WO2009061171A2 - Secure software licensing control mechanism - Google Patents

Secure software licensing control mechanism Download PDF

Info

Publication number
WO2009061171A2
WO2009061171A2 PCT/MY2008/000132 MY2008000132W WO2009061171A2 WO 2009061171 A2 WO2009061171 A2 WO 2009061171A2 MY 2008000132 W MY2008000132 W MY 2008000132W WO 2009061171 A2 WO2009061171 A2 WO 2009061171A2
Authority
WO
WIPO (PCT)
Prior art keywords
software
license code
smart card
user
licensed
Prior art date
Application number
PCT/MY2008/000132
Other languages
French (fr)
Other versions
WO2009061171A3 (en
Inventor
Kang Siong Ng
Fui Bee Tan
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2009061171A2 publication Critical patent/WO2009061171A2/en
Publication of WO2009061171A3 publication Critical patent/WO2009061171A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present invention relates to a control mechanism of licensed software. More particularly, the present invention relates to a system and method for protecting licensed software applications within a computer system from piracy.
  • Piracy of digital content such as software and any content of any kind that is digitally stored and distributed is getting more prevalent nowadays.
  • a mechanism for software licensing control is required.
  • the purpose of software licensing control is to make sure that only users that have purchased the software is capable of using the software.
  • license key is fixed or depending on the combination of username and organization data provided by the end user.
  • U.S. Patent No. 7,200,760 describes a data encryption/decryption system where a user must obtain a license key in order to decrypt the critical data elements before the software program can use them.
  • the data elements can be chosen such that their contents provide a control mechanism for the correct operation of the executable software program.
  • the system allows for the inclusion of different data elements with or within a single version of the software program. However, this method can be easily cracked if the algorithm to derive the license key is known.
  • U.S Patent No. 7,174,568 describes a product distribution and payment system for limited use or otherwise restricted digital software products which is made available to customers through a detachable local storage medium, such as a DVD or CD- ROM disc, or over a network connection.
  • the software product may comprise a limited use product that is restricted in the number of plays or duration of use and the end user is allowed to download and purchase the product using his computer or playback console. When the preset time or number of plays has elapsed the software program is frozen and access to the program is not allowed.
  • a two-way, public key/private key encryption system is implemented to transmit the product and usage information between the server providing the software product and the customer computer system.
  • this method allows the system to provide a machine dependent control but not a user dependent control.
  • the present invention is directed to overcoming one or more of the problems due to the limitations and disadvantages of the related arts.
  • At least one of the above and other objects may be realized by providing a system and method for protecting a licensed software application from piracy within a computer system by using a smart card and license code.
  • the system for protecting a licensed software application comprises a smart card containing a digital certificate and a private key, a licensed software containing a software module for authentication, a registration software running on a registration server and a license code generator which is running on a software vendor server for license code generation and encryption.
  • the method comprises the steps of determining the presence of a license code, decrypting the license code using user's private key from the smart card, verifying a digital signature in the license code, and checking the expiry date of the software for execution of the software application. If the license code is not available, the method further requires the user to use certificate-based-login to a website and register using the smart card that is provided by the software vendor. Subsequently, user's information and certificate is sent through a secure channel to the vendor's server and server side application digitally signs the program license expiry date and encrypt with recipient public key. Then, the license code is sent back to the user and the decryption and verification process of the digital signature repeats.
  • Fig. 1 illustrates a system for protecting licensed software applications from piracy within a computer system using a license code and a smart card according to the present invention
  • Fig. 2 illustrates a diagram flow of a method for protecting licensed software applications from piracy within a computer system according to the present invention.
  • a system for protecting licensed software applications 31 within a computer system from piracy comprises of:
  • a smart card 32 containing a user digital certificate and a private key to decrypt license code sent by software vendor;
  • a licensed software 31 installed in a computer 30 wherein the licensed software 31 contains a software module 33 which communicates with the smart card 32 in the authentication process;
  • a registration software 11 running on a registration server 10 wherein the registration software 11 interacts with.
  • the software module 33 through digital certificate based mutual authentication;
  • a license code generator 21 running on a software vendor server 20 for license code generation and encryption.
  • the software module 33 communicates with the smart card 32 to decrypt the license code and to verify the digital signature in the license code to check the expiry date of the software 31.
  • the license code is decrypted using a private key in the smart card 32. Once the date has been verified, the software 33 is allowed to execute. If the software module 33 does not find the license code, the user has to use certificate-based-login to a website and register using the smart card 32 that is provided by the software vendor.
  • the registration software 11 interacts with software module 33 via digital certificate based mutual authentication. User's digital certificate is used by the registration software 11 to gather information about the user. For this, the private key within smart card 32 is required in the process of digital certificate based authentication.
  • the user's digital certificate is sent to license code generator 21 which further digitally signs the software license expiry date, generates license code for the user and encrypts the license code using public key extracted from the user's digital certificate forwarded by the registration software 11.
  • the encrypted license code is sent by the license code generator 21 to the software module 33 and is further sent to the smart card 32 for decryption.
  • the software module 33 sends the encrypted license code to smart card 32 directly without communicating with either the registration server 10 or software vendor server 20.
  • the software module 33 Upon successful decryption, the software module 33 allows the software 31 to run.

