Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
  • G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Definitions

• the present invention relates to a method for managing a temporary license to a computer application executable on a network component.
• Modern data processing networks such as e.g. Telecommunications networks usually have very complex network components. These network components have a wide variety of tasks and must therefore be very universally configurable, for example, to be used in telecommunications with different time-slot-oriented and packet-oriented transmission methods. In addition, it is also necessary to adapt certain network components to the different usage contracts that a subscriber can conclude with a network operator.
• networks are also primarily used to ensure software applications that specific administratively activatable functionalities can be provided and used with certain network components.
• the present invention is therefore based on the object of specifying a method for managing a time-limited license on a computer component executable on a network component, which ensures that a computer application after the expiration of the license period is no longer available for further unauthorized use ,
• a method for managing a time-limited license on a computer application executable on a network component in which: a) a license data record is created which comprises at least the information about the computer application to be licensed, a license period and a signing time; b) the license record is read by a license server and based on the information about the signing time
• Reference date for this computer application is determined; c) the reference date is compared with a system time defined for the network component for determining a binding current time base for the license server; (d) it is determined by comparison whether the
• Computer application is executed on the basis of the current time base and / or due to the granted license period, wherein e) the reference date on the license server is continuously updated and stored.
• the method according to the invention allows the license server to be used on the network component itself can be executed, based on the determination of the reference date and on the basis of its ongoing updating, to establish a timeframe independent of the system time against which the promised license period can be evaluated.
• the license data set may further comprise a digital signature with which it can be ensured that only the owner of the signature key is also able to store the data of the license key
• the license record is read by the license server cyclically or due to an event trigger.
• the cyclical evaluation of the license data record can therefore have the advantage that, for example, an update or an extension of the license duration can be performed automatically by the license server without additional measures.
• the signing time can only be used after successful signature verification to determine the reference datum.
• the determination and updating of the reference datum is of particular importance for the course of the method according to the invention, because this reference datum is the central information for determining the current time base against which the other time data are evaluated.
• the license server can use the system time as the current time base if the comparison of the system time with the previously determined reference date comes to the conclusion that the system time is less than or equal to the reference date. In this way, it is ensured that the time base of the license server, taking into account the above condition on the so-called recent time base.
• the procedure be reversed ie the reference date is used to determine whether the license period has not expired without adjustment to the system time as the current time base of the license server, if the comparison of the system time with the previously determined reference date The result is that the system time is older than the previously specified reference date. In this way, it is safely ruled out that a use of the computer application can be made, for example, if the system time was frozen or even reset, because the system time may still be within the license period, even then updated reference date but already after the end the guaranteed license period.
• the network component for updating the reference date may assign a counter whose count is added to the reference date continuously or discontinuously. For the same reason mentioned above, it is then also advantageous to store the updated reference data on the network component in a protected mode so that an abusive manipulation can also be better excluded here.
• Figure 1 is a schematic representation of a
• Figure 2 is a schematic representation of the process for updating the reference date based on two
• Figure 3 is a schematic representation of a typical structure of a license record
• Figure 4- an example of a license record.
• FIG 1 shows a schematic representation of a network element NE, which is arranged in a communication network not shown here, and a user-side FTP server FtpS.
• a licensor sends a user a license record LF (for example by email), which the user can save on his FTP server FtpS.
• This license data set LF includes i.a. a binding Sign istsZeittician - hereinafter called Creation Date CD.
• This creation date CD can specify the signing time of the license record LF.
• Figures 3 and 4 give below in detail information.
• a license server LS and data record server FS as well as a timer T and a system clock SC are included on the network element NE.
• the license server LS maintains a reference date RD and a second internal time base C2 for determining a current time base AZ.
