United States Patent [19]
`[11] Patent Number:
`[45] Date of Patent:
`May 26, 1998
`[75] Inventor: James E. Olsen. Park City. Utah
`Assi nee: Novell Inc.. Orem. Utah
`[211 APPl-N0-=620,319
`[22] Filed.
`Mar. 15, 1996
`5,3717% 12/1994
`5,375,206 12/1994
`3/ 1996
`5,579,222 11/1996
`[51] Int. Cl.6 .......................... .. H04L 9/00
`[52] us. C1. .............................. .. 395/187.01;395/188.01;
`395/186; 380/4; 380/25
`[58] Field of Search ............................. .. 395118701. 186.
`395/18801. 609; 380/4. 25
`A-38209 4/1993 Australia.
`M8113 3/1994 Australia.
`WO 89/0452‘)
`5/1939 WIPO
`WO 92/20021 11/1992 WlPO.
`19 Claims, 6 Drawing Sheets
`US. Patent
`May 26,1998
`Sheet lot‘ 6
`I ,0
`/ / /
`108 f
`202 }
`FIG. 2
`US. Patent
`May 26, 1998
`Sheet 2 of 6
`F/G. 3
`US. Patent
`May 26, 1998
`Sheet 3 of 6
`FIG. 5
`( START )
`com/[cum TABLE
`/5 14
`5 70
`US. Patent
`May 26, 1998
`Sheet 4 0f 6
`F/G. 6
`U.S. Patent
`May 26, 1993
`Sheet 5 0f 6
`FIG. 7
`700 /
`702 f
`US. Patent
`May 26, 1998
`Sheet 6 0f 6
`F/G. 8A
`( START )
`802 /
`/ 808
`874 /
`1. Field of the Invention
`The invention relates to licensing software. and more
`particularly. to licensing software electronically in a network
`2. Description of the Related Art
`Most software vendors currently favor licensing as the
`preferred method of distributing software. licensing soft
`ware provides the vendor with a certain amount of control
`over the distributed software which may be used to the
`vendor’s advantage. For example. licensing software allows
`the vendor to prohibit unauthorized usage of the software
`that might facilitate unauthorized copying. In addition.
`licensing provides an advantageous method of providing and
`billing for software. Through licensing. the vendor may sell
`several identical copies of the same software and charge the
`buyer for each copy.
`Licensing schemes have adapted to the network environ
`ment as well as the individual personal computer. In a
`network environment. such as a client-server network. mul
`tiple users may access the same copy of a particular appli
`cation. Consequently. the vendor can charge the network
`owner not for the number of copies installed on the network.
`but for the number of users having access to the software.
`Software is conventionally licensed using an agreement
`between the vendor and the user or administrator. The
`agreement is typically either a conventionally signed con
`tract or a “shrink wrap” agreement attached to the packaging
`for the software. to which the licensee acknowledges agree
`ment by opening the package.
`Although traditional licensing and shrink wrap licensing
`are more or less applicable to licensing for individual
`systems. they are not well-suited to the network environ
`ment. Both traditional and shrink wrap licensing schemes
`are di?icult to enforce on a network where several users
`have access to the software. Consequently. various elec
`tronic systems have been devised for controlling access to
`software on a network.
`Electronic licensing typically comprises providing a set of
`_ criteria under which a request for an application from the
`server should be granted. One common licensing system
`uses a ?xed set of licenses controlled by a license server. The
`license information is maintained in a license database.
`along with information regarding which applications are in
`use and how many units are still available. The information
`in the database may be encrypted to prevent forgeries. When
`an application is desired. the application commences run
`ning. Code embedded in the application initially requests a
`license from the server to facilitate the execution of the
`application. The server checks the database of licenses. and
`if the appropriate licenses are available. grants the request.
`As requests are received and licenses granted. the relevant
`information is logged into a ?le to track usage of the various
`If a license is not available. the client contacts another
`server to ?nd the appropriate license. The client in the
`conventional system has the responsibility to obtain licenses
`from the various servers. and the individual servers provide
`resources at the client’s request. To facilitate such licensing.
`the application typically includes a library of programs
`designed to contact the server. request a license. and track
`the resulting license.
`Although such a licensing system provides some security
`against unauthorized usage of applications. it suffers several
`drawbacks. For example. the number of programs required
`for the client to request and maintain licenses occupies a
`significant portion of the client’s valuable memory
`resources. Further. a conventional licensing system stores
`most of the licensing information in the client’s memory.
`Consequently. in the event of a client crash. the licensing
`information is lost and di?icult to reconstruct.
