CLIAMS:1. A system for authorizing use of an application on a user device, said system comprising a licensing server including a processor and a memory, said licensing server comprising:
a receiver configured to receive data including license type, role based parameters, a machine identification code;
an extraction module, acting under the influence of commands from said processor, configured to extract said data;
a license key generator, acting under the influence of commands from said processor, configured to generate a license key using at least two items selected from the group consisting of:
the tool name, the version number of an application, an expiration time for the license to stay valid, and the serial number of the application;
a private key generator, acting under the influence of commands from said processor, configured to generate a private key using the machine identification code and further configured to generate a garbled key using said license key, a master secret key and parameters of the licensing server;
an encoding module, acting under the influence of commands from said processor, configured to generate garbled input values;
an encryption module, acting under the influence of commands from said processor, configured to generate a garbled circuit using said garbled key, said garbled input values, and a plurality of garbling commands and further to generate an intermediate key using said garbled key and said private key;

a packager, acting under the influence of commands from said processor, configured to generate a license along with its terms and conditions using a license selection, said garbled circuit and a plurality of commands implementing a decoding function;

an embedding module, acting under the influence of commands from said processor, configured to embed said intermediate key and said license key in the application and further embed said license along with its terms and conditions in said application; and

a data communication channel configured to transfer said application to the user device.

2. The system as claimed in claim 1, wherein the license key generator includes a concatenator, wherein the concatenator is further configured to combine the tool name, the version number of the application, the expiration time for the license to stay valid, and the serial number of the application.

3. The system as claimed in claim 2, wherein the concatenator includes an adder.

4. The system as claimed in claim 1, wherein said encryption module further encrypts said intermediate key using an attribute based encryption scheme;

5. The system as claimed in claim 1, wherein the receiver is further configured to receive acknowledgement of the receipt of said license and its terms and conditions.

6. The system as claimed in claim 1, wherein said private key generator inputted with said license key is further configured to identify a first torsion point on an elliptic curve.

7. The system as claimed in claim 6, wherein said private key generator is further configured to execute a set of truncating commands to truncate the at least 512 bit string of the X co-ordinate of said first torsion point to generate a 16 bit garbled key.

8. The system as claimed in claims 1 and 6, wherein said private key generator inputted with said machine identification code is further configured to identify a second torsion point on said elliptic curve.

9. The system as claimed in claim 1, wherein the encoding module is further configured to receive a plurality of truth table encoding commands and a plurality of initial input values to generate said garbled input values.

10. The system as claimed in claim 1, wherein the data communication channel is further configured to include a network based communication channel, and a hardware based communication channel.

11. The system as claimed in claim 10, wherein at least one of the hardware based communication channel is further configured to include a universal serial bus drive, a compact disk and a flash card.

12. A method for authorizing use of an application on a user device, in a system comprising a licensing server in a computing environment having a processor and a memory, the method comprising:
receiving data including license type, role based parameters, a machine identification code and a serial number of the application;
extracting, by the processor, said data;
generating, by the processor, a license key using at least two items selected from the group consisting of:
the tool name, the version number of an application, an expiration time for the license to stay valid, and the serial number of the application;
generating, by the processor, a garbled key using said license key, a master secret key and parameters of the licensing server;
generating, by the processor, an intermediate key using said garbled key and said machine identification code;
generating, by the processor, garbled input values;
generating, by the processor, a garbled circuit using said garbled key, said garbled input values, and a plurality of garbling commands;
generating, by the processor, a license along with its terms and conditions using a license selection, said garbled circuit, and a plurality of garbled circuit evaluation commands; and
providing, through a data communication channel, said license and said application to a user device.

13. The method as claimed in claim 12, wherein the step of generating the garbled key further includes generating an elliptic curve and identifying a first torsion point on said elliptic curve.

14. The method as claimed in claim 12, wherein the step of generating said intermediate key further includes the steps of computing a private key using said machine identification code and encrypting said private key and said garbled key to generate said intermediate key.

15. The method as claimed in claim 14, wherein the step of encrypting said private key and said garbled key includes use of role based parameters for encryption purposes.
16. The method as claimed in claim 12, wherein generating a license key further comprises concatenating at least two items selected from the group consisting of the tool name, the version number of the application, the expiration time for the license to stay valid, and the serial number of the application.

