WO2007123893A2 - Secure keys for software activation - Google Patents

Secure keys for software activation Download PDF

Info

Publication number
WO2007123893A2
WO2007123893A2 PCT/US2007/009350 US2007009350W WO2007123893A2 WO 2007123893 A2 WO2007123893 A2 WO 2007123893A2 US 2007009350 W US2007009350 W US 2007009350W WO 2007123893 A2 WO2007123893 A2 WO 2007123893A2
Authority
WO
WIPO (PCT)
Prior art keywords
software
key
digest
activation
activation key
Prior art date
Application number
PCT/US2007/009350
Other languages
French (fr)
Other versions
WO2007123893A3 (en
Inventor
Kevin L. Stern
Original Assignee
Tellabs-Operations, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tellabs-Operations, Inc. filed Critical Tellabs-Operations, Inc.
Publication of WO2007123893A2 publication Critical patent/WO2007123893A2/en
Publication of WO2007123893A3 publication Critical patent/WO2007123893A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1063Personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs

Definitions

  • the present invention relates generally to software activation and more specifically to secure generation and verification of keys for software feature activation.
  • Large software applications typically include multiple features that may be activated individually. This allows a software application manufacturer to offer a customizable software application by activating selected groupings of features.
  • One approach to selected feature activation includes the generation of keys by the software manufacturer that are created by applying a mathematical function to various customer defining data and activation data that identifies the feature or group of features to be activated. The customer then enters their data and the provided key to their copy of the software that verifies the key by applying this function to the customer-supplied data and comparing the result to the manufacturer-supplied key. Depending upon which feature data results in the manufacturer-supplied key, the software will know which feature to activate.
  • the present invention provides a secure method for generating and verifying keys to be utilized for software feature activation.
  • the method includes secure key generation by a software manufacturer and secure key verification by the end software-product that reveals to the software which features to activate. This ensures that any key which activates a feature in the software is generated by the software manufacturer.
  • a method of processing an activation key for software is provided. The method includes providing an activation key for the software. An original message digest is generated using the activation key and a digest function and a digital signature is created by encrypting the original message digest using a private key of a private key and public key pair. The digital signature and the activation key are then distributed to a customer for use in activating the software.
  • a method of activating software includes validating an activation key using the activation key, a digital signature, a digest function and a public key of a public key and private key pair, wherein the digital signature is generated from the activation key using the digest function and private key of the public key and private key pair.
  • the software is then activated when the activation key is validated.
  • validating the activation key includes decrypting the digital signature using the public key to reveal an original message digest and generating a comparison message digest using the activation key and the digest function. The activation key is validated when the comparison message digest and the revealed original message digest match.
  • the software is distributed in an inactivated state.
  • the software includes a validator configured to validate an activation key using the activation key, a digital signature, a digest function and a public key of a public key private key pair, wherein the digital signature is generated from the activation key using the digest function and private key of the public key and private key pair.
  • the software - A - also includes an activator configured to activate the software when the activation key is validated.
  • FIG. 1 is a schematic diagram of a system using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
  • FIG. 2 is a block diagram of a manufacturer's computer system in accordance with an exemplary embodiment of the present invention.
  • FIG. 3 is a block diagram of a customer's computer system in accordance with an exemplary embodiment of the present invention.
  • FIG. 4 is a sequence diagram of using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
  • FIG. 5 is a collaboration diagram for functional modules deployed on a manufacturers' s computer system for processing an activation key in accordance with an exemplary embodiment of the present invention.
  • FIG. 6 is a collaboration diagram for functional modules deployed on a customer computer system for activating software in accordance with an exemplary embodiment of the present invention.
  • FIG. 7 is a process flow diagram of a digital signature generation process for generating a digital signature for an activation key in accordance with an exemplary embodiment of the present invention.
  • FIG. 8 is a process flow diagram of a validation process that uses a digital signature to validate an activation key having feature data in accordance with an exemplary embodiment of the present invention.
  • FIG. 9 is a process flow diagram of a software feature enabling process used to enable software features using feature data from an activation key in accordance with an exemplary embodiment of the present invention.
  • FIG. 10 is a package diagram for software using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
  • FIG. 1 is a schematic diagram of a system using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
  • a manufacturer 100 or any other entity distributing software, creates an inactivated version of the software 102a, for distribution to one or more customers, or any entity using the software, such as customer 104.
  • the customer 104 obtains a copy of the inactivated software 102a and creates an activated version of the software 102b on a customer's computer system 106.
  • the inactivated software 102a may be obtained by the customer 104 using a variety of methods.
  • the inactivated software 102a may be received by the customer from a manufacturer's computer system 105 via a communications or computer network such as a wired communications network 108 or a wireless communication network 110.
  • the inactivated software 102a may also be delivered to the customer 104 via transportable memory media such as a disk 112 or a solid state memory device 114 or via other suitable means.
  • the manufacturer uses a private key 119 of a private/public key pair to create a digital signature 120 of a software activation key 122.
  • the digital signature 120 is verified by the inactivated software 102a using a public key 124 of the private/public key pair that is encoded within the inactivated software 102a before using the activation key 122 to enable specified features of the inactivated software 102a to become activated software 102b.
  • the manufacturer 100 can distribute software to a plurality of customers.
  • the customer 104 may receive inactivated software from a plurality of manufacturers.
  • software may be distributed for use or execution by any kind of data processing or computing device used by the customer, as exemplified by, but not limited to, mainframes, workstations, personal computers, personal digital assistants or other handheld computing devices.
  • FIG. 2 is a block diagram of a manufacturer's computer system 105 in accordance with an exemplary embodiment of the present invention.
  • the manufacturer's computer system 105 may be used by the manufacturer 100 to create the inactivated software 102a and the activation key 122 and digital signature 120 for delivery to the customer 104 (all of FIG. 1).
  • the manufacturer's computer system 105 includes a processor 200 coupled to a memory 202 via system bus 204.
  • the processor 200 is also coupled to external Input/Output (I/O) devices (not shown) via the system bus 204 and an I/O bus 205.
  • I/O Input/Output
