Today’s smartcard licensing is finally, truly smart
Software product licensing has long been one of the biggest headaches for software producers and end users alike, and was especially so before Internet connectivity became ubiquitous. Licensing generally has the effect of annoying legitimate customers, while hardly deterring unauthorised usage. An ideal solution would be a simple one that validates licenses in a seamless and transparent manner to the user, and yet requires little effort on behalf of the software company.
Many applications now enforce licenses by requiring online verification with the vendor’s license server. This works as long as Internet connectivity is available, but is still a bit problematic when, say, re-installing the license on a replacement machine or even after a major hardware change. However, most enterprises today do not allow connectivity outside of the data center due to security concerns. Therefore many applications still rely on key codes – a traditional licensing method, although one that’s fraught with issues.
A promising alternative to license key codes is a smartcard.
A smartcard is a fully functional microcomputer. It has its own processor and non-volatile memory. Although CPU power and memory are limited, it is specifically fine-tuned for Public Key Infrastructure (or PKI) support. While the “infrastructure” part of PKI might sound massive and overwhelming, it is not necessarily so. Smartcard licensing can be just a mini-PKI, involving a simple utility program which generates the root key pair and public key certificate, creates the license packages and database that tracks all the licensed smartcards and materials, and programs the smartcards.
Each smartcard has its own private key and public key pair generated inside, with its public key certificate signed by the root private key. A license processing program inside the smartcard performs the necessary cryptographic operations, including symmetric and asymmetric encryption, hash, and digital signatures. The private key of the smartcard never actually comes out of the device.
There are quite a few vendors marketing software licensing solutions using smartcard. The way these smartcards typically work is by allowing the software vendors to deposit a piece of critical code inside the smartcard. Authorized users are provided a specific smartcard that is attached to the host – usually via USB – on which the software is running. The application then looks to the smartcard for the code during run-time. Such a design is defeated quite easily though, even though the code inside the card cannot be read. Any time code comes out, there is always a way to intercept it, thus breaking the protection.
Even more problematic is that the licensing using this method is static. Many enterprise software functions and features are licensed individually, and dynamically. If a feature is not licensed when first purchased, for example, it may be needed later, requiring the new features to be separately licensed on-demand. This scenario is one of the most challenging licensing requirements.
Therefore smartcard licensing must be used the right way, which is to fully utilize the PKI power that comes with the smartcard. Each smartcard should have its own unique ID. License packages are created for specific smartcards. The packages are signed by the root private key. All smartcards already have the root public key certificate inside. The package can then be verified, and the only accepted packages will be packages signed by the proper root private key, or those signed by private keys that are from legitimate smartcards from the same PKI.
If a licensed smartcard exports its own license material to another smartcard, it can sign the package, and the intended smartcard will be able to verify the signature. Therefore the license can be transferred between smartcards at will. This way individual licensed features can be purchased for specific system, and licensed features can be transferred to other systems, but not leaving the transferred license materials behind. Legitimate users do not have to worry about getting stuck, or losing the license, and unauthorized usage is not possible.
Licensing is enforced by the software applications being protected. The software should have the root public key certificate built into the code. When checking license, all exchanges with the smartcard are signed and authenticated using asymmetric cryptography. This way, the contents cannot be fabricated, even if there is software present to intercept the smartcard. Only the private key can sign, and the corresponding public key can verify. With this scheme, even the engineers producing the license software have no advantage in cracking the license. The party that controls the license is the one person with the root private key. A backup version of the private key can be held by, say, three executives of the company, at least two of which are required to be present to enter their key decryption passwords if recovery of the private key is needed.
Because of the flexibility provided by this scheme, customers of the software products can freely use their full license quota without worrying about how the licensed items are distributed, since customers themselves can always redistribute license contents by transferring the partial contents from one key to another. Customers can also easily determine what license contents are present for each system. The contents can be purchased in an on-going manner for a specific smartcard — to “refill” — if dynamic usage in a metered manner is required.
This smart licensing scheme can pretty much fulfill all software licensing requirements in a precise, fair, and simple manner. When productized, this smart licensing system could include a mini licensing PKI, which is just a small software program, allowing the user to create and manage their root keys, and also create license smartcards and contents. Since the root key is generated by the user, the vendor of the system does not hold any information regarding the user of the system. The entire security of the product license is controlled by the private key that was user-generated when using the system.
About the Author
Wai T. Lam is co-founder and CTO of Cirrus Data Solutions, a developer of Data Migration Server and Data Caching Server for storage area networks (SANs). He was previously CTO and VP of Engineering at FalconStor, a company he co-founded in 2000. There, he was the chief architect, holding 18 of 21 company patents. His inventions and innovations include many industry “firsts” in advanced storage virtualization, data protection, and disaster recovery. Wai received the prestigious China national “Top 1000 Technological Leaders” award in 2013.