Software distribution is changing from the traditional method of packaging individual copies of the software with hard copy documentation to electronic distribution. The improvements in software distribution and licensing have helped to reduce cycle-time and cost, while at the same time allowing the user to copy and distribute the software at their will. The ease of distribution has also contributed to the problems of software piracy which has an adverse impact on the revenue stream of software developers/distributors.
One prior art solution provides a remote subscription service which allows users to subscribe to applications available on a server machine. An application list on a remote machine is updated when a connection is made to the appropriate application server machine. The application list is used by the remote user to subscribe to applications which allows the server machine to automatically update when a new version becomes available. The server machine contains the necessary structures and data to allow the client to realize what applications are currently available on the server and where the applications are physically located. The server machine compares the version numbers from the server file to the current applications installed on the users' computer. If the version numbers do not match, then the old version will be de-installed and the latest version will be installed. If the version numbers match, then the application is current and no further action is needed. More importantly, the ability to access the version numbers on the remote machine allows precise tracking of the licensed software on the remote machine when there is a licensing agreement with a software vendor. This solution suffers from the need to have a server and client machine running the appropriate software to allow accessing the version numbers on the client machine.
Another prior art solution discloses a protocol for software licensing where a prover is a license server and the verifier is an application program that wants to get permission to run. To obtain this, the application asks the license server if it may run and the server answers "yes" by proving that the license server possesses certain secret information embedded in the software license. The protocol does not require the software application maintains any secret information, and the server is required to perform the brunt of the computation. The server accomplishes authentication using ideas form the field of zero-knowledge protocols. The verifier knows "N" while the prover knows its factors, p and q. The verifier begins by choosing a random element x in the multiplicative group of integers modulo N. The verifier computes x sup hat2 mod N and a hash of x under a cryptographic hash function h which is sent to the prover. The prover computes all four square roots of x sup hat2. The prover applies h to each of them, to see which has a hash value which agrees with the hash value sent to him. This value, x', is returned to the verifier. If no value agrees, the request is treated as invalid. The verifier checks that the returned value x' is the same as x.
The introduction and acceptance of Java (.TM. of Sun Microsystems Inc.), an Internet protocol and platform independent product, further increases the likelihood of electronic distributions. Java represents an object-oriented language which satisfies the public's desire to animate and add dynamism to the static web pages of the Internet. Java permits writing to a virtual platform which is installed on most desktop web browsers. Java components can be GUI widgets, non-visual functions and services, applets and more full-scale applications. System managers have quickly recognized the advantage of a single master copy of programs that are stored in one place, ideal for easy update, that downloads to the client for the duration of the session, thus exploiting the users desktop processor in a client/server model but without the client side maintenance and version control costs. For details and background with respect to the Java System, reference may be made to a typical text, "Just Java", 2nd Edition, Peter van der Linden, Sun Microsystems, 1997.
A Java Development Kit (JDK) version 1.1 provides for the development of Java application programs. The JDK contains a Java Security API, built around the java.security package (and its subpackages). This API is designed to allow developers to incorporate both low-level and high-level security functionality into their Java applications. The JDK contains several cryptographic algorithms including a Digital Signature Algorithm (DSA) normally used to verify the authenticity of a signature and data associated with the data.
Consequently, it would be desirable to provide a method and apparatus utilizing the Digital Signature Algorithm for providing a low cost software licensing scheme.