a2, United States Patent
`US 6,189,146 B1
`(10) Patent No.:
`Feb. 13, 2001
`(45) Date of Patent:
`Misraetal.
`
`US006189146B1
`
`(54) SYSTEM AND METHOD FOR SOFTWARE
`LICENSING
`
`Primary Examiner—Reba I. Elmore
`(74) Attorney, Agent, or Firm—Lee & Hayes, PLLC
`
`(75)
`
`Inventors: PradyumnaK. Misra; BradleyJ.
`Graziadio, both of Redmond; Terence
`R.Spies, Kirkland,all of WA (US)
`
`(73) Assignee: Microsoft Corporation, Redmond, WA
`(US)
`
`(*) Notice:
`
`Under 35 U.S.C. 154(b), the term of this
`patent shall be extended for 0 days.
`
`(21) Appl. No.: 09/040,813
`“44.
`(22)
`Filed:
`Mar.18, 1998
`(SL) Mts C0 cececeeeccccssesssessseeecceseessneeeseeeeesaee GO6F 17/40
`(52) US. Cd. once ecceeeeeseeceeeeeseeeees 717/11; 380/4; 380/25
`(58) Field of Search ......00..ee 395/712; 701/1;
`380/3, 4, 30, 44, 25; 717/11
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`4,924,378 *
`5,138,712 *
`5,204,897 *
`5.343.524 *
`5,553,143 *
`5,671,412 *
`5,724,425 *
`5,745,879 *
`5,790,677 *
`
`5/1990 Hershey Qt al. eeeeeeeeeee 713/201
`
`8/1992 Corbin ........
`- 713/200
`
`«. 380/4
`4/1993 Wyman ...
`....
`” 3830/4
`8/1994 Muetal.
`
`9/1996 Ross etal. ..
`eee 380/25
`
`9/1997 Christiano.......
`.. 707/104
`
`3/1998 Changetal.
`.. 380/25
`4/1998 Wyman.......
`w 705/1
`
`8/1998 Fox et ale ccccssssssesscsssseesessssees 380/24
`
`(57)
`
`ABSTRACT
`.
`.
`.
`.
`A software licensing system includes a license generator
`located at a licensing clearinghouse and at least one license
`server and multiple clients located at a company orentity.
`When a company wants a software license,
`it sends a
`purchase request (and appropriate fee)
`to the licensing
`clearinghouse. The license generator at the clearinghouse
`creates a license pack containing a set of one or more
`individual software licenses. To prevent the license pack
`from being copied and installed on multiple license servers,
`the license generator assigns a unique license pack ID to the
`license pack and associates the license pack ID with the
`particular license server in a master license database kept at
`the licensing clearinghouse. The license generator digitally
`signs the license pack and encrypts it with the license
`server’s public key. The license server is responsible for
`distributing the software licenses from the license pack to
`individual clients. When a client needsa license, the license
`server determines the client’s operating system platform and
`grants the appropriate license. To prevent an issued license
`from being copied from one client machine to another, the
`software license is assigned to a specific client by including
`:
`ae
`5
`:
`a client ID within the license. The software license also has
`a license ID that is associated with the client ID in a database
`record kept at the license server. The license server digitally
`signs the software license and encrypts it using the client’s
`public key. Thelicense is stored locally at the client.
`
`* cited by examiner
`
`20 Claims, 8 Drawing Sheets
`
`20
`
`>
`
`28 —
`Client Image,
`Client Sig: 2Nee
`118
`License Server
`Client Image
`Installer
`
`122)
`
`System ID
`
`130
`
`26
`poseRocacncnenononrers
`| Licenser Generator
`|
`
`MasterLicense
`Databases
`
`%
`32
`cece eeuneeeeeeNe
`Intermediate Server
`
`
`-
`128 Cc
`Legacy
`[7
`Client
`Licensing
`License
`
`
`Store
`Unit
`
`
`Request
`Handler
`124
`V7
`| Challenge
`Client
`Authenticating
`Module
`Response
`
`
`
`}
`102
`foeense|| System 1D
`:;
`\
`Producer
`
`
`
`“Nandi} License
`114 +1 Secure License
`
`
`Requester
`i757 Store
`[ca
`104
`Handler
`Request
`
`
`
`
`Table
`Table
`134
`96.
`_pe 106 116
`
`(LSCertificate,|.i|Installer f_ am eee
`
`
`
`
`
`
`
`
`140
`!