`Conventional licensing systems also suffer limited scal
`ability. When a call is made to a server. all of the execution
`occurs on each individual server for any particular call.
`Similarly. if a license is located on a particular machine. all
`execution necessary to operate on that license occurs on that
`machine. Consequently. a central server containing most of
`the licenses available on a particular network may be
`overworked while other. more local server resources remain
`In addition. conventional licensing systems rely on code
`embedded in the application to establish the licensing
`attributes. Code is placed in the application which interprets
`information received from the server to establish licensing
`parameters. Because the behavior of the license is not
`established until after the request has been made and the
`license obtained. the user cannot read the license terms prior
`to the request. In addition. this system lacks ?exibility. To
`change the licensing terms. the code in the application must
`be revised
`An electronic software licensing system is thus needed
`which overcomes the shortcomings of the prior art.
`An electronic licensing system according to various
`aspects of the present invention provides alternative meth
`ods and apparatus for licensing software in a network
`environment. License information is suitably stored in a
`distributed database among several servers. The license
`information may be coupled with any suitable attributes to
`create a desired licensing policy. Clients are equipped with
`a suitable library of application programming interfaces
`(APIs) for acquiring and managing licenses. To request an
`application. the client assembles a request having the desired
`license criteria. such as the publisher. product. version. and
`number of license units. This information is provided with
`other relevant information. such as the user’s name.
`When the request for a license to an application is
`received by a local server. the server searches the local
`database for license information which satis?es the request
`criteria. The server also suitably passes the request to other
`servers to check their respective databases. If the requested
`license rights are available. the license service provider
`(LSP) constructs a license certi?cate object and collects
`those rights into the object. When this object is created. it is
`associated with the client request. suitably by a name
`referred to as a license handle. and adjusts the information
`in the database to re?ect the granting of the license.
`In a system according to a preferred embodiment of the
`present invention. most of the license transactions occur at
`the servers; the client merely bundles the arguments for a
`license request and transmits them to the server.
`Consequently. the client resources required for the license
`system are relatively small.
`In accordance with a further aspect of the present
`invention. recoverability of the system is enhanced To
`anticipate a client crash. the client only needs to store the
`license handle associated with the license request. The
`remaining information is stored in the server database. and
`may be reestablished by finding the particular transaction
`associated with the license handle in the database.
`In accordance with yet a further aspect of the present
`invention. licensing ?exibility is also enhanced. The licens
`ing criteria may be adjusted by revising the contents of the
`database and the client APIs. Because the application
`requires no particular code to facilitate licensing. recompi
`lation or relinking of the application binaries is unnecessary
`to change the licensing attributes. In addition. the structure
`of the database and the APIs facilitates the use of uncon
`ventional licensing modes by applying various different
`criteria to the license information in the database and the
`license request. Further. the distributed nature of the data
`base provides enhanced scalability and allows several serv
`ers to be searched with a single request from the client.
`The subject matter of the invention is particularly pointed
`out and distinctly claimed in the concluding portion of the
`speci?cation. The invention. however. both as to organiza
`tion and method of operation. may best be understood by
`reference to the following description taken in conjunction
`with the claims and the accompanying drawing. in which:
`FIG. 1 is a block diagram of a network according to
`various aspects of the present invention;
`FIG. 2 is a block diagram of the LSP of FIG. 1;
`FIG. 3 is a diagram of the organization of a license record;
`FIG. 4 is a block diagram illustrating an example con
`?guration of a network serviced by a directory service;
`FIG. 5 is a ?ow diagram of a process for a client to locate
`an LSP‘,
`FIG. 6 is a ?ow diagram of a process for an LSP to locate
`another LSP;
`FIG. 7 is a ?ow diagram of a process for installing a
`license in the license certi?cate database; and
`FIGS. 8A-B comprise a ?ow diagram of a process for
`requesting and generating a license for an application.
`handler 202 suitably processes several requests concur
`rently. NCP handler 202 notes the message contents. as well
`as the source of the message to establish a return location.
`The message received by NCP handler 202 is transmitted
`to parser 204. Parser 204 initially determines which particu
`lar function is requested and converts the message into an
`appropriate format for other components of server 104.
`Based on the type of transaction. parser 204 then parses out
`the appropriate arguments from the message and transfers
`the results to implementation translator 206.
