry out an agent service process by detecting at least one or more task launching activities carried out on a computer by the operating system whenever an application program covered by said license enforcement policy is launched, hereafter referred to as a licensed application programl including detection of launching of each licensed application by and controlling one or more computers to respond to said detection of a launch by sending a message to said license policy enforcement process informing it of each said launch and controlling said computer to receive an authorization or denial message from said license policy enforcement process for each launch of a licensed application program, and controlling said one or more computers to allow continued execution of said licensed application program if said received message is an authorization and controlling said computer to stop execution of said licensed application program if said received message is a denial; a fourth code segment for controlling one or more computers of said first type being controlled by said operating system to carry out an native program agent service process functioning to detect at least one or more task launching activities carried out on said computer by said operating system whenever a native program is launched, said one or more task launching activities being such that they will cause detection by said native program agent service process of the launch of any native program, and, upon detection of launch of a native program, controlling said computer to send a message to said license policy enforcement process informing it of said launch, and controlling said computer to receive an authorization or denial messages from said license policy enforcement process for each launch of a native program, and controlling said computer to allow continued execution of said native program if said received message is an authorization and controlling said computer to halt execution of said native program if said received message is a denial, said fourth code segment also for controlling said computer to alter each said virtual computer process which is launched by said operating system such that said virtual computer process has an agent application programming interface which provides function calls which include at least a first function call to invoke a program which can terminate the execution of any specified non-native program executing in said virtual computer process and a second function call which can receive inquiries from said native program agent service process regarding the user name and path of each non-native program being executed under said virtual computer process and respond thereto by determining and sending back to the inquiring process said user name and path of each said non-native program which is in execution by said virtual computer process, said fourth code segment also for controlling one or more computers to invoke said first function call to determine which non-native programs are in execution and send a message to said license policy enforcement process requesting authorization for execution of each said non-native program in execution, and to receive any authorization or denial message for each said non-native program, and upon receipt of a denial message, controlling said computer to invoke said second function call to invoke a program to halt the execution of the non-native program for which the denial message was received.
-
6. A process comprising:
-
controlling one or more computers with a computer program that cooperates with an operating system program to carry out a license restriction management process which receives messages regarding launch requests for licensed applications or actual launches thereof, determines if each launch request or launch is authorized in accordance with a predetermined license restriction policy and sends back an authorization or denial message to a requesting process, at least some of said one or more computer being controlled by a first type operating system capable of controlling said computer upon which it is resident, hereafter referred to as the resident computer, so as to execute native programs which have been specifically designed to operate with said operating system of said first type and said resident computer as well as to execute foreign programs which have not been specifically designed to operate with said first type operating system or said resident computer, execution of said foreign programs on said resident computer implemented by launching one or more emulation programs which control said computer to implement a virtual computer process which emulates the processing by a computer and operating system which the foreign program was specifically designed to control; controlling one or more computers also being controlled by said first type operating system to carry out an agent service process functioning to detect the launch of any native program by detecting at least one native program launch event carried out on said computer by said first type operating system whenever a native program is launched such as by detecting the loading of a predetermined Dynamic Linked Library, and, when said native program launch event is detected, determining the identity of the native program that has been launched and sending a message to said license restriction management process informing it of the identity of the launched native program and controlling said computer to receive authorization or denial data from said license restriction management process for each launch, and allowing continued execution of said launched native application program if said received message is an authorization and controlling said computer to halt execution of said launched native program if data received from said license restriction management process indicates execution of the launched native application program is unauthorized, and controlling said computer to alter each virtual computer process which is launched by said first type operating system such that said virtual computer process has an agent application programming interface which provides at least a first function call which can be invoked to launch a program which can receive inquiries regarding the identity of each foreign application program being executed under said virtual computer process and which provides at least a second function call which can be invoked to control said computer to halt execution of a named foreign application program in execution in a virtual computer process; and controlling one or more computers also being controlled by said first type operating system to implement a foreign agent process capable of being invoked by either said first or second function calls of said application programming interface, and controlling said one or more computers such that said application programming interface that controls said foreign agent process is created each time a virtual computer process is created, said foreign agent process structured to control said one or more computers to respond to receipt of said first function call made through said application programming interface of said virtual computer process to determine the identity of any foreign application program or programs being executed by said virtual computer process and send a message including said identity or identities to said agent service process executing on said one or more computers that made said first function call, and structured to control said one or more computers in response to receipt of a second function call made through said application programming interface to stop execution of a foreign application program identified in said second function call, and wherein said agent service process also functions to control said one or more computers to; invoke said first function call of said application programming interface anytime a virtual computer process is created to cause said foreign agent process to determine the identity of any foreign program in execution on said virtual computer process; receive said message from said foreign agent process and use the identity information therein to send a message to said license restriction management process identifying all foreign programs that have been launched and request authorization for said launches; receive authorization or denial messages for said foreign programs that are being executed by one or more virtual computer processes from said license restriction management process; if said message is an authorization, allowing said foreign program to continue executing; and if said message is a denial, controlling said computer to invoke said second function call of said application programming interface to cause said foreign agent process to stop the execution of the foreign program named in said function call.
