Method and system for license management

US 20060064582A1
Filed: 09/13/2005
Published: 03/23/2006
Est. Priority Date: 09/13/2004
Status: Active Grant

First Claim

Patent Images

1. A method of establishing a secure environment for an end-user platform and a system manager usable to manage said end-user platform, comprising the steps of:

storing manager authentication information on said system manager, said manager authentication information unique to said system manager;

generating end-user platform authentication information for said end-user platform using at least a portion of said manager authentication information, said end-user platform authentication information unique to said end-user platform;

transferring said end-user platform authentication information from said system manager to said end-user platform; and

establishing a secure connection between said system manager and said end-user platform using said manager authentication information and said end-user platform authentication information.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method are disclosed for securing and managing individual end-user platforms as part of an enterprise network. The method/system of the invention has three main components: a security module, a manager appliance, and a console appliance. The security module enforces the enterprise licenses and security policies for the end-user platforms while the manager appliance provides secure, centralized communication with, and oversight of, the security module. The console appliance allows an administrator to access the manager appliance for purposes of monitoring and changing the licenses. Security is established and maintained through an innovative use of data encryption and authentication procedures. The use of these procedures allows the appliances to be uniquely identified to one another, which in turn provides a way to dynamically create unique identifiers for the security modules. These various components together form an infrastructure over the enterprise network to securely manage the end-user platforms.

168 Citations

26 Claims

1. A method of establishing a secure environment for an end-user platform and a system manager usable to manage said end-user platform, comprising the steps of:
- storing manager authentication information on said system manager, said manager authentication information unique to said system manager;
  
  generating end-user platform authentication information for said end-user platform using at least a portion of said manager authentication information, said end-user platform authentication information unique to said end-user platform;
  
  transferring said end-user platform authentication information from said system manager to said end-user platform; and
  
  establishing a secure connection between said system manager and said end-user platform using said manager authentication information and said end-user platform authentication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, further comprising loading installation authentication information on said end-user platform for allowing said system manager to verify that said end-user platform has been designated to be managed from said system manager.
  - 3. The method according to claim 2, wherein said manager authentication information and said installation authentication information are derived from a common source of authentication information.
  - 4. The method according to claim 1, further comprising storing console authentication information on a console usable to access said system manager, said console authentication information unique to said console for allowing said system manager to authenticate said console.
  - 5. The method according to claim 4, further comprising allowing said console to authenticate said system manager using said manager authentication information.
  - 6. The method according to claim 1, further comprising storing product authentication information on said system manager, said product authentication information unique to a software stored on said system manager for allowing said system manager to verify that said software stored on said system manager is not corrupted.
  - 7. The method according to claim 6, wherein said product authentication information further allows said system manager to verify that said software running in a memory of said system manager is not corrupted.
  - 8. The method according to claim 1, further comprising storing manager license authentication information on said system manager, said manager license authentication information uniquely identifying said system manager and allowing said system manager to verify that a software is licensed for use on said system manager.
  - 9. The method according to claim 8, wherein said manager license authentication information includes information specifying one or more software to be managed by said system manager, further comprising generating platform license authentication information for said one or more software to be managed by said system manager and transferring said platform license authentication information to said computing platform.
  - 10. The method according to claim 8, wherein said software includes one or more of the following:
    - application files, data files, audio files, image files, video files.
  - 11. The method according to claim 1, further comprising storing manager maintenance authentication information on said system manager, said manager maintenance authentication information uniquely identifying a software and allowing said system manager to verify that said software is authorized for maintenance on said system manager.
  - 12. The method according to claim 11, wherein said manager maintenance authentication information includes information specifying one or more software authorized to be maintained via said system manager, further comprising generating end-user platform maintenance authentication information for said one or more software authorized to be maintained and transferring said end-user platform maintenance authentication information to said end-user platform.

13. A system for managing a plurality of computing platforms, comprising:
- a network connecting a plurality of end-user platforms to each other; and
  
  one or more appliances connected to said network and having appliance authentication information stored thereon that is unique to each appliance, said appliance authentication information for said one or more appliances derived from a single source of authentication information such that any appliance is capable of authenticating any other appliance.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system according to claim 13, wherein said one or more appliances include a manager appliance for managing said computing platforms, said manager appliance configured to generate end-user platform authentication information for said end-user platforms using at least a portion of said appliance authentication information and to transfer said end-user platform authentication information to said end-user platforms.
  - 15. The system according to claim 14, wherein said one or more appliances include a console appliance for accessing said manager appliance.
  - 16. The system according to claim 13, wherein said single source of authentication information is a manufacturer of said one or more appliances.
  - 17. The system according to claim 16, wherein said manufacturer is configured to self-authenticate any authentication information provided to said one or more appliances.

18. A method for authenticating a plurality of computing platforms, comprising the steps of:
- generating platform level authentication information;
  
  using said platform level authentication information to generate appliance level authentication information, said appliance level authentication information unique to each appliance and allowing all appliances to authenticate one another; and
  
  using at least a portion of said appliance level authentication information to generate client level authentication information, said client level authentication information unique to each end-user platform and allowing said appliances to authenticate said end-user platforms.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The method according to claim 18, further comprising generating vendor level authentication information for allowing a vendor to authenticate said vendor'"'"'s software products.
  - 20. The method according to claim 19, further comprising using said vendor level authentication information to generate product level authentication information, said product level authentication information unique to a software for verifying that said software is not corrupted.
  - 21. The method according to claim 19, further comprising using said vendor level authentication information to generate licensing level authentication information, said licensing level authentication information unique to an appliance for verifying that a software is authorized to be used by said appliance.
  - 22. The method according to claim 19, further comprising using said vendor level authentication information to generate maintenance level authentication information, said maintenance level authentication information unique to a software for verifying that said software is authorized to be maintained.
  - 23. The method according to claim 18, further comprising generating administration level authentication information for allowing an administrator to be authenticated by said appliances.
  - 24. The method according to claim 23, further comprising using said administration level authentication information to generate electronic token level authentication information, said electronic token level authentication information unique to an electronic token used by an administrator for logging in to said appliances, said electronic token level authentication information allowing said appliances to authenticate said administrator.
  - 25. The method according to claim 18, further comprising generating root level authentication, said root level authentication information being self-authenticating and usable to generate said system level authentication information.
  - 26. The method according to claim 18, wherein all authentication information is in the form of digital certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
CoreTrace Corp. (Ivanti Software, Inc.)
Inventors
Teal, Daniel M., Teal, Richard S., Schell, Todd A.

Granted Patent

US 7,711,952 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/105   Arrangements for software l...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

H04L 9/3263   involving certificates, e.g...

Method and system for license management

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

168 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for license management

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links