17. The method as claimed in claim 12, wherein the step of receiving data further includes receiving an acknowledgement of the receipt of said license and its terms and conditions.

18. The method as claimed in claim 12, wherein the step of generating garbled input values comprises receiving a plurality of truth table encoding commands, a plurality of initial input values and executing a plurality of encoding commands.

19. A non-transitory computer-readable medium having embodied thereon a computer program for executing a method, the method comprising:
receiving data including license type, role based parameters and a machine identification code of a user device;
extracting said data;
generating a license key using at least two item selected from the group consisting of:
the tool name, the version number of an application, an expiration time for the license to stay valid, and the serial number of the user device;
generating a garbled key using said license key, said master secret key and parameters of the licensing server;
generating, an intermediate key using said garbled key and said machine identification code;
embedding said intermediate key and said license key in the application;
generating garbled input values;
generating a garbled circuit using said garbled key, said garbled input values, and a plurality of garbling commands;
generating a license using a license selection, said garbled circuit, and a plurality of garbled circuit evaluation commands; and
providing, through a data communication channel, said license and said application to the user device. ,TagSPECI:FIELD

The present disclosure relates, in general, to the field of licensing applications, and in particular, to the issuance of a license from a software licensing server.

DEFINITIONS
The expression ‘concatenator’ used hereinafter in the disclosure refers to a module which under the influence of commands received from the system processor concatenates a plurality of strings to form a single string.
The expression ‘packager’ used hereinafter in the disclosure refers to a module which creates an installation package, wherein the package includes a license further embedded in the application.
The expression ‘role based parameters’ used hereinafter in the disclosure refers to parameters that define access policies for a user implementing an attribute based encryption scheme. The user may not be able to access all the features of an application so the role based parameters will define which features of the application the user may access. Further, the ‘role based parameters’ may be user specific and/or system specific.

The expression ‘attribute based encryption scheme’ used hereinafter in the disclosure refers to an encryption scheme allowing multiple users to access the application.

BACKGROUND
Software piracy is a worldwide problem that costs software vendors huge sums of money every year. One form of piracy known as casual copying is sharing and installing software on multiple computers, in violation of the end user license agreement.
Another form of software piracy is the distribution of software products which further exposes software vendors to an increased risk of software piracy. Because software products are generally distributed on some tangible media, such as a compact disk (CD), a software purchaser must be generally able to duplicate a software product from the media onto the purchaser's hard drive to properly use the software. Usually, a software product purchaser purchases only a license to use the software on a single computer (machine). Unfortunately, it can be difficult to limit the single-computer license purchaser to making only a single copy for the purchaser's single-computer use. Often, the purchaser may duplicate the software for use on other computers. Criminals may even duplicate the software for re-sale to others.
In an effort to reduce software piracy, various attempts have been made to limit the ability of users to duplicate software. In one approach, companies implement different cryptographic protocols for secure transfer of authentication keys. These keys are often subject to duplication. At times, the interception of information flowing through such protocols results in compromise of some of the key elements including key generators. Illegitimate users may modify the ‘license check’ portion of validation algorithms. Therefore, there is a need of a system which implements a one-time process of license generation. Another need is to have a system in which the rate of increase of license validation time is lower than the rate of increase of license generation time as a function of increase in input string size. Such a system would be helpful in making pirating of volume license keys more difficult.
OBJECTS
Some of the objects of the system of the present disclosure, which at least one embodiment herein satisfies, are as follows:
An object of the present disclosure is to provide a system and method for authorizing the use of an application on a user device which hides the input key supplied by the license authority.
A further object of the present disclosure is to provide a system and method for authorizing the use of an application on a user device in which the rate of increase in time required for license validation is less than that of license generation.
Another object of the present disclosure is to provide a system and method for authorizing the use of an application on a user device which is reliable.
Other objects and advantages of the present disclosure will be more apparent from the following description when read in conjunction with the accompanying figures, which are not intended to limit the scope of the present disclosure.

