GB2412463A - Determining authorisation for execution of a monitored program - Google Patents
Determining authorisation for execution of a monitored program Download PDFInfo
- Publication number
- GB2412463A GB2412463A GB0511584A GB0511584A GB2412463A GB 2412463 A GB2412463 A GB 2412463A GB 0511584 A GB0511584 A GB 0511584A GB 0511584 A GB0511584 A GB 0511584A GB 2412463 A GB2412463 A GB 2412463A
- Authority
- GB
- United Kingdom
- Prior art keywords
- program
- monitored
- managing
- authorization
- execute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 45
- 238000000034 method Methods 0.000 claims abstract description 23
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 15
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 238000013478 data encryption standard Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000000737 periodic effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 244000144992 flock Species 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011017 operating method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005192 partition Methods 0.000 description 2
- 239000000523 sample Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 244000291564 Allium cepa Species 0.000 description 1
- 235000002732 Allium cepa var. cepa Nutrition 0.000 description 1
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 241000237988 Patellidae Species 0.000 description 1
- 101100355633 Salmo salar ran gene Proteins 0.000 description 1
- 240000008042 Zea mays Species 0.000 description 1
- 235000005824 Zea mays ssp. parviglumis Nutrition 0.000 description 1
- 235000002017 Zea mays subsp mays Nutrition 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 235000005822 corn Nutrition 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 150000002500 ions Chemical class 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 101150083745 preT gene Proteins 0.000 description 1
- 238000003756 stirring Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
- G06F11/3419—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment by assessing time
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/86—Event-based monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2135—Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
Abstract
A method to manage use of a program determines whether a monitored program has authorisation to execute and in accordance with the determination so the monitored program is executed.
Description
24 1 2463 NrE,11:lC)r) TO 1\lIOR USE, OF A P-KO(RALM
BACKGROUND
Software programs are easily duplicated using conventional copying technologies.
A software program typically comprises a set of instructions that are typically stored in some form of machine-readable media, such as magnetic disk, optical disk, random-access memory (RAM), read-only memory (ROM), and so forth. T he task of copying these instructions from one maclinereadable media to another is relatively trivial, and may be 0 accomplished any number of ways.
Consequently, various technologies have been developed to control and manage the nun of Ore One Boa' o<.';cse,ccEnoogies may De to facilitate the distribution and use of software by authorized users, while minimizing or preventing use of the software by unauthorized users. The term "authorized" may refer to those users permitted to use the software, while "unauthorized" may refer to those users not permitted to use the software. Basis for permission may be, for example, contingent upon paying a fee for use of the program.
One type of technology used to control and manage the distribution and use of software may be generally referred to as a "permission-haled" technology. In pcrmission 7o based technology, the program may have a user enter a passcode prior to allowing the program to execute. The passcode typically comprises a unique combination of alphanumeric characters or symbols Thus, eaten if a user revere to retrieve an unauthorized Copy of the program., it would not operate without the appropriate passcode DS,.'..,.:3 Sha-12-- 'gC.; C[(J,;Gi, however. are unsatst^acto,ry tor a ma nber of 2 reasons For e sample, .h_ use may have co undertake the administrative burden of i retrieving the passcodc prior to using a program. In addition, the user may have to enter the passcode prior to every use of it-c program. This may be tedious and time-consuming for the user, especially if they make frequent use of the protected software. Moreover, these administrative tasks may become much more burdensome when multiple copies of the program are being executed on multiple maclrines, such as hi a corporate or network environment. Further, if the passcode fleas compromised unauthorized users may use the passcode to activate illegally copied versions of the software program.
In view of the foregoing, it can be appreciated that a substantial need exists for a method andfor apparatus that solves the above-discussed problems.
ONION
According to a first aspect of this invention there is provided a method as claimed in claim 1 herein.
According to a second aspect of this invention there is provided a computer program as claimed in claim 6 herein.
