WO2009090638A1

WO2009090638A1 - A method, a system and an apparatus for controlling usage of embedded software-object controls

Info

Publication number: WO2009090638A1
Application number: PCT/IL2009/000052
Authority: WO
Inventors: Uri Savran; Oren Reich; Ittai Savran
Original assignee: Inklogic Ltd.
Priority date: 2008-01-14
Filing date: 2009-01-14
Publication date: 2009-07-23

Abstract

The present invention relates to an apparatus, a method and a system for controlling usage of an embedded software-object control ('ESOC'). According to some embodiments of the invention, an apparatus for controlling usage of an ESOC may include a request reader, a request validation module and an encryption module. The request reader is adapted to obtain from an incoming ESOC authentication request a reference to a Web resource that a Web browser issuing the request is currently at. The request reader may also be adapted to obtain from the request a time-related segment which is associated with a time reading on a clock with which the Web browser is associated. The request validation module includes references to licensed Web resources and is adapted to determine whether the Web resource referenced by the incoming request is a licensed Web resource. The encryption module is responsive to an indication that an incoming request references a licensed Web resource for generating encrypted data using the time-related segment obtained from the request.

Description

A METHOD, A SYSTEM AND AN APPARATUS FOR CONTROLLING USAGE OF EMBEDDED SOFTWARE-OBJECT

CONTROLS

CROSS-REFERENCE TO RELATED APPLICATIONS

[001] This application claims the benefit of US Provisional Patent Application No. 61,006,436, filed January 14, 2008, the foil disclosure of which is incorporated herein by reference for all purposes.

FIELD OF THE INVENTION

[002] This invention is in the field of software usage control. More specifically, this invention relates to a method, a system and an apparatus for controlling usage of embedded software-object controls.

BACKGROUND OF THE INVENTION

[003] US Patent No. 7,231,360 to Sy discloses a time-based licensing scheme for software deployment. According to an aspect of the invention, time-based software can be disseminated through various channels, for example, a network, CD's, floppy disks, etc., but before the time-based software can be launched, a user needs to supply account information as well as an amount of time requested for using the time-based software. In another aspect, the time-based software communicates with an authentication server preferably over a network to ascertain if the user is authorized and if the amount of time requested is approved. If the user is approved, the time-based software will be activated for the amount of time requested. If there is no time credit left in the user account, the user will not be approved and a rejection message will be sent to the user. The invention allows for no restriction on where, when, or how many copies of the time-based software are used, as long as the user maintains sufficient time credit in the authentication server.

[004] US Patent Application Publication No. US 20020161718 to Coley et al. discloses methods and apparatuses are for providing a system for automatically tracking use of a software and also for determining whether the software is validly licensed and enabling or disabling the software accordingly. Exemplary systems involve attaching a licensing system module to a software application. Records of valid licenses are stored in the database maintained by the software provider. The licensing system module transparently forms a license record inquiry message. The message is transparently sent to the database over a public network, such as the Internet, to determine whether a valid license record exists in the database for the software application. The database forms and returns an appropriate response message that is interpreted by the licensing system module. The software application can then be appropriately enabled or disabled by the licensing system module. The receipt of the license record inquiry can be recorded in the database to monitor software use.

[005] US Patent Application Publication No. 20030088516 to Remer et al. discloses a method for electronic enforcement of licenses for software services installed on computers connected through a communications network that employs a nonrenewable electronic license that is uniquely identified with a specific computer, is of limited duration, and is digitally signed to detect tampering. The licenses are maintained on the computer that operates the licensed software service, referred to as the point-of-service computer. The method employs intelligent license servicing agents to periodically refresh the limited duration licenses on the point-of-service computer with new purchased limited duration licenses from a license server. The license servicing agent pushes the licenses to or back from the license server. If necessary, the license servicing agent can operate on one or more console computers that act as proxy license servers by keeping a copy of the point-of-service licenses and refreshing them automatically when the license servicing agent initiates a connection to the point-of-service computer for maintenance. The licensing service agents can operate on any number of console computers or on the license server itself, and can operate to refresh licenses for any number of point-of-service computers. The point-of-service computers can operate independently of and without connection to the console computers or license server computers, and are automatically refreshed with new licenses without requiring end user intervention.

[006] US Patent No. 5,758,069 to Olsen discloses a licensing system which provides enhanced flexibility for licensing applications in a network. The licensing system includes a license certificate database which stores all license information. The license certificate database is accessed by providing a request to a license service provider associated with a server. The license service provider generates an executable entity based on the request parameters, which searches the database and, if the appropriate units are available, assembles a license. The license and the application are then transmitted to the requesting client. All aspects of the transaction are also stored in a database organized according to a transaction's relation to a particular license.

