KR102393537B1 - Method and system for managing software license based on trusted execution environment - Google Patents

Abstract

A software license management method and system based on a trusted execution environment are disclosed. The license management method according to one embodiment includes the steps of: generating an intermediate key pair comprising an intermediate private key and an intermediate public key; issuing an intermediate certificate including the intermediate public key through a root system and signed with the public key of the root system; issuing a license including a node identifier of node software and signed with the intermediate public key to the node software; and checking whether the number of running node software is less than or equal to the number permitted through the license.

Description

Software license management method and system based on trusted execution environment

The following description relates to a software license management method and system based on a trusted execution environment.

Enforcing licenses for software was seen as a difficult problem. This is because users can disable the license management function just by modifying the software.

[Prior art literature]

Korean Patent Registration No. 10-2020-0218792

Provides a license management method and system that is difficult to bypass based on the trusted execution environment, which is a hardware element.

A method for managing a license of a computer device including at least one processor, the method comprising: generating, by the at least one processor, an intermediate key pair including an intermediate private key and an intermediate public key; receiving, by the at least one processor, an intermediate certificate including the intermediate public key and signed with the public key of the root system through a root system; issuing, by the at least one processor, a license including a node identifier of the node software and signed with the intermediate public key to the node software; and checking, by the at least one processor, whether the number of running node software is less than or equal to the number permitted through the license, wherein the node identifier included in the license is installed by the node software issued the license And it provides a license management method, characterized in that the verification in the node software issued the license using a unique key for the trusted execution environment of the driven physical device.

A method for managing a license of a computer device including at least one processor, the method comprising: generating, by the at least one processor, a first node identifier; transmitting, by the at least one processor, the generated first node identifier to a license management server; encrypting, by the at least one processor, the generated first node identifier using a unique key for a trusted execution environment of the computer device; calculating, by the at least one processor, a first hash value of the encrypted first node identifier; receiving, by the at least one processor, a license from the license management server; encrypting, by the at least one processor, the second node identifier included in the license with the unique key; calculating, by the at least one processor, a second hash value of the encrypted second node identifier; and verifying, by the at least one processor, the node identifier included in the license by comparing the first hash value and the second hash value.

According to one side, the first node identifier includes first computer information of the computer device, first user information of a user of the computer device, and first software information of software to be licensed, the license management method checking, by the at least one processor, second computer information, second user information, and second software information included in the second node identifier included in the license; and comparing, by the at least one processor, the identified second computer information, second user information, and second software information with the first computer information, the first user information, and the first software information, to the license. It may be characterized by further comprising the step of further verifying the included second node identifier.

According to another aspect, the license management method may include: checking, by the at least one processor, whether the signature included in the license is signed with an intermediate public key of an intermediate certificate included in the license; checking, by the at least one processor, whether the intermediate certificate included in the license is signed with a root public key of a root certificate included in the license; and confirming, by the at least one processor, whether the root certificate included in the license is included in a list of root certificates included in the software subject to the license.

Provided is a computer program stored in a computer-readable recording medium in combination with a computer device to execute the method on the computer device.

It provides a computer-readable recording medium in which a program for executing the method in a computer device is recorded.

at least one processor implemented to execute instructions readable by a computer device, the at least one processor generating, by the at least one processor, an intermediate key pair comprising an intermediate private key and an intermediate public key; Issuing an intermediate certificate including a key, signed with the public key of the root system, including a node identifier of node software, and issuing a license signed with the intermediate public key to the node software, wherein the number of running node software is the number of It is checked whether the number is less than or equal to the number permitted through the license, and the node identifier included in the license uses a unique key for the trusted execution environment of the physical device on which the node software that has been issued the license is installed and runs. It provides a computer device, characterized in that it is verified by the issued node software.

It is possible to provide a license management method and system that is difficult to bypass based on the trusted execution environment, which is a hardware element.

1 is a diagram illustrating an example of a network environment according to an embodiment of the present invention.
2 is a block diagram illustrating an example of a computer device according to an embodiment of the present invention.
3 is a diagram illustrating an example of components of a license management system according to an embodiment of the present invention.
4 is a diagram illustrating an example of a certificate period design according to an embodiment of the present invention.
5 is a diagram illustrating an example of a license according to an embodiment of the present invention.
6 is a flowchart illustrating an example of a license management method according to an embodiment of the present invention.
7 is a diagram illustrating an example of a process for issuing an intermediate certificate according to an embodiment of the present invention.
8 is a diagram illustrating an example of a process of issuing a license according to an embodiment of the present invention.
9 is a diagram illustrating an example of an NID generation algorithm according to an embodiment of the present invention.
10 is a diagram illustrating an example of an NID checking algorithm according to an embodiment of the present invention.
11 is a diagram illustrating an example of a license verification algorithm according to an embodiment of the present invention.

Since the present invention can have various changes and can have various embodiments, specific embodiments are illustrated in the drawings and described in detail in the detailed description. However, this is not intended to limit the present invention to specific embodiments, and it should be understood to include all modifications, equivalents and substitutes included in the spirit and scope of the present invention. In describing each figure, like reference numerals have been used for like elements.

Terms such as first, second, A, and B may be used to describe various elements, but the elements should not be limited by the terms. The above terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, a first component may be referred to as a second component, and similarly, a second component may also be referred to as a first component. and/or includes a combination of a plurality of related listed items or any of a plurality of related listed items.

When an element is referred to as being “connected” or “connected” to another element, it is understood that it may be directly connected or connected to the other element, but other elements may exist in between. it should be On the other hand, when it is said that a certain element is "directly connected" or "directly connected" to another element, it should be understood that the other element does not exist in the middle.

The terms used in the present application are only used to describe specific embodiments, and are not intended to limit the present invention. The singular expression includes the plural expression unless the context clearly dictates otherwise. In the present application, terms such as “comprise” or “have” are intended to designate that a feature, number, step, operation, component, part, or combination thereof described in the specification exists, but one or more other features It should be understood that this does not preclude the existence or addition of numbers, steps, operations, components, parts, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical and scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the related art, and should not be interpreted in an ideal or excessively formal meaning unless explicitly defined in the present application. does not

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings.

The license management system according to the embodiments of the present invention may be implemented by at least one computer device, and the license management method according to the embodiments of the present invention is performed through at least one computer device implementing the license management system. can be The computer program according to an embodiment of the present invention may be installed and driven in the computer device, and the computer device may perform the license management method according to the embodiments of the present invention under the control of the driven computer program.

1 is a diagram illustrating an example of a network environment according to an embodiment of the present invention. The network environment of FIG. 1 shows an example including a plurality of electronic devices 110 , 120 , 130 , 140 , a plurality of servers 150 , 160 , and a network 170 . 1 is an example for explaining the invention, and the number of electronic devices or the number of servers is not limited as in FIG. 1 . In addition, the network environment of FIG. 1 only describes one example of environments applicable to the present embodiments, and the environment applicable to the present embodiments is not limited to the network environment of FIG. 1 .

The plurality of electronic devices 110 , 120 , 130 , and 140 may be a fixed terminal implemented as a computer device or a mobile terminal. Examples of the plurality of electronic devices 110 , 120 , 130 , 140 include a smart phone, a mobile phone, a navigation device, a computer, a notebook computer, a digital broadcasting terminal, a personal digital assistant (PDA), and a portable multimedia player (PMP). ), tablet PCs, etc. As an example, in FIG. 1 , the shape of a smartphone is shown as an example of the electronic device 110 , but in embodiments of the present invention, the electronic device 110 is substantially different through the network 170 using a wireless or wired communication method. It may refer to one of various physical computer devices capable of communicating with the electronic devices 120 , 130 , 140 and/or the servers 150 and 160 .

The communication method is not limited, and not only a communication method using a communication network (eg, a mobile communication network, a wired Internet, a wireless Internet, a broadcasting network) that the network 170 may include, but also short-range wireless communication between devices may be included. For example, the network 170 may include a personal area network (PAN), a local area network (LAN), a campus area network (CAN), a metropolitan area network (MAN), a wide area network (WAN), and a broadband network (BBN). , the Internet, and the like. In addition, the network 170 may include any one or more of a network topology including a bus network, a star network, a ring network, a mesh network, a star-bus network, a tree or a hierarchical network, etc. not limited

Each of the servers 150 and 160 communicates with the plurality of electronic devices 110 , 120 , 130 , 140 and the network 170 through a computer device or a plurality of computers that provides commands, codes, files, contents, services, etc. It can be implemented in devices. For example, the server 150 provides a service (eg, a license management service, a key exchange service, an archiving service, and a file distribution) to the plurality of electronic devices 110 , 120 , 130 , 140 accessed through the network 170 . service, map service, content providing service, group call service (or voice conference service), messaging service, mail service, social network service, translation service, financial service, payment service, search service, etc.).

2 is a block diagram illustrating an example of a computer device according to an embodiment of the present invention. Each of the plurality of electronic devices 110 , 120 , 130 , 140 or the servers 150 and 160 described above may be implemented by the computer device 200 illustrated in FIG. 2 .

As shown in FIG. 2 , the computer device 200 may include a memory 210 , a processor 220 , a communication interface 230 , and an input/output interface 240 . The memory 210 is a computer-readable recording medium and may include a random access memory (RAM), a read only memory (ROM), and a permanent mass storage device such as a disk drive. Here, a non-volatile mass storage device such as a ROM and a disk drive may be included in the computer device 200 as a separate permanent storage device distinct from the memory 210 . Also, an operating system and at least one program code may be stored in the memory 210 . These software components may be loaded into the memory 210 from a computer-readable recording medium separate from the memory 210 . The separate computer-readable recording medium may include a computer-readable recording medium such as a floppy drive, a disk, a tape, a DVD/CD-ROM drive, and a memory card. In another embodiment, the software components may be loaded into the memory 210 through the communication interface 230 instead of a computer-readable recording medium. For example, the software components may be loaded into the memory 210 of the computer device 200 based on a computer program installed by files received through the network 170 .

The processor 220 may be configured to process instructions of a computer program by performing basic arithmetic, logic, and input/output operations. The instructions may be provided to the processor 220 by the memory 210 or the communication interface 230 . For example, the processor 220 may be configured to execute a received instruction according to a program code stored in a recording device such as the memory 210 . In this case, the processor 220 may provide a function for configuring a secure computing environment such as a Trusted Execution Environment (TEE) to a processing device such as the computer device 200 .

The communication interface 230 may provide a function for the computer device 200 to communicate with other devices via the network 170 . For example, a request, command, data, file, etc. generated by the processor 220 of the computer device 200 according to a program code stored in a recording device such as the memory 210 is transmitted to the network ( 170) to other devices. Conversely, signals, commands, data, files, etc. from other devices may be received by the computer device 200 through the communication interface 230 of the computer device 200 via the network 170 . A signal, command, or data received through the communication interface 230 may be transferred to the processor 220 or the memory 210 , and the file may be a storage medium (described above) that the computer device 200 may further include. persistent storage).

The input/output interface 240 may be a means for an interface with the input/output device 250 . For example, the input device may include a device such as a microphone, keyboard, or mouse, and the output device may include a device such as a display or a speaker. As another example, the input/output interface 240 may be a means for an interface with a device in which functions for input and output are integrated into one, such as a touch screen. The input/output device 250 may be configured as one device with the computer device 200 .

Also, in other embodiments, the computer device 200 may include fewer or more components than those of FIG. 2 . However, there is no need to clearly show most of the prior art components. For example, the computer device 200 may be implemented to include at least a portion of the above-described input/output device 250 or may further include other components such as a transceiver and a database.

3 is a diagram illustrating an example of components of a license management system according to an embodiment of the present invention. The license management system 300 according to the present embodiment may include a root system 310 and a plurality of license management servers (License Management Server, LMS) 320 . In addition, FIG. 3 shows a plurality of node software 330 installed and driven in a user's terminal of the software as a license grant target. This plurality of node software 330 may be instances of a particular computer program.

The root system 310 may control the entire license system, and each of the plurality of LMSs 320 may be responsible for issuing and monitoring an actual license. In this case, each of the root system 310 and the plurality of LMSs 320 may be implemented in a separate hardware device (eg, the computer device 200), but at least two or more may be implemented in one hardware device.

The root system 310 is isolated from the offline (cold site), and may be connected online (eg, the Internet) only when information exchange with at least one of the plurality of LMSs 320 is occasionally required. Each of the plurality of LMSs 320 may be a server program running online, and each of the plurality of node software 330 may also be software running online.

The root system 310 and the plurality of LMSs 320 may be managed by a software developer (or service provider), and each of the plurality of node software 330 may be used by a corresponding software user.

A license may be issued according to a certificate system according to a public key infrastructure (PKI). For example, the root system 310 may store a root certificate 311 and a root key pair of a corresponding private key and a public key, and may issue an intermediate certificate 321 for each of the plurality of LMSs 320 . there is. Each of the plurality of LMSs 320 may store their intermediate certificate 321 and an intermediate key pair of a corresponding private key and public key, and may issue a license 331 for a plurality of node software 330 . there is. After receiving the license 331 , the plurality of node software 330 may check whether the license 331 is issued in the correct order from the root certificate 311 .

The license 331 can be considered valid only when it is signed according to a certificate chain descending from the root certificate 311 . If the expiration date of the upper certificate (the root certificate 311 and/or the intermediate certificate 321) expires before the end of the license period, the license will be rejected undesirably. Therefore, when designing the term of the upper certificate, it can be designed so as not to interfere with the term of the license.

For all licenses, it may be set so that at least one higher-level certificate including the duration of the license exists. To this end, the period of the upper certificate may be set to overlap for a certain period of time.

4 is a diagram illustrating an example of a certificate period design according to an embodiment of the present invention. The table in FIG. 4 is an example of the certificate period design. In this embodiment, the root certificate has a ten-year life (or period) and can be additionally issued once every five years, and the intermediate certificate has a five-year life span and two years. It can be issued one more time. Additionally, licenses have a one-year or two-year term. In this case, there are intermediate and root certificates that can include licenses at any time during the license period. In the example of FIG. 4 , the license 1 may be authenticated with the intermediate certificate 1 and the root certificate 1, and the license 2 may be authenticated with the intermediate certificate 2 and the root certificate 1. License 3 can be authenticated with intermediate certificate 4 and root certificate 2.

The license 331 may include at least one of the following (1) to (7).

(1) period of use of the software (date)

(2) Functions Available and/or Unusable in the Software (List of Functions)

(3) Number of software that can be run simultaneously (number)

(4) how much the software can store certain data (number)

(6) The maximum number (number) that the software can establish a connection with an external program

(7) The name of the software being licensed, the name of the computer to be allowed to run, identifiers, etc.

The license 331 may include at least one of these contents (1) to (7) signed with the key of the intermediate certificate (private key of the LMS), and related certificates may be attached thereto.

5 is a diagram illustrating an example of a license according to an embodiment of the present invention. In the embodiment of Fig. 5, the license is used for the expiration date, functions that can be used, functions that cannot be used, the number of concurrent executions as the number of software that can be executed simultaneously, storage capacity as the capacity for the software to store specific data, and the number of software subject to license It contains a MAC (Media Access Control) address as an identifier, and as a related certificate, it includes a root certificate, an intermediate certificate, and a signature using the key of the intermediate certificate.

6 is a flowchart illustrating an example of a license management method according to an embodiment of the present invention. The license management method according to the present embodiment may be performed by the computer device 200 implementing any one of the plurality of license management servers 320 described with reference to FIG. 3 . According to an embodiment, the computer device 200 may implement two or more of the plurality of license management servers 320 , and may be implemented to further include a root system 310 . The root system 310 may be implemented in a separate physical device to communicate with the computer device 200 through the network 170 . In this case, the processor 220 of the computer device 200 may be implemented to execute a control instruction according to a code of an operating system included in the memory 210 or a code of at least one computer program. In this case, the processor 220 causes the computer device 200 to perform the steps 610 to 640 included in the method of FIG. 6 according to a control command provided by the code stored in the computer device 200 . can control Here, the computer program may be combined with the computer device 200 and stored in a computer-readable recording medium to execute the license management method in the computer device.

In operation 610, the computer device 200 may be issued an intermediate certificate through the root system. For example, the computer device 200 may generate an intermediate key pair including the intermediate private key and the intermediate public key, and may transmit the intermediate public key to the root system. In this case, the computer device 200 may receive an intermediate certificate including the intermediate public key through the root system and signed with the public key of the root system. The process of issuing the intermediate certificate will be described in more detail later with reference to FIG. 7 .

In step 620, the computer device 200 may issue a license to the node software. For example, the computer device 200 may issue a license to the node software that includes the node identifier of the node software and is signed with the intermediate public key. In this case, the node identifier included in the license may be verified in the node software for which the license is issued by using a unique key (hereinafter, 'CPU unique key') for the trusted execution environment of the node software for which the license is issued. The trusted execution environment is a secure computing environment configured by utilizing functions (including the CPU unique key) installed in the CPU (processor), and can provide a separate and independent secure area within the main processor. In the processor in which the normal area and the secure area are separated, important information such as biometric information, payment information, and corporate security documents may be stored in the secure area, and information exchange with the general area is controlled and secure software can run safely. The physical device on which the node software is installed and operated can verify the node identifier included in the license by using the unique CPU key for this trusted execution environment. Also, the node software can check whether the issued licenses were issued in the correct order from the root certificate. For example, the node software can verify the intermediate certificate of the license management server associated with the license by signing the intermediate certificate and the intermediate certificate. In this case, the intermediate certificate may include a signature of the root certificate, and the node software verifies the root certificate through the signature of the root certificate and the root certificate, thereby confirming whether the licenses are issued in the correct order from the root certificate. The process of issuing a license to the node software will be described in more detail later with reference to FIGS. 8 to 11 .

In operation 630 , the computer device 200 may check whether the number of running node software is less than or equal to the number permitted through the license. For example, when the node software is first executed, the node software may request node registration by sending an identifier (hereinafter, 'NID') of the node software to the license management server. In this case, the license management server may determine and deliver a report cycle (eg, 1 hour) to the node software. Node software can send a report containing its NID and execution statistics from the license management server whenever the reporting cycle returns while it is running. The license management server can collect and store information sent by multiple node software. In this case, the license management server may check whether the software corresponding to the license is running in the number of node software greater than the limit set by the license through the collected information. If the software corresponding to the license is running in the number of node software more than the limit set by the license, the license management server may notify the software developer of the violation of the license.

In operation 640 , the computer device 200 may reissue the certificate or license according to the expiration date of the certificate or license. Licenses, intermediate certificates and root certificates have expiration dates and may require renewal. When the validity period of the license is near or expires, the node software may communicate with the license management server to be issued a new license as in step 620 . The license management server may communicate with the root system to issue a new intermediate certificate as in step 610 . The new intermediate certificate will be used for future license issuance. The root system can issue new root certificates. A new root certificate may be included in licenses distributed as node software after the issuance of the root certificate.

7 is a diagram illustrating an example of a process for issuing an intermediate certificate according to an embodiment of the present invention. 7 shows a root system 710 and an LMS 720 .

In step 731 , the root system 710 may generate a root key pair and a root certificate. Here, the root key pair may include a private key (root private key) and a public key (root public key) of the root system 710 . Meanwhile, the root certificate generated in the root system 710 may be included in the node software and used for comparison with a root certificate included in a license issued to the node software later. In this case, a root key pair may be generated for each root certificate.

In step 732, LMS 720 may generate an intermediate key pair. Here, the intermediate key pair may include a private key (intermediate private key) and a public key (intermediate public key) of the LMS 720 . In this case, an intermediate key pair may be generated for each intermediate certificate.

Here, steps 731 and 732 are steps that can be performed in parallel, and for example, step 732 may be performed before step 731 .

In step 733 , the LMS 720 may transmit the intermediate public key to the root system 710 . For example, the LMS 720 may transmit the intermediate public key together while requesting the issuance of the intermediate certificate to the root system 710 . As already described, the root system 710 is isolated from the offline (cold site), and can be connected online (eg, the Internet) only when information exchange with the LMS 720 is occasionally required.

In step 734, the root system 710 may issue an intermediate certificate with the root public key. For example, the root system 710 may include the intermediate public key delivered in step 733 and generate an intermediate certificate signed with the root public key.

In step 735 , the root system 710 may forward the intermediate certificate to the LMS 720 . These intermediate certificates can then be included in licenses issued to the node software.

In step 736, the LMS 720 may store the intermediate certificate. According to the certificate period design described above with reference to FIG. 4 , the LMS 720 may receive and store a plurality of intermediate certificates.

8 is a diagram illustrating an example of a process of issuing a license according to an embodiment of the present invention. 8 shows an LMS 720 and node software 810 .

In step 821 the node software 810 may generate the NID. Here, the NID may be generated including computer information, user information, software information, and a random number of a computer device in which the node software 810 is installed and driven.

In step 822 , node software 810 may pass the NID to LMS 720 . For example, the node software 810 may transmit the NID while requesting the issuance of a license to the LMS 720 .

In step 823, the LMS 720 may determine whether or not to issue a license and an issuance condition. For example, the LMS 720 applies a license to the node software 810 in accordance with a rule set by the software developer and/or in consideration of whether a license already issued to the node software 810 exists by querying the database. You can decide whether to issue a license or not, and if so, under what conditions to issue a license.

In step 824, the LMS 720 may select an intermediate certificate that may include a license period from among the intermediate certificates stored. If an intermediate certificate including the period of the license to be issued is not stored, a new intermediate certificate may be issued through the root system 710 described with reference to FIG. 7 .

In step 825, the LMS 720 may sign the license with an intermediate public key corresponding to the selected intermediate certificate. The content included in the license has been previously described in detail with reference to FIG. 5 . The signature of the license can be generated by signing the intermediate certificate with the intermediate public key.

In step 826 , the LMS 720 may pass the signed license to the node software 810 .

In step 827, the node software 810 may verify the transferred license. The process of verifying the license will be described in more detail later with reference to FIG. 11 .

In step 828 the node software 810 may operate according to the license terms. The license conditions may correspond to conditions according to the content included in the license described above with reference to FIG. 5 , and the node software 810 may operate according to the conditions specified in the license.

9 is a diagram illustrating an example of an NID generation algorithm according to an embodiment of the present invention. The NID generation algorithm may be substantially performed by a physical computer device (eg, the computer device 200 of FIG. 2 ) in which the node software 810 described with reference to FIG. 8 is installed and driven, but in the embodiment of FIG. For convenience of description, it is described that the NID generation algorithm performs the NID generation process.

At this time, in the embodiment of FIG. 9 , the NID generation algorithm may inquire 910 information of the current computer, user, and software on which the node software 810 is installed and driven, and may generate 920 a random number. In this case, the NID generation algorithm may generate the NID 930 including computer information, user information, software information, and a random number. Here, the NID 930 may correspond to the NID described above in step 810 of FIG. 8 .

Thereafter, the NID generation algorithm may encrypt 950 the NID 930 using the CPU unique key 940 , and may calculate the NID hash value 970 using the hash algorithm 960 . As an example, the NID generation algorithm may process encryption 950 and hash value calculation of the NID 930 using a Hash based Message Authentication Code (HMAC) algorithm. In this case, the NID generation algorithm may output 980 the NID hash value 970 and may output 990 the NID 930 . The NID 930 may be transmitted to the LMS 720 when requesting the issuance of a license, and the NID hash value 970 may be used to verify the NID included in the later issued license.

10 is a diagram illustrating an example of an NID checking algorithm according to an embodiment of the present invention. The NID checking algorithm may be substantially performed by a physical computer device (eg, the computer device 200 of FIG. 2 ) in which the node software 810 described with reference to FIG. 8 is installed and driven, but in the embodiment of FIG. For convenience of description, it is described that the NID check algorithm performs the NID check process.

In this case, in the embodiment of FIG. 10 , the NID check algorithm may receive an input 1010 of an NID, and may receive an input 1020 of an NID hash value. In this case, the NID input 1010 may be an NID included in the license, and the NID hash value input 1020 may correspond to the NID hash value 970 described with reference to FIG. 9 . The NID check algorithm may generate a first comparison result by comparing (1030) computer information, user information, and software information included in the input (1010) NID with information of a current computer, user, and software.

In addition, the NID check algorithm may encrypt 1040 the NID input 1010 with the CPU unique key 940 , and may calculate the NID hash value 1050 using the hash algorithm 960 . As an example, the NID check algorithm may process encryption 1040 of the inputted NID 1010 and calculation of a hash value using the HMAC algorithm. In this case, the NID check algorithm may generate a second comparison result by comparing (1060) the input (1020) the NID hash value and the calculated NID hash value (1050).

Also, the NID inspection algorithm may output 1070 the inspection result. In this case, the test result may include a first comparison result and a second comparison result. For example, the computer information, user information, and software information included in the NID input 1010 according to the first comparison result is not the same as the information of the current computer, user, and software, or is input 1020 according to the second comparison result If the calculated NID hash value and the calculated NID hash value 1050 are not the same, the NID may not be verified, and as a result, the issued license may not be verified.

11 is a diagram illustrating an example of a license verification algorithm according to an embodiment of the present invention. The license check algorithm may be substantially performed by a physical computer device (eg, the computer device 200 of FIG. 2 ) on which the node software 810 described with reference to FIG. 8 is installed and driven, but in the embodiment of FIG. For convenience of explanation, it is described that the license check algorithm performs the license check process.

In step 1110, the license check algorithm may check whether the current time is included in the license validity period. This step 1110 may be performed to check whether the validity period of the license has passed. In this case, when the verification fails, step 1170 may be performed.

In step 1120, the license check algorithm may verify the NID included in the license. This step 1120 may be an example of the NID verification process performed through the NID verification algorithm described above with reference to FIG. 10 . In this case, when the verification fails, step 1170 may be performed.

In step 1130, the license check algorithm may check whether the signature included in the license is signed with the intermediate public key of the intermediate certificate included in the license. In this case, when the verification fails, step 1170 may be performed.

In step 1140 , the license checking algorithm may check whether the intermediate certificate included in the license is signed with the public key of the root certificate included in the license. In this case, when the verification fails, step 1170 may be performed.

In step 1150 , the license checking algorithm may check whether the root certificate included in the license is included in the list of root certificates included in the software. Here, the software may correspond to, for example, the node software 810 as software to be licensed. In this case, when the verification fails, step 1170 may be performed.

In step 1160 the node software 810 may operate according to the license terms. The license conditions may correspond to conditions according to the content included in the license described above with reference to FIG. 5 , and the node software 810 may operate according to the conditions specified in the license.

In step 1170, the license check algorithm may terminate the software. Here, the software may correspond to, for example, the node software 810 as software to be licensed.

As such, according to embodiments of the present invention, it is possible to provide a method and system for managing a license that is difficult to bypass based on a trusted execution environment that is a hardware element. In addition, inspection devices can be added to support various business models, such as limiting the number of servers, limiting the use period, and limiting the functions used. , the license can be operated for a long time.

The system or apparatus described above may be implemented as a hardware component or a combination of a hardware component and a software component. For example, devices and components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA). , a programmable logic unit (PLU), microprocessor, or any other device capable of executing and responding to instructions, may be implemented using one or more general purpose or special purpose computers. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. A processing device may also access, store, manipulate, process, and generate data in response to execution of the software. For convenience of understanding, although one processing device is sometimes described as being used, one of ordinary skill in the art will recognize that the processing device includes a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that can include For example, the processing device may include a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as parallel processors.

Software may comprise a computer program, code, instructions, or a combination of one or more thereof, which configures a processing device to operate as desired or is independently or collectively processed You can command the device. The software and/or data may be any kind of machine, component, physical device, virtual equipment, computer storage medium or apparatus, to be interpreted by or to provide instructions or data to the processing device. may be embodied in The software may be distributed over networked computer systems and stored or executed in a distributed manner. Software and data may be stored in one or more computer-readable recording media.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, etc. alone or in combination. The medium may continuously store a computer executable program, or may be a temporary storage for execution or download. In addition, the medium may be various recording means or storage means in the form of a single or several hardware combined, it is not limited to a medium directly connected to any computer system, and may exist distributedly on a network. Examples of the medium include a hard disk, a magnetic medium such as a floppy disk and a magnetic tape, an optical recording medium such as CD-ROM and DVD, a magneto-optical medium such as a floppy disk, and those configured to store program instructions, including ROM, RAM, flash memory, and the like. In addition, examples of other media may include recording media or storage media managed by an app store for distributing applications, sites supplying or distributing other various software, and servers. Examples of program instructions include not only machine language codes such as those generated by a compiler, but also high-level language codes that can be executed by a computer using an interpreter or the like.

As described above, although the embodiments have been described with reference to the limited embodiments and drawings, various modifications and variations are possible from the above description by those skilled in the art. For example, the described techniques are performed in an order different from the described method, and/or the described components of the system, structure, apparatus, circuit, etc. are combined or combined in a different form than the described method, or other components Or substituted or substituted by equivalents may achieve an appropriate result.

Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

Claims (5)

In the license management method of a computer device comprising at least one processor,
generating, by the at least one processor, an intermediate key pair including an intermediate private key and an intermediate public key;
transmitting, by the at least one processor, the intermediate public key to a root system, and receiving an intermediate certificate signed with the root public key of the root system while including the transmitted intermediate public key through the root system;
receiving, by the at least one processor, a node identifier of the node software from node software, and issuing, to the node software, a license signed with the intermediate public key, the license including the received node identifier and the intermediate certificate; and
confirming, by the at least one processor, whether the number of node software being executed according to the condition of the issued license is less than or equal to the number permitted through the license;
including,
The node identifier is generated and transmitted to the computer device in a physical device in which the node software is installed and run;
The first encrypted node identifier is generated by encrypting the node identifier in the physical device using a unique key included in the trusted execution environment of the physical device,
When the node software is issued the license, the node identifier included in the license is encrypted using the unique key in the physical device to generate a second encrypted node identifier,
By comparing the hash value of the first encrypted node identifier and the hash value of the second encrypted node identifier in the physical device, the node identifier included in the license is verified in the node software that has been issued the license,
In the physical device, it is confirmed whether the signature included in the license is signed with an intermediate public key of an intermediate certificate included in the license;
Checking in the physical device whether the intermediate certificate included in the license is signed with the root public key
A license management method, characterized in that. In the license management method of a computer device comprising at least one processor,
generating, by the at least one processor, a first node identifier;
transmitting, by the at least one processor, the generated first node identifier to a license management server;
encrypting, by the at least one processor, the generated first node identifier using a unique key for a trusted execution environment of the computer device;
calculating, by the at least one processor, a first hash value of the encrypted first node identifier;
receiving, by the at least one processor, a license from the license management server;
encrypting, by the at least one processor, the second node identifier included in the license with the unique key;
calculating, by the at least one processor, a second hash value of the encrypted second node identifier;
verifying, by the at least one processor, the node identifier included in the license by comparing the first hash value and the second hash value;
confirming, by the at least one processor, whether the signature included in the license is signed with an intermediate public key of an intermediate certificate included in the license; and
checking, by the at least one processor, whether the intermediate certificate included in the license is signed with a root public key of a root system
including,
The license management server,
generating an intermediate key pair including an intermediate private key and an intermediate public key;
transmitting the intermediate public key to the root system, and receiving an intermediate certificate signed with the root public key of the root system while including the transmitted intermediate public key through the root system;
receiving the node identifier of the node software from the computer device in which the node software is installed and running, and issuing a license signed with the intermediate public key to the node software, including the received node identifier and the intermediate certificate;
Implemented to check whether the number of running node software is less than or equal to the number permitted through the license according to the conditions of the issued license
A license management method, characterized in that. 3. The method of claim 2,
The first node identifier includes first computer information of the computer device, first user information of a user of the computer device, and first software information of software subject to the license,
checking, by the at least one processor, second computer information, second user information, and second software information included in the second node identifier included in the license; and
Compare, by the at least one processor, the identified second computer information, second user information and second software information with the first computer information, the first user information and the first software information, and include in the license Further verifying the second node identifier
License management method further comprising. 3. The method of claim 2,
confirming, by the at least one processor, whether the root certificate included in the license is included in a list of root certificates included in the software subject to the license
License management method further comprising. at least one processor implemented to execute instructions readable by a computer device
including,
by the at least one processor;
generating an intermediate key pair including an intermediate private key and an intermediate public key;
transmitting the intermediate public key to a root system, and receiving an intermediate certificate signed with the root public key of the root system while including the transmitted intermediate public key through the root system;
receive a node identifier of the node software from node software, and issue a license signed with the intermediate public key to the node software, the license including the received node identifier and the intermediate certificate;
Checking whether the number of node software running according to the conditions of the issued license is less than or equal to the number permitted through the license;
The node identifier is generated and transmitted to the computer device in a physical device in which the node software is installed and run;
The first encrypted node identifier is generated by encrypting the node identifier in the physical device using a unique key included in the trusted execution environment of the physical device,
When the node software is issued the license, the node identifier included in the license is encrypted using the unique key in the physical device to generate a second encrypted node identifier,
By comparing the hash value of the first encrypted node identifier and the hash value of the second encrypted node identifier in the physical device, the node identifier included in the license is verified in the node software that has been issued the license,
In the physical device, it is confirmed whether the signature included in the license is signed with an intermediate public key of an intermediate certificate included in the license;
Checking in the physical device whether the intermediate certificate included in the license is signed with the root public key
A computer device comprising a.

Images