`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 1 of 22
`
`
`
`EXHIBIT 2
`
`EXHIBIT 2
`
`
`
`
`
`
`
`
`(12) United States Patent
`Misra et al.
`
`USOO6189146B1
`US 6,189,146 B1
`(10) Patent No.:
`Feb. 13, 2001
`(45) Date of Patent:
`
`(54) SYSTEM AND METHOD FOR SOFTWARE
`LCENSING
`(75) Inventors: Pradyumna K. Misra; Bradley J.
`Graziadio, both of Redmond; Terence
`R. Spies, Kirkland, all of WA (US)
`
`(*) Notice:
`
`Primary Examiner Reba I. Elmore
`(74) Attorney, Agent, or Firm-Lee & Hayes, PLLC
`(57)
`ABSTRACT
`A Software licensing system includes a license generator
`located at a licensing clearinghouse and at least one license
`(73) Assignee: Microsoft Corporation, Redmond, WA Server and multiple clients located at a company or entity.
`(US)
`When a company wants a Software license, it sends a
`purchase request (and appropriate fee) to the licensing
`Under 35 U.S.C. 154(b), the term of this
`clearinghouse. The license generator at the clearinghouse
`patent shall be extended for 0 days.
`creates a license pack containing a set of one or more
`individual Software licenses. To prevent the license pack
`from being copied and installed on multiple license Servers,
`the license generator assigns a unique license pack ID to the
`license pack and associates the license pack ID with the
`particular license Server in a master license database kept at
`the licensing clearinghouse. The license generator digitally
`Signs the license pack and encrypts it with the license
`server's public key. The license server is responsible for
`distributing the Software licenses from the license pack to
`individual clients. When a client needs a license, the license
`Server determines the client's operating System platform and
`grants the appropriate license. To prevent an issued license
`from being copied from one client machine to another, the
`Software license is assigned to a Specific client by including
`-
`0
`a client ID within the license. The Software license also has
`a license ID that is associated with the client ID in a database
`record kept at the license server. The license server digitally
`Signs the Software license and encrypts it using the client's
`
`(21) Appl. No.: 09/040,813
`1-1.
`(22) Filed:
`Mar 18, 1998
`(51) Int. Cl." .................................................. G06F 17/40
`(52) U.S. Cl. .................................... 717/11; 380/4; 380/25
`(58) Field of Search ................................. 395/712; 701/1;
`380/3, 4, 30, 44, 25; 717/11
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`4,924,378 * 5/1990 Hershey et al. ..................... 713/201
`5,138,712 * 8/1992 Corbin ...........
`... 713/200
`5,204.897 * 4/1993 Wyman ...
`... 380/4
`5,343,524 * 8/1994 Mu et al. ...
`... 380/4
`5,553,143
`9/1996 Ross et al. ............................. 380/25
`5,671,412 * 9/1997 Christiano ......
`... 707/104
`5,724,425
`3/1998 Chang et al. .......................... 380/25
`
`5,745,879 : 4/1998 Wyman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 705/1
`
`8/1998 Fox et al. ............................... 380/24
`5,790,677
`* cited by examiner
`
`public key. The license is Stored locally at the client.
`
`20 Claims, 8 Drawing Sheets
`
`20 y
`
`Client lmage,
`Client Sig
`
`26 --
`----------------------------y
`; Licenser Generator
`
`1OO
`
`Master License
`Databases
`
`28 --
`-------------------------------------------------------------.
`118
`License Server
`Client Image
`installer
`
`System ID
`
`122
`Request
`:
`Handler
`- 124
`Challenge
`Client
`Authenticating H
`Module
`Response
`
`120
`
`Client Image
`Cache
`
`32 y
`m
`s-----------------------
`:
`Intermediate Server
`128 C C
`Client
`Legacy - 130
`Licensing
`License
`Unit
`Store
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 2 of 22
`Producer
`
`
`
`Request
`
`102
`114 - Secure License
`104
`LP Store CA
`Table
`Table
`
`112
`
`126
`Granting
`Module
`
`-
`
`System ID
`License
`class) License
`Hander
`Requester
`134
`132
`
`y
`
`License for
`Client D
`
`-- a-- a-- a-- a-a-a-a--m-m------------------ - -
`Purchase Request
`(LS Certificate,
`AO)
`
`
`
`i?