SUMMARY
This summary is provided to introduce concepts related to implementing a cryptographic protocol for authorizing the use of an application, which is further described below in the detailed description. This summary is neither intended to identify essential features of the present disclosure nor is it intended for use in determining or limiting the scope of the present disclosure.
In an embodiment, method(s) and system(s) for for authorizing the use of an application on a user device is disclosed. The method includes receiving data including license type, role based parameters, a machine identification code and a serial number of the application, and further includes extracting the data as received. In this respect, the method further includes generating a license key using at least two items selected from the group consisting of the tool name, the version number of an application, an expiration time for the license to stay valid, and the serial number of the application. Further, the method includes generating a garbled key using the license key, an intermediate key using the garbled key, a master secret key and parameters of a licensing server. Subsequently, the intermediate key and the license key are embedded/ hardcoded into the application. Further, the method includes generating a string using said machine identification code, said intermediate key, and the licensing server parameters. To this end, the method further includes generating garbled input values and a garbled key using the generated string. Further, the method includes generating a garbled circuit using the garbled key, the garbled input values, and a plurality of garbling commands. Furthermore, the method includes generating a license along with its terms and conditions using a license selection, the garbled circuit, and a plurality of garbled circuit evaluation commands. The license is embedded in the application along with its terms and conditions. Subsequently, the application is provided to the user device through a data communication channel.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS

The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to reference like features and modules.
Figure 1 illustrates a block diagram of a system for authorizing the use of an application on a user device, according to an embodiment of the present disclosure.
Figure 2 illustrates a screenshot of the application in the event of a misidentified machine identification code, according to an embodiment of the present disclosure.
Figure 3 illustrates a circuit diagram of an equality circuit used in the system of Figure 1, according to an embodiment of the present disclosure.
Figure 4 illustrates a performance graph of the system and method for authorizing the use of an application on a user device, according to an embodiment of the present disclosure.

DETAILED DESCRIPTION
The present disclosure relates to a system and a method for implementing a cryptographic protocol for authorizing the use of an application on a user device.
Unless specifically stated otherwise as apparent from the following discussions, it is to be appreciated that throughout the present disclosure, discussions utilizing terms such as “receiving” or “extracting” or “generating” or “embedding” or “providing” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
The systems and methods are not limited to the specific embodiments described herein. In addition, components of each system and each method can be practiced independently and separately from other components and methods described herein. Each component and method can be used in combination with other components and other methods.
In accordance with the present disclosure, there is provided a system for implementing a cryptographic protocol for authorizing the use of an application on a user device having a unique accessible machine identification code and the user device, the system including a system processor possessing functional elements to provide system processing commands based on a predefined set of rules.
Further, the system includes a system memory that is configured to store a pre-determined set of rules, a server configured to cooperate with the system processor, the server including a server memory configured to store under influence of the system processing commands, the application, system parameters, plurality of license types, license terms and conditions, tool name, version number, a plurality of garbling commands implementing a garbling function, a plurality of truth table encoding commands implementing an encoding function, a plurality of encryption commands implementing an encryption, a plurality of decoding commands implementing a decoding function, a plurality of license key generation commands, a plurality of truncating commands to implement a truncating function, initial input values and a plurality of truth tables, wherein each of the truth tables corresponds to a logic gate belonging to a boolean equality circuit.
Further, the system includes a receiver configured to receive from a transceiver, the license type, role based parameters, the machine identification code extracted by the extractor from the user device memory and inputted in the transceiver. The receiver, further, configured to receive acknowledgement of the receipt of the license and its terms and conditions, an extraction module cooperating with the receiver and the system memory and configured to extract under the influence of commands from the system processor, the machine identification code, the role based parameters and the license type.

Furthermore, the system includes a concatenator, also referred to as ‘license key generator’, cooperating with the system memory and the extraction module, and under the influence of commands from the system processor configured to accept the tool name and version number of the application, serial number, expiration time for licensing to stay valid and execute the license key generation commands and further generate a license key, a private key generator cooperating with the license key generator, the system memory to generate a garbled key in response to receiving the license key, a master secret key and the system parameters. The private key generator executes commands from the processor to compute values governing an equation representing an elliptic curve and identify torsion points on the curve. The values of the torsion point are multiplied with the master secret key and the X co-ordinate is extracted as the garbling (garbled) key. Executing the plurality of truncating commands, at least 512 bits garbled key is truncated to a 16 bit garbled key. The garbled key computes the private key from the license key by mapping to a point on elliptic curve. This is generated in the same way as the intermediate key given below.