Preferred features of the invention are defined by the dependent claims.
BRIEF DESCRIPTION OF TE:lE8AWINGS
The subject matter regarded as embodiments ofthe invention is particularly pointed out and distinctly claimed in the concluding portion of the specification.
Embodiments ofthe invention, however, both as to organization and method of operation, together with objects; features, and ac!vantages thereof, may best be understood by efcrence to if he oiloving detailed description when read with the aCcOrnD?anying drains rigs in which: ? FIG. 1 is a system suitable for practicing ore embodiment of the invention.
FIG. 2 i' a}flock diagram of a system in accordance with one e.mlodiment or the invention.
FIG. 3 is a block flow diagram ofthe programming logic performed by a managing program module in accordance with one embodiment of the invention.
FIG. 4 is a block flow diagram of the programming logic performed by a monitored progran1 module in accordance with one embodiment of the invention.
FIG. 5 is a block flow diagram of the programming logic performed by a monitoring program module in accordance witl, one embodiment ofthe invention.
DETAILEI) DESCRIPTION
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the invention. it wil I be understood by those skilled in the art, however, that the embodiments of the invention nnay be practiced without these specific details. In other instances, well-known methods, lo procedures, components and circuits have not been described in detail so as not to obscure the embodiments ofthe invention.
The embodiments of the invention comprise a method and apparatus to securely monitor use of a software program over a network. More particularly, the embodiments of the invention may authorize use of a software program, monitor the use of a software program, and measure the time the software program is in authorized use. The owner may use the measured time for any number of purposes, such as reporting, billing, tracking and so forth.
The embodiments of the invention may reduce the disadvantages associated with conventional permission-based technologies For example, the user may no longer need to procure and input a passcode prior to using the software program. This may potentially reduce the administrative burden on an authorized user, as well as the risk of a passcode being utilized by unauthorized users. In another example, the costs or fees for use ofthe software program may vary as usage diaries, to more accurately reflect the true commercial vah!e of the softest are if,, ograrn. This may provide advantages offer arcs ions techniques that attempt to gain value from the software program by, for example, selling a single or mciti-use- license for the software program.
it is worthy to note that any reference in the spccificat.cn.c, "one c.mh, l iTrcot" Gil "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the invention.
The appearances ofthe phrase "in one embodiment" in various places in the specification are not necessarily ail referring to the same embodiment.
Referring now in detail to the drawings wherein like parts are designated by like reference numerals throughout, there is illustrated in FIG. I a system suitable for l o practicing one embodiment of the invention. FIG. I is a block diagram of a system 00 comprising a network 102, a network 114 and a network server 118. In one embodiment ofthe invention, network 102 may comprise network nodes 104, 106 and 108, with each capable of communicating with each other over a communication medium 1 10. Network nodes 104, 106 and 108 may comprise, for example, a personal computer, server, network appliance, gateway, router, switch and so forth. Network 102 may be capable of communicating with network 114 over communication medium 112. Network 114 may comprise one or more network nodes (not shown) that are capable of communicating information from network 102 to network server 1 18. Network 114 may be capable of communicating with network server 1 18 over communication medium 1 16. In this JO embodiment of the invention, network 100 and its various component parts may be configured to operate in accordance with any number of networking technologies, and may include, for example, the various hardware, soRvarc and connectors necessary to cornrnunicate information neNscen nerv,.ork nodes. TT1 one embodiment ofthe invention, r,ctwork 100 is configured to conmumcate information in accordance with the Transmission Control Iiotocol (TCP) as defiecd by the Intcrnet F:n,ineering Task Force (IETF) standard 7, Request For Comment (RI:C) 793, adopted in September, 19Sl, and the lnlcinet Protocol LIP) as defined by the TETE standard 5, RI-C 791, adopted;n Se,-,tenber, 1981, both 2,a'!ab!e t.! 's,&.e't or;r ' {''i (!i'ip St.f.cipcation,').
