`US 6,189,146 B1
`(10) Patent N0.:
`Misra et al.
`(45) Date of Patent:
`Feb. 13, 2001
`
`USOO6189146B1
`
`(54) SYSTEM AND METHOD FOR SOFTWARE
`LICENSING
`
`Primary Examiner—Reba I. Elmore
`(74) Attorney, Agent, or Firm—Lee & Hayes, PLLC
`
`(75)
`
`Inventors: Pradyumna K. Misra; Bradley J.
`Graziadio, both of Redmond; Terence
`R. Spies Kirkland all of WA (US)
`’
`’
`(73) Assignee: Microsoft Corporation, Redmond, WA
`(US)
`
`(*) NOtiCCI
`
`Under 35 U~S~C- 154(k)), the term Of this
`patent shall be extended for 0 days.
`
`(21) Appl. No.: 09/040,813
`.
`.
`Mar. 18’ 1998
`(22) Flled'
`(51)
`Int. Cl.7 ...................................................... G06F 17/40
`(52) US. Cl.
`.................................... 717/11; 380/4; 380/25
`(58) Field of Search ................................. 395/712; 701/1;
`380/3, 4, 30, 44, 25; 717/11
`
`(56)
`
`References CitEd
`U S PATENT DOCUMENTS
`i
`.
`'
`5/1990 Hershey et al.
`..................... 713/201
`
`8/1992 corbm ””””
`" 713/200
`4/1993 Wyman
`380/4
`8/1994 Mu et a1.
`380/4
`
`..
`380/25
`9/1996 Ross et a1.
`
`9/1997 Christiano .......
`707/104
`
`380/25
`3/1998 Chang et al.
`
`4/1998 Wyman -------
`705/1
`............................... 380/24
`8/1998 Fox et al.
`
`*
`4,924,378 *
`591389712
`5,204,897 *
`5,343,524 *
`5 553 143 4
`5,671,412 *
`5,724,425 *
`5,745,879 *
`5,790,677 *
`
`(57)
`
`ABSTRACT
`.
`.
`.
`.
`A software licensmg system includes a license generator
`located at a licensing clearinghouse and at least one license
`server and multiple clients located at a company or entity.
`When a company wants a software license,
`it sends a
`purchase request (and appropriate fee)
`to the licensing
`clearinghouse. The license generator at the clearinghouse
`creates a license pack containing a set of one or more
`individual software licenses. To prevent the license pack
`from being copied and installed on multiple license servers,
`the license generator assigns a unique license pack ID to the
`license pack and associates the license pack ID with the
`particular license server in a master license database kept at
`the licensing clearinghouse. The license generator digitally
`signs the license pack and encrypts it with the license
`server’s public key. The license server is responsible for
`distributing the software licenses from the license pack to
`individual clients. When a client needs a license, the license
`server determines the client’s operating system platform and
`grants the appropriate license. To prevent an issued license
`.
`.
`.
`.
`.
`.
`.
`from being copied from one client machine to another, the
`software license is ass1gned to a speCific client by including
`1.
`ID .th.
`th 1.
`Th
`ft
`1.
`1
`h
`a c ient
`w1
`in
`e icense.
`. e so ware icense a so as
`a license ID that is assoc1ated With the client ID in a database
`record kept at the license server. The license server digitally
`signs the software license and encrypts it using the client’s
`public key. The license is stored locally at the client.
`
`* cited by examiner
`
`20 Claims, 8 Drawing Sheets
`
`20 \
`
`Client Image,
`Client Sig
`
`28 ”
`,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
`
`32
`
`\‘
`
`7
`
`,,,,,,,,,,,,,,,,,,,,,,,,
`
`1
`i
`124 1
`Challenge
`
`
`License Server
`118
`Client Image
`Installer
`
`2
`122:
`i
`
`System ID
`
`Request
`Handler
`.