  • a storage device 206 having computer system readable media is coupled to the processor 200 via a storage device controller 208 and the I/O bus 205 and the system bus 204.
  • the storage device 206 is used by the processor 200 to store and read data 210 and program instructions 212 used to implement the use of secure keys for software activation as described herein.
  • the processor 200 may be further coupled to an user input device 214 via an user input device controller 216 and the I/O bus 205 and the system bus 204.
  • the processor 200 may also be further coupled to an user output device 218 via an user output device controller 220 and the I/O bus 205 and the system bus 204.
  • a user such as the manufacturer 100 (of FIG. 1) may use the user input device 214 to input data into the manufacturer's computer system 105.
  • Exemplary user input devices include, but are not limited to, keyboards, key pads, touchscreens and various pointing devices.
  • the manufacturer's computer system 105 may in turn, use the user output device 218 to output data to be used by the user.
  • Exemplary user output devices include, but are not limited to, CRT, LCD, and plasma display monitors.
  • the processor 200 may be further coupled to a communications device 222 via a communications device controller 224 through the I/O bus 205 and the system bus 204.
  • the manufacturer's computer system 105 may use the communications device 222 to communicate with an external computer system, such as the customer's computer system 106 (of FIG. 1) via the communication networks 108 and/or 110 (both of FIG. 1).
  • the processor 200 loads the program instructions 212 from the storage device 206 into the memory 202.
  • the processor 200 executes the loaded program instructions 212 to implement the use of secure keys to activate software as described herein.
  • the manufacturer's computer system 105 may use the storage device 206 to prepare the transportable memory media such as the disk 112 or the solid state memory device 114 for delivering the inactivated software 102a, the activation key 122 and the digital signature 120 to the customer's computer system 106 as illustrated in FIG. 1.
  • FIG. 3 is a block diagram of a customer's computer system 106 in accordance with an exemplary embodiment of the present invention.
  • the customer's computer system 106 may be used by the customer 104 to create the activated software 102b using the activation key 122 and digital signature 120 delivered to the customer 104 by the manufacturer 100 (all of FIG. 1).
  • the customer's computer system 106 includes a processor 300 coupled to a memory 302 via system bus 304.
  • the processor 300 is also coupled to external Input/Output (I/O) devices (not shown) via the system bus 302 and an I/O bus 305.
  • a storage device 306 having computer system readable media is coupled to the processor 300 via a storage device controller 308 and the I/O bus 305 and the system bus 304.
  • the storage device is used by the processor 300 to store and read data 310 and program instructions 312 used to implement the use of secure keys for software activation as described herein.
  • the processor 300 may be further coupled to an user input device 314 via an user input device controller 316 and the I/O bus 305 and the system bus 304.
  • the processor 300 may also be further coupled to an user output device 318 via an user output device controller 320 and the I/O bus 305 and the system bus 304.
  • a user such as the customer 104 (of FIG. 1) may use the user input device 314 to input data into the customer's computer system 106.
  • Exemplary user input devices include, but are not limited to, keyboards, key pads, touchscreens and various pointing devices.
  • the customer's computer system 106 may in turn, use the user output device 318 to output data to be used by the user.
  • Exemplary user output devices include, but are not limited to, CRT, LCD, and plasma display monitors.
  • the processor 300 may be further coupled to a communications device 322 via a communications device controller 324 through the FO bus 305 and the system bus 304.
  • the customer's computer system 106 may use the communications device to communicate with an external computer system, such as the manufacturer's computer system 105 (of FIG. 1) via the communication networks 108 and/or 110 (both of FIG.
  • the processor 300 loads the program instructions 312 from the storage device 306 into the memory 302.
  • the processor 300 executes the loaded program instructions 312 to implement the use of secure keys to activate software as described herein.
  • the customer's computer system 106 may use the storage device 306 to receive and read the transportable memory media such as the disk 112 or the solid state memory device 114 for reception of the inactivated software 102a, the activation key 122 or the digital signature 120 into the customer's computer system 106 as illustrated in FIG. 1.
  • FIG. 4 is a sequence diagram of using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
  • the manufacturer 100 (of FIG.
  • the manufacturer's computer system 105 uses the manufacturer's computer system 105 to generate or receive (400) a private/public key pair.
  • the public key along with a digest function used to generate a message digest is included in the inactivated software 102a that is delivered to the customer's computer system 106 in the above described manner.
  • the manufacturer's computer system 105 is provided, receives or generates (402) feature data that may be used to enable features within the inactivated software 102a.
  • the manufacturer's computer system 105 generates (404) an original message digest from the feature data using the same digest function included in the inactivated software 102a.
  • the manufacturer's computer system 105 generates (406) the digital signature 120 by encrypting the original message digest using the private key.
  • the feature data is included in the activation key 122 that is delivered to the customer's computer system 106 along with the digital signature 120.
  • the customer's computer system 106 may use the digital signature 120 to validate the feature data included in the activation key 122. To do so, the customer's computer system generates (408) a comparison digest using the activation key and the digest function included in the inactivated software 102 a. In addition, the customer's computer system 106 decrypts (410) the digital signature 120 using the public key 124 included in the inactivated software 102a to reveal the original message digest generated by the manufacturer's computer system 105. To validate the activation key, the customer's computer system 106 compares (412) the decrypted original message digest with the comparison digest. If they are comparable, the customer's computer system 106 activates (414) the inactivated software 102a using the feature data from the activation key 122.
  • FIG. 5 is a collaboration diagram for functional modules deployed on a manufacturers' s computer system 105 for processing an activation key in accordance with an exemplary embodiment of the present invention.
  • the functional modules include an activation key generator 500, a digest message generator 502, a private key/public key generator 506 and a digital signature generator 508.
  • the functional modules may be implemented on the manufacturer's computer system 105 as software modules or objects. In other embodiments, the functional modules may be implemented using hardware modules or other types of circuitry, or a combination of software and hardware modules.
  • the activation key generator 500 generates the activation key 122 that will be distributed to the customer 104 (of FIG. 1) for activating the inactivated software 102a.
  • the digest message generator 502 uses a digest function 503 to generate an original message digest 504 from the activation key 122.
  • the digest function 503 can be a hash function.
  • a hash function takes a long message of any length as input and produces a fixed length string as the original message digest 504. Many suitable hash functions are well known in the art.
  • Suitable hash functions include, but are not limited to: HAVAL, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-O, SHA-I, SHA-224, SHA-256, SHA-384, SHA- 512, Snefru, Tiger- 160 and Tiger- 160.