Abstract

The present invention relates to a system and method for protecting a licensed software application (31) from piracy within a computer system by using a smart card (32) and a license code. The system for protecting a licensed software application (31) comprises a smart card (32), a licensed software (31), a registration software (11 ) running on a registration server (10) and a license code generator (21). Meanwhile, the method comprises the steps of determining the presence of a license code, decrypting the license code using user's private key from the smart card (32), verifying a digital signature in the license code, and checking the expiry date of the software (31) for execution of the software application. If the license code is not available, the method further requires the user to use certificate-based-login to a website and register using the smart card (32) that is provided by the software vendor. Subsequently, user's information and certificate is sent through a secure channel to the vendor's server and server side application digitally signs the program license expiry date and encrypt with recipient public key. Then, the license code is sent back to the user and the decryption and verification process of the digital signature repeats.

Description

SECURE SOFTWARE LICENSING CONTROL MECHANISM
The present invention relates to a control mechanism of licensed software. More particularly, the present invention relates to a system and method for protecting licensed software applications within a computer system from piracy.
BACKGROUND TO THE INVENTION
Piracy of digital content such as software and any content of any kind that is digitally stored and distributed is getting more prevalent nowadays. In order to curb the piracy of software and to sustain the business model of charging customers based on number of software installed, a mechanism for software licensing control is required. The purpose of software licensing control is to make sure that only users that have purchased the software is capable of using the software.
One of the most common license control mechanism is based on license key. Most of the time, the license key is fixed or depending on the combination of username and organization data provided by the end user. U.S. Patent No. 7,200,760 describes a data encryption/decryption system where a user must obtain a license key in order to decrypt the critical data elements before the software program can use them. The data elements can be chosen such that their contents provide a control mechanism for the correct operation of the executable software program. The system allows for the inclusion of different data elements with or within a single version of the software program. However, this method can be easily cracked if the algorithm to derive the license key is known.
Another method is based on having an external hardware or token connected to the computer via parallel port, COM port or USB. U.S Patent No. 7,174,568 describes a product distribution and payment system for limited use or otherwise restricted digital software products which is made available to customers through a detachable local storage medium, such as a DVD or CD- ROM disc, or over a network connection. The software product may comprise a limited use product that is restricted in the number of plays or duration of use and the end user is allowed to download and purchase the product using his computer or playback console. When the preset time or number of plays has elapsed the software program is frozen and access to the program is not allowed. In one embodiment of the present invention, a two-way, public key/private key encryption system is implemented to transmit the product and usage information between the server providing the software product and the customer computer system. However, this method allows the system to provide a machine dependent control but not a user dependent control.
SUMMARY OF THE INVENTION
The present invention is directed to overcoming one or more of the problems due to the limitations and disadvantages of the related arts.
It is an object of the present invention to provide a secure software licensing control mechanism.
At least one of the above and other objects may be realized by providing a system and method for protecting a licensed software application from piracy within a computer system by using a smart card and license code. The system for protecting a licensed software application comprises a smart card containing a digital certificate and a private key, a licensed software containing a software module for authentication, a registration software running on a registration server and a license code generator which is running on a software vendor server for license code generation and encryption.