`_
`Client
`Authentlcatlng
`Module
`
`Response
`
`Licensefor
`Client ID
`
`112
`
`126
`
`Granting
`Module
`
`116
`110
`
`1
`l
`1
`1;
`;
`i
`i
`
`3
`
`100
`
`102
`114
`104
`
`26 fl
`”””””””””””””””””
`,1 Llcenser Generator
`'
`
`1
`‘
`
`Master License
`Databases
`
`
`
`
`
`120
`
`Client Image
`Cache
`
`
`Secure License
`
`LP Store
`CA
`
`
`
`Table
`Table
`
`L'
`Pack
`lcense
`installer
`
`
`,,
`
`"1158;;"""system .0
`'
`Challenge
`License
`
`
`1
`Requester
`Handler
`
`3
`132
`i 134
`
`
`106 l
`5 -
`
`T---------------------------------
`E
`135
`Purchase Request
`i
`1 40
`:
`
`
`
`
`(LS Certificate,
`E
`/—
`_E
`
`artist) T
`£8,142 l
`"3
`
`
`
`
`
`"""""""""""""""""""""""""""""""""""""
`
`License
`
`
`Pack
`/— 108
`
`
`130
`
`3
`Intermediate Server
`i
`128
`_ - i
`
`
`Legacy
`,
`.Cllen-t
`License
`Llclejnsmg
`
`Store
`nit
`
`
`
`
`came
`
`
`Client
`_________________________________________________
`30
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`US. Patent
`
`Feb. 13, 2001
`
`Sheet 1 0f 8
`
`US 6,189,146 B1
`
`20\
`
`,,----------------_—--------------------
`E
`Clearinghouse
`
`= "
`
`22
`
`
`
`License
`
`Generator
`
`26
`
`
`
`
`
`
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`US. Patent
`
`Feb. 13, 2001
`
`Sheet 2 0f 8
`
`US 6,189,146 B1
`
`ow
`
`82>
`
`533$
`
`
`
`
`
`mam.E296
`
`oomtBE83.9583.95836::
`
`momt2:.
`
`
`
`
`
`
`
`
`
`
`
`
`vtOEGZton—_m_._®mROBQO030C332x20“ta—:—_4V>:fl
`
`
`
`
`ek
`
`
`@215$25xwfi.025
`
`E3382_v.EEmoi550mm
`
`
`
`g.E2m>w
`
`mczfimao
`
`mwEEmoi
`
`co=mo=aq<
`
`
`
`Na
`
`
`
`
`
`
`
`
`98832E3.mmon/EmaI/ammiuos.)mESmoi)2.ng
`
`
`
`
`
`
`
`
`
`EEan.$50cosmozaa<9:980
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`
`
`
`
`
`US. Patent
`
`9
`
`1B
`
`
`
`“EDONFm.m:0:chEgoBa9.on
`
`
`
`
`238.2mM1352552mama.E26
`
`
`_wmcoammmmcomom_
`
`
`
`.m3:8:96:8:m56chF02E96Ma..853“8:31$__Emc_
`
`
`
`mmmE_szo
`
`09
`
`
`
`wmmmnfimoW3:83.5532m
`
`555505883
`
`8
`
`v:wWw$03.91mNowmmcmoj
`
`0:622<098w6.m$52..@9220mmmczcfio8:8:058mw............................................g.m%n:E293
`
`8omxomn.1mo?6,x........................k.
`omcmofiN:
`8Nmr.vmr9E30EMm65¢:ch$6ch8.,8:8:
`
`
`......................,,3:8:mEmzo................................................................MmM.tmo$me
`
`3:8:.029:o:xomm3:83mwo:
`
`
`@580Q52%N:8ch5:99:
`................
`mmmcosn.
`mo?..,,_M66chmwe626mm
`
`%$91,M..
`
`
`
`
`
`
`
`
`
`«mwacmm
`
`650550mi
`
`33:83a.Eotmi
`
`|PR2021-00570
`
`ANCORA EX2021
`
`/
`
`
`
`.mmmc:E25
`
`99:26
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Feb. 13, 2001
`
`Sheet 4 0f 8
`
`US 6,189,146 B1
`
`cm?vcmmvcmSmficmo
`
`
`
`603ch32051
`
`
`
`wNLOP—0wwwcwoj
`
`v2
`
`um:
`
`2:36mmJOLmEEQOv.ho9.32mi35>
`
`:me4Elm?meDx3:02..#580
`
`wow
`
`“mm:mm$2051
`
`mmmcmo:hobzcmsc
`
`
`
`warEBtmE
`
`985:8m496:85
`
`
`
`858w...vwfiwzawm
`
`weN
`
`
`
`
`
`xomn.mwcmoj
`
`8283—umcm_mm<-coz
`
`
`
`Qxomn.3:83
`
`we?