`
`CerSeaC
`installer
`
`116
`110
`
`140
`
`A.
`sa.
`
`-
`142 N. sand
`
`136-f
`License
`:
`Cache
`
`license
`Pack
`
`
`
`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 1 of 8
`
`US 6,189,146 B1
`
`20
`
`
`
`----------------------------------- - - 22
`Clearinghouse
`-
`
`License
`Generator
`
`
`
`26
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 3 of 22
`
`
`
`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 2 of 8
`
`US 6,189,146 B1
`
`Z6
`
`98
`
`
`
`? ? ??||No. :
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 4 of 22
`
`
`
`e
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 5 of 22
`
`CSU
`
`xp.Kg
`
`
`
`
`E26m..................A,.................0M8?mmm?mom0%W53me96:8:m56ch5mm:4RmE96m9Emimm50:31=fi_mm,565565283wo?m-m"mmmE.65$).mDm.Mm.m08mmAD.“b.W8:8:_238.2:9mmMw1WmIm:=mo=cm£:<wamE.#._oMW82833mo0mm£3265mEgommmmcwo:
`9m6m§95wm,520m3503k"mum,,
`
`
`.......................A......................x,,.................................m...............................\9wE200.mmc2mm{-N”y]wNmE_w_o
`
`
`......mama....................,N:weMew,mwmcoammmmmcomoMmmm_ mmmcosn.2_n_n/nnm"mow‘,,.3mmuo:mm66chnOunnnnmw8mN25whwufimwa92mWm538mmHMm65¢:ch56chmu,.._m0:622mS:mMFmm_m852..050mm"v:mu43m$52..@9220mmEESOmw$03.91w5w............................................\;_Mmmcmojm%9Emma
`
`
`
`
`
`
`
`
`
` ,._wmm22.0mx.................................................................,Pm.505me_33:83amQ5296nmu.mm@580nN:M$ch5:99:m.thwwwaw...Wmwwcmojwmr_0*;orwxomlwwcmo:_«mwacmm
`
`
`
`
`
`
`
`1B6am,
`
`....................../e.xII
`(0,........................kw.
`
`
`
`
`f9omxommMmwow3:8:
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 4 of 8
`
`US 6,189,146 B1
`
`0/ |
`
`----+
`
`go!”
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 6 of 22
`
`
`
`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 5 of 8
`
`US 6,189,146 B1
`
`?senbe}}
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 7 of 22
`
`qndTST
`
`
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 8 of 22
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 8 of 22
`
`US. Patent
`
`Feb. 13, 2001
`
`Sheet 6 0f 8
`
`US 6,189,146 B1
`
`mm
`
`0kucoammm
`
`mmcm=mco
`
`ohmic“.
`
`
`
`$95:chwocm=mco
`
`omco=mco
`
`EmEou
`
`
`
`mmcoawmmmmcoqmmm
`
`@5550
`
`3:2.ch
`
`mmcogmwm
`
`tone;
`
`
`
`onE96mm._o>._wwBEBEEE
`
`
`
`wN1.6szwmcmoj
`
`3:8:
`
`262E33.9539a
`
`mm?d.599$
`
`02‘
`
`E9609.2.20
`
`36:55.3
`
`\3
`
`-§\
`Ck
`
`ENEN
`
`Ed
`
`99wvcmabomo
`
`wmcmo:
`
`mmcwo:
`
`oFN
`
`3:83262Emsao“.
`
`
`
`92an0vcm
`
`5:08:00
`
`
`
`mmcoamwm
`
`vow
`
`cam3503E90
`
`052.<09%.:
`
`9on3:8:325
`
`3:83
`
`5:53:83abocm
`
`3.0:85$55
`
`wmcmojcow
`
`vrm2510
`xwow
`
`
`
`yo5w:Eat:
`
`cocoobm
`
`
`
`co=ow_wmco=o£om
`
`Em=0Eat:
`
`:ozooFmE:61
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 7 of 8
`
`US 6,189,146 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ZZZ
`
`992
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 9 of 22
`
`ON
`
`
`
`U.S. Patent
`
`Feb. 13, 2001
`
`Sheet 8 of 8
`
`US 6,189,146 B1
`
`9/ |
`
`?senbe}}
`
`
`
`JO ?SIT pueS
`
`VVZ –, on
`
`
`…pue esueo?T
`
`
`pepe 16dn pueMuo
`
`
`
`
`
`------~~~~ ~~~~ ~~~~);
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 10 of 22
`
`SêA
`
`?sueOIT
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`1
`SYSTEMAND METHOD FOR SOFTWARE
`LICENSING
`
`US 6,189,146 B1
`
`TECHNICAL FIELD
`This invention relates to Systems and methods for licens
`ing Software. This invention further relates to Systems and
`methods for enforcing Software licenses.
