`Sprong et al.
`
`US006134659A
`[11]
`Patent Number:
`[45] Date of Patent:
`
`6,134,659
`Oct. 17, 2000
`
`[54] CONTROLLED USAGE SOFTWARE
`
`[76] Inventors: Katherine A. Sprong; Donald J.
`sprong both of 2723 Singer Woods
`’
`Dr., Abingdon, Md. 21009
`
`[21] Appl. No.: 09/440,944
`[22] Filed:
`Nov. 16, 1999
`
`Related US. Application Data
`
`[63] Continuation-in-part of application No. 09/004,143, Jan. 7,
`1998.
`
`[51] Int. Cl.7 .................................................... .. G06F 11/30
`[52] US. Cl. ........................ .. 713/190; 713/164; 713/165;
`713/170; 713/200; 380/255; 705/51; 705/56;
`705/57; 705/58; 705/67
`[58] Field Of Search ................................... .. 380/255, 282,
`380/283; 705/50, 51, 54, 56, 57, 58, 59,
`67, 72, 77; 713/164, 165, 166, 169, 187,
`190, 193, 200
`
`[56]
`
`References Cited
`
`US- PATENT DOCUMENTS
`4/1987 Hellman .................................. .. 380/25
`4 658 093
`8/1987 Joshi
`364/200
`4:688:169
`4,888,798 12/1989 Earnest ..
`380/4
`5,199,066
`3/1993 Logan ....................................... .. 380/4
`5,337,357
`8/1994 Chau et al. ............................... .. 380/4
`380/4
`5,457,746 10/1995 Dolphin ...... ..
`5,490,216
`2/1996 Richardson
`380/4
`5,509,071
`4/1996 Petroe et al. ..
`..
`.. 380/4
`5,530,751
`6/1996 Morris ......... ..
`380/4
`5,541,991
`7/1996 Benson et al.
`.. 380/4
`5,568,552 10/1996 Davis .......... ..
`380/4
`5,586,186 12/1996 Yuval et al.
`.. 380/30
`5,615,061
`3/1997 Singh ...................................... .. 360/60
`
`5,625,690
`5,628,015
`5,649,187
`5,652,793
`5,790,664
`
`4/1997 Michel etal. ............................ .. 380/4
`5/1997 Singh ........ ..
`.. 395/186
`7/1997 Hofnbllckle -
`-- 395/610
`7/1997 Priem et al. .............................. .. 380/4
`8/1998 Coley etal. .............................. .. 380/4
`
`OTHER PUBLICATIONS
`“Security Limited Program for Modifying Programs Strored
`on Disks”, IBM Technical Disclosure Bulletin Jun. 1971 pp.
`51—53, Apr. 1993.
`_
`_
`Primary Exammer—Tod R. SWann
`Assistant Examiner—pa1l1 E~ Callahan
`Attorney, Agent, or Firm—Larry J. Guffey
`
`[57]
`
`ABSTRACT
`
`The present invention provides a neW and novel system and
`method for protecting a computer software program from
`unauthorized use and/or copying. In a preferred embodiment
`of the invention, each embodiment of the storage medium
`containing the softWare also includes means for: (1) inhib
`iting use of the softWare unless a valid authorization code for
`use has been received from a remote authorization unit, (2)
`generating, storing and retrieving a serial number uniquely
`associated With the particular host computer on Which the
`softWare is to be used, (3) inhibiting transfer from one host
`CF’mPuter to another of the .So?ware unless a Valid ‘163M110
`rlzatlon code has been received from a remote authorlzatlon
`unit, (4) uniquely identifying each embodiment of the stor
`age medium, thereby making it possible to individually track
`each embodiment of the storage medium and to recognize
`When such an embodiment may have been copied before its
`installation on a host computer or installed on multiple host
`computers, and (5) preventing hackers from inputting an
`unlimited number of authorization codes in an attempt to
`enable use of the softWare.
