WO2012064331A1 - Determine authorization of a software product based on a first and second authorization item - Google Patents

Determine authorization of a software product based on a first and second authorization item Download PDF

Info

Publication number
WO2012064331A1
WO2012064331A1 PCT/US2010/056445 US2010056445W WO2012064331A1 WO 2012064331 A1 WO2012064331 A1 WO 2012064331A1 US 2010056445 W US2010056445 W US 2010056445W WO 2012064331 A1 WO2012064331 A1 WO 2012064331A1
Authority
WO
WIPO (PCT)
Prior art keywords
authorization
software product
item
processor
authorization item
Prior art date
Application number
PCT/US2010/056445
Other languages
French (fr)
Inventor
Calvin L. Selig
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to PCT/US2010/056445 priority Critical patent/WO2012064331A1/en
Priority to US13/824,517 priority patent/US9684781B2/en
Priority to CN201080070102.0A priority patent/CN103189876B/en
Priority to EP10859444.1A priority patent/EP2638502A4/en
Publication of WO2012064331A1 publication Critical patent/WO2012064331A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • a software product may be authorized for a particular time period. For example, a user may be granted use of a software product for a trial period, such as for thirty days. The trial period may be provided free or at a lower cost than full use of the software product to familiarize a user with the software product. The introductory trial period may then encourage the user to pay for continued use of the software product at the end of the trial period.
  • Figure 1 is a block diagram illustrating one example of a computing system.
  • Figure 2A is a block diagram illustrating one example of a computing system.
  • Figure 2B is a block diagram illustrating one example of a computing system.
  • Figure 2C is a block diagram illustrating one example of a computing system.
  • Figure 3 is a flow chart illustrating one example of a method to determine authorization of a software product based on a first and second authorization item.
  • Figure 4 is a flow chart illustrating one example of a method to create a second authorization item.
  • Figure 5 is a flow chart illustrating one example of a method to compare a first authorization item and a second authorization item.
  • Figure 8 is a flow chart illustrating one example of determining whether use of a software product is authorized.
  • Figure 7 is a block diagram illustrating one example of determining that use of a software product is authorized.
  • Figure 8 is a block diagram illustrating one example of determining that use of a software product is unauthorized.
  • Figure 9 is a flow chart illustrating one example of a method for extending the authorization period of a software product.
  • Figure 10 is a flow chart illustrating one example of a method to extend the authorization period of a software product.
  • Figure 1 1 is a block diagram illustrating one example of a computing system.
  • a software product may be authorized for a particular period of time.
  • a software vendor may provide a user authorization to use a software product on a trial basis, such as for thirty days or until a particular day.
  • the trial may be limited in time, such as because it is free or cheaper than the regular price of the software product.
  • Limiting the use of a software product to a particular time period may involve having a user enter an authorization code. However, in some cases a user may share the authorization code or may change the authorization code to extend the amount of authorized use.
  • authorization information related to a trial period may be retrieved from a remote device.
  • a software product may include instructions to check a remote database via a network to check whether use of the software product is authorized. However, in some cases it may be desirable for the authorization information to be stored locally on the electronic device executing the software product.
  • a software product may create an authorization file stored locally on the electronic device, such as when the software product is installed. A user may discover the file and attempt to extend a period of authorized use of a software product, such as by deleting or altering the rile.
  • authorization of a software product is enforced by creating two authorization items stored on the electronic device running the software product where each authorization item is created at a different time.
  • one authorization item may be created when the software product is installed and another authorization item may be created when the software product is executed for the first time.
  • the authorization items may be separate items.
  • one authorization item may be a file and the other may be a registry key, or the authorization items may be separate files or registry keys.
  • the two authorization items may be coordinated such that an inconsistency between them may indicate that use of the software product is unauthorized.
  • Using two authorization items created at different times may make it more difficult for a user to discover the two authorization items. If a user discovers one of the authorization items and alters or deletes it, the tampering may be evident because of a resulting inconsistency between the two authorization items. As a result, it may be more difficult for a user to extend an authorization period for a software product.
  • FIG. 1 is a block diagram illustrating one example of a computing system 100.
  • the computing system 100 may include an electronic device 1 10.
  • the electronic device 1 10 may be any suitable electronic device, such as a personal computer or mobile phone.
  • the electronic device 1 10 may include, for example, a processor 104, a machine-readable storage medium 102, a first authorization item 106, and a second authorization item 108.
  • the processor 104 may be any suitable processor, such as a central processing unit (CPU), a semiconductor-based microprocessor, or any other device suitable for retrieval and execution of instructions, in one embodiment, the computing system 100 includes logic instead of or in addition to the processor 104. As an alternative or in addition to fetching, decoding, and executing instructions, the processor 104 may include one or more integrated circuits (ICs) or other electronic circuits that comprise a plurality of electronic components for performing the functionality described below. In one implementation, the computing system 100 includes multiple processors. For example, one processor may perform some functionality and another processor may perform other functionality.
  • ICs integrated circuits
  • the processor 104 executes instructions stored in a machine-readable storage medium 102.
  • the machine-readable storage medium 102 may be any suitable machine readable medium, such as an electronic, magnetic, optical, or other physical storage device that stores executable instructions or other data (e.g., a hard disk drive, random access memory, flash memory, etc.).
  • the machine-readable storage medium 102 may be, for example, a computer readable non-transitory medium.
  • the machine-readable storage 102 medium may include instructions executable by the processor 104.
  • the machine-readable storage medium 102 may include instructions associated with a software product 1 12.
  • the software product 1 12 may be any suitable software product.
  • the software product 1 12 may be authorized to execute on the processor 104 during a particular time period, such as a sixty day trial period.
  • the first authorization item 106 and the second authorization item 108 may be any suitable items for indicating whether use of the software product 1 12 is authorized.
  • the first authorization item 106 and the second authorization item 108 may be a file or a registry key.
  • the first authorization item 106 and the second authorization item 108 may include information indicating a time period of authorized use of the software product.
  • the first authorization item 106 and the second authorization item 108 may include information indicating properties of the other authorization item.
  • the first authorization item 106 may include information indicating whether the second authorization item 108 had been created.
  • the software product 1 12 may include instructions related to controlling whether the software product 1 12 may be executed on the processor 104 at a particular time.
  • the software product 1 12 may include instructions to generate a first authorization token, such as the first authorization item 106, when the software product 1 12 is installed and instructions generate a second authorization token, such as the second authorization item 108, when the software product 1 12 is run for the first time, where each authorization item is a file stored in a storage or a registry key stored in a registry.
  • the software product 1 12 may include instructions to determine whether use of the software product 1 12 is authorized at a particular time based on a comparison of the first authorization item 106 and the second authorization item 108 and to prohibit use of the software product 1 12 if determined that use of the software product 1 12 is not authorized.
  • Figures 2A, 2B, and 2C show example combinations of a first authorization item and a second authorization item where each of the two authorization items may be either a registry key or a file.
  • Figure 2A is a block diagram illustrating one example of a computing system 200.
  • the computing system 200 shows a first authorization item as an authorization file 202 stored in a storage 218 and a second authorization item as an authorization key 204 stored in a registry 220.
  • the storage 218 may be any suitable storage, such as a hard disk drive or a flash drive.
  • the storage 218 may store a file for storing information related to authorizing a software product.
  • the registry 220 may be any suitable registry, such as a database storing settings related to an operating system.
  • the registry 220 may include a registry key with properties related to authorizing a software product.
  • the processor 104 may create one of the authorization items when the software product 1 12 is installed and the other authorization item during the first execution of the software product 1 12.
  • Figure 2B is a block diagram illustrating one example of a computing system 206.
  • the computing system 206 includes a first authorization file 208 and a second authorization file 210.
  • Figure 2C is a block diagram illustrating one example of a computing system 212.
  • the computing system 212 includes a first authorization key 214 and a second authorization key 216.
  • Figure 3 is a flow chart illustrating one example of a method 300 to determine authorization of the software 1 12 product based on a first and second authorization item, such as the first authorization item 106 and the second authorization item 108.
  • a first authorization item may be created when the software product 1 12 is installed, and a second authorization item may be created when the software product 1 12 is executed for the first time.
  • Information may be stored in the first authorization item and the second authorization item related to the time period of authorized use of the software product 1 12.
  • the information in the first authorization item and the second authorization item may be compared to a current date or date and time to determine whether the authorization period has expired. In some cases, the information in the first authorization item and the second authorization may be compared to one another to determine if either authorization item has been tampered with.
  • the processor 104 such as by executing instructions stored in the machine-readable storage medium 102, creates a first authorization item when the software product 1 12 is installed.
  • the software product 1 12 may include instructions for installation that include instructions to generate an authorization token.
