Method and system for license management
First Claim
1. A method of establishing a secure environment for an end-user platform and a system manager usable to manage said end-user platform, comprising:
- storing a manager certificate on said system manager, said manager certificate unique to said system manager;
generating a client certificate on said system manager for said end-user platform, said client certificate unique to said end-user platform and digitally signed via a private key unique to said manager certificate;
transferring said client certificate from said system manager to said end-user platform;
establishing a secure connection between said system manager and said end-user platform using said manager certificate and said client certificate;
storing a vendor generation certificate on said system manager;
storing a vendor certificate, said vendor certificate unique to a software vendor and digitally signed via a private key unique to said vendor generation certificate;
generating a license certificate on said system manager, said license certificate unique to an authorization of use of a software of the software vendor on a specifically-identified appliance, said license certificate digitally signed via a private key unique to said vendor certificate, said software stored on said system manager;
wherein said specifically-identified appliance is at least one of said system manager and said end-user platform;
performing an integrity check of the software via a product certificate digitally signed by a private key unique to the vendor certificate;
verifying that the software is licensed for use on said at least one of said system manager and said end-user platform, the verification comprising comparing said license certificate to at least one of said manager certificate and said client certificate; and
wherein the system manager is resident on one or more computers having at least a processor and memory, the steps of the method being performed by the one or more computers.
19 Assignments
0 Petitions
Accused Products
Abstract
System and method are disclosed for securing and managing individual end-user platforms as part of an enterprise network. The method/system of the invention has three main components: a security module, a manager appliance, and a console appliance. The security module enforces the enterprise licenses and security policies for the end-user platforms while the manager appliance provides secure, centralized communication with, and oversight of, the security module. The console appliance allows an administrator to access the manager appliance for purposes of monitoring and changing the licenses. Security is established and maintained through an innovative use of data encryption and authentication procedures. The use of these procedures allows the appliances to be uniquely identified to one another, which in turn provides a way to dynamically create unique identifiers for the security modules. These various components together form an infrastructure over the enterprise network to securely manage the end-user platforms.
76 Citations
26 Claims
-
1. A method of establishing a secure environment for an end-user platform and a system manager usable to manage said end-user platform, comprising:
-
storing a manager certificate on said system manager, said manager certificate unique to said system manager; generating a client certificate on said system manager for said end-user platform, said client certificate unique to said end-user platform and digitally signed via a private key unique to said manager certificate; transferring said client certificate from said system manager to said end-user platform; establishing a secure connection between said system manager and said end-user platform using said manager certificate and said client certificate; storing a vendor generation certificate on said system manager; storing a vendor certificate, said vendor certificate unique to a software vendor and digitally signed via a private key unique to said vendor generation certificate; generating a license certificate on said system manager, said license certificate unique to an authorization of use of a software of the software vendor on a specifically-identified appliance, said license certificate digitally signed via a private key unique to said vendor certificate, said software stored on said system manager; wherein said specifically-identified appliance is at least one of said system manager and said end-user platform; performing an integrity check of the software via a product certificate digitally signed by a private key unique to the vendor certificate; verifying that the software is licensed for use on said at least one of said system manager and said end-user platform, the verification comprising comparing said license certificate to at least one of said manager certificate and said client certificate; and wherein the system manager is resident on one or more computers having at least a processor and memory, the steps of the method being performed by the one or more computers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for managing a plurality of computing platforms, comprising:
-
a network connecting a plurality of end-user platforms to each other; one or more appliances connected to said network and having appliance authentication information stored thereon that is unique to each appliance, said appliance authentication information for said one or more appliances derived from a single source of authentication information such that any appliance is capable of authenticating any other appliance; and wherein said one or more appliances include a manager appliance for managing said computing platforms, said manager appliance having a processor and memory, said manager appliance being configured to; store a manager certificate on said manager appliance, said manager certificate unique to said manager appliance; generate a client certificate for at least one end-user platform in said plurality of end-user platforms, said client certificate unique to said at least one end-user platform and digitally signed via a private key unique to said manager certificate; transfer said client certificate from said manager appliance to said at least one end-user platform; establish a secure connection between said manager appliance and said at least one end-user platform using said manager certificate and said client certificate; store a vendor generation certificate on said manager appliance; store a vendor certificate, said vendor certificate unique to a software vendor and digitally signed via a private key unique to said vendor generation certificate; generate a license certificate, said license certificate unique to an authorization of use of a software of the software vendor on a specifically-identified appliance, said license certificate digitally signed via a private key unique to said vendor certificate, said software stored on said manager appliance; wherein said specifically-identified appliance is at least one of said manager appliance and said at least one end-user platform; perform an integrity check of the software via a product certificate digitally signed by a private key unique to the vendor certificate; and verify that the software is licensed for use on said at least one of said manager appliance and said at least one end-user platform, the verification comprising comparing said license certificate to at least one of said manager certificate and said client certificate. - View Dependent Claims (14, 15, 16)
-
-
17. A license-verification method, the license-verification method comprising:
-
on a system manager, storing a hierarchy of license-related certificates, the hierarchy of license-related certificates comprising; a root certificate; a manager certificate, said manager certificate unique to said system manager; a client certificate used for at least one end-user platform in a plurality of end-user platforms, said client certificate unique to said at least one end-user platform and digitally signed via a private key unique to said manager certificate, and wherein said client certificate is transferred from said system manager to said at least one end-user platform; a vendor-generation certificate; a vendor certificate identifying a specific software vendor, the vendor certificate digitally signed via a private key unique to the vendor-generation certificate; a product certificate identifying a specific software product of the software vendor stored on the system manager, the product certificate digitally signed via a private key unique to the vendor certificate; a license pack certificate that identifies a plurality of licensed uses of the specific software product being managed by the system manager, the license pack certificate digitally signed via a private key unique to the vendor certificate; and a plurality of license certificates corresponding to the plurality of licensed uses, each license certificate in the plurality of license certificates digitally signed via a private key unique to the license pack certificate; establishing a secure connection between a manager appliance and the at least one end-user platform; via the product certificate, authenticating the software product stored on the system manager; via at least one license certificate of the plurality of license certificates, verifying that the software product is licensed for use on the at least one end-user platform by comparing said license certificate to at least one of said manager certificate and said client certificate; and wherein the system manager is resident on one or more computers having at least a processor and memory, the storing, establishing, authenticating and verifying actions being performed by the one or more computers. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification