Licenses for computer software and hardware are typically provided to end-user customers via a product activation key (PAK). A PAK is a code that a customer uses to enable, activate, or access features on computer products. The customer associates a PAK with a specific software product (or hardware device) by entering the PAK into a portal, which returns a cryptographic license key. When associated with a specific device, the license key unlocks features on the specific device or allows a software installation process to be completed. Accordingly, through a three-step process (from PAK, to license key, and to device configuration), the customer proves product ownership directly for every single software application installed on a hardware device as well as for each hardware device itself. Alternatively, a user may activate a network router by entering a license key into an interface on the network router. In response, the router passes information to the vendor, which validates the PAK and provides any license or use keys. In turn, the license key (or other information) is node-locked on the network router. Similarly, software may be activated by entering a PAK in an interface presented by an install tool. This licensing approach delegates decisions to enforce the software license into the hardware device (e.g., switch, router, etc.) or software application.
Such an approach is problematic where a vendor uses a channel partner (e.g., reseller) to distribute products to an end customer. The channel partner receives each PAK from the vendor and passes the PAK to a customer. When the PAK is sent to the vendor, the vendor typically does not know the identity of the customer. While the customer may include an identity when registering a hardware/software product, the customer may do so independently for each software product or hardware device.
The disconnect that results from independently registering/activating each hardware device or software installation results in a lack of an inventory of what licenses are owned (or used), for both the vendor and the customer. That is, the vendor and the end customer are often unaware of exactly what licenses a given customer has acquired. Further, this approach limits the ability of a customer to change how license rights are used, as license keys are typically node locked to a single device installation or hardware device. For example, assume a customer (e.g., a university) purchases from a reseller (e.g., a network equipment reseller) licenses for software. Assume, for example, that the software configures a local area network (LAN) to provide firewall services and that the customer acquires licenses for twelve routers. The customer receives license PAKs for the software for use on the twelve routers. Sometime later, the customer decides to purchase database services from the reseller, while downgrading the firewall services and implementing the software on only ten routers, instead of twelve routers. The licensing scheme does not provide a mechanism for the customer for such a change in license use or allocation across their devices.
To address compliance issues, the vendor may administer an auditing process after the fact to determine whether the customer is in compliance with their acquired license rights. However, doing so is complex, is expensive, and can cause poor customer relations
Further, some customers require security that involves complete dissociation from the external networks. For such customers, communication between the customer and the vendor may be impossible. Examples of such customers include banks, investment firms, military and government networks, among others. Unfortunately, the security barriers these entities require present an additional difficulty for administering licensing schemes.