Discussion of the Problem

In the past, we have sold our software with a hardware security device to ensure that it can only be used on one computer at a time. The device was a key that had to be attached to the parallel printer port of the computer.

New computers often do not have a parallel printer port, however, equivalent devices are available for USB ports that are now always provided.

We have reconsidered the question of control of use of our software. The copyright statement included with the software restricts it to use on only one computer at a time. This is a written agreement that is difficult to enforce without some other measures such as a security key. Having said that, we believe that the software use will be rather limited as it is quite specialized. Is it necessary to restrict the use with a device such as a security key? For most users, we believe the agreement would never be abused. However, only one "bad" user could release the software to many unscrupulous users all over the World and we would have no indication that this had happened. The system we have been testing will give us some protection from that event.

What we are implementing as a control on illegal copying of our software is described below. It will allow users to move the software from computer to computer without restriction and little inconvenience. The only requirement is that when the software is used, the computer must be connected to the Internet in some way and be able to download a specific file. The connection speed can be very slow as the required file is quite small, typically less than 1 k-byte in size.

Description of the New System

The new verification system will require that the computer be connected to the Internet while doing calculations. Each copy of the software will be coded to contain specific codes for verification that it is a valid copy issued to that user.

When the software is run, it will attempt to download a file from the Internet and compare the contents of the file with the specific codes in the software. If the download is successful and the comparison is valid, the software will run the calculation. In tests, this operation is so fast that the user is not even aware it has taken place. The file may contain some codes to trigger activities in the software such as to notify the user that a new version of the software is available.

No information will be passed from the user's computer to the Internet. The abuse detection arises from the ability to identify the IP address that requested the file. It is anticipated that the IP address will always be the same, however, there are some cases where it may change without the software agreement being abused. Examples would be where a user does calculations at work and at home. This would trigger an e-mail request from us for an explanation of why the software was being used at more than one IP address and a reasonable explanation would be accepted by us. In the event that abuse appeared to be taking place, the software can be shut down by modifying the file that is downloaded. In the case of unintended or accidental distribution, the user will be provided with a new version and the old one will be shut down.