`
`BACKGROUND
`Software licensing has historically been based on a “trust”
`model in which the user (i.e., licensee) is presumed to be
`honest and trustworthy and to abide by the legal require
`ments of the license. Under the trust model, a Software
`license typically accompanies a Software product to explain
`the terms of use. For instance, the Software license might
`dictate that the program code is to be installed on only one
`computer, and may be used to make one backup copy.
`Common types of licenses include “shrink Wrap' licenses,
`“online” licenses, and “site' licenses. A “shrink wrap”
`license is a license that accompanies each Software product
`that is Sold individually in a shrink-wrapped package
`through retail Stores. The user is typically assumed to accept
`the terms of the Shrink wrap license upon breaking the Seal
`of the package, or the container that holds the disk itself.
`An “online' license is one that accompanies Software
`products that are downloaded online, Such as from the
`Internet. The license is typically presented to the user prior
`to downloading the code. The user is presented with a choice
`to accept or reject the license. If the user accepts the license
`(e.g., by clicking an "Accept button on the Screen), the user
`is presumed to have accepted the terms of the license and the
`code is downloaded to the user's computer.
`A “site' license is a single license that allows installation
`of multiple copies of Software on many different computers
`at a particular site or many sites. It is commonly used to Sell
`Software to corporations, firms, or other entities having
`many computers. The purchaser pays for a certain number of
`copies (e.g., hundreds or thousands), and the site license
`enables the purchaser to install that many copies on its
`computers. The Site license is beneficial because the Soft
`ware vendor need not Supply a large number of program
`disks, but merely Supplies one or a few copies of the
`Software and lets the purchaser install the copies without
`Violating the agreement.
`Each of the above license arrangements assumes that the
`purchaser is honest. The Software purchaser must abide by
`the license terms in order to legally use the Software. If the
`purchaser fails to abide by the provisions, the purchaser can
`be charged with civil and criminal violations.
`However, enforcement of Such licenses is impractical, if
`not impossible. Unscrupulous users might make multiple
`copies of the Software code and install it on more computers
`than the license allows. Yet, Software vendors cannot begin
`to monitor these abuses because they occur in the privacy of
`the home or company. Thus, it is believed that the software
`industry loses a large percentage of revenues each year
`Simply due to illegitimate use of Software by the licensees.
`This loSS does not even account for the problems of overSeas
`pirating.
`Another problem with conventional Software licensing
`practices concerns internal monitoring and bookkeeping on
`the part of large-site licensees. In most cases, the licensees
`want to comply with the terms of the software licenses, but
`are unable to adequately track the Software as it is used
`throughout the Site. For example, a large corporation might
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 11 of 22
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`purchase Several thousand copies of the Software and begin
`installing the copies. However, computers and perSonnel
`change over time and it is difficult to centrally monitor how
`many copies have been installed, whether the copies have
`expired, whether they need upgrading, and SO forth.
`Accordingly, there is a need to develop a new approach to
`licensing Software in a manner that assures that the terms are
`being meet and assists the licensee with monitoring whether
`it is in compliance with the Software license.
`SUMMARY
`This invention concerns a System and method for licens
`ing Software. The System and method provides confidence to
`the Vendor that the Software license is being complied with,
`while also assisting the purchaser in monitoring its own
`compliance with the license.
`According to one aspect of this invention, computer
`Software licenses are electronically issued as digital certifi
`cates that can be distributed in one-to-one correlation with
`individual client computers and traced to an issuing author
`ity.
