(19)
(11)EP 2 887 603 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
13.02.2019 Bulletin 2019/07

(21)Application number: 13198170.6

(22)Date of filing:  18.12.2013
(51)International Patent Classification (IPC): 
H04L 29/06(2006.01)
G06F 21/12(2013.01)

(54)

CONTROLLING AN EXECUTION OF A SOFTWARE APPLICATION ON AN EXECUTION PLATFORM IN A FIRST LOCAL NETWORK

STEUERUNG EINER AUSFÜHRUNG EINER SOFTWAREANWENDUNG AUF EINER AUSFÜHRUNGSPLATTFORM IN EINEM ERSTEN LOKALEN NETZWERK

COMMANDER L'EXÉCUTION D'UNE APPLICATION LOGICIELLE SUR UNE PLATEFORME D'EXÉCUTION DANS UN PREMIER RÉSEAU LOCAL


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(43)Date of publication of application:
24.06.2015 Bulletin 2015/26

(73)Proprietor: SFNT Germany GmbH
82110 Germering (DE)

(72)Inventors:
  • Lange, Andreas
    D-81829 (DE)
  • Kumar, Pratyush
    New Delhi, 110017 (IN)
  • Zunke, Michael
    D-85551 Kirchheim (DE)

(74)Representative: Scheer, Luc et al
Gemalto SA 525, Avenue du Pic de Bertagne CS 12023
13881 Gémenos Cedex
13881 Gémenos Cedex (FR)


(56)References cited: : 
EP-A1- 2 221 741
US-A1- 2004 153 658
WO-A1-2011/144379
US-A1- 2006 031 830
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description


    [0001] The present invention relates to a method for controlling an execution of a software application on an execution platform in a first local network.

    [0002] It is known to control the execution of a software application such that an execution is only allowed in case of the presence of a corresponding license. The license can be locked to a secure hardware device to be connected to the execution platform. In this case the execution can be carried out only in case of presence of the connected secure hardware device. Since in this case the software publisher or vendor has to deliver the software application and the secure hardware device to the end user, this kind of protection is preferred for expensive software applications.

    [0003] EP 2 221 741 A1 describes a license management technique in which an application program is to be installed to an installation computer and a license management computer allows an installation of the application program based on an identification of the application program, an identification of the installation computer, an identification of an external device connected to the installation computer. To identify the installation computer and the external device, the installation computer issues an installation request including device identification information for identifying the installation computer and external device identification information for identifying an external device connected to the installation computer.

    [0004] US 2004153658 A1 discloses a solution as described in the preamble part of claim 1.

    [0005] In less expensive software applications it is often preferred to lock the license to the hardware of the execution platform.

    [0006] However, if the software application is to be executed in a virtual machine running on the hardware of the execution platform the hardware of the execution platform can often no longer be used for locking the license.

    [0007] In view thereof, it is object of the invention to provide an improved method for controlling an execution of a software application on an execution platform in a first local network.

    [0008] The object is solved by a method for controlling an execution of a software application on an execution platform in a first local network, the method being defined by claim 1 and providing a corresponding system as defined in claim 11.

    [0009] According to the method of the invention the license is locked to the first local network so that an effective control of the execution of the software application can be carried out even if the software application is executed in a virtual machine. Therefore, the license is no longer locked to the execution platform itself but to the environment in which the execution platform is included.

    [0010] According to the present invention, the second network fingerprint complies with the first network fingerprint when the two network fingerprints (at least partly) match or are (at least partly) the same, for example.

    [0011] There can be used an unique feature or an unique information of the first local network for determining the first environment fingerprint or the first network fingerprint in step a).

    [0012] The step c) can be carried out when the execution of the software application starts and/or during the execution of the software application (e.g. periodically).

    [0013] For carrying out the step a) the first local network can be used as it is present. That means, that the inventive method does not generate an unique feature by amending the first local network and that for example characteristics of at least one network printer, at least one network storage and/or at least one network server is used. Further, it is possible to use the domain name of the first local network, characteristics of at least one of the network users, other unique information stored in an active directory or LDAP of the first local network, etc.

    [0014] For example, the unique information can be a user identifier (user ID) + password or a globally unique identifier (GUID) + password. Such a unique information is characteristic for a corresponding local network and it is very difficult to transfer it to another local network leading to good protection against unauthorized use of the software application.

    [0015] In addition it is possible to amend the first local network and to use this amendment for determining the first network fingerprint. For example, an additional network user can be created and characteristics of this additional network user are used for determining the first network fingerprint. Further, it is possible to create an entry in the active directory or in the LDAP of the first local network and use it as unique information. In particular, at least one network service, which is provided in the first local network, can be used in order to generate something unique for the first local network. Such an amending of the first local network is preferably carried out before step a).

    [0016] Further, it is possible that the first network fingerprint includes several different features and that only a predetermined number of these features of a predetermined percentage of these features have to be the same in the first and second network fingerprint for determining the result that the second environment fingerprint complies with (or is in coincidence with) the first environment fingerprint. This can be accepted for a limit number of comparisons, for a limit time or in general.

    [0017] In particular, the compliance of the two environment fingerprints can be considered as being present if a predetermined percentage of the first network fingerprint is present in the second network fingerprint or if a predetermined percentage of the first environment fingerprint is present in the second environment fingerprint.

    [0018] The compliance of the two environment fingerprints can be considered as being present if a predetermined partial compliance (or, for example, a partial match) of the two environment fingerprints is present. In particular, the license can include a predetermined compliance algorithm which carries out the step of comparing the two environment fingerprints in step c). By using such a predetermined compliance algorithm it is possible to give different features of the network fingerprints different weights, for example.

    [0019] Further the first network fingerprint can include at least two features and the inventive method can include the step of checking whether all features of the first network fingerprint are present and in case that not all but only some features of the first network fingerprint are present at least one of the not present features is replaced by another feature of the first local network. The replacement can be carried out by completely replacing the at least one of the not present features or by marking the at least one of the not present features as a feature that is no longer relevant and which is no longer used when comparing the two network fingerprints. If for example a network printer is no longer present, this feature of this network printer can be replaced by a new network printer, a new network storage or something else which is characteristic for the first local network.

    [0020] Further, it is possible, that the first network fingerprint is amended such that an additional feature characterizing the first local network is added to the first network fingerprint.

    [0021] By doing this it is possible that the license is adapted to normal changes in a local network.

    [0022] The first environment fingerprint and/or the license can be signed and/or encrypted. In this case, a check of the signature and/or a decryption step is carried out before comparing the second environment fingerprint with the first environment fingerprint.

    [0023] The first environment fingerprint can include a first execution platform fingerprint which is characteristic for said execution platform in said first local network and which is determined in step a). The second environment fingerprint can include a second execution platform fingerprint which is determined in step c). In this case, the comparison of the two environment fingerprints can also include the comparison of the two execution platform fingerprints. By doing this it can be ensured that the software application can only be carried out on the specific execution platform in the first local network.

    [0024] The software application can include a module for carrying out the steps of the inventive method.

    [0025] A local network is preferably to be understood as a network which is only accessible for a limited number of users, as for example a local network of a company. The internet is preferably not to be understood as being a local network.

    [0026] The execution platform is preferably a part of the first local network and can be a single computer or a virtual machine, for example. The virtual machine can be a software implementation of a machine (e.g. a computer) that executes programs or software applications like a physical machine.

    [0027] There is further provided a computer program product which comprises software code in order to carry out the steps of the claimed method (including the claimed further developments), when the product is being executed.

    [0028] There is further provided a control system for controlling an execution of a software application on an execution platform in a first local network, comprising a control module carrying out the following steps:
    1. a) determining a first environment fingerprint including a first network fingerprint of the first local network by using predetermined rules, said first network fingerprint is characteristic for the first local network and can be used to distinguish the first local network from other local networks,
    2. b) generating a license including said first environment fingerprint, said license defines terms of allowed execution of the software application on an execution platform in the first local network, and
    3. c) controlling the execution by
      • determining a second environment fingerprint including a second network fingerprint of the local network in which the execution platform for said software application is included by using said predetermined rules,
      • comparing the second environment fingerprint with the first environment fingerprint of the license, and
      • allowing the execution of the software application according to the terms of the license in case of the second environment fingerprint complies with the first environment fingerprint, and preventing the execution of the software application in case of the second environment fingerprint does not comply with the first environment fingerprint.