The machine identification code is inputted into the private key generator to generate a private key. Executing the plurality of encryption commands in an encryption module inputted with the garbled key and the private key an intermediate key is generated and hard coded in the application using an embedding module.

In accordance with one embodiment, wherein an attribute based encryption scheme is implemented, the intermediate key is generated using role based parameters as elements of encryption. This is done by encrypting the intermediate key using Attribute Based Encryption (ABE) and embedding in the application. Role based licensing scheme is applicable where license validation is done based on the role of the user submitted via the user device. This is realized using the ABE scheme. In this scheme, all the users who satisfy the set of rules called the Access Policy can decrypt the Intermediate key that was embedded in the application. This Access Policy is expressed in terms of the attributes of the user. The users can fetch the keys related to their attributes from the PKG and decrypt the ciphertext using these keys. There are two types of ABE schemes: Key Policy Attribute based Encryption (KP-ABE) and Ciphertext Policy Attribute based Encryption (CP-ABE). In KP-ABE the user access policy is based on keys. This scheme supports AND, OR and threshold logical gates in access policy. But in CP-ABE the NOT gate is supported. In CP-ABE scheme, access policy is based on ciphertext.

Further, the system includes an encryption module cooperating with the encoding module, the private key generator and the server memory and under the influence of commands from the system processor adapted to receive the garbled key, the garbled input values and execute the garbling commands to generate a garbled circuit. Subsequently, a packager cooperating with the encryption module, and under the influence of commands from the system processor adapted to receive the garbled circuit, the license selection and the decoding commands to generate a license. The license is further embedded along with its terms and conditions in the application. The intermediate key is stored in a secure location in the application.

Finally, the system includes a transmitter cooperating with the system memory and the packager and under the influence of commands from the system processor adapted to transmit the application to the transceiver and a data communication channel cooperating with the transmitter and the transceiver to transfer the license and application to the user device.
Typically, the boolean equality circuit includes four XOR gates, four AND gates and one NOT gate, wherein each of the XOR gates and AND gates have a 4 bit input and the NOT gate has a 2 bit input. Additionally, the data communication channel is one of a network based communication channel and at least one of hardware based communication channel, wherein the hardware based communication channel consists use of a universal serial bus drive, a compact disk and a flash card.
The license generation algorithm includes the following steps:
The User selects a License Type X that is encrypted using AES from the License Authority.
License Authority will generate the license Lic, a triple consisting of the garbled validation circuit F, the decoding function d and encrypted license type X based on the Yao’s protocol i.e. Lic = .
It computes expiration time in terms of number of days D since 01/01/1970.
For an instance of the software, consider license key is generated as LIDApp = T ? V ? S ? D, that encodes the tool name T, version number V, serial number S and expiration time D. The Unique machine Id of the machine (like MacId) is UIDApp
SKLIDApp ? ComputePrivateKey(LIDApp).
KConst ? SKLIDApp.Xcoordinate.
SKUIDApp ? ComputePrivateKey(UIDApp).
KSig ? Encrypt(KConst, SKUIDApp) and embeds or hard codes KSig in the application.
Constructs boolean equality circuit B (both circuit and input encrypted using AES with key KConst) of the validation algorithm, which outputs 1 if the license is ’Valid’ and 0 otherwise.
Finally the Lic = (F,X, d) is generated and embedded into the application.
The User downloads the application that is packaged based on the above specifications from the License Authority.
Wherein LIDApp is the license key, KConst is the garbled key, KSig is the intermediate key, UIDApp is the machine identification code and SKUIDApp is the private key.
Wherein the algorithm for computing the private key includes the following steps:
Input: UniqueID.
T p = ComputePublicKey(UniqueID).
Compute PrivateKey = [msk]T p.
Return PrivateKey.
Wherein the algorithm for computing the public key includes the following steps:
Input: UniqueID.
Compute Torsion Point Tp of E for UniqueID.
Return Tp.