`According to another aspect, the System includes a license
`generator located at a licensing clearinghouse and at least
`one license Server and multiple clients located at or affiliated
`with a company or other entity. Because the clients might
`not have network connectivity to the license Server, one or
`more intermediate Servers may act as an intermediary for the
`clients. These intermediate Servers are otherwise common
`Servers that provide resources to clients, but with the added
`ability to facilitate connectivity to the license server for
`purposes of distributing Software licenses to the clients.
`When a company wants a Software license, it sends a
`purchase request (and an appropriate fee) to the licensing
`clearinghouse. The license generator at the licensing clear
`inghouse creates a license pack containing a set of one or
`more individual Software licenses. To prevent the license
`pack from being copied and installed on multiple license
`Servers, the license generator assigns a unique license pack
`ID to the license pack and associates the license pack ID
`with the license Server in a master license database kept at
`the licensing clearinghouse. The license generator also digi
`tally signs the license pack and encrypts it with the license
`Server's public key. The license generator Sends the license
`pack to the license Server using Standard communications,
`Such as over a data communication network (e.g., Internet)
`or via a portable data medium (e.g., floppy diskette,
`CD-ROM, etc.).
`The license Server Verifies the license generator's digital
`Signature on the license pack and if valid, installs the license
`pack for Subsequent distribution of licenses. The license
`Server maintains an inventory of Software licenses that have
`been purchased from the licensing clearinghouse. The
`license Server is responsible for distributing the Software
`licenses contained in the license pack to individual clients.
`It monitors the Software licenses that have been granted to
`clients and continues to distribute licenses as long as non
`assigned licenses remain available. Once the Supply of
`non-assigned licenses is exhausted, however, the license
`Server can no longer grant licenses to the clients and the
`customer must purchase a new pack from the license clear
`inghouse.
`When a client connects to a Server, the client presents a
`valid license (if it has one). If the client does not have an
`appropriate license, the Server assists the client in obtaining
`a license from the license Server. This provides an automated
`mechanism for clients to obtain and license Server to dis
`tribute licenses to clients.
`
`
`
`3
`When a license is requested, the license Server initially
`checks if the requesting client has already been issued a
`license. When this situation is detected, the license server
`issues the existing license to the client. This is actually
`reissuing of the same license that was previously issued.
`This allows the client to gracefully recover licenses when
`they are lost.
`In one implementation, the license Server determines an
`appropriate type of license based in part on the client's
`operating System platform. The license Server derives the
`platform information by establishing a trust relationship
`with the client and then querying its platform type. If a
`Software license is available for allocation, the license Server
`grants a Software license that is appropriate for the client's
`platform.
`To prevent an issued license from being copied from one
`client machine to another, the Software license is assigned to
`a specific client by including its client ID within the license.
`The Software license also has a corresponding license ID
`that is associated with the client ID in a database record kept
`at the license Server.
`The license Server digitally signs the Software license. The
`license is passed to the client, where it is Stored in a local
`cache at the client. Once a client has obtained a license, it is
`responsible for managing the Storage of that license.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`The Same reference numbers are used throughout the
`drawings to reference like components and features.
`FIG. 1 shows a Software licensing System.
`FIG. 2 shows a block diagram of a computer used to
`implement the Software licensing System.
`FIG. 3 shows a functional block diagram showing soft
`ware components and databases that implement the Software
`licensing System.
`FIG. 4 shows Steps in a method for issuing a license pack
`of individual licenses.
`FIG. 5 shows steps in a method for initiating a connection
`between a client and a Server and determining whether the
`client has a valid license.
`FIG. 6 shows steps in a method for distributing a software
`license to a client.
`FIG. 7 shows steps in a method for challenging a client
`prior to granting a Software license to that client.
`FIG. 8 shows Steps in a method for upgrading a Software
`license.
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 12 of 22
`
`DETAILED DESCRIPTION
`The following discussion assumes that the reader is
`familiar with public key cryptography. For a basic introduc
`tion to cryptography, the reader is directed to a text written
`by Bruce Schneier and entitled, “Applied Cryptography:
`Protocols, Algorithms, and Source Code in C," published by
`John Wiley & Sons, copyright 1994 (second edition 1996),
`which is hereby incorporated by reference.
`FIG. 1 shows a system 20 for licensing software. The
`System 20 has a licensing clearinghouse 22 that creates and
`issues valid Software licenses to one or more companies,
`firms, agencies, or other entities, as represented by company
`24. The clearinghouse 22 is a separate entity from the
`company 24. Examples of the clearinghouse include a
`Software manufacturer, a Software vendor, or a third party
`agent that is authorized to issue Software licenses on behalf
`of the Software manufacturer or vendor.
