Application software, also known as an application or an app, is computer software designed to help the user to perform specific tasks. Examples include enterprise software, accounting software, office suites, graphics software and media players. In recent years, the abbreviation “app” has specifically come to mean application software written for mobile devices. Application software applies the power of a particular computing platform or system software to a particular purpose. In other words, applications make use of the operation system of a computing device to gain access to the hardware resources. Applications also require access to a graphics environment for interaction with the end user. These software applications (often called native applications) use a hardware execution engine such as a Central Processing Unit (CPU). An application's dependency upon existing resources in a specific computing device means that the software provider may need to provide different versions of the application for execution on different device platforms. A virtual machine execution model enables a software provider to distribute a single application for execution on multiple different device platforms. Scripting languages in combination with a graphics environment are an alternative for a virtual machine execution model, providing similar multi-platform benefits. This approach has been adopted for web applications and in the HTML-5 W3C recommendation.
Many applications require the software to be limited to a single end user computing device (or client device). This can be achieved by making the execution of the software application dependent on a hardware function that is specific to a single end user device.
So-called “node locking” (or “hardware anchoring”) technologies provide a software application with a hardware dependent function for integration into its execution path (see, for example EP2506174 and EP2506175). This provides a mechanism to lock the execution of the application to a specific end user device. The node locking function also enables an application to generate a message demonstrating that the application is operating on a particular end user device. This can be used for authentication purposes. These node locking applications describe a challenge-response function that is specific for a particular hardware circuit. A challenge-response methodology generally relies on a secret in a hardware device. Knowledge of the secret enables the generation of challenge-response pairs which enable an application to verify that the application is executing on the intended platform. EP2506174 and EP2506175, as referenced above, describe systems and methods for using a node locking function (a challenge-response function) in combination with secured software applications.
Node locking technologies for software applications require the availability of a function that is specific to a particular end user device. EP2506175 achieves this by leveraging a specific function of a standard Subscriber Identity Module (SIM), e.g. in a mobile telephone. As the Operating System generally does not expose the SIM functionality to applications executing on the device, the SIM locking mechanism of EP2506175 requires modifications to the Operating System of the device. Thus, this challenge-response solution is undesirable in some circumstances. EP2506174 requires specific hardware features in a device, which makes this challenge-response solution unsuitable for use with an existing device infrastructure.
Even if node locking techniques are available to local applications, web based applications (e.g. based on HTML5) that operate in a browser, do not have access to such node locking facilities since the browser Application Programming Interface (API) does not expose such functions to the web applications.
There is a need for a node locking (challenge-response) function for existing devices that is accessible to applications, virtual machine applications, and web applications (scripted applications). The present invention seeks to provide a challenge-response technique which overcomes some of the problems with existing solutions.