  • the private key/public key generator 506 is used to generate the paired private key 119 and public key 124.
  • Public key encryption systems using private key and public key pairs are well known in the art. Suitable public key techniques include, but are not limited to, Diffie-Hellman, DSS (Digital Signature Standard), ElGamal, CAPI, Elliptic Curve techniques, Paillier cryptosystem and the RSA encryption algorithm (PKCS).
  • PKCS RSA encryption algorithm
  • the totient, ⁇ (p-l)(q-l), is computed.
  • An integer, e is then chosen such that 1 ⁇ e ⁇ ⁇ and e and ⁇ are coprimes.
  • the secret exponent, d is computed such that 1 ⁇ d ⁇ ⁇ and ed ⁇ 1 (mod ⁇ ).
  • the public key is composed of n and e and the private key is composed of n and d.
  • the values of p, q, and ⁇ are also kept secret.
  • the digital signature creator 508 uses the private key 119 to create the digital signature 120 by encrypting the original message digest 504.
  • the public key 124 is included in the inactivated software 102a along with the digest function 503 for later use in validating the activation key 122.
  • the digital signature 120 may be distributed with the activation key 122 for use by the customer 104 (of FIG. 1) in activating the inactivated software 102a.
  • FIG. 6 is a collaboration diagram for functional modules deployed on the customer computer system 106 for activating the inactivated software 102a (of FIG. 1) in accordance with an exemplary embodiment of the present invention.
  • the functional modules include a validator 600 and an activator 608.
  • the functional modules may be implemented on the customer computer system 106 as software modules or objects. In other embodiments, the functional modules may be implemented using hardcoded computational modules or other types of circuitry, or a combination of software and circuitry modules.
  • the validator 600 obtains the activation key 122 and the digital signature 120 to be used to validate the activation key 122.
  • the validator 600 includes a digest message generator 601 that uses the digest function 503 to generate a comparison digest 602 from the activation key 122.
  • the validator 600 also includes a digital signature decryptor 604 that uses the public key 124 to decrypt the digital signature 120 to reveal the original message digest 504.
  • a comparator 606 compares the comparison digest 602 and the original message digest 504 to determine if the comparison digest 602 and the original message digest 504 match. If they do match, the validator 600 validates the activation key 122 that is then used by the activator 608 to activate the inactivated software 102a (of FIG. 1).
  • FIG. 7 is a process flow diagram of a digital signature generation process for generating a digital signature using feature data in accordance with an exemplary embodiment of the present invention.
  • a digital signature generation process 700 is implemented on the manufacturer's computer system 105 (of FIG. 1) and used to generate the digital signature 120 for distribution with the activation key 122.
  • feature data 701 included in the activation key 122 and specifying which features of the inactivated software 102a (of FIG. 1) to enable, is used to generate (702) the original message digest 504 using the digest function 503.
  • the original message digest 504 is then encrypted (704) using the private key 119 of the private/public key pair to create the digital signature 120.
  • the format and amount of the feature data 701 included in the activation key 122 are arbitrary.
  • a bit sequence may be used as the format for the feature data 701 where each bit corresponds to a particular software feature.
  • the value of a bit corresponding to a feature is "1” then the feature is activated and otherwise the feature is not activated. So long as each entity handling the bit sequence knows that the least significant bit corresponds to a feature, for example feature "A”, and the next bit corresponds to a feature "B”, then the exemplary bit sequence provides a compact format for the feature data 701.
  • feature data 701 consisting of the bit sequence "00" would correspond to no features being activated, feature data 701 consisting of "01” would correspond to feature A being activated but not B, and feature data 701 consisting of "10” would correspond to feature B being activated but not A, and "11” would correspond to both features A and B being activated.
  • the feature data 701 could be stored in XML format, such as:
  • the feature data 701 could include the string “jf9s87f*&@#” corresponding to a meaning "activate feature A”, or the string “jS(S*DFUY” corresponding to the meaning “activate feature B”, or the string “&*DSDS&*SD” corresponding to the meaning "activate both feature A and feature B”, or the string “BSDUI A &D” corresponding to the meaning "activate neither feature A nor feature B.”
  • FIG. 8 is a process flow diagram of a validation process that uses the digital signature 120 to validate the activation key 122 having feature data 701 in accordance with an exemplary embodiment of the present invention.
  • a validation process 800 is implemented on the customer's computer system 106 (of FIG. 1) and used to validate the feature data 701 included in the activation key 122.
  • the digest function 503 is used along with the feature data 701 from the activation key 122 to generate (801) a comparison digest 602.
  • the validation process 800 uses the public key 124 to decrypt (804) the digital signature 120 to reveal the original message digest 504 that was generated by the manufacturer's computer system 105 (of FIG. 1).
  • the validation process 800 then compares (806) the original message digest 504 and the comparison digest 602. If the original message digest 504 and the comparison digest 602 are determined to be comparable because, for example, they match (808), the activation key 122 is determined to be valid (810). However, if the comparison digest 602 does not match the original message digest 504, the activation key 122 is determined to be invalid (812).
  • FIG. 9 is a process flow diagram of a software feature enabling process used to enable software features using the feature data 701 from the activation key 122 in accordance with an exemplary embodiment of the present invention.
  • a software feature enabling process 900 is used by the customer's computer system 106 to generate the activated software 102b from the inactivated software 102a distributed by the manufacturer 100 (all of FIG. 1).
  • the validity of the activation key 122 is first determined using the previously described validation process 800. If the validation process 800 determines (901) that the activation key 122 is not valid, no features are enabled (902).
  • the feature data 701 included in the activation key 122 is examined (904) to determine if a feature, such as feature "A", is specified for enablement. If so, the feature is enabled (906). If not, the feature is not enabled, and the software feature enabling process 900 continues processing the feature data 701 without enabling the feature.
  • the feature data 701 is examined (908) to determine if another feature, such as a feature "B", is specified for enablement. If so, the other feature is enabled (910), If not, the feature is not enabled and the software feature enabling process 900 continues processing the feature data 701.
  • FIG. 10 is a package diagram for software using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
  • the software is distributed in an inactivated form as inactivated software 102a as previously described.
  • the inactivated software 102a includes the public key 124 used to decrypt the digital signature 120 distributed with the activation key 122 (both of FIG. 1).
  • the inactivated software 102a further includes the validator 600 that implements the validation process 800 (of FIG. 8).
  • the validator 600 includes the digest function 503 (of FIG.
  • the inactivated software 102a further includes the activator 608 that performs the software feature enabling process 900 (of FIG. 9).
  • the inactivated software 102a further includes a software application 1004 having features 1006 that may be enabled using the feature data 701 (of FIG. 7) and distributed in the activation key 122 (of FIG. 1).