FIG. 2 is a block diagram of a system 200 in accordance with one embodiment of the invention. System 200 may be representative of a network node, such as network nodes IG4, i 06 and 108, and network server 1 18, for example. As shown in FIG. 2, system 200 includes a processor 202, an inputloutput (110) adapter 204, an operator interface 206, a memory 210 and a disk storage 218. Memory 210 may store computer program instructions and data. The term "program instructions" may include computer TO code segments comprising words, values and symbols from a predefined computer language that, when placed in combination according to a predefined manner or syntax, cause a processor to perform a certain function. Examples of a computer language may include C, C - , lisp and assembly. Processor 202 executes the program instructions, and processes the data, stored in memory 210. Disk storage 218 stores data to be transferred to and from memory 210. I/O adapter 204 communicates with other devices and transfers data in and out of the computer system over connection 224. Operator interface 206 may interface with a system operator by accepting commands and providing status information.
All these elemer,ts are interconnected by bus 208, which allows data to be intercommunicated between the elements. I/O adapter 204 represents one or more I/O adapters or network interfaces that can connect to local or wide area networks such as, for example, the networks described in FiG. 1. Therefore, connection 224 represents a network or a direct connection to other equipment.
Processor 202 can be any type of processor capable of providing the speed and functionality required by t',e e;mboline.,ts of he ins ention. For exerr pie, processor 202 I,; could Se a processor froth fz,ni!, of processors made by Intel Corporation, Motorola Incorporated, Sun Microsystems Incorporated, Compaq Computer Corporation and others.
Processor 202 may also comprise a digital signal processor (DSP) and accompanying rcnicecture, such as a DSE' from Texas Instruments iricorporated.
In one embodiment ofthe invention, memory 210 and disk storage 218 may comprise a machine-readable medium and may include any medium capable of storing instructions adapted to be executed by a processor. Some examples of such media include, but are not limited to, read-only memory (RON1), random-access memory (RAM), programmable ROM, erasable progrannmable ROM, electronically erasable programmable ROM, dynamic RAM, magnetic disk, floppy disk and hard drive), optical disk (e.., 0 CD-ROM) and any other media that may store digital information. In one embodiment of the inyention, the instructions are stored on the medium in a compressed and/or encrypted format. As used herein, the phrase "adapted to be executed by a processor" is meant to encompass instructions stored in a corn pressed and/or encrypted format, as well as instructions that have to be compiled or installed by an installer before being executed by the processor. Further, system 200 may contain various combinations of machine readable storage devices through various I/O controllers, which are accessible by processor 202 and which are capable of storing a combination of computer program instructions and data.
Memory 210 is accessible by processor 202 over bus 208 and includes an operating system 216, a program partition 217 and a data partition 214. In one embodiment ofthe invention, operating system 216 may comprise an operating system sold by Microsoft Corporation, s'. ch as Microsoft Windows 95, 98, 2000 and NT, for example. Program i tt;oi Or' it; S 2;iCi -!C S Antic! rear r rC'q<:r)r En? of Tro:ran1 instructions that limpet,he,u,,ct,ons of each respectiN'e systerr'. described herein. Data partition 214 is accessible by processor 2Q2 and stores data used during the execution of program instructions Program partition 2 l A. may certain program instnJctions that may be collectively referred to herein as a monitored program module, a managing program module and a monitoring program module. Of course, the scope ofthe invention is not limited to this particular set of instructions or groupings of instructions.
In one embodiment of the invention, the monitored program module may reside in the program partition 212 of a system 200 operating as a network node that is part of network 02, such as network node 104, for example. The monitored program module id operates to communicate with the managing program module to periodically request authorization to execute a target software program. A target software program as used herein may refer to any software application or program to be monitored for usage. In one embodiment ofthe invention, the target software program may reside in program partition 212 of network node 104 with the monitored program module, for example.