Wherein the algorithm for computing the torsion point includes the following steps:
Input: Super singular elliptic curve E of the form y2 =
x3 + x and friendly prime p of the form 2n ± c with
c = log2n and p = 3 (mod 4).
Find torsion group of prime order q and q|(p + 1).
Select randomly master private key msk with 1 = msk = (p - 1).
Find Torsion Point P and Q with Q = [msk]P.

Figure 1 illustrates a block diagram of the system 500 for authorizing the use of an application on a user device 300 in accordance with an embodiment of the present disclosure. The type of licensing is one of identity based licensing and role based licensing wherein each user is assigned a role chosen from a group comprising researcher, user and tester. Based on the role assigned a set of attributes are assigned.
In an embodiment, the system 500 includes a system processor(s) 204 coupled to a system memory 202. The system processor(s) 204 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the system processor(s) 204 may be configured to fetch and execute computer-readable instructions stored in the system memory 202.
The system memory 202 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.

Further, the system 500 includes the system memory 202 configured to store a pre-determined set of rules. The system memory 202 cooperates with a system processor 204 to provide system processing commands based on the rules. The system 500 further includes a licensing server 100 which includes a server memory 102. Under the influence of the system processing commands the server memory 102 stores the application, system parameters, plurality of license types, license terms and conditions, tool name, version number, a plurality of garbling commands implementing a garbling function, a plurality of truth table encoding commands implementing an encoding function, a plurality of encryption commands implementing an encryption, a plurality of decoding commands implementing a decoding function, a plurality of license key generation commands, a plurality of truncating commands to implement a truncating function, initial input values and a plurality of truth tables, wherein each of the truth tables corresponds to a logic gate belonging to a boolean equality circuit.

All communication between the licensing server 100 and the user device 300 take place across a data communication channel 400. The data communication channel 400 is one of a network based communication channel and at least one of hardware based communication channel, wherein the hardware based communication channel consists use of a universal serial bus drive, a compact disk and a flash card.

The licensing server 100 further includes a receiver 104. The receiver 104 receives from the transceiver 304 of the user device 300 information including license type requests, role based parameters, machine identification code and the serial number of the application. The receiver 104 is further configured to receive acknowledgement of the receipt of the license and its terms and conditions. The licensing server 100 also includes an extraction module 108 which extracts all the information received by the receiver 104. On positive acknowledgement of the receipt of the license and its terms and conditions, the system 500 executes a protocol including a plurality of steps to authorize the use of the application on the user device 300.

The licensing server 100 also further includes a license key generator 110. The license key generator 110 cooperating with the server memory 102 and the extraction module 108 executes the license key generation commands when inputted with tool name and version number of the application, serial number, and expiration time for licensing to stay valid to generate a license key. License key generation commands concatenate strings to generate the license key. In accordance with an exemplary embodiment with License Type 2, Application name = SPTool, version= V1.0, Time difference D= 16526, and serial no= 2513, License Key is SPToolV1.0165262513.

Figure 2 illustrates a screenshot of the application in the event of a misidentified machine identification code. The system 500 includes a private key generator 112 which cooperates with the license key generator 110, the system memory 202 and the server memory 102 and works under the influence of the system processing commands generated from the system memory 202. The private key generator 112 is inputted with the license key, the master secret key and the system parameters. With these input parameters, the private key generator 112 identifies torsion points on an elliptic curve. The elliptic curve is of the form y2=x3+x. The prime p is of the form? 2?^n±c with c=log_2?n and p = 3 (mod 4). The generated garbled key is of the form (X,Y,Z) wherein the X and Y represent the coordinates of the point on the elliptic curve.
In accordance with an exemplary embodiment, the corresponding point on elliptic curve is (994416763524872512814792524318514831412274592821, 505992500060255556968785642713249594600607388544, 1), and the garbled key is 994416763524872512814792524318514831412274592821.
The garbled key is at least 512 bits and represents the X co-ordinate of the torsion point. Executing the truncating commands, the at least 512 bit key is truncated into a 16 bit key. The private key generator 112, under the influence of commands from the processor generates a private key when inputted with the machine identification code. The system also further includes an encoding module 116 which generates garbled input values.