`
`o:
`
`
`
`
`
`n:xomlwmcwoj0Hm3_m>w
`
`
`$50]
`
`EzowwExomm3:8::92:
`
`29m
`
`IIIII
`
`111111
`
`3%
`
`3:83985
`
`n:xomm53>xoma
`
`N3
`
`.6632EcoszBE
`
`me$503
`
`
`
`«magma99wv3
`
`
`
`
`
`mmcmo:£39xomn.9m_00mm<cm?
`
`$5.6m
`
`me
`
`xomn.mmcmo:Ebocmv_
`gala!meD95le
`
`
`
`
`
`xomm3:8::05x
`5.0!EB.55
`
`
`
`om:
`
`xomm
`
`3:8.:am
`.._ha1Nov
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Feb. 13, 2001
`
`Sheet 5 0f 8
`
`US 6,189,146 B1
`
`onE25
`
`
`
`mm5me9mfiw§9£
`
`“$3qu
`
`68:8255m
`
`
`9EmgmBE:Ucmw
`
`mo.
`
`
`
`82091“.9886.wt,
`
`86%”.
`
`
`mcomommcmo:>530
`
`
`Em9E25.890,
`
`
`
`mmcmo:>>\w>cm
`
`
`
`
`855522;u“Cm.W380:EmWmumEEnswocmuamwmé
`
`o::m__o3:833:8:35>
`
`53:3
`
`IIIIIIIIIIIIIIIIIIIIIIII
`
`2625036mm
`
`E99.@9503
`
`Eammomcmo:
`
`@883
`
`$2qu
`
`$33800
`
`cozowccoo
`
`_,
`
`ow?
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Feb. 13, 2001
`
`Sheet 6 0f 8
`
`US 6,189,146 B1
`
`Ed
`
`99wvcmabomo
`
`wmcmo:
`
`\3
`
`-§\
`Ck
`
`om
`
`0kucoammm
`
`mmcm=mco
`
`omco=mco
`
`ohmic“.
`
`
`
`$95:chwocm=mco
`
`
`
`mmcoamwm
`
`EmEou
`
`
`
`mmcoawmmmmcoqmmm
`
`@5550
`
`3:2.ch
`
`mmcogmwm
`
`tone;
`
`
`
`onE96mm._o>._wwBEBEEE
`
`
`
`wN1.6szwmcmoj
`
`mm:
`
`262E33.
`
`3:8:
`
`.9599$
`
`9538i
`
`02‘
`
`Ego09.2.20
`
`36:55.3
`
`oFN
`
`052.<0Emu.3vowcam0283E90
`
`9on3:8:325
`
`3:83262Emsao“.
`
`3:8:3:02..cm_m
`
`
`
`
`
`
`
`92an0vcm
`
`5:08:00
`
`3:83
`
`5:53:83abocm
`
`3.0:85$55
`
`ENEN3N
`
`ealo
`
`yo5w:Eat:
`
`cocoobm
`
`
`
`co=ow_wmco=o£om
`
`
`
`E20.585:ozoflmmE:61
`
`xwow
`
`
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Feb. 13, 2001
`
`Sheet 7 0f 8
`
`US 6,189,146 B1
`
`N
`
`
`
`5m::5ng
`
`o:_m>
`
`I
`
`
`
`onszo
`
`
`
`Emzo:Enzm
`
`n:Emitow
`
`
`$685mo.2<mmmmmmgEm:H«mm
`
`oz
`
`EmEmEEHE
`
`NMhmaww
`
`
`
`wNhmzwwwww.021—
`
`
`
`5922862..
`
`
`
`some.225
`
`
`
`
` mvmmwWTEgoMm35:20W03925525w
`
`wcomoE0:mama:wmmE26965%
`
`
`
`898:.E26WW.mmceacov5mm:
`
`W98
`
`mmm
`
`co=o£wmBLow:ESE.
`
`
`
`1TSnow—mm5memcozomfimm
`
`«mmmmmM852.33
`
`_62:.