In one embodiment of the invention, the monitored program module may comprise a combination of instructions added to a target software program and instructions stored as part of a usage library. The term "usage library" as used herein may refer to one or more predefined programming modules available for use by the target software program. In this embodiment ofthe invention, the predefined programming modules may perform the functions of creating a request for authorization to execute message, sending the request to the managing program, receiving an authorization message with a time interval, receiving a termination message, monitoring a clock to send another authorization message with a time rnreral, and so forth. ;Jpon activation. the modified target software program may make software calls to one or more Redefined prograrn.nir= modules that Worry the usage library at appropriate times during the execution cycle ofthe modified target software program A software call may refer to a request by one program module for execution of instructions str,red as past of.?nother program module.
In one embodiment ofthe invention, the nar.=ing, barogram module clan' reside in program partition 212 of a system 200 operating as the same or another network node that is part of network 102, such as network node 106, for example. The monitored program module operates to communicate with the monitored program module to authorize and track usage of the target software program. The managing program module also communicates with the monitoring program module to communicate usage time for a monitored program. T he term "usage time" as used herein refers to the length oftime a lo monitored program is in authorized use or is being executed with authorization.
In one embodiment ofthe invention, the monitoring program module may reside in program partition 212 of a system 200 operating as a network server, such as network server 1 18, for example. The monitoring program module operates to communicate with the managing program module to receive time usage information and report the time usage information to an interested party. For example, the monitoring program module may use the time usage information to calculate a cost for using the target software program and bill the appropriate party accordingly.
In one embodiment of the invention, I/O adapter 204 may comprise a network adapter or network interface card (NIC) configured to operate using any suitable technique for controlling communication signals between computer or network devices using a desired set of communications protocols, services and operating procedures, for example.
In one embodiment of the invention, I/O adapter 204 may operate, for example, in accordance with the TCP/P Specificatio... Although T/0 adapter 204 may operate in accordance zenith the TCP/Ir' S?ecificatior, it can he appreciated that l/O adapter ?04 may operate with any suitable technique for controlling communication signals between computer or network devices using a desired set of communications protocols, services and operating procedures, for example, and stir' fall within he. scope of the invention. [/Q adapter.04 also i-chac:s appropriate connectors for cnnectirg interface 216 with a suitable communications medium. I/O adapter 204 may receive communication signals s over any suitable medium such as copper leads, twisted-pair wire, co-axial cable, fiber optics, radio frequencies, and so forth.
The operations of systems 100 and 200 may be further described with reference to FIGS. 3, 4 and 5 with accompanying examples. Although FIGS. 3, 4 and 5 presented herein may include a particular processing logic, it can be appreciated that the processing 0 logic merely provides an example of how the general functionality described herein can be implemented. Further, each operation within a given processing logic does not necessarily have to be executed in the order presented unless otherwise indicated.
FIG. 3 is a block flow diagram ofthe programming logic performed by a managing program module in accordance with one embodiment of the invention. The term : managing program module refers to the software and/or hardware used to implement the functionality for authorizing and recording the time a target software program is in authorized use or is being executed with authorization as described herein. In this embodiment ofthe invention, network node 106 may perform the functionality described with reference to the managing program module. It can be appreciated that this ho functionality, however, may be implemented by any device, or combination of devices, located anywhere in a communication network and still fall within the scope ofthe invention.
FIG. 3 iihstrA,es a programming logic 300 that lichen executed by a processor, such as processor 209, may perform the fi:nctionality described therein A. determination s i; made as to whether a monitored program. is authorized to execute at Flock 302. The term 'monitored program" as used herein may include a target software program. A usage time for the monitored program is measured at block 304. The usage time is sent to a monitoring program at block 306.