`
`20 Claims, 28 Drawing Sheets
`
`Controlled Use e Software
`Software Distribution Process
`with identification Number Trackin
`
`l
`
`Software package is created tor _‘
`distribution
`
`1 ,,,,,, 2T:i
`
`Unique identification Number is
`assigned to and recorded on the
`Software Distribution Package
`
`21,1111,
`
`User orders software package and
`makes payment arrangements
`
`User information is recorded
`in the soitware vendor's
`User Database, including
`4‘; time period the user is
`licensed to use the product
`and Identi?cation Number of
`the software to be shipped
`
`U
`Ser
`Daiabase
`
`Software Distribution Package
`is shipped to the user
`
`‘
`
`Exit
`
`1
`
`APPLE EXHIBIT 1007
`Page 1 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 1 0f28
`
`6,134,659
`
`Controlled Usaqe Software
`Software Distribution Process
`Lwith Identification Number Trackinq)
`
`Software package is created for
`distribution
`
`i
`
`Unique Identification Number is
`assigned to and recorded on the
`Software Distribution Package
`
`i
`
`User orders software package and
`makes payment arrangements
`
`i
`
`User information is recorded
`in the software vendor's
`User Database, including
`<—— time period the user is
`licensed to use the product
`and Identification Number of
`the software to be shipped
`
`User
`Database
`
`Software Distribution Package
`is shipped to the user
`
`i
`
`Exit
`
`Figure 1
`
`i
`
`i KQQQ i
`
`i
`
`APPLE EXHIBIT 1007
`Page 2 of 43
`
`
`
`U.S. Patent
`
`Oct. 17,2000
`
`Sheet 2 0f28
`
`6,134,659
`
`Controlled Usaqe Software
`User Authorization Process
`(with identification Number Tracking)
`
`User orders and remits payment
`for the Controlled Usage Software
`from the Software Vendor
`
`V
`
`User receives Software
`Distribution Package
`
`Controlled Usage Software is
`installed on the user's system
`
`User starts the
`Controlled Usage Software
`
`i
`l
`
`Controlled Usage Software checks to
`determine if a valid Serial Number
`exists
`
`l
`51
`
`Figure 2-A
`
`APPLE EXHIBIT 1007
`Page 3 of 43
`
`
`
`U.S. Patent
`
`Oct. 17,2000
`
`Sheet 3 0f28
`
`6,134,659
`
`Does a valid
`Serial Number
`Exist?
`
`Yes
`
`F
`
`lNo
`
`Generate Serial Number based on
`parameters such as: current date/time,
`system hardware serial numbers,
`Identification Number and random numbers
`
`l
`
`Save the generated Serial Number
`<-— on the user's hard disk in multiple
`locations in clear and encoded form
`
`l<
`
`User is prompted to enter an Authorization
`Code by the Controlled Usage Software
`
`User Calls the Software Vendor
`
`l
`l
`
`n
`
`Figure 2-8
`
`APPLE EXHIBIT 1007
`Page 4 of 43
`
`
`
`U.S. Patent
`
`Oct. 17,2000
`
`Sheet 4 0f28
`
`6,134,659
`
`User supplies requested user information, Serial and
`n —> Identification Numbers displayed on his/her screen and
`current payment status/verification (including time
`period license is valid for) to the Software Vendor
`
`l
`
`Valid
`Authorization
`Request?
`
`Yes
`
`No
`
`Authorization Code is entered into
`the Controlled Usage Software
`
`l
`
`Authorization Code is verified by the
`Controlled Usage Software
`
`l
`
`Valid
`Authorization
`Code?
`
`Auth
`
`~Auth
`
`~~Auth
`
`Controlled Usage Software is activated
`and enabled for use; Authorization
`code is stored on the user's hard disk
`in clear and encoded form
`
`+ 4
`
`Exit
`
`Figure 2-C
`
`APPLE EXHIBIT 1007
`Page 5 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 5 0f28
`
`6,134,659
`
`Controlled Usaqe Software
`Software Vendor Authorization Process
`(with Identification Number Tracking)
`
`User calls in requesting an
`Authorization Code
`
`i
`
`Software Vendor requests user information,
`Serial and identification Numbers of the
`system to be authorized, license time period
`and payment status from the user
`
`i
`
`Software Vendor verifies user
`information, Identification Number,
`payment status, and license time
`period based on information
`stored in the User Database
`
`l
`
`Valid
`Authorization
`Request?
`
`Yes
`
`No
`
`Authorization
`Database
`
`Software Vendor verifies supplied
`Serial Number is valid and that a
`license is available for use from
`the Authorization Database
`
`l
`[5
`
`Figure 3-A
`
`APPLE EXHIBIT 1007
`Page 6 of 43
`
`
`
`U.S. Patent
`
`Oct. 17,2000
`
`Sheet 6 0f28
`
`6,134,659
`
`Does a
`valid license
`Exist?
`
`Are the
`Identification and
`Serial Numbers
`Valid?
`
`Record Serial Number,
`Identification Number, authorization
`<-— period, current date and other
`pertinent information in the vendor's
`Authorization Database
`
`Authorization
`Database
`
`l
`
`Generate Authorization Code based on
`parameters such as: current date, time period of
`authorization, Serial and Identification Numbers
`to be authorized and random numbers
`
`l
`
`Provide Authorization Code to the user
`
`4
`
`Exit
`
`Figure 3-8
`
`APPLE EXHIBIT 1007
`Page 7 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 7 0f 28
`
`6,134,659
`
`Controlled Usage Software
`User Software Startup Process
`(with Identification Number Trackim)
`
`User starts the Controlled
`Usage Software
`
`i
`
`The Controlled Usage Software
`checks for the existence and
`validity of the assigned Serial
`Number and Authorization Code
`
`i
`
`Is the
`software
`authorized
`for use?
`
`V
`
`Software is
`activated for use
`
`Go to@ in the User
`Authorization Process
`
`Exit
`
`Figure 4
`
`APPLE EXHIBIT 1007
`Page 8 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 8 0f28
`
`6,134,659
`
`Controlled Usaqe Software
`Software Distribution Process
`(without Serial/Identification Numbers)
`
`Software package is created for
`distribution
`
`User orders software package and
`makes payment arrangements
`
`User information is recorded in the
`<_ software vendor's User Database,
`including time period the user is
`licensed to use the product
`
`>
`
`Software Distribution Package
`
`is shipped to the user
`
`0
`
`Exit
`
`Figure 5
`
`APPLE EXHIBIT 1007
`Page 9 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 9 0f28
`
`6,134,659
`
`Controlled UsageSoftware
`User Authorization Process
`fwithout Serial and Identification Numbers)
`
`User orders and remits payment
`for the Controlled Usage Software
`from the Software Vendor
`
`0 User receives Software
`
`Distribution Package
`
`Controlled Usage Software is
`X installed on the user's system
`
`User starts the
`Controlled Usage Software
`
`E]
`
`Figure 6-A
`
`APPLE EXHIBIT 1007
`Page 10 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 10 0f28
`
`6,134,659
`
`User is prompted to enter an Authorization
`Code by the Controlled Usage Software
`and calls the Software Vendor
`
`l
`
`User supplies requested user information, and
`current payment status/ verification (including time
`period license is valid for) to the Software Vendor
`
`l
`
`Valid
`Authorization
`Request’?
`
`No
`
`User information and Authorization Code are
`entered into the Controlled Usage Software
`
`Authorization Code is verified by the Controlled Usage Software
`
`l
`l
`
`Valid
`Authorization
`Code?
`
`No
`
`Controlled Usage Software is activated
`and enabled for use; Authorization
`code is stored on the user's hard disk in
`clear and encoded form
`
`Exit
`
`Figure 6-8
`
`APPLE EXHIBIT 1007
`Page 11 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 11 0f28
`
`6,134,659
`
`Controlled Usage Software
`Software Vendor Authorization Process
`(without Serial and Identification Numbers)
`
`User calls in requesting an
`Authorization Code
`
`Software Vendor requests user
`information, license time period and
`payment status from the user
`
`l
`
`Software Vendor verifies user
`information, payment status,
`and license time period based
`on information stored in the
`User Database
`
`No
`
`l
`
`Valid
`Authorization
`Request?
`
`Yes
`
`Figure 7-A
`
`APPLE EXHIBIT 1007
`Page 12 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 12 0f 28
`
`6,134,659
`
`Authorization
`Database
`
`‘
`
`Record authorization period,
`current date and other pertinent
`information in the vendor's
`Authorization Database
`
`Generate Authorization Code based on
`parameters such as: current date, time
`period of authorization, and random
`numbers
`
`Provide Authorization Code to the user
`
`Exit
`
`Figure 7-8
`
`APPLE EXHIBIT 1007
`Page 13 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 13 0f28
`
`6,134,659
`
`Controlled Usage Software
`User Software Startup Process
`(without Serial and Identification Numbers)
`
`Auth
`
`~~Auth
`
`~Auth
`
`User starts the Controlled Usage Software
`
`l
`
`The Controlled Usage
`Software checks for the
`existence and validity of the
`assigned Authorization Code
`
`l
`
`Is the
`software
`authorized
`for use?
