This makes it difficult to identify, track, or tie the product to the authorized end-user. Although software registration is available, such as by using registration codes, network addresses e. These solutions thus have the disadvantage for the end-user that the software effectively only works on the computer it was first installed on.
Such solutions can also lead to other problems such as lost registration codes or original disks with the unique serial numbers, and so on. What is needed, therefore, is software protection that provides robust anti-piracy techniques that make hacking a software product impractical and cost-ineffective. What is further needed is a software protection scheme that is unique to each authorized end-user and installation, rather than the target device. A software protection system for widely distributed, licensed software products is described.
In one embodiment of the present invention, a distributed client-server computer network connects a customer end-user with the producer publisher of the software. The protection program is integrated with the software product and is applied directly on the source code or on the execution level of the distributed software.
The platform acts as a launcher of the distributed application, as well as a new media channel. This new channel is customizable to fit the publishers' needs, and can be used to establish continuing two-way communication between the user and the producer and allows the producer to display news message, send upgrades, and allow automatic downloads of patches, extra content, and so on.
The software product is distributed as an incomplete executable. A security module provided by the producer and unique to the user and installation is transmitted to the user upon registration, and comprises the missing executable portion of the software product. When the user installs the target application e.
User registration involves the establishment of a username and password, along with the creation of a unique profile for each user. Once the user profile has been established, the user can register the target application by entering the registration code that comes with the distribution. The product is activated through the appropriate after the entered code has been verified. Registration of the product causes the system to transmit a security module to the client computer.
The security module comprises the missing executable portion of software that integrates with the initially distributed software to produce a fully functional application program. Other objects, features, and advantages of the present invention will be apparent from the accompanying drawings and from the detailed description that follows below. The present invention is illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which:.
A software protection system for preventing the unauthorized copying and use of widely distributed software products is described. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention.
It will be evident, however, to one of ordinary skill in the art, that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form to facilitate explanation. The description of preferred embodiments is not intended to limit the scope of the claims appended hereto. Aspects of the present invention may be implemented on one or more computers executing software instructions.
According to one embodiment of the present invention, server and client computer systems transmit and receive data over a computer network, or a physical or wireless telecommunications network. The steps of accessing, downloading, and manipulating the data, as well as other aspects of the present invention are implemented by central processing units CPU in the server and client computers executing sequences of instructions stored in a memory.
The memory may be a random access memory RAM , read-only memory ROM , a persistent store, such as a mass storage device, or any combination of these devices.
Execution of the sequences of instructions causes the CPU to perform steps according to embodiments of the present invention. The instructions may be loaded into the memory of the server or client computers from a storage device or from one or more other computer systems over a network connection. For example, a client computer may transmit a sequence of instructions to the server computer in response to a message transmitted to the client over a network by the server.
As the server receives the instructions over the network connection, it stores the instructions in memory. The server may store the instructions for later execution, or it may execute the instructions as they arrive over the network connection. In some cases, the downloaded instructions may be directly supported by the CPU. In other cases, the instructions may not be directly executable by the CPU, and may instead be executed by an interpreter that interprets the instructions.
In other embodiments, hardwired circuitry may be used in place of, or in combination with, software instructions to implement the present invention. Thus, the present invention is not limited to any specific combination of hardware circuitry and software, nor to any particular source for the instructions executed by the server or client computers. In some instances, the client and server functionality may be implemented on a single computer platform. The client and server computers may be implemented as desktop personal computers, workstation computers, mobile computers, portable computing devices, personal digital assistant PDA devices, game playing devices, digital audio or video playback devices, or any other similar type of computing or electronic playback device.
In the network embodiment illustrated in system of FIG. Such products can be made available for use on one or more client computers, such as client computer The software product can be any type of executable software program, such as a game or application program, or electronic data used on the client computer The software product can be distributed in a variety of different media, such as CD-ROM, floppy disk, tape, and so on.
Alternatively, it can be transmitted electronically to the client over network Thus the executable programs or modules that comprise the software product can be any form of distribution, such as CD, DVD, streaming download, e-mail, and so on. In order to protect the distribution and use of the software product in system , the process includes server-side and client-side components that provide protection mechanisms within the software products, and restrict user access to the protected software products.
These mechanisms include user registration information that is stored in a user database maintained and coupled to producer server For a network embodiment in which the client and server computers communicate over the World Wide Web portion of the Internet, the client computer typically accesses the network through an Internet Service Provider ISP and executes a web browser program to display web content through web pages.
Network couples the client computer to server computer and producer server , either or both of which execute a web server process e. In one embodiment of the present invention, the network server and server-side software protection process represent a platform that connects the end-user client computer with the producer publisher of the software using a computer network , typically the Internet.