-
-
7. An apparatus comprising:
-
a network; one or more file servers; one or more computers of different types, at least one type of computer being controlled by an operating system of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, and coupled to said file servers by said network and having local memory; and wherein said file server has in execution thereon a license restriction management process which receives messages regarding launch requests for licensed applications to be executed by said workstations either from said file server or from local memory, and determines if each launch request is authorized in accordance with a predetermined license restriction policy and sends back an authorization or denial message to a requesting process; and wherein said one or more computers being controlled by said operating system of said first type is programmed to have an agent service process in execution thereon when said one or more computers are running which controls said one or more computers to carry out the following functions; detect launches of native and non-native application programs by monitoring for the occurrence of a predetermined event carried out by said operating system each time a native or nonnative application program is launched, and when said predetermined event occurs, determine the identity of the native application program which has been launched, and send a message to said file server requesting confirmation or denial of the launch from said license restriction management process, and terminates the launch of said native or non-native application program when a denial message is received from said license restriction process.
-
-
8. An apparatus comprising:
-
a network; one or more file servers; one or more computers of different types, each being controlled by an operating system at least some of said operating systems being of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of the first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, said one or more computers of different types coupled to said file servers by said network and having local memory; and wherein said file server has in execution thereon a license restriction management process which receives messages regarding launch requests for licensed applications to be executed by said one or more computers either from said file server or from local memory, and determines if each launch is authorized in accordance with a predetermined license restriction policy and sending back an authorization or denial message to a requesting process; and wherein said one or more computers being controlled by said operating system of said first type has a native program agent service in execution thereon which controls said one or more computers to; detect launches of native programs by monitoring for the occurrence of a specific, predetermined launch event which always occurs when any native program is launched, and when said launch event occurs, determine the identity of the native program that was launched, and request confirmation or denial of the launch from said license restriction management process, and terminate execution of said native program when a denial message is received from said license restriction management process, and detect when first type operating system invokes one or more emulation programs to create one or more standalone or shared virtual computers in support of execution of one or more non-native programs, and alter the functionality of each said virtual computer to create therein an application programming interface which provides a first function call which functions to invoke a program to answer queries as to the identity of any non-native program executing on said virtual computer and which provides a second function call which invokes a program to terminate the execution of any non-native program named in the argument of said second function call, receive one or more messages through said application programming interface of a virtual computer regarding the identity of any non-native programs in execution within said virtual computer and request from said license restriction management process confirmation or denial for continued execution of the non-native program or programs identified in said messages, if a denial message is received from said license restriction management process, invoke said second function call of said application programming interface to force cessation of execution of the a non-native program executing within said virtual computer named in the argument of said second function call.