`
`software is
`activated for use
`
`Go to w in the User
`Authorization Process
`
`4
`
`Exit
`
`Figure 8
`
`APPLE EXHIBIT 1007
`Page 14 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 14 0f28
`
`6,134,659
`
`Controlled Usage Software
`User Authorization Process
`(with Hacker Protection)
`
`User orders and remits payment
`for the Controlled Usage Software
`from the Software Vendor
`
`l
`
`User receives Software
`Distribution Package
`
`l
`
`Controlled Usage Software is
`installed on the user's system
`
`KOQJ l
`
`—
`
`User starts the
`Controlled Usage Software
`
`l
`l
`@
`
`Controlled Usage Software checks to
`determine if a valid Serial Number exists
`
`Figure 9-A
`
`APPLE EXHIBIT 1007
`Page 15 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 15 0f28
`
`6,134,659
`
`Does a valid
`Serial Number
`Exist?
`
`Yes
`
`Generate Serial Number based on
`parameters such as: current
`date/time, system hardware serial
`numbers and random numbers
`
`l
`
`Save the generated Serial Number
`on the user's hard disk in multiple
`locations in clear and encoded form
`
`Invalid
`-
`-
`mi
`t
`Access Ll
`
`Set Invalid Access Limit to a value; For
`example a randomly selected number
`within a predetermined range (such as
`100-150). Store the value on the user's
`hard disk in both clear and encoded form
`
`.
`lnval'd
`Access
`Count
`
`Set lnvalid Access Count to zero (0).
`Store the value on the user's hard
`disk in both clear and encoded form
`
`l‘
`
`Figure 9-5
`
`APPLE EXHIBIT 1007
`Page 16 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 16 0f 28
`
`6,134,659
`
`Invalid Access
`
`Invalid Access
`Limit
`
`Prevent repeated invalid Authorization
`attempts by disabling authorization after a
`preset number of invalid attempts
`
`I
`
`Is Invalid Access
`Count > Invalid
`Access Limit?
`
`User is prompted to enter an Authorization
`Code by the Controlled Usage Software
`
`User Calls the Software Vendor
`
`I
`I
`
`User supplies requested user information,
`Serial Number displayed on his/her
`screen and current payment
`status/verification (including time period
`license is valid for) to the Software Vendor
`
`I
`
`Figure 9-6
`
`APPLE EXHIBIT 1007
`Page 17 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 17 0f28
`
`6,134,659
`
`El
`
`No
`
`Valid
`Authorization
`Request?
`
`Yes
`
`Authorization Code is entered into
`the Controlled Usage Software
`
`l
`
`Authorization Code is verified by the
`Controlled Usage Software
`
`l
`
`Valid
`Authorization
`Code’?
`
`No
`
`V
`
`Increment
`Invalid
`Access
`Count by
`one (1)
`
`_
`lnval'd Access
`Count
`
`Id
`I
`R
`eset nvai
`Access Count
`to zero (0)
`+
`
`-
`mvahd
`Access
`Count
`
`Controlled Usage Software is activated
`and enabled for use; Authorization
`<—— code is stored on the user's hard disk
`in clear and encoded form
`
`it
`
`Exit
`
`Figure 9-D
`
`APPLE EXHIBIT 1007
`Page 18 of 43
`
`
`
`U.S. Patent
`
`0a. 17, 2000
`
`Sheet 18 0f28
`
`6,134,659
`
`Controlled Usage Software
`User Deauthorization Process
`
`User starts the
`Controlled Usage Software
`
`User enters the Deauthorization
`Screen
`
`l
`l
`l
`
`User Calls the Software Vendor
`
`User supplies requested user information, Serial
`Number displayed on his/her screen and current
`payment status/verification (including time period
`license is valid for) to the Software Vendor
`
`l
`
`Valid
`Deauthorization
`Request?