Abstract

A secure method for generating and verifying keys to be utilized for software feature activation. The method includes secure key generation by a software manufacturer and secure key verification by the end software-product that reveals to the software which features to activate. This ensures that any key which activates a feature in the software is generated by the software manufacturer.

Description

TITLE
SECURE KEYS FOR SOFTWARE ACTIVATION
BACKGROUND OF THE INVENTION Field of the Invention
[0001] The present invention relates generally to software activation and more specifically to secure generation and verification of keys for software feature activation.
Description of the Related Art
[0002] Large software applications typically include multiple features that may be activated individually. This allows a software application manufacturer to offer a customizable software application by activating selected groupings of features. One approach to selected feature activation includes the generation of keys by the software manufacturer that are created by applying a mathematical function to various customer defining data and activation data that identifies the feature or group of features to be activated. The customer then enters their data and the provided key to their copy of the software that verifies the key by applying this function to the customer-supplied data and comparing the result to the manufacturer-supplied key. Depending upon which feature data results in the manufacturer-supplied key, the software will know which feature to activate.
[0003] The inadequacy of current approaches is that it allows the possibility of a software hacker discovering the function used to generate a key and the feature-identification data since these pieces of information must be encoded in the software itself. With this information, the software hacker can easily generate their own key to activate software features without authorization. [0004] Therefore, a need exists for a way to distribute software activation data securely. Secure keys for software activation in accordance with various aspects of the present invention meet such a need.
SUMMARY OF THE INVENTION
[0005] The present invention provides a secure method for generating and verifying keys to be utilized for software feature activation. The method includes secure key generation by a software manufacturer and secure key verification by the end software-product that reveals to the software which features to activate. This ensures that any key which activates a feature in the software is generated by the software manufacturer. [0006] In one aspect of the invention, a method of processing an activation key for software is provided. The method includes providing an activation key for the software. An original message digest is generated using the activation key and a digest function and a digital signature is created by encrypting the original message digest using a private key of a private key and public key pair. The digital signature and the activation key are then distributed to a customer for use in activating the software. [0007] In another aspect of the invention, a method of activating software is provided. The method includes validating an activation key using the activation key, a digital signature, a digest function and a public key of a public key and private key pair, wherein the digital signature is generated from the activation key using the digest function and private key of the public key and private key pair. The software is then activated when the activation key is validated.
[0008] In another aspect of the invention, validating the activation key includes decrypting the digital signature using the public key to reveal an original message digest and generating a comparison message digest using the activation key and the digest function. The activation key is validated when the comparison message digest and the revealed original message digest match.
[0009] In another aspect of the invention, the software is distributed in an inactivated state. The software includes a validator configured to validate an activation key using the activation key, a digital signature, a digest function and a public key of a public key private key pair, wherein the digital signature is generated from the activation key using the digest function and private key of the public key and private key pair. The software - A - also includes an activator configured to activate the software when the activation key is validated.
BRIEF DESCRIPTION OF THE DRAWINGS
[0010] The present invention will be more readily understood from a detailed description of the preferred embodiment taken in conjunction with the following figures:
[0011] FIG. 1 is a schematic diagram of a system using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
[0012] FIG. 2 is a block diagram of a manufacturer's computer system in accordance with an exemplary embodiment of the present invention.
[0013] FIG. 3 is a block diagram of a customer's computer system in accordance with an exemplary embodiment of the present invention.
[0014] FIG. 4 is a sequence diagram of using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
[0015] FIG. 5 is a collaboration diagram for functional modules deployed on a manufacturers' s computer system for processing an activation key in accordance with an exemplary embodiment of the present invention. [0016] FIG. 6 is a collaboration diagram for functional modules deployed on a customer computer system for activating software in accordance with an exemplary embodiment of the present invention.
10017] FIG. 7 is a process flow diagram of a digital signature generation process for generating a digital signature for an activation key in accordance with an exemplary embodiment of the present invention.
[0018] FIG. 8 is a process flow diagram of a validation process that uses a digital signature to validate an activation key having feature data in accordance with an exemplary embodiment of the present invention.
[0019] FIG. 9 is a process flow diagram of a software feature enabling process used to enable software features using feature data from an activation key in accordance with an exemplary embodiment of the present invention.
[0020] FIG. 10 is a package diagram for software using secure keys for software activation in accordance with an exemplary embodiment of the present invention.
DETAILED DESCRIPTION
[0021] FIG. 1 is a schematic diagram of a system using secure keys for software activation in accordance with an exemplary embodiment of the present invention. A manufacturer 100, or any other entity distributing software, creates an inactivated version of the software 102a, for distribution to one or more customers, or any entity using the software, such as customer 104. To use the software 102a, the customer 104 obtains a copy of the inactivated software 102a and creates an activated version of the software 102b on a customer's computer system 106. The inactivated software 102a may be obtained by the customer 104 using a variety of methods. For example, the inactivated software 102a may be received by the customer from a manufacturer's computer system 105 via a communications or computer network such as a wired communications network 108 or a wireless communication network 110. The inactivated software 102a may also be delivered to the customer 104 via transportable memory media such as a disk 112 or a solid state memory device 114 or via other suitable means.
[0022] To enable the customer to activate the inactivated software 102a, the manufacturer uses a private key 119 of a private/public key pair to create a digital signature 120 of a software activation key 122. The digital signature 120 is verified by the inactivated software 102a using a public key 124 of the private/public key pair that is encoded within the inactivated software 102a before using the activation key 122 to enable specified features of the inactivated software 102a to become activated software 102b.
[0023] In the foregoing description, only a single manufacturer's computer system 105 and a single customer computer system 106 are discussed herein for the sake of convenience. However, it is to be understood that the manufacturer 100 can distribute software to a plurality of customers. Furthermore, it is to be understood that the customer 104 may receive inactivated software from a plurality of manufacturers. In addition, it is to be understood that software may be distributed for use or execution by any kind of data processing or computing device used by the customer, as exemplified by, but not limited to, mainframes, workstations, personal computers, personal digital assistants or other handheld computing devices.
[0024] Having described an overview of a system using secure keys for software activation, the manufacturer's computer system 105 and the customer computer system 106 will now be described in greater detail. FIG. 2 is a block diagram of a manufacturer's computer system 105 in accordance with an exemplary embodiment of the present invention. The manufacturer's computer system 105 may be used by the manufacturer 100 to create the inactivated software 102a and the activation key 122 and digital signature 120 for delivery to the customer 104 (all of FIG. 1). The manufacturer's computer system 105 includes a processor 200 coupled to a memory 202 via system bus 204. The processor 200 is also coupled to external Input/Output (I/O) devices (not shown) via the system bus 204 and an I/O bus 205. A storage device 206 having computer system readable media is coupled to the processor 200 via a storage device controller 208 and the I/O bus 205 and the system bus 204. The storage device 206 is used by the processor 200 to store and read data 210 and program instructions 212 used to implement the use of secure keys for software activation as described herein.