Meanwhile, the method comprises the steps of determining the presence of a license code, decrypting the license code using user's private key from the smart card, verifying a digital signature in the license code, and checking the expiry date of the software for execution of the software application. If the license code is not available, the method further requires the user to use certificate-based-login to a website and register using the smart card that is provided by the software vendor. Subsequently, user's information and certificate is sent through a secure channel to the vendor's server and server side application digitally signs the program license expiry date and encrypt with recipient public key. Then, the license code is sent back to the user and the decryption and verification process of the digital signature repeats.
It is an advantage of the present invention to provide flexibility by allowing software companies to implement user dependent license control.
It is another advantage of the present invention to implement an asymmetric algorithm instead of symmetric algorithm used by a token which makes a license code unique for the user and therefore the software cannot activated by a different user.
These and other aspects, objects, features and advantages of the present invention will be more clearly understood and appreciated from a review of the following detailed description of the preferred embodiment and appended claims, and by reference to the accompanying drawings.
BRIEF DESCRtPTION OF THE DRAWINGS
The specific features, aspects, and advantages of the present invention will become better understood with regard to the following description, appended claims, and accompanying drawings where:
Fig. 1 illustrates a system for protecting licensed software applications from piracy within a computer system using a license code and a smart card according to the present invention; and
Fig. 2 illustrates a diagram flow of a method for protecting licensed software applications from piracy within a computer system according to the present invention. DETAILED DESCRIPTION OF THE INVENTION
In the following description of the preferred embodiments of the present invention, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific embodiments in which the invention may be practiced. It is understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the present invention.
Referring to Fig. 1, a system for protecting licensed software applications 31 within a computer system from piracy according to the present invention comprises of:
a smart card 32 containing a user digital certificate and a private key to decrypt license code sent by software vendor;
a licensed software 31 installed in a computer 30 wherein the licensed software 31 contains a software module 33 which communicates with the smart card 32 in the authentication process;
a registration software 11 running on a registration server 10 wherein the registration software 11 interacts with. the software module 33 through digital certificate based mutual authentication; and
a license code generator 21 running on a software vendor server 20 for license code generation and encryption.
In Fig. 2, when a user executes the licensed software 31, the software module 33 communicates with the smart card 32 to decrypt the license code and to verify the digital signature in the license code to check the expiry date of the software 31. The license code is decrypted using a private key in the smart card 32. Once the date has been verified, the software 33 is allowed to execute. If the software module 33 does not find the license code, the user has to use certificate-based-login to a website and register using the smart card 32 that is provided by the software vendor. The registration software 11 interacts with software module 33 via digital certificate based mutual authentication. User's digital certificate is used by the registration software 11 to gather information about the user. For this, the private key within smart card 32 is required in the process of digital certificate based authentication. Upon successful registration, the user's digital certificate is sent to license code generator 21 which further digitally signs the software license expiry date, generates license code for the user and encrypts the license code using public key extracted from the user's digital certificate forwarded by the registration software 11.
The encrypted license code is sent by the license code generator 21 to the software module 33 and is further sent to the smart card 32 for decryption. Once the encrypted license code is available in the computer 30, the software module 33 sends the encrypted license code to smart card 32 directly without communicating with either the registration server 10 or software vendor server 20. Upon successful decryption, the software module 33 allows the software 31 to run.

