Secure license management

US 7,818,585 B2
Filed: 12/22/2004
Issued: 10/19/2010
Est. Priority Date: 12/22/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a request from a host computer to transfer a license manager and one or more software applications to the host computer, the license manager for managing a use of the one or more software programs by enforcing conditions of use as defined by a license associated with each software program;

sending a challenge message to the host computer based on receiving the request, the challenge message requesting transmission of signed system configuration data from the host computer;

receiving from the host computer, in response to the challenge message, the signed system configuration data and a public part of an external key generated at the host computer, the signed system configuration data including metrics taken from hardware and software components of the host computer that reflect how the host computer is configured;

verifying the metrics against known trusted data; and

when the known trusted data verifies the metrics;

generating a set of unique internal keys specific to each different installation of the license manager,encrypting the license manager based on the set of unique internal keys, the license manager being partitioned into a dynamic data section, a static code section, and a metadata section for storing metadata about the license manager,storing the set of unique internal keys in a key container, wherein the key container further comprises a certificate obtained by a certifying agency and used for authenticating the static code section of the license manager,encrypting the key container based on the external key generated at the host computer, andsending the encrypted license manager and the encrypted key container to the host computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer program products for secure license management. A host computer runs in a trusted state. A license manager is installed on the host computer. The license manager is configured to provide access to one or more software programs. The one or more software programs are accessible only through the license manager. The license manager is bound to the trusted state of the host computer, such that if the trusted state ceases to exist, then the license manager is not executable and the one or more software programs are not accessible. The host computer can be a TCPA (Trusted Computing Platform Alliance) enabled computer.

35 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving a request from a host computer to transfer a license manager and one or more software applications to the host computer, the license manager for managing a use of the one or more software programs by enforcing conditions of use as defined by a license associated with each software program;
  
  sending a challenge message to the host computer based on receiving the request, the challenge message requesting transmission of signed system configuration data from the host computer;
  
  receiving from the host computer, in response to the challenge message, the signed system configuration data and a public part of an external key generated at the host computer, the signed system configuration data including metrics taken from hardware and software components of the host computer that reflect how the host computer is configured;
  
  verifying the metrics against known trusted data; and
  
  when the known trusted data verifies the metrics;
  
  generating a set of unique internal keys specific to each different installation of the license manager,encrypting the license manager based on the set of unique internal keys, the license manager being partitioned into a dynamic data section, a static code section, and a metadata section for storing metadata about the license manager,storing the set of unique internal keys in a key container, wherein the key container further comprises a certificate obtained by a certifying agency and used for authenticating the static code section of the license manager,encrypting the key container based on the external key generated at the host computer, andsending the encrypted license manager and the encrypted key container to the host computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 19)
- - 2. The method of claim 1,wherein encrypting the license manager based on the set of unique internal keys comprises encrypting each partition of the license manager with a different internal key from the set of unique internal keys,wherein the set of unique internal keys further comprises a data key for encrypting the dynamic data section of the license manager, and a code key for encrypting the static code section of the license manager, andwherein the external key is an asymmetric key, and the data key and code key are asymmetric keys.
  - 3. The method of claim 1, wherein the metadata section comprises information identifying the one or more software programs managed by the license manager and identifying authorized users of the one or more software programs.
  - 4. The method of claim 1, wherein the dynamic data section comprises a counter value that counts a quantity of times each of the one or more software applications has been executed.
  - 5. The method of claim 1, wherein the static code section comprises configuration data that indicates which network port and which host address will be used by the license manager.
  - 6. The method of claim 1, wherein the system configuration data is generated by a Core Root of Trust for Measurement (CRTM) component of the host computer.
  - 7. The method of claim 1, wherein the host computer is a Trusted Computing Platform Alliance (TCPA) enabled computer.
  - 19. The computer-implemented method of claim 1, wherein the static code section comprises a subsection to store the software program code and another subsection to store the license manager configuration data.

8. A machine-readable storage device encoded with a computer program, the computer program comprising instructions that, when executed, operate to cause a computer to perform operations comprising:
- receiving a request from a host computer to transfer a license manager and one or more software applications to the host computer, the license manager for managing a use of the one or more software programs by enforcing conditions of use as defined by a license associated with each software program;
  
  sending a challenge message to the host computer based on receiving the request, the challenge message requesting transmission of signed system configuration data from the host computer;
  
  receiving from the host computer, in response to the challenge message, the signed system configuration data and a public part of an external key generated at the host computer, the signed system configuration data including metrics taken from hardware and software components of the host computer that reflect how the host computer is configured;
  
  verifying the metrics against known trusted data; and
  
  when the known trusted data verifies the metrics;
  
  generating a set of unique internal keys specific to each different installation of the license manager,encrypting the license manager based on the set of unique internal keys, the license manager being partitioned into a dynamic data section, a static code section, and a metadata section for storing metadata about the license manager,storing the set of unique internal keys in a key container,encrypting the key container based on the external key generated at the host computer, wherein the key container further comprises a certificate obtained by a certifying agency and used for authenticating the static code section of the license manager, andsending the encrypted license manager and the encrypted key container to the host computer.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 20)
- - 9. The machine-readable storage device of claim 8,wherein encrypting the license manager based on the set of unique internal keys comprises encrypting each partition of the license manager with a different internal key from the set of unique internal keys,wherein the set of unique internal keys further comprises a data key for encrypting the dynamic data section of the license manager, and a code key for encrypting the static code section of the license manager, andwherein the external key is an asymmetric key, and the data key and code key are symmetric keys.
  - 10. The machine-readable storage device of claim 8, wherein the metadata section comprises information identifying the one or more software programs managed by the license manager and identifying authorized users of the one or more software programs.
  - 11. The machine-readable storage device of claim 8, wherein the dynamic data section comprises a counter value that counts a quantity of times each of the one or more software applications has been executed.
  - 12. The machine-readable storage device of claim 8, wherein the static code section comprises configuration data that indicates which network port and which host address will be used by the license manager.
  - 13. The machine-readable storage device of claim 8, wherein the system configuration data is generated by a Core Root of Trust for Measurement (CRTM) component of the host computer.
  - 14. The machine-readable storage device of claim 8, wherein the host computer is a Trusted Computing Platform Alliance (TCPA) enabled computer.
  - 20. The machine-readable storage device of claim 8, wherein the static code section comprises a subsection to store the software program code and another subsection to store the license manager configuration data.

15. A system comprising:
- one or more computers;
  
  a computer-readable medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, causes the one or more computers to perform operations comprising;
  
  receiving a request from a host computer to transfer a license manager and one or more software applications to the host computer, the license manager for managing a use of the one or more software programs by enforcing conditions of use as defined by a license associated with each software program,sending a challenge message to the host computer based on receiving the request, the challenge message requesting transmission of signed system configuration data from the host computer,receiving from the host computer, in response to the challenge message, the signed system configuration data and a public part of an external key generated at the host computer, the signed system configuration data including metrics taken from hardware and software components of the host computer that reflect how the host computer is configured,verifying the metrics against known trusted data, andwhen the known trusted data verifies the metrics;
  
  generating a set of unique internal keys specific to each different installation of the license manager,encrypting the license manager based on the set of unique internal keys, the license manager being partitioned into a dynamic data section, a static code section, and a metadata section for storing metadata about the license manager,storing the set of unique internal keys in a key container, wherein the key container further comprises a certificate obtained by a certifying agency and used for authenticating the static code section of the license manager,encrypting the key container based on the external key generated at the host computer, andsending the encrypted license manager and the encrypted key container to the host computer.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15,wherein encrypting the license manager based on the set of unique internal keys comprises encrypting each partition of the license manager with a different internal key from the set of unique internal keys,wherein the set of unique internal keys further comprises a data key for encrypting the dynamic data section of the license manager, and a code key for encrypting the static code section of the license manager, andwherein the external key is an asymmetric key, and the data key and code key are asymmetric keys.
  - 17. The system of claim 15, wherein the metadata section comprises information identifying the one or more software programs managed by the license manager and identifying authorized users of the one or more software programs.
  - 18. The system of claim 15, wherein the dynamic data section comprises a counter value that counts a quantity of times each of the one or more software applications has been executed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Kuemmerle, Jan, Kilian-Kehr, Roger
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Okeke; Izunna

Application Number

US11/020,386
Publication Number

US 20060137022A1
Time in Patent Office

2,127 Days
Field of Search

713/193, 713/194, 713/190, 713/100, 713/2, 705/57, 705/58, 705/59, 726/26, 726/27, 726/28, 726/31, 380/284, 380/285
US Class Current

713/193
CPC Class Codes

G06F 21/10 Protecting distributed prog...

Secure license management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure license management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links