[0025] The processor 200 may be further coupled to an user input device 214 via an user input device controller 216 and the I/O bus 205 and the system bus 204. The processor 200 may also be further coupled to an user output device 218 via an user output device controller 220 and the I/O bus 205 and the system bus 204. A user, such as the manufacturer 100 (of FIG. 1) may use the user input device 214 to input data into the manufacturer's computer system 105. Exemplary user input devices include, but are not limited to, keyboards, key pads, touchscreens and various pointing devices. The manufacturer's computer system 105 may in turn, use the user output device 218 to output data to be used by the user. Exemplary user output devices include, but are not limited to, CRT, LCD, and plasma display monitors.
[0026] The processor 200 may be further coupled to a communications device 222 via a communications device controller 224 through the I/O bus 205 and the system bus 204. The manufacturer's computer system 105 may use the communications device 222 to communicate with an external computer system, such as the customer's computer system 106 (of FIG. 1) via the communication networks 108 and/or 110 (both of FIG. 1).
[0027] In operation, the processor 200 loads the program instructions 212 from the storage device 206 into the memory 202. The processor 200 executes the loaded program instructions 212 to implement the use of secure keys to activate software as described herein. In addition, the manufacturer's computer system 105 may use the storage device 206 to prepare the transportable memory media such as the disk 112 or the solid state memory device 114 for delivering the inactivated software 102a, the activation key 122 and the digital signature 120 to the customer's computer system 106 as illustrated in FIG. 1.
[0028] FIG. 3 is a block diagram of a customer's computer system 106 in accordance with an exemplary embodiment of the present invention. The customer's computer system 106 may be used by the customer 104 to create the activated software 102b using the activation key 122 and digital signature 120 delivered to the customer 104 by the manufacturer 100 (all of FIG. 1). The customer's computer system 106 includes a processor 300 coupled to a memory 302 via system bus 304. The processor 300 is also coupled to external Input/Output (I/O) devices (not shown) via the system bus 302 and an I/O bus 305. A storage device 306 having computer system readable media is coupled to the processor 300 via a storage device controller 308 and the I/O bus 305 and the system bus 304. The storage device is used by the processor 300 to store and read data 310 and program instructions 312 used to implement the use of secure keys for software activation as described herein.
[0029] The processor 300 may be further coupled to an user input device 314 via an user input device controller 316 and the I/O bus 305 and the system bus 304. The processor 300 may also be further coupled to an user output device 318 via an user output device controller 320 and the I/O bus 305 and the system bus 304. A user, such as the customer 104 (of FIG. 1) may use the user input device 314 to input data into the customer's computer system 106. Exemplary user input devices include, but are not limited to, keyboards, key pads, touchscreens and various pointing devices. The customer's computer system 106 may in turn, use the user output device 318 to output data to be used by the user. Exemplary user output devices include, but are not limited to, CRT, LCD, and plasma display monitors.
10030] The processor 300 may be further coupled to a communications device 322 via a communications device controller 324 through the FO bus 305 and the system bus 304. The customer's computer system 106 may use the communications device to communicate with an external computer system, such as the manufacturer's computer system 105 (of FIG. 1) via the communication networks 108 and/or 110 (both of FIG.
1). [003 IJ In operation, the processor 300 loads the program instructions 312 from the storage device 306 into the memory 302. The processor 300 executes the loaded program instructions 312 to implement the use of secure keys to activate software as described herein. In addition, the customer's computer system 106 may use the storage device 306 to receive and read the transportable memory media such as the disk 112 or the solid state memory device 114 for reception of the inactivated software 102a, the activation key 122 or the digital signature 120 into the customer's computer system 106 as illustrated in FIG. 1.
[0032] The foregoing descriptions of the manufacturer's computer system 105 and the customer's computer system 106 are examples only as those skilled in the art will appreciate that any general purpose computing machine may be used to implement the use of secure keys to activate software as described herein. In addition, appropriately configured special purpose computing machines may be used as well. [0033] Having described an overview of a system using secure keys for software activation and described in detail the manufacturer's computer system 105 and the customer computer system 106, a sequence of operations and related functional modules and processes will now be described in greater detail. FIG. 4 is a sequence diagram of using secure keys for software activation in accordance with an exemplary embodiment of the present invention. The manufacturer 100 (of FIG. 1) uses the manufacturer's computer system 105 to generate or receive (400) a private/public key pair. The public key along with a digest function used to generate a message digest is included in the inactivated software 102a that is delivered to the customer's computer system 106 in the above described manner. [0034] The manufacturer's computer system 105 is provided, receives or generates (402) feature data that may be used to enable features within the inactivated software 102a. The manufacturer's computer system 105 generates (404) an original message digest from the feature data using the same digest function included in the inactivated software 102a. The manufacturer's computer system 105 generates (406) the digital signature 120 by encrypting the original message digest using the private key. The feature data is included in the activation key 122 that is delivered to the customer's computer system 106 along with the digital signature 120.
[0035] Once the customer's computer system 106 receives the activation key 122 and digital signature 120, the customer's computer system 106 may use the digital signature 120 to validate the feature data included in the activation key 122. To do so, the customer's computer system generates (408) a comparison digest using the activation key and the digest function included in the inactivated software 102 a. In addition, the customer's computer system 106 decrypts (410) the digital signature 120 using the public key 124 included in the inactivated software 102a to reveal the original message digest generated by the manufacturer's computer system 105. To validate the activation key, the customer's computer system 106 compares (412) the decrypted original message digest with the comparison digest. If they are comparable, the customer's computer system 106 activates (414) the inactivated software 102a using the feature data from the activation key 122.
[0036] Having described the sequence of operations within a system using secure keys for software activation, specific functional modules implementing the operations will now be described. FIG. 5 is a collaboration diagram for functional modules deployed on a manufacturers' s computer system 105 for processing an activation key in accordance with an exemplary embodiment of the present invention. The functional modules include an activation key generator 500, a digest message generator 502, a private key/public key generator 506 and a digital signature generator 508. The functional modules may be implemented on the manufacturer's computer system 105 as software modules or objects. In other embodiments, the functional modules may be implemented using hardware modules or other types of circuitry, or a combination of software and hardware modules.
[0037] In operation, the activation key generator 500 generates the activation key 122 that will be distributed to the customer 104 (of FIG. 1) for activating the inactivated software 102a. The digest message generator 502 uses a digest function 503 to generate an original message digest 504 from the activation key 122. By way of illustration and not as a limitation, the digest function 503 can be a hash function. A hash function takes a long message of any length as input and produces a fixed length string as the original message digest 504. Many suitable hash functions are well known in the art. Suitable hash functions include, but are not limited to: HAVAL, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-O, SHA-I, SHA-224, SHA-256, SHA-384, SHA- 512, Snefru, Tiger- 160 and Tiger- 160.
