The present invention relates to an apparatus and method for a cryptographic-based license management. More specifically, the present invention relates to a cryptographic based licensing management system for managing and verifying licenses for associated licensed products of a device.
Gateway devices, such as servers and network interface devices, typically allow a user (e.g., client device) to gain access to associated services, software, or databases on other networks through the gateway device itself. Further, some gateway devices may be configured to maintain different service packages or software packages which may be accessed and utilized by a qualified or authorized user. The services or software package maintained on the gateway device typically require a service technician to manually install and maintain the software package and configure the gateway device to allow the user the ability to access and utilize the desired or selected services or software packages.
For instance, a gateway device may be configured to allow a user access to an external network, such as the Internet. In addition, the gateway device may be configured to make use of a software package, such as an Internet content filtering software package, in response to a request from an authorized operator. Accordingly, the operator of the gateway device is required to manually install the software package and configure the gateway device (e.g., set passwords, configure protocol, establish ports, enable licensed usage, etc.) to allow use of the desired software package (i.e., Internet content filtering software package). Further, the operator of the gateway device must also track how long the use of such software package is authorized or licensed (e.g., time period), and accordingly disable or remove the software package when the software package is no longer authorized or licensed.
Accordingly, when the software package is no longer licensed or otherwise authorized, the operator of the gateway device is required to manually reconfigure the gateway device to prevent the unauthorized access to the desired software package. Such operations can become time consuming and unmanageable as an operator of a gateway device typically does not operate a single gateway device, but rather may operate hundreds or even thousands of such gateway devices.
Moreover, the operators of such gateway devices are faced with the problem of having to reconfigure hundreds and even thousands of different gateway interface devices at multiple geographically dispersed locations.
It is therefore desirable to provide a system which allows the operator of a gateway device the ability to remotely configure and authorize the usage of product options (e.g., software or service) of a gateway device through a secure cryptographic-based licensing management system.
Embodiments of the present invention provide a cryptographic-based license management device comprising a license authority configured to generate a license in response to a product option request; an interface module having a plurality of product options that may be selectively enabled in response to a valid license issued by the license authority; a non-volatile memory associated with the interface module, the non-volatile memory module containing a programmable verification component for determining the authenticity of the license; and a license verification module associated with the interface module, the license verification module configured to verify the authenticity of a license using the programmable verification component contained within the non-volatile memory and enable selected product options provided the license is verified by the license verification module.
Another feature of the present invention provides a method for cryptographic-based license management, the method comprising, generating a license in response to a product option request, the product option request identifying selected product options associated with an interface module; applying a digital signature to the license; supplying the license to an interface module; verifying the digital signature of the license with a verification component associated with the interface module; and enabling the selected product options associated with the interface module provided the digital signature of the license has been verified with the verification component.