`
`No
`
`Yes
`
`[Q
`
`Figure 10-A
`
`@
`
`APPLE EXHIBIT 1007
`Page 19 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 19 0f28
`
`6,134,659
`
`W
`
`Deauthorization
`V —-> Code is entered into
`the Controlled
`Usage Software
`
`l
`
`Deauthorization Code is verified by
`the Controlled Usage Software
`
`l
`
`Valid
`Deauthorization
`Code?
`
`Yes
`
`No
`
`Serial Number is removed
`<—— from the user's hard disk: both
`clear and encoded forms
`
`l
`
`Generate Acknowledgment Code based on
`parameters such as: current date, Deauthorization
`Code, Serial and Identification Numbers to be
`deauthorized and random numbers
`
`l
`
`User Provides Acknowledgment Code to
`the Software Vendor
`
`r
`
`Exit
`
`Figure 10-8
`
`APPLE EXHIBIT 1007
`Page 20 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 20 of 28
`
`6,134,659
`
`Controlled Usage Software
`Software Vendor Deauthorization Process
`
`
`
`Usercalls in requesting a refund or to
`move a copyof the Controlled Usage
`Software to a different computer system
`
`Software Vendor requests user
`information, Serial Numberof the
`system to be deauthorized, license time
`
`period and paymentstatus from the user
`
`Software Vendor verifies
`user information, payment
`status, and license time
`period based oninformation
`stored in the User Database
`
` r
`
`
`Valid
`
`Deauthorization
`Request?
`
`Software Vendorverifies supplied
`Serial Numberis valid and that a
`license is assigned for use from
`the Authorization Database
`
`
`
`
`
`
`
`0
`
`
`A
`
`User
`Database
`
`
`
`Authorization
`
`Database
`
`Figure 11-A
`
`APPLE EXHIBIT 1007
`Page 21 of 43
`
`APPLE EXHIBIT 1007
`Page 21 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 21 of 28
`
`6,134,659
`
`
`Isa
`
`license in
`use?
`
`
`Is the
`Valid?
`
`Serial Number
`
`
`
`
`
`
`
`Is the
`
`Acknowledgment
`Code Valid?
`
`
`
`Generate Deauthorization Code based on parameters
`suchas: current date, time period of authorization,
`Serial Number to be authorized and random numbers
`
`
`Provide Deauthorization Code to the user and
`receive Acknowledgment Code from the user
`
`
`
`
`
` Record Serial Number, Deauthorization
`Code, Acknowledgment Code, current
`
`
`
`
`Authorization
`date and other pertinent information in
`
`
`Database
`
`the vendor's Authorization Database
`
`
`
`!
`Exit
`|
`
`
`
`
`
`Figure 11-B
`
`APPLE EXHIBIT 1007
`Page 22 of 43
`
`APPLE EXHIBIT 1007
`Page 22 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 22 of 28
`
`6,134,659
`
`Controlled Usage Software
`Software Distribution Process for
`Shrink-wrapped Software Products
`
`
`Shrink-wrapped software packages
`are created for distribution
`
`
`
`Unique Identification Numberis
`assigned to and recorded on each
`
`Software Distribution Package
`
`
`
`
`Distribution information is
`
`
`recordedin the software vendor's
`
`Distribution Database.
`
`
`Information recorded includes
`
`information such as: Distributor
`name, address, phone number,
`
`shipped Identification Numbers,
`
`and the number of authorized
`users for each shipped package
`
`
`
`
`'
`
`
`
`
`Software Distribution Packages
`are shippedto distributors
`
`Figure 12
`
`APPLE EXHIBIT 1007
`Page 23 of 43
`
`Distribution
`
`
`
`Database
`
`APPLE EXHIBIT 1007
`Page 23 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 23 of 28
`
`6,134,659
`
`Controlled Usage Software
`Software Sales Processfor
`Shrink-wrapped Software Products
`
`
`
`Distributor orders and remits
`paymentfor the Controlled Usage
`Software from the Software
`Vendor
`
`
`
`
`Distributor receives Software
`Distribution Packages
`
` User purchases software package
`
`
`from the distributor
`
`
`
`
`
`
`Figure 13
`
`APPLE EXHIBIT 1007
`Page 24 of 43
`
`APPLE EXHIBIT 1007
`Page 24 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 24 of 28
`
`6,134,659
`
`Controlled Usage Software
`User Authorization Process for
`Shrink-wrapped Software Products
`
`
`
`
`Controlled Usage Software is
`installed on the user's system
`
`Userstarts the Controlled Usage Software
`
`
`
`
`
`
`
`Controlled Usage Software checksto
`determineif a valid SerialNumber exists
`
` Y
`
`
`
`
`
`
`
`
`
`Figure 14-A
`Li
`
` Doesa valid
`Yes
`Serial Number
`Exist?