[0038] The private key/public key generator 506 is used to generate the paired private key 119 and public key 124. Public key encryption systems using private key and public key pairs are well known in the art. Suitable public key techniques include, but are not limited to, Diffie-Hellman, DSS (Digital Signature Standard), ElGamal, CAPI, Elliptic Curve techniques, Paillier cryptosystem and the RSA encryption algorithm (PKCS). [0039] By way of example of key generation and not as a limitation, the key generation algorithm for the RSA encryption algorithm will now be described. The RSA key generation algorithm includes determining two large random primes, p and q, of approximately equal size such that their product or modulus, n=pq, is of a size greater than that of the message digest. Next, the totient, φ = (p-l)(q-l), is computed. An integer, e, is then chosen such that 1 < e < φ and e and φ are coprimes. The secret exponent, d, is computed such that 1 < d < φ and ed ≡ 1 (mod φ). The public key is composed of n and e and the private key is composed of n and d. The values of p, q, and φ are also kept secret.
[0040] The digital signature creator 508 uses the private key 119 to create the digital signature 120 by encrypting the original message digest 504. In addition, the public key 124 is included in the inactivated software 102a along with the digest function 503 for later use in validating the activation key 122. Once the digital signature 120 is created using the private key 119 and the original message digest 504, the digital signature 120 may be distributed with the activation key 122 for use by the customer 104 (of FIG. 1) in activating the inactivated software 102a.
[0041] FIG. 6 is a collaboration diagram for functional modules deployed on the customer computer system 106 for activating the inactivated software 102a (of FIG. 1) in accordance with an exemplary embodiment of the present invention. The functional modules include a validator 600 and an activator 608. The functional modules may be implemented on the customer computer system 106 as software modules or objects. In other embodiments, the functional modules may be implemented using hardcoded computational modules or other types of circuitry, or a combination of software and circuitry modules. [0042] In operation, the validator 600 obtains the activation key 122 and the digital signature 120 to be used to validate the activation key 122. The validator 600 includes a digest message generator 601 that uses the digest function 503 to generate a comparison digest 602 from the activation key 122. The validator 600 also includes a digital signature decryptor 604 that uses the public key 124 to decrypt the digital signature 120 to reveal the original message digest 504. A comparator 606 compares the comparison digest 602 and the original message digest 504 to determine if the comparison digest 602 and the original message digest 504 match. If they do match, the validator 600 validates the activation key 122 that is then used by the activator 608 to activate the inactivated software 102a (of FIG. 1).
[0043] Having described the collaboration of the functional modules, the processes used in the functional modules will now be described in greater detail. FIG. 7 is a process flow diagram of a digital signature generation process for generating a digital signature using feature data in accordance with an exemplary embodiment of the present invention. A digital signature generation process 700 is implemented on the manufacturer's computer system 105 (of FIG. 1) and used to generate the digital signature 120 for distribution with the activation key 122. To generate the digital signature 120, feature data 701, included in the activation key 122 and specifying which features of the inactivated software 102a (of FIG. 1) to enable, is used to generate (702) the original message digest 504 using the digest function 503. The original message digest 504 is then encrypted (704) using the private key 119 of the private/public key pair to create the digital signature 120.
[0044] The format and amount of the feature data 701 included in the activation key 122 are arbitrary. By way of example and not of limitation, a bit sequence may be used as the format for the feature data 701 where each bit corresponds to a particular software feature. In this example, if the value of a bit corresponding to a feature is "1" then the feature is activated and otherwise the feature is not activated. So long as each entity handling the bit sequence knows that the least significant bit corresponds to a feature, for example feature "A", and the next bit corresponds to a feature "B", then the exemplary bit sequence provides a compact format for the feature data 701. As a further example, feature data 701 consisting of the bit sequence "00" would correspond to no features being activated, feature data 701 consisting of "01" would correspond to feature A being activated but not B, and feature data 701 consisting of "10" would correspond to feature B being activated but not A, and "11" would correspond to both features A and B being activated. [0045] As another example, the feature data 701 could be stored in XML format, such as:
<Feature Activation Data> <Feature>
<Name>A</Name> <Activate>Yes</Activate> </Feature> <Feature>
<Name>B</Name> <Activate>No</Activate> </Feature> </Feature Activation Data>
[0046] As yet another example of how arbitrary the data encoding scheme can be, the feature data 701 could include the string "jf9s87f*&@#" corresponding to a meaning "activate feature A", or the string "jS(S*DFUY" corresponding to the meaning "activate feature B", or the string "&*DSDS&*SD" corresponding to the meaning "activate both feature A and feature B", or the string "BSDUIA&D" corresponding to the meaning "activate neither feature A nor feature B."
[00471 FIG. 8 is a process flow diagram of a validation process that uses the digital signature 120 to validate the activation key 122 having feature data 701 in accordance with an exemplary embodiment of the present invention. A validation process 800 is implemented on the customer's computer system 106 (of FIG. 1) and used to validate the feature data 701 included in the activation key 122. In the validation process 800, the digest function 503 is used along with the feature data 701 from the activation key 122 to generate (801) a comparison digest 602. The validation process 800 uses the public key 124 to decrypt (804) the digital signature 120 to reveal the original message digest 504 that was generated by the manufacturer's computer system 105 (of FIG. 1). The validation process 800 then compares (806) the original message digest 504 and the comparison digest 602. If the original message digest 504 and the comparison digest 602 are determined to be comparable because, for example, they match (808), the activation key 122 is determined to be valid (810). However, if the comparison digest 602 does not match the original message digest 504, the activation key 122 is determined to be invalid (812).
[0048] FIG. 9 is a process flow diagram of a software feature enabling process used to enable software features using the feature data 701 from the activation key 122 in accordance with an exemplary embodiment of the present invention. A software feature enabling process 900 is used by the customer's computer system 106 to generate the activated software 102b from the inactivated software 102a distributed by the manufacturer 100 (all of FIG. 1). The validity of the activation key 122 is first determined using the previously described validation process 800. If the validation process 800 determines (901) that the activation key 122 is not valid, no features are enabled (902). However, if the activation key is determined (901) to be valid, the feature data 701 included in the activation key 122 is examined (904) to determine if a feature, such as feature "A", is specified for enablement. If so, the feature is enabled (906). If not, the feature is not enabled, and the software feature enabling process 900 continues processing the feature data 701 without enabling the feature. In a likewise manner, the feature data 701 is examined (908) to determine if another feature, such as a feature "B", is specified for enablement. If so, the other feature is enabled (910), If not, the feature is not enabled and the software feature enabling process 900 continues processing the feature data 701. The process of determining if feature data 701 includes a specification for enabling features may be repeated (912) for an indefinite number of features until the end (914) of the feature data 701 is reached. [0049] FIG. 10 is a package diagram for software using secure keys for software activation in accordance with an exemplary embodiment of the present invention. The software is distributed in an inactivated form as inactivated software 102a as previously described. The inactivated software 102a includes the public key 124 used to decrypt the digital signature 120 distributed with the activation key 122 (both of FIG. 1). The inactivated software 102a further includes the validator 600 that implements the validation process 800 (of FIG. 8). The validator 600 includes the digest function 503 (of FIG. 5) used to both generate the message digest 504 (of FIG. 5) and the comparison digest 602 (of FIG. 6). The inactivated software 102a further includes the activator 608 that performs the software feature enabling process 900 (of FIG. 9). The inactivated software 102a further includes a software application 1004 having features 1006 that may be enabled using the feature data 701 (of FIG. 7) and distributed in the activation key 122 (of FIG. 1).
[0050] Although this invention has been described in certain specific embodiments, many additional modifications and variations would be apparent to those skilled in the art. It is therefore to be understood that this invention may be practiced otherwise than as specifically described. Thus, the present embodiments of the invention should be considered in all respects as illustrative and not restrictive, the scope of the invention to be determined by any claims supportable by this application and the claims' equivalents rather than the foregoing description.