The algorithm for computing the private key is inputted with a string. In accordance with one embodiment, the string is the license key generated while in another embodiment the string is the machine identification code of the user device. The private key is the multiplication of the master secret key pseudo randomly selected between 1 and p-1 and the co-ordinates of the generated torsion point. The algorithm for computing the public key simply returns the co-ordinates of the torsion point as the public key.

Figure 3 illustrates a circuit diagram of an equality circuit used in the system 500 of Figure 1. The input wires are W1, W2, W3, W6, W7, W10, W11, W14 and W15. The intermediate wires are W4, W5, W8, W9, W12, W13, W16 and W17. The output wire is W18. In total there are 9 gates, 8 of which have two input wires (G1…G8) with the ninth gate G9 inputted with a single wire. The truth table associated with the equality circuit has four combinations (00, 01, 10, 11). In accordance with one embodiment, a SCAPI representation of the output is 0001. The circuit outputs a ‘1’ if the license is valid and a ‘0’ otherwise.

In accordance with an exemplary embodiment, Table 1 represents input wire details and corresponding input.
Table 1

Input Wire Number Input Value
1 7z3BVKK+0W34VToprxoM2A==
2 q9nzzwuDUBGRYN7GL0ljcw==
3 V6GiEKngsjLB1Juw1cFzIw==
6 XnZNqXGE/hmRKzexvklSQw==
7 oUTNPVMWX1K9+teqkkINbA==
10 hFBN5gurdNbC10DL3o/VWQ==
11 14jOOX+DRU82Og+jiZKWeQ==
14 Pz7p3rqzuYdFoDzVMfDHSw==
15 Frn7sJXTrimPF7PrM6+DhA==

In accordance with the abovementioned exemplary embodiment, Table 2 represents garbling values for each gate.
Table 2
Gate 0 UetocHJCR8Ir6AaXXStW+UaJZLdg6O8EXpyYAEUCqn2yHwOzTFQv6pHvU/dV/GmHy5JCi9GaEFLMo/VcjCllsQ==
Gate 1 jfce7i/s0laSmfcU5pP27/cfrKGsO0zcirHwJLSO4OW9Ym8fdyb4h/aMk82XojGwP+EwA75WXbV4HXvZXVBPHw==
Gate 2 Edu71tlZ734eaNK6ckQFv5lmqfzKtixw4pqdHYfCh7l9IZyAhcOFbz70g09qX+Wwm3Smq5OmCduenjkmxjbbvQ==
Gate 3 TGUwe8gFdIPtHisnvKP3/mQQA2z7ZgzzoKRGkB9d4HrlFVKTw+dlJ8viKzVQ42yFmiSX/4I2XCvk2aC0yTiOQ==
Gate 4 X6pWmqRi3HHDEjYWnoB58RRxSQarutqPaRBAFKC6YzHW9/i+dHSKBSbo21uN59vpsfYX5bg6x5FzEuEkIIU0xw==
Gate 5 CHm5RNej0SKuSmWvU1Y9hkhTOxhBOI0QLGOpbshibXJir+zQ17GMi9M7JMUG/YTngHgBYDMX5A2W6z9KoATDow==
Gate 6 Jo1RbvCz47bEIGEzgXNxFJeq1Qg/AOG03w/Xy7FN+49YHvwusM7BDxBiBa9p9OMWPcv8DuQ8nqRY3iV+5JG0xg==
Gate 7 4QksyRxgFczQ9AnJEcPYmr+7DQSmyUJjyBMloks5cD2eR+K5iHxlAwTu3k4S383qtS5yLgbrAZOvH72G/Qg82Q==
Gate 8 QdlxKVZmQPhmAeXlj8qn0R9oH0iulq4VADod82K8rGI=

The system 500 also includes an encryption module 118. The encryption module 118 cooperates with the encoding module 116, the private key generator 112 and said server memory 102. The system, inputted with the garbled key, the garbled input values and under the influence of the system processing commands, executes the garbling commands to generate a garbled circuit. The encryption module also further generates an intermediate key when inputted with the garbled key and the private key. In accordance with an embodiment, the intermediate key is encrypted using role based parameters to implement the Attribute Based Encryption Scheme. In accordance with an exemplary embodiment the intermediate key is (666599804103872954080007235473874311069945351894, 1396760358283868034149031644287499513225136936224,1)

The steps to implement an encryption algorithm include:
Input: PlainText, PrivateKey
Compute ? = e(P, PrivateKey)
Compute ciphertext = PlainText *?
Return ciphertext
The encryption module 118 is inputted with plain text and the private key. Bilinear pairing (Tate pairing) between the prime number p and the private key is computed as ?. The ciphertext is computed with the multiplication of the plain text and ?.