`Purchase Request
`License
`#tisonees)
`Cache
`see
`142
`System ID
`
`
`
`
`
`
`eee
`
`126
`
`400
`
`120
`
`Client Image
`Cache
`
`ws
`
`:
`Granting
`Module
`
`i
`
`Icense
`
`Fac
`
`110
`
`
`
`
`
` (SSE|
`
`:
`
`Licensefor
`Client 1D
`
`132
`
`Client
`
`0.
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`

`

`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 1 of 8
`
`US 6,189,146 B1
`
`aan
`
`porocarrrrnateneeeennecmmennannmenne22
`Clearinghouse
`‘
`
`26
`
`
`
`
`License
`Generator
`
`aefesecneeccecneeee
`|
`
`24
`
`28
`
`Company’
`
`License Server
`
`
`
`
`
`30(5)
`
`Client
`
`
`
`
`30(6)
`
`Client
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`

`

`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 2 of 8
`
`US 6,189,146 B1
`
`v8
`
`c6
`
`
`
` alr
`
`
`98yu¢)Buissecolg
`
`
`
`HOd[elasyeondoonjeubeyy4SIQPJEH|fof
`
`
`
`WdeauSIC@AUg
`Buyeiado
`ejeq|sainpoyy7weiboldJaUIO
`
`uoyeajddy|Buyeiedo
`
`swelboldwa}sks
`
`weJBodJEuIO
`ejeqwesbold
`
`OsplA
`
`Jaydepy
`
`sngwajsks
`
`
`
`
`
`
`
`
`
`
`
`aS
`
`YJOMJON
`
`
`
`sdeLa}u|
`
`eoeLeIu|vehSOBL9IU]
`
`
`
`eoepeyu|soepayu|
`
`
`
`
`
`
`
`
`pueoqhey92blcl
`OL~\
`
`IPR2021-00663
`ANCORA EX2022
`
`ozula1sAS
`
`eZ
`
`suelbold
`
`uojweoddy
`
`pL
`
`so|npo-w
`
`
`
`IPR2021-00663
`ANCORA EX2022
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 3 of 8
`
`US 6,189,146 B1
`
`Ol
`¢'‘1''‘4t'‘tt''''t1't''','',’V1’,,’‘’,'''4\
`
`d
`
`
`
`wa}sksasusol7
`
`
`
`asusol]
`ebusyjeyuD
`
`Jaysanbay
`Jo}jpuey
`
`GELvel
`
`QIjuealD
`
`asuodsay
`
`JO}@susoI7
`
`210}
`
`wun
`
`@susolq
`Bulsuedl7
`
`Jo|puey
`
`OZ
`
`CDez
`
`
`
`JBAIOSS}eIpSuUajzu|
`
`JUSI|D
`
`|waysks
`
`
`
`ysonbeyJ9;/2}SU]
`
`ebeu|Ua
`
`aBualjeuD
`Buyeoqueyyny
`
`ebeuy|jual|D
`
`Bunuess
`
`3inpow
`
`OLL
`
`Wald
`
`ainpoy
`
`Que)
`
`‘abeUa
`
`
`
`BisJUaIID
`
`
`
`ysanbeyaseyoung
`
`‘aJLOyI9D$7)
`
`(sasuacl]#“UUOPeld
`
`
`
`@SUsd!]JaISeW
`
`seseqejeq
`
`esueolq
`
`Jaonpold
`
`ysanbey
`
`Jajpuey
`
`‘''''’‘'‘'‘’1‘'''‘t''It1It'1't11't'1,''1'',4':'''‘:
`
`Wal|D
`
`@susol]
`
`eyoe9
`
`
`
`G|waysks
`
`cr
`
`
`
`"YWe9
`
`
`
`OvOL}yokedasuaolq
`
`
`JEANIES—sa|jeysu|
`
`prnatteeeennneneeeeeebienen.
`
`
`
`F-cateieieienedaienanenanenenetanietateteietataiatatateieiatateteteieteiatetateeateaetatens?..