SUMMARY OF THE INVENTION

[007] The present invention relates to an apparatus, a method and a system for controlling usage of an embedded software-object control ("ESOC"). According to some embodiments of the invention, an apparatus for controlling usage of an ESOC may include a request reader, a request validation module and an encryption module comprising. The request reader is adapted to obtain from an incoming ESOC authentication request a reference to a Web resource that a Web browser issuing the request is currently at. The request reader may also be adapted to obtain from the request a time-related segment which is associated with a time reading on a clock with which the Web browser is associated. The request validation module includes references to licensed Web resources and is adapted to determine whether the Web resource referenced by the incoming request is a licensed Web resource. The encryption module is responsive to an indication that an incoming request references a licensed Web resource for generating encrypted data using the time-related segment obtained from the request.

[008] According to some embodiments, the request reader is adapted to obtain the reference information from a HTTP referrer included in the request.

[009] According to some embodiments, the encryption module is adapted to utilize an encryption technique or method that is compatible with a decryption technique or method implemented by the ESOC.

[010] In accordance with some embodiments, the request validation module is adapted to deny or drop the ESOC authentication request in case the Web resource referenced by the incoming request is not a licensed Web resource.

[011] According to further embodiments the apparatus may further include a connection monitor. The connection monitor may be adapted to obtain an identifier referencing a remote host that is associated with the incoming ESOC validation request. The connection monitor may determine based on the identifier whether the requesting remote host is a trusted ESOC user.

[012] In some embodiments, the connection monitor is adapted to implement a time-related threshold, criterion and/or rule in conjunction with the identifier referencing a remote host that is associated with the incoming ESOC validation request to determine whether the requesting remote host is a trusted ESOC user.

[013] In some embodiments, the time related threshold, criterion and/or rule provides a frequency parameter which indicates a certain amount of incoming requests within a certain period of time above which a requesting remote host is considered to be an untrusted ESOC user.

[014] According to some embodiments of the invention, an apparatus for controlling usage of an ESOC may include: in response to receipt of an incoming ESOC authentication request obtaining from the incoming request a reference to a Web resource that a Web browser issuing the request is currently at, and obtaining from the request a time-related segment which is associated with a time reading on a clock with which the Web browser is associated; determining whether the Web resource referenced by the incoming request is a licensed Web resource; and in case it is determined that the Web resource referenced by the incoming request is licensed, generating encrypted data using the time-related segment obtained from the request.

[015] In some embodiments, the reference to the Web resource is obtained from an HTTP referrer included in the request.

[016] In some embodiments, generating encrypted data includes using an encryption technique or method that is compatible with a decryption technique or method implemented by the ESOC.

[017] In some embodiments, determining whether the Web resource referenced by the incoming request is a licensed Web resource includes denying or dropping the ESOC authentication request in case the Web resource referenced by the incoming request is not a licensed Web resource.

[018] In some embodiments the method may further include: obtaining an identifier referencing a remote host that is associated with the incoming ESOC validation request; and determining based on the identifier referencing the remote host whether the requesting remote host is a trusted ESOC user.

[019] In some embodiments, determining based on the identifier referencing the remote host whether the requesting remote host is a trusted ESOC user may include implementing a time-related threshold, criterion and/or rule in conjunction with the identifier referencing the remote host that is associated with the incoming ESOC validation request to determine whether the requesting remote host is a trusted ESOC user.

[020] In some embodiments, the time related threshold, criterion and/or rule provides a frequency parameter which indicates a certain amount of incoming requests within a certain period of time above which a requesting remote host is considered to be an untrusted ESOC user.

BRIEF DESCRIPTION OF THE DRAWINGS

[021] In order to understand the invention and to see how it may be carried out in practice, embodiments will now be described, by way of non-limiting example only, with reference to the accompanying drawings, in which:

[022] FIG. 1 is a block diagram illustration of an apparatus (a computerized device) and a system for controlling usage of embedded software-object controls, according to some embodiments of the invention; and

[023] FIG. 2 is a call flow diagram illustration certain aspects of a method of controlling usage of embedded software-object controls, in accordance with some embodiments.

[024] It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements.

DETAILED DESCRIPTION OF EMBODIMENTS

[025] In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures and components have not been described in detail so as not to obscure the present invention.

[026] Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as "processing", "computing", "calculating", "determining", "generating", "configuring" or the like, refer to the action and/or processes of a computer that manipulate and/or transform data into other data, the data represented as physical, e.g. such as electronic, quantities. The term "computer" should be expansively construed to cover any kind of electronic device with data processing capabilities, including, by way of non-limiting example, personal computers, servers, handheld computer systems, Pocket PC devices, Cellular communication device and other communication devices with computing capabilities, processors and microcontrollers (e.g. digital signal processor (DSP) possibly in combination with memory and storage units, application specific integrated circuit "ASIC", etc.) and other electronic computing devices.

[027] The operations in accordance with the teachings herein may be performed by a computer specially constructed for the desired purposes or by a general purpose computer specially configured for the desired purpose or for the desired operations by a computer program stored in a computer readable storage medium.

[028] In addition, embodiments of the present invention are not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the inventions as described herein.