-
-
9. A process comprising:
-
controlling one or more computers to carry out a license restriction management process which receives messages regarding launch requests or launches that have already occurred for licensed applications, determines if each launch request is authorized in accordance with a predetermined license restriction policy and sending back an authorization or denial message to a requesting process; controlling one or more computers with an agent program also being controlled by an operating system of a flexible, multitasking first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, said agent program controlling said resident computer to carry out an agent service to detect at least some task launching activities on said computer carried out by said operating system whenever a new computer program is invoked into execution, including detection of launching of each native licensed application by whatever method of invocation is used to launch said native licensed applications, and when such a task launching activity is detected, said agent program also functioning to control said computer to send a message to said license restriction management process informing it of the launching of a licensed application, said agent program also controlling said computer to receive an authorization or denial message from said license restriction management process for each request to launch or actual launch of a native licensed application, and controlling said computer to allow continued execution of said native licensed application if said received message is an authorization and controlling said computer either directly or by invoking a function call of said operating system to halt execution of said native licensed application if said received message is a denial, said agent process also controlling said one or more computers to detect when said one or more emulation programs have been launched to create a virtual computer and participate with said operating system in creation of said virtual computer by creating in said emulation process an application programming interface which provides a first function call which can be invoked to determine the identity of any non-native application programs being executed by said virtual computer and a second function call which can be invoked to cause any non-native application programmed named in the argument of said second function call, said application programming interface implemented by coupling said emulation process to a library of one or more programs including a non-native agent process to control said resident computer to carry out the functions assigned to each function call; and controlling one or more computers also being controlled by an operating system of said flexible multitasking first type with a non-native agent program to carry out a non-native agent process which is initiated each time said emulation programs are launched to create a virtual computer said non-native agent process controlling said one or more computers to respond to invocation of said first function call by said native agent process by retrieving the identity for each nonnative licensed application being executed by said virtual computer and sending a message including said identity to said native agent process which responds by controlling said one or more computers to send a message to said license restriction management process requesting authorization or denial for execution of the non-native application program named in the message from said non-native application program, said native agent controlling said one or more computers to receive authorization or denial messages from said license restriction management process, and controls said one or more computers to invoke said second function call to cause said non-native agent process to stop execution of any non-native licensed application if a denial message naming said non-native application is received by said native agent process from said license restriction management process but controlling said computer to do nothing so as to allow continued execution of said non-native application process if said received message is an authorization.
-
-
10. An article of manufacture comprising:
a computer-readable medium having stored thereon a computer program for controlling one or more computers such that license restrictions on the number of copies of a licensed program that can be simultaneously executing can be implemented, said computer program comprising; a first code segment for controlling one or more computers to carry out a license restriction management process comprising at least the steps of receiving messages regarding launch requests or actual launches for licensed programs, determining if each launch or launch request for a licensed program is authorized and sending back an authorization or denial message to a requesting process; a second code segment for controlling one or more computers being controlled by a flexible, multitasking first type operating system designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, said second code segment controlling said computer to carry out an agent service by detecting at least one task launching activity carried out on said resident computer whevever either a native or non-native program is and when said task launching activity is detected, determining if the program launched is a native program or an emulation program to set up a virtual computer, and if the program launched is a native program, determining its identity and sending a message to said license restriction management process informing it of the launching of said native program, and controlling said one or more computers to receive an authorization or denial message from said license restriction management process for each request to launch or actual launch of a native program, and allowing continued execution of said native program if said received message is an authorization and stopping execution of said native program if said received message is a denial, said second code segment also for controlling said resident computer to create in each virtual computer an application programming interface when it is determined that the task which caused said task launching activity to be performed is the launching of said one or more emulation programs, said application programming interface having a first function call which can be invoked to determine the identity of any non-native program being executed by said emulation process, and a second function call which can be invoked to cause termination of execution of any non-native program being executed by said emulation process and named in the argument supplied to said second function call; a third code segment for controlling one or more computers also being controlled by a flexible, multitasking first type operating system capable of executing either native or non-native programs, said third code segment for controlling said one or more computers to carry out a non-native agent process to carry out the functions of said application programming interface, said non-native agent process controlling said one or more computers to respond to invocation of said first function call by retrieving the identity of each non-native program being executed by said virtual computer and said third code segment also for controlling said one or more computers to respond to invocation of said first function call by sending a message to said native agent process including said identity of said non-native program, and wherein said native agent process established by said second code segment controls said one or more computers to send a message to said license restriction management process requesting authorization for said launch of each non-native program identified by said non-native agent process, said native agent process also for controlling said one or more computers to receive authorization or denial messages from said license restriction management process, and to invoke said first function call to cause said non-native agent process to stop execution of a a named non-native program if a denial message is received but to allow continued execution of said non-native program if said received message is an authorization.
