Method and system for license management

US 7,711,952 B2
Filed: 09/13/2005
Issued: 05/04/2010
Est. Priority Date: 09/13/2004
Status: Active Grant

First Claim

Patent Images

1. A method of establishing a secure environment for an end-user platform and a system manager usable to manage said end-user platform, comprising:

storing a manager certificate on said system manager, said manager certificate unique to said system manager;

generating a client certificate on said system manager for said end-user platform, said client certificate unique to said end-user platform and digitally signed via a private key unique to said manager certificate;

transferring said client certificate from said system manager to said end-user platform;

establishing a secure connection between said system manager and said end-user platform using said manager certificate and said client certificate;

storing a vendor generation certificate on said system manager;

storing a vendor certificate, said vendor certificate unique to a software vendor and digitally signed via a private key unique to said vendor generation certificate;

generating a license certificate on said system manager, said license certificate unique to an authorization of use of a software of the software vendor on a specifically-identified appliance, said license certificate digitally signed via a private key unique to said vendor certificate, said software stored on said system manager;

wherein said specifically-identified appliance is at least one of said system manager and said end-user platform;

performing an integrity check of the software via a product certificate digitally signed by a private key unique to the vendor certificate;

verifying that the software is licensed for use on said at least one of said system manager and said end-user platform, the verification comprising comparing said license certificate to at least one of said manager certificate and said client certificate; and

wherein the system manager is resident on one or more computers having at least a processor and memory, the steps of the method being performed by the one or more computers.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method are disclosed for securing and managing individual end-user platforms as part of an enterprise network. The method/system of the invention has three main components: a security module, a manager appliance, and a console appliance. The security module enforces the enterprise licenses and security policies for the end-user platforms while the manager appliance provides secure, centralized communication with, and oversight of, the security module. The console appliance allows an administrator to access the manager appliance for purposes of monitoring and changing the licenses. Security is established and maintained through an innovative use of data encryption and authentication procedures. The use of these procedures allows the appliances to be uniquely identified to one another, which in turn provides a way to dynamically create unique identifiers for the security modules. These various components together form an infrastructure over the enterprise network to securely manage the end-user platforms.

76 Citations

View as Search Results

26 Claims

1. A method of establishing a secure environment for an end-user platform and a system manager usable to manage said end-user platform, comprising:
- storing a manager certificate on said system manager, said manager certificate unique to said system manager;
  
  generating a client certificate on said system manager for said end-user platform, said client certificate unique to said end-user platform and digitally signed via a private key unique to said manager certificate;
  
  transferring said client certificate from said system manager to said end-user platform;
  
  establishing a secure connection between said system manager and said end-user platform using said manager certificate and said client certificate;
  
  storing a vendor generation certificate on said system manager;
  
  storing a vendor certificate, said vendor certificate unique to a software vendor and digitally signed via a private key unique to said vendor generation certificate;
  
  generating a license certificate on said system manager, said license certificate unique to an authorization of use of a software of the software vendor on a specifically-identified appliance, said license certificate digitally signed via a private key unique to said vendor certificate, said software stored on said system manager;
  
  wherein said specifically-identified appliance is at least one of said system manager and said end-user platform;
  
  performing an integrity check of the software via a product certificate digitally signed by a private key unique to the vendor certificate;
  
  verifying that the software is licensed for use on said at least one of said system manager and said end-user platform, the verification comprising comparing said license certificate to at least one of said manager certificate and said client certificate; and
  
  wherein the system manager is resident on one or more computers having at least a processor and memory, the steps of the method being performed by the one or more computers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, further comprising loading an installation certificate on said end-user platform for allowing said system manager to verify that said end-user platform has been designated to be managed from said system manager.
  - 3. The method according to claim 2, wherein said manager certificate and said installation certificate are derived from a common source of authentication information.
  - 4. The method according to claim 1, further comprising storing a console certificate on a console usable to access said system manager, said console certificate unique to said console for allowing said system manager to authenticate said console.
  - 5. The method according to claim 4, further comprising allowing said console to authenticate said system manager using said manager certificate.
  - 6. The method according to claim 1, further comprising storing on said system manager said product certificate, said performance of an integrity check comprising allowing said system manager to verify that said software stored on said system manager is not corrupted.
  - 7. The method according to claim 6, wherein said performance of an integrity check comprises allowing said system manager to verify that said software running in a memory of said system manager is not corrupted.
  - 8. The method according to claim 1, further comprising wherein said license certificate comprises a manager license certificate and said at least one of said system manager and said end-user platform comprises said system manager.
  - 9. The method according to claim 8, wherein said software includes one or more of the following:
    - application files, data files, audio files, image files, video files.
  - 10. The method according to claim 1, further comprising:
    - wherein said license certificate includes information specifying one or more software to be managed by said system manager;
      
      transferring said license certificate to said computing platform; and
      
      wherein said at least one of said system manager and said end-user platform comprises said end-user platform.
  - 11. The method according to claim 1, further comprising storing a manager maintenance certificate on said system manager, said manager maintenance certificate digitally signed via a private key unique to said vendor certificate, said manager maintenance certificate uniquely identifying said software and allowing said system manager to verify that said software is authorized for maintenance on said system manager.
  - 12. The method according to claim 11, wherein said manager maintenance certificate includes information specifying one or more software authorized to be maintained via said system manager, further comprising generating an end-user platform maintenance certificate for said one or more software authorized to be maintained and transferring said end-user platform maintenance certificate to said end-user platform.

13. A system for managing a plurality of computing platforms, comprising:
- a network connecting a plurality of end-user platforms to each other;
  
  one or more appliances connected to said network and having appliance authentication information stored thereon that is unique to each appliance, said appliance authentication information for said one or more appliances derived from a single source of authentication information such that any appliance is capable of authenticating any other appliance; and
  
  wherein said one or more appliances include a manager appliance for managing said computing platforms, said manager appliance having a processor and memory, said manager appliance being configured to;
  
  store a manager certificate on said manager appliance, said manager certificate unique to said manager appliance;
  
  generate a client certificate for at least one end-user platform in said plurality of end-user platforms, said client certificate unique to said at least one end-user platform and digitally signed via a private key unique to said manager certificate;
  
  transfer said client certificate from said manager appliance to said at least one end-user platform;
  
  establish a secure connection between said manager appliance and said at least one end-user platform using said manager certificate and said client certificate;
  
  store a vendor generation certificate on said manager appliance;
  
  store a vendor certificate, said vendor certificate unique to a software vendor and digitally signed via a private key unique to said vendor generation certificate;
  
  generate a license certificate, said license certificate unique to an authorization of use of a software of the software vendor on a specifically-identified appliance, said license certificate digitally signed via a private key unique to said vendor certificate, said software stored on said manager appliance;
  
  wherein said specifically-identified appliance is at least one of said manager appliance and said at least one end-user platform;
  
  perform an integrity check of the software via a product certificate digitally signed by a private key unique to the vendor certificate; and
  
  verify that the software is licensed for use on said at least one of said manager appliance and said at least one end-user platform, the verification comprising comparing said license certificate to at least one of said manager certificate and said client certificate.
- View Dependent Claims (14, 15, 16)
- - 14. The system according to claim 13, wherein said one or more appliances include a console appliance for accessing said manager appliance.
  - 15. The system according to claim 13, wherein a single source of authentication information is a manufacturer of said one or more appliances.
  - 16. The system according to claim 15, wherein said manufacturer is configured to self-authenticate any authentication information provided to said one or more appliances.

17. A license-verification method, the license-verification method comprising:
- on a system manager, storing a hierarchy of license-related certificates, the hierarchy of license-related certificates comprising;
  
  a root certificate;
  
  a manager certificate, said manager certificate unique to said system manager;
  
  a client certificate used for at least one end-user platform in a plurality of end-user platforms, said client certificate unique to said at least one end-user platform and digitally signed via a private key unique to said manager certificate, and wherein said client certificate is transferred from said system manager to said at least one end-user platform;
  
  a vendor-generation certificate;
  
  a vendor certificate identifying a specific software vendor, the vendor certificate digitally signed via a private key unique to the vendor-generation certificate;
  
  a product certificate identifying a specific software product of the software vendor stored on the system manager, the product certificate digitally signed via a private key unique to the vendor certificate;
  
  a license pack certificate that identifies a plurality of licensed uses of the specific software product being managed by the system manager, the license pack certificate digitally signed via a private key unique to the vendor certificate; and
  
  a plurality of license certificates corresponding to the plurality of licensed uses, each license certificate in the plurality of license certificates digitally signed via a private key unique to the license pack certificate;
  
  establishing a secure connection between a manager appliance and the at least one end-user platform;
  
  via the product certificate, authenticating the software product stored on the system manager;
  
  via at least one license certificate of the plurality of license certificates, verifying that the software product is licensed for use on the at least one end-user platform by comparing said license certificate to at least one of said manager certificate and said client certificate; and
  
  wherein the system manager is resident on one or more computers having at least a processor and memory, the storing, establishing, authenticating and verifying actions being performed by the one or more computers.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The method of claim 17, the method comprising:
    - wherein the client certificate is dynamically generated for said at least one end-user platform; and
      
      wherein the establishment of the secure connection is accomplished via the manager certificate and the client certificate.
  - 19. The method of claim 18, the method comprising:
    - wherein the product certificate comprises a hash value of a binary file of the software product; and
      
      the authentication of the software product stored on the system manager comprises comparing the hash value of the binary file with a hash value of the software product stored on the system manager.
  - 20. The method of claim 19, wherein the verification that the software product is licensed for use on the at least one end-user platform comprises comparing an identification of the at least one end-user platform in the client certificate with an identification of a licensed end-user platform in the at least one license certificate.
  - 21. The method of claim 19, the method comprising, responsive to successful completion of the verification that the software product is licensed for use on the at least one end-user platform:
    - transferring the at least one license certificate to the at least one end-user platform; and
      
      installing, from the system manager, the software product on the at least one end-user platform.
  - 22. The method according to claim 18, wherein the authentication of the software product stored on the system manager comprises verifying that the software product is not corrupted.
  - 23. The method according to claim 18, the method comprising:
    - using the vendor certificate to generate a maintenance pack certificate, the maintenance pack certificate unique to the software product, the maintenance pack certificate identifying a plurality of licensed upgrades to the software product; and
      
      for each of the plurality upgrades, generating a maintenance certificate, the maintenance certificate digitally signed via a private key unique to the license pack certificate; and
      
      via the maintenance certificate, verifying that the at least one end-user platform is licensed to receive upgrades to the software product.
  - 24. The method of claim 23, wherein the verification that the at least one end-user platform is licensed to receive upgrades to the software product comprises comparing an identification of the at least one end-user platform in the client certificate with an identification of a licensed end-user platform in the maintenance certificate.
  - 25. The method of claim 23, the method comprising, responsive to successful completion of the action of verifying that the at least one end-user platform is licensed to receive upgrades to the software product:
    - transferring the maintenance certificate to the at least one end-user platform; and
      
      authorizing an upgrade to the software product on the at least one end-user platform.
  - 26. The method of claim 18, the method comprising verifying authenticity of the license pack certificate by determining, via a public key of the vendor certificate, whether the private key utilized in digitally signing the license pack certificate is authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
CoreTrace Corp. (Ivanti Software, Inc.)
Inventors
Teal, Daniel M., Teal, Richard S., Schell, Todd A.
Primary Examiner(s)
Chai; Longbit

Application Number

US11/225,254
Publication Number

US 20060064582A1
Time in Patent Office

1,694 Days
Field of Search

713/156
US Class Current

713/156
CPC Class Codes

G06F 21/105   Arrangements for software l...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

H04L 9/3263   involving certificates, e.g...

Method and system for license management

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for license management

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links