`
`
`
`’,
`
`v7OF
`
`
`
`801asuaolq
`
`yoed
`
`
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 4 of 8
`
`US 6,189,146 B1
`
`OSL
`
`
`
`puaspuesjesauayg
`
`
`
`ysonbaysseyoind
`
`
`
`9zJAAIaSaSueor7
`
`JosinjyeuBbisAya,
`
`esnouBbuies|D
`
`
`
`asuedlq}dA109q
`
`ud$7
`yBuisn
`
`
`
`
`
`CI498dBsusa!7ayenjeag
`
`OL
`
`
`
`
`
`yoed8susol7|je}Su|
`
`
`
`esusdl]eunoesul
`
`210}
`
`
`
`pennnanananeeeeeeee-ee,
`
`901
`
`
`
`ysanbeyeseyoind
`
`alyonpoig
`
`sor7
`
`
`
`yoegesuaary
`
`poubissy-uoN
`
`Sasueol]
`
`
`
`dl492gesueo!q
`
`
`
`soinjeajpeysenboy
`sasuaalyjoAyuendy
`adh)woe,
`QJLIIJIWIDST
`yoedasus]ydAuougm
`
`
`9zJoye1BUdySsusor]
`Ja}SeWUlUONeWIO}U]
`
`yoegesueorubisyl
`
`
`GIyoedayelossy9S1
`I]AeYUMYOR,
`
`ysenbeyauojsSI
`
`
`aneslyBuisy)ands
`asugdl7]932919
`
`@SUuso!]WIN}
`HTHOYBis)UH
`@SUddI7]UM
`dqesues'
`
`prone
`
`JOAI9S
`
`Yoed
`
`cSh
`
`O91
`
`BSI
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 5 of 8
`
`US 6,189,146 B1
`
`
`ayoeDesuadlqAland|i
`rerenemceegeennnnnnnneeeeeee
`
`
`
`
`
`
`
`JOAIOS@SUsdI7
`MONJsenbey
`WOlJSUI]
`
`
`
`O€}UaIID
`
`
`
`yOOUUODWwWIGNS/qiuieiskgJojs]pues
`
`ysonboy|yONPolgpaydeoybl
`|payelay|sql
`
`ZEJOAIOSO}eIPSU}U]
`
`
`
`
`
` |(eiqenene1)|e!pue|}ual|I9pues|I3uaI19!asusol]asueoryALAA
`
`esuedl]
`
`épaidxy
`
`9}9|dwW09
`
`uol2euu0s)
`
`L
`
`98L
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 6 of 8
`
`US 6,189,146 B1
`
`910}SpueydAI09q
`
`Bbc9b2vieand
`
`
`
`JOJOSF)WdOjU]
`
`uonoefay
`
`
`
`uonselayuonoefay
`
`
`
`
`
`USI]WOU]uonoefeywinjay
`
`A90z
`
`a@suedl]
`
`
`
`a}e|dwoypue
`
`uoljo8UuU0D
`
`esusorq
`
`
`
`yyesuaol]ydAloug
`
`
`
`98>IGN,S,jUsl|D
`
`
`
`IPR2021-00663
`ANCORA EX2022
`
`9SUddI7]MONPueMIO4
`
`
`
`asuadl]asusol]uBIs
`
`‘S
`
`ST
`
`K
`
`Ole
`
`
`
`v0Zpue9suaolues)
`
`91qelVOsyepan
`
`
`
`3J0}Sasusor]AenyD
`
`
`
`OEJSDJEIBAIBSS]JEIPOLWWS}U]
`
`
`
`8ZJBAIaSSsusorT
`
`Bgl
`
`MON}senboy
`
`asusory
`
`‘a|wayshs
`
`O61
`
`diynpolg
`
`JUa!|Dsbuayeyo
`
`Ayonuauyny
`
`96
`
`O{puodsey
`
`eBusyeyD
`
`
`
`abuayjeuDabuajeuD
`
`pseMo4
`
`aBuayeyD
`
`
`
`esuodsay
`
`
`
`esuodsayasuodsay
`
`psemio4
`
`a}eJ8Ud5
`
`eBuayeyD
`
`esuodsay
`
`éJadold
`
`IPR2021-00663
`ANCORA EX2022
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 7 of 8
`
`US 6,189,146 B1
`
`j
`
`ySeHWNnjey
`
`anjeA
`
`JoJaSAWojUy
`
`uonoafay
`
`
`
`yual|OwwiqngaLws|!e6eui}JUS]!|!|zz|2GIOAIaS
`
`(aBew)juat|D|juat|D
`
`
`Q|eeMyos||!i&8yoesul
`
`
`
`
`
`
`
`O€}USIID
`
`|Syelpeueyul
`
`
`
`8?JBAIBSSSU90!7
`
`‘aBua|leyo)yseH|||ebuayeug|0}eBualleyopuas!!||8zz
`
`JUSersujey
`
`!
