GB2412462A - Monitoring usage of a program over a network - Google Patents
Monitoring usage of a program over a network Download PDFInfo
- Publication number
- GB2412462A GB2412462A GB0511583A GB0511583A GB2412462A GB 2412462 A GB2412462 A GB 2412462A GB 0511583 A GB0511583 A GB 0511583A GB 0511583 A GB0511583 A GB 0511583A GB 2412462 A GB2412462 A GB 2412462A
- Authority
- GB
- United Kingdom
- Prior art keywords
- program
- monitored
- managing
- network
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title description 6
- 238000013475 authorization Methods 0.000 claims abstract description 41
- 238000000034 method Methods 0.000 claims abstract description 20
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 15
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 238000013478 data encryption standard Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000005192 partition Methods 0.000 description 3
- 230000000737 periodic effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011017 operating method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 101000837192 Drosophila melanogaster Teneurin-m Proteins 0.000 description 1
- 241001108995 Messa Species 0.000 description 1
- 241000863032 Trieres Species 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 239000004927 clay Substances 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 108700041474 des(formylvalyl)gramicidin Proteins 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 210000004124 hock Anatomy 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
- G06F11/3419—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment by assessing time
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/86—Event-based monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2135—Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
Abstract
A method to monitor use of a program receives a usage time for a monitored program over a network connection, the usage time representing a time the monitored program executed with authorisation. The usage time is reported to a user and the cost associated with usage time may be determined and sent to a user.
Description
24 1 2462 7.TrJTHQ TO l\'lOTITQR U.'E OF.\ PRQ(.A4.! B.\C341ROI) Software
programs are easily duplicated using conventional copying technologies.
A software program typically comprises a set of instructions that are typically stored in some fonm of machine-readable media, such as magnetic disk, optical disk, random-access memory (RAM), read-only memory (ROM), and so forth. T he task of copying these instructions from one machinereadable media to another is relatively trivial, and may be lo accomplished any number of ways.
(consequently, various technologies have been developed to control and manage the Else of c.fhlmtft (Starr Cool of tl'' < trier trTrlrr'jfc rnn\r he to for imitate three rictrihitirn and use of software by authorized users, while minimizing or preventing use of the software by unauthorized users. The tenm "authorized" may refer to those users permitted s to use the software, while "unauthorized" may refer to those users not permitted to use the software. Basis for pennission may be, for example, contingent upon paying a fee for use of the program.
One type of technology used to control and manage the distribution and use of software may be generally referred to as a "permission-based" technology. In pennission 2tJ based technology, the program may have a user enter a passcode prior to allowing the program to execute. The passcode typically comprises a unique combination of alphanumeric characters or symbols. Thus, even if a user were to retrieve an unauthorized copy ofthe program, it would not operate without the appropriate passcode t..3S=,l =rh-.Al;f.'' -'it fit t.7;cif9mT, Of, rlilT-he roof . _. .. . ..:, . . . . . . ..
2-, easons. For exe, pie, the lser may hatre to mdert.ake the administrative burden of retrieving the p?.SSCOdC prior to using a program. In addition, the user Clay hat e to enter the passcoUr. p! for to every use of the programs This may be tedious and time-consming for the user, especially if they make frequent use of the protected software. Moreover, these administrative tasks may become much more burdensome when multiple copies of the program are being executed on multiple machines, such as in a corporate or network environment. Further, if the passcode was compromised unauthorized users may use the passcode to activate illegally copied versions of the software program.
In view of the foregoing, it can be appreciated that a substantial need exists for a method and/or apparatus that solves the above-discussed problems.
SUMMARY OF TEIF: INVENTION
According to a first aspect of this invention there is provided a method as claimed in claim 1 herein.
According to a second aspect of this invention there is provided a computer program as claimed in claim 4 Herein.
Prefer-red features of the invention are defined by the dependent claims.
BRIEF DESCRIPTION OF TtIE DRAWINGS
The subject matter regarded as embodiments ofthe invention is particularly pointed out and distinctly claimed in the concluding portion ofthe specification.
Embodiments ofthe n:N,entiOn, hoN,evcr, both as to organization and method of operation, together with objects, features, and advantages thereof, may best be understood by re,erence to u he foilr)ving detailed descr pTion N'rhen.ead N;.th.hc acc.ornanying dfa,N logs in which: a.
FIG. ] is a system suitable for practicing one embodiment of the invention.