`
`
`
`Generate Serial Number based on parameters such
`as: current date/time, system hardware serial
`numbers, Identification Number and random numbers
`
`
`Y
`
`Save the generated Serial Number
`<a on the user's hard disk in multiple
`locations in clear and encoded form
`
`
`
`
`
`Y
`
`User is prompted to enter an Authorization
`Codeby the Controlled Usage Software
`
`APPLE EXHIBIT 1007
`Page 25 of 43
`
`APPLE EXHIBIT 1007
`Page 25 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 25 of 28
`
`6,134,659
`
`
`
`
`
` nee| UserCallstheSoftwareVendor |
`
`
`
`User supplies requested user information, such as the
`Serial and Identification Numbers displayed on his/her
`screen and current paymentstatus/verification (including
`
`
`
`Valid
`Authorization
`Request?
`
`Authorization Code is entered into
`the Controlled Usage Software
`
`Authorization Codeis verified by the Controlled Usage Software
`
`
`
`
`
`Valid
`Authorization
`
`Code?
`
`' Yes
`
`time period licenseis valid for) to the Software Vendor
`
`
`y Yes
`
`
`
`
`
`
`
`Auth
`~Auth
`
`
`~~Auth
`
`
`
`
`
`Controlled Usage Softwareis activated
`and enabled for use; Authorization
`code is stored on the user's hard disk
`in clear and encoded form
`
`
`|
`Exit
`
`
`
`|
`
`Figure 14-B
`
`APPLE EXHIBIT 1007
`Page 26 of 43
`
`APPLE EXHIBIT 1007
`Page 26 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 26 of 28
`
`6,134,659
`
`Controlled Usage Software
`Software Vendor Authorization Processfor
`Shrink-wrapped Software Products
`
`|
`Usercalls in requesting an Authorization Code
`
`
`
`
`Software Vendor requests user information such as Serial
`
`
`and Identification Numbers of the system to be authorized,
`distributor software package waspurchasedfrom, purchase
`
`
`date, license time period and paymentstatus from the user
`
`
`
`
`User
`Database
`
`User information is recorded and verified in the
`software vendor's User Database, including time
`period the useris licensed to use the product and
`Identification/Serial Numbers supplied by the user
`
`Database
`
`
`
`
`Distribution
`
`Software Vendor verifies Identification Number and
`distributor information based on information stored
`in the Distribution Database
`
`
`
`Valid
`Authorization
`Request?
`
`
`
` Authorization
`
`Software Vendorverifies supplied Serial
`Numberis valid and that a license is available
`for use from the Authorization Database
`Database
`
`
`
`uy
`
`“w
`
`v
`
`Figure 15-A
`
`APPLE EXHIBIT 1007
`Page 27 of 43
`
`APPLE EXHIBIT 1007
`Page 27 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 27 of 28
`
`6,134,659
`
`
`Does a
`valid license
`
`
`Exist?
`
`
`
`Are the
`Identification and
`Serial Numbers
`Valid?
`
`
`
`
` [kK
`
`
` Record Serial Number,Identification
`the vendor's Authorization Database
`
`Authorization
`Database
`
`Number, authorization period, current
`date and otherpertinent information in
`
`
`
`Generate Authorization Code based on
`parameters suchas: current date, time period of
`authorization, Serial and Identification Numbers
`to be authorized and random numbers
`
`Provide Authorization Code to the user
`
`
`
`
`et
`
`Figure 15-B
`
`
`
`
`
`APPLE EXHIBIT 1007
`Page 28 of 43
`
`APPLE EXHIBIT 1007
`Page 28 of 43
`
`
`
`U.S. Patent
`
`Oct. 17, 2000
`
`Sheet 28 of 28
`
`6,134,659
`
`Controlled Usage Software
`User Software Startup Processfor
`Shrink-wrapped Software Products
`
`Userstarts the Controlled Usage Software
`
`The Controlled Usage Software
`checksfor the existence and
`validity of the assigned Serial
`
` !