[029] Throughout the description and the claims reference is made to the term "embedded software-object control" or "ESOC" in abbreviation. The term embedded software-object control or ESOC relates to a compiled software-object control that can be embedded within a Web resource and which includes an interface that enables a Web browser to communicate with it. An ESOC can be invoked or instantiated by a Web browser. The ESOC may be triggered during the processing of the Web resource. An ESOC may be adapted to perform a predefined action through interaction with a software object or it may communicate with a certain software object. The operations which the ESOC is adapted to perform are not available or are difficult to achieve using standard client scripts on the Web browser. An ESOC can typically be re-used by a plurality of computers in a network. Examples of an ESOC are provided below.

[030] The term "Web resource" as used herein and as used throughout the specification and the claims relates to any digital resource that may be retrieved by a Web browser through the World Wide Web, or through any other suitable network, and which may be processed by the Web browser. Examples of Web resource include, but are not limited to, a HTML page, a XML page and other resources which include markup-language readable by a Web browser.

[031] According to some embodiments of the invention, the ESOC embedded within the Web resource is a piece of software that is adapted to cause certain data to be retrieved from the operating system ("OS") of the computer on which the Web browser runs, or to cause the OS to perform a predefined action or sequence. For example an ESOC may be adapted to cause the OS to invoke a certain program. In one embodiment, an ESOC may be provided which is adapted to retrieve information from a configuration database or registry containing information about software and/or hardware installed on the computer on which the Web browser runs. For example, For example, an ESOC may be provided which is adapted to retrieve information with respect to the amount of disk space left on a hard drive

[032] One examples of a ESOC is an ActiveX control, which is an ESOC that is compatible with Microsoft's Component Object Model (COM). Another example of an ESOC may be a Java applet that is configured to communicate with the OS and obtain formation about software and/or hardware installed on the computer on which the Web browser runs. It would be appreciated by those versed in the art that using, for example, an ActiveX control it is possible to obtain information about software and/or hardware installed on a computer on which the ActiveX runs.

[033] Some embodiments of the invention relate to a method, a computerized device and a system for controlling usage of embedded software-object controls (ESOCs). For example, some embodiments of the present invention may be used in the context of licensing of ESOCs which may be invoked within a Web browser environment. According to still further embodiments of the invention, the use of a protected ESOC, for example, on a client's computer, may be enabled by verifying an encrypted time-related data segment inside a protected ESOC, as will be described in further detail below.

[034] Reference is now made to FIG. 1, which is a block diagram illustration of an apparatus (a computerized device) and a system for controlling usage of embedded software-object controls, according to some embodiments of the invention. In accordance with some embodiments of the invention, an apparatus for controlling usage of ESOC under license 110 is implemented as authentication server compatible with HTTP communication (HTTP server). The terms apparatus for controlling usage of ESOC under license and authentication server are used interchangeably throughout the description of the present invention. A licensee server 50 is an HTTP server that is permitted to use the ESOC under license. As will be described in further detail below, an indication with respect to the licensee server's 50 ESOC license is recorded on the authentication server 110. Also shown in FIG. 1 is a client 10. The client is a computerized device that is adapted to communicate with the authentication server 110 over a communication network 60, as described below.

[035] Additional reference is now made to FIG. 2, which is a call flow diagram illustration certain aspects of a method of controlling usage of embedded software- object controls, in accordance with some embodiments. The follow call commences with an interaction between the licensee server 50 and the authentication server 110, denoted by the registration for ESOC sequence 210, whereby the licensee server 50 registers a license to the ESOC with the authentication server 110. According to some embodiments, the license registration includes recording a reference to the licensee server 50 on the authentication server 110. In further embodiments, the reference is a URI, URL, IP address or domain name related to the authentication server 50. The URI, URL, IP address or domain name may indicate Web resource that the authentication server 50 is licensed to serve with the ESOC. In some embodiments, further aspects of the registration sequence 210 are outside the scope of the invention.

[036] Following completion of the registration sequence, an ESOC provisioning process 220 may be invoked and implemented. In one embodiment, the ESOC may be provisioned by the authentication server 110. However, further embodiments of the invention are not limited in this respect.

[037] The licensee server 50 may include (or otherwise associate) the ESOC 54 within the licensed Web resource(s) 52 hosted on the licensee server 50. As mentioned above, the ESOC 54 may be within the Web resource. 52 as a compiled component. It would be appreciated that the Web resources that are allowed to use the ESOC under the license are not necessarily hosted on the licensee server 50, as long as those Web resources are registered with the authentication server 110. The ESOC 54 may be embedded within a licensed Web resource 52 or the ESOC may be referenced to by the licensed Web resource, for example, using client-side script code.

[038] According to some embodiments, the licensee server 50 may also include an inline script or a remote script reference 56 within the licensed Web resource(s) 52. The script 56 may be downloadable by a client 10 as part of a licensed Web resource 52 and may run on the client 10 (client script). The script 56 may include set of commands of a programming or a scripting language. The script 56 may be JavaScript, VBScript or any other script written in any other scripting language which may be implemented by the client 10.