    [0029] The control system can comprise features for carrying out the inventive method (including the further developments of the inventive method). In particular, the control module can be a software and/or hardware. The inventive method for controlling an execution of a software application on an execution platform in a first local network can comprise method steps described in connection with the inventive control system.

    [0030] It is understood that the features mentioned above and those yet to be explained below can be used not only in the respective combinations indicated, but also in other combinations or in isolation, without departing from the scope of the present invention.

    [0031] The present invention may be better understood in conjunction with the following figures:
    Fig. 1
    schematically shows five local networks which can be connected with each other via on the internet;
    Fig. 2
    a flowchart for describing an embodiment of a method for controlling an execution of a software application on an execution platform in a first local network 6 of the local networks shown in Fig. 1.


    [0032] As shown in Fig. 1 a software application 1 is to be executed on an execution platform 2. The execution platform 2 is embodied as a conventional personal computer, for example, comprising a computing section 3 (comprising, for example, a processor, a hard disk, further hardware elements as well as an operating system), an input unit 4 (in this case, for example, a keyboard) as well as an output unit 5 (e.g. a screen). The execution platform 2 is part of a first local network 6 which comprises further execution platforms 7, 8, which can be embodied in the same or in a different way as the execution platform 2, a server 9 and a first and a second network printer 10, 11. The lines L schematically indicate that these components are all part of the first local network 6. The first local network 6 (or first Local Area Network (LAN) 6) can be connected to the internet 12 as indicated by the line 13.

    [0033] There may be further local networks 14, 15, 16, 17 which can be connected to the internet 12 (as indicated by the lines 18-21). Therefore, a connection between the local networks 6, 14-17 is possible via the internet 12. Of course, any other kind of connection between the local networks 6, 14-17 can be present, as indicated by the line 22 showing a connection between the first local network 6 and the further local netwok 17.

    [0034] In order to control the execution of the software application 1 on the execution platform 2 in the first local network 6 a first environment fingerprint including a first network fingerprint of the first local network 6 is determined using predetermined rules (step S1 in Fig. 2). This first network fingerprint is characteristic for the first local network 6 and can be used for distinguish the first local network 6 from the other local networks 14-17. The predetermined rules can be to generate a list of network printer present in the local network. Therefore, the first network fingerprint can be a list of the network printers 10, 11 which are present in the first local network 6.

    [0035] This step S1 of determining the first environment fingerprint is preferably carried out when the software application 1 is to be executed for the first time on the execution platform 2.

    [0036] Thereafter, a license including the first environment fingerprint is generated (step S2). The generation of the license can be carried out, for example, by sending the first environment fingerprint to the software vendor (for example via the internet 12). The software vendor signs and/or encrypts the first environment fingerprint (preferably in an automatic process) and sends it back to the software application or to any point within the first local network 6 known to the software application 1. Further, the license can include the allowed terms of use of the software application 1. The terms of use, which are preferably also signed and/or encrypted together with the signed and/or encrypted fingerprint forms the license for the software application 1.

    [0037] For controlling the execution of the software application 1 a second environment fingerprint including a second network fingerprint of the local network, in which the execution platform 2 for the software application is included, is determined by using the determined rules (step S3). Thus, in this case a list of network printers is generated as the second network fingerprint.

    [0038] As a next step a comparison of the two environment fingerprints is carried out (step S4).

    [0039] In this case, the software application 1 is to be executed on the execution platform 2 within the first local network 6 so that the second network fingerprint includes as the list of network printers the two network printers 10, 11. The comparison of the second environment fingerprint with the first environment fingerprint of the license leads therefore to the result that the second environment fingerprint is the same as the first environment fingerprint. In this case the execution of the software application is allowed (step S5).

    [0040] If, for example, the software application 1 is to be executed in the further local network 14 the second network fingerprint would be different to the first network fingerprint. Therefore, the comparison of the two environment fingerprints would lead to the result, that they are different and therefore the execution of the software application would be prevented (step S6).

    [0041] The steps S1-S6 can be carried out by a control module included in the software application.

    [0042] According to the described method the software application 1 can only be executed when being present in the first local network 6. Therefore, even if the software application 1 is to be executed in a virtual machine 23 running on the execution platform 2 of the first local network 6 an effective control of execution and therefore an effective license control can be ensured.

    [0043] The first environment fingerprint can include a first execution platform fingerprint which is characteristic for the execution platform in the first network 6. If, for example, the software application 1 is to be executed in the virtual machine 23 the first execution platform fingerprint can comprise a feature unique and characteristic for the virtual machine 23. For example, a vMAC address (virtual media access control address) can be used as unique identifier for the virtual machine 23. Of course, any other unique identifier for the execution platform 2 can be used for the first execution platform fingerprint.

    [0044] If the first environment fingerprint includes the first network fingerprint and the first execution platform fingerprint, a second execution platform fingerprint is determined in step S3 in the same way as in step S1. Therefore, when comparing the two environment fingerprints also a comparison of the two execution platform fingerprints is carried out. By doing this it can be avoided that the second environment fingerprint is duplicated so that the software application 1 can be executed for multiple times within the first local network 6.

    [0045] The execution platform fingerprint can include or can comprise any unique identifier for a specific execution platform within the local network.

    [0046] The first local network 6 can also be a local network including an execution platform 2 embodied as a conventional personal computer and a television connected to the personal computer via cable or Wi-Fi. Further, any other or additional network compatible device can be part of the first local network 6. The MAC address or any other unique identifier of at least one of the network compatible devices can be used for generating the first environment fingerprint and in particular the first network fingerprint.


    Claims

    1. A method for controlling an execution of a software application (1) on an execution platform (2) in a first local network (6), comprising the steps of:

    a) determining a first environment fingerprint including a first network fingerprint of the first local network,
    wherein predetermined rules and at least two devices (9, 10) relating to the first local network are used, said first network fingerprint including a user identifier and a password or unique information stored in a directory relating to the first local network, said first network fingerprint being characteristic for the first local network and being possibly used to distinguish the first local network from other local networks,

    b) generating a license including said first environment fingerprint, said license defining terms of allowed execution of the software application on an execution platform in the first local network, and

    c) controlling the execution by:

    - determining a second environment fingerprint including a second network fingerprint of the local network by using said predetermined rules,

    - comparing the second environment fingerprint with the first environment fingerprint of the license, and

    - allowing the execution of the software application according to the terms of the license in case of the second environment fingerprint complies with the first environment fingerprint, and preventing the execution of the software application in case of the second environment fingerprint does not comply with the first environment fingerprint, and characterized in that, to carry out the step c), the compliance of the two environment fingerprints is considered as being present if a predetermined partial compliance of the two environment fingerprints is present.


     
    2. Method according to claim 1, wherein the allowance of the execution of the software application according to step c) is given for an execution of the software application within a virtual machine (23).
     
    3. Method according to claim 1 or 2, wherein the first network fingerprint includes at least one feature of the first local network which is already present and which is not generated by the claimed method for controlling.
     
    4. Method according to one of the above claims, wherein a step of amending the first local network in order to create an unique feature of the first local network is carried out before carrying out step a).
     
    5. Method according to one of the above claims, wherein the first network fingerprint includes at least two different features and wherein in step c) the compliance of the two environment fingerprints is considered as being present if at least one of the two features is the same in both network fingerprints.
     
    6. Method according to one of the above claims, wherein the license includes a predetermined compliance algorithm which carries out the step of comparing the two environment fingerprints in step c).
     
    7. Method according to one of the above claims, wherein the first network fingerprint includes at least two features and the method includes the step of checking whether all features of the first network fingerprint are present and in case that not all but only some features of the first network fingerprint are present, at least one of the non present features is replaced by another feature of the first local network.
     
    8. Method according to one of the above claims, wherein the first network fingerprint is amended such that an additional feature characterizing the first local network is added to the first network fingerprint.
     
    9. Method according to one of the above claims, wherein the first environment fingerprint includes a first execution platform fingerprint which is characteristic for said execution platform in said first local network and which is determined in step a),
    wherein the second environment fingerprint includes a second execution platform fingerprint which is determined in step c), and
    wherein in step c) the two network fingerprints and the two environment fingerprints are compared.
     
    10. A computer program product (1), which comprises software code in order to carry out the steps of one of the above claims, when the product is being executed.
     
    11. A control system for controlling an execution of a software application (1) on an execution platform (2) in a first local network (6), comprising a control module carrying out the steps of:

    a) determining a first environment fingerprint including a first network fingerprint of the first local network,
    wherein predetermined rules and at least two devices (9, 10) relating to the first local network are used, said first network fingerprint including a user identifier and a password or unique information stored in a directory relating to the first local network, said first network fingerprint being characteristic for the first local network and being possibly used to distinguish the first local network from other local networks,

    b) generating a license including said first environment fingerprint, said license defining terms of allowed execution of the software application on an execution platform in the first local network, and

    c) controlling the execution by:

    - determining a second environment fingerprint including a second network fingerprint of the local network by using said predetermined rules,

    - comparing the second environment fingerprint with the first environment fingerprint of the license, and

    - allowing the execution of the software application according to the terms of the license in case of the second environment fingerprint complies with the first environment fingerprint, and preventing the execution of the software application in case of the second environment fingerprint does not comply with the first environment fingerprint, and characterized in that, to carry out the step c), the compliance of the two environment fingerprints is considered as being present if a predetermined partial compliance of the two environment fingerprints is present.


     


    Ansprüche

    1. Verfahren zum Steuern einer Ausführung einer Softwareanwendung (1) auf einer Ausführungsplattform (2) in einem ersten lokalen Netzwerk (6), umfassend die Schritte

    a) Bestimmen eines ersten Umgebungsfingerabdrucks, der einen ersten Netzwerkfingerabdruck des ersten lokalen Netzwerks beinhaltet, wobei vorherbestimmte Regeln und mindestens zwei das erste lokale Netzwerk betreffende Einrichtungen (9, 10) verwendet werden, wobei der erste Netzwerkfingerabdruck eine Nutzerkennung und ein Passwort oder eine eindeutige Information beinhaltet, die in einem das erste lokale Netzwerk betreffenden Verzeichnis gespeichert sind, wobei der erste Netzwerkfingerabdruck charakteristisch für das erste lokale Netzwerk ist und gegebenenfalls verwendet wird, um das erste lokale Netzwerk von anderen lokalen Netzwerken zu unterscheiden,

    b) Erzeugen einer den ersten Umgebungsfingerabdruck beinhaltenden Lizenz, wobei die Lizenz Bedingungen einer genehmigten Ausführung der Softwareanwendung auf einer Ausführungsplattform in dem ersten lokalen Netzwerk definiert, und

    c) Steuern der Ausführung durch:

    - Bestimmen eines zweiten Umgebungsfingerabdrucks, der einen zweiten Netzwerkfingerabdruck des lokalen Netzwerks beinhaltet, unter Verwendung der vorherbestimmten Regeln,

    - Vergleichen des zweiten Umgebungsfingerabdrucks mit dem ersten Umgebungsfingerabdruck der Lizenz, und

    - Genehmigen der Ausführung der Softwareanwendung gemäß den Bedingungen der Lizenz, falls der zweite Umgebungsfingerabdruck dem ersten Umgebungsfingerabdruck entspricht, und Verhindern der Ausführung der Softwareanwendung, falls der zweite Umgebungsfingerabdruck dem ersten Umgebungsfingerabdruck nicht entspricht, und

    dadurch gekennzeichnet, dass zum Durchführen des Schritts c), die Entsprechung der zwei Umgebungsfingerabdrücke als vorhanden erachtet wird, falls eine vorherbestimmte Teilentsprechung der zwei Umgebungsfingerabdrücke vorhanden ist.
     