• the license server LS also has the task of managing the licenses granted in the license data record LF and the reference date RD and of controlling the registered computer applications accordingly.
• the record server FS provides the file management for the license record LF with the creation date CD and the Reference date RD ready with the second internal time base C2.
• Figure 2 shows schematically the procedure for checking and updating the reference date RD, which for the plague position, whether the user is still entitled to use a particular computer application, has central importance.
• the license server LS reads for this purpose the license record LF and first checks the signature of the license record LF. After finding the positive
• Reference date RD the reference date RD is left unchanged for the license server LS and the count of the second internal time base C2 is added to this reference date RD.
• the part b) of Figure 2 shows exactly the other case where the Creation Date CD is younger than the reference date RD.
• An arrow P is hereby intended to represent the method step, which consists in equating the reference date RD with the creation date CD and setting the count of the second internal time base C2 to zero.
• the current time base AZ for the license server LS then results from the comparison of the system time SC with the reference date RD. Therefore, an update of the reference date RD does not necessarily have to change the current time base AZ.
• the count value of the second internal time base C2 is now continuously added to the reference date due to the reading of the license data record LF and due to an authorized use. If, for example, the count has reached the number of 86400 seconds (24h * 60min * 60sec), that will be
• Reference date RD increased by one day and count reduced by 86400.
• the reference date RD and the value of the second internal time base C2 can be stored cyclically in the data set server FS, wherein the storage interval can be defined at discretion. The separation takes place on the network element NE with a limited read / write access.
• the next important comparison for the determination of the authorization is the comparison of the so initially fixed and continuously updated reference date RD with the system time according to the system clock SC.
• This system clock SC can indeed be specified by the operator of the network element NE, which is why the license server LS compares the system time with the reference data RD.
• the reference date RD acts on the license server LS as a limit for the time of the system clock SC, hereinafter referred to as system time SC. If the system time SC is later than or equal to the reference date RD, the system time SC is used as the current time base AZ for the license server LS, i. the license server LS uses this time base for the further check for a possible expiration of the license duration. If the system time SC is older than the reference date, the reference date RD remains relevant for the current time base AZ of the license server LS and thus for the further authorization check.
• This license record LF contains an indication of all licenses and is protected by a signature.
• This license record LF is created for a particular network element NE or for a particular network with a number of network elements NE and in the present case also contains a MAC address or a MAC address list in order to identify the hardware used.
• the license record LF comprises the general information such as the unique identifier of the license record (File id), the customer name, the name of the product (Product name), Information about the signature (Signatare info) and the so important Creation Date CD (Creation date), which corresponds to the date of signing of the license data set LF.
• File id the unique identifier of the license record
• Product name the name of the product
• Signatare info Information about the signature
• Creation Date CD Creation date
• entries in the MAC address list contain the network components listed there.
• the next data block is devoted to the actual license.
• feature info indicates the name / designation of the licensed software
• feature id is a unique ID code for the licensed computer application.
• An entry under the “Locking mode” controls the behavior of the license server LS after the expiry of a temporary license, such as the generation of alarms, the locking of the computer application or their deinstallation "are self-explanatory and define the period of validity of the license, ie the license period LP, so that a time-limited licensed computer application can only be executed if the current time base AZ is in the license period LP defined by the fields" Start "and” End ".
• a software tendered license data record LF is exemplified in FIG.

Landscapes

• Engineering & Computer Science (AREA)
• Software Systems (AREA)
• Computer Security & Cryptography (AREA)
• Theoretical Computer Science (AREA)
• Computer Hardware Design (AREA)
• Physics & Mathematics (AREA)
• General Engineering & Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Multimedia (AREA)
• Technology Law (AREA)
• Management, Administration, Business Operations System, And Electronic Commerce (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=35679359

Family Applications (1)

Country Status (5)

Families Citing this family (14)

Citations (2)

Family Cites Families (14)

• 2004
  • 2004-11-18 DE DE102004055759A patent/DE102004055759B4/de not_active Expired - Fee Related
• 2005
  • 2005-10-27 CN CN200580039680.7A patent/CN101061451B/zh not_active Expired - Fee Related
  • 2005-10-27 WO PCT/EP2005/011503 patent/WO2006053631A1/de active Application Filing
  • 2005-10-27 US US11/667,426 patent/US7890429B2/en not_active Expired - Fee Related
  • 2005-10-27 EP EP05800611A patent/EP1815308A1/de not_active Ceased

Patent Citations (2)

Also Published As

Similar Documents

Legal Events