`
`US 6,189,146 B1
`
`4
`The company 24 contacts the clearinghouse 22 when it
`desires to purchase a Software license to run Software on the
`company computers. The clearinghouse 22 has a license
`generator 26 that creates a “license pack’ containing a Set of
`one or more individual Software licenses. The clearinghouse
`22 encrypts the license pack using the destination license
`Server's public key and digitally signs the license pack with
`a digital signature unique to the clearinghouse.
`The company 24 has at least one designated license Server
`28. The license pack is sent to the company 24 using
`Standard communications, Such as over a data communica
`tion network (e.g., Internet) or via a portable data medium
`(e.g., floppy diskette, CD-ROM, etc.), and installed on the
`license server 28.
`The license server 28 is responsible for distributing the
`Software licenses contained in the license pack to individual
`clients, as represented by clients 30(1)-30(6). The license
`Server 28 verifies the license generator's digital Signature on
`the license pack, decrypts the contents of the license pack,
`and Stores the individual Software licenses for Subsequent
`distribution to individual clients.
`The license server 28 maintains an inventory of software
`licenses that have been purchased from the licensing clear
`inghouse 22. The license server 28 monitors the software
`licenses that have been granted to clients. The license Server
`28 can distribute licenses to new clients as long as it has
`available non-assigned licenses. Once the Supply of non
`assigned licenses is exhausted, however, the license Server
`28 can no longer grant licenses to the clients. The only way
`for the license Server 28 to obtain new non-assigned licenses
`is to purchase a license pack from the clearinghouse 22.
`Because the clients might not have network connectivity
`to the license Server 28, one or more intermediate Servers, as
`represented by servers 32(1) and 32(2), can act as an
`intermediary for the clients. Each intermediate server 32 is
`a common Server that provides conventional resources to the
`clients. In addition, each intermediate Server 32 has network
`connectivity to the license server 28 to facilitate license
`distribution from the license server 28 to the clients 30. The
`intermediate Servers 32 accept Software licenses issued by
`the license server 28; therefore, the intermediate server
`asSociations determine the Scope of the license pack to a
`particular license Server.
`The clients 30 may be directly coupled to the intermediate
`servers 32 via a LAN (local access network) or WAN (wide
`area network), as represented by clients 30(1)-30(4).
`Additionally, the clients 30 may be indirectly coupled to the
`intermediate Servers 32, Such as using a dialup connection as
`represented by clients 30(5) and 30(6).
`When a client 30 connects to the intermediate server 32,
`it must present a valid license. If the client does not have an
`appropriate license, the intermediate Server 32 assists the
`client in obtaining a license from the license server 28. This
`provides an automated mechanism for distributing licenses
`to clients. The license server 28 initially checks if the
`requesting client already has been issued a license. When
`this situation is detected, the license Server 28 issues the
`existing license to the client. This allows the client to
`gracefully recover licenses when they are lost.
`In one particular implementation, the license Server 28
`determines an appropriate type of license based in part on
`the client's platform operating System type. The license
`server 28 derives the platform information by establishing a
`trust relationship with the client 30 and then querying its
`platform type. Once a client 30 has obtained a license, it is
`responsible for managing the Storage of that license. The
`platform challenge process is described below in more
`detail.
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`
`
`15
`
`S
`Exemplary Computer Used to Implement Servers and/or
`Client
`The license generator 26, license Server 28, and interme
`diate Server 32 are preferably implemented as computer
`servers, such as Windows NT servers that run Windows NT
`Server operating Systems from MicroSoft Corporation or
`UNIX-based servers. It is noted, however, that the license
`generator 26 and license Server 28 may be implemented
`using other technologies, including mainframe technologies,
`as long as they share an inter-operable communication
`mechanism like remote procedure call (RPC) and these
`Systems are Secure.
