PREVENTINGUNAUTHORIZED USE OF ACTIVE CONTENT
GENERATOR SOFTWARE
FIELD OF THE INVENTION The present invention relates to Active Content Generator Software and web sites (servers) generally.
BACKGROUND OF THE INVENTION Active Content Generator Software and web site are well known. A known problem with such web sites is that they may be readily transferred to an unlicensed party who may use them in an unlicensed application without payment of required license fees.
SUMMARY OF THE INVENTION
The present invention seeks to provide a method, hardware and software, for preventing operation of Active Content Generator Software which has been transferred to unlicensed parties.
In the specification and claims of the present patent application, the term "Encrypted Server Page (ESP)" refers to a web page which is comprised of HTML, scripting and other components required to create an active content. This web page is encrypted and locked by a license key.
There is thus provided in accordance with a preferred embodiment of the present invention a method for preventing unauthorized use of active content generator software including the steps of installing an authorization latch on an active content generator processor, and installing a latch key for operating the authorization latch on an authorized server for enabling the authorized server to operate the authorization latch and thus enable the active content generator processor to be operative.
Further in accordance with a preferred embodiment of the present invention the step of installing an authorization latch on an active content generator processor comprises providing a dynamic load library (DLL) interposed between web server software and the active content generator processor.
Preferably, the DLL is interposed between the web server software and the
Preferably, the DLL is interposed between the web server software and the active content generator processor and includes an encrypted server page processor.
Additionally the encrypted server page processor and also includes a filter.
Still further in accordance with a preferred embodiment of the present invention the DLL is operative to receive requests from the web server software for encrypted server pages, to verify the authorization status of the web server software, and, when authorization exists, to decrypt requested encrypted server pages and to provide them to the active content generator processor.
Moreover in accordance with a preferred embodiment of the present invention the active content generator software includes active server page (ASP) software.
Additionally or alternatively the active content generator software includes Java server page (JSP) software.
Preferably, the method for preventing unauthorized use of active content generator software comprises an information server application program interface (ISAPI) filter. The filter may also include a file system filter.
There is also provided in accordance with yet another preferred embodiment of the present invention, a method for monitoring operation of active content generator software which includes the steps of providing a dynamic load library (DLL) interposed between web server software and the active content generator processor, employing the DLL for monitoring the operation of the active content generator software.
Further in accordance with a preferred embodiment of the present invention the DLL is interposed between the web server software and the active content generator processor and includes an encrypted server page processor. Preferably, the encrypted server page processor includes a filter.
Still further in accordance with a preferred embodiment of the present invention the DLL is operative to receive requests from the web server software for encrypted server pages, to verify the authorization status of the web server software, and, when authorization exists, to decrypt requested encrypted server pages and to provide them to the active content generator processor.
Moreover in accordance with a preferred embodiment of the present invention the active content generator software includes active server page (ASP) software.
Additionally or alternatively the active content generator software includes Java
server page (JSP) software.
Still further in accordance with a preferred embodiment of the present invention the filter includes an information server application program interface (ISAPI) filter.
Furthermore in accordance with a preferred embodiment of the present invention the filter includes a file system filter.
There is also provided in accordance with another preferred embodiment of the present invention a method for preventing unauthorized use of active server page (ASP) software including the steps of installing an authorization latch on an ASP processor, installing a latch key for operating the authorization latch on an authorized server for enabling the authorized server to operate the authorization latch and thus enabling the ASP processor to be operative.
Further in accordance with a preferred embodiment of the present invention the method for preventing unauthorized use of active server page (ASP) software includes the step of installing an authorization latch on an ASP processor and providing a dynamic load library (DLL) interposed between Internet Information Server (US) software and the ASP processor.
Preferably, the dynamic load library (DLL), interposed between Internet Information Server (IIS) software and the ASP processor, includes an encrypter server page processor.
The method for preventing unauthorized use of active server page (ASP) software also includes an information server application program interface (ISAPI) filter.