`
`!ayoe)woebew)
`
`
`
`‘ebueyjeyo)ysey
`
`
`
`(abew)yualD
`
`uojoafay
`
`
`
`uonosfeyWwnjey
`
`vee
`
`sm
`
`paysiiqeysy
`
`ON
`
`
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 8 of 8
`
`US 6,189,146 B1
`
`CSC
`
`DIOsoejday
`
`yokeU!esUusa!7
`
`0SZ2
`
`SIT
`
`PIO
`
`ove
`
`yOOUUODWlugns
`‘g|wajshs
`QIPNpoed
`papesbdn
`@susorq
`asusolq
`vve—on
`
`pepeiBdnpuemio4
`
`asuseor]pajdescoy
`
`epeiidnjsenbay
`8SUsd!7]PIOO}
`Z4U0ISIBAPIO
`
`JOySs!I"]puss
`puesuaAias
`pue9susolq
`SQ]NPold
`uonosuu0s
`JOpauidxy
`aje|dwoy
`
`cLb
`
`OL}
`
`jsonboy
`
`Ove
`
`esusor7Aland
`
`ayoey
`
`MSPIOpues
`
`@suaolq
`
`OeUSD
`
`
`
`ZeJOAISSa}elpauwazu|
`
`PLL
`
`
`
`8dJOAIBSBSuaol7
`
`PIO
`
`‘asuaolq
`
`|wayshs
`
`9b2
`
`epeiBdn
`
`L9IQEIIEAY
`
`papesbdy
`
`esuaory
`
`8r~
`
`so,
`
`
`
`poepeibdppues
`
`@SU9oI7
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`
`
`
`
`
`
`
`
`
`

`

`US 6,189,146 B1
`
`1
`SYSTEM AND METHOD FOR SOFTWARE
`LICENSING
`
`TECHNICAL FIELD
`
`This invention relates to systems and methodsfor licens-
`ing software. This invention further relates to systems and
`methods for enforcing software licenses.
`
`BACKGROUND
`
`Software licensing has historically been based on a “trust”
`model in which the user (i.e., licensee) is presumed to be
`honest and trustworthy and to abide by the legal require-
`ments of the license. Under the trust model, a software
`license typically accompanies a software product to explain
`the terms of use. For instance, the software license might
`dictate that the program codeis to be installed on only one
`computer, and may be used to make one backup copy.
`Commontypesof licenses include “shrink wrap”licenses,
`“online” licenses, and “site” licenses. A “shrink wrap”
`license is a license that accompanies each software product
`that
`is sold individually in a shrink-wrapped package
`throughretail stores. The user is typically assumed to accept
`the terms of the shrink wrap license upon breaking the seal
`of the package, or the container that holds the disk itself.
`An “online” license is one that accompanies software
`products that are downloaded online, such as from the
`Internet. The license is typically presented to the user prior
`to downloading the code. The user is presented with a choice
`to accept or reject the license. If the user accepts the license
`(e.g., by clicking an “Accept” button on the screen), the user
`is presumed to have accepted the terms of the license and the
`code is downloaded to the user’s computer.
`A “site” license is a single license that allows installation
`of multiple copies of software on many different computers
`at a particular site or manysites. It is commonly usedto sell
`software to corporations, firms, or other entities having
`many computers. The purchaserpaysfor a certain numberof
`copies (e.g., hundreds or thousands), and the site license
`enables the purchaser to install that many copies on its
`computers. The site license is beneficial because the soft-
`ware vendor need not supply a large number of program
`disks, but merely supplies one or a few copies of the
`software and lets the purchaser install the copies without
`violating the agreement.
`Each of the above license arrangements assumesthat the
`purchaser is honest. The software purchaser must abide by
`the license terms in orderto legally use the software. If the
`purchaserfails to abide by the provisions, the purchaser can
`be charged with civil and criminal violations.
`However, enforcement of such licenses is impractical, if
`not impossible. Unscrupulous users might make multiple
`copies of the software code and install it on more computers
`than the license allows. Yet, software vendors cannot begin
`to monitor these abuses because they occurin the privacy of
`the home or company. Thus,it is believed that the software
`industry loses a large percentage of revenues each year
`simply dueto illegitimate use of software by the licensees.
`This loss does not even accountfor the problems of overseas
`pirating.
