Activation system architecture
First Claim
Patent Images
1. A computing device comprising:
- a trusted microchip having a private key;
at least one processing device; and
at least one hardware computer-readable storage media comprising executable instructions that, when executed by the at least one processing device, cause the at least one processing device to;
obtain an entitlement certificate from an entitlement service server, the entitlement certificate including one or more entitlements describing license characteristics of a license for software, the entitlement certificate having a digital signature generated by the entitlement service server with an entitlement service private key;
verify the digital signature of the entitlement certificate using an entitlement service public key corresponding to the entitlement service private key;
after the digital signature of the entitlement certificate has been verified, send the entitlement certificate with the digital signature to a license service server other than the entitlement service server, the license service server generating the license based at least on the entitlement certificate, the license being signed using a license service private key other than the entitlement service private key;
receive the license from the license service server;
attempt verification of the license using a license service public key corresponding to the license service private key;
obtain encrypted binding data associated with the license and unencrypted binding data associated with the license;
provide the encrypted binding data to the trusted microchip and, in response, receive decrypted binding data from the trusted microchip;
perform a comparison of the decrypted binding data obtained from the trusted microchip to the unencrypted binding data associated with the license; and
prevent the software from executing on the computing device unless the verification of the license is successful and the comparison indicates that the decrypted binding data obtained from the trusted microchip matches the unencrypted binding data associated with the license,the trusted microchip being configured to;
use the private key to decrypt the encrypted binding data to derive the decrypted binding data; and
provide the decrypted binding data to the at least one processing device.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for generating a license for software installed on a device. An entitlement certificate is generated including one or more entitlements describing license characteristics of the software. The one or more entitlements are determined in accordance with first information about the software. The first information includes at least one of a purchase token and package information. A binding certificate in accordance with a binding type for the software is generated. A license in accordance with said binding certificate and said entitlement certificate is generated. The binding certificate identifies an entity to which the license is bound.
59 Citations
22 Claims
-
1. A computing device comprising:
-
a trusted microchip having a private key; at least one processing device; and at least one hardware computer-readable storage media comprising executable instructions that, when executed by the at least one processing device, cause the at least one processing device to; obtain an entitlement certificate from an entitlement service server, the entitlement certificate including one or more entitlements describing license characteristics of a license for software, the entitlement certificate having a digital signature generated by the entitlement service server with an entitlement service private key; verify the digital signature of the entitlement certificate using an entitlement service public key corresponding to the entitlement service private key; after the digital signature of the entitlement certificate has been verified, send the entitlement certificate with the digital signature to a license service server other than the entitlement service server, the license service server generating the license based at least on the entitlement certificate, the license being signed using a license service private key other than the entitlement service private key; receive the license from the license service server; attempt verification of the license using a license service public key corresponding to the license service private key; obtain encrypted binding data associated with the license and unencrypted binding data associated with the license; provide the encrypted binding data to the trusted microchip and, in response, receive decrypted binding data from the trusted microchip; perform a comparison of the decrypted binding data obtained from the trusted microchip to the unencrypted binding data associated with the license; and prevent the software from executing on the computing device unless the verification of the license is successful and the comparison indicates that the decrypted binding data obtained from the trusted microchip matches the unencrypted binding data associated with the license, the trusted microchip being configured to; use the private key to decrypt the encrypted binding data to derive the decrypted binding data; and provide the decrypted binding data to the at least one processing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method performed by a computing device, the method comprising:
-
by a processing device of the computing device; obtaining an entitlement certificate from an entitlement service server, the entitlement certificate including one or more entitlements describing license characteristics of a license for software and having a digital signature generated by the entitlement service server using an entitlement service private key; verifying the digital signature of the entitlement certificate using an entitlement service public key corresponding to the entitlement service private key; after the digital signature of the entitlement certificate has been verified, sending the entitlement certificate with the digital signature to a license service server other than the entitlement service server; obtaining a license from the license service server, the license being signed using a license service private key other than the entitlement service private key; obtaining encrypted binding data associated with the license and unencrypted binding data associated with the license; and providing the encrypted binding data to a trusted microchip of the computing device; by the trusted microchip, decrypting the encrypted binding data with a private key and outputting decrypted binding data to the processing device; and by the processing device; performing a comparison of the decrypted binding data obtained from the trusted microchip to the unencrypted binding data associated with the license; attempting verification of the license using a license service public key corresponding to the license service private key; and preventing the software from executing on the computing device unless the verification of the license is successful and the comparison indicates the decrypted binding data obtained from the trusted microchip matches the unencrypted binding data associated with the license. - View Dependent Claims (12, 13, 14)
-
-
15. A computing device comprising:
-
a processing device; and a trusted microchip having a private key, the processing device being configured to; obtain an entitlement certificate having a digital signature from an entitlement service server, the entitlement certificate indicating circumstances under which software may be executed on the computing device; verify the digital signature of the entitlement certificate using an entitlement service key; after verifying the digital signature of the entitlement certificate, send the entitlement certificate and the digital signature of the entitlement certificate to a license service server other than the entitlement service server; obtain a license from the license service server, the license service server generating the license based at least on the entitlement certificate, the license identifying the circumstances under which software may be executed on the computing device; obtain encrypted binding data associated with the license and unencrypted binding data associated with the license; provide the encrypted binding data to the trusted microchip and, in response, receive decrypted binding data from the trusted microchip; perform a comparison of the decrypted binding data obtained from the trusted microchip to the unencrypted binding data associated with the license; and enforce the license on the computing device by preventing the software from executing on the computing device unless the circumstances are met and the comparison indicates the decrypted binding data obtained from the trusted microchip matches the unencrypted binding data associated with the license, the trusted microchip being configured to use the private key to perform a decryption of the encrypted binding data and output the decrypted binding data to the processing device. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
Specification