`
`
`
`Number and Authorization Code
`
`
`
`
`Is Serial
`Number
`Valid?
`
`
`
`Is the
`software
`
`authorized
`for use?
`
`
`
`Software is
`activated for use
`
`Go to i) in the User
`Authorization Process
`
`Te
`
`Figure 16
`
`APPLE EXHIBIT 1007
`Page 29 of 43
`
`APPLE EXHIBIT 1007
`Page 29 of 43
`
`
`
`6,134,659
`
`1
`CONTROLLED USAGE SOFTWARE
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`This application is related to an earlier filed and now
`abandoned application by Katherine Sprong entitled “CON-
`TROLLED USE SOFTWARE,”filed on Dec. 8, 1997 and
`given Ser. No. 08/986,546 and is a continuation-in-part of
`application Ser. No. 09/004,143, filed Jan. 7, 1998. The
`teachings of this earlier application are incorporated herein
`by reference to the extent that they do not conflict with the
`teachings herein.
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`This invention relates generally to computer software and
`the security of computer software programs. More
`particularly, this invention relates to a system and method
`for protecting computer software from unauthorized use
`and/or copying.
`2. Description of the Related Art
`Most computer software programs are distributed as
`machine-readable information recorded on some form of
`storage medium (e.g., floppy disk, CD-ROM). These pro-
`gramsare run simply by loading the storage medium into a
`suitable, computer memory device for subsequent use.
`In the absence of any copy protection, anyone who has
`physical possession of the distribution storage medium can
`make several copies of that computer software and each
`copy maybe used on a separate computer system. Although
`making back-up copies of software is normally desirable,
`allowing numerous unauthorized copies is very undesirable.
`Unfortunately, such unauthorized copying is widespread and
`deprives the software suppliers legitimate sales and there-
`fore revenue.
`
`Prior art methods have been developedto try to protect
`computer software. However, these all have variousfailings
`as evidenced by the extensive amount of unauthorized
`copying which is known to exist
`today. The Software
`Publishing Association, an industry group of more than 900
`firms, estimated that in 1993 the industry lost more than $2.5
`billion to this problem.
`Onesuch software protection methodis “copy protection”
`where a non-standard disk format is used for recording a
`software program onto the distribution medium. A short,
`machine language program, in standard format, is included
`as an auxiliary program on the disk. This machine language
`program tells the computer how to read the non-standard
`format in which the program is recorded. Since standard
`copying programs can only read or write data in standard
`format, copying of this program is considerably more
`difficult, but not impossible.
`The use of such “copy protected” software led to the
`development and sale of numerous “bit copier” utility
`programs, which,unlike standard copy utilities, can produce
`executable duplicates of such programs. Thus, this form of
`media copy protection discourages, but did not prevent
`unauthorized software copying.
`Another method or approach to software protection is to
`use an electronic security device, sometimescalled a dongle,
`which attaches to one of the computer’s external/internal
`ports. Programs which are to be protected in this way must
`make procedure calls which interrogate the port to make
`sure the dongle is in place, and that the dongle has a unique
`identifier which matches the unique identifier embedded in
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`a location within the program. If the dongle is not there, or
`if one is attached which has a non-matching identifier, the
`program terminates. Various manufacturers of such devices
`continue to sell them to software vendors, but most software
`is still sold without these devices, either because of cost
`criteria or the lack ox acceptance by software purchasers.
`Still another approach to software protection requires the
`user to utilize a secret code or password which must be
`obtained from the software supplier and entered when using
`the software. However, this approachstill does not preclude
`unauthorized copying since the code or password can be
`obtained by one person and can be given to many other
`users.
`
`Other such methods requiring interaction between the
`software user and the software vendor have been developed.
`For example, U.S. Pat. No. 4,658,093 discloses a secure
`distribution system for software comprising: a base unit on
`which the software is to be installed, a remote authorization
`unit and communications means between them, wherein the
`base unit comprises means for: (i) inhibiting use of the
`software without authorization from the remote unit, (ii)
`requesting authorization,
`(iii)
`receiving and verifying
`authorization, and (iv) permitting authorized use, and
`wherein the remote unit comprises meansfor processing and
`providing authorization. The medium containing the soft-
`ware itself is seen to be relatively passive in this protection
`scheme.