-
11. An apparatus comprising:
-
a network; one or more file server computers controlling access to a file system; one or more workstation computers being controlled by a flexible, multitasking operating system of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was design to run, each of said one or more workstation computers coupled to said file servers by said network and having local memory; and wherein said file server has in execution thereon a license restriction management process which receives messages regarding launch requests for licensed applications to be executed by said workstations either from said file server or from local memory, and determines if each launch request is authorized in accordance with a predetermined license restriction policy and sends back an authorization or denial message to a requesting process; and wherein said one or more computers being controlled by said flexible multitasking operating system of said first type has in execution thereon a native program agent service which controls said one or more computers to; detect launches of native programs by monitoring for the occurrence of a specific predetermined event which always occurs each time either a native program is launched or said one or more emulation programs are launched, and, when said predetermined event is detected, said native program agent service controls said one or more computers to determine the identity of the native program that was launched, and if one or more emulation programs are launched, for controlling said one or more computers to create in said virtual computer an application programming interface which provides a first function call which can be invoked to determine the identity of any non-native application programs that are being executed by said virtual computer and provides a second function call which can be invoked to cause termination of any non-native program named in the argument supplied when said second function call is made, and request confirmation or denial of the launch or requested launch of said native program from said license restriction management process, and block launching of said native program or cause said native program to cease execution when a denial message is received from said license restriction management process, and and wherein each of said one or more virtual computers created by said flexible, multitasking operating system of said first type has in execution therein a non-native program agent process which controls one or more computers to; respond to invocation of said first function call by determining and transmitting to said native program agent service the identity of each said non-native application program in execution within said virtual computer, and wherein said native program agent service responds to receipt of this message by sending to said license restriction management process a message requesting authorization for launch of said non-native application program, and wherein said native program agent service controls said computer to receive any authorization or denial message transmitted by said license restriction management process and invoke said second function call if said message received from said license restriction management process is a denial, and if a message is received from said native program agent service denying continued execution of said non-native program as indicated by invocation of said second function call, said non-native program agent process controls said one or more computers to cause any non-native program identified in the argument supplied when said second function call was made to cease execution. - View Dependent Claims (12)
-
-
13. An apparatus comprising:
-
a network; one or more file server computers controlling one or more file systems; one or more computers being controlled by an operating system of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to launch programs in a number of different ways including at least one way which cannot be detected by a wrapper program, and which runs each application program in its own window, and which controls said resident computer to keep a task list of all the programs that are running, and which controls said computer to provide an application programmatic interface which provides at least a first function call which can be invoked to request notification each time a new program is launched and a new task is created on said task list and a second function call which can be invoked to request notification each time a new window is created, or which are controlled by any of a plurality of other diverse operating systems which launch application programs in a way which can be detected by wrapper programs, and coupled to said file servers by said network and having local memory; and wherein said one or more file server computers have in execution thereon a license restriction management process which receives an active or passive monitoring message regarding a launch request or actual launch of a licensed application program, where an active monitoring message originates from either an agent process or a wrapper program, and wherein a passive monitoring message is generated either by a wrapper or an agent program and merely reports a launch without requesting permission for said launch, said launch or requested launch being either from a file system controlled by a file server or from local memory of a computer, said license restriction management process, if the message is a active monitoring message, controlling said one or more file server computers to determine if said launch request or actual launch is authorized in accordance with a predetermined license restriction policy and sending back an authorization or denial message to a process which sent said message, or if the message is a passive mode monitoring message, controlling said one or more file server computers or one or more other computers to record data regarding said launch or requested launch; and wherein said one or more computers controlled by any of said plurality of other diverse operating systems which launch application programs in a way which can be detected by wrapper programs have one or more application programs installed thereon the launching of which is controlled by one or more wrapper programs which function to control said one or more computers to; move the application program being managed by said wrapper program to a hidden directory and insert said wrapper program into the directory in which said application program being managed was formerly stored; intercept launch requests for the application program being managed by said wrapper program; send an active monitoring message to said license restriction management process to report the launch request to said license restriction management process; receive said authorization or denial message from said license restriction management process; and