In one embodiment of the invention, the determination at block 302 may be performed using a periodic authorization process. For example, a request for authorization to execute is received from the monitored program. The monitored program is authorized to execute for a time interval. The term "time interval" as used herein may refer to a time period during which the monitored program may be authorized to execute. The time interval is sent to the monitored program. This process may continue on a periodic basis to until a terminating event has occurred. Once the terminating event occurs, the time intervals for each repeated process may be added together to form the usage time. For example, if three time intervals were sent to the monitored program prior to the terminating event, the three time intervals would be added together to form the usage time.
It can be appreciated that the time intervals may be the same or different and still fall within the scope of the invention.
In one embodiment ofthe invention, the terminating event may comprise receiving a message indicating use or execution ofthe program has stopped. For example, the monitored program may receive an instr'.ction to terminate execution by a user. Prior to terminating, the monitored program may send a message to the managing program so indicating that the monitored program has received a terminating instruction and therefore will no longer be executing.
In one embodiment of the invention, the terminating event may comprise failing to receive another request tor authorization to execute within the time interval. This may occur, for exarmple7 if the.monitorc-d program has preT:at.rely dominated without time to It send a termination message to the managing program, such as in the event of a power faihre or computer malfi'nction To one er..bodiment ofthe invention, the monitored program and the,].di'dgiNt program communicate with each other using a secure method. One example of a secure method may be an encryption/decryption scheme. For example, the monitored program and managing program may communicate to each other using messages encryptedldecrypted in accordance with various security schemes. One embodiment of ibe invention may use a symmetric scheme, for example. A symmetric scheme as used herein may refer to a security scheme where both parties use the same security code or id "key" to encrypt and/or decrypt a secure message. In one embodiment ofthe invention, the monitored program and managing program are configured to communicate information using a symmetric scheme in accordance with the Data Encryption Standard (DES) or Triple DES (TDES) as defined by the National Institute of Standards and Technology, Federal Information Processing Standards Publication 46-3, October 25, is 1995, and available from "http://csrc. nist.gov/cryptval/desidesval.html" ("DES Specification"), although the embodiments ofthe invention are not limited in this context.
Once a usage time has been determined, the managing program may send the usage time to a monitoring program. The monitoring program may reside at a computer or server other than the monitored program or the managing program, although the invention so is not limited in this context. In one embodiment ofthe invention, the managing program and the monitoring program both reside at a computer or server capable of communicating information in accordance With the TCP/IP Specification. More particularly, the managing program may request a connection formed in accordance with He Hypertext Transfer Protocol (BITTS) as defired by the IFTF draft standard RFC 961fi, June 1999 os ("HTTP Specification), and the Secure H IMP (S-HTTT') as defined by the IETF 1? experimental standard RFC 2660, August 1999 ("S-HTTP Specification), both available from '..vw.ietfor" although the embodiments ofthe invention are not limited in this context. Once connection, is,nca, .h usage time may Lee sent to the monitoring program over the connection.
s Similar to the communications benvecn the monitored program and the managing program, communications between the managing program and the monitoring program may be secure communications. One example of a secure method may be an encryption/decryption scheme. For example, the managing program and monitoring program may communicate to each other using messages encrypted/decrypted in lo accordance with various security schemes. One embodiment of the invention may use an asymmetric scheme. An asymmetric scheme as used herein may refer to a security scheme where both parties use different keys to encrypt and/or decrypt a secure message.
In one embodiment ofthe invention, the managing program and monitoring program are configured to communicate information using an asymmetric scheme in accordance with the Secure Sockets Layer (SSL) Protocol Version 3.Q Tnternet draft as defined by the IETF, November 1996 ("SSL Specification"), or the Transport Layer Security (TLS) Protocol draft standard as defined by the IETF REC 2246, January 1999 ("TLS Specification), both available from "www.ietf.o g," although the embodiments of the invention are not limited in this context. Furthermore, the monitoring program may act as so a single trusted source that may issue a certificate of authority for use by the managing program to, for example, authenticate the IP address for the monitored program, managing program or monitoring program.