[039] The script 56 may be configured to cause a Web browser running the script 56 to create a connection to the authentication server 110. The script 56 may also be configured to communicate with the ESOC 54. The Client Script 56 may be configured to interact with the ESOCs 54 functions and methods. In some embodiments, the script 56 may be configured to enable (or not and possibly disable) the ESOC 54 on the client 10.

[040] According to some embodiments, the client 10 may download 230 the licensed Web resource 52 together with the ESOC 54 and the script 56. According to one example, the client 10 may be a computerized or electronic device that is adapted to communicate over a communication network 60. The client 10 may utilize a Web browser application 12 running on the client 10 to download, process and interact with the licensed Web resource 52. In association with or as part of the licensed Web resource 52, the client 10 may utilize the Web browser application 12 to download the protected ESOC 54 and the script 56.

[041] For example, a user at home or at work, may use a browser application running on a PC computer (the client) to access a certain on-line commerce Web page hosted on a licensee server. The online vendor operating the on-line commerce Web page may offer the user, as a service under license, the option of downloading a piece of software which includes the protected ESOC. The protected ESOC may, for example, be configured to determine the user's RAM type and may facilitate purchase of the appropriate memory type through the online vendor.

[042] Web browser applications are well known in the art. The Web browser application 12 running on the client 10 may be adapted to connect to a remote server, for example, the licensee server 50 and the authentication server 10. The Web browser 12 may use, for example, HTTP to communicate with the licensee server 50 and the authentication server 10. The Web browser 12 may download certain data from the remote servers and may display, process, execute and store the downloaded data. The Web browser also has built-in support for one or more scripting languages, although the scripting language support may be implemented in the Web browser 12 using a supported add-in program. The Web browser 12 is also adapted to invoke and connect to interface of an ESOC that is stored or running on the client 10. There are various browser applications which are commercially available at present. In principle, according to some embodiments of the invention, any presently available or yet to be devised in the future browser which supports HTTP or similar communication methods can be used.

[043] Upon downloading the Web resource, and possibly following a request by the user to invoke the ESOC 54 or a service associated with the ESOC, the Web browser 12 may run the script 56 to invoke and implement an ESOC authentication process. According to some embodiments, as part of the ESOC authentication process, the script 56 may generate time-related data or a time-related data segment. [044] In some embodiments, the time-related data segment includes or is associated with the current time reading from a hardware clock 18 used by the client 10. It should be appreciated that according to some embodiments of the invention, the relation between the time-related data and the client clock time may assume various forms and that some processing of the client clock time may take place. Further, the time-related data may include further information in addition to the information which is directly related to the client clock time, for example a domain name.

[045] According to yet further embodiments of the invention, time related data may be replaced with any dynamically changing data which is known to the client 10. The dynamic behavior of the dynamically changing data may be such that the value of the dynamically changing data can be calculated or otherwise determined at different time instants. For example, the value of dynamically changing data may change linearly over time, and if the value of the dynamically changing data is known at a certain first instant, the value of the dynamically changing data can be calculated for a given second time instant. According to yet further embodiments of the invention, in addition to the client 10, the authentication server 110 may also be adapted to calculate or estimate the value of the dynamically changing data given a certain time instant. The client 10 and the authentication server 110 may use the dynamically changing data in a similar way to the time related data as part of the authentication process described herein.

[046] The client 10 may add the time related data to a request 240 to be sent to the authentication server 110. The request may further include a reference to a URI, URL, IP address or domain name of the Web resource 52 through which or from which the client 10 (and more particularly, the client Web browser 12) accessed or obtained the protected ESOC 54. For example, in case the Web browser 12 communicates an HTTP request 240 to the authentication server 110, by default the any HTTP request header includes information about the URI, URL, IP address domain name or other network address indicator relating to the Web page the Web browser is currently at or is currently visiting and that in the context of which the request was generated, also known as the HTTP referrer. HTTP referrer identifies, from the point of view of an Internet Web page or resource, the address of the Web page (commonly the URL or the more generic URI) or the resource which links to it. When visiting a Web page, the referrer or referring page is the URL of the previous Web page from which a link was followed. More generally, a referrer is the URL of a previous item which led to this request. By checking the referrer, a recipient of an HTTP request may determine where the request came from, in this case the HTTP referrer references the Web page 52 hosted on the licensee server 50 that is currently accessed by the Web browser 12. In an alternative embodiment, the reference information may be sent in the body of the request 240.

[047] The request 240 from the client 10 is received at the authentication server 110. According to some embodiments, the authentication server may include a request reader 120 or a HTTP request reader, a request validation module 130 and an encryption module 140. The request reader 120 may be adapted to receive the request 240 from the client 10 and to extract the HTTP referrer (or other reference) information and the time-related segment from the request 240.