The system 500 also includes a packager 120 to generate a license along with its terms and conditions. The license includes the garbled circuit, the decoding and the license selection. The packager 120 further embeds the license along with its terms and conditions in the application using the embedding module 114. The system 500 further includes a transmitter 106 which transmits the application to the transceiver 304 of the user device 300.

The extractor 306 on the user device 300 extracts the machine identification code from the user device memory 302, the garbled circuit evaluation commands, the license type, the decoding commands and the garbled circuit from the license along with the system date and time from the user device 300 and also the expiration time from the license key. The comparator 308 compares the expiration time with the system date and time and determines the validity of the license. If the license is within validity period, the public key generator 312 generates a public key when inputted with the machine identification code. The decryption module 310 co-operating with the public key generator 312 recovers the garbled key when inputted with the intermediate key and the public key. In accordance with one embodiment a plurality of interpolating commands implementing a Lagrange Interpolation Polynomial, are executed during the decryption phase to recover the garbled key by decrypting the intermediate key and the public key. The decryption module 310 under the influence of system processing commands executes the garbled circuit evaluation commands on the license type and the garbled circuit. The decoding module 314 under the influence of system processing commands executes the decoding commands on the output of executing the garbled circuit evaluation commands. The resultant bit implements the locking or unlocking of the application.

The method to implement the authorization protocol includes the following steps:
generating and publishing system parameters, universal set of license types and license terms and conditions;
extracting license type, the machine identification code and role based parameters from the user device memory 302 and inputting in the transceiver 304;
receiving the license type, the machine identification code and the role based parameters and from the transceiver 304 into a receiver 104;
extracting the license type, the machine identification code, the serial number and the role based parameters by an extraction module 108;
inputting tool name, version number of the application, serial number and expiration time for licensing to stay valid and a plurality of license key generation commands into a license key generator (concatenator) 110;
executing the license key generation commands;
generating a license key;
inputting the license key, the master secret key, the system parameters and key generation commands into a private key generator 112;
executing system processing commands to generate an elliptic curve;
computing the torsion point;
extracting the X co-ordinate of the torsion point;
truncating the at least 512bit X-coordinate to a 16bit garbled key;
inputting the machine identification code into the private key generator;
generating the private key;
inputting the private key, the garbled key and the role based parameters in an encryption module 118;
encrypting the private key and the garbled key to generate the intermediate key;
embedding the intermediate key and the license key in the application;
inputting the encoding module 116 with a plurality of truth tables;
encoding the truth tables to generate garbled values;
inputting the garbled key plurality of garbling commands and the garbled values in an encryption module 118;
executing the garbling commands to generate a garbled circuit;
inputting the garbled circuit, license type and decoding commands implementing a decoding function into a packager 120;
generating a license;
embedding the license along with its terms and conditions into the application;
inputting the application into a transmitter 106;
transmitting the license and the application to the transceiver;
extracting the application, the intermediate key from the application, machine identification code, the garbled circuit evaluation commands, the license type, the decoding commands, the expiration time and the garbled circuit from the license using the extractor 306;
extracting system date and time from the user device memory 302 using the extractor 306;
inputting the comparator 308 with the expiration time and the system date and time;
computing the number of days passed since 01/01/1970;
evaluating validity by comparing the expiration time and the system date and time;
inputting the machine identification code into the public key generator;
generating a public key;
inputting the public key and the intermediate key into a decryption module;
recovering the garbled key;
executing the garbled circuit evaluation commands on the license type and the garbled circuit and inputting the result into the decoding module 314 along with the garbled key; and
executing the decoding commands resulting into one of locking and unlocking of the application.