Fl&. 2 is a block diagram of a system in accordance with one emhodiment ofthe invention.
FIG. 3 is a block flow diagram of the programming logic performed by a managing program module in accordance with one embodiment of the invention.
FIG. 4 is a block flow diagram of the programming logic performed by a monitored program module in accordance with one embodiment ofthc invention.
i i(r: is a hock flow diagram ofthe programming logic performed by a monitoring program module in accordance with one enbodirnent ofthe invention
DETAILED DESCR_TION
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the invention. It will be understood by those skilled in the art, however, that the embodiments of the i,,er,tion may be practiced without these specilc details. In other instances, weii-known methods, procedures, components and circuits have not been described in detail so as not to obscure the embodiments of the invention.
The embodiments of the invention comprise a method and apparatus to securely monitor use of a software program over a network. More particularly, the embodiments of the invention may authorize use of a software program, monitor the use of a software program, and measure the time the software program is in authorized use. T he owner may use the measured time for any number of purposes, such as reporting, billing, tracking and so forth.
The embodiments of the invention may reduce the disadvantages associated with conventional permission-based technologies. For example, the user may no longer need to procure and input a passcode prior to using the software program. This may potentially reduce the administrative burden on an authorized user, as well as the risk of a passcode being utiiiz.ed by unauthorized users. In another example, the costs or fees for use of the software program may vary as usage varies; to more accurately reflect the true co'-nmercial value or the somvare program. his may provide aovanta,,es over previous echniques that attempt to gain value from the software program by, for example, selling a single or mnlti-r.ser 'icense for the software program.
It is worthy to note that any reference in the spcciScation to "ode embodiment" or an embodiment,' means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the invention.
The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment.
Refers ir,g now in detail to the drawings Yvhere,n like parts are desigr, ated by like reference numerals ihrougnout, there is illustrated in FiG. i a system suitable for lo practicing one embodiment of the invention. FIG. I is a block diagram of a system 100 comprising a network 102, a network 114 and a network server 118. In one embodiment . Of the invention, network 102 may comprise network nodes 104, 106 and 108, with each capable of communicating with each other over a communication medium I 10. Network nodes 104, 106 and 108 may comprise, for example, a personal computer, server, networl; appliance, gateway, router, switch and so forth. Network 102 may be capable of communicating with network 114 over communication medium 112. Network 114 may comprise one or more network nodes (not shown) that are capable of communicating information from network 102 to network server 1 18. Network 114 may be capable of communicating with network server 1 18 over communication medium 1 16. In this JO embodiment ofthe invention, network 100 and its various component parts may be configured to operate in accordance with any number of networking technologies, and may include, for example, the various hardware, software and connectors necessary to corrimur,icate r Formation between network nodes. In one embodiment ofthe invention, network 100 is configrrcd to communicate information m accordance with ibe Transmission Control Protocol (TCP) as defined by the Internet Engineering Task Force (IETE) standard 7, Request For Comment (RFC) 793, adopted in September, I'98l, and the lnternet Protocol (IP) as defined bythe 1;TF standard 5, RFC 791, adopted in September, 1981, bolls available front "www ietf ore," ("TCP/IP Specification").
IF IG. 2 is a block diagram of a system 200 in accordance with one embodiment of the invention. System 200 may be representative of a network node, such as network nodes 104, 106 and 108, and network server 1 18, for example. As shown in FIG. 2, system 200 includes a processor 202, an inputloutput (I/O) adapter 204, an operator interface 206, a memory 2 l 0 and a disk storage 218. Memory 210 may store computer program instructions and data. The term "program instructions" may include computer 0 code segments comprising words, values and symbols from a predefined computer language that, when placed in combination according to a predefined manner or syntax, _. , .. . . . . . . cause a processor to perform a certain function. Examples of a computer language may include C, C - , lisp and assembly. Processor 202 executes the program instructions, and processes the data, stored in memory 210. Disk storage 218 stores data to be transferred to and from memory 210. I/O adapter 204 communicates with other devices and transfers data in and out of the computer system over connection 224. Operator interface 206 may interface with a system operator by accepting commands and providing status information.
All these elements are interconnected by bus 208, which allows data to be intercommunicated between the elements. I/O adapter 204 represents one or more 1/O so adapters or network interfaces that can connect to local or wide area networks such as, for example, the networks described in FIG. l. Therefore, connection 224 represents a network or a direct connection to other equipment.
Processor 2(2 can be any type of processor capable of providing the speed and f!nctional!tN required bs, the emhodiments or the invention. or example, processor 202 as could be a processor from family of processors made by Intel Corporation, Motorola Incorporated, Sun Microsystems Incorporated, Compaq Computer Corporation and others Processor C'2 Nay also comprise a digital signal processor (DSP) and accompanying architect''re; such as a ASP from l exas hisiruneT't incorF'oiated.
In one embodiment ofthe invention, memory 210 and disk storage 218 may comprise a machine-readable medium and may include any medium capable of storing instructions adapted to be executed by a processor. Some examples of such media include, but are not limited to, read-only memory (ROM), random-access memory (RAM), programmable ROM, erasable programmable ROM, electronically erasable programmable ROM, dynamic RAM, magnetic disk (my, floppy disk and hard drive), optical disk Cog., lo CD-ROM) and any other media that may store digital information. In one embodiment of the invention, the instructions are stored on the medium in a compressed andlor encrypted format. As used herein, the phrase "adapted to be executed by a processor" is meant to encompass instructions stored in a compressed anchor encrypted format, as well as instructions that have to be compiled or installed by an installer before being executed by the processor. Further, system 200 may contain various combinations of machine readable storage devices through various I/O controllers, which are accessible by processor 202 and which are capable of storing a combination of computer program instructions and data.
Memory 210 is accessible by processor 202 over bus 208 and includes an operating system 216, a program partition 212 and a data partition 214. In one embodiment ofthe invention, operating system 216 may comprise an operating system sold by Microsoft Corporation, such as Microsoft Windows 95, Go, 2000 and NT, for example. Program partition 2! 2 stores and altos exCCutiQn by processor 202 o, program instructions that anpiemeit cite Rinctions of cock;es?ectie system des-riLcd herein Data partition 214 is accessible by processor 202 and stores data used during the execution of program instructions pri,',ram partition 212. may contain program instructions that Nina) ,- cu;;eciely referred to herein as a monitored program module, a managing program module and a s monitoring program module. Of course, the scope of the invention is not limited to this particular set of instructions or groupings of instructions.
In one embodiment of the invention, the monitored program module may reside in the program partition 2 l 2 of a system 200 operating as a network node that is part of network 102, such as network node 104, for example. The monitored program module to operates to communicate with the managing program module to periodically request authorization to execute a target software program. A target software program as used herein may refer to any software application or program to be monitored for usage. In one embodiment of the invention, the target software program may reside in program partition 212 of network node 104 with the monitored program module, for example.
is In one embodiment of the invention, the monitored program module may comprise a combination of instructions added to a target software program and instructions stored as part of a usage library. The term "usage library" as used herein may refer to one or more predefined programming modules available for use by the target software program. In this embodiment of the invention, the predefined programming modules may perform the functions of creating a request for authorization to execute message, sending the request to the managing program, receiving an authorization message with a time interval, receivin a termination messa:ge, monitoring a clock; to send another authorization message with a time interval, and so rorrh Upon activation, the modified target software program may rmake soi.vYare _a''s to one Or me e pred-fined programrT ing modules that form the visage 2s liS,ar-Y: at appropriate times during the execution cycle ofthe modified target software g program. A software call may refer to a request by one program module for execution of instructions stored as part of another program module.
In one embodiment or the itvention, the managing pros ram module may reside in program partition 212 of a system 200 operating as the same or another network node that is part of network 102, such as network node 106, for example. The monitored program module operates to communicate with the monitored program module to authorize and track usage of the target software program. The managing program module also communicates with the monitoring program module To communicate 'usage time for a monitored program. The term "usage time" as used herein refers to the length oftime a lo monitored program is in authorized use or is being executed with authorization.
In one embodiment ofthe invention, the monitoring program module may reside in program partition 212 of a system 200 operating as a network server, such as network server I 18, for example. The monitoring program module operates to communicate with the managing program module to receive time usage information and report the time usage ES information to an interested party. For example, the monitoring program module may use the time usage information to calculate a cost for using the target software program and bill the appropriate party accordingly.
In one embodiment of the invention, I/O adapter 204 may comprise a network adapter or network interface card (TIC) configured to operate using any suitable technique for controlling communication signals between computer or network devices using a desired set of communications protocols, services and operating procedures, for example.
In one embodiment ofthe invention, I/O adapter 204 may operate, for example, in accordance Wiitl the TCP/TP Specification. Although l/O adapter 204 nnay operate in accQrdancc x, ith the TCP/IP Spev;fic?.tin, it can be appreciated that [/O adapter 204 nay operate v ith ant, suitable technique for controlling communication signals between q computer or network devices using a desired set of communications protocols, services and operating procedures, for example, Ad still fall within the scope of the hvention. T/O adai1ier 204 also includes appropriate connectors for connect,,e lace 2 7 6 with a suitable communications medium. IIO adapter 204 may receive communication signals s over any suitable medium such as copper leads, twisted-pair wire, co- axial cable, fiber optics, radio frequencies, and so forth.
The operations of systems 100 and 200 may be further described with reference to FIGS. 3, 4 and 5 with accompanying examples. Although FIGS. 3, 4 and 5 presented herein may include a particular processing logic, it can be appreciated that the processing i o logic merely provides an example of how the general functionality described herein can be implemented. Further, each operation within a given processing logic does not necessarily have to be executed in the order presented unless otherwise indicated.
FIG. 3 is a block flow diagram ofthe programming logic performed by a managing program module in accordance with one embodiment of the invention. The term managing program module refers to the software and/or hardware used to implement the functionality for authorizing and recording the time a target software program is in authorized use or is being executed with authorization as described herein. In this embodiment ofthe invention, network node 106 may perform the functionality described with reference to the managing program module. It can be appreciated that this functionality, however, may be implemented by any device, or combination of devices, located anywhere in a communication network and still fall within the scope of the invention.
FIG. 3 iliu,tra.es a programmhg logic 3G0 that lichen executed by a processor, such as if. oces,or 202, rr By perform tire functionality described therein. A determination 2s is made as to whether a monitored program is authorized to execute at block 302. The term "monitored program" as used herein may include a target software program usage time for the monitored program is m easured at block 3Q] The usage tTrrc is sent to a monitoring p rograr1 at,i;'ck i(j6.
In one embodiment of the invention, the determination at block 302 may be performed using a periodic authorization process. For example, a request t'or authorization to execute is received from the monitored program. The monitored program is authorized to execute for a time interval. The term "time interval" as used herein may refer to a time period during which the monitored program may be authorized to execute. 'i'he time interval is sent to the monitored program. This process may continue on a periodic basis 0 until a terminating event has occurred. Once the terminating event occurs, the time intervals for each repeated process may be added together to form the usage time. For example, if three time intervals were sent to the monitored program prior to the terminating event, the three time intervals would be added together to form the usage time.
It can be appreciated that the time intervals may be the same or different and still fall is within the scope of the invention.
In one embodiment ofthe invention, the terminating event may comprise receiving a message indicating use or execution of the program has stopped. For example, the monitored program may receive an instruction to terminate execution by a user. Prior to terminating, the monitored program may send a message to the managing program indicating that the monitored program has received a terminating instruction and therefore will no longer be executing.
In one embodiment of the invention, the terminating event may comprise failing to receive another rer!uest for authorization to exec,itc within irhe time interval. This may occur, for exan-ple, ,. the rmoniored pr; :gran 'has is, ;naturely er.n,in?.ted Nail tho, t time to
IT
send a termination message to the managing program, such as in the event of a power failure or computer ma!fi'nc.tion In one embodiment of the invention, the mon;-ored,ro,rarn and the managing program communicate with each other using a secure method. One example of a secure s method may be an encryption/decryption scheme. For example, the monitored program and managing program may communicate to each other using messages cncryptedldecryptcd in accordance with various security schemes. One embodiment of the invention may use a symmetric scheme, for example. A symmetric scheme as used herein may refer to a security scheme where both parties use the same security code or lo "key" to encrypt and/or decrypt a secure message. In one embodiment ofthe invention, the monitored program and managing program are configured to communicate information using a symmetric scheme in accordance with the Data Encryption Standard (DES) or Triple DES (TDES) as defined by the National Institute of Standards and Technology, Federal Information Processing Standards Publication 46-3, October 25, Is i995, and available from "http://csrc. nist.gov/cryptval/des/desval.html" ("DES Specifications'), although the embodiments of the invention are not limited in this context.
Once a usage time has been determined, the managing program may send the usage time to a monitoring program. The monitoring program may reside at a computer or server other than the monitored program or the managing program, although the invention is not limited in this context. In one embodiment of the invention, the managing program and the monitoring program both reside at a computer or server capable of communicating information in accordance with the TCP/IP Specification. h10re particularly, the n-,ana,ing program lay request a connection formed in accordance with the Hypertext Transfer Protocol (H]-! PA as defined by the IF. I F draft standard RFC 2616. June 1995 ?.5 ("0P Specification), and the Secure HOP (S-HfI P) as defined by the IETF experimental standard RFC 2660, August 1999 ("Si-Hi(P Specification), both available from "ww\.ietf.oro," although the embodiments ofthc invention are not 'imited in this context. v3nc,- conr,ection is made, the usage time may be sent to the monitoring p.ogr..m over the connection.
s Similar to the communications between the monitored program and the managing program, communications between the managing program and the monitoring program may be secure communications. One example of a secure method may be an encryption/decryption scheme. For example, the managing program and monitoring program may communicate to each other using messages encryptea/decrypted in in accordance with various security schemes. One embodiment of the invention may use an asymmetric scheme. An asymmetric scheme as used herein may refer to a security scheme where both parties use different keys to encrypt and/or decrypt a secure message.
In one embodiment of the invention, the managing program and monitoring program are configured to communicate information using an asymmetric scheme in accordance with the Secure Sockets Layer (SSL) Protocol Version 3.0 Internet draft as defined by the iETF, November 1996 ("SSL Specification"), or the Transport Layer Security (TLS) Protocol draft standard as defined by the IETF RFC 2246, January 1999 ("TLS Specification), both available from "www.ietf:ora," although the embodiments of the invention are not limited in this context. Furthermore, the monitoring program may act as so a single trusted source that may issue a certificate of authority for use by the managing program to, for example, authenticate the IP address for the monitored program, managing program or monitoring program.
11 is;orchy to note that although pa, Ocular embodiments of the im,enfion may use synirr.:.ric or asymmetric security schemes, it can he appreciated that any security scheme ^5 may he used to communicate information between the monitored program, the managing program and the monitoring program, and still fall within the scope ofthc embodiments of the inv ention.
The managing program may Who, exccurion for a n'niiijfed program in a number of different ways. For example, the managing program may have an authorization table in memory. T he authorization table may include, for example, a name for the monitored program' whether the monitored program is authorized to execute, and a predetermined time interval associated with the monitored program. An example of an authorization table is shown in Table i below.
lo TABLE 1
Monitored Program Authorization | Time Interval Program I Yes 10 minutes Program 2 Yes I hour Program 3 Yes I day Program 4 No NA Once the managing program receives a request for authorization to execute from the monitored program, the managing program may search the authorization table using the program name. Once the program name is found, the managing program may : determine whether the monitored program is authorized to execute, and if so, it may retrieve a predetermined time interval for the monitored program to execute. The managing program may then send the time interval to the monitored program.
r or exa;nnic.rthe monitors 1 Program is identified as 'Program i the managing program may use She authorization table to detcrm;ne that Program i is author izc:i to 19' cxccute, and retrieve the corresponding time interval of 10 minutes. The managing, program may then send the time interval of 10 minutes to the monitored program. The .ioniiv:d pros ram c u'.d then know that it must send another request for att}v,.;o.. to execute message within 10 minutes to continue executing, or else it may be terminated. In s another example, if the monitored program is identified as 'Program 4," the managing program may use the authorization table to determine that Program 4 is not authorized to execute. The managing program may then respond in a number of ways, such as seeking authorization TOr the monitored program from the monitoring program, recording the number of attempts a monitored program seeks to request authorization, or send a 0 termination message to the monitored program.
It can be appreciated that Table I is illustrative in nature and that the embodiments of the invention are not limited in this context. For example, the authorization table may omit a field for "Authorization" and merely use the field for "Time Interval" to imply whether authorization is granted. For example, the field for "Time Interval" may contain a default value that may be defined to mean authorization was not permitted, such as "NA" or "O".
Furthermore, it can be appreciated that the length of the time interval may vary according to a particular network or system configuration. As a general matter, the shorter the time interval the more accurate the usage time may be determined. For example, if a monitored program were to terminate prematurely, a smaller time interval would approximate total usage time for the monitored program more accurately than a larger time interval. This may be particularly important if a user were charged for use of a monitored prororan1 based on the usage time, for example.
FIG it. 'a a blocs; flo w diagram oft!le pro,,rranmin,g iocgic,rpe!, rormed by a as monitored program module in.accordance with one embodiment of the invention. The tend monitored program module refers to the software and/or hardware used to mpiement the functionality tor requesting authorization to execute, and if necessary terminating the monitored program, as described father herein In this emlodbttent of the invention, network node 104 may person the functionality described with reference to the monitored program module. It can be appreciated that this functionality, however, may be implemented by any device, or combination of devices, located anywhere in a communication network and still fall within the scope ofthe invention.
F1CT. 4 i!!ustrates a programmi tg logic 400 that Then executed by a processor, such as prOCeSSG 202, may perform the l-unctionaiity described herein. A determination is made as to whether a monitored program has authorization to execute at block 402. At block 404, the monitored program is executed in accordance with the determination at block 402.
In one embodiment of the invention, the determination at block 402 may comprise a query to a managing program. For example, the monitored program may send a message to the managing program requesting authorization to execute. The managing program may respond by sending the monitored program authorization to execute, along with a time interval for execution. This process may be repeated by having the monitored program send anotherrequest for authorization prior to the received time interval. In other words, the monitored program may execute as long as it receives proper authorization from the managing program in the form of a received message with a time interval. Once the monitored program is finished executing, such as when it receives a request to ennirtate from a user, the monitored program may send a termination message to the managing program. The tenT'.ination message ma) in.fonn the managing progrram that execution of the monitored program has been terminated.
In one embodiment of the invention, the momtored program may be instructed to terminate if the monitored program fails I-' receive an authorization message and time imcvai front the managing program within a predetermined time Uckf. li kc predetermined time period may be any desired period oftime, e.g., 10 minutes. in another i embodiment of the invention, the monitored program may be instructed to terminate if the monitored program fails to receive an authorization message and time internal from the managing program after a predet rmincd number of requests for authorization to execute without reply. In both cases, tile failure to receive an authorization message from the managing program may indicate that the monitored program is no longer running in a in secure environment and therefore reliable usage time may not be guaranteed by the monitoring process.
FIG. 5 is a block flow diagram of the programming logic performed by a monitoring program module in accordance with one embodiment ofthe invention. The term monitoring program module refers to the software and/or hardware used to IS implement the functionality for monitoring usage time for a monitored program as described herein. In this embodiment of the invention, network server 1 18 may perform the functionality described with reference to the monitored program module. It can be appreciated that this functionality, however, may be implemented by any device, or combination of devices, located anywhere in a communication network and still fall within JO the scope of the invention.
FIG. 5 illustrates a programming logic 500 that when executed by a processor, such as processor 202, may perform the functionality described therein. usage time for a monitored program is received over a.,etNvork connection at bifock:02. The usage time may rcgo..^d t., a us r ccrres?o., ding o the monitored program at bloat. 5f91. For ?.'. example, a user profile may be.ssociated N'ith each rnfanitf!red program. The user profile may cont<.in tor example, Tnformadnn regard ing uhc, ,.cd r;c rep of the rho,, itorcd program, a person responsible tor paying for use of the monitored program, costs associated with using the monitored program, a billing address for the responsible person, and so forth. The monitoring program nay use the user profile to automatically determine a cost value for use ofthe monitored program based on the usage time, and send a bill to the person responsible for paying for such use. The term "automatically'' as used herein refers to performing the stated function without human intervention.
In addition, the monitoring program may create, manage and update authorization tables for the managing program. For example, if a new monitored program were to be managed by the managing program, the appropriate information would be added to the authorization table for the managing program. In one embodiment of the invention, this could be accomplished by sending the modifications to the managing program and having the managing program update its own authorization table. In another embodiment of the invention, the monitoring program may send a new authorization table to the managing program to replace the previous authorization table. In both cases, the monitoring program may update the authorization on a periodic basis, or when the monitoring program receives a modification request from, for example, the managing program or an authorized user as defined in the user profile. -)
Claims (5)
- CLAIMS: l. A method to monitor use of a program, comprising: receiving ausage time for a monitored program over a network connection, said usage time representing a time said monitored program executed with authorization; and reporting said usage time to a user corresponding to said monitored program.
- 2. The method of claim l. further comprising: determining a cost value associated with said usage time; and sending said cost value to said user.
- 3. The method of claim l, further comprising sending an authorization table to a managing program, said authorization table having at least one monitored program and a corresponding time interval.
- 4. A computer program comprising computer program code means adapted to perform all the steps of any of claims 1-3 when that program is run on a computer.
- 5. A computer program as claimed in claim 4 when embodied on a computer readable medium. /9
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/804,673 US20020144124A1 (en) | 2001-03-12 | 2001-03-12 | Method and apparatus to monitor use of a program |
| GB0322499A GB2391364B (en) | 2001-03-12 | 2002-02-28 | Method and apparatus to monitor use of a program |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB0511583D0 GB0511583D0 (en) | 2005-07-13 |
| GB2412462A true GB2412462A (en) | 2005-09-28 |
| GB2412462B GB2412462B (en) | 2005-12-07 |
Family
ID=34913645
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0511584A Expired - Fee Related GB2412463B (en) | 2001-03-12 | 2002-02-28 | Method to monitor use of a program |
| GB0511583A Expired - Fee Related GB2412462B (en) | 2001-03-12 | 2002-02-28 | Method to monitor use of a program |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0511584A Expired - Fee Related GB2412463B (en) | 2001-03-12 | 2002-02-28 | Method to monitor use of a program |
Country Status (1)
| Country | Link |
|---|---|
| GB (2) | GB2412463B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5292596A (en) * | 1991-05-13 | 1994-03-08 | United Technologies Corporation | Force-transmitting surfaces of titanium protected from pretting fatigue by a coating of Co-Ni-Fe |
| US5940504A (en) * | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
| US6141652A (en) * | 1995-10-10 | 2000-10-31 | British Telecommunications Public Limited Company | Operating apparatus |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE69724946T2 (en) * | 1997-07-31 | 2004-08-12 | Siemens Ag | Program rental system and method for renting programs |
-
2002
- 2002-02-28 GB GB0511584A patent/GB2412463B/en not_active Expired - Fee Related
- 2002-02-28 GB GB0511583A patent/GB2412462B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5292596A (en) * | 1991-05-13 | 1994-03-08 | United Technologies Corporation | Force-transmitting surfaces of titanium protected from pretting fatigue by a coating of Co-Ni-Fe |
| US5940504A (en) * | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
| US6141652A (en) * | 1995-10-10 | 2000-10-31 | British Telecommunications Public Limited Company | Operating apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| GB2412463B (en) | 2005-12-07 |
| GB0511584D0 (en) | 2005-07-13 |
| GB2412463A (en) | 2005-09-28 |
| GB0511583D0 (en) | 2005-07-13 |
| GB2412462B (en) | 2005-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1414215B1 (en) | System and methodology providing automation security protocols and intrusion detection in an industrial controller environment | |
| WO2002073381A2 (en) | Method and apparatus to monitor use of a program | |
| US6055636A (en) | Method and apparatus for centralizing processing of key and certificate life cycle management | |
| CA2313851C (en) | Securing feature activation in a telecommunication system | |
| EP1706825B1 (en) | Avoiding server storage of client state | |
| US6381631B1 (en) | Method and apparatus for controlling client computer systems | |
| US20050044378A1 (en) | Apparatus, system, and method for authorized remote access to a target system | |
| US20070174901A1 (en) | System and method for automatic wireless network password update | |
| US20050108575A1 (en) | Apparatus, system, and method for faciliating authenticated communication between authentication realms | |
| EP1802025B1 (en) | Regular content check method, content transmission/reception system, transmitter, and receiver | |
| US20080175387A1 (en) | Systems and methods for rejoining a second group of nodes with a first group of nodes using a shared group key | |
| CA2462673A1 (en) | Systems and methods for providing digital rights management compatibility | |
| WO2003107153A2 (en) | Method for configuring and commissioning csss | |
| CN101340278A (en) | License management system and method | |
| US7594107B1 (en) | Method and apparatus for updating web certificates | |
| US8588420B2 (en) | Systems and methods for determining a time delay for sending a key update request | |
| JPH10161880A (en) | Remote control system | |
| CN113656101A (en) | Authorization management method, system, server and user side | |
| US11297063B2 (en) | Method for user administration of a field device | |
| GB2412462A (en) | Monitoring usage of a program over a network | |
| JP6175600B2 (en) | Security domain control method | |
| KR20080060010A (en) | System for controlling total access based on user terminal and method thereof | |
| Granzer et al. | Security analysis of open building automation systems | |
| JP2013519958A (en) | Method for remotely locking / unlocking a machine | |
| US20060026436A1 (en) | Method for authentication in an automation system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20150228 |