,if the returned message is a denial, not invoking said application program being managed into execution, and, if the returned message is an authorization, invoking said application program being managed into execution; and wherein said one or more computers being controlled by said operating system of said first type have one or more application programs installed thereon and have an agent process in execution thereon which controls said one or more computers to have any of several behaviors selected by configuration data, said behaviors being to; detect launches of said application programs by monitoring activities of said computer in one of three ways, the particular way monitoring is accomplished being selectable by configuration data stored in said one or more computers, said three ways being; polling said task list kept by said operating system and determining when new tasks appear and when old tasks disappear; invoking said second function call of said application programming interface of said operating system to request to be notified when a new window is created;
orinvoking said first function call of said application programming interface of said operating system to request to be notified when a new task is created; and when launch of an application program is detected, determine the identity of the application just launched; if active mode monitoring is selected by said configuration data, send an active monitoring message to said license restriction management process identifying the launched application and requesting a license check and requesting return of an authorization or denial message regarding the launch; cause said application program to cease execution when a denial message is received from said license restriction management process but allowing said application program to continue executing if said return message is an authorization, and if passive mode monitoring is selected by said configuration data, send a passive monitoring message identifying the application program which was launched to said license restriction management process. - View Dependent Claims (14)
-
-
15. A process comprising:
-
controlling one or more computers to carry out a license restriction management process which receives an active or passive monitoring message regarding a launch request or actual launch of a licensed application program, said launch or requested launch being either from a file system controlled by a file server or from local memory of a computer, said license restriction management process, if the message is a active monitoring message, controlling one or more file server computers to determine if said launch request or actual launch is authorized in accordance with a predetermined license restriction policy and sending back an authorization or denial message to a process which sent said active monitoring message, or if the message is a passive monitoring message, controlling one or more computers to record data regarding said launch or requested launch; controlling one or more computers which are also being controlled by operating systems of a type which launch application programs in a way which can be detected by wrapper programs, said one or more computers also having one or more application programs installed thereon and also being programmed with one or more wrapper programs which control said one or more computers to control the launching of said application programs by controlling said one or more computers to; move the application program being managed by said wrapper program to a hidden directory and insert said wrapper program into the directory in which said application program being managed was formerly stored; intercept launch requests for the application program being managed by said wrapper program; send an active monitoring message to said license restriction management process to report the launch request to said license restriction management process; receive said authorization or denial message from said license restriction management process; and
,if the returned message is a denial, not invoking said application program being managed into execution, and, if the returned message is an authorization, invoking said application program being managed into execution; and controlling one or more computers which are also being controlled by a an operating system of a second type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to launch programs in a number of different ways including at least one way which cannot be detected by a wrapper program, and which runs each application program in its own window, and which controls said resident computer to keep a task list of all the programs that are running, and which controls said computer to provide an application programmatic interface which provides at least a first function call which can be invoked to request notification each time a new program is launched and a new task is created on said task list and a second function call which can be invoked to request notification each time a new window is created, said one or more computers controlled by an operating system of said second type also having one or more application programs installed thereon, and also being programmed with an agent process which controls said resident computer so as to carry out an agent process which controls said one or more computers to; detect launches of said application programs by monitoring activities of said computer in one of three ways, the particular way monitoring is accomplished being selectable by configuration data stored in said one or more computers, said three ways being; polling a task list kept by said operating system of said second type and determining when new tasks appear and when old tasks disappear; invoking said second function call of said operating system to request to be notified when a new window is created;