  • the first authorization item may be, for example, an authorization file or an authorization key.
  • the authorization item may be created in any suitable manner.
  • the processor 104 may write information to the authorization item when it is created, such as by updating an authorization key property or storing information in an authorization file.
  • the processor 104 may include information about the install date or install time, such as by receiving or retrieving information about the current date from a system or internet clock when the installation occurs.
  • the information may include an expiration date calculated based on the installation date, such as an expiration date ninety days from the installation.
  • the information may include identifying information that may be used to detect tampering with the authorization item. For example, if a user creates a new authorization item without the identifying information, the processor 104 may recognize that the authorization item was created by a user and not during the installation of the software product 1 12.
  • the processor 104 may store the authorization item.
  • the authorization item may be stored in a particular location or with a particular name.
  • the software product 1 12 may include instructions for where to store the authorization item, such as a rile path or a registry key
  • the processor 104 such as by executing instructions stored in the machine-readable storage medium 102, creates a second authorization item when the software product 1 12 is executed for the first time.
  • the second authorization item may be, for example, an authorization file or an authorization key.
  • the second authorization item may be the same type or a different type of item than the first authorization item.
  • both the first authorization item and the second authorization item may be a file or a registry key, or one of the first authorization item and the second authorization item may be a file and the other may be a registry key.
  • the second authorization item may be created in any suitable manner.
  • the second authorization item may be stored in any suitable location.
  • information is included in the second authorization item, such as the date or time that the software product 1 12 was executed for the first time.
  • the second authorization item may include an expiration date calculated based on the first execution, such as an expiration date thirty days from the first execution, in one embodiment, the processor 104 determines whether to create the second authorization item. For example, the processor 104 may analyze the first authorization item to determine whether the current execution of the software product 1 12 is the first execution of the software product 1 12.
  • information about the second authorization item is stored in the first authorization item.
  • information about the date of the first execution of the software may be stored in both the first and second authorization item.
  • the processor 104 may retrieve information from the first authorization item to write to the second authorization item.
  • the install date or an expiration date related to the install date may be read from the first authorization item and stored in the second authorization item.
  • the processor 104 determines whether use of the software product 1 12 is authorized at a particular time, such as at a particular date or date and time, based on a comparison of the first authorization item and the second authorization item. For example, a user may attempt to execute the software product 1 12, and the processor 104 may determine whether use of the software product 1 12 is authorized at that time. The processor 104 may compare the first authorization item and the second authorization item in any suitable manner.
  • the processor 104 may compare a current date to an expiration date, such as an expiration date in the first authorization item and the second authorization item or an expiration date calculated by adding a time period to an installation date or first execution date in the first authorization item and the second authorization item.
  • the expiration date may be compared to a current date retrieved from an Internet clock to prevent a user from extending the authorization period by changing the system dock on the electronic device 1 10.
  • the processor compares a number of times that the software product 1 12 has executed.
  • each of the authorization items may include a number indicating the number of times the software product 1 12 has executed. The number may be compared to a maximum number of allowed times.
  • the processor 104 compares the information in the first authorization item and the second authorization item to confirm that the information in the authorization items is consistent. For example, if the authorization items include different first execution dates, installation dates, or expiration dates, it may indicate that a user tampered with one of the authorization items by changing one of the authorization items or by deleting and recreating one of the authorization items.
  • the processor 104 prevents use of the software product 1 12 if determined that use of the software product 1 12 is not authorized.
  • the processor 104 may prohibit use of the software product 1 12 in any suitable manner.
  • the processor 104 may stop executing instructions related to the software product 112. If determined that use of the software product 1 12 is authorized, the processor 104 may continue to execute instructions associated with the software product 1 12 to allow the user to use the software product 1 12.
  • the method 300 proceeds to 312 and ends.
  • Figure 4 is a flow chart illustrating one example of a method corresponding to 306 of Figure 3 to create the second authorization item.
  • the processor 104 may determine whether the second authorization item should be created based on information in the first authorization item.
  • the processor 104 may determine if a user has tampered with the authorization items. For example, if the second item exists and the first authorization item indicates that the second item should not exist, the use of the software product 1 12 may be prevented. The user may incorrectly believe that one authorization item controls the authorization of the software product 1 12. Checking to determine whether the second authorization item should be created may prevent a user from being able to circumvent the system by deleting the second authorization item.
  • the processor 104 determines whether the first authorization item indicates that the second authorization item should exist.
  • the processor 104 may retrieve the first authorization item.
  • the processor 104 may retrieve the first authorization item from the storage 218 or from the registry 220.
  • the processor 104 may retrieve the first authorization item by using the file path or the registry key name. This may be done, for example, in response to executing the software product 1 12.
  • the first authorization item may include any suitable indication as to whether the second authorization item has been created.
  • the first authorization item may be created at instali time without additional information that may be added when the second authorization item is created, or information from the first authorization item may be removed when the second authorization item is created.
  • the processor 104 may check the first authorization item to see if it contains information or an absence of information that indicates that the second authorization item had been previously created.
  • the processor writes known values to the first authorization item when it is created, and the processor checks for these known values to verify that the file or registry key being analyzed is the first authorization item.
  • a first execution date indicating when the second authorization item is created may be stored in the first authorization item. If a first execution date is not included in the first authorization item, the processor 104 may determine that the second authorization item had not been created.
  • the processor 104 may leave the first authorization item and the second authorization item without deleting them when the software product 1 12 is uninstalled. This may prevent a user from circumventing the trial period by uninstal!ing and reinstalling the software product 1 12. For example, if the software is reinstalled, the first authorization item may still be available and indicating that the second authorization item was already created.
  • the processor 104 determines whether the second authorization item exists. For example, the processor 104 may check the storage 218 or the registry 220 to determine if the second authorization item exists. The processor 104 may know to check a particular location, such as a particular file path or registry key name. The steps of the method 400 may be performed in any order. For example, in some cases, the processor 104 may check whether the second authorization item exists prior to analyzing the first authorization item to determine whether the second authorization item should exist.
  • the processor 104 prevents use of the software product 1 12, For example, if the first authorization item indicates that the second authorization has not been created, but the second authorization item exists, it may indicate that a user altered or deleted the first authorization item without deleting the second authorization item. Use of the software product 1 12 may be prevented in any suitable manner.
  • the processor 104 may create the second authorization item. For example, it may be the first time that the software product 1 12 is executed. The method 400 proceeds to 410 to end.
  • Figure 5 is a flow chart illustrating one example of a method corresponding to 308 of Figure 3 to compare a first authorization item and a second authorization item.
  • the processor 104 may determine that the second authorization item does not exist even though the first authorization item indicates that the second authorization item has been created. If the second authorization item does not exist when it was previously created, the processor 104 may prevent use of the software product 1 12. The second authorization item may no longer exist, for example, because a user deleted it, such as in an attempt to extend the trial period.
  • a comparison to determine whether the second authorization item exists where the first authorization item indicates that the second authorization item has been created may be done at any point. For example, the comparison may be done at the time when the processor 104 is determining whether the second authorization item should be created.
  • the processor 104 determines whether the second authorization item exists. For example the processor 104 may attempt to access the second authorization item at a particular file path or registry keyname to determine if the second authorization item exists.
  • the processor 104 prevents use of the software product 1 12. If the second authorization item was created and now no longer exists, it may indicate that the second authorization item was deleted. The processor 104 may not recreate the second authorization item because creating it a subsequent time may allow a user to extend the authorization period. If determined that the second authorization item should exist and does exist, the processor 104 may compare the first authorization item and the second authorization item to determine whether use of the software product 1 12 should be allowed or prevented. The method 500 continues to 508 to end.
  • FIG. 6 is a flow chart illustrating one example 600 of determining whether use of a software product is authorized.
  • a software product is installed on an electronic device.
  • the installation process may include, for example, storing instructions related to the software product in a machine-readable storage medium on the electronic device.
  • a first authorization item such as an authorization file
  • an expiration date may be inserted in the authorization file.
  • the trial period may be a particular number of days after installation of the software product, and the expiration date may be calculated by determining the current date, such as by using a system clock or internet dock, and adding the number of trial period days to it.
  • a user executes the software product to use it. Proceeding to 608, a processor determines whether the authorization file, the first authorization item, indicates that a second authorization item, such as an authorization registry key, should be created.
  • the processor may check for known values written to the authorization file during install time to verify that the file being analyzed is the authorization file.
  • the processor may check the authorization file for the presence or absence of information that indicates whether the authorization key has been created. For example, the processor may check to see if the authorization file includes a date that the authorization key was created.
  • the processor checks to see if the authorization key exists. If the authorization key exists, it may indicate that the authorization file was recreated, such as by deleting it and reinstalling the software without deleting the authorization key. The process may continue to 618 to prevent use of the software product if the authorization key exists.
  • an authorization key is created if determined that it did not already exist.
  • a first start date of the software product may be determined by retrieving the current date or time from the system clock or from an internet clock. The start date may be written to the authorization file and the auihonzaiion key. The start date may be written io both the authorization items so that the start date may be compared later to detect if either authorization item was deleted or altered.
  • an expiration date of the software product trial is calculated based on a time period from the start date, such as thirty days from the start date. If the expiration date was determined based on the install date of the software product, the processor may determine whether the current date is beyond the expiration date. For example, referring to 620, the processor may allow use of the software product if the expiration has not passed and may prevent use of the software product if the current date is after the expiration date.
  • the processor may evaluate the authorization file and determine that the authorization key had been created. Moving to 616, the processor may determine whether the start date and expiration date are the same in the authorization file and the authorization key. If when attempting to evaluate the authorization key it is determined that it does not exist, the processor may prevent use of the software product. If the authorization key does exist but the start date and expiration date are inconsistent between the authorization file and the authorization file, the processor may prevent use of the software product.
  • the processor may determine whether the current date is after the expiration date. If so, moving to 620, use of the software product is prevented. If not, moving to 622, use of the software product is allowed. Each time that the software product is executed, the process continues starting at 606.
  • FIG. 7 is a block diagram illustrating one example 700 of determining that use of a software product is authorized.
  • Example 700 shows the storage 218 with an authorization file 702 as one authorization item and the registry 220 with an authorization key 704 as another authorization item.
  • Both the authorization file 702 and the authorization key 704 include the same start date and the same expiration date.
  • the expiration date shown in both the authorization file 702 and the authorization key 704 is 07/01/2012.
  • the current date when the software product is being run is 06/15/2012, which is prior to the expiration date 07/01/2012.
  • use of the software product is allowed.
  • FIG. 8 is a block diagram illustrating one example 800 of determining that use of a software product is unauthorized.
  • Example 800 includes an authorization file 802 in the storage 218 as one authorization item and an authorization key 804 in the registry 220 as another authorization item.
  • the authorization file 802 and the authorization key 804 include different start dates and the same expiration date.
  • the expiration date 07/01/2012 shown in the authorization file 802 and the authorization key 804 is prior to the current date 06/15/2012 when the software is being run shown at 808.
  • 808 shows that the use of the software product is unauthorized.
  • an initial trial period may be set with an expiration date, but it may be desirable to extend the trial period.
  • a software vendor may receive a phone call from a client requesting that a trial period be extended.
  • An extension key may be provided that extends the trial period, such as, for a number of days or until a particular date. The extension key may be evaluated and the expiration date in the first authorization item and the second authorization item may be updated based on the extension key.
  • Figure 9 is a flow chart illustrating one example of a method 900 to extend the authorization period of the software product 1 12.
  • the processor 104 may receive an extension key.
  • the extension key may be any suitable extension key, such as an extension key extending the date for a particular number of days or until a particular date.
  • a separate processor creates the extension key.
  • the extension key may be created and sent to a user or the processor 104 via a network.
  • the extension key is a 20 digit key.
  • the extension key may be a key with digits sfee-eeee-eeod-dddd-dddc where s is a digit adjusted so that the key satisfies a check, such as a modulus 1 1 check, f is a digit set to 0 or 1 to indicate whether the trial should be reset, and c is a checksum value.
  • the e digits may represent an expiration date for applying the key.
  • the o digit indicates a number of weeks to extend the trial period, if o is set to 0, it may indicate that the trial period should be extended until the date represented by the d digits.
  • the processor 104 receives an extension key indicating a time period to extend the time period of authorized use of the software product 1 12.
  • the processor 104 may receive the extension key in any suitable manner, such as from user input to an input device communicating with the processor 104 or via a network.
  • the extension key may update a trial period in any suitable manner.
  • the extension key may provide a specific date for the trial to end, indicate that the trial should be extended for a particular number of days, or restart the trial period.
  • the key may extend the trial period by any suitable increment, such as by days, hours, or minutes.
  • the processor 104 may enforce rules related to the key. For example, the processor 104 may ensure that the original trial period is not extended to more than a year by adjusting the extension time downward if the extension time would otherwise extend the original trial period beyond a year.
  • the processor 104 adjusts the first authorization item and the second authorization item based on the extension key to extend the period of authorized use by the indicated time period. For example, an expiration date written to the first authorization item and the second authorization item may be updated in both the first authorization item and the second authorization item.
  • the method 900 continues to 908 and ends.
  • Figure 10 is a flow chart illustrating one example of a method 1000 to extend the authorization period of a software product.
  • the processor 104 may store the extension key or a portion of the extension key in both the first authorization item and the second authorization item.
  • the extension keys stored in the first authorization item and the second authorization item may be compared to determine whether the list of extension keys is the same. This may be done, for example, to prevent a user from reusing an extension key.
  • a user may receive an extension key to extend the current trial period by thirty days, and it may be desirable to prevent the user from repeatedly using the key to keep extending the trial period by thirty days.
  • the processor 104 may check the extension keys at any suitable time, such as each time the software product 1 12 is executed.
  • the processor 104 stores the extension key in the first authorization item.
  • the processor 104 may store additional information, such as the date the extension key was used.
  • the processor 104 may store a portion of the extension key or the entire extension key.
  • the processor 104 stores the extension key in the second authorization item. Additional information related to the extension key may be stored in the second authorization item, and a portion of the key or the entire key may be stored.
  • the processor 104 determines whether the extension key in the file correlates to the extension key in the registry key. For example, the processor 104 may determine if any extension keys found in the first authorization item are also in the second authorization time and vice versa. In some cases, the processor 104 may check whether the order of extension keys is the same in the first authorization item as in the second authorization item. [0063] In one embodiment, the extension key includes information indicating that the first authorization item and the second authorization item should be reset. For example, even ii the two authorization items are inconsistent due to tampering, it may be desirable to fix the inconsistencies, such as for a valuable customer, so that the software product may be used. The processor 104 may, for example, update both a start date and an end date in both authorization items so that they are consistent. In some cases, the processor 104 may adjust or delete information about previous extension keys so that the information is consistent between the first authorization item and the second authorization item.
  • the processor 104 prevents use of the software product 1 12 if determined that the extension keys do not correlate. This may be done, for example, because the trial period had been invalidly extended. If the extension keys do correlate, the processor 104 may determine whether use of the software product 1 12 is authorized based on the extended expiration date. The method 1000 continues to 1012 to end.
  • Tigure 1 1 is a block diagram illustrating one example of a computing system 1 100.
  • the computing system 1 100 includes the processor 104, the storage 218, and the registry 220.
  • the storage 218 includes an authorization file 1 104 as a one authorization item
  • the registry 220 includes an authorization key 1 1 10 as another authorization item.
  • the processor 104 may encrypt the authorization file 1 104 using an encryption key 1 106 and may encrypt the authorization key 1 1 10 using an encryption key 1 1 12.
  • Using two separate encryption keys may make the system more secure because being able to decrypt one of the authorization file 1 104 and the authorization key 11 10 would not allow a user to decrypt the other. Because the two authorization items are analyzed to determine whether they match, updating one of the two authorization files would not allow a user to extend the use of the software product 1 12.
  • Determining whether use of a software product is authorized by comparing two authorization items created at separate times may make it more difficult for a user to detect where information about the authorization period is stored. As a result, a trial period for a software product may be more difficult to circumvent. A trial period may provide a valuable sales tool for a vendor to introduce a product to a potential customer for evaluation.