`Another problem with conventional software licensing
`practices concerns internal monitoring and bookkeeping on
`the part of large-site licensees. In most cases, the licensees
`want to comply with the terms of the software licenses, but
`are unable to adequately track the software as it is used
`throughoutthe site. For example, a large corporation might
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`purchase several thousand copies of the software and begin
`installing the copies. However, computers and personnel
`change over timeandit is difficult to centrally monitor how
`many copies have been installed, whether the copies have
`expired, whether they need upgrading, and SO forth.
`Accordingly, there is a need to develop a new approachto
`licensing software in a mannerthat assures that the terms are
`being meetand assists the licensee with monitoring whether
`it is in compliance with the software license.
`SUMMARY
`
`This invention concerns a system and methodfor licens-
`ing software. The system and method provides confidence to
`the vendorthat the software license is being complied with,
`while also assisting the purchaser in monitoring its own
`compliance with the license.
`According to one aspect of this invention, computer
`software licenses are electronically issued as digital certifi-
`cates that can be distributed in one-to-one correlation with
`individual client computers andtraced to an issuing author-
`ity.
`According to another aspect, the system includesa license
`generator located at a licensing clearinghouse and at least
`one license server and multiple clients located atoraffiliated
`with a company or other entity. Because the clients might
`not have network connectivity to the license server, one or
`more intermediate servers may act as an intermediary for the
`clients. These intermediate servers are otherwise common
`servers that provide resources to clients, but with the added
`ability to facilitate connectivity to the license server for
`purposes of distributing software licenses to the clients.
`When a company wants a software license, it sends a
`purchase request (and an appropriate fee) to the licensing
`clearinghouse. The license generator at the licensing clear-
`inghouse creates a license pack containing a set of one or
`more individual software licenses. To prevent the license
`pack from being copied and installed on multiple license
`servers, the license generator assigns a unique license pack
`ID to the license pack and associates the license pack ID
`with the license server in a master license database kept at
`the licensing clearinghouse. The license generatoralso digi-
`tally signs the license pack and encrypts it with the license
`server’s public key. The license generator sends the license
`pack to the license server using standard communications,
`such as over a data communication network (e.g., Internet)
`or via a portable data medium (e.g.,
`floppy diskette,
`CD-ROM, etc.).
`The license server verifies the license generator’s digital
`signature on the license pack andif valid, installs the license
`pack for subsequent distribution of licenses. The license
`server maintains an inventory of software licenses that have
`been purchased from the licensing clearinghouse. The
`license server is responsible for distributing the software
`licenses contained in the license pack to individual clients.
`It monitors the software licenses that have been granted to
`clients and continues to distribute licenses as long as non-
`assigned licenses remain available. Once the supply of
`non-assigned licenses is exhausted, however,
`the license
`server can no longer grant licenses to the clients and the
`customer must purchase a new pack from the license clear-
`inghouse.
`When a client connects to a server, the client presents a
`valid license (if it has one). If the client does not have an
`appropriate license, the server assists the client in obtaining
`a license from the license server. This provides an automated
`mechanism for clients to obtain and license server to dis-
`tribute licenses to clients.
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`

`

`US 6,189,146 B1
`
`3
`When a license is requested, the license server initially
`checks if the requesting client has already been issued a
`license. Whenthis situation is detected, the license server
`issues the existing license to the client. This is actually
`reissuing of the same license that was previously issued.
`This allows the client to gracefully recover licenses when
`they are lost.
`In one implementation, the license server determines an
`appropriate type of license based in part on the client’s
`operating system platform. The license server derives the
`platform information by establishing a trust relationship
`with the client and then querying its platform type. If a
`software license is available for allocation, the license server
`grants a software license that is appropriate for the client’s
`platform.
`To prevent an issued license from being copied from one
`client machineto another, the software licenseis assigned to
`a specific client by including its client ID within thelicense.
`The software license also has a corresponding license ID
`that is associated with the client ID in a database record kept
`at the license server.
`
`4
`The company 24 contacts the clearinghouse 22 when it
`desires to purchase a software license to run software on the
`company computers. The clearinghouse 22 has a license
`generator 26 that creates a “license pack” containing a set of
`one or more individual software licenses. The clearinghouse
`22 encrypts the license pack using the destination license
`server’s public key and digitally signs the license pack with
`a digital signature unique to the clearinghouse.
`The company 24 hasat least one designated license server
`28. The license pack is sent
`to the company 24 using
`standard communications, such as over a data communica-
`tion network (e.g., Internet) or via a portable data medium
`(e.g., floppy diskette, CD-ROM, etc.), and installed on the
`license server 28.