`The clients 30 can be implemented as many different
`kinds of computers, including a desktop personal computer,
`a WorkStation, a laptop computer, a notebook computer, a
`handheld PC, and so forth. The clients 30 may further
`represent a terminal device, which is a low cost machine
`with limited local processing and local memory. The termi
`nal device includes a display, a keyboard, a mouse
`(optional), limited computer resources like memory, and
`enough intelligence to connect to an intermediate Server. All
`applications run at the Server. The terminal merely provides
`a connection point to the Server-based processing.
`The clients 30 might also represent a network-centric
`computer, such as a Network Computer (or NC) or a Net PC.
`FIG. 2 shows an example implementation of a computer
`40, which can be used to implement the license generator 26,
`license server 28, and intermediate server 32. The server 40
`includes a processing unit 42, a System memory 44, and a
`System bus 46 that interconnects various System
`components, including the System memory 44 to the pro
`cessing unit 42. The System buS 46 may be implemented as
`any one of Several bus structures and using any of a variety
`of bus architectures, including a memory bus or memory
`controller, a peripheral bus, and a local bus.
`The System memory 44 includes read only memory
`(ROM) 48 and random access memory (RAM) 50. A basic
`input/output system 52 (BIOS) is stored in ROM 48.
`The computer 40 has one or more of the following drives:
`a hard disk drive 54 for reading from and writing to a hard
`disk or hard disk array, a magnetic disk drive 56 for reading
`from or writing to a removable magnetic disk 58, and an
`optical disk drive 60 for reading from or writing to a
`removable optical disk 62 such as a CD ROM or other
`optical media. The hard disk drive 54, magnetic disk drive
`56, and optical disk drive 60 are connected to the system bus
`46 by a hard disk drive interface 64, a magnetic disk drive
`interface 66, and an optical drive interface 68, respectively.
`The drives and their associated computer-readable media
`provide nonvolatile Storage of computer readable
`instructions, data structures, program modules and other
`data for the computer 40.
`Although a hard disk, a removable magnetic disk 58, and
`a removable optical disk 62 are described, other types of
`computer readable media can be used to Store data. Other
`Such media include magnetic cassettes, flash memory cards,
`digital video disks, Bernoulli cartridges, random acceSS
`memories (RAMs), read only memories (ROM), and the
`like. Additionally, the computer 40 may be configured to
`Serve data Stored on an independent Storage Systems, Such as
`disk array Storage Systems.
`A number of program modules may be Stored on the hard
`disk, magnetic disk 58, optical disk 62, ROM 48, or RAM
`50. These programs include a server operating system 70,
`65
`one or more application programs 72, other program mod
`ules 74, and program data 76. The operating system 70 is
`
`Case 1:20-cv-00034-ADA Document 45-4 Filed 03/20/20 Page 13 of 22
`
`45
`
`50
`
`55
`
`60
`
`US 6,189,146 B1
`
`25
`
`35
`
`40
`
`6
`preferably a Windows-brand operating system such as Win
`dows NT, Windows 95, Windows CE or other form of
`Windows. The operating system 70 may alternatively be
`other types, including Macintosh and UNIX-based operating
`Systems.
`A user may enter commands and in formation into the
`computer 40 through input devices such as a keyboard 78
`and a mouse 80. Other input devices (not shown) may
`include a microphone, joystick, game pad, Satellite dish,
`Scanner, or the like. These and other in put devices are
`connected to the processing unit 42 through a Serial port
`interface 82 that is coupled to the system bus 46, but may
`alternatively be connected by other interfaces, Such as a
`parallel port, game port, or a universal Serial bus (USB).
`A monitor 84 or other type of display device is also
`connected to the System buS 46 via an interface, Such as a
`video adapter 86. The computer 40 has a network interface
`or adapter 88, a modem 90, or other means for establishing
`communications over a network 92.
`5 System Architecture
`FIG. 3 shows an exemplary software/hardware architec
`ture of the system 20. The architecture includes four com
`ponents: a license generator 26, a license Server 28, a client
`30, and an intermediate server 32. The license generator 26
`produces license packs for a fee and the license Server 28
`consumes the licenses by installing them. In turn, the license
`server 28 distributes a license to the client 30 with the help
`of the intermediate server 32. The client 30 then uses the
`license to gain access to the resources provided by the inter
`mediate server 32.