Additionally, the DLL is operative to receive requests from the IIS software for encrypted server pages, to verify the authorization status of the IIS software, and, when authorization exists, to decrypt requested encrypted server pages and to provide them to the ASP processor.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which:
Fig. 1 is a simplified block diagram illustration of a server employing functionality for preventing unauthorized use of active server page (ASP) software in
accordance with a preferred embodiment of the present invention; and
Fig. 2 is a simplified flow chart illustration of operation of the server functionality of Fig. 1 for preventing unauthorized use of active server page (ASP) software in accordance with a preferred embodiment of the present invention.
DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT
The present invention relates to monitoring and prevention of unauthorized use of active content generators. For the purpose of conciseness and clarity, the invention is described hereinbelow in the context of active server page (ASP) software and employs an ISAPI filter. It is to be appreciated that the application of the present invention is not limited to active server page software but rather applies to any suitable type of active content generators, such as for example Java Server Page generators, and is not limited to the use of ISAPI filters, but rather applies to any suitable type of filter, such as a file system filter.
Reference is now made to Fig. 1, which is a simplified block diagram illustration of a server employing functionality for preventing unauthorized use of active server page (ASP) software in accordance with a preferred embodiment of the present invention and to Fig. 2, which illustrates operation of the server functionality of Fig. 1.
As seen in Fig. 1, a web server 10, such as an Internet Information Server (IIS) commercially available from Microsoft Corporation, interacts with a client's web browser 12, such as the Microsoft INTERNET EXPLORER R or the Netscape COMMUNICATOR R. The Internet Information Server 10 receives requests from web browsers 12 over the Internet for both non-encrypted HTML and ASP pages and encrypted ESP pages.
In accordance with a preferred embodiment of the present invention, when a web page is sought to be downloaded to the client's browser from the web server 10, a notification, identifying the requested web page is supplied by the web server 10 to an Encrypted Server Page Internet Server Application Program Interface (ESP ISAPI) filter 14.
Upon receipt of such a notification, the ESP ISAPI filter 14 determines whether the requested web page is encrypted. This determination is preferably carried out by examining the extension of the URL of the web page. If the requested web page is not
encrypted, the ESP ISAPI filter 14 so informs the web server 10.
Requests for HTML pages are dealt with by server 10 in an entirely conventional manner. Requests for ASP pages are transmitted by server 10 to the ESP ISAPI filter 14 and thence directly to an Active Server Pages processor (ASP) 20 which processes the requested ASP page and, following such processing, provides the requested page in an HTML format to server 10.
Requests for ESP pages are transmitted by server 10 to ESP ISAPI filter 14, which employs a License Manager Client Library 16 to interrogate with a License Manager Server Software 18, as to whether the requested ESP pages are licensed. In accordance with a preferred embodiment of the present invention, the License Manager Server Software 18 as well as License Manager Client Library 16 are embodied in the PRIVILEGE LM server commercially available from Aladdin Knowledge Systems Ltd. of Tel Aviv, Israel.
If a license exists, the Software 18 fetches a valid license key, which is employed by the ESP ISAPI 14 filter and is operative to obtain and decrypt the licensed ESP page and to provide it to ASP 20 for processing and transmitting in HTML format to web server 10. If a license does not exist, the requested web page is not furnished to the ASP processor 20.
The ASP processor 20 parses the decrypted licensed web page and provides a corresponding HTML page to the web server 10 for transmission to the client's web browser 12 via the Internet.
Reference is now made to Fig. 2, which is a simplified flow chart illustration of functionality in the ESP ISAPI filter for preventing unauthorized use of ACTIVE CONTENT GENERATOR SOFTWARE in accordance with a preferred embodiment of the present invention.
As seen in Fig. 2, the ESP ISAPI filter is registered in the server 10 to receive all URL requests. Upon receipt of such a request, the ESP ISAPI filter parses the request. If the request is for an ESP page, the ESP ISAPI filter searches for a license key.
It is appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. Rather the scope of the present invention includes also combinations and subcombinations of various features of the present invention as well as modifications and variations thereof
as would occur to a person skilled in the art upon reading the foregoing description and which are not in the prior art.