Software License Management with Smart Cards

This paper describes public-key protocols for binding software licenses to tamper-resistant smart cards, for transferring licenses between cards, and for purchasing them on-line. The protocols support software distribution both through retail stores and over the Internet. The user can transfer licenses from several cards onto a single card to avoid juggling between several cards in the reader. The protocols are based on signed delegation certificates that are mostly stored outside the smart card. A smart card reader and cards capable of public-key signatures are the only new hardware needed. The protocols are easy for the user and simple to implement and analyze. We prove the security of the transfer protocol.