Claims

WHAT IS CLAIMED IS:
1. A method of processing an activation key for software, comprising: providing an activation key for the software; generating an original message digest using the activation key and a digest function; and creating a digital signature by encrypting the original message digest using a private key of a private key and public key pair, the digital signature and the activation key for distribution to a customer for use in activating the software.
2. The method of Claim 1 , wherein the digest function is a hash function.
3. The method of Claim 1, wherein the original message digest is generated using feature data included in the activation key, the feature data for enabling at least one specified feature of the software.
4. The method of Claim 1, further comprising including in the software the digest function and a public key of the private key and public key pair.
5. An apparatus for processing an activation key for software, comprising: an activation key generator configured to generate an activation key for the software; a digest message generator configured to generate an original message digest using the activation key and a digest function; and a digital signature creator configured to create a digital signature by encrypting the original message digest using a private key of a private key and public key pair, the digital signature and the activation key for distribution to a customer for use in activating the software.
6. The apparatus of Claim 5, wherein the digest function is a hash function.
7. The apparatus of Claim 5, wherein the digest message generator generates the original message digest using feature data included in the activation key, the feature data for enabling at least one specified feature of the software.
8. The apparatus of Claim 5, wherein the digest function and a public key of the private key and public key pair are included in the software.
9. A method of activating software, comprising: validating an activation key using the activation key, a digital signature, a digest function and a public key of a public key and private key pair, wherein the digital signature is generated from the activation key using the digest function and private key of the public key and private key pair; and activating the software when the activation key is validated.
10. The method of Claim 9, wherein validating the activation key further comprises: decrypting the digital signature using the public key to reveal an original message digest; generating a comparison message digest using the activation key and the digest function; and validating the activation key when the comparison message digest and the revealed original message digest match.
1 1. The method of Claim 9, wherein the digest function is a hash function.
12. The method of Claim 9, wherein the activation key includes feature data and the software is activated in the activating by using the feature data.
13. An apparatus for activating software, comprising: a validator configured to validate an activation key using the activation key, a digital signature, a digest function and a public key of a public key private key pair, wherein the digital signature is generated from the activation key using the digest function and private key of the public key and private key pair; and an activator configured to activate the software when the activation key is validated.
14. The apparatus of Claim 13, wherein the validator further comprises: a decryptor configured to decrypt the digital signature using the public key to reveal an original message digest; a message digest generator configured to generate a comparison message digest using the activation key and the digest function; and a comparator configured to validate the activation key when the comparison message digest and the revealed original message digest match.
15. The apparatus of Claim 13, wherein the digest function is a hash function.
16. The apparatus of Claim 13, wherein the activation key includes feature data and the activator uses the feature data to activate the software.
17. Software stored on a computer-readable medium, the software comprising modules for: a validator configured to validate an activation key using the activation key, a digital signature, a digest function and a public key of a public key private key pair, wherein the digital signature is generated from the activation key using the digest function and private key of the public key and private key pair; and an activator configured to activate the software when the activation key is validated.
18. The software of Claim 17, wherein the validator module further comprises: a decryptor configured to decrypt the digital signature using the public key to reveal an original message digest; a message digest generator configured to generate a comparison message digest using the activation key and the digest function; and a comparator configured to validate the activation key when the comparison message digest and the revealed original message digest match.
19. The software of Claim 17, wherein the digest function is a hash function.
20. The software of Claim 17, wherein the activation key includes feature data and the activator in the activating uses the feature data to activate the software.
PCT/US2007/009350 2006-04-19 2007-04-16 Secure keys for software activation WO2007123893A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/407,540 2006-04-19
US11/407,540 US7725396B2 (en) 2006-04-19 2006-04-19 Secure keys for software activation

Publications (2)

Publication Number Publication Date
WO2007123893A2 true WO2007123893A2 (en) 2007-11-01
WO2007123893A3 WO2007123893A3 (en) 2007-12-13

Family

ID=38480671

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/009350 WO2007123893A2 (en) 2006-04-19 2007-04-16 Secure keys for software activation

Country Status (2)