`Implementation translator 206 ?rst checks all arguments
`for validity. and if any arguments fail. returns a rejection
`message to client 106. If the arguments are valid. imple
`mentation translator 206 translates the arguments into the
`appropriate request for licenses from database access system
`208. In addition. implementation translator 206 translates
`results from database access system 208 and returns the
`appropriate error codes to client 106. Finally. if database
`access system 208 cannot locate the necessary license cer
`ti?cate objects in the local license certi?cate database. it
`submits requests to other LSPs to attempt to locate the
`necessary license certi?cate objects.
`Database access system 208 receives requests from imple
`mentation translator 206 and locates. obtains. and manages
`license certi?cates in license certi?cate database 112. Data
`base access system 208 suitably includes code for accessing
`license certi?cate database 112 both locally and in remote
`LSPs. The process for accessing and creating licenses from
`the database is described in detail below.
`To access license certi?cate database 112 to perform
`various functions. database access system 208 suitably
`assembles a license certi?cate object for each license cer
`ti?cate installed in license certi?cate database 112. A license
`certi?cate object suitably comprises code for performing
`various functions within license certi?cate database 112.
`such as adding. removing. requesting. and releasing a
`license certi?cate. In addition. the license certi?cate object
`suitably provides information regarding the corresponding
`license certi?cate and its state. For example. based on the
`user information or a license handle. the license certi?cate
`object suitably locates the corresponding license certi?cate
`and transmits information relating to the current users.
`number of units in use. identi?er information. default update
`period. ownership information. and the like.
`The license certi?cate object also suitably performs vari
`ous license management functions. For example. the license
`certi?cate object facilitates adding assignment information
`to license certi?cates to assign or delete par1icular users to
`an application for access. In addition. ownership of the
`license may be transferred to another user or group using the
`license certi?cate object.
`The license certi?cate object also provides for removal of
`stale entries. The license certi?cate object monitors updates
`received from the various clients 106 to indicate that the
`application is still in use. As described further below. if the
`update is not received within the appropriate update interval.
`the license certi?cate object terminates the license by per
`forming arelease operation. This allows the enhancement of
`license certi?cate capabilities without affecting the API
`implementation code.
`Transaction tracking system 210 tracks the usage history
`of licensing system 100. Transaction tracking system 210
`suitably includes a transaction database. which stores rel
`evant usage information. such as when licenses are
`consumed. when updates occur. when license units are
`released. and error conditions. Transaction tracking system
`A licensing system according to the present invention
`provides a ?exible and robust licensing apparatus and
`method for licensing software in a network. Referring now
`to FIG. 1. a licensing system 100 according to various
`aspects of the present invention suitably includes a network
`102 comprising at least one server 104. at least one client
`106. and a communications system (e.g.. network bus) 108.
`Server 104 suitably comprises a high-speed computer oper
`ating on a Novell NetWare server operating system. If
`multiple servers are present. servers 104 are suitably con
`?gured in a distributed processing con?guration.
`Server 104 includes a LSP 110 for performing license
`transactions and a license certi?cate database 112. LSP 110
`performs several licensing functions. for example receiving
`requests from clients 106 and maintaining and searching
`license certi?cate database 112 to create license certi?cate
`objects. LSP 110 may be implemented in software. suitably
`comprising a NetWare Loadable Module in the Novell
`NetWare 4.1 environment.
`Referring now to FIG. 2. LSP 110 suitably comprises a
`NetWare Core Protocol (NCP) handler 202; a parser 204; an
`implementation translator 206; a database access system
`208; and a transaction tracking system 210. NCP handler
`202 receives messages from clients relating to various
`licensing functions. To handle multiple messages. NCP
`' 5,758,069
`210 suitably organizes information relating to licenses in
`transactional records based on each license handle. For
`example. information relating to each transaction affecting
`or based on a particular license handle is recorded in a
`transaction record devoted to that license handle.
`Consequently. unlike a chronological log. determining the
`usage history of a particular application does not require a
`search of an entire database. In contrast. all of the relevant
`information is stored in a record having an identifying
`license handle.
`Referring again to FIG. 1. license certi?cate database 112
`suitably comprises any database capable of storing license
`information. For example. license certi?cate database 112
`may be generated with a commercially available database
`system. such as BTrieve. License certi?cate database 112
`stores all of the information relating to the various licenses
`available via LSP 110. The format of license certi?cate
`database 112 is suitably con?gured to conform to that of the
`various license certi?cates.
`The information in license certi?cate database 112 is
`suitably organized into license records. each of which suit
`ably contains a license certi?cate supplied by a vendor or
`other installer along with additional information relating to.
`for example. the location of assignment information and
`user information. The license certi?cate is stored in the
`record in a block copy fashion. so that all of the data and
`structure of the certi?cate are preserved. Additional space is
`also suitably provided for information required by licensing
`system 100. For example. space may be added to the record
`for entry of information relating to the user. license handle.
