Enhanced smart-card based license management

Abstract

In many e-commerce (electronic commerce) situations, the owner of a digital object wants to enforce policies on the object after the object is in the customer's hands. The object can be thought of as being software, because data is often protected by forcing access to it to take place through a particular authorized software (e.g., a "reader" for an encrypted media file, in which case a license to view the movie is, in some sense, a "software license"). One of the ways that were proposed for such policy enforcement is the use of smart cards. We describe an enhanced solution to software license management based on tamper-resistant smart cards. Our public-key protocols for binding software licenses to smart cards improve on previous schemes in that they support flexible and partial transfers of licenses between cards. The license is verified by checking the presence of the associated card. The user can therefore have several software licenses all of which are bound to one card, to avoid juggling several cards in and out of the card reader.