`
`The license server 28 is responsible for distributing the
`software licenses contained in the license pack to individual
`clients, as represented by clients 30(1)-30(6). The license
`server 28 verifies the license generator’s digital signature on
`the license pack, decrypts the contents of the license pack,
`and stores the individual software licenses for subsequent
`distribution to individualclients.
`
`10
`
`15
`
`20
`
`30
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`IPR2021-00663
`ANCORA EX2022
`
`The license server 28 maintains an inventory of software
`licenses that have been purchased from the licensing clear-
`Thelicenseserver digitally signs the software license. The
`inghouse 22. The license server 28 monitors the software
`license is passed to the client, where it is stored in a local
`licenses that have been granted to clients. The license server
`25
`cacheat the client. Once a client has obtainedalicense,it is
`28 can distribute licenses to new clients as long as it has
`responsible for managing the storage of that license.
`available non-assigned licenses. Once the supply of non-
`assigned licenses is exhausted, however, the license server
`28 can no longer grant licenses to the clients. The only way
`for the license server 28 to obtain new non-assigned licenses
`is to purchase a license pack from the clearinghouse 22.
`Because the clients might not have network connectivity
`to the license server 28, one or more intermediate servers, as
`represented by servers 32(1) and 32(2), can act as an
`intermediary for the clients. Each intermediate server 32 is
`a commonserverthat provides conventional resourcesto the
`clients. In addition, each intermediate server 32 has network
`connectivity to the license server 28 to facilitate license
`distribution from the license server 28 to the clients 30. The
`intermediate servers 32 accept software licenses issued by
`the license server 28;
`therefore,
`the intermediate server
`associations determine the scope of the license pack to a
`particular license server.
`The clients 30 may be directly coupled to the intermediate
`servers 32 via a LAN (local access network) or WAN (wide
`area network), as represented by clients 30(1)-30(4).
`Additionally, the clients 30 may be indirectly coupled to the
`intermediate servers 32, such as using a dialup connection as
`represented by clients 30(5) and 30(6).
`Whena client 30 connects to the intermediate server 32,
`it must present a valid license. If the client does not have an
`appropriate license, the intermediate server 32 assists the
`client in obtaining a license from the license server 28. This
`provides an automated mechanism for distributing licenses
`to clients. The license server 28 initially checks if the
`requesting client already has been issued a license. When
`this situation is detected, the license server 28 issues the
`existing license to the client. This allows the client
`to
`gracefully recover licenses when they arelost.
`In one particular implementation, the license server 28
`determines an appropriate type of license based in part on
`the client’s platform operating system type. The license
`server 28 derives the platform information by establishing a
`trust relationship with the client 30 and then querying its
`platform type. Once a client 30 has obtained a license, it is
`responsible for managing the storage of that license. The
`platform challenge process is described below in more
`detail.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`the
`
`The same reference numbers are used throughout
`drawings to reference like components andfeatures.
`FIG. 1 shows a software licensing system.
`FIG. 2 shows a block diagram of a computer used to
`implement the software licensing system.
`FIG. 3 shows a functional block diagram showing soft-
`ware components and databases that implement the software
`licensing system.
`FIG. 4 showssteps in a methodforissuing a license pack
`of individual licenses.
`
`FIG. 5 showssteps in a methodforinitiating a connection
`between a client and a server and determining whether the
`client has a valid license.
`
`FIG. 6 showssteps in a methodfor distributing a software
`license to a client.
`
`FIG. 7 showssteps in a method for challenging a client
`prior to granting a software license to that client.
`FIG. 8 showssteps in a method for upgrading a software
`license.
`
`DETAILED DESCRIPTION
`
`the reader is
`The following discussion assumes that
`familiar with public key cryptography. For a basic introduc-
`tion to cryptography, the reader is directed to a text written
`by Bruce Schneier and entitled, “Applied Cryptography:
`Protocols, Algorithms, and Source Code in C,” published by
`John Wiley & Sons, copyright 1994 (second edition 1996),
`which is hereby incorporated by reference.
`FIG. 1 shows a system 20 for licensing software. The
`system 20 has a licensing clearinghouse 22 that creates and
`issues valid software licenses to one or more companies,
`firms, agencies, or other entities, as represented by company
`24. The clearinghouse 22 is a separate entity from the
`company 24. Examples of the clearinghouse include a
`software manufacturer, a software vendor, or a third party
`agent that is authorized to issue software licenses on behalf
`of the software manufacturer or vendor.