`
`
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Feb. 13, 2001
`
`Sheet 8 0f 8
`
`US 6,189,146 B1
`
`N:
`
`0.:
`
`omEm=0
`
`
`
`Hooccoo=Eo3m
`
`“mmzcom
`
`8503hose
`
`mcomo
`
`2<wEOvcww
`
`mmcmo:
`
`OVN
`
`NmN
`
`20momamm
`
`@580E3:003
`
`.9E396
`
`n:«ozuoi
`
`a:
`
`20
`
`3:8:
`
`0mm
`
`NVN
`
`oco_m_w>205Ugaxm
`
`SN02
`
`
`
`3:02..209muSmaD#mmacmm
`
`20
`
`.038:
`
`n:E9w>w
`
`wvm
`
`muquD
`
`ww_nm__w><
`
`#0E.—Ucmw
`
`
`
`wwcwo:umfiooo<
`
`ncmQwEwm
`
`
`
`mm:“haven.
`
`v:
`
`mm83mm3503
`
`Bumbag:
`
`owcmo:
`
`,983:83
`
`
`
`umufima:2.220“.
`
`umumcmab
`
`mmcwoj
`
`92qu0
`
`5:02:00
`
`cccccccccccccccc
`
`wvw
`
`mm;
`
`
`
`83.23:vcmm
`
`3:8:
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US 6,189,146 B1
`
`1
`SYSTEM AND METHOD FOR SOFTWARE
`LICENSING
`
`TECHNICAL FIELD
`
`This invention relates to systems and methods for licens-
`ing software. This invention further relates to systems and
`methods for enforcing software licenses.
`
`BACKGROUND
`
`Software licensing has historically been based on a “trust”
`model in which the user (i.e., licensee) is presumed to be
`honest and trustworthy and to abide by the legal require-
`ments of the license. Under the trust model, a software
`license typically accompanies a software product to explain
`the terms of use. For instance, the software license might
`dictate that the program code is to be installed on only one
`computer, and may be used to make one backup copy.
`Common types of licenses include “shrink wrap” licenses,
`“online” licenses, and “site” licenses. A “shrink wrap”
`license is a license that accompanies each software product
`that
`is sold individually in a shrink-wrapped package
`through retail stores. The user is typically assumed to accept
`the terms of the shrink wrap license upon breaking the seal
`of the package, or the container that holds the disk itself.
`An “online” license is one that accompanies software
`products that are downloaded online, such as from the
`Internet. The license is typically presented to the user prior
`to downloading the code. The user is presented with a choice
`to accept or reject the license. If the user accepts the license
`(e. g., by clicking an “Accept” button on the screen), the user
`is presumed to have accepted the terms of the license and the
`code is downloaded to the user’s computer.
`A “site” license is a single license that allows installation
`of multiple copies of software on many different computers
`at a particular site or many sites. It is commonly used to sell
`software to corporations, firms, or other entities having
`many computers. The purchaser pays for a certain number of
`copies (e.g., hundreds or thousands), and the site license
`enables the purchaser to install that many copies on its
`computers. The site license is beneficial because the soft-
`ware vendor need not supply a large number of program
`disks, but merely supplies one or a few copies of the
`software and lets the purchaser install the copies without
`violating the agreement.
`Each of the above license arrangements assumes that the
`purchaser is honest. The software purchaser must abide by
`the license terms in order to legally use the software. If the
`purchaser fails to abide by the provisions, the purchaser can
`be charged with civil and criminal violations.
`However, enforcement of such licenses is impractical, if
`not impossible. Unscrupulous users might make multiple
`copies of the software code and install it on more computers
`than the license allows. Yet, software vendors cannot begin
`to monitor these abuses because they occur in the privacy of
`the home or company. Thus, it is believed that the software
`industry loses a large percentage of revenues each year
`simply due to illegitimate use of software by the licensees.
`This loss does not even account for the problems of overseas
`pirating.
`Another problem with conventional software licensing
`practices concerns internal monitoring and bookkeeping on
`the part of large-site licensees. In most cases, the licensees
`want to comply with the terms of the software licenses, but
`are unable to adequately track the software as it is used
`throughout the site. For example, a large corporation might
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`purchase several thousand copies of the software and begin
`installing the copies. However, computers and personnel
`change over time and it is difficult to centrally monitor how
`many copies have been installed, whether the copies have
`expired, whether they need upgrading, and SO forth.
