OKAPI Kernel Simulator
Brief description of the Kernel's functionality
The kernel provides an environment that allows the secure ordering and execution of services
(entitlements in the OKAPI terminology). The AUT OKAPI kernel consists of three
functional modules that interact with each other
to provide access to services. These modules are the User, the Service Provider (SPv) and
the Trusted Third Party(TTP). The User is the one that wants to access the services by
using a terminal and an Access Control Unit (ACU) that contains the entitlements granted by the
Service Provider to the User and
the appropriate cryptography keys. The SPv is the module that offers the services for ordering and
subsequently downloading or accessing. Finally, the TTP is an authority that keeps information about
registered and blacklisted ACUs.
The topology of the kernel is shown in the following figure.
The TTP is responsible for creating new ACUs by assigning unique identification numbers to them.
The TTP is also responsible for authorizing every request made by any ACU. If the requesting
ACU is registered and NOT blacklisted then the authorization to process the request is given. Therefore
connection with the appropriate TTP is required to perform kernel operations.
The SPv offers a number of services that registered users can order and access. The SPv keeps
a customer database as well as an access list for ordered entitlements. The promotion of the entitlements is accomplished
through the use of WWW pages that the SPv maintains on its own web server. Each of the
available entitlements for ordering is described and promoted on a separate page.The Service Provider also has the
ability to promote the entitlements it has to offer by providing demonstration versions that are available to the users
without having to previously order the entitlement.
A User can order a new ACU from the TTP, register it and add Service Providers to it.
These Service Providers can then be contacted to order entitlements or just view marketing
information on the available services. During the ordering process of the entitlements, different access
options and periods can be selected. After the ordering process is complete
the User can execute the ordered entitlements that are automatically downloaded from the
SPv and installed in the User's computer. In the case where the access to a service is restricted
to a particular machine or time period the Kernel will not allow the service to execute. Therefore
the SPv essentially acts as a license manager that grants or denies access to entitlements already
located in the user's computer.