`
`IPR2021-00663
`ANCORA EX2022
`
`

`

`5
`Exemplary Computer Used to Implement Servers and/or
`Client
`
`US 6,189,146 B1
`
`10
`
`15
`
`20
`
`25
`
`5 System Architecture
`FIG. 3 shows an exemplary software/hardware architec-
`ture of the system 20. The architecture includes four com-
`ponents: a license generator 26, a license server 28, a client
`30, and an intermediate server 32. The license generator 26
`produces license packs for a fee and the license server 28
`consumesthelicensesbyinstalling them. In turn,the license
`server 28 distributes a license to the client 30 with the help
`of the intermediate server 32. The client 30 then uses the
`
`30
`
`license to gain access to the resources provided by the inter
`mediate server 32.
`
`6
`preferably a Windows-brand operating system such as Win-
`dows NT, Windows 95, Windows CE or other form of
`Windows. The operating system 70 may alternatively be
`other types, including Macintosh and UNIX-based operating
`systems.
`A user may enter commands and in formation into the
`computer 40 through input devices such as a keyboard 78
`and a mouse 80. Other input devices (not shown) may
`include a microphone, joystick, game pad, satellite dish,
`scanner, or the like. These and other in put devices are
`connected to the processing unit 42 through a serial port
`interface 82 that is coupled to the system bus 46, but may
`alternatively be connected by other interfaces, such as a
`parallel port, game port, or a universal serial bus (USB).
`A monitor 84 or other type of display device is also
`connected to the system bus 46 via an interface, such as a
`video adapter 86. The computer 40 has a network interface
`or adapter 88, a modem 90, or other meansfor establishing
`communications over a network 92.
`
`The license generator 26, license server 28, and interme-
`diate server 32 are preferably implemented as computer
`servers, such as Windows NTservers that run Windows NT
`server operating systems from Microsoft Corporation or
`UNIX-based servers. It is noted, however, that the license
`generator 26 and license server 28 may be implemented
`using other technologies, including mainframe technologies,
`as long as they share an inter-operable communication
`mechanism like remote procedure call (RPC) and these
`systems are secure.
`The clients 30 can be implemented as many different
`kinds of computers, including a desktop personal computer,
`a workstation, a laptop computer, a notebook computer, a
`handheld PC, and so forth. The clients 30 may further
`represent a terminal device, which is a low cost machine
`with limited local processing and local memory. The termi-
`nal device includes a display, a keyboard, a mouse
`(optional), limited computer resources like memory, and
`enoughintelligence to connect to an intermediate server. All
`applications run at the server. The terminal merely provides
`a connection point to the server-based processing.
`The clients 30 might also represent a network-centric
`computer, such as a Network Computer (or NC) or a Net PC.
`FIG. 2 shows an example implementation of a computer
`40, which can be used to implementthe license generator 26,
`license server 28, and intermediate server 32. The server 40
`includes a processing unit 42, a system memory 44, and a
`system bus 46 that
`interconnects various system
`The entity or organization that owns,or is responsibefor,
`components, including the system memory 44 to the pro-
`the license server 28 registers itself with an independent
`cessing unit 42. The system bus 46 may be implemented as
`certifying authority that is trusted by both the organization
`any one of several bus structures and using any of a variety
`and the clearinghouse. The organization submits informa-
`of bus architectures, including a memory bus or memory
`tion identifying itself and various license servers to the
`controller, a peripheral bus, and a local bus.
`certifying authority. The certifying authority performs a
`The system memory 44 includes read only memory
`verification analysis of the organization to verify that it is a
`(ROM)48 and random access memory (RAM) 590. A basic
`real entity and that the identification informationis true and
`input/output system 52 (BIOS)is stored in ROM 48.
`accurate. The certifying authority issues a certificate to the
`The computer 40 has one or more of the following drives:
`organization. The certificate contains the public key of the
`a hard disk drive 54 for reading from and writing to a hard
`organization (or particular license server), which is signed
`disk or hard disk array, a magnetic disk drive 56 for reading
`by the certifying authority. This certificate becomes the
`from or writing to a removable magnetic disk 58, and an
`license server’s certificate during the initial purchase request
`optical disk drive 60 for reading from or writing to a
`process whenthelicense server requests a license pack from
`removable optical disk 62 such as a CD ROM orother
`the clearinghouse.