[048] The request reader 120 may input the HTTP referrer information to the request validation module 130. The request validation module 130 may include a licensees repository 132 and a comparator 134. The licensees repository 132 may include records indicating which Web resources are licensed or otherwise authorized to use the ESOC 54. The records in the licensees repository 132 may relate to URLs, URIs, IP addresses and/or domain names that are recognized by the authentication server 110 as licensed or authorized (or as unlicensed — in case a black list is used) to use a protected ESOC. The authentication server 110 may include a database or any other suitable data storage in which the licensed or otherwise allowed Web pages, domains or the like are listed.

[049] The comparator 134 may be adapted to determine whether the Web resource referenced by the HTTP referrer information (or by other reference received with the request) is licensed or authorized according to the records in the licensees repository 132. In some embodiments, the comparator 134 may be adapted to determine whether the referenced Web resource is identical, contained or otherwise related to a Web resource referenced in the licensees repository 132 as a licensee of the ESOC. Thus, when a request to enable a protected embedded control is received, a search is conducted on the authentication server 110 for the Web page or domain name that is associated with the request to determine whether that Web page or domain name is authorized and whether to generate and send a response which includes the information that is necessary for the protected ESOC to operate or not.

[050] If the validation fails, access to the authentication server 110 or to the data is denied. In addition, or as an alternative, the authentication server 110 may return a response to the client 10 with an error message or code.

[051] However, in case the license validation is successful and the validation module 130 determines that the Web page or domain name that is associated with the request is authorized, a process of generating a response for enabling the ESOC on the client 10 may be invoked. According to some embodiments, as part of process of generating the ESOC enabling response, the encryption module 140 may be utilized to encrypt the time-related data received from the client 10 as part of the request 240.

[052] In some embodiments, the encryption module 140 may include an encryption method and/or key that is compatible with the decryption method and/or key that is used by the protected ESOC. The concept of encrypting and decrypting information using a key or a method that is available at the source of the information and also to the destination (one being the encryptor and the other being the decrypter) but to no other node along the path of the information between the source and the destination, is a well known concept. There are various techniques which are known in the art for enabling the protection of information that is exchanged between a source and a destination by encrypting the information using a key or a method that is available to the source and to the destination of the information, but is not available (at least not available through reasonable effort) to unauthorized entities. Such techniques may be used as part of some embodiments of the invention.

[053] According to some embodiments the authentication server 110 may communicate a response 250 to the client's 10 request 240. The response 250 includes the encrypted time-related data and is received by the client 10. The Web browser 12 and the client script 56 running thereon may use the encrypted time- related data to enable activation of the ESOC 54. In some embodiments, the client script 56 may use an interface to the ESOC 54 to provide it with the encrypted data received from the authentication server 110. The ESOC 54 may decrypt the encrypted data received from the authentication server 110 using a decryption method and/or key that is implemented thereon and which is compatible with the encryption method and/or key that was used by the authentication server 110.

[054] The ESOC 54 may be adapted to compare the time-related data received with the response 250 from the authentication server 110 and now decrypted by the ESOC 54 with a current time on the client clock 18. hi some embodiments, the ESOC 54 may be adapted to use a comparator 19 for the comparison. The ESOC 54 or the comparator 19 used by the ESOC 54 may check the difference between the current client clock time and the time indicated by the time related data. According to some embodiments, the ESOC 54 may implement a predefined threshold, a predefined criterion and/or predefined rules to determine whether the authentication is successful or not.

[055] For example, according to one embodiment of the invention, a successful authentication may be concluded if the time that has passed since the client 10 generated the time-related data for the request 240 is no longer than 20 seconds. It would be appreciated that by limiting the round-trip time between the generation of the-related data and the communication of the request on the one hand and the receipt of the response and the decryption of the encrypted time-related data on the other, the validity of the approval from the authentication server is limited to a duration of less than 20 seconds or any other period, whether determined according to a threshold, criterion or rule and combinations thereof. The restriction on the validity of the approval from the authentication server limits the possibility of outdated and possibly spoofed or otherwise illegitimate approval responses from the authentication server 110 or from illegitimate sources attempting to circumvent the ESOC usage control measures.

[056] In case authentication fails, the ESOC 54 may return an error code or message to the Web browser 12 or to the client script 56. In further embodiments, the ESOC may simple ignore the request to use invoke ESOC. If however the authentication is successful, the protected ESOC 54 may execute and may carry out its operation possibly returning some data to the Web browser 12 or to the client script 56.

[057] According to some embodiments, the authentication server 110 may include additional components and functionally to improve the ability of the authentication server 110 to detect and handle illegitimate or untrusted ESOC validation requests. In some embodiments, the authentication server 110 may include a connection monitor 150. The connection monitor 150 may be adapted to monitor the IP address and/or other identifiers associated with incoming ESOC validation requests. The connection monitor 150 may be adapted to determine based on the IP address and/or other identifiers associated with incoming ESOC validation requests whether the requesting remote host is a valid ESOC user (user in potential) or that the requesting remote host is an untrusted entity.