The license validation algorithm includes the following steps:
The Application extracts system date and computes the number of days passed D', since 01/01/1970.
The Application extracts LIDApp as X from secured location. It parses the D value from LIDApp that is embedded in the application. If D' > D, outputs ’Invalid’.
Extracts unique identifier UIDApp of the target system.
PKIDUApp ? ComputePublicKey(UIDApp).
KConst ? Decrypt(KSig, PKUIDApp).
Y = KConst as the single fixed-key for all AES operations.
Now the User gives the license type as input and the Application will give its input for the license type to the garbled circuit.
The Application Validate the license Lic, by computing the garbled circuit.
Y ? Ev (F,X) and y ? De (d, Y ) where X as LA.
If y = 1, the software is ’Unlocked’, else output ’Invalid’.
Wherein PKIDUApp is the public key, Ev() is the evaluation function taking the garbled circuit and the license type as input, De() is the decoding function taking the result of the evaluation algorithm and decoding commands as the input.

In accordance with an exemplary embodiment, a user device with machine identification code 4437E67D5C03 generates a public key (732153665602966021736666036143606812022939512920, 94809715035324202615639453983398596865855895532, 1) and the recovered garbled key is 994416763524872512814792524318514831412274592821.
Wherein the decryption algorithm includes steps:
Input: Ciphertext, PublicKey.
Compute ? = e(PublicKey,Q).
Compute ? -1 = 1/ ?.
Compute PlainText = Ciphertext * ? -1.
Return PlainText.

The decryption module in the user device is inputted with the ciphertext and the public key. Bilinear pairing (Tate pairing) between the public key and prime number Q is computed as ?. The plain text is the multiplication of the ciphertext and ? -1.

In accordance with an exemplary embodiment, the system 500 is executed in the following environment:
Random-Access Memory: 4 gigabytes;
Processor: Intel(R) Core (TM) i5-2400 CPU;
Speed: 3.10 Gigahertz;
System Type: 32-bit Operating System;
Operating System: Windows 7;
Language: Java 7; and
Libraries: Secure Computation Application Programming Interface and SUN Java Cryptographic Extension.

Figure 4 illustrates a performance graph of the system 500 for licensing an application on at least one user device 300 in accordance with an embodiment of the present disclosure. As illustrated in Figure 4 the rate of increase in time for license validation is much slower than the rate of increase in generation time.

Table 3 represents the values of the prime numbers used for computation for various license key types in bits. As represented in Table 3 and illustrated in Figure 4 the rate of increase in time for license validation is much slower than the rate of increase in generation time.
Table 3
Input (Bits) P (Input size field) Q (Torsion Group Size) S_res (Master Key Size)
32 257698038659 4294967311 67444
64 3940649673957583 35184372088907 3518437208890
128 88473415399444000500477397932259734991819 340282366920938463463374607431768211507 6277101
256 948568795032094272909893509191171341133987714380927500611236528192824358011223383 118571099379011784113736688648896417641748464297615937576404566024103044751402923 67444
512 109836762562089755439710412785302291476310964802292886550311415346968690934362496833960954250583272879636740982263693728593951807995466301001184452657841041367 13729595320261219429963801598162786434538870600286610818788926918371086366795312104245119281322909109954592622782961716074243975999433287625148056582230130171 137295953202612194299638015981627864345388706

TECHNICAL ADVANCEMENTS

The technical advancements offered by the present disclosure include the realization of:
a system and method for licensing an application on at least one user device which is reliable;
a system and method for licensing an application on at least one user device which hides the input key supplied by the license authority; and
a system and method for licensing an application on at least one user device in which the rate of increase in time required for license validation is less than that of license generation.
Throughout this specification the word “comprise”, or variations such as “comprises” or “comprising”, will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps.

The use of the expression “at least” or “at least one” suggests the use of one or more elements or ingredients or quantities, as the use may be in the embodiment of the disclosure to achieve one or more of the desired objects or results.

Wherever a range of values is specified, a value up to 10% below and above the lowest and highest numerical value respectively, of the specified range, is included in the scope of the disclosure.

The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein.