Secure license management
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving a request from a host computer to transfer a license manager and one or more software applications to the host computer, the license manager for managing a use of the one or more software programs by enforcing conditions of use as defined by a license associated with each software program;
sending a challenge message to the host computer based on receiving the request, the challenge message requesting transmission of signed system configuration data from the host computer;
receiving from the host computer, in response to the challenge message, the signed system configuration data and a public part of an external key generated at the host computer, the signed system configuration data including metrics taken from hardware and software components of the host computer that reflect how the host computer is configured;
verifying the metrics against known trusted data; and
when the known trusted data verifies the metrics;
generating a set of unique internal keys specific to each different installation of the license manager,encrypting the license manager based on the set of unique internal keys, the license manager being partitioned into a dynamic data section, a static code section, and a metadata section for storing metadata about the license manager,storing the set of unique internal keys in a key container, wherein the key container further comprises a certificate obtained by a certifying agency and used for authenticating the static code section of the license manager,encrypting the key container based on the external key generated at the host computer, andsending the encrypted license manager and the encrypted key container to the host computer.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer program products for secure license management. A host computer runs in a trusted state. A license manager is installed on the host computer. The license manager is configured to provide access to one or more software programs. The one or more software programs are accessible only through the license manager. The license manager is bound to the trusted state of the host computer, such that if the trusted state ceases to exist, then the license manager is not executable and the one or more software programs are not accessible. The host computer can be a TCPA (Trusted Computing Platform Alliance) enabled computer.
35 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving a request from a host computer to transfer a license manager and one or more software applications to the host computer, the license manager for managing a use of the one or more software programs by enforcing conditions of use as defined by a license associated with each software program; sending a challenge message to the host computer based on receiving the request, the challenge message requesting transmission of signed system configuration data from the host computer; receiving from the host computer, in response to the challenge message, the signed system configuration data and a public part of an external key generated at the host computer, the signed system configuration data including metrics taken from hardware and software components of the host computer that reflect how the host computer is configured; verifying the metrics against known trusted data; and when the known trusted data verifies the metrics; generating a set of unique internal keys specific to each different installation of the license manager, encrypting the license manager based on the set of unique internal keys, the license manager being partitioned into a dynamic data section, a static code section, and a metadata section for storing metadata about the license manager, storing the set of unique internal keys in a key container, wherein the key container further comprises a certificate obtained by a certifying agency and used for authenticating the static code section of the license manager, encrypting the key container based on the external key generated at the host computer, and sending the encrypted license manager and the encrypted key container to the host computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19)
-
-
8. A machine-readable storage device encoded with a computer program, the computer program comprising instructions that, when executed, operate to cause a computer to perform operations comprising:
-
receiving a request from a host computer to transfer a license manager and one or more software applications to the host computer, the license manager for managing a use of the one or more software programs by enforcing conditions of use as defined by a license associated with each software program; sending a challenge message to the host computer based on receiving the request, the challenge message requesting transmission of signed system configuration data from the host computer; receiving from the host computer, in response to the challenge message, the signed system configuration data and a public part of an external key generated at the host computer, the signed system configuration data including metrics taken from hardware and software components of the host computer that reflect how the host computer is configured; verifying the metrics against known trusted data; and when the known trusted data verifies the metrics; generating a set of unique internal keys specific to each different installation of the license manager, encrypting the license manager based on the set of unique internal keys, the license manager being partitioned into a dynamic data section, a static code section, and a metadata section for storing metadata about the license manager, storing the set of unique internal keys in a key container, encrypting the key container based on the external key generated at the host computer, wherein the key container further comprises a certificate obtained by a certifying agency and used for authenticating the static code section of the license manager, and sending the encrypted license manager and the encrypted key container to the host computer. - View Dependent Claims (9, 10, 11, 12, 13, 14, 20)
-
-
15. A system comprising:
-
one or more computers; a computer-readable medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, causes the one or more computers to perform operations comprising; receiving a request from a host computer to transfer a license manager and one or more software applications to the host computer, the license manager for managing a use of the one or more software programs by enforcing conditions of use as defined by a license associated with each software program, sending a challenge message to the host computer based on receiving the request, the challenge message requesting transmission of signed system configuration data from the host computer, receiving from the host computer, in response to the challenge message, the signed system configuration data and a public part of an external key generated at the host computer, the signed system configuration data including metrics taken from hardware and software components of the host computer that reflect how the host computer is configured, verifying the metrics against known trusted data, and when the known trusted data verifies the metrics; generating a set of unique internal keys specific to each different installation of the license manager, encrypting the license manager based on the set of unique internal keys, the license manager being partitioned into a dynamic data section, a static code section, and a metadata section for storing metadata about the license manager, storing the set of unique internal keys in a key container, wherein the key container further comprises a certificate obtained by a certifying agency and used for authenticating the static code section of the license manager, encrypting the key container based on the external key generated at the host computer, and sending the encrypted license manager and the encrypted key container to the host computer. - View Dependent Claims (16, 17, 18)
-
Specification