`
`U.S. Pat. No. 4,688,169 discloses a security system for
`restricting execution of software to a particular machine
`comprising unique identification numbers for individual
`computers, software with the capability to determine and
`store the identification numbers of the computers on which
`it
`is running, plus, when an attempt is made to run the
`software on a different computer, to compare the identifi-
`cation numbers and preventfurther execution if the numbers
`do not match.
`
`USS. Pat. No. 5,199,066 discloses method and system for
`protecting software from unauthorized copying. The method
`comprises the steps of: (1) inputting both a hardware code
`corresponding to the hardware on which the software is to
`run and a first software code for the particular embodiment
`of the software, (2) operating on these codesto yield a first
`intermediate code, (3) inputting an activation code obtained
`from the software vendor,
`(4) operating upon the first
`intermediate code and the activation code to yield a second
`intermediate code, (5) comparing the second intermediate
`code with a second software code uniquely associated with
`the particular embodiment of the software being employed
`and stored at a hidden location within the software,
`the
`second software code not being ascertainable by the user,
`and (6) enabling the software if the second intermediate
`code and the second software code are identical.
`
`Other forms of software protection have been developed
`and employed with limited success, In somecases, the other
`formsof protection are too expensive to employ with some
`software. In other cases, these other forms of protection are
`not technically suitable for some software.
`Despite this prior art, the need exists for an invention that
`can provide for distributing software to users and allowing
`the users to conveniently install and use the software while,
`at the same time, protecting the interests of the software
`suppliers by preventing the unauthorized use of the soft-
`ware.
`
`SUMMARYOF THE INVENTION
`
`The present invention is generally directed to satisfying
`the need set forth above. More particularly, this invention is
`
`APPLE EXHIBIT 1007
`Page 30 of 43
`
`APPLE EXHIBIT 1007
`Page 30 of 43
`
`
`
`6,134,659
`
`3
`directed to an improved system and method for preventing
`the unauthorized use of computer software.
`In accordance with a first preferred embodiment of the
`present invention, the foregoing need can besatisfied by
`providing a system for preventing unauthorized use of a
`software program recorded within a storage medium, com-
`prising:
`means recorded on the storage medium along with said
`software program for directing one requesting to use said
`software to input
`into the host computer information
`uniquely identifying one requesting to use said software
`program, wherein said information includes at least one
`from among the group consisting of the user’s name,
`address, phone number, social security number, bank
`account number, corporate tax identification number and
`number of the credit card previously used to purchase a
`license to use said software,
`means recorded on the storage medium for storing within
`the host computer said user inputted information,
`a remote authorization unit that authorizes use of the
`software, wherein said authorization unit includes a stored
`and maintained database with information about all autho-
`rized users of the software includingat least one from among
`the group consisting of authorized user’s name, address,
`phone number, social security number, bank account number
`and numberof the credit card previously used to purchase a
`license to use said software,
`in addition to information
`regarding date on which any previous use was authorized,
`duration and extent of authorized use,
`meansrecorded on the storage medium for directing one
`requesting to use said software to communicate said user
`information to remote authorization unit for the purposes of
`obtaining an authorization code that can be inputted to
`enable use of said software,
`means within the authorization unit for comparing said
`communicated user information with said authorization unit
`
`database of information identifying authorized users of said
`software to verify that one requesting use of said software is
`an authorized user,
`means within authorization unit for generating an autho-
`rization code if one requesting to use said software is an
`authorized user, wherein said authorization code is gener-
`ated by an authorization code algorithm that operates on at
`least one parameter from amongthe group consisting of said
`inputted user information, the date on which the authoriza-
`tion code is being requested, and the dates of the period of
`authorized use, in addition to random numbersthat provide
`uniqueness to the authorization code and prevent one from
`deciphering the authorization code to ascertain the param-
`eters operated on by said algorithm,
`meansrecorded on the storage medium for directing one
`requesting to use said software to input and store said
`authorization code into host computer, wherein said autho-
`rization code is stored in both clear and encoded form,
`means recorded on storage medium for retrieving stored
`user information and operating on said information with the
`same said authorization code algorithm to generate within
`the host computer an analogous authorization code,
`means recorded on storage medium for comparing said
`analogous authorization code generated within the host
`computer with the authorization code received from said
`authorization unit,
`means recorded on the storage medium