Abstract

Embodiments disclosed herein relate to determining authorization of a software product based on a first authorization item and a second authorization item. Each authorization item may be a file or a registry key. A processor (104) may determine whether use of the software product is authorized at a particular time period by comparing a first authorization item and a second authorization item.

Description

DETERMINE AUTHORIZATION OF A SOFTWARE PRODUCT BASED
ON A FIRST AND SECOND AUTHORIZATION ITEM
BACKGROUND
[0001 ] A software product may be authorized for a particular time period. For example, a user may be granted use of a software product for a trial period, such as for thirty days. The trial period may be provided free or at a lower cost than full use of the software product to familiarize a user with the software product. The introductory trial period may then encourage the user to pay for continued use of the software product at the end of the trial period.
BRIEF DESCRIPTION OF THE DRAWINGS
[0002] In the accompanying drawings, like numerals refer to like components or blocks. The drawings show example implementations. Some of the drawings describe method steps occurring in an example order, but the method steps may be performed in any order. The following detailed description references the drawings, wherein:
[0003] Figure 1 is a block diagram illustrating one example of a computing system.
[0004] Figure 2A is a block diagram illustrating one example of a computing system.
[0005] Figure 2B is a block diagram illustrating one example of a computing system.
[0008] Figure 2C is a block diagram illustrating one example of a computing system.
[0007] Figure 3 is a flow chart illustrating one example of a method to determine authorization of a software product based on a first and second authorization item.
[0008] Figure 4 is a flow chart illustrating one example of a method to create a second authorization item.
[0009] Figure 5 is a flow chart illustrating one example of a method to compare a first authorization item and a second authorization item.
[0010] Figure 8 is a flow chart illustrating one example of determining whether use of a software product is authorized.
[001 1 ] Figure 7 is a block diagram illustrating one example of determining that use of a software product is authorized. [0012] Figure 8 is a block diagram illustrating one example of determining that use of a software product is unauthorized.
[0013] Figure 9 is a flow chart illustrating one example of a method for extending the authorization period of a software product.
[0014] Figure 10 is a flow chart illustrating one example of a method to extend the authorization period of a software product.
[0015] Figure 1 1 is a block diagram illustrating one example of a computing system.
DETAILED DESCRIPTION
[0018] A software product may be authorized for a particular period of time. For example, a software vendor may provide a user authorization to use a software product on a trial basis, such as for thirty days or until a particular day. The trial may be limited in time, such as because it is free or cheaper than the regular price of the software product.
[0017] Limiting the use of a software product to a particular time period may involve having a user enter an authorization code. However, in some cases a user may share the authorization code or may change the authorization code to extend the amount of authorized use. In some cases, authorization information related to a trial period may be retrieved from a remote device. For example, a software product may include instructions to check a remote database via a network to check whether use of the software product is authorized. However, in some cases it may be desirable for the authorization information to be stored locally on the electronic device executing the software product. A software product may create an authorization file stored locally on the electronic device, such as when the software product is installed. A user may discover the file and attempt to extend a period of authorized use of a software product, such as by deleting or altering the rile.
[0018] In one embodiment, authorization of a software product is enforced by creating two authorization items stored on the electronic device running the software product where each authorization item is created at a different time. For example, one authorization item may be created when the software product is installed and another authorization item may be created when the software product is executed for the first time. The authorization items may be separate items. For example, one authorization item may be a file and the other may be a registry key, or the authorization items may be separate files or registry keys. The two authorization items may be coordinated such that an inconsistency between them may indicate that use of the software product is unauthorized.
[0019] Using two authorization items created at different times may make it more difficult for a user to discover the two authorization items. If a user discovers one of the authorization items and alters or deletes it, the tampering may be evident because of a resulting inconsistency between the two authorization items. As a result, it may be more difficult for a user to extend an authorization period for a software product.
[0020] Figure 1 is a block diagram illustrating one example of a computing system 100. The computing system 100 may include an electronic device 1 10. The electronic device 1 10 may be any suitable electronic device, such as a personal computer or mobile phone. The electronic device 1 10 may include, for example, a processor 104, a machine-readable storage medium 102, a first authorization item 106, and a second authorization item 108.
[0021 ] The processor 104 may be any suitable processor, such as a central processing unit (CPU), a semiconductor-based microprocessor, or any other device suitable for retrieval and execution of instructions, in one embodiment, the computing system 100 includes logic instead of or in addition to the processor 104. As an alternative or in addition to fetching, decoding, and executing instructions, the processor 104 may include one or more integrated circuits (ICs) or other electronic circuits that comprise a plurality of electronic components for performing the functionality described below. In one implementation, the computing system 100 includes multiple processors. For example, one processor may perform some functionality and another processor may perform other functionality.
[0022] In one implementation, the processor 104 executes instructions stored in a machine-readable storage medium 102. The machine-readable storage medium 102 may be any suitable machine readable medium, such as an electronic, magnetic, optical, or other physical storage device that stores executable instructions or other data (e.g., a hard disk drive, random access memory, flash memory, etc.). The machine-readable storage medium 102 may be, for example, a computer readable non-transitory medium. The machine-readable storage 102 medium may include instructions executable by the processor 104.
[0023] The machine-readable storage medium 102 may include instructions associated with a software product 1 12. The software product 1 12 may be any suitable software product. The software product 1 12 may be authorized to execute on the processor 104 during a particular time period, such as a sixty day trial period. [0024] The first authorization item 106 and the second authorization item 108 may be any suitable items for indicating whether use of the software product 1 12 is authorized. For example, the first authorization item 106 and the second authorization item 108 may be a file or a registry key. The first authorization item 106 and the second authorization item 108 may include information indicating a time period of authorized use of the software product. The first authorization item 106 and the second authorization item 108 may include information indicating properties of the other authorization item. For example, the first authorization item 106 may include information indicating whether the second authorization item 108 had been created.
[0025] The software product 1 12 may include instructions related to controlling whether the software product 1 12 may be executed on the processor 104 at a particular time. For example, the software product 1 12 may include instructions to generate a first authorization token, such as the first authorization item 106, when the software product 1 12 is installed and instructions generate a second authorization token, such as the second authorization item 108, when the software product 1 12 is run for the first time, where each authorization item is a file stored in a storage or a registry key stored in a registry. The software product 1 12 may include instructions to determine whether use of the software product 1 12 is authorized at a particular time based on a comparison of the first authorization item 106 and the second authorization item 108 and to prohibit use of the software product 1 12 if determined that use of the software product 1 12 is not authorized.
[0028] Figures 2A, 2B, and 2C show example combinations of a first authorization item and a second authorization item where each of the two authorization items may be either a registry key or a file. Figure 2A is a block diagram illustrating one example of a computing system 200. The computing system 200 shows a first authorization item as an authorization file 202 stored in a storage 218 and a second authorization item as an authorization key 204 stored in a registry 220. The storage 218 may be any suitable storage, such as a hard disk drive or a flash drive. The storage 218 may store a file for storing information related to authorizing a software product. The registry 220 may be any suitable registry, such as a database storing settings related to an operating system. The registry 220 may include a registry key with properties related to authorizing a software product. The processor 104 may create one of the authorization items when the software product 1 12 is installed and the other authorization item during the first execution of the software product 1 12. Figure 2B is a block diagram illustrating one example of a computing system 206. The computing system 206 includes a first authorization file 208 and a second authorization file 210. Figure 2C is a block diagram illustrating one example of a computing system 212. The computing system 212 includes a first authorization key 214 and a second authorization key 216.
[0027] Figure 3 is a flow chart illustrating one example of a method 300 to determine authorization of the software 1 12 product based on a first and second authorization item, such as the first authorization item 106 and the second authorization item 108. For example, a first authorization item may be created when the software product 1 12 is installed, and a second authorization item may be created when the software product 1 12 is executed for the first time. Information may be stored in the first authorization item and the second authorization item related to the time period of authorized use of the software product 1 12. The information in the first authorization item and the second authorization item may be compared to a current date or date and time to determine whether the authorization period has expired. In some cases, the information in the first authorization item and the second authorization may be compared to one another to determine if either authorization item has been tampered with.
[0028] Beginning at 302 and moving to 304, the processor 104, such as by executing instructions stored in the machine-readable storage medium 102, creates a first authorization item when the software product 1 12 is installed. For example, the software product 1 12 may include instructions for installation that include instructions to generate an authorization token. The first authorization item may be, for example, an authorization file or an authorization key.
[0029] The authorization item may be created in any suitable manner. The processor 104 may write information to the authorization item when it is created, such as by updating an authorization key property or storing information in an authorization file. For example, the processor 104 may include information about the install date or install time, such as by receiving or retrieving information about the current date from a system or internet clock when the installation occurs. The information may include an expiration date calculated based on the installation date, such as an expiration date ninety days from the installation. The information may include identifying information that may be used to detect tampering with the authorization item. For example, if a user creates a new authorization item without the identifying information, the processor 104 may recognize that the authorization item was created by a user and not during the installation of the software product 1 12. The processor 104 may store the authorization item. The authorization item may be stored in a particular location or with a particular name. For example, the software product 1 12 may include instructions for where to store the authorization item, such as a rile path or a registry key name.
[0030] Continuing to 306, the processor 104, such as by executing instructions stored in the machine-readable storage medium 102, creates a second authorization item when the software product 1 12 is executed for the first time. The second authorization item may be, for example, an authorization file or an authorization key. The second authorization item may be the same type or a different type of item than the first authorization item. For example, both the first authorization item and the second authorization item may be a file or a registry key, or one of the first authorization item and the second authorization item may be a file and the other may be a registry key.
[0031 ] The second authorization item may be created in any suitable manner. The second authorization item may be stored in any suitable location. In one embodiment, information is included in the second authorization item, such as the date or time that the software product 1 12 was executed for the first time. The second authorization item may include an expiration date calculated based on the first execution, such as an expiration date thirty days from the first execution, in one embodiment, the processor 104 determines whether to create the second authorization item. For example, the processor 104 may analyze the first authorization item to determine whether the current execution of the software product 1 12 is the first execution of the software product 1 12.
[0032] In one implementation, information about the second authorization item is stored in the first authorization item. For example, information about the date of the first execution of the software may be stored in both the first and second authorization item. The processor 104 may retrieve information from the first authorization item to write to the second authorization item. For example, the install date or an expiration date related to the install date may be read from the first authorization item and stored in the second authorization item.
[0033] Moving to 308, the processor 104, such as by executing instructions stored in the machine-readable storage medium 102, determines whether use of the software product 1 12 is authorized at a particular time, such as at a particular date or date and time, based on a comparison of the first authorization item and the second authorization item. For example, a user may attempt to execute the software product 1 12, and the processor 104 may determine whether use of the software product 1 12 is authorized at that time. The processor 104 may compare the first authorization item and the second authorization item in any suitable manner. For example, the processor 104 may compare a current date to an expiration date, such as an expiration date in the first authorization item and the second authorization item or an expiration date calculated by adding a time period to an installation date or first execution date in the first authorization item and the second authorization item. The expiration date may be compared to a current date retrieved from an Internet clock to prevent a user from extending the authorization period by changing the system dock on the electronic device 1 10. In one implementation, the processor compares a number of times that the software product 1 12 has executed. For example, each of the authorization items may include a number indicating the number of times the software product 1 12 has executed. The number may be compared to a maximum number of allowed times.
[0034] In one embodiment, the processor 104 compares the information in the first authorization item and the second authorization item to confirm that the information in the authorization items is consistent. For example, if the authorization items include different first execution dates, installation dates, or expiration dates, it may indicate that a user tampered with one of the authorization items by changing one of the authorization items or by deleting and recreating one of the authorization items.
[0035] Proceeding to 310, the processor 104, such as by executing instructions stored in the machine-readable storage medium 102, prevents use of the software product 1 12 if determined that use of the software product 1 12 is not authorized. The processor 104 may prohibit use of the software product 1 12 in any suitable manner. For example, the processor 104 may stop executing instructions related to the software product 112. If determined that use of the software product 1 12 is authorized, the processor 104 may continue to execute instructions associated with the software product 1 12 to allow the user to use the software product 1 12. The method 300 proceeds to 312 and ends.
[0038] Figure 4 is a flow chart illustrating one example of a method corresponding to 306 of Figure 3 to create the second authorization item. For example, the processor 104 may determine whether the second authorization item should be created based on information in the first authorization item. The processor 104 may determine if a user has tampered with the authorization items. For example, if the second item exists and the first authorization item indicates that the second item should not exist, the use of the software product 1 12 may be prevented. The user may incorrectly believe that one authorization item controls the authorization of the software product 1 12. Checking to determine whether the second authorization item should be created may prevent a user from being able to circumvent the system by deleting the second authorization item.
[0037] Beginning at 402 and moving to 404, the processor 104 determines whether the first authorization item indicates that the second authorization item should exist. The processor 104 may retrieve the first authorization item. For example, the processor 104 may retrieve the first authorization item from the storage 218 or from the registry 220. The processor 104 may retrieve the first authorization item by using the file path or the registry key name. This may be done, for example, in response to executing the software product 1 12.
[0038] The first authorization item may include any suitable indication as to whether the second authorization item has been created. For example, the first authorization item may be created at instali time without additional information that may be added when the second authorization item is created, or information from the first authorization item may be removed when the second authorization item is created. The processor 104 may check the first authorization item to see if it contains information or an absence of information that indicates that the second authorization item had been previously created. In one embodiment, the processor writes known values to the first authorization item when it is created, and the processor checks for these known values to verify that the file or registry key being analyzed is the first authorization item. A first execution date indicating when the second authorization item is created may be stored in the first authorization item. If a first execution date is not included in the first authorization item, the processor 104 may determine that the second authorization item had not been created.
[0039] in some cases, the processor 104 may leave the first authorization item and the second authorization item without deleting them when the software product 1 12 is uninstalled. This may prevent a user from circumventing the trial period by uninstal!ing and reinstalling the software product 1 12. For example, if the software is reinstalled, the first authorization item may still be available and indicating that the second authorization item was already created.
[0040] Continuing to 406, the processor 104 determines whether the second authorization item exists. For example, the processor 104 may check the storage 218 or the registry 220 to determine if the second authorization item exists. The processor 104 may know to check a particular location, such as a particular file path or registry key name. The steps of the method 400 may be performed in any order. For example, in some cases, the processor 104 may check whether the second authorization item exists prior to analyzing the first authorization item to determine whether the second authorization item should exist.
[0041 ] Proceeding to 408, if determined that the second authorization item should not exist and determined that the second authorization item exists, the processor 104 prevents use of the software product 1 12, For example, if the first authorization item indicates that the second authorization has not been created, but the second authorization item exists, it may indicate that a user altered or deleted the first authorization item without deleting the second authorization item. Use of the software product 1 12 may be prevented in any suitable manner.
[0042] If the first authorization item indicates that the second authorization item has not been created and the second authorization item does not exist, the processor 104 may create the second authorization item. For example, it may be the first time that the software product 1 12 is executed. The method 400 proceeds to 410 to end.
[0043] Figure 5 is a flow chart illustrating one example of a method corresponding to 308 of Figure 3 to compare a first authorization item and a second authorization item. When comparing the first authorization and the second authorization item to determine whether to allow use of the software product 1 12, the processor 104 may determine that the second authorization item does not exist even though the first authorization item indicates that the second authorization item has been created. If the second authorization item does not exist when it was previously created, the processor 104 may prevent use of the software product 1 12. The second authorization item may no longer exist, for example, because a user deleted it, such as in an attempt to extend the trial period. A comparison to determine whether the second authorization item exists where the first authorization item indicates that the second authorization item has been created may be done at any point. For example, the comparison may be done at the time when the processor 104 is determining whether the second authorization item should be created.
[0044] Beginning at 502 and moving to 504, the processor 104 determines whether the second authorization item exists. For example the processor 104 may attempt to access the second authorization item at a particular file path or registry keyname to determine if the second authorization item exists.
[0045] Proceeding to 506, if determined that the second authorization item should exist and determined that the second authorization item does not exist, the processor 104 prevents use of the software product 1 12. If the second authorization item was created and now no longer exists, it may indicate that the second authorization item was deleted. The processor 104 may not recreate the second authorization item because creating it a subsequent time may allow a user to extend the authorization period. If determined that the second authorization item should exist and does exist, the processor 104 may compare the first authorization item and the second authorization item to determine whether use of the software product 1 12 should be allowed or prevented. The method 500 continues to 508 to end.
[0048] Figure 6 is a flow chart illustrating one example 600 of determining whether use of a software product is authorized. Beginning at 602, a software product is installed on an electronic device. The installation process may include, for example, storing instructions related to the software product in a machine-readable storage medium on the electronic device. Moving to 604, a first authorization item, such as an authorization file, may be created and stored during the installation process. In some cases, an expiration date may be inserted in the authorization file. For example, the trial period may be a particular number of days after installation of the software product, and the expiration date may be calculated by determining the current date, such as by using a system clock or internet dock, and adding the number of trial period days to it.