In general, the software protection mechanisms are integrated with the software product, and are applied directly on the source code or on the execution level of the software product. The platform acts as a launcher of the application, and also as an alternative media channel, that is customizable to fit the publishers' need with regard to distribution content and post-installation support. The software protection system illustrated in FIG.
The software protection system includes three main components. These include a server side protection process that generates unique security modules that are embedded within the software product. The security module is an encrypted and obfuscated program consisting of code, filled with random data but containing one, or several encrypted programmatic instructions that essentially become hidden from unauthorized access or reverse-engineering.
The second component is a client-side process that effectively wraps the target application software product , taking over as the main executable and communicating in an encrypted fashion with the producer server The client-side process enforces digital rights management on the client computer and reads proprietary digital certificates in order to decode and execute code scrambled and hidden through server-side process The third main component is the security module, which is a digital collection of arbitrary functions and dynamic link library DLL pointers that are encrypted in a unique fashion through the server process In one embodiment, the entire collection is encrypted, then a second function is further encrypted one or more times.
Decoding is possible only through the use of a digital certificate containing pointer information regarding where the functionality lies within the module, as well as a key necessary to decode the particular segment in order to load it into memory and execute the function. In addition to this security, the function is encoded and hidden within the module and utilizes a secret handshake based on certain parameters, that are unique per module and thus per user account.
Each security module is generated by server process and is unique to a certain user profile. The security module can reside as an ordinary file on the client computer , but can only be accessed and executed by the client-side application In one embodiment of the present invention, the security module includes functions and pointers to functions within the executables of the software product protected application.
The functions are machine level code portions. The pointers point to functions both inside the security module itself and to functions inside the protected application. If one of the pointers is faulty the application will crash.
This allows the pointers to be used as security keys for the application. During distribution to the client computer , not all of the function pointers are delivered together with the security module. The advantage of sending function pointers from the server to the client as certificates is that it is very difficult for a hacker to circumvent the verification of the pointers.
Since the application does not know how to proceed during execution without them, a hacker will not be able to determine this either. The difference between pointers to functions in the application code and pointers to functions in the security module is that the pointers to functions in the security module are different for each user, since the security module is different for each user.
Registration is performed over the network The registration process requires the establishment of a user name and password, and the creation of a unique profile for each user. This user profile is stored in a database accessible to the producer, such as in user database Note that user database may be closely coupled to the producer server , or it may be stored on in a memory storage remotely coupled through network Once the user profile has been established, the user registers the target application by entering the registration code that comes with the distribution.
The registration code can be distributed electronically or telephonically to the user or through a physical printed certificate distributed with the software media. The product is activated after the entered code has been verified on the producer server For this embodiment, the producer server maintains a database that stores relevant product ID and registration code correlated for each software product. In general, each unique distribution will carry a unique registration code. The user logs on by entering the appropriate information.
Access to the program may then be granted, or, depending upon the producer's implementation, a portal may be displayed, enabling the user to select and access any of a selection of products available from the publisher database or website. In this manner, a producer can provide an on-line catalogue of products to allow the user to search and select particular products for download or distribution by CD, DVD, and so on.
In FIG. Although a CD is illustrated, the distribution media can be any type of physical media or downloadable program module. As is depicted in FIG. Thus, as illustrated in FIG. The software protection processes illustrated in FIG. In this step, the client application will initiate registration with the producer server Once a connection with the producer server is established, the purchased product should be registered.
The installation step illustrated in FIG. In one embodiment, the product key registration code is a random, non-formulaic data string, which is originally generated using an algorithm. The key that is entered by the user is compared to an actual stored key maintained by the producer server. It is not a key that is algorithmically checked. In this manner, security is enhanced since it is not possible to make a generator to generate an unlimited number of keys to try to crack the registration code.
Moreover, since the comparison is made on the producer server, instead of on the user client computer via an algorithm, it is virtually impossible for a hacker to discover the algorithm. As soon as a key has been used, it is removed from the working activation-keys in the database, so no one can use the same registration code twice. Once the producer server acknowledges that the particular product key exists in the appropriate database and is valid, it will construct and download to the client computer a security module that integrates with the application software and permits the application to be run on the client.
This is illustrated in FIG. In effect, the security module represents the missing piece of the originally distributed application program Each security module is a unique module of generated code using one-time-pad encryption. It is downloaded and installed as a key-lock between the launcher and the target application Because the security module is always unique, there is no default module, and no way of redistributing a common or generic module that works with other security systems.
The security module is tied to a specific user and controlled over the network, thus, there can only be one such installation running at any given time. Because the security module is not generated by a formula, brute force decryption techniques are ineffective. This mechanism also prevents debuggers from being run on the application. Furthermore, because no distribution acts the same or works the same, it is virtually impossible to develop tools to remove the set of protections, perform disassembly and reverse engineering on the product.