It is worthy to note that although particular embodiments of the invention may use so;-rirnctric o. asymmef,ric secu. ity schemes, it can be ap,reciated that any security scheme as may be used to communicate information between the:nonitored program, the managing program and the monitoring program, and still fall within the scope ofthe embodiments of the invention.
The managing program may authorize execution for a monito,ed-progiam in a number of different ways. For example, the managing program may have an authorization table in memory. The authorization table may include, for example, a name for the monitored program, whether the monitored program is authorized to execute, and a predetermined time interval associated with the monitored program. An example of an authorization table is shown in Table i below.
in TABLE 1
| Monitoredpros.,ram Authorization | TimeInterval l
__
Program I Yes 10 minutes Program 2 Yes I hour Program 3 Yes 1 day Program 4 No NA Once the managing program receives a request for authorization to execute from the monitored program, the managing program may search the authorization table using the program name. Once the program name is found, the managing program may t5 determine whether the monitored program is authorized to execute, and if so, it may retrieve a predetermined time interval for the monitored program to execute. The managing program may then send the time interval to the monitored program.
Fear e),aT]]p.l? if the monitored pnrarn is identified as "Program 1'', the managing program may use the alrnorization table to determine that Program I is authorized to It execute, and retrieve the corresponding time interval of 10 minutes. The managing program may then send the time interY,I of] O minutes to the monitored program. The monitored pro'rauold item Mow id it it most send another request for authorization to execute message within 10 minutes to continue executing, or else it may be terminated. In s another example, if the monitored program is identified as "Program 4," the managing program may use the authorization table to determine that Program 4 is not authorized to execute. The managing program may then respond in a number of ways, such as seeking authorization for the monitored program from the monitoring program, recording the number of attempts a monitored program seeks to request authorization, or send a 0 termination message to the monitored program.
It can be appreciated that Table I is illustrative in nature and that the embodiments of the invention are not limited in this context. For example, the authorization table may omit a field for "Authorization" and merely use the field for "Time Interval" to imply whether authorization is granted. For example, the field for is "Time Interval" may contain a default value that may be defined to mean authorization was not permitted, such as "NA" or "O".
Furthermore, it can be appreciated that the length of the time interval may vary according to a particular network or system configuration. As a general matter, the shorter the time interval the more accurate the usage time may be determ ined. For example, if a so monitored program were to terminate prematurely, a smaller time interval would approximate total usage time for the monitored program more accurately than a larger time interval. This may be particularly important if a user were charged for use of a monitored program based on tr,e usage time, for example.
FIG. is a block floral diagram cf.he pro,,.am'rning logic pcrfor,ned by o; monitored program n odule in accordance with one embodiment ofthe invention. The terra monitored program module refers to the software auditor hardware used no implement the functionality for requesting authorization to execute, and if necessary tenninating the monitored program, as described further herein. fr this e'-3c<!i sent ofthe intention, network node 104 may perform the functionality discs ibed with reference to the s monitored program module. It can be appreciated that this functionality, however, may be implemented by any device, or combination of devices, located anywhere in a communication network and still fall within the scope ofthe invention.
FIG. 4 illustrates a program.m.ing logic 400 that when executed by a processor, such as process^,r 20, ,..ay perfori,, the functionality described therein. A determination lo is made as to whether a monitored program has authorization to execute at block 402. At block 404, the monitored program is executed in accordance with the determination at block 402.
In one embodiment of the invention, the determination at block 402 may comprise a query to a managing program. For example, the monitored program may send a message to the managing program requesting authorization to execute. The managing program may respond by sending the monitored program authorization to execute, along with a time interval for execution. This process may be repeated by having the monitored program send another request for authorization prior to the received time interval. In otherwords, the monitored program may execute as long as it receives proper authorization from the managing program in the form of a received message with a time interval. Once the monitored program is firiished executing, such as Men it receives a request to erTninate,rom a user, the monitored program may send a termination message to the managing program. The termination message may inform the managing program that execution of the monitored program nas been terminated.
In One emoodimer,t orthc invention, the monitored program may be instructed to terminate if the monitored program fails to receive an authorization message and time interval from the rnanagirg program within a predetermined time period. The predetermined thee period may be any u'esired period oftime, e.g., l0 minutes. In another embodiment ofthe invention, the monitored program may be instructed to terminate if the monitored program fails to receive an authorization message and time interval from the managing program after a predeterm ined number of requests for authorization to execute without reply. In both cases, the failure to receive an authorization nessage from the mmar,a,ing program may indicate that the monitored program is no longer running in a 0 secure environment and therefore reliable usage time may not be guaranteed by the monitoring process.
FIG. S is a block flow diagram of the programming logic performed by a monitoring program module in accordance with one embodiment ofthe invention. The term monitoring program module refers to the software and/or hardware used to implement the functionality for monitoring usage time for a monitored program as described herein. In this embodiment of the invention, network server I l 8 may perform the functionality described with reference to the monitored program module. It can be appreciated that this functionality, however, may be implemented by any device, or combination of devices, located anywhere in a communication network and still fall within the scope of the invention.
FIG. 5 illustrates a programming logic 500 that when executed by a processor, such as processor 20?, may perform the functionality described therein. A usage time for a monitored program is received over a r,e+. work connection at block 50. The usage time may be reported to a user corresponding to the monitored program at block 504. For example, a user profile may be associated with each monitored program. The user profile may contain, for e,mn!e, imrnrrnafinn regarr3ing ?u+horizcd se., bathe mrni+ored program, a person responsible for paying for use ofthe monitored program, costs associated with using the monitored program, a hilling address for the responsible person, and so forth. The monitoring program may use the or probe to automatically determine a cost value for use ofthe monitored program based on the usage time, and send a bill to the person responsible for paying for such use. The term "automatically,' as used herein refers to performing the stated function without human intervention In addition, the monitoring program may create, manage and update authorization tables for the managing program For example, if a ne's, IT cnitored program were to be to managed by the managing program, the appropriate information would be added to the authorization table for the managing program. In one embodiment ofthe invention, this could be accomplished by sending the modifications to the managing program and having the managing program update its own authorization table. In another embodiment of the invention, the monitoring program may send a new authorization table to the managing t5 program to replace the previous authorization table. in both cases, the monitoring program may update the authorization on a periodic basis, or when the monitoring program receives a modification request from, for example, the managing program or an authorized user as defined in the user profile. t'
Claims (7)
- --CLAIMS: A method to manage.;c of a program, comprising: determining whether a monitored program has authorization to execute; and executing said monitored program in accordance with said determination.
- 2. The method of claim 1, wherein said determining comprises: requesting authorization to execute from a managing program; and receivirig authorization to execute from said managing prograrr..
- 3. The method of claim 9, Farther comprising sending a termination message to said managing program.
- 4. The method of claim I, wherein said determining comprises: requesting authorization to execute from a managing program; and failing to receive authorization to execute from said managing program within a predetermined time period.
- 5. The method of claim 4, further comprising terminating execution of said monitored program.
- 6. A commuter program comprising computer program code means adapted to perform all the steps of any of claims 1-5 when that program is run on a computer.
- 7. A computer program as claimed in claim 6 when embodied on a computer readable medium.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/804,673 US20020144124A1 (en) | 2001-03-12 | 2001-03-12 | Method and apparatus to monitor use of a program |
| GB0322499A GB2391364B (en) | 2001-03-12 | 2002-02-28 | Method and apparatus to monitor use of a program |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB0511584D0 GB0511584D0 (en) | 2005-07-13 |
| GB2412463A true GB2412463A (en) | 2005-09-28 |
| GB2412463B GB2412463B (en) | 2005-12-07 |
Family
ID=34913645
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0511584A Expired - Fee Related GB2412463B (en) | 2001-03-12 | 2002-02-28 | Method to monitor use of a program |
| GB0511583A Expired - Fee Related GB2412462B (en) | 2001-03-12 | 2002-02-28 | Method to monitor use of a program |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0511583A Expired - Fee Related GB2412462B (en) | 2001-03-12 | 2002-02-28 | Method to monitor use of a program |
Country Status (1)
| Country | Link |
|---|---|
| GB (2) | GB2412463B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0895148A1 (en) * | 1997-07-31 | 1999-02-03 | Siemens Aktiengesellschaft | Software rental system and method for renting software |
| US5940504A (en) * | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
| US6141652A (en) * | 1995-10-10 | 2000-10-31 | British Telecommunications Public Limited Company | Operating apparatus |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5292596A (en) * | 1991-05-13 | 1994-03-08 | United Technologies Corporation | Force-transmitting surfaces of titanium protected from pretting fatigue by a coating of Co-Ni-Fe |
-
2002
- 2002-02-28 GB GB0511584A patent/GB2412463B/en not_active Expired - Fee Related
- 2002-02-28 GB GB0511583A patent/GB2412462B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5940504A (en) * | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
| US6141652A (en) * | 1995-10-10 | 2000-10-31 | British Telecommunications Public Limited Company | Operating apparatus |
| EP0895148A1 (en) * | 1997-07-31 | 1999-02-03 | Siemens Aktiengesellschaft | Software rental system and method for renting software |
Also Published As
| Publication number | Publication date |
|---|---|
| GB2412462A (en) | 2005-09-28 |
| GB2412462B (en) | 2005-12-07 |
| GB0511584D0 (en) | 2005-07-13 |
| GB2412463B (en) | 2005-12-07 |
| GB0511583D0 (en) | 2005-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2002073381A2 (en) | Method and apparatus to monitor use of a program | |
| US8261059B2 (en) | Secure file transfer and secure file transfer protocol | |
| US6823454B1 (en) | Using device certificates to authenticate servers before automatic address assignment | |
| US7353281B2 (en) | Method and system for providing access to computer resources | |
| EP1414215B1 (en) | System and methodology providing automation security protocols and intrusion detection in an industrial controller environment | |
| US8290163B2 (en) | Automatic wireless network password update | |
| US6643774B1 (en) | Authentication method to enable servers using public key authentication to obtain user-delegated tickets | |
| JP4030708B2 (en) | Prevention of illegal use of functional operation in telecommunications systems | |
| AU751475B2 (en) | Method and apparatus to control a client in a communications network | |
| US6154843A (en) | Secure remote access computing system | |
| US9425956B2 (en) | Method and system for transferring firmware or software to a plurality of devices | |
| US7590844B1 (en) | Decryption system and method for network analyzers and security programs | |
| US20040019656A1 (en) | System and method for monitoring global network activity | |
| US6990582B2 (en) | Authentication method in an agent system | |
| CA2287714C (en) | Protected keepalive message through the internet | |
| TWI242968B (en) | System for establishing and regulating connectivity from a user's computer | |
| US20050198165A1 (en) | Systems and methods for electronic information distribution | |
| WO2018088985A1 (en) | Information and telecommunication monitoring system, method of data monitoring and processing, and computer-readable data carrier | |
| WO2002014986A3 (en) | Method and apparatus for controlling or monitoring access to the content of a telecommunicable data file | |
| GB2412463A (en) | Determining authorisation for execution of a monitored program | |
| US20030196082A1 (en) | Security management system | |
| Rigoev et al. | Security aspects of smart meter infrastructures | |
| CN117319011A (en) | Communication safety monitoring system and method based on big data | |
| WO2002009346A1 (en) | A ubiquitous e-mail encryption component | |
| Yannuzzi et al. | COLLECTING POWER CONSUMPTION METRICS FROM OPERATIONALLY INACCESSIBLE NETWORKS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20150228 |