[0047] Continuing to 606, a user executes the software product to use it. Proceeding to 608, a processor determines whether the authorization file, the first authorization item, indicates that a second authorization item, such as an authorization registry key, should be created. The processor may check for known values written to the authorization file during install time to verify that the file being analyzed is the authorization file. The processor may check the authorization file for the presence or absence of information that indicates whether the authorization key has been created. For example, the processor may check to see if the authorization file includes a date that the authorization key was created.
[0048] Moving to 610, if determined that the authorization file indicates that the authorization key has not been created, the processor checks to see if the authorization key exists. If the authorization key exists, it may indicate that the authorization file was recreated, such as by deleting it and reinstalling the software without deleting the authorization key. The process may continue to 618 to prevent use of the software product if the authorization key exists.
[0049] Proceeding to 612, an authorization key is created if determined that it did not already exist. Continuing to 614, a first start date of the software product may be determined by retrieving the current date or time from the system clock or from an internet clock. The start date may be written to the authorization file and the auihonzaiion key. The start date may be written io both the authorization items so that the start date may be compared later to detect if either authorization item was deleted or altered. In one embodiment, an expiration date of the software product trial is calculated based on a time period from the start date, such as thirty days from the start date. If the expiration date was determined based on the install date of the software product, the processor may determine whether the current date is beyond the expiration date. For example, referring to 620, the processor may allow use of the software product if the expiration has not passed and may prevent use of the software product if the current date is after the expiration date.
[0050] Referring back to 608, the processor may evaluate the authorization file and determine that the authorization key had been created. Moving to 616, the processor may determine whether the start date and expiration date are the same in the authorization file and the authorization key. If when attempting to evaluate the authorization key it is determined that it does not exist, the processor may prevent use of the software product. If the authorization key does exist but the start date and expiration date are inconsistent between the authorization file and the authorization file, the processor may prevent use of the software product.
[0051 ] Proceeding to 620, the processor may determine whether the current date is after the expiration date. If so, moving to 620, use of the software product is prevented. If not, moving to 622, use of the software product is allowed. Each time that the software product is executed, the process continues starting at 606.
[0052] Figure 7 is a block diagram illustrating one example 700 of determining that use of a software product is authorized. Example 700 shows the storage 218 with an authorization file 702 as one authorization item and the registry 220 with an authorization key 704 as another authorization item. Both the authorization file 702 and the authorization key 704 include the same start date and the same expiration date. The expiration date shown in both the authorization file 702 and the authorization key 704 is 07/01/2012. As shown at 706, the current date when the software product is being run is 06/15/2012, which is prior to the expiration date 07/01/2012. As shown at 708, use of the software product is allowed.
[0053] Figure 8 is a block diagram illustrating one example 800 of determining that use of a software product is unauthorized. Example 800 includes an authorization file 802 in the storage 218 as one authorization item and an authorization key 804 in the registry 220 as another authorization item. The authorization file 802 and the authorization key 804 include different start dates and the same expiration date. The expiration date 07/01/2012 shown in the authorization file 802 and the authorization key 804 is prior to the current date 06/15/2012 when the software is being run shown at 808. However, because of the inconsistency between the start dates in the authorization file 802 and the authorization key 804, 808 shows that the use of the software product is unauthorized.
[0054] in some cases, an initial trial period may be set with an expiration date, but it may be desirable to extend the trial period. For example, a software vendor may receive a phone call from a client requesting that a trial period be extended. An extension key may be provided that extends the trial period, such as, for a number of days or until a particular date. The extension key may be evaluated and the expiration date in the first authorization item and the second authorization item may be updated based on the extension key.
[0055] Figure 9 is a flow chart illustrating one example of a method 900 to extend the authorization period of the software product 1 12. The processor 104 may receive an extension key. The extension key may be any suitable extension key, such as an extension key extending the date for a particular number of days or until a particular date. In one embodiment, a separate processor creates the extension key. For example, the extension key may be created and sent to a user or the processor 104 via a network.
[0056] In one embodiment, the extension key is a 20 digit key. For example, the extension key may be a key with digits sfee-eeee-eeod-dddd-dddc where s is a digit adjusted so that the key satisfies a check, such as a modulus 1 1 check, f is a digit set to 0 or 1 to indicate whether the trial should be reset, and c is a checksum value. The e digits may represent an expiration date for applying the key. The o digit indicates a number of weeks to extend the trial period, if o is set to 0, it may indicate that the trial period should be extended until the date represented by the d digits.
[0057] Beginning at 902 and moving to 904, the processor 104 receives an extension key indicating a time period to extend the time period of authorized use of the software product 1 12. The processor 104 may receive the extension key in any suitable manner, such as from user input to an input device communicating with the processor 104 or via a network. The extension key may update a trial period in any suitable manner. For example, the extension key may provide a specific date for the trial to end, indicate that the trial should be extended for a particular number of days, or restart the trial period. The key may extend the trial period by any suitable increment, such as by days, hours, or minutes. In some cases, the processor 104 may enforce rules related to the key. For example, the processor 104 may ensure that the original trial period is not extended to more than a year by adjusting the extension time downward if the extension time would otherwise extend the original trial period beyond a year.
[0058] Moving to 906, the processor 104 adjusts the first authorization item and the second authorization item based on the extension key to extend the period of authorized use by the indicated time period. For example, an expiration date written to the first authorization item and the second authorization item may be updated in both the first authorization item and the second authorization item. The method 900 continues to 908 and ends.
[0059] Figure 10 is a flow chart illustrating one example of a method 1000 to extend the authorization period of a software product. For example, the processor 104 may store the extension key or a portion of the extension key in both the first authorization item and the second authorization item. The extension keys stored in the first authorization item and the second authorization item may be compared to determine whether the list of extension keys is the same. This may be done, for example, to prevent a user from reusing an extension key. A user may receive an extension key to extend the current trial period by thirty days, and it may be desirable to prevent the user from repeatedly using the key to keep extending the trial period by thirty days. The processor 104 may check the extension keys at any suitable time, such as each time the software product 1 12 is executed.
[0060] Beginning at 1002 and moving to 1004, the processor 104 stores the extension key in the first authorization item. The processor 104 may store additional information, such as the date the extension key was used. The processor 104 may store a portion of the extension key or the entire extension key.
[0061 ] Moving to 1006, the processor 104 stores the extension key in the second authorization item. Additional information related to the extension key may be stored in the second authorization item, and a portion of the key or the entire key may be stored.
[0062] Continuing to 1008, the processor 104 determines whether the extension key in the file correlates to the extension key in the registry key. For example, the processor 104 may determine if any extension keys found in the first authorization item are also in the second authorization time and vice versa. In some cases, the processor 104 may check whether the order of extension keys is the same in the first authorization item as in the second authorization item. [0063] In one embodiment, the extension key includes information indicating that the first authorization item and the second authorization item should be reset. For example, even ii the two authorization items are inconsistent due to tampering, it may be desirable to fix the inconsistencies, such as for a valuable customer, so that the software product may be used. The processor 104 may, for example, update both a start date and an end date in both authorization items so that they are consistent. In some cases, the processor 104 may adjust or delete information about previous extension keys so that the information is consistent between the first authorization item and the second authorization item.
[0064] Proceeding to 1010, the processor 104 prevents use of the software product 1 12 if determined that the extension keys do not correlate. This may be done, for example, because the trial period had been invalidly extended. If the extension keys do correlate, the processor 104 may determine whether use of the software product 1 12 is authorized based on the extended expiration date. The method 1000 continues to 1012 to end.
[0065] Tigure 1 1 is a block diagram illustrating one example of a computing system 1 100. The computing system 1 100 includes the processor 104, the storage 218, and the registry 220. The storage 218 includes an authorization file 1 104 as a one authorization item, and the registry 220 includes an authorization key 1 1 10 as another authorization item. The processor 104 may encrypt the authorization file 1 104 using an encryption key 1 106 and may encrypt the authorization key 1 1 10 using an encryption key 1 1 12. Using two separate encryption keys may make the system more secure because being able to decrypt one of the authorization file 1 104 and the authorization key 11 10 would not allow a user to decrypt the other. Because the two authorization items are analyzed to determine whether they match, updating one of the two authorization files would not allow a user to extend the use of the software product 1 12.
[0066] Determining whether use of a software product is authorized by comparing two authorization items created at separate times may make it more difficult for a user to detect where information about the authorization period is stored. As a result, a trial period for a software product may be more difficult to circumvent. A trial period may provide a valuable sales tool for a vendor to introduce a product to a potential customer for evaluation.