The use of security modules that are unique and tied to a user profile and an electronic license in the form of a certificate, makes the particular software distribution identifiable to the producer. Any unauthorized user wishing to pirate the software would need to access the server in order to gain knowledge about the encryption, certificates, and so on.
Since this information is only pseudo-information that is randomized and stored on the producer server , it is nearly impossible to replicate the software in a fashion that a user without a valid license can effectively use it. For site license applications, such as when a family or group of users have licenses to use one instance of the application protected by the invention, each member will use the registration key in order to unlock the application for their own unique profile, stored on the server.
All license rules and validation of the licenses is done on the producer server, where frameworks and rule-sets can be added to tell the application not to start, remove itself from the system, issue a visual warning, or any other means necessary to enforce digital rights management. The first thing the client does is set the WSUS server that will be its update source for software update scans.
That process is detailed below. When the Configuration Manager client needs to process a software update scan, Scan Agent creates a scan request based on the available policy as noted in ScanAgent. Location Services creates a location request and sends it to the management point.
In LocationServices. After getting the results from the stored procedure, the management point sends a response to the client. Location Services parses the response and sends the location back to Scan Agent.
Scan Agent now has the policy and the update source location with the appropriate content version. In ScanAgent. WUAHandler adds the update source to the registry. It initiates a Group Policy refresh if the client is in domain to see whether Group Policy overrides the update server that's added.
The following entries are logged in WUAHandler. In WindowsUpdate. For an existing client, we could expect to see the following message in WUAHandler. After the update source is successfully added, Scan Agent raises a state message and starts the scan. If not, install and configure a software update point and monitor SUPSetup. For more information, see Install and configure a software update point. For more information about software update scan failures troubleshooting, see Troubleshoot software update scan failures.
A scan may result from:. Scan results will include superseded updates only when they're superseded by service packs and definition updates. In WUAHandler. Review WUAHandler. If no new entries occur, it indicates that no SUP is returned by the management point. To fix such issues, see Scan failures due to missing or corrupted components.
There's a known issue that a bit Windows 7 ConfigMgr R2 client requesting an update scan fails to return scan results to Configuration Manager. It causes the client to report incorrect compliance status and the updates fail to install when Configuration Manager requests the update cycle. However, if you use the Windows Update control panel applet, the updates usually install fine. When you're experiencing this problem, you receive a message similar to the following one in WindowsUpdate.
It's a memory allocation issue, bit Windows 7 computers won't see this error since their address space is effectively unlimited. However, they'll exhibit high memory and high CPU usage, possibly affecting performance. X86 clients will also exhibit high memory usage usually around 1.
When troubleshooting scan failures, check the WUAHandler. More information about the error can be found in WindowsUpdate. To understand how to read WindowsUpdate. Your best source of information will come from the logs and the error codes they contain. For more information about the error codes, see Windows Update common errors and mitigation. If the client can't communicate with the WSUS computer, the scan will fail.
This issue can happen for many reasons, including:. To fix these issues, see Scan failures due to proxy-related issues. If the WSUS computer isn't returning the error, the issue is likely with an intermediate firewall or proxy. United States English. Ask a question. Quick access. Search related threads. Remove From My Forums.
Answered by:. Archived Forums. Configuration Manager General. Sign in to vote. On one machine, I'm getting error " The program for advertisement "S0xxxxxx" has not been run yet "S0yyyyyy" - "App - Install". Matching error in execmgr. Always works fine, normally. However, suspect but cannot confirm that user 'interfered' with the shutdown process, as they would have been seeing whole thing happen and probably not been happy about the shutdown as they were trying to work.
Let's not get into why users will blindly click on anything that pops up in their in-tray! Since then, no other adverts will run. Machine has been restarted several times. So, how do I tell the client that it should unpause Software Distribution because there really is no restart or TS in progress anymore?
I have searched online, but there are almost no pages found relating to this error. Friday, August 28, AM. Wednesday, January 27, PM. Marked as answer by Eric C. Mattoon Friday, September 4, PM. Friday, September 4, AM. Mattoon 0. No "Easy button" for this. Really, the easiest, best and supported way is to reboot the machine in question. Friday, August 28, PM. I quote "Machine has been restarted several times. Mattoon 1. Duh - sorry I missed that one. Thursday, September 3, PM.
Hi although this has been marked as answered, is the only fix so far to wait 24 hours? I'm starting to see this issue occur more and more often, I'm sure we have left this over the weekend and the issue still persists, is this a feature or a bug? Tuesday, December 8, PM.
0コメント