orinvoking said first function call of said operating system to request to be notified when a new task is created; when launch of an application program is detected, determining the identity of the application program just launched; if active mode monitoring is selected by said configuration data, sending an active monitoring message to said license restriction management process identifying the launched application program and requesting authorization or denial of continued execution of said application program; causing said application program to cease execution when a denial message is received from said license restriction management process but allowing said launched application program to continue executing if said return message is an authorization, and if passive mode monitoring is selected by said configuration data, sending a passive monitoring message identifying the application program which was launched to said license restriction management process. - View Dependent Claims (16, 17, 18)
-
-
19. A process carried out by a first computer controlled by, among other programs, an agent process in a distributed system of computers and a second computer controlled by, among other programs, a license restriction management process which is coupled to said first computer by any network or other computer-to-computer communication path, comprising:
-
detecting launch of an application program on said first computer; determining the identification of the application whose launch was just detected; on said first computer, checking the application identification against a list of authorized applications kept in memory or on the hard drive of said first computer; if the identification of the application process just launched is not on the list, terminating said application process execution; if the identification of the application process just launched is on the list, sending an active monitoring message via said network or other computer-to-computer communication path from said first computer to said second computer identifying the application process just launched and requesting a license check; on said second computer, using the identity of the application process gleaned from said message to determine if the launch is within a predetermined license policy, and, if so, sending an authorization message to said first computer, and if said launch is not within said predetermined license policy, sending a denial message to said first computer; on said first computer, receiving said authorization or denial message, and if said message is an authorization, doing nothing and letting the application process continue to execute, and if said message is a denial, terminating the execution of said application process.
-
-
20. A process carried out by a first computer controlled by an agent process and an operating system of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more native emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, and wherein each virtual computer includes an application programmatic interface providing a first function call which can be invoked to determined the identity of non-native programs being executed by said one or more emulation programs and a second function call which can be invoked to cause cessation of execution of a non-native program identified in an argument supplied to said second function call, said computer existing in a system of one or more computers which includes a computer controlled by, among other programs, a license restriction management process, comprising:
-
detecting launch on said first computer of either a native or non-native application program on said first computer by detecting an event which always occurs whenever a native application program or a native emulation program is launched; determining the identification of the program whose launch was just detected either directly if it was a native program, or by invoking said first function call if the native program launched was said one or more emulation programs; sending a message to said license restriction management process identifying the application process just launched, said message indicating it is an auto-denial license check request; on said computer controlled by said license restriction management process, checking the application identification against a list of authorized applications kept in memory or on the hard drive of said computer controlled by said license restriction management process; if the identification of the application process just launched is not on the list, sending a message to said agent process requesting termination of the execution of said application process; on said computer controlled by said agent process, receiving said termination request message and terminating execution of said application process directly or by invoking a function call provided by said operating system of said first type or by invoking said second function call if the program launched was a non-native program; if the identification of the application process just launched is on the list kept at said computer controlled by said license restriction management process, using the identity of the application process just launched gleaned from said message from said agent process to determining if said launch is within a predetermined license policy, and, if so, sending an authorization message to said agent process, and if said launch is not within said license policy, sending a denial message to said computer controlled by said agent process; on said computer controlled by said agent process, receiving said authorization or denial message, and if said message is an authorization, doing nothing and letting the application process continue to execute, and if said message is a denial, terminating the execution of said application process directly or by invoking a function call provided by said operating system of said first type or by invoking said second function call if the program launched was a non-native program.