`Accordingly, there is a need to develop a new approach to
`licensing software in a manner that assures that the terms are
`being meet and assists the licensee with monitoring whether
`it is in compliance with the software license.
`SUMMARY
`
`This invention concerns a system and method for licens-
`ing software. The system and method provides confidence to
`the vendor that the software license is being complied with,
`while also assisting the purchaser in monitoring its own
`compliance with the license.
`According to one aspect of this invention, computer
`software licenses are electronically issued as digital certifi-
`cates that can be distributed in one-to-one correlation with
`
`individual client computers and traced to an issuing author-
`ity.
`According to another aspect, the system includes a license
`generator located at a licensing clearinghouse and at least
`one license server and multiple clients located at or affiliated
`with a company or other entity. Because the clients might
`not have network connectivity to the license server, one or
`more intermediate servers may act as an intermediary for the
`clients. These intermediate servers are otherwise common
`
`servers that provide resources to clients, but with the added
`ability to facilitate connectivity to the license server for
`purposes of distributing software licenses to the clients.
`When a company wants a software license,
`it sends a
`purchase request (and an appropriate fee) to the licensing
`clearinghouse. The license generator at the licensing clear-
`inghouse creates a license pack containing a set of one or
`more individual software licenses. To prevent the license
`pack from being copied and installed on multiple license
`servers, the license generator assigns a unique license pack
`ID to the license pack and associates the license pack ID
`with the license server in a master license database kept at
`the licensing clearinghouse. The license generator also digi-
`tally signs the license pack and encrypts it with the license
`server’s public key. The license generator sends the license
`pack to the license server using standard communications,
`such as over a data communication network (e.g., Internet)
`or via a portable data medium (e.g.,
`floppy diskette,
`CD-ROM, etc.).
`The license server verifies the license generator’s digital
`signature on the license pack and if valid, installs the license
`pack for subsequent distribution of licenses. The license
`server maintains an inventory of software licenses that have
`been purchased from the licensing clearinghouse. The
`license server is responsible for distributing the software
`licenses contained in the license pack to individual clients.
`It monitors the software licenses that have been granted to
`clients and continues to distribute licenses as long as non-
`assigned licenses remain available. Once the supply of
`non-assigned licenses is exhausted, however,
`the license
`server can no longer grant licenses to the clients and the
`customer must purchase a new pack from the license clear-
`inghouse.
`When a client connects to a server, the client presents a
`valid license (if it has one). If the client does not have an
`appropriate license, the server assists the client in obtaining
`a license from the license server. This provides an automated
`mechanism for clients to obtain and license server to dis-
`tribute licenses to clients.
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`US 6,189,146 B1
`
`3
`When a license is requested, the license server initially
`checks if the requesting client has already been issued a
`license. When this situation is detected, the license server
`issues the existing license to the client. This is actually
`reissuing of the same license that was previously issued.
`This allows the client to gracefully recover licenses when
`they are lost.
`In one implementation, the license server determines an
`appropriate type of license based in part on the client’s
`operating system platform. The license server derives the
`platform information by establishing a trust relationship
`with the client and then querying its platform type. If a
`software license is available for allocation, the license server
`grants a software license that is appropriate for the client’s
`platform.
`To prevent an issued license from being copied from one
`client machine to another, the software license is assigned to
`a specific client by including its client ID within the license.
`The software license also has a corresponding license ID
`that is associated with the client ID in a database record kept
`at the license server.
`
`The license server digitally signs the software license. The
`license is passed to the client, where it is stored in a local
`cache at the client. Once a client has obtained a license, it is
`responsible for managing the storage of that license.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`the
`
`The same reference numbers are used throughout
`drawings to reference like components and features.
`FIG. 1 shows a software licensing system.
`FIG. 2 shows a block diagram of a computer used to
`implement the software licensing system.
`FIG. 3 shows a functional block diagram showing soft-
`ware components and databases that implement the software
`licensing system.
`FIG. 4 shows steps in a method for issuing a license pack
`of individual licenses.
`
`FIG. 5 shows steps in a method for initiating a connection
`between a client and a server and determining whether the
`client has a valid license.
`
`FIG. 6 shows steps in a method for distributing a software
`license to a client.
`
`FIG. 7 shows steps in a method for challenging a client
`prior to granting a software license to that client.
`FIG. 8 shows steps in a method for upgrading a software
`license.