Country Link
US (1) US7725396B2 (en)
WO (1) WO2007123893A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009073969A1 (en) 2007-12-13 2009-06-18 Certicom Corp. System and method for controlling features on a device
WO2009129080A1 (en) * 2008-04-15 2009-10-22 Hurco Companies, Inc. Software option selection and validation system
WO2015153562A1 (en) * 2014-04-04 2015-10-08 Qualcomm Incorporated A remote station and method for re-enabling a disabled debug capability in a system-on-a-chip device

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008197795A (en) * 2007-02-09 2008-08-28 Nec Infrontia Corp Function license authentication method and function license authentication system
US20090313171A1 (en) * 2008-06-17 2009-12-17 Microsoft Corporation Electronic transaction verification
US20090327091A1 (en) * 2008-06-26 2009-12-31 Microsoft Corporation License management for software products
JP5599557B2 (en) * 2008-08-29 2014-10-01 株式会社リコー Information processing apparatus, license determination method, program, and recording medium
US8984293B2 (en) 2010-11-19 2015-03-17 Microsoft Corporation Secure software product identifier for product validation and activation
US8775797B2 (en) 2010-11-19 2014-07-08 Microsoft Corporation Reliable software product validation and activation with redundant security
US8683579B2 (en) * 2010-12-14 2014-03-25 Microsoft Corporation Software activation using digital licenses
US8914767B2 (en) * 2012-03-12 2014-12-16 Symantec Corporation Systems and methods for using quick response codes to activate software applications
US10146916B2 (en) * 2015-11-17 2018-12-04 Microsoft Technology Licensing, Llc Tamper proof device capability store

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5398285A (en) * 1993-12-30 1995-03-14 Motorola, Inc. Method for generating a password using public key cryptography
US6557105B1 (en) * 1999-04-14 2003-04-29 Tut Systems, Inc. Apparatus and method for cryptographic-based license management
US20050050315A1 (en) * 2003-08-29 2005-03-03 Microsoft Corporation Selectively authorizing software functionality after installation of the software

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138387A1 (en) * 2003-12-19 2005-06-23 Lam Wai T. System and method for authorizing software use
US20070041584A1 (en) * 2005-08-16 2007-02-22 O'connor Clint H Method for providing activation key protection
JP2008046854A (en) * 2006-08-16 2008-02-28 Kyocera Mita Corp Software authentication apparatus and image forming apparatus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5398285A (en) * 1993-12-30 1995-03-14 Motorola, Inc. Method for generating a password using public key cryptography
US6557105B1 (en) * 1999-04-14 2003-04-29 Tut Systems, Inc. Apparatus and method for cryptographic-based license management
US20050050315A1 (en) * 2003-08-29 2005-03-03 Microsoft Corporation Selectively authorizing software functionality after installation of the software

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009073969A1 (en) 2007-12-13 2009-06-18 Certicom Corp. System and method for controlling features on a device
EP2220807A1 (en) * 2007-12-13 2010-08-25 Certicom Corp. System and method for controlling features on a device
JP2011508997A (en) * 2007-12-13 2011-03-17 サーティコム コーポレーション System and method for controlling functionality on a device
EP2220807A4 (en) * 2007-12-13 2011-07-13 Certicom Corp System and method for controlling features on a device
EP2562956A3 (en) * 2007-12-13 2013-11-27 Certicom Corp. Device and method for controlling features on a device
US9485223B2 (en) 2007-12-13 2016-11-01 Certicom Corp. System and method for controlling features on a device
US10003580B2 (en) 2007-12-13 2018-06-19 Certicom Corp. System and method for controlling features on a device
US10419407B2 (en) 2007-12-13 2019-09-17 Certicom Corp. System and method for controlling features on a device
WO2009129080A1 (en) * 2008-04-15 2009-10-22 Hurco Companies, Inc. Software option selection and validation system
US8418171B2 (en) 2008-04-15 2013-04-09 Hurco Companies, Inc. Software option selection and validation system
WO2015153562A1 (en) * 2014-04-04 2015-10-08 Qualcomm Incorporated A remote station and method for re-enabling a disabled debug capability in a system-on-a-chip device
CN106133737A (en) * 2014-04-04 2016-11-16 高通股份有限公司 For reactivating the distant station and method being disabled one of debugger capacity in system on chip devices

Also Published As

Publication number Publication date
US7725396B2 (en) 2010-05-25
US20080040701A1 (en) 2008-02-14
WO2007123893A3 (en) 2007-12-13

Similar Documents

Publication Publication Date Title
US7725396B2 (en) Secure keys for software activation
KR101999188B1 (en) Secure personal devices using elliptic curve cryptography for secret sharing
US9847880B2 (en) Techniques for ensuring authentication and integrity of communications
US7516321B2 (en) Method, system and device for enabling delegation of authority and access control methods based on delegated authority
EP1618451B1 (en) Associating software with hardware using cryptography
US8139766B2 (en) Pseudo public key encryption
US8185476B2 (en) Digital rights management system protecting consumer privacy
US6892301B1 (en) Method and system for securely handling information between two information processing devices
US7730315B2 (en) Cryptosystem based on a Jacobian of a curve
US7236589B2 (en) Device for point compression for Jacobians of hyperelliptic curves
WO2006019614A2 (en) Method of delivering direct proof private keys in signed groups to devices using a distribution cd
JP2008252299A (en) Encryption processing system and encryption processing method
WO2022048315A1 (en) File encryption method, terminal, apparatus, device, and medium
EP3808026B1 (en) Device for data encryption and integrity
CN109951276B (en) Embedded equipment remote identity authentication method based on TPM
US9800410B1 (en) Data encryption system and method
Kumar et al. An efficient implementation of digital signature algorithm with SRNN public key cryptography
WO2013004691A1 (en) Traitor tracing for software-implemented decryption algorithms
US7415110B1 (en) Method and apparatus for the generation of cryptographic keys
JP2011091517A (en) Signcryption system and signcryption generation method
KR20090080842A (en) Digital signature method, Digital signature apparatus using CRT-RSA modula exponentiation algorithm and Recording medium using by the same
US11783057B2 (en) Method for securely provisioning a device incorporating an integrated circuit without using a secure environment
Standard Key Management Interoperability Protocol Specification Version 1.0
CN116680710A (en) Cipher key authentication method and system
Ruan et al. Building blocks of the security and management engine

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07755577

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07755577

Country of ref document: EP

Kind code of ref document: A2