-
-
21. An apparatus comprising:
-
a network; a file server coupled to said network and having a license restriction management process in execution thereon; a computer coupled to said file server by said network and controlled by any one of a plurality of diverse operating systems each of which launches programs in a way that can be detected by a wrapper program, each said computer also having one or more application programs installed thereon, each application program managed by a wrapper process which controls said computer to perform the following functions; move the application program being managed by said wrapper program to a hidden directory and insert said wrapper program into the directory in which said application program being managed was formerly stored; intercept launch requests for the application program being managed by said wrapper program; send an active or passive monitoring message to said license restriction management process to report the launch request to said license restriction management process, said message being active or passive depending upon configuration data; if said message was an active monitoring message, receive an authorization or denial message from said license restriction management process; and
,if the returned message is a denial, not invoking said application program being managed into execution, and, if the returned message is an authorization, invoking said application program being managed into execution; if said message sent to said license restriction management process was a passive monitoring message, automatically invoking into execution the application program being managed by the wrapper program when said launch request is intercepted and sending a message to said license restriction management process reporting the identification of the application program just launched; one or more programs controlling said file server to implement said license restriction management process to control said file server so as to receive passive monitoring messages from said wrapper programs and react thereto by simply recording data regarding the launch, or receive active monitoring messages and performing license checks for the application program identified by said active monitoring message, and if execution of said application program would not exceed violate a license policy encoded in data stored in memory or a license policy file, send an authorization message to said wrapper process, and if the execution of said application program would violate said license policy, send a denial message to said wrapper process.
-
-
22. An apparatus comprising:
-
a network; a file server coupled to said network and having a license restriction management process in execution thereon; one or more computers coupled to said file server by said network and being controlled by an operating system of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to launch programs in a number of different ways including at least one way which cannot be detected by a wrapper program, and which runs each application program in its own window, and which controls said resident computer to keep a task list of all the programs that are running, and which controls said computer to provide an application programmatic interface which provides at least a first function call which can be invoked to request notification each time a new program is launched and a new task is created on said task list and a second function call which can be invoked to request notification each time a new window is created, and having one or more application programs installed thereon and having an agent process in execution thereon which controls said one or more computers to have the following behaviors; detect launches of said application programs by monitoring activities of said computer in one of three ways, the particular way monitoring is accomplished being selectable by configuration data stored in said one or more computers, said three ways being; polling a task list kept by said operating system and determining when new tasks appear and when old tasks disappear; invoking said second function call of said operating system to request to be notified when a new window is created;
orinvoking said first function call of said operating system to request to be notified when a new task is created; when launch of an application program is detected, determine the identity of the application program just launched; if active mode monitoring is selected by said configuration data, send an active monitoring message to said license restriction management process identifying the launched application and requesting a license check and requesting return of an authorization or denial message regarding the launch; cause said application program to cease execution when a denial message is received from said license restriction management process but allowing said application program to continue executing if said return message is an authorization, and if passive mode monitoring is selected by said configuration data, send a passive monitoring message identifying the application program which was launched to said license restriction management process; and one or more programs controlling said file server to implement said license restriction management process so as to receive passive monitoring messages from said agent process and react thereto by simply recording data regarding the launch, or receive active monitoring messages and react thereto by performing license checks for the application program identified by said active monitoring message, and if execution of said application program would not a license policy, send an authorization message to said agent process, and if the execution of said application program would violate a license policy, send a denial message to said agent process.
-
-
23. An apparatus comprising:
-
a network; a file server coupled to said network and having a license restriction management process in execution thereon; one or more computers coupled to said file server by said network and being controlled by an operating system of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, said one or more computers also having one or more native and non-native application programs installed thereon and having a native program agent service in execution thereon, said native program agent service controlling said one or more computers to have the following behaviors; detect launches of native application programs by monitoring activities of said computer to determine when a particular task launching event occurs which always occurs when a native application program is launched and which can be reliably detected by said native program agent service; when launch of a native application program is detected, determine the identity of the application program just launched; if active mode monitoring is selected by said configuration data, send an active monitoring message to said license restriction management process identifying the launched native application program and requesting a license check and requesting return of an authorization or denial message regarding the launch; cause said native application program to cease execution when a denial message is received from said license restriction management process but allowing said native application program to continue executing if said return message is an authorization, and if passive mode monitoring is selected by said configuration data, send a passive monitoring message identifying the native application program which was launched to said license restriction management process; and one or more programs controlling said file server to implement said license restriction process so as to receive passive monitoring messages from said agent process and react thereto by simply recording data regarding the launch, or receive active monitoring messages and react thereto by performing license checks for the application program identified by said active monitoring message, and if execution of said application program would not violate a license policy, send an authorization message to said agent process, and if the execution of said application program would violate a license policy, send a denial message to said agent process.
-
-
24. An apparatus comprising:
-
a network; a file server coupled to said network and having a license restriction management process in execution thereon; one or more computers coupled to said file server by said network and being controlled by an operating system of a first type designed to control the computer on which said operating system is resident, hereafter referred to as the resident computer, so as to execute both native and non-native programs, where native programs are programs which are designed to run on said resident computer under control of said operating system of said first type, and non-native programs are programs which are designed to run on some other computer or in some other operating system environment, and wherein said operating system runs non-native programs by creation of a virtual computer implemented by execution of one or more emulation programs which control said resident computer to emulate the operation of the computer or operating system environment in which said non-native program was designed to run, said one or more computers also having one or more native and non-native application programs installed thereon, and wherein said one or more emulation programs that implement virtual computers are native programs, and having a native program agent service in execution thereon and a a non-native program agent process in execution in every virtual computer, said native program agent service controlling said one or more computers to have the following behaviors; detect launches of native programs by monitoring activities of said computer to determine when a particular event occurs which always occurs whenever a native program is launched; when launch of a native program is detected, determine if the native program so launched is a native application program or a native emulation program, and, if the native program launched is a native application program, determine the identity of the application just launched, and if the native program must launched is an emulation program, controlling said resident computer to implement an application programming interface in said virtual computer having at least a first function call that can be invoked to cause said non-native agent process to determine the identity of the one or more non-native application programs being executed by said virtual computer, and a second function call which can be invoked to cause said non-native agent process to terminate the execution of any non-native application program named in the argument supplied when invoking said second function call, and for controlling said computer to invoke said first function call and receive back the identity of all non-native application programs being executed by said virtual computer; if active mode monitoring is selected by said configuration data and a native application program was launched, send an active monitoring message to said license restriction management process identifying the launched application and requesting a license check and requesting return of an authorization or denial message regarding the launch, and if a virtual computer was created and a message is received after invoking said first function call identifying the non-native program(s) being executed by said virtual computer, sending a message to said license restriction management process identifying the non-native programs being executed by said virtual computer and requesting authorization or denial for the launch; cause said native application program to cease execution when a native application program has been launched and a denial message is received from said license restriction management process but allowing said native application program to continue executing if an authorization message is received, and, if a virtual computer has been established and a message is received from said license restriction management process denying authorization for the launch of one or more non-native programs being executed by said virtual computer, invoking said second function call at least once and supplying the identities of all non-native programs the execution of which is not authorized, and if passive mode monitoring is selected by said configuration data, send a passive monitoring message identifying the application program which was launched to said license restriction management process; and and controlling said one or more computers being controlled by an operating system of said first type such that whenever said operating system of said first type creates one or more virtual computers, said non-native program agent process goes into execution thereon and controls said one or more resident computers to; respond to invocation of said first function call by determining and transmitting to said native program agent service the identity of each said non-native application program in execution within said virtual computer for transmission to said license restriction management process by said native program agent service, and receive a message from said license restriction management process via said native program agent process for each non-native application program in execution within said virtual computer which has been denied continued execution by virtue of invocation of said second function call and responding thereto by causing all non-native application programs identified in the argument to said second function call to cease execution; and one or more programs for controlling said file server to implement said license restriction management process so as to receive passive monitoring messages from said native program agent service and react thereto by simply recording data regarding the launch, or receive active monitoring messages from said native program agent service(s) executing on said one or more computers coupled to said file server and perform a license check for each native or non-native application program identified by an active monitoring message, and if execution of said application program identified in said message would not violate a license policy, send an authorization message to said native program agent service which sent said active monitoring message, and if the execution of said application program would violate a license policy, send a denial message to said native program agent service which sent said active monitoring message.
-
Specification