`
`DETAILED DESCRIPTION
`
`the reader is
`The following discussion assumes that
`familiar with public key cryptography. For a basic introduc-
`tion to cryptography, the reader is directed to a text written
`by Bruce Schneier and entitled, “Applied Cryptography:
`Protocols, Algorithms, and Source Code in C,” published by
`John Wiley & Sons, copyright 1994 (second edition 1996),
`which is hereby incorporated by reference.
`FIG. 1 shows a system 20 for licensing software. The
`system 20 has a licensing clearinghouse 22 that creates and
`issues valid software licenses to one or more companies,
`firms, agencies, or other entities, as represented by company
`24. The clearinghouse 22 is a separate entity from the
`company 24. Examples of the clearinghouse include a
`software manufacturer, a software vendor, or a third party
`agent that is authorized to issue software licenses on behalf
`of the software manufacturer or vendor.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`The company 24 contacts the clearinghouse 22 when it
`desires to purchase a software license to run software on the
`company computers. The clearinghouse 22 has a license
`generator 26 that creates a “license pack” containing a set of
`one or more individual software licenses. The clearinghouse
`22 encrypts the license pack using the destination license
`server’s public key and digitally signs the license pack with
`a digital signature unique to the clearinghouse.
`The company 24 has at least one designated license server
`28. The license pack is sent
`to the company 24 using
`standard communications, such as over a data communica-
`tion network (e.g., Internet) or via a portable data medium
`(e.g., floppy diskette, CD-ROM, etc.), and installed on the
`license server 28.
`
`The license server 28 is responsible for distributing the
`software licenses contained in the license pack to individual
`clients, as represented by clients 30(1)—30(6). The license
`server 28 verifies the license generator’s digital signature on
`the license pack, decrypts the contents of the license pack,
`and stores the individual software licenses for subsequent
`distribution to individual clients.
`
`The license server 28 maintains an inventory of software
`licenses that have been purchased from the licensing clear-
`inghouse 22. The license server 28 monitors the software
`licenses that have been granted to clients. The license server
`28 can distribute licenses to new clients as long as it has
`available non-assigned licenses. Once the supply of non-
`assigned licenses is exhausted, however, the license server
`28 can no longer grant licenses to the clients. The only way
`for the license server 28 to obtain new non-assigned licenses
`is to purchase a license pack from the clearinghouse 22.
`Because the clients might not have network connectivity
`to the license server 28, one or more intermediate servers, as
`represented by servers 32(1) and 32(2), can act as an
`intermediary for the clients. Each intermediate server 32 is
`a common server that provides conventional resources to the
`clients. In addition, each intermediate server 32 has network
`connectivity to the license server 28 to facilitate license
`distribution from the license server 28 to the clients 30. The
`
`intermediate servers 32 accept software licenses issued by
`the license server 28;
`therefore,
`the intermediate server
`associations determine the scope of the license pack to a
`particular license server.
`The clients 30 may be directly coupled to the intermediate
`servers 32 via a LAN (local access network) or WAN (wide
`area network), as represented by clients 30(1)—30(4).
`Additionally, the clients 30 may be indirectly coupled to the
`intermediate servers 32, such as using a dialup connection as
`represented by clients 30(5) and 30(6).
`When a client 30 connects to the intermediate server 32,
`it must present a valid license. If the client does not have an
`appropriate license, the intermediate server 32 assists the
`client in obtaining a license from the license server 28. This
`provides an automated mechanism for distributing licenses
`to clients. The license server 28 initially checks if the
`requesting client already has been issued a license. When
`this situation is detected, the license server 28 issues the
`existing license to the client. This allows the client
`to
`gracefully recover licenses when they are lost.
`In one particular implementation, the license server 28
`determines an appropriate type of license based in part on
`the client’s platform operating system type. The license
`server 28 derives the platform information by establishing a
`trust relationship with the client 30 and then querying its
`platform type. Once a client 30 has obtained a license, it is
`responsible for managing the storage of that license. The
`platform challenge process is described below in more
`detail.