`number of license units consumed. the last time of update.
`assignment. and owner. Fach license record is suitably
`extendable by adding additional identi?ers that may be
`recognized by certi?cate objects.
`The license information stored in license certi?cate data
`base 112 is suitably stored in a format common to each
`license. Referring now to FIG. 3. a suitable format for a
`license record 302 comprises an identi?er ?eld 304. a data
`length ?eld 306. and a data ?eld 308. A suitable identi?er is
`stored in identi?er ?eld 304. for example to identify the
`nature of license record 302. Data length ?eld 306 describes
`the length of data ?eld 308. suitably in bytes. Data length
`?eld 306 suitably comprises a four byte number. for example
`in little endian format. Data length ?eld 306 may be read to
`determine where the current license record 302 ends and
`where the next license record 302 begins.
`Data ?eld 308 suitably contains information speci?c to
`the license. Data ?eld 308 is formatted in any suitable
`manner to be compatible with licensing system 100. In
`particular. data ?led 308 suitably contains nested sets of
`identi?ers. data length ?elds. and data ?elds for various
`characteristics and variables associated with the license
`record. For example. each entry in the data ?eld suitably
`includes an identi?er 304A-C which indicates the type of
`information in the entry. e.g. an error attribute. ownership
`data. etc. A data length ?eld 306 A-B indicates the length of
`the entry. and a data ?eld 308A-B includes the actual
`information. The format may suitably be determined accord
`ing to a portion of the identi?er. so that if licensing system
`100 does not recognize the relevant portion of identi?er ?eld
`304. data ?eld 308 is ignored The information stored in data
`?eld 308 is provided by license installation or creation. as
`described further below.
`Referring again to FIG. 1. client 106 suitably comprises a
`conventional network terminal. for example a personal com
`puter or work station. Client 106 is connected to server 104
`through a conventional network interface. To operate in
`conjunction with licensing system 100. client 106 suitably
`includes a series of application programming interfaces
`(APls). The speci?c APIs provided may conform to the
`particular platform on which client 106 operates.
`The APIs are suitably provided to client 106 by a client
`provider or library. The client provider. suitably comprising
`a module loaded into each client 106. provides the licensing
`APIs and a remote procedure call (RPC) mechanism for
`client 106. Client 106 requests access to and manages
`applications using the APIs. The RPC mechanism both
`locates and communicates to LSPs 110. Finally. the client
`provider also suitably performs various library maintenance
`routines as may be necessary for the various shared library
`Client 106 uses a series of functions gathered in the APIs
`furnished by the client provider to request licenses from LSP
`110. The APIs are suitably linkable or addressable entities
`according to the particular platform used by client 106. The
`licensing API library associated with client 106 is suitably
`con?gured in a standard format. for example. the industry
`standard called the LSAPI (v1.1). jointly created by Novell.
`Microsoft. HP/Gradient. and several other companies. The
`APIs generally provide for the acquisition and management
`of the licenses. Client 106 according to various aspects of
`the present invention suitably includes at least two library
`sets. The ?rst library set provides the license acquisition
`API. and the second is the license management API.
`The license acquisition API provides for obtaining.
`maintaining. and releasing license units corresponding to a
`particular application. The license acquisition API prefer
`ably provides license acquisition functions compatible with
`a broad array of platforms employed by licensing system
`100 platform so that software developers are afforded con
`siderable ?exibility in designing applications which may be
`conventionally licensed in the context of licensing system
`100. Preferably. the application requires very little informa
`tion about licensing system 100‘s particular process for
`acquiring and constructing licenses.
`The calls used to provide this functionality suitably cor
`respond to industry standard APIs. such as the common
`licensing API. or LSAPL version 1.1. as described above.
`The standard API allows a server 104 to license applications
`independent of the underlying licensing system 100. The
`license acquisition API facilitates requesting. updating. and
`releasing licenses. establishing the update period for
`licenses. and translating error codes.
`The license management API suitably provides access to
`information that directly pertains to the license acquisition
`process. In addition. the license management API also
`suitably provides for con?guring and examining licensing
`system 100. The license management API is useful as an
`administrative tool and in a software management system.
`The license management API facilitates determination of.
`for example. license usage. license restrictions. license
`installation and information. and transactional records.
`Further. the license management API suitably provides calls
`for adding and removing license units from a license
`certi?cate. transferring ownership. and installing a license
`certi?cate either into licensing system 100 or onto a speci?c
`LSP 110.
`Communications system 108 suitably comprises a series
`of transmission channels connecting servers 104 and clients
`106. including various supporting hardware and software.
`Communications system 108 facilitates communications
`between two or more servers 104 and between servers 104
`5.75 8.069
`and clients 106. Communications system 108 comprises any
`suitable communications medium. such as conventional
`copper wire. ?ber optics. or Wireless signals.
`Licensing system 100 suitably operates in conjunction
`with a directory service. such as NetWare Directory
`Services. for organization and location of various compo
`nents. The directory service allows network 102 to be
`organized in a logical manner for administration. applica
`tions sharing. document sharing. and the like. For example.
`referring now to FIG. 4. the various servers 104 and clients
`106 may be organized into divisions and subdivisions based
`on job description. geographical location. or other selected
`criteria. The directory service organization may be used to
`control and facilitate searching for licenses among the
`various LSPs 110. as described in greater detail below.
`Each respective client 106 communicates with the various
`servers 110 over communications system 108. Client-server
`communications are suitably transport independent. for
`example using NCP extensions. Client communication com
`ponents are preferably single sourced across all platforms to
`increase portability. For example. NWCalls from Novell
`may be used. which provides a platform independent mecha
`nism for accessing Novell NetWare resources.
`To communicate with LSP 110. client 106 ?rst locates an
`LSP. and then communicate its request to LSP 110. Each
`LSP connected to communications system 108 suitably
`registers its handler 202. Consequently. when client 106
`seeks LSP 110. it suitably scans its connections for an NCP
`handler 202 registered with the appropriate name.
`For example. referring to FIG. 5. to locate an available
`LSP. client 106 suitably scans its local connection table for
`the NCP service name providing the licensing service (step
`500). If an LSP 110 is located (step 502). client 106 initiates
`its request. suitably using an appropriate RPC (step 504). If
`an LSP 110 is not located. client 106 determines whether a
`directory service is available (step 506). If no directory
`service is available. an error arises indicating that no LSP
`110 could be located (step 510).
`If a directory service is available. the current directory
`context is scanned for available LSPs 110 (step 508). If no
`LSP 110 is located in the current container (step 512). client
`_ 106 begins searching the parent container (step 514). The
`search continues through the parents of the current container
`until the root is reached (step 526). If no LSPs 110 are found.
`client 106 receives an error indicating that licensing system
`100 is not available (step 510). If an LSP 110 is found. client
`106 connects to LSP 110 and transmits its request and
`continues its communications (step 504).
`Network 102 also suitably facilitates communications
`between the various servers 104. LSPs. 110 are suitably
`con?gured to provide a distributed license certi?cate data
`base 112 available to each client 106. To provide the
`distributed database con?guration. LSPs 110 are intercon
`nected. Referring now to FIG. 6. to locate other LSPs 110 to.
`for example. ?nd license units to ful?ll a request. a ?rst LSP
`110 scans its current directory context for other LSPs 110
`con?gured for license database attributes (step 600). LSP
`110 can then communicate with any LSPs 110 located. If the
`necessary units are not located (step 602). LSP 110 then
`moves out one level in the directory context (step 604) and
`tries to contact LSPs (step 605). continuing until either the
`root is reached (step 606). the appropriate responses are
`received (step 602). or an administrator de?ned limit is
`reached (step 608). If none is found. an error is returned
`(step 612). If an LSP 110 is located. the request is initiated
`(step 610).
`Each LSP 110 is suitably associated with various
`attributes which indicate the status of the particular LSP to
`the other LSPs 110. For example. suitable attributes include
`license database attributes. transactional database attributes.
`and an NCP pointer. The license database attribute indicates
`whether LSP 110 is con?gured to support a local license
`certi?cate database 112. Similarly. the transactional database
`attribute indicates whether LSP 110 is con?gured to support
`a transactional tracking system 210. The NCP pointer facili
`tates location of and communication with the corresponding
`NCP object.
`To facilitate licensing of the various applications. a set of
`license information relating to licensed applications is
`installed in license certi?cate database 112. The license
`information is suitably provided by the vendor to facilitate
`access to applications. The information stored in the various
`license certi?cate databases 112 is suitably collectively
`available to each of LSPs 110. Consequently. each LSP 110
`suitably stores different license information.
`A license system 100 according to various aspects of the
`present invention allows various users to control entry and
`maintenance of licenses other than the administrator. When
`a user enters a license into the license system. the installer
`is considered the “owner” of the license. Only users having
`su?icient security clearance may modify or delete the
`installed license. Ownership of the license may also be
`transferred to o