    2. Verfahren nach Anspruch 1, wobei die Genehmigung der Ausführung der Softwareanwendung gemäß Schritt c) für eine Ausführung der Softwareanwendung innerhalb einer virtuellen Maschine (23) erteilt wird.
     
    3. Verfahren nach Anspruch 1 oder 2, wobei der erste Netzwerkfingerabdruck mindestens ein Merkmal des ersten lokalen Netzwerks beinhaltet, das bereits vorhanden ist und nicht durch das beanspruchte Steuerungsverfahren erzeugt wird.
     
    4. Verfahren nach einem der vorhergehenden Ansprüche, wobei vor dem Durchführen des Schritts a) ein Schritt des Änderns des ersten lokalen Netzwerks durchgeführt wird, um ein eindeutiges Merkmal des ersten lokalen Netzwerks zu erstellen.
     
    5. Verfahren nach einem der vorhergehenden Ansprüche, wobei der erste Netzwerkfingerabdruck mindestens zwei verschiedene Merkmale beinhaltet und wobei in Schritt c) die Entsprechung der zwei Umgebungsfingerabdrücke als vorhanden erachtet wird, falls mindestens eines der zwei Merkmale in beiden Netzwerkfingerabdrücken gleich ist.
     
    6. Verfahren nach einem der vorhergehenden Ansprüche, wobei die Lizenz einen vorherbestimmten Entsprechungsalgorithmus beinhaltet, der den Schritt des Vergleichens der zwei Umgebungsfingerabdrücke in Schritt c) durchführt.
     
    7. Verfahren nach einem der vorhergehenden Ansprüche, wobei der erste Netzwerkfingerabdruck mindestens zwei Merkmale beinhaltet und das Verfahren den Schritt des Prüfens beinhaltet, ob alle Merkmale des ersten Netzwerkfingerabdrucks vorhanden sind, und falls nicht alle, sondern lediglich einige Merkmale des ersten Netzwerkfingerabdrucks vorhanden sind, mindestens eines der nicht vorhandenen Merkmale durch ein anderes Merkmal des ersten lokalen Netzwerks ersetzt wird.
     
    8. Verfahren nach einem der vorhergehenden Ansprüche, wobei der erste Netzwerkfingerabdruck derart geändert wird, dass dem ersten Netzwerkfingerabdruck ein das erste lokale Netzwerk charakterisierendes zusätzliches Merkmal hinzugefügt wird.
     
    9. Verfahren nach einem der vorhergehenden Ansprüche, wobei der erste Umgebungsfingerabdruck einen ersten Ausführungsplattform-Fingerabdruck beinhaltet, der für die Ausführungsplattform in dem ersten lokalen Netzwerk charakteristisch ist und in Schritt a) bestimmt wird, wobei der zweite Umgebungsfingerabdruck einen zweiten Ausführungsplattform-Fingerabdruck beinhaltet, der in Schritt c) bestimmt wird, und
    wobei in Schritt c) die zwei Netzwerkfingerabdrücke und die zwei Umgebungsfingerabdrücke verglichen werden.
     
    10. Computerprogrammprodukt (1), das Softwarecode umfasst, um die Schritte eines der vorhergehenden Ansprüche durchzuführen, wenn das Produkt ausgeführt wird.
     
    11. Steuerungssystem zum Steuern einer Ausführung einer Softwareanwendung (1) auf einer Ausführungsplattform (2) in einem ersten lokalen Netzwerk (6), umfassend ein Steuermodul, das die folgenden Schritte durchführt:

    a) Bestimmen eines ersten Umgebungsfingerabdrucks, der einen ersten Netzwerkfingerabdruck des ersten lokalen Netzwerks beinhaltet, wobei vorherbestimmte Regeln und mindestens zwei das erste lokale Netzwerk betreffende Einrichtungen (9, 10) verwendet werden, wobei der erste Netzwerkfingerabdruck eine Nutzerkennung und ein Passwort oder eine eindeutige Information beinhaltet, die in einem das erste lokale Netzwerk betreffenden Verzeichnis gespeichert sind, wobei der erste Netzwerkfingerabdruck charakteristisch für das erste lokale Netzwerk ist und gegebenenfalls verwendet wird, um das erste lokale Netzwerk von anderen lokalen Netzwerken zu unterscheiden,

    b) Erzeugen einer den ersten Umgebungsfingerabdruck beinhaltenden Lizenz, wobei die Lizenz Bedingungen einer genehmigten Ausführung der Softwareanwendung auf einer Ausführungsplattform in dem ersten lokalen Netzwerk definiert, und

    c) Steuern der Ausführung durch:

    - Bestimmen eines zweiten Umgebungsfingerabdrucks, der einen zweiten Netzwerkfingerabdruck des lokalen Netzwerks beinhaltet, unter Verwendung der vorherbestimmten Regeln,

    - Vergleichen des zweiten Umgebungsfingerabdrucks mit dem ersten Umgebungsfingerabdruck der Lizenz, und

    - Genehmigen der Ausführung der Softwareanwendung gemäß den Bedingungen der Lizenz, falls der zweite Umgebungsfingerabdruck dem ersten Umgebungsfingerabdruck entspricht, und Verhindern der Ausführung der Softwareanwendung, falls der zweite Umgebungsfingerabdruck dem ersten Umgebungsfingerabdruck nicht entspricht, und

    dadurch gekennzeichnet, dass zum Durchführen des Schritts c) die Entsprechung der zwei Umgebungsfingerabdrücke als vorhanden erachtet wird, falls eine vorherbestimmte Teilentsprechung der zwei Umgebungsfingerabdrücke vorhanden ist.
     


    Revendications

    1. Procédé pour commander une exécution d'une application logicielle (1) sur une plateforme d'exécution (2) dans un premier réseau local (6), comprenant les étapes de :

    a) détermination d'une première empreinte digitale d'environnement incluant une première empreinte digitale du réseau au niveau du premier réseau local, dans lequel des règles prédéterminées et au moins deux dispositifs (9, 10) relatifs au premier réseau local sont utilisés, ladite première empreinte digitale du réseau incluant un identifiant d'utilisateur et un mot de passe ou une information unique stockée dans un répertoire relatif au premier réseau local, ladite première empreinte digitale du réseau étant caractéristique du premier réseau local et étant possiblement utilisée pour distinguer le premier réseau local des autres réseaux locaux,

    b) génération d'une licence incluant ladite première empreinte digitale d'environnement, ladite licence définissant les conditions d'autorisation de l'exécution de l'application logicielle sur une plateforme d'exécution dans le premier réseau local, et

    c) commande de l'exécution par :

    - la détermination d'une deuxième empreinte digitale d'environnement incluant une deuxième empreinte digitale du réseau au niveau du réseau local en utilisant lesdites règles prédéterminées,

    - la comparaison de la deuxième empreinte digitale d'environnement à la première empreinte digitale d'environnement de la licence, et

    - l'autorisation de l'exécution de l'application logicielle selon les conditions de la licence si la deuxième empreinte digitale d'environnement correspond à la première empreinte digitale d'environnement, et l'empêchement d'exécution de l'application logicielle si la deuxième empreinte digitale d'environnement ne correspond pas à la première empreinte digitale d'environnement, et caractérisé en ce que, pour réaliser l'étape c), la conformité des deux empreintes digitales d'environnements est considérée comme étant présente si une conformité partielle prédéterminée des deux empreintes digitales d'environnements est présente.


     
    2. Procédé selon la revendication 1, dans lequel l'autorisation de l'exécution de l'application logicielle selon l'étape c) est accordée pour une exécution de l'application logicielle dans une machine virtuelle (23).
     
    3. Procédé selon la revendication 1 ou 2, dans lequel la première empreinte digitale du réseau inclut au moins une caractéristique du premier réseau local qui est déjà présente et qui n'est pas générée par le procédé revendiqué pour commander.
     
    4. Procédé selon l'une des revendications précédentes, dans lequel une étape de modification du premier réseau local visant à créer une caractéristique unique du premier réseau local est réalisée avant la réalisation de l'étape a).
     
    5. Procédé selon l'une des revendications précédentes, dans lequel la première empreinte digitale du réseau inclut au moins deux caractéristiques différentes et dans lequel, à l'étape c), la conformité des deux empreintes digitales d'environnements est considérée comme étant présente si au moins l'une des deux caractéristiques est identique dans les deux empreintes digitales de réseaux.
     
    6. Procédé selon l'une des revendications précédentes, dans lequel la licence inclut un algorithme de conformité prédéterminé qui réalise l'étape consistant à comparer les deux empreintes digitales d'environnements à l'étape c).
     
    7. Procédé selon l'une des revendications précédentes, dans lequel la première empreinte digitale du réseau inclut au moins deux caractéristiques et le procédé comprend l'étape consistant à vérifier que toutes les caractéristiques de la première empreinte digitale du réseau sont présentes et si, dans le cas où seulement certaines caractéristiques de la première empreinte digitale du réseau sont présentes, au moins une des caractéristiques non présentes est remplacée par une autre caractéristique du premier réseau local.
     
    8. Procédé selon l'une des revendications précédentes, dans lequel la première empreinte digitale du réseau est modifiée de sorte qu'une caractéristique supplémentaire caractérisant le premier réseau local est ajoutée à la première empreinte digitale du réseau.
     
    9. Procédé selon l'une des revendications précédentes, dans lequel la première empreinte digitale d'environnement inclut une première empreinte digitale de plateforme d'exécution qui est caractéristique de ladite plateforme d'exécution dans ledit premier réseau local et qui est déterminée à l'étape a),
    dans lequel la deuxième empreinte digitale d'environnement inclut une deuxième empreinte digitale de plateforme d'exécution qui est déterminée à l'étape c), et
    dans lequel, à l'étape c), les deux empreintes digitales de réseaux et les deux empreintes digitales d'environnements sont comparées.
     
    10. Produit de programme informatique (1), qui comprend un code logiciel conçu pour réaliser les étapes d'une des revendications susmentionnées, lorsque le produit est en cours d'exécution.
     
    11. Système pour commander une exécution d'une application logicielle (1) sur une plateforme d'exécution (2) dans un premier réseau local (6), comprenant un module de commande réalisant les étapes de :

    a) détermination d'une première empreinte digitale d'environnement incluant une première empreinte digitale du réseau au niveau du premier réseau local, dans lequel des règles prédéterminées et au moins deux dispositifs (9, 10) relatifs au premier réseau local sont utilisés, ladite première empreinte digitale du réseau incluant un identifiant d'utilisateur et un mot de passe ou une information unique stockée dans un répertoire relatif au premier réseau local, ladite première empreinte digitale de réseau étant caractéristique du premier réseau local et étant possiblement utilisée pour distinguer le premier réseau local des autres réseaux locaux,

    b) génération d'une licence incluant ladite première empreinte digitale d'environnement, ladite licence définissant les conditions d'autorisation de l'exécution de l'application logicielle sur une plateforme d'exécution dans le premier réseau local, et

    c) commande de l'exécution par :

    - la détermination d'une deuxième empreinte digitale d'environnement incluant une deuxième empreinte digitale du réseau au niveau du réseau local en utilisant lesdites règles prédéterminées,

    - la comparaison de la deuxième empreinte digitale d'environnement à la première empreinte digitale d'environnement de la licence, et

    - l'autorisation de l'exécution de l'application logicielle selon les conditions de la licence si la deuxième empreinte digitale d'environnement correspond à la première empreinte digitale d'environnement, et l'empêchement d'exécution de l'application logicielle si la deuxième empreinte digitale d'environnement ne correspond pas à la première empreinte digitale d'environnement, et caractérisé en ce que, pour réaliser l'étape c), la conformité des deux empreintes digitales d'environnements est considérée comme étant présente si une conformité partielle prédéterminée des deux empreintes digitales d'environnements est présente.


     




    Drawing











    Cited references

    REFERENCES CITED IN THE DESCRIPTION



    This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

    Patent documents cited in the description