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`US 6,189,146 B1
`
`5
`Exemplary Computer Used to Implement Servers and/or
`Client
`
`The license generator 26, license server 28, and interme-
`diate server 32 are preferably implemented as computer
`servers, such as Windows NT servers that run Windows NT
`server operating systems from Microsoft Corporation or
`UNIX-based servers. It is noted, however, that the license
`generator 26 and license server 28 may be implemented
`using other technologies, including mainframe technologies,
`as long as they share an inter-operable communication
`mechanism like remote procedure call (RFC) and these
`systems are secure.
`The clients 30 can be implemented as many different
`kinds of computers, including a desktop personal computer,
`a workstation, a laptop computer, a notebook computer, a
`handheld PC, and so forth. The clients 30 may further
`represent a terminal device, which is a low cost machine
`with limited local processing and local memory. The termi-
`nal device includes a display, a keyboard, a mouse
`(optional), limited computer resources like memory, and
`enough intelligence to connect to an intermediate server. All
`applications run at the server. The terminal merely provides
`a connection point to the server-based processing.
`The clients 30 might also represent a network-centric
`computer, such as a Network Computer (or NC) or a Net PC.
`FIG. 2 shows an example implementation of a computer
`40, which can be used to implement the license generator 26,
`license server 28, and intermediate server 32. The server 40
`includes a processing unit 42, a system memory 44, and a
`system bus 46 that
`interconnects various system
`components, including the system memory 44 to the pro-
`cessing unit 42. The system bus 46 may be implemented as
`any one of several bus structures and using any of a variety
`of bus architectures, including a memory bus or memory
`controller, a peripheral bus, and a local bus.
`The system memory 44 includes read only memory
`(ROM) 48 and random access memory (RAM) 50. Abasic
`input/output system 52 (BIOS) is stored in ROM 48.
`The computer 40 has one or more of the following drives:
`a hard disk drive 54 for reading from and writing to a hard
`disk or hard disk array, a magnetic disk drive 56 for reading
`from or writing to a removable magnetic disk 58, and an
`optical disk drive 60 for reading from or writing to a
`removable optical disk 62 such as a CD ROM or other
`optical media. The hard disk drive 54, magnetic disk drive
`56, and optical disk drive 60 are connected to the system bus
`46 by a hard disk drive interface 64, a magnetic disk drive
`interface 66, and an optical drive interface 68, respectively.
`The drives and their associated computer-readable media
`provide nonvolatile storage of computer
`readable
`instructions, data structures, program modules and other
`data for the computer 40.
`Although a hard disk, a removable magnetic disk 58, and
`a removable optical disk 62 are described, other types of
`computer readable media can be used to store data. Other
`such media include magnetic cassettes, flash memory cards,
`digital video disks, Bernoulli cartridges, random access
`memories (RAMs), read only memories (ROM), and the
`like. Additionally, the computer 40 may be configured to
`serve data stored on an independent storage systems, such as
`disk array storage systems.
`Anumber of program modules may be stored on the hard
`disk, magnetic disk 58, optical disk 62, ROM 48, or RAM
`50. These programs include a server operating system 70,
`one or more application programs 72, other program mod-
`ules 74, and program data 76. The operating system 70 is
`
`6
`preferably a Windows-brand operating system such as Win-
`dows NT, Windows 95, Windows CE or other form of
`Windows. The operating system 70 may alternatively be
`other types, including Macintosh and UNIX-based operating
`systems.
`A user may enter commands and in formation into the
`computer 40 through input devices such as a keyboard 78
`and a mouse 80. Other input devices (not shown) may
`include a microphone, joystick, game pad, satellite dish,
`scanner, or the like. These and other in put devices are
`connected to the processing unit 42 through a serial port
`interface 82 that is coupled to the system bus 46, but may
`alternatively be connected by other interfaces, such as a
`parallel port, game port, or a universal serial bus (USB).
`A monitor 84 or other type of display device is also
`connected to the system bus 46 via an interface, such as a
`video adapter 86. The computer 40 has a network interface
`or adapter 88, a modem 90, or other means for establishing
`communications over a network 92.
`
`5 System Architecture
`FIG. 3 shows an exemplary software/hardware architec-
`ture of the system 20. The architecture includes four com-
`ponents: a license generator 26, a license server 28, a client
`30, and an intermediate server 32. The license generator 26
`produces license packs for a fee and the license server 28
`consumes the licenses by installing them. In turn, the license
`server 28 distributes a license to the client 30 with the help
`of the intermediate server 32. The client 30 then uses the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`license to gain access to the resources provided by the inter
`mediate server 32.
