Appendix B: Basic Challenge

The Basic Challenge protocol works on the principle of shared secrets. The application and license server independently maintain some number of secret values. The application software challenges the authenticity of a license by requiring the license system to prove that it knows one of the secrets. This allows the application to convince itself that its request for a license was answered by the legitimate License System. Furthermore, a level of mutual authentication is included which proves to the license system that the application also knows the selected secret.

The algorithm also helps to ensure that the arguments sent to the License System were not modified enroute, and that the arguments returned by the License System were received exactly as they were sent.

The Basic Challenge mechanism is supported by all LSAPI-complient license systems. This challenge mechanism is simple and does not require the use of any patented technology.