Digital supply management, such as digital rights management, faces some unique challenges. For example, digital rights management can include transactions of digital rights relating to device functionality, capability usages (e.g., application module usage or hardware module usage), other electronic services. The digital rights can authorize a quantifiable usage (e.g., by duration, usage count, input or output amount, etc.) of a protected resource (e.g., a functionality, an application, a device, a module, or a service) enabling participation or engagement in a digital activity on an end-user computing device. In these cases, the sellers of the transactions are publishers or issuers, who control and/or restrict access to the protected resources. What is being sold in a transaction of digital right can be referred to as a “license.” For example, the license can be embodied as a digital string used to verify grant of the digital rights and unlock one or more resources protected by a control kernel.
Conventional digital rights management utilizes a centralized manager system (e.g., a back-office system) controlled by a vendor/publisher of the licenses to communicate with any device that uses the license. In turn, each of these devices implements a control kernel that restricts access to its one or more protected resources unless a verifiable license indicating a relevant digital right is presented to the control kernel. The publisher or issuer of the protected resources can sell and distribute licenses directly or indirectly to customers. The licenses can then serve as keys to the usage of the applications, services, or functionalities. The control kernels can validate the key periodically with the centralized manager system.
An enterprise customer can have a license server that stores transaction records of licenses in a trusted storage (TS), where each license can grant an end-user computing device some form of digital access. If a license server goes down, the end devices may not be able to get the licenses from the license server. An enterprise would run a back-up server so the clients can switch to it if the main server fails. However, the enterprise customers cannot always ensure that the licensing state of main server when brought back online after the failure is identical to the state of the back-up server at this moment. Even in the situation where the enterprise restores the main server state from the data stored in the back-office, the main server might be missing the data from the back-up server created during the main server black-out. This dilemma impairs the robustness of the digital supply management system, causing either the issuers of the licenses to take risk in trusting the recovered licensing server or the customers to take risk in possibly losing purchased licenses in the event of device failures. Thus, the conventional architecture for a digital supply management system cannot always be trusted during device failure events.