Software license enforcement
Abstract
Systems and methods for performing software license enforcement are provided. According to one embodiment, file or operating system activity relating to a code module are intercepted by a kernel mode driver of a computer system. The kernel mode driver causes a cryptographic hash value of the code module to be authenticated with reference to a local whitelist containing cryptographic hash values of approved code modules known not to contain malicious code. The local whitelist also contains licensing control information. If the cryptographic hash value matches a cryptographic hash value of an approved code module, then (i) authority to execute the code module is further validated if the licensing control information so indicates by performing a license check regarding the code module; and (ii) the code module is allowed to be loaded and executed within the computer system if the authority is affirmed by the license check.
Claims
exact text as granted — not AI-modified1 . A computer-implemented license enforcement method comprising:
intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module; causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information; when the cryptographic hash value matches one of the cryptographic hash values of approved code modules:
further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and
allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check; and
wherein the kernel mode driver is implemented in one or more processors and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more processors.
2 . The method of claim 1 , wherein said performing a license check regarding the code module comprises determining the existence of a valid license for the code module.
3 . The method of claim 2 , wherein the licensing control information indicates the code module is being monitored by a floating license server and wherein said determining the existence of a valid license for the code module comprises querying the floating license server.
4 . The method of claim 1 , wherein the code module comprises an executable object.
5 . The method of claim 1 , wherein the cryptographic hash value covers a code segment of the executable object but not a data segment of the executable object.
6 . The method of claim 1 , wherein the cryptographic hash value covers both a code segment and a data segment of the executable object.
7 . The method of claim 1 , wherein the cryptographic hash value is computed using Message Digest #5 (MD-5).
8 . The method of claim 1 , wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA).
9 . The method of claim 8 , wherein the cryptographic hash value is computed using SHA-1.
10 . The method of claim 8 , wherein the cryptographic hash value is computed using SHA-256.
11 . The method of claim 1 , further comprising calculating, by the kernel mode driver, the cryptographic hash value of the code module.
12 . The method of claim 1 , wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system.
13 . The method of claim 1 , wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system.
14 . The method of claim 1 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver monitoring operating system process creation or module load activity.
15 . The method of claim 1 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity.
16 . The method of claim 12 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises an operating system process creation activity monitor intercepting new process creation activity within the computer system by hooking to a Windows CreateSection API call and temporarily turning control over to the kernel mode driver.
17 . A code execution authorization system comprising:
a kernel mode driver of a computer system implemented in one or more computer processors of the computer system and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more computer processors, the kernel mode driver operable to perform a method of license enforcement comprising:
intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module;
causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information; and
when the cryptographic hash value matches one of the cryptographic hash values of approved code modules:
further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and
allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check.
18 . The code execution authorization system of claim 17 , wherein said performing a license check regarding the code module comprises determining the existence of a valid license for the code module.
19 . The code execution authorization system of claim 18 , wherein the licensing control information indicates the code module is being monitored by a floating license server and wherein said determining the existence of a valid license for the code module comprises querying the floating license server.
20 . The code execution authorization system of claim 17 , wherein the code module comprises an executable object.
21 . The code execution authorization system of claim 17 , wherein the cryptographic hash value covers a code segment of the executable object but not a data segment of the executable object.
22 . The code execution authorization system of claim 17 , wherein the cryptographic hash value covers both a code segment and a data segment of the executable object.
23 . The code execution authorization system of claim 17 , wherein the cryptographic hash value is computed using Message Digest #5 (MD-5).
24 . The code execution authorization system of claim 17 , wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA).
25 . The code execution authorization system of claim 24 , wherein the cryptographic hash value is computed using SHA-1.
26 . The code execution authorization system of claim 24 , wherein the cryptographic hash value is computed using SHA-256.
27 . The code execution authorization system of claim 17 , further comprising calculating, by the kernel mode driver, the cryptographic hash value of the code module.
28 . The code execution authorization system of claim 17 , wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system.
29 . The code execution authorization system of claim 17 , wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system.
30 . The code execution authorization system of claim 17 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver monitoring operating system process creation or module load activity.
31 . The code execution authorization system of claim 17 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity.
32 . The code execution authorization system of claim 28 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises an operating system process creation activity monitor intercepting new process creation activity within the computer system by hooking to a Windows CreateSection API call and temporarily turning control over to the kernel mode driver.
33 . A non-transitory program storage device readable by a computer system, tangibly embodying a program of instructions executable by one or more computer processors of the computer system to perform method steps for license enforcement comprising:
intercepting, by a kernel mode driver of the computer system, file system or operating system activity relating to a code module; causing, by the kernel mode driver, a cryptographic hash value of the code module to be authenticated with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing licensing control information; when the cryptographic hash value matches one of the cryptographic hash values of approved code modules:
further validating authority of the computer system or an end user of the computer system to execute the code module if the licensing control information so indicates by performing a license check regarding the code module; and
allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the license check.
34 . The non-transitory program storage device of claim 33 , wherein said performing a license check regarding the code module comprises determining the existence of a valid license for the code module.
35 . The non-transitory program storage device of claim 34 , wherein the licensing control information indicates the code module is being monitored by a floating license server and wherein said determining the existence of a valid license for the code module comprises querying the floating license server.
36 . The non-transitory program storage device of claim 33 , wherein the code module comprises an executable object.
37 . The non-transitory program storage device of claim 33 , wherein the cryptographic hash value covers a code segment of the executable object but not a data segment of the executable object.
38 . The non-transitory program storage device of claim 33 , wherein the cryptographic hash value covers both a code segment and a data segment of the executable object.
39 . The non-transitory program storage device of claim 33 , wherein the cryptographic hash value is computed using Message Digest #5 (MD-5).
40 . The non-transitory program storage device of claim 33 , wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA).
41 . The non-transitory program storage device of claim 40 , wherein the cryptographic hash value is computed using SHA-1.
42 . The non-transitory program storage device of claim 40 , wherein the cryptographic hash value is computed using SHA-256.
43 . The non-transitory program storage device of claim 33 , further comprising calculating, by the kernel mode driver, the cryptographic hash value of the code module.
44 . The non-transitory program storage device of claim 33 , wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system.
45 . The non-transitory program storage device of claim 33 , wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system.
46 . The non-transitory program storage device of claim 33 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver monitoring operating system process creation or module load activity.
47 . The non-transitory program storage device of claim 33 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises the kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity.
48 . The non-transitory program storage device of claim 44 , wherein said intercepting, by the kernel mode driver of the computer system, file system or operating system activity relating to a code module comprises an operating system process creation activity monitor intercepting new process creation activity within the computer system by hooking to a Windows CreateSection API call and temporarily turning control over to the kernel mode driver.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.