`optical media. The hard disk drive 54, magnetic disk drive
`Similarly, the clearinghouse also registers with the certi-
`56, and optical disk drive 60 are connected to the system bus
`fying authority to receive a publiccertificate. The clearing-
`46 by a hard disk drive interface 64, a magnetic disk drive
`house certificate contains the clearinghouse’s public key,
`interface 66, and an optical drive interface 68, respectively.
`signed by the certifying authority.
`The drives and their associated computer-readable media
`The license generator 26 has a master license database
`provide nonvolatile storage of computer
`readable
`100, a licensing producer 102, and a request handler 104.
`instructions, data structures, program modules and other
`The request handler 104 receives a purchase request 106
`data for the computer 40.
`from the license server 28 asking to purchase one or more
`Although a hard disk, a removable magnetic disk 58, and
`license packs. The purchase request includes information
`a removable optical disk 62 are described, other types of
`pertaining to the licenses and license server 28. For example,
`computer readable media can be used to store data. Other
`the purchase request might contain such information as a
`such media include magnetic cassettes, flash memory cards,
`license server ID,
`the license server’s certificate (which
`digital video disks, Bernoulli cartridges, random access
`contains the license server’s public key), a client’s platform
`memories (RAMs), read only memories (ROM), and the
`type, the quantity of licenses desired, a product ID, andalist
`60
`of features that the licenses should enable. Additional infor-
`like. Additionally, the computer 40 may be configured to
`serve data stored on an independent storage systems, such as
`mation about a customer(e.g., name, contract number,etc.)
`disk array storage systems.
`may also be requested for purposes of tracking and report
`Anumberof program modules may be stored on the hard
`generation. This information is stored in the master license
`database 100.
`disk, magnetic disk 58, optical disk 62, ROM 48, or RAM
`50. These programs include a server operating system 70,
`one or more application programs 72, other program mod-
`ules 74, and program data 76. The operating system 70 is
`
`35
`
`40
`
`45
`
`50
`
`55
`
`65
`
`the license producer 102
`In response to the request,
`generates one or more license packs 108, each of which
`contains a set of one or more non-assigned licensesthat are
`
`IPR2021-00663
`ANCORA EX2022
`
`IPR2021-00663
`ANCORA EX2022
`
`

`

`US 6,189,146 B1
`
`7
`purchased from the license clearinghouse. The license gen-
`erator 26 creates licensing packs in a way that prevents them
`from being copied andinstalled on multiple license servers
`28 or being applied multiple times on the sameserver.In the
`preferred implementation, this is accomplished using IDs
`and cryptographic tools. The license producer 102 assigns a
`unique license pack ID to each license pack and associates
`the license pack ID with the license server 28 in the master
`license database 100. The license pack ID is embeddedin the
`license pack 108. This prevents users from multiplying the
`number of licenses they purchase by installing the same
`license pack multiple times on the samelicense server.
`The license generator 26 encrypts the license packs 108
`with the license server’s public key to ensure protected
`transport to the license server 28 and to ensure that only the
`license server 28 can open the packs 108. The license
`generator 26 also digitally signs the license packs 108 with
`a private signing key ofthe license generator 26. The license
`server 28 uses this signature to validate that the license pack
`came from an authorized license generator and has not been
`altered.
`
`The license pack 108 is a data structure that contains
`various information to enable the license server to distribute
`software licenses. The data structure containsfields with the
`
`licensing information. Table 1 showsthe data fields of a
`license pack data structure.
`
`TABLE1
`
`Field
`
`Description / Purpose
`
`Message Version
`
`License Pack Serial
`Number
`
`Issue Date
`First Active Date
`
`Expiration Date
`
`Begin Serial Number
`
`Quantity of Licenses
`Number of Human
`Descriptions
`Array of Human
`Descriptions (Locale,
`Description)
`
`Manufacturer
`
`Manufacturer-Specific
`Product Data
`
`Signature
`
`Clearinghouse’s Public
`Key Certificate
`
`An ID used to distinguish different
`versions of the data structure.
`A serial number assigned by the license
`generator to prevent the license pack from
`being installed multiple times on the same
`license server.
`The date the license pack is issued by the
`clearinghouse.
`The date on whichthe licenses within the
`license pack can first be used.
`The date on whichthe licenses within the
`license pack will expire. A license could
`be set such that it does not expire.
`The beginning serial number for the
`licenses in the license pack. The number
`