Claims

1. A system for protecting licensed software applications (31) within a computer system from piracy by providing a software module (33) prompting for user's authorization information during execution of the licensed software application (31), comprising:
a smart card (32) containing user digital certificate and a private key to decrypt license code sent by a software vendor;
a licensed software (31) installed in a computer (30), said licensed software (31) containing a software module (33) which communicates with the smart card (32) for authentication;
a registration software (11) running on a registration server (10), said registration software (11) interacts with the software module (33) through digital certificate based mutual authentication; and
a license code generator (21 ) running on a software vendor server (20) for license code generation and encryption.
2. A method for protecting a licensed software application (31 ) from piracy within a computer system by providing a software module (33) prompting for user's authorization information during execution of the licensed software application (31), wherein said authorization information is a private key stored in a smart card (32) and a license code is provided in the licensed software (31), whereby if the said license code is present, the following steps are executed:
(i) decrypting the license code using a private key stored in the smart card (32);
(ii) verifying a digital signature in the license code; and (iii) checking the date of expiry of the licensed software (31), wherein the licensed software is executed if the date is not expired,
whereby if the said license code is not present, then following steps are executed:
(iv) registering a user using certificate-based-login to a website to obtain a digital certificate using the private key stored in smart card (32);
(v) sending the digital certificate to a license code generator (21) together with encrypting the license code using public key extracted from the user's digital certificate forwarded by a registration software (11); and
(vi) sending the encrypted license code to the smart card (32) for decryption, whereby the software (31) is executed by the software module (33) after decryption.
3. A method according to claim 2, wherein the digital certificate of step (iv) is used by registration software (11) to gather information on the user.
4. A method according to claim 2, wherein the license code generator (21) of step (v) digitally signs a date of expiry for the licensed software (31) and encrypts the license code using the digital certificate forwarded by the registration software (11).
5. A method according to claim 2, wherein the encrypted license code of step (vi) can only be decrypted using a matching private key stored in the smart card (32).
6. A method according to claim 2, wherein the software module (33) of step (vi) sends the encrypted license code to the smart card (32) without communicating with the registration server (10) or with the software vendor server (20).
PCT/MY2008/000132 2007-11-09 2008-11-10 Secure software licensing control mechanism WO2009061171A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI20071944 MY146126A (en) 2007-11-09 2007-11-09 Secure software licensing control mechanism
MYPI20071944 2007-11-09

Publications (2)

Publication Number Publication Date
WO2009061171A2 true WO2009061171A2 (en) 2009-05-14
WO2009061171A3 WO2009061171A3 (en) 2009-10-15

Family

ID=40626360

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2008/000132 WO2009061171A2 (en) 2007-11-09 2008-11-10 Secure software licensing control mechanism

Country Status (2)

Country Link
MY (1) MY146126A (en)
WO (1) WO2009061171A2 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108268767A (en) * 2016-12-30 2018-07-10 北京国双科技有限公司 Web application authorization method and device
CN110796220A (en) * 2019-10-11 2020-02-14 北京如易行科技有限公司 Identification code sending system based on public transport
CN112579989A (en) * 2020-12-23 2021-03-30 杭州安司源科技有限公司 Anti-piracy method for network service software
CN113343212A (en) * 2021-06-25 2021-09-03 成都商汤科技有限公司 Device registration method and apparatus, electronic device, and storage medium
CN116415222A (en) * 2023-05-09 2023-07-11 南京中图数码科技有限公司 Authorization management method and system for cloud design platform of process industrial digital factory
WO2023174943A1 (en) * 2022-03-15 2023-09-21 Wibu-Systems Ag License binding of an application license to a device
CN110796220B (en) * 2019-10-11 2024-04-30 北京如易行科技有限公司 Public transportation-based identification code sending system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001001227A1 (en) * 1999-06-30 2001-01-04 Accenture Llp A system, method and article of manufacture for tracking software sale transactions of an internet-based retailer for reporting to a software publisher
US20010051996A1 (en) * 2000-02-18 2001-12-13 Cooper Robin Ross Network-based content distribution system
KR20030033863A (en) * 2001-10-25 2003-05-01 (주)엔라인시스템 The method and system of multistage user certification using active user-certifiable card of USB module type
EP1942392A1 (en) * 2001-03-28 2008-07-09 Macrovision Corporation Method, apparatus and optical medium for enabling playback of encrypted digital video on a plurality of playback devices having different security characteristics