Claims

Claims 1 . A computing system to determine authorization of a software product based on a first and second authorization item, comprising:
an electronic device comprising:
a processor 104 to:
create a first authorization item when a software product is installed;
create a second authorization item when the software product is executed for the first time,
wherein each authorization item comprises a rile stored in a storage 106 or a registry key stored in a registry 108;
determine whether use of the software product is authorized at a particular time based on a comparison of the first authorization item and the second authorization item; and
prevent use of the software product if determined that use of the software product is not authorized.
2. The computing system of Claim 1 , wherein creating the second authorization item comprises:
determining whether the first authorization item indicates that the second authorization item should exist;
determining whether the second authorization item exists;
if determined that the second authorization item should not exist and determined that the second authorization item exists, preventing use of the software product; and if determined that the second authorization item should not exist and determined that the second authorization item does not exist, create the second authorization item.
3. The computing system of Claim 1 , wherein comparing the first authorization item and the second authorization item comprises:
determining whether the second authorization item exists; and
if determined that the second authorization item does not exist, preventing use of the software product.
4. The computing system of Claim 1 , wherein the processor further:
receives an extension key indicating a time period to extend a time period of authorized use of the software product; and
adjusts the first authorization item and the second authorization item based on the extension key to extend the time period of authorized use by the indicated time period.
5. The computing system of Claim 1 , wherein the processor further:
encrypts the first authorization item with a first encryption key; and
encrypts the second authorization item with a second encryption key,
6, A method to determine authorization of a software product based on a first and second authorization item, comprising:
creating, by a processor, a first authorization item when a software product is installed;
creating, by the processor, a second authorization item when the software product is executed for the first time,
wherein each authorization item comprises a file or a registry key;
determining, by the processor, whether use of the software product is authorized at a particular time based on a comparison of the first authorization item and the second authorization item; and
preventing, by the processor, use of the software product if determined that use of the software product is not authorized.
7. The method of Claim 6, further comprising:
determining, by the processor, whether the first authorization item indicates that the second authorization item should exist;
determining, by the processor, whether the second authorization item exists; if determined that the second authorization item should not exist and determined that the second authorization item exists, preventing, by the processor, use of the software product; and
if determined that the second authorization item should exist and determined that the second authorization item does not exist, preventing, by the processor, use of the software product.
8. The method of Claim 6, further comprising:
receiving, by the processor, an extension key indicating a time period to extend a time period of authorized use of the software product; and
adjusting, by the processor, the first authorization item and the second authorization item based on the extension key to extend the time period of authorized use by the indicated time period.
9. The method of Claim 8, further comprising:
storing, by the processor, the extension key in the first authorization item;
storing, by the processor, the extension key in the second authorization item; determining, by the processor, whether the extension key in the first authorization item correlates to the extension key in the second authorization item; and
preventing, by the processor, use of the software product if determined that the extension keys do not correlate.
10. The method of Claim 6, further comprising:
encrypting, by the processor, the first authorization item with a first encryption key; and
encrypting, by the processor, the second authorization item with a second encryption key.
1 1 . A machine-readable storage medium encoded with instructions executable by a processor to determine authorization of a software product based on a first and second authorization item, comprising instructions to:
generate a first authorization token when a software product is installed;
generate a second authorization token when the software product is run for the first time,
wherein each authorization token comprises a file or a registry key;
determine whether use of the software product is authorized at a particular time based on a comparison of the first authorization token and the second authorization token; and
prohibit use of the software product if determined that use of the software product is not authorized.
12. The machine-readable storage medium of Claim 1 1 , further comprising instructions to:
determine whether the first authorization token indicates that the second authorization token should exist;
determine whether the second authorization token exists;
if determined that the second authorization token should not exist and determined that the second authorization token exists, prohibit use of the software product; and if determined that the second authorization token should exist and determined that the second authorization token does not exist, prohibit use of the software product.
13. The machine-readable storage medium of Claim 1 1 , further comprising instructions to:
receive an extension key indicating a time period to extend a time period of authorized use of the software product; and
update the first authorization token and the second authorization token based on the extension key to extend the time period of authorized use by the indicated time period.
14. The machine-readable storage medium of Claim 1 1 , further comprising instructions to:
store the extension key in the first authorization token;
store the extension key in the second authorization token;
determine whether the extension key stored in the first authorization token correlates with the extension key stored in the second authorization token; and
prohibit use of the software product if determined that the extension keys do not correlate.
15. The machine-readable storage medium of Claim 1 1 , further comprising instructions to:
encrypt the first authorization token with a first encryption key; and
encrypt the second authorization token with a second encryption key.
PCT/US2010/056445 2010-11-12 2010-11-12 Determine authorization of a software product based on a first and second authorization item WO2012064331A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
PCT/US2010/056445 WO2012064331A1 (en) 2010-11-12 2010-11-12 Determine authorization of a software product based on a first and second authorization item
US13/824,517 US9684781B2 (en) 2010-11-12 2010-11-12 Determine authorization of a software product based on a first and second authorization item
CN201080070102.0A CN103189876B (en) 2010-11-12 2010-11-12 The mandate of software product is determined based on the first and second grant item
EP10859444.1A EP2638502A4 (en) 2010-11-12 2010-11-12 Determine authorization of a software product based on a first and second authorization item