`
`The entity or organization that owns, or is responsibe for,
`the license server 28 registers itself with an independent
`certifying authority that is trusted by both the organization
`and the clearinghouse. The organization submits informa-
`tion identifying itself and various license servers to the
`certifying authority. The certifying authority performs a
`verification analysis of the organization to verify that it is a
`real entity and that the identification information is true and
`accurate. The certifying authority issues a certificate to the
`organization. The certificate contains the public key of the
`organization (or particular license server), which is signed
`by the certifying authority. This certificate becomes the
`license server’s certificate during the initial purchase request
`process when the license server requests a license pack from
`the clearinghouse.
`Similarly, the clearinghouse also registers with the certi-
`fying authority to receive a public certificate. The clearing-
`house certificate contains the clearinghouse’s public key,
`signed by the certifying authority.
`The license generator 26 has a master license database
`100, a licensing producer 102, and a request handler 104.
`The request handler 104 receives a purchase request 106
`from the license server 28 asking to purchase one or more
`license packs. The purchase request includes information
`pertaining to the licenses and license server 28. For example,
`the purchase request might contain such information as a
`license server ID,
`the license server’s certificate (which
`contains the license server’s public key), a client’s platform
`type, the quantity of licenses desired, a product ID, and a list
`of features that the licenses should enable. Additional infor-
`
`mation about a customer (e.g., name, contract number, etc.)
`may also be requested for purposes of tracking and report
`generation. This information is stored in the master license
`database 100.
`
`the license producer 102
`In response to the request,
`generates one or more license packs 108, each of which
`contains a set of one or more non-assigned licenses that are
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`|PR2021-00570
`
`ANCORA EX2021
`
`IPR2021-00570
`ANCORA EX2021
`
`
`
`US 6,189,146 B1
`
`8
`recognize four different platform types: Windows, Non-
`Windows, Legacy, and Direct-Connect. A “Windows”-type
`platform means the client computer runs a 32-bit version of
`Microsoft Windows operating system (e.g., Windows 95,
`Windows 98, Windows NT, etc.). A “Non-Windows”-type
`platform means the client computer runs an operating sys-
`tem other than a Windows brand operating system. A
`“Legacy”-type platform indicates that the client runs an
`older version of an operating system that cannot be
`adequately determined by the license server as a
`“Windows”-type or a “Non-Windows”-type. A “Direct-
`Connect” platform means the client
`is a terminal
`that
`attaches directly to the server’s bus and thus, all of the
`operating system functionality is provided directly by the
`server. Table 2 summarizes the platform types.
`
`TABLE 2
`
`Platform Types
`
`Platform Type
`
`Description
`
`5
`
`15
`
`20
`
`7
`purchased from the license clearinghouse. The license gen-
`erator 26 creates licensing packs in a way that prevents them
`from being copied and installed on multiple license servers
`28 or being applied multiple times on the same server. In the
`preferred implementation, this is accomplished using IDs
`and cryptographic tools. The license producer 102 assigns a
`unique license pack ID to each license pack and associates
`the license pack ID with the license server 28 in the master
`license database 100. The license pack ID is embedded in the
`license pack 108. This prevents users from multiplying the
`number of licenses they purchase by installing the same
`license pack multiple times on the same license server.
`The license generator 26 encrypts the license packs 108
`with the license server’s public key to ensure protected
`transport to the license server 28 and to ensure that only the
`license server 28 can open the packs 108. The license
`generator 26 also digitally signs the license packs 108 with
`a private signing key of the license generator 26. The license
`server 28 uses this signature to validate that the license pack
`came from an authorized license generator and has not been
`altered.
`
`The license pack 108 is a data structure that contains
`various information to enable the license server to distribute
`software licenses. The data structure contains fields with the
`
`licensing information. Table 1 shows the data fields of a
`license pack data structure.
`
`TABLE 1
`
`Field
`
`Description / Purpose
`
`Message Version
`
`License Pack Serial
`Number
`
`Issue Date
`First Active Date
`
`Expiration Date
`
`Begin Serial Number
`
`Quantity of Licenses
`Number of Human
`Descriptions
`Array of Human
`Descriptions (Locale,
`Description)
`
`Manufacturer
`
`Manu