[058] In some embodiments, the connection monitor 150 may operate in cooperation with the HTTP request reader 120 to extract the IP address of the remote host that is associated with an incoming ESOC validation request. In other embodiments, the connection monitor 150 may independently determine the IP address of the remote host that is associated with an incoming ESOC validation request, whether according to the HTTP request or based on other information from other sources.

[059] In some embodiments, the connection monitor 150 may record the IP address or some other identifies with respect to the entities requesting ESOC validation (the remote hosts' IP). The connection monitor 150 may also store, in association with a record regarding a certain ESOC validation requesting entity, a time related parameter which is related to one or more ESOC validation requests by that entity. For example, the connection monitor 150 may record per each request received at the authentication server 110, in addition to an identifier of the requesting entity, a timestamp which represents the time instant at which the request was received at the authentication server. In accordance with another example, the connection monitor 150 may update some frequency parameter which represent the number of requests received from a certain requesting entity during a certain predefined period of time. It would be appreciated that other time related parameters may be devised and used. The connection monitor 150 may include or may be associated with any suitable data repository (not shown) which may be used to store the data with respect to the requesting entities.

[060] In accordance with some embodiments, the connection monitor 150 may implement a predefined threshold, criterion and/or rule to determine, based on the requesting entity identifier (e.g., the remote host IP address), whether the request is arriving from a trusted or untrusted source. In further embodiments, the predefined threshold, criterion and/or rule implemented by the connection monitor 150 may also be sensitive to a time-related parameter. Thus, for example, if a certain number of requests (e.g., more than 10) from a certain requesting entity are received at the authentication server 110 within a certain period of time (for example, a second), the connection monitor 150 may monitor this activity and in case it is in violation of a predefined threshold, criterion and/or rule, the connection monitor 150 may take certain steps to deny a validation response which would enable usage of the ESOC by (or through) the untrusted requesting entity.

[061] It would be appreciated that according to some embodiments, the implementation of the connection monitor 150 may enable the authentication server 110 to reduce the amount of illegitimate activity and block attempts by untrusted entities to obtain from the authentication server 150 a validation response which enables usage of an ESOC. For example, the connection monitor 150 may be adapted to detect proxy servers attempting to poll or otherwise obtain validation responses from the authentication server 150. In accordance with further embodiments, authentication server 150 may be adapted to detect various IP address spoofing and possibly also referrer spoofing activity related to incoming ESOC validation requests.

[062] Having described certain features of the authentication server, there is provided a description of another optional feature which may be implemented with the script used in conjunction with the ESOC. As was mentioned above, the script 56 may be downloadable by a client 10 as part of a licensed Web resource 52 and may run on the client 10 (client script). The script 56 may include set of commands of a programming or a scripting language and may be configured to cause a Web browser running the script 56 to create a connection to the authentication server 110. According to some embodiments, within the context of a licensee server 50 Web page 52, the script 56 running on the client 10 may be adapted to create a connection with the authentication server 110, without a visible redirection to another Web page. In further embodiments of the invention, the script 56 running on the client 10 may include and implement a method for creating invisible cross-domain HTTP requests.

[063] In some embodiments, the script 56 may be adapted to dynamically add/change remote script references in a loaded Web page 52 using a suitable client script method. The client script 56 is configured to add or change a remote script reference in the Web page 52 to an authentication server's 110 URL address. The result contains a call to a callback function in the client script 56, including the requested data as an argument of the callback function. The remote client script is executed by the Web browser 12 as a normal client script 56. In other embodiments, an inline frame may be used. The inline frame may be adapted to change its parent's URL hash and vice-versa. It is possible to change a URL hash (the data after the # character in a URL address) from another window or frame that is loaded from a different domain. The data may be read using the client script 56.

[064] Provided below are usage scenarios. The usage scenarios are provided for illustrative purposes only and are means as mere examples of how certain features according to some embodiments of the invention may be used to enable (or deny) usage of a protected ESOC. The usage scenarios should not be construed to limit the scope of the present invention. For the purpose of the examples, the owner of the authentication server described will be named MEMORYFINDER INC.

[065] Authorized Use of a Protected Embedded Control Scenario - A user at home accesses, using a Web browser, an e-commerce Web site that sells computer memory chips (for the purpose of the examples it will be named MEMSHOP). The owner of this Web site pays MEMORYFINDER INC a monthly fee for a computer memory recognition feature on his Web site. At MEMSHOP site's main page, it is suggested that the user will approve the downloading and installation of an ESOC element that will recognize the type of memory chip needed for the user's computer.

[066] Continuing with the usage scenario, the user approves the ESOC download and so the Web browser on the user's computer downloads and installs the ESOC on the user's computer together with the associated client script. The Web page using a client script now calls a method or a function inside the ESOC that recognizes and returns the user's computer memory type. Since the ESOC is protected by MEMORYFINDER INC₅ this ESOC may require a valid authentication key as an argument in order to enable usage of the ESOC and in particular interaction with the method inside the ESOC that recognizes and returns the user's computer memory type.

[067] Thus, in accordance with a predefined procedure included in the client script, the client script on the web page creates a connection to MEMORYFINDER DSfCs authentication server by dynamically creating a remote script reference (a <script> tag) on the web page. In this manner, the URL address of the e-commerce web (MEMOSHOP's site) site is sent automatically by the Web browser inside the request header, as the HTTP referrer URL address. The remote script reference refers to a script page on MEMORYFINDER INCs authentication server. Additionally, the client script sends to the authentication server the current time-related value according to the hardware clock on the user's computer. The current time-related value may be sent using a query string argument in the URL address of the requested remote script page.

[068] Moving on with the usage scenario, MEMORYFINDER INCs authentication server receives the request from the user's computer. It checks whether the HTTP referrer URL address in the request header exists within a list of licensed Web pages or domain names, or not. In this example the request was sent from within the context of a licensed domain name. The authentication server proceeds with the extraction of the user's computer clock time value that was sent inside the query string of the requested script page's URL address. The time-related value is encrypted by the authentication server and is sent back to the user's browser as an argument in a call to the respective ESOC function. The call may further contain a required authentication key and is written in a client scripting language that is supported by the user's browser.

[069] The Web browser receives the communication from the authentication server and executes the script that was downloaded from MEMORYFINDER INCs authentication server. Now the function inside the protected ESOC receives the required authentication data and possibly the key. The protected ESOC may decrypt the authentication data using a decryption technique that is compatible to the encryption technique that was used by the authentication server for encryption, with or without the use of the additional encryption key. The result of the decryption indicates the time-related value that was received by the authentication server with the authentication request. The time-related value is compared to the current time value of the user's computer clock (or the two parameters are otherwise processed), and a predefined threshold, criterion and/or rule is used to determine whether the received time-related value is valid or acceptable and whether usage of the protected ESOC should be enabled or not. For example, the ESOC is configured to allow a 30- second difference between the two values, so each authentication request is valid for 30 seconds from the time it is sent until the time the response form the authentication is processed. The threshold, criterion and/or rule may set a time period condition which is sufficient for the client to send the validation request to the authentication server and to receive a response and process it, but preferably not much longer.

[070] The usage of the protected ESOC is thus enabled, and it may obtain information with respect to the user's computer memory type and return the data to the Web browser and/or client script. The client script may refer the user to the right product page on MEMOSHOP's Web site.

[071] Now there are provided scenarios of unauthorized use of a protected ESOC. Case 1: An unlicensed domain name - A competitor Web site of MEMSHOP decides to use the same memory finding protected ESOC without getting a license from MEMORYFINDER INC. The owner of the competitor Web site simply copies the required client script from MEMSHOP's web pages to his web site, and refers to the downloading and installation of the ESOC.

[072] The client script on the Web page creates a connection to MEMORYFINDER INCs authentication server by dynamically creating a remote script reference (a <script> tag) on the web page. That way the URL address of the e-commerce Web site is sent automatically by the browser inside the request header, as the HTTP referrer URL addxess. The remote script reference refers to a script page on MEMORYFINDER INCS authentication server. Additionally, the client script sends to the authentication server the current time value according to the hardware clock on the user's computer. The time-related value may be sent to the authentication server using a query string argument in the URL address of the requested remote script page.

[073] MEMORYFINDER INCs authentication server receives the request authentication request. The authentication server checks whether the HTTP referrer URL address in the request header exists within a list of licensed web pages or domain names, or not. In this case the request was sent from the context of an unlicensed domain name, so the request is denied by the authentication server.

[074] The protected ESOC does not receive the necessary encrypted time related data and therefore does not perform the requested operations.

[075] Case 2: Attempt to reuse an authentication data. While examining MEMSHOP's client scripts using a debugger program, the competitor notices that a authentication data is passed to the protected ESOC in order to activate the desired function or method. The competitor changes the client script on his Web site in such way that a connection to MEMORYFINDER INCs authentication server never occurs. Instead, he attempts to use authentication data that was saved during a successful activation of the control on MEMSHOP's website.

[076] Moving on with the competitor's unauthorized attempt, the function inside the embedded control receives the authentication data. It decrypts the authentication data using a decryption method that is compatible with the method that was used by the authentication server for encryption. The result of the decryption is the time- related value that was sent to the authentication server upon the request for the authentication data. The time-related value is compared to the current time value on the user's computer clock. The ESOC is configured to allow a 30-second difference (for example) between the two values, so each authentication key is valid for 30 seconds - considered as sufficient time for the client to send a request to the authentication server and to receive a response. Since the authentication key was not received from the authentication server in this session, the time-related value inside the authentication data is too old. Compared to the current time-related value of the user's computer clock there is a difference of 1 hour, 8 minutes and 32 seconds (for example). Accordingly, the ESOC does not proceed with the requested action.

[077] Case 3: Unauthorized Use of a Protected Embedded Control - HTTP Referrer URL Spoofing. In this scenario, the competitor configures the client script on his Web site to connect to an alternate and illegitimate authentication server. The alternate authentication server is similar to a proxy server. It connects to the legitimate MEMORYFINDER INC authentication server and attempts to fake a MEMSHOP URL address as the HTTP referrer URL address (also known as spoofing).

[078] Initially, the competitor's attempt may be successful and a valid authentication data is received from MEMORYFINDER INC and is passed on to the user's Web browser, which successfully enables the usage of the ESOC. However, at some point, with the use of a certain threshold criterion and/or rule implemented by MEMORYFINDER INCs authentication server, it may be detected that there are illegitimate authentication requests arriving from a certain URI, URL, IP address and/or domain name. For example, the authentication may detect the illegitimate activity based on the IP address of the remote host communication the requests to the authentication server. The authentication server may also take into account time related parameters which are associated with the incoming authentication requests, for example, the authentication server may monitor the frequency of authentication requests arriving from a certain URI, URL, IP address and/or domain name. As a result, the authentication server may refuse any further authentication requests arriving form the suspects URI, URL₅ IP address and/or domain name. For example MEMORYFINDER INCs authentication server does not allow more than 10 requests from the same IP address (the IP address of the proxy server in this case) within one minute.

[079] Subsequently, the users of the competitors Web site will no longer be able to use the ESOC and reports that the memory recognition feature downloaded from the competitor's Web site is inoperable will come in. [080] While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will occur to those skilled in the art. It is therefore to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true scope of the invention.

Claims

CLAIMS:

1. An apparatus for controlling usage of an embedded software-object control ("ESOC"), comprising:

- a request reader is adapted to obtain from an incoming ESOC authentication request a reference to a Web resource that a Web browser issuing the request is currently at, and to further obtain from the request a time- related segment which is associated with a time reading on a clock with which the Web browser is associated;

- a request validation module includes references to licensed Web resources and is adapted to determine whether the Web resource referenced by the incoming request is a licensed Web resource; and

- an encryption module is responsive to an indication that an incoming request references a licensed Web resource for generating encrypted data using the time-related segment obtained from the request.

2. The apparatus according to claim 1, wherein the request reader is adapted to obtain the reference information from a HTTP referrer included in the request.

3. The apparatus according to claim 2, wherein the encryption module is adapted to utilize an encryption technique or method that is compatible with a decryption technique or method implemented by the ESOC.

4. The apparatus according to claim 2, wherein the request validation module is adapted to deny or drop the ESOC authentication request in case the Web resource referenced by the incoming request is not a licensed Web resource.

5. The apparatus according to claim 2, further comprising a connection monitor that is adapted to obtain an identifier referencing a remote host that is associated with the incoming ESOC validation request and to determine based on the identifier whether the requesting remote host is a trusted ESOC user.

6. The apparatus according to claim 5, wherein the connection monitor is adapted to implement a time-related threshold, criterion and/or rule in conjunction with the identifier referencing a remote host that is associated with the incoming ESOC validation request to determine whether the requesting remote host is a trusted ESOC user.

7. The apparatus according to claim 6, wherein the time related threshold, criterion and/or rule provides a frequency parameter which indicates a certain amount of incoming requests within a certain period of time above which a requesting remote host is considered to be an untrusted ESOC user.

8. A method of controlling usage of an embedded software-object control ("ESOC"), comprising:

- in response to receipt of an incoming ESOC authentication request obtaining from the incoming request a reference to a Web resource that a Web browser issuing the request is currently at, and obtaining from the request a time-related segment which is associated with a time reading on a clock with which the Web browser is associated;

- determining whether the Web resource referenced by the incoming request is a licensed Web resource; and

- in case it is determined that the Web resource referenced by the incoming request is licensed, generating encrypted data using the time-related segment obtained from the request.

9. The method according to claim 8, wherein the reference to the Web resource is obtained from an HTTP referrer included in the request.

10. The method according to claim 9, wherein said generating encrypted data comprises using an encryption technique or method that is compatible with a decryption technique or method implemented by the ESOC.

11. The method according to claim 9, wherein said determining whether the Web resource referenced by the incoming request is a licensed Web resource comprises denying or dropping the ESOC authentication request in case the Web resource referenced by the incoming request is not a licensed Web resource.

12. The method according to claim 9, further comprising further comprising: - obtaining an identifier referencing a remote host that is associated with the incoming ESOC validation request; and

- determining based on the identifier referencing the remote host whether the requesting remote host is a trusted ESOC user.

13. The method according to claim 12, wherein said determining based on the identifier referencing the remote host whether the requesting remote host is a trusted ESOC user comprises implementing a time-related threshold, criterion and/or rule in conjunction with the identifier referencing the remote host that is associated with the incoming ESOC validation request to determine whether the requesting remote host is a trusted ESOC user.

14. The method according to claim 13, wherein the time related threshold, criterion and/or rule provides a frequency parameter which indicates a certain amount of incoming requests within a certain period of time above which a requesting remote host is considered to be an untrusted ESOC user.