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2010/056445 WO2012064331A1 (en) 2010-11-12 2010-11-12 Determine authorization of a software product based on a first and second authorization item

Publications (1)

Publication Number Publication Date
WO2012064331A1 true WO2012064331A1 (en) 2012-05-18

Family

ID=46051222

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2010/056445 WO2012064331A1 (en) 2010-11-12 2010-11-12 Determine authorization of a software product based on a first and second authorization item

Country Status (4)

Country Link
US (1) US9684781B2 (en)
EP (1) EP2638502A4 (en)
CN (1) CN103189876B (en)
WO (1) WO2012064331A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9210155B2 (en) * 2013-03-08 2015-12-08 Stocktree Inc. System and method of extending a host website
JP6904721B2 (en) * 2017-02-14 2021-07-21 キヤノン株式会社 Information processing equipment, information processing methods, and programs
CN108259170A (en) * 2018-01-10 2018-07-06 广州江南科友科技股份有限公司 A kind of method of remote online licencing key machine instruction
CN110990863B (en) * 2019-11-27 2021-10-08 山东新潮信息技术有限公司 Method for realizing file access control through timestamp and encryption algorithm
CN111488593A (en) * 2019-11-28 2020-08-04 杭州海康威视系统技术有限公司 Service authorization method, device, electronic equipment and storage medium
CN114626067A (en) * 2021-06-25 2022-06-14 江苏航天龙梦信息技术有限公司 Temporary firmware control method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6243692B1 (en) * 1998-05-22 2001-06-05 Preview Software Secure electronic software packaging using setup-external unlocking module
US20030110375A1 (en) * 1998-06-04 2003-06-12 Z4 Technologies, Inc. Method for monitoring software using encryption including digital signatures/certificates
US20040025033A1 (en) * 2002-08-02 2004-02-05 Todd Luke B. System and method for preventing unauthorized installation, use and reproduction of software
US6889212B1 (en) * 2000-07-11 2005-05-03 Motorola, Inc. Method for enforcing a time limited software license in a mobile communication device

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757907A (en) * 1994-04-25 1998-05-26 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification
US6067622A (en) * 1996-01-02 2000-05-23 Moore; Steven Jerome Software security system using remove function to restrict unauthorized duplicating and installation of an application program
FR2779543B1 (en) * 1998-06-04 2001-08-17 Eastman Kodak Co SOFTWARE PROTECTION METHOD
US6654888B1 (en) 1999-12-31 2003-11-25 International Business Machines Corporation Installing and controlling trial software
JP2002006970A (en) 2000-06-19 2002-01-11 Takasaki Kyodo Keisan Center:Kk Application software trial system
JP3347128B2 (en) 2000-08-09 2002-11-20 日本電気株式会社 Trial software management system and management method, and recording medium
US6978374B1 (en) * 2000-09-29 2005-12-20 Unisys Corporation Authorization key system for selectively controlling the performance of a data processing system
US7418500B1 (en) * 2002-03-25 2008-08-26 Network Appliance, Inc. Mechanism for controlled sharing of files in a clustered application environment
US7331063B2 (en) * 2004-04-30 2008-02-12 Microsoft Corporation Method and system for limiting software updates
JP2007041678A (en) 2005-08-01 2007-02-15 Olympus Imaging Corp Software use management server device, software use management system, software use management method, and program
EP1796000A1 (en) 2005-12-06 2007-06-13 International Business Machines Corporation Method, system and computer program for distributing software products in trial mode
US8620818B2 (en) * 2007-06-25 2013-12-31 Microsoft Corporation Activation system architecture
EP2068565A1 (en) * 2007-12-07 2009-06-10 Gemplus Subscriber identity module and associated distribution server, adapted to manage programs with an indeterminate duration
US20090253414A1 (en) 2008-04-03 2009-10-08 Cequint, Inc. Systems and methods for deployment and sale of advanced calling features
US9355224B1 (en) * 2008-05-16 2016-05-31 Kaspersky Lab, Zao System and method for dynamic adjustment of expiration date for authorization key for antivirus products
US20090327091A1 (en) 2008-06-26 2009-12-31 Microsoft Corporation License management for software products
TWI420339B (en) * 2010-11-10 2013-12-21 Ind Tech Res Inst Software authorization system and method
US8775797B2 (en) * 2010-11-19 2014-07-08 Microsoft Corporation Reliable software product validation and activation with redundant security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6243692B1 (en) * 1998-05-22 2001-06-05 Preview Software Secure electronic software packaging using setup-external unlocking module
US20030110375A1 (en) * 1998-06-04 2003-06-12 Z4 Technologies, Inc. Method for monitoring software using encryption including digital signatures/certificates
US6889212B1 (en) * 2000-07-11 2005-05-03 Motorola, Inc. Method for enforcing a time limited software license in a mobile communication device
US20040025033A1 (en) * 2002-08-02 2004-02-05 Todd Luke B. System and method for preventing unauthorized installation, use and reproduction of software

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2638502A4 *

Also Published As

Publication number Publication date
US20130219190A1 (en) 2013-08-22
CN103189876B (en) 2016-09-14
EP2638502A4 (en) 2014-11-12
EP2638502A1 (en) 2013-09-18
CN103189876A (en) 2013-07-03
US9684781B2 (en) 2017-06-20

Similar Documents

Publication Publication Date Title
US20210294879A1 (en) Securing executable code integrity using auto-derivative key
US9684781B2 (en) Determine authorization of a software product based on a first and second authorization item
JP6595822B2 (en) Information processing apparatus and control method thereof
US9672347B2 (en) Integrity for security audit logs
JP3444227B2 (en) How to prevent unauthorized use of software
US8844049B2 (en) Method for generating a cryptographic key for a protected digital data object on the basis of current components of a computer
EP2278520A2 (en) Modular software protection
CN112231647A (en) Software authorization verification method
EP2264640A2 (en) Feature specific keys for executable code
US11151226B2 (en) Managing application specific feature rights
CN107526947A (en) A kind of embedded software active control method
JP4585594B2 (en) Licensed external memory
US6898555B2 (en) Method for indicating the integrity of use-information of a computer program
CN104346165A (en) Information processing apparatus, information processing method, program, storage medium, and information processing system
CN114117364B (en) Offline software license control method and system
EP1977551B1 (en) Binding a protected application program to shell code
US20180218159A1 (en) Encryption transition in a database
CN113051532A (en) Software authorization method and device, computer equipment and storage medium
JP5759845B2 (en) Information processing system, information processing apparatus, external storage medium, program, storage medium, and file management method
US11836255B1 (en) Microcontroller unit (MCU) secure boot
JP2013025607A (en) Information processor and information processing method
CN109409040B (en) Method and device for judging time reliability of operating system
EP3185165A1 (en) An electronic device comprising a mecanism to store securely data associated to an application
JPH1125053A (en) Certification security server dealing with ic card and dedicated application program interface(api) for certification processing of application program
JP2007087275A (en) License management device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10859444

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 13824517

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2010859444

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE