Certificate distribution via license files

US 7,747,851 B1
Filed: 09/30/2004
Issued: 06/29/2010
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. A process for licensing a computational component in a distributed processing network, the computational component to be licensed being remote from the license provider, comprising:

the licensing provider assigning, with the cooperation of a processor, a private and public key pair to the computational component;

the licensing provider creating a license file to be installed on the computational component;

the licensing provider incorporating the private key in the license file; and

the licensing provider thereafter transmitting the license file, the license file including the computational component'"'"'s private key, to the computational component, wherein the license file also includes an indication of a maximum number of computational components, and this maximum number corresponds to a number of certificates in the license file.

View all claims

24 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for licensing a computational component in a distributed processing network is provided. The system includes a licensing provider 100 that is spatially remote from the computational component 154 and is operable to: (a) assign a private and public key pair to the computational component 154; (b) create a digital certificate 308 for the computational component 154, the digital certificate 308 being signed with a private key of the licensing provider 100, the licensing provider'"'"'s private key being different from the computational component'"'"'s private key 312; (c) create a license file 176 to be installed on the computational component; and (d) transmit the license file 176 and the computational component'"'"'s signed digital certificate 308 and private key 312 to the computational component 154.

302 Citations

30 Claims

1. A process for licensing a computational component in a distributed processing network, the computational component to be licensed being remote from the license provider, comprising:
- the licensing provider assigning, with the cooperation of a processor, a private and public key pair to the computational component;
  
  the licensing provider creating a license file to be installed on the computational component;
  
  the licensing provider incorporating the private key in the license file; and
  
  the licensing provider thereafter transmitting the license file, the license file including the computational component'"'"'s private key, to the computational component, wherein the license file also includes an indication of a maximum number of computational components, and this maximum number corresponds to a number of certificates in the license file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - the licensing provider creating a digital certificate for the computational component, the digital certificate being signed with a private key of the licensing provider, the licensing provider'"'"'s private key being different from the computational component'"'"'s private key; and
      
      the licensing provider transmitting, at least substantially simultaneously, the license file, the computational component'"'"'s signed digital certificate, and private key to the computational component.
  - 3. The method of claim 2, wherein the license file includes the computational component'"'"'s signed digital certificate and private key, wherein an expiration date of the certificate is the same as an expiration date of the license, and wherein the certificate is generated before the licensing provider is aware of the computational component'"'"'s electronic address.
  - 4. The method of claim 3, wherein the private key is encrypted with a first cryptographic algorithm and included in the license file in encrypted form and wherein the encrypted private key and license file are encrypted, before transmission, with a different second cryptographic algorithm and transmitted in encrypted form.
  - 5. The method of claim 4, wherein the first and second cryptographic algorithms use symmetric encryption and wherein the first secret key used by the first cryptographic algorithm and the second key used by the second cryptographic algorithm are stored in the computational component before the computational component receives the license file.
  - 6. The method of claim 4, further comprising:
    - the computational component determining whether the license file is valid; and
      
      when the license file is valid, the computational component decrypting the private key using the first encryption algorithm; and
      
      when the license file is invalid, the computational component not decrypting the private key using the first encryption algorithm, wherein the license file is stored by the computational component in a first location in memory different from a second location in memory containing the private key.
  - 7. The method of claim 2, wherein the licensing provider is the issuing authority, wherein the root certificate is issued and signed by the licensing provider, and wherein the computational component'"'"'s digital certificate comprises a license identifier to allow identification of the computational component.
  - 8. The method of claim 2, wherein the computational component is a first media server and is part of an enterprise network, the enterprise network comprising at least a second media server that is remote from the licensing provider and the first media server, and wherein the license file comprises a first digital certificate for the first media server and a different second digital certificate for the second media server and further comprising:
    - the first media server receiving authentication information corresponding to the second media server;
      
      the first media server receiving a certificate request from the second media server;
      
      the first media server authenticating the second media server; and
      
      when the authentication is successful, the first media server providing the second digital certificate to the second media server.
  - 9. The method of claim 2, wherein the license file comprises the computational component'"'"'s signed digital certificate and wherein a first encryption key for the first encryption algorithm is incorporated, by the licensing provider, in the computational component before the computational component is provided by the licensing provider to an enterprise.
  - 10. The method of claim 2, wherein the license file, the computational component'"'"'s signed digital certificate, and private key are installed on the computational component at least substantially simultaneously and wherein the signed digital certificate excludes an electronic address associated with the computational component.
  - 11. The method of claim 1, wherein the computational component is a first media server and is part of an enterprise network, the enterprise network comprising at least a second media server that is remote from the licensing provider and the first media server, and further comprising:
    - the first media server establishing a secure session with the second media server using at least the first media server'"'"'s certificate;
      
      the first media server creating a license file providing the second media server with a portion of at least one of a feature and capacity licensed to the enterprise by the license provider; and
      
      the first media server providing the license file to the second media server.
  - 12. The method of claim 11, wherein the license file provided by the licensing provider and the license file provided by the first media server are different and wherein a digital certificate and the public key of the second media server are included in the license file provided by the license provider.
  - 13. A computer readable medium comprising processor executable instructions for performing the steps of claim 1.

14. A system for licensing a computational component in a distributed processing network, comprising:
- a remote feature activation system that is spatially remote from the computational component and comprises a cryptographic mechanism generating agent, the cryptographic mechanism generating agent, with the cooperation of a logic circuit, being operable to;
  
  (a) assign a private and public key pair to the computational component;
  
  (b) create a digital certificate for the computational component, the digital certificate being signed with a private key of the cryptographic mechanism generating agent, the cryptographic mechanism generating agent'"'"'s private key being different from a computational component'"'"'s private key;
  
  (c) create a license file to be installed on the computational component;
  
  (d) incorporate the private key of the computational component in the license file for delivery with the license file; and
  
  (e) transmit the license file, including the private key of the computational component, and the computational component'"'"'s signed digital certificate to the computational component, wherein the license file also includes an indication of a maximum number of computational components, and this maximum number corresponds to a number of certificates in the license file.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The system of claim 14, wherein the license file includes the computational component'"'"'s signed digital certificate and wherein an expiration date of the certificate is the same as an expiration date of the license.
  - 16. The system of claim 15, wherein the private key is encrypted with a first cryptographic algorithm and included in the license file in encrypted form and wherein the encrypted private key and license file are encrypted, before transmission, with a different second cryptographic algorithm and transmitted in encrypted form.
  - 17. The system of claim 16, wherein a first encryption key for the first encryption algorithm is incorporated, by the remote feature activation system, in the computational component before the computational component is provided by the cryptographic mechanism generating agent to an enterprise.
  - 18. The system of claim 14, wherein the remote feature activation system is the issuing authority, wherein the root certificate is issued and signed by the remote feature activation system, and wherein the computational component'"'"'s digital certificate comprises a license identifier to allow identification of the computational component.
  - 19. The system of claim 14, wherein the computational component is a first media server and is part of an enterprise network, the enterprise network comprising at least a second media server that is remote from the remote feature activation system and the first media server, and wherein the first media server is operable to:
    - (a) establish a secure session with the second media server using at least the first media server'"'"'s certificate;
      
      (b) create an allocation license file providing the second media server with a portion of at least one of a feature and capacity licensed to the enterprise by the license provider; and
      
      (c) provide the allocation license file to the second media server.
  - 20. The system of claim 19, wherein the license file provided by the remote feature activation system and the allocation license file are different and wherein a digital certificate and public key of the second media server are not included in the license file provided by the license provider.
  - 21. The system of claim 14, wherein the license file, the computational component'"'"'s signed digital certificate, and private key are transmitted to the computational component at least substantially simultaneously.
  - 22. The system of claim 14, wherein the license file, the computational component'"'"'s signed digital certificate, and private key are installed on the computational component at least substantially simultaneously and wherein the signed digital certificate excludes an electronic address associated with the computational component.
  - 23. The system of claim 14, wherein the computational component stores the license file in a first memory location different from a second memory location containing the private key.

24. A method, comprising:
- assigning, by a manufacturer of a computational component, a private and public key pair to the computational component, the computational component now being located in an enterprise network of a purchaser of the computational component;
  
  creating, by the manufacturer, a license file to be installed on the computational component;
  
  transmitting, by the manufacturer, over an untrusted network, and to the enterprise network, the license file and private key, the private key being encrypted with a first encryption key associated with a first encryption algorithm, wherein the license file also includes an indication of a maximum number of computational components, and this maximum number corresponds to a number of certificates in the license file.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24, wherein the license file includes the private key in the encrypted form, wherein the license file includes a digital certificate for the computational component, the digital certificate being signed with a private key of the manufacturer, the manufacturer'"'"'s private key being different from the computational component'"'"'s private key, and wherein the license file, encrypted private key, and digital certificate are encrypted with a second encryption key and second encryption algorithm, the first and second encryption keys and first and second encryption algorithms being different.
  - 26. The method of claim 25, wherein an expiration date of the certificate is the same as an expiration date of the license and wherein the certificate is generated before a cryptographic mechanism generating agent associated with the manufacturer is aware of the computational component'"'"'s electronic address.
  - 27. The method of claim 25, wherein the first encryption key for the first encryption algorithm is incorporated, by the manufacturer, in the computational component before the computational component is provided by the manufacturer to an enterprise associated with the enterprise network, and further comprising:
    - the computational component determining whether the license file is valid; and
      
      when the license file is valid, the computational component decrypting the private key using the first encryption algorithm; and
      
      when the license file is invalid, the computational component not decrypting the private key using the first encryption algorithm, wherein the license file is stored by the computational component in a first location in memory different from a second location in memory containing the private key.
  - 28. The method of claim 25, wherein the license file, the computational component'"'"'s signed digital certificate, and private key are installed on the computational component at least substantially simultaneously and wherein the signed digital certificate excludes an electronic address associated with the computational component.
  - 29. The method of claim 24, wherein the computational component is a first media server, wherein the enterprise network comprises at least a second media server that is remote from the manufacturer and the first media server, and wherein the license file comprises a first digital certificate for the first media server and a different second digital certificate for the second media server and further comprising:
    - the first media server receiving authentication information corresponding to the second media server;
      
      the first media server receiving a certificate request from the second media server;
      
      the first media server authenticating the second media server; and
      
      when the authentication is successful, the first media server providing the second digital certificate to the second media server.
  - 30. A computer readable medium comprising processor executable instructions for performing the steps of claim 24.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Serkowski, Robert J., Walker, William T., Robinson, Richard L.
Primary Examiner(s)
Cervetti; David Garcia

Application Number

US10/956,861
Time in Patent Office

2,098 Days
Field of Search

713156-158, 713/165, 713/175, 713/180, 726/29, 705/59
US Class Current

713/156
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2151   Time stamp

H04L 2209/60   Digital content management,...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/3265   using certificate chains, t...

Certificate distribution via license files

First Claim

24 Assignments

0 Petitions

Accused Products

Abstract

302 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Certificate distribution via license files

First Claim

24 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

302 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links