Abstract: An application includes a plurality of features. A transaction is engaged with a retailer to obtain a product license corresponding to the application. The product license defines at least one feature of the application that may be employed. A base copy of the application is obtained from a distributor and is actuated. A use license corresponding to the product license is acquired from a licensor by way of the actuated application sending the product license to the licensor along with an identification of at least one of a user, the computing device, and a trusted component operating on the computing device, where the use license includes feature policy granting rights to employ each feature defined in the product license.

Abstract: A method and computer-readable medium for deterring software piracy in a volume license environment. An activation bypass message is generated and sent. Information contained in the activation bypass message is compared to a list of machine identifiers. A binding service message contains a count of the machine identifiers in the list. Once the count reaches a predetermined threshold, software activation bypass may occur.

Abstract: A method for reactivation of software products includes activating a first software product associated with a reactivation policy group. A hardware identifier derived from the computer hardware configuration is bound with the first software product activation. A second software product is activated having an associated reactivation binding list. Reactivation is requested for the first software product and an updated hardware identifier is associated with a reactivation policy group of the first software product. The second software product may be spared the request for reactivation if the second product can be associated with the reactivation of the first software product given the binding list is compatible with the reactivation policy group.

Abstract: A method of detecting pirated software includes receiving a request for a software update by a client computer and providing to the client computer a test to be performed. The test is performed on the client computer against the client software application. The client computer may be denied a software update as a result of the test finding an illegitimate copy of the client software. The invention may be practiced in a network environment where a server transfers a test program for a client to execute upon request of a software update. The test performs an integrity check and denies the request for a software update if the client software is found to be illegitimate.

Abstract: Distributed module authentication allows security checks to be initiated by multiple software modules. Module authentication processes can be inserted into two or more modules in an operating system and/or various other applications. These module authentication processes can verify the integrity of binaries associated with one or more modules in computer memory. Security checks can be performed on modules stored on disk, in active system memory, or in any other location. Various security checks can be coordinated with each other to ensure variety and frequency of module authentication, as well as to randomize the module authentication process that performs a particular security check. In addition, security processor code can be interleaved within normal application code, so the security code is difficult for attackers to remove or disable without damaging the useful functionality of an application.

Abstract: A state store having state information therein is stored on a computing device. Information at least nearly unique to the computing device is obtained, and a number of locations at which at least a portion of the state store is to be stored at is determined. Pseudo-random file names and corresponding paths are generated based at least in part on the obtained information, whereby the generated file names and corresponding paths are likewise at least nearly unique to the computing device, and the generated file names and path are paired to form the locations. Thereafter, the state store is stored according to the generated locations.

Abstract: A software licensing Application Programming Interface (API) that allows software products to use the license management functionality of a common service. A license specifies rights in a software product. The software product calls a consume method on the API in order to consume a right. If the right exists, the service binds the right to the license in which the right is found. The software product enforces the terms of the license by granting, or denying, access to some or all features depending on whether a valid instance of the right is found. Arbitrary data can be associated with a right. The API includes a method to retrieve data from a right that has been previously bound by the consume method.

Abstract: A first process operating on a computer comprises code to be executed in connection therewith, where the code includes at least one triggering device. A digital license corresponds to the first process and sets forth terms and conditions for operating the first process. A second process operating on the computer proxy-executes code corresponding to each triggering device of the first process on behalf of such first process. The second process includes a license evaluator for evaluating the license to determine whether the first process is to be operated in accordance with the terms and conditions set forth in such license, and the second process chooses whether to in fact proxy-execute based at least in part on determination of the license evaluator. Thus, the first process is dependent upon the second process for operation thereof.

Abstract: Systems and methods for generating a verbose hardware identification (VHWID) for a given computer system are disclosed. The verbose hardware identification (VHWID) may be used to control the use of software on the given computer system depending on the degree of hardware changes to the computer system.

Abstract: Systems and methods for generating a-compact hardware identification (CHWID) for a given computer system are disclosed. The compact hardware identification (CHWID) may be used to control the use of software on the given computer system depending on the degree of hardware changes to the computer system. The compact hardware identification (CHWID) may be electronically transmitted over limited bandwidth media, such as a telephone.

Abstract: A unique volume license key (VLK) is provided to a volume license holder. A signed file containing the VLK and the data derived from volume license holder's submitted computing environment information is provided to the volume license holder along with the licensed software. The license file is stored in a central location, such as on an installation server, or locally on client machines, in a rather large file of any type. Upon logon, the license file is read, the data authenticated and the system is activated. If license data cannot be authenticated, a connected system either fully functions in grace period or run in reduced functionality mode until authentication succeeds. If the system is disconnected, the system is functional only with disconnected features until it joins a network again. In a completely off-line installation, the license file is generated by the volume license holder using software vendor assigned specific VLK and software vendor provided security hardware device.

Abstract: Systems and methods for implementing a hardware ID with time- and weight-based flexibility use a hardware ID (HWID) including identifying information about hardware components. When software is run, a current HWID is generated. When the current HWID is compared to a stored HWID to determine if the two HWIDs match, a time vector and a weight vector are used in the comparison. A running matching score is kept of matches. For each hardware component, the weight vector indicates the weight given to a correct match of the hashed value for the hardware component. For example, if the weight value for the hardware component is three and there is a match, then the running total is increased by three. For each hardware component, the time vector may indicate an expiration period after which a change in the component may be allowed.

Abstract: To install a black box on a computing device, an administrator has access to the computing device and queries same for machine properties thereof. The administrator sends the machine properties of the computing device to a black box server as part of a request for a new black box for the computing device. The black box server in response constructs the new black box based in part on the machine properties so as to tie the new black box to the computing device, and delivers the new black box to the administrator. The administrator thereafter installs the new black box on the computing device. The administrator may include an activation provider running on the computing device and an activation manager in communication with the activation provider. The administrator may also deactivate the black box if it determines that the black box is no longer trustworthy.