Copyright protection and authorization system for software with TPM

It is more convenient and reliable to implement software copyright protection and authorization on machines with TPM chips or PCI cards. The method described in this article is suitable for the use of network systems in a large-area factory. It protects the copyright of software installed repeatedly on multiple hosts on the Intranet. This method protects the copyright of the software system. There are two design objectives:

1. prevent software systems from being copied and installed on unauthorized machines or environments;

2. The software system has a trial period after initial installation, to prevent unauthorized machines or environments from continuing to use the software system after the trial period.

The software system authorization we designed uses a laptop-specific authorization program to authenticate and authorize software systems installed on authorized machines. The authorization procedure is as follows:

1. the software system is installed on a host for the first time, and the installation completion time is written into the authorization file, encrypted using the software curing password and stored in the hard disk. The software curing period is 30 days (or changed as needed ), after the software starts, check the trial period of the authorization file and whether the file has been authorized. After the trial period ends, the "authorization required" Escalation window is displayed when an unauthorized client starts. Other functions are forcibly blocked, waiting for authorization;

2. Authorize the Administrator to connect the authorized laptop to the network of the machine to be authorized and enable the Authorization Service Program;

3. the software developer opens the application authorization program for the computer where the software to be authorized is located, enters the password, authorizes the IP address of the service machine, and selects the authorization mode: 1 year or permanent authorization. After confirmation, the application for authorization starts;

4. Apply for the authorization program to send the EK public key of TPM (PCI) in the host to the server;

5. The Authorization Service uses the authorization private key in the laptop to sign the EK public key, authorization mode code, and authorization time and then return it to the client computer;

6. The application authorization program saves the authorization information in the local authorization file.

7. The authorization software system uses the built-in authorization public key of the laptop to verify the signature, and checks each time the client starts.

The main interaction process of authorization is as follows (software disposal software system and Authorization application process). EK is the TPM Asymmetric Key of the terminal where the software system is located, and K is the asymmetric key used for the Authorization Service of the laptop: