OKAPI Kernel Simulator

Brief description of the Kernel's functionality

The kernel provides an environment that allows the secure ordering and execution of services (entitlements in the OKAPI terminology). The AUT OKAPI kernel consists of three functional modules that interact with each other to provide access to services. These modules are the User, the Service Provider (SPv) and the Trusted Third Party(TTP). The User is the one that wants to access the services by using a terminal and an Access Control Unit (ACU) that contains the entitlements granted by the Service Provider to the User and the appropriate cryptography keys. The SPv is the module that offers the services for ordering and subsequently downloading or accessing. Finally, the TTP is an authority that keeps information about registered and blacklisted ACUs. The topology of the kernel is shown in the following figure.

Kernel Topology

The TTP is responsible for creating new ACUs by assigning unique identification numbers to them. The TTP is also responsible for authorizing every request made by any ACU. If the requesting ACU is registered and NOT blacklisted then the authorization to process the request is given. Therefore connection with the appropriate TTP is required to perform kernel operations.

The SPv offers a number of services that registered users can order and access. The SPv keeps a customer database as well as an access list for ordered entitlements. The promotion of the entitlements is accomplished through the use of WWW pages that the SPv maintains on its own web server. Each of the available entitlements for ordering is described and promoted on a separate page.The Service Provider also has the ability to promote the entitlements it has to offer by providing demonstration versions that are available to the users without having to previously order the entitlement.

A User can order a new ACU from the TTP, register it and add Service Providers to it. These Service Providers can then be contacted to order entitlements or just view marketing information on the available services. During the ordering process of the entitlements, different access options and periods can be selected. After the ordering process is complete the User can execute the ordered entitlements that are automatically downloaded from the SPv and installed in the User's computer. In the case where the access to a service is restricted to a particular machine or time period the Kernel will not allow the service to execute. Therefore the SPv essentially acts as a license manager that grants or denies access to entitlements already located in the user's computer.