1. Field of the Disclosure
This disclosure relates to software authorization systems and methods, and, more particularly, to a software authorization system and method without transmitting a main key of an encryption software.
2. Description of Related Art
The development of a Content Delivery Network (CDN) technique may increase the response speed of a website. However, followed by the fashion of a cloud operation, the CDN technique which may increase the transmission speed of the website is a constraint in terms of the application of software authorization.
Basically, CDN copies a software (contents) to a plurality of global servers in advance. Therefore, a website manager could not perform an individual process with respect to the software downloaded each time such that many protection mechanism have to be performed at an user end. For example, the practice of downloading the website for Microsoft is to put all certification inspection on a period of installation and execute an activation action during an execution. App Store generates a user key when a user downloads the software and transmits a main key to the user after encrypting the so called main key by Key Encrypt Key (KEK) method, thereby the user may decrypt the software by the main key after downloading the software.
However, since the previously described small programs are easily attacked by a reverse engineering, particularly such as Java byte code, the practice of downloading the website for Microsoft is not suit for the small program sold in a software market while the practice of App Store is proved that an offender may acquire the user key and delivers the program many times after downloading the program. On the other hand, the prior art also provides software authorization and protection device and method thereof generating and encrypting a register code (a random number-MAC address, a hard disk serial number or a software name) at a first time use, registering the register code to an authorization system and writing the register code in a database while a license status has to be checked online during each execution. Moreover, it is a prior art of acquiring the MAC address or the hard disk serial number, and the same parameter may be copied merely by a simple protocol analysis. Next, another method and device for assisting to change a content key may introduce a CEK (Content Encryption Key) from the main key and a content rule. Thus, encryption and decryption may be performed by the same key, and the user may still copy files or contents many times. Additionally, a basic assumption of a relevant paper is that the program is divided into a protected program and a security parameter, wherein the security parameter may be repeatedly used by various kinds of devices, thereby the user may still deliver the program after cracking the program. Security parameters having difference is made if considering security, the CDN technique could not be used since the protected program and the security parameter should be used as a pair.
Hence, under the condition of the life cycle of the software sold in the software market being generally short, it is an imperative issue for a software developer how to provide a software authorization system and method so as to prevent people from downloading the software legally but spreading the software illegally.