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001001227A1 (en) * 1999-06-30 2001-01-04 Accenture Llp A system, method and article of manufacture for tracking software sale transactions of an internet-based retailer for reporting to a software publisher
US20010051996A1 (en) * 2000-02-18 2001-12-13 Cooper Robin Ross Network-based content distribution system
EP1942392A1 (en) * 2001-03-28 2008-07-09 Macrovision Corporation Method, apparatus and optical medium for enabling playback of encrypted digital video on a plurality of playback devices having different security characteristics
KR20030033863A (en) * 2001-10-25 2003-05-01 (주)엔라인시스템 The method and system of multistage user certification using active user-certifiable card of USB module type

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108268767A (en) * 2016-12-30 2018-07-10 北京国双科技有限公司 Web application authorization method and device
CN110796220A (en) * 2019-10-11 2020-02-14 北京如易行科技有限公司 Identification code sending system based on public transport
CN110796220B (en) * 2019-10-11 2024-04-30 北京如易行科技有限公司 Public transportation-based identification code sending system
CN112579989A (en) * 2020-12-23 2021-03-30 杭州安司源科技有限公司 Anti-piracy method for network service software
CN112579989B (en) * 2020-12-23 2022-06-24 杭州安司源科技有限公司 Anti-piracy method for network service software
CN113343212A (en) * 2021-06-25 2021-09-03 成都商汤科技有限公司 Device registration method and apparatus, electronic device, and storage medium
WO2023174943A1 (en) * 2022-03-15 2023-09-21 Wibu-Systems Ag License binding of an application license to a device
CN116415222A (en) * 2023-05-09 2023-07-11 南京中图数码科技有限公司 Authorization management method and system for cloud design platform of process industrial digital factory
CN116415222B (en) * 2023-05-09 2023-10-20 南京中图数码科技有限公司 Authorization management method and system for cloud design platform of process industrial digital factory

Also Published As

Publication number Publication date
WO2009061171A3 (en) 2009-10-15
MY146126A (en) 2012-06-29

Similar Documents

Publication Publication Date Title
US6233567B1 (en) Method and apparatus for software licensing electronically distributed programs
US5864620A (en) Method and system for controlling distribution of software in a multitiered distribution chain
US7742992B2 (en) Delivery of a secure software license for a software product and a toolset for creating the software product
US7124443B2 (en) Information transaction system
US6195432B1 (en) Software distribution system and software utilization scheme for improving security and user convenience
KR100912276B1 (en) Electronic Software Distribution Method and System Using a Digital Rights Management Method Based on Hardware Identification
EP1253741B1 (en) Method and system for generation and management of secret key of public key cryptosystem
CA2212813C (en) Method and apparatus for cryptographically protecting data
CN101689237B (en) Activation system architecture
US6308266B1 (en) System and method for enabling different grades of cryptography strength in a product
US8646091B2 (en) Digital software license procurement
US20110296175A1 (en) Systems and methods for software license distribution using asymmetric key cryptography
CN107146120B (en) Electronic invoice generation method and generation device
US20040088541A1 (en) Digital-rights management system
CN101512536A (en) System and method for authenticating a gaming device
KR100502580B1 (en) Method for distrubution of copyright protected digital contents
JP2001175468A (en) Method and device for controlling use of software
Aura et al. Software License Management with Smart Cards.
JPH1131130A (en) Service providing device
US6651169B1 (en) Protection of software using a challenge-response protocol embedded in the software
WO2009061171A2 (en) Secure software licensing control mechanism
EP1471405A1 (en) Method and device for protecting information against unauthorised use
KR101858562B1 (en) Security system for selling and using e-training contents
US7895449B2 (en) System and method for securely delivering installation keys to a production facility
JP2004297550A (en) Content management system and content distribution system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08846314

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08846314

Country of ref document: EP

Kind code of ref document: A2