`The entity or organization that owns, or is responsibe for,
`the license server 28 registers itself with an independent
`certifying authority that is trusted by both the organization
`and the clearinghouse. The organization Submits informa
`tion identifying itself and various license Servers to the
`certifying authority. The certifying authority performs a
`Verification analysis of the organization to Verify that it is a
`real entity and that the identification information is true and
`accurate. The certifying authority issues a certificate to the
`organization. The certificate contains the public key of the
`organization (or particular license server), which is signed
`by the certifying authority. This certificate becomes the
`license Server's certificate during the initial purchase request
`process when the license Server requests a license pack from
`the clearinghouse.
`Similarly, the clearinghouse also registers with the certi
`fying authority to receive a public certificate. The clearing
`house certificate contains the clearinghouse's public key,
`signed by the certifying authority.
`The license generator 26 has a master license database
`100, a licensing producer 102, and a request handler 104.
`The request handler 104 receives a purchase request 106
`from the license Server 28 asking to purchase one or more
`license packs. The purchase request includes information
`pertaining to the licenses and license Server 28. For example,
`the purchase request might contain Such information as a
`license server ID, the license server's certificate (which
`contains the license server's public key), a client's platform
`type, the quantity of licenses desired, a product ID, and a list
`of features that the licenses should enable. Additional infor
`mation about a customer (e.g., name, contract number, etc.)
`may also be requested for purposes of tracking and report
`generation. This information is Stored in the master license
`database 100.
`In response to the request, the license producer 102
`generates one or more license packs 108, each of which
`contains a set of one or more non-assigned licenses that are
`
`
`
`US 6,189,146 B1
`
`8
`recognize four different platform types: Windows, Non
`Windows, Legacy, and Direct-Connect. A “Windows'-type
`platform means the client computer runs a 32-bit version of
`Microsoft Windows operating system (e.g., Windows 95,
`Windows 98, Windows NT, etc.). A “Non-Windows'-type
`platform means the client computer runs an operating Sys
`tem other than a WindowS brand operating System. A
`“Legacy'-type platform indicates that the client runs an
`older version of an operating System that cannot be
`adequately determined by the license Server as a
`“Windows'-type or a “Non-Windows'-type. A “Direct
`Connect” platform means the client is a terminal that
`attaches directly to the server's bus and thus, all of the
`operating System functionality is provided directly by the
`Server. Table 2 Summarizes the platform types.
`
`5
`
`15
`
`Platform Type
`Windows
`
`25
`
`Non-Windows
`
`Legacy
`
`Direct-Connect
`
`TABLE 2
`
`Platform Types
`Description
`Authenticated client platforms that are Win32
`based.
`Authenticated client platforms that are not Win32
`based.
`Clients that are implemented with older operating
`systems that are incapable of fielding a client
`platform challenge from the license server. There is
`no way of determining whether or not the client's
`platform is Win32 capable.
`Multi-console clients that are attached directly to the
`server's BUS. These clients derive the operating
`system capabilities from the server itself.
`
`7
`purchased from the license clearinghouse. The license gen
`erator 26 creates licensing packs in a way that prevents them
`from being copied and installed on multiple license Servers
`28 or being applied multiple times on the same Server. In the
`preferred implementation, this is accomplished using IDS
`and cryptographic tools. The license producer 102 assigns a
`unique license pack ID to each license pack and associates
`the license pack ID with the license server 28 in the master
`license database 100. The license pack ID is embedded in the
`license pack 108. This prevents users from multiplying the
`number of licenses they purchase by installing the same
`license pack multiple times on the same license Server.
`The license generator 26 encrypts the license packs 108
`with the license Server's public key to ensure protected
`transport to the license server 28 and to ensure that only the
`license server 28 can open the packs 108. The license
`generator 26 also digitally signs the license packs 108 with
`a private signing key of the license generator 26. The license
`Server 28 uses this signature to validate that the license pack
`came from an authorized license generator and has not been
`altered.
`The license pack 108 is a data structure that contains
`various information to enable the license server to distribute
`Software licenses. The data structure contains fields with the
`licensing information. Table 1 shows the data fields of a
`license pack data Structure.
`
`Field
`Message Version
`
`License Pack Serial
`Number
`
`Issue Date
`
`First Active Date
`
`Expiration Date
`
`Begin Serial Number
`
`Quantity of Licenses
`
`Number of Human
`Descriptions
`Array of Human
`Descriptions (Locale,
`Description)