JP2008003928A - Download system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent data downloaded or the like from being illegally used. <P>SOLUTION: In a receiving and storing process from acquiring data provided with a client identification information storage area secured to store client identification information by receiving the data, or the like till storing the data, a generation module to be executed in the receiving and storing process has a submodule for acquiring client identification information of a client and a submodule for writing the acquired client identification information in the client identification information storage area provided in the data received or the like, and compares the stored client identification information with client identification information of a client for performing execution processing to determine whether to allow execution after the client identification information is entirely or partially stored in the client identification information storage area. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a download system, and more particularly to a download system that allows data such as a program to be used only by the client when the data is downloaded and installed in the client.

  Unauthorized copying of digital data such as programs is a problem. “Unauthorized copy of data” means that a person who originally has the right to use the data duplicates the program to a person who does not have the right to transfer or deliver the data. Introducing and using it for clients.

  In order to prevent such unauthorized copying, for example, a person who distributes a program transmits and distributes the program and a serial key for executing the program through different paths, or downloads the program. The unique information of the client to be introduced is transmitted to the program distribution server, the unique information received by the distribution server is embedded in the program, and the program that can be executed only by the client is distributed. However, if both the program and its serial key are transferred, the client can execute the program even if the client does not have rights, and the problem is not solved, and the client's unique information is sent to the distribution server. There is a problem from the viewpoint of protecting personal information and privacy.

On the other hand, the completion of downloading of the program is detected, it is determined whether or not the client's unique information is included when the downloaded program is installed. (1) When it is determined that the unique information is not included, the unique information It is determined whether the task that has been included is the same as the task that detected the completion of download, and if it is determined to be the same, the client specific information is additionally recorded in the downloaded program. (2) When it is determined that the unique information is included, it is possible to determine whether the included unique information matches the unique information of the client, thereby preventing an unauthorized program from being executed. It is known (for example, refer to Patent Document 1).
JP 2005-141454 A

  However, in the technique disclosed in Patent Document 1, the task that has detected the download needs to be the same as the task that has determined whether the downloaded program contains unique information. For this purpose, it is necessary to execute the program immediately after downloading the program.

  On the other hand, distributed programs are becoming more complex and sophisticated, and the program size tends to increase. In recent years, the upper limit of the communication speed has increased due to the use of optical fibers, etc., but due to the congestion of communication due to an increase in users and the like, the substantial increase in communication speed has not caught up with the increase in program size. For this reason, more time is required for downloading the program. Therefore, in the technology disclosed in Patent Document 1, the client user needs to wait until the program download is completed and immediately execute the program, which is inconvenient for the user. For example, when a plurality of programs are downloaded together and time is available at a later date, the plurality of programs cannot be executed, which is uncomfortable.

  Further, Patent Document 1 does not disclose that the downloaded program refers to the unique information additionally recorded in the downloaded program. For this reason, the downloaded program (for example, Setup.exe shown in FIGS. 3B and 3C of Patent Document 1) is used as an unauthorized installation prevention program described in claim 1 of Patent Document 1 or the like. The effect of preventing unauthorized installation is exhibited only when it is executed via the Internet. If the downloaded program is directly executed without using the unauthorized installation prevention program, the unauthorized installation cannot be prevented.

  Therefore, the present invention provides a client, a system, or the like that is not used for illegal execution even when data such as a downloaded program is directly executed without using an unauthorized installation prevention program. Objective.

  In order to solve such an object, in the present invention, in a receiving and accumulating process from receiving and acquiring data including a client identification information storage area secured for storing client identification information to accumulating. A generation module that is executed in the reception and accumulation step acquires a client identification information of the client; a submodule that writes the acquired client identification information to a client identification information storage area included in received data; and And a download system comprising such a client.

  With such a configuration, client identification information is transparently written from the client user (that is, the user) in the client identification information storage area included in the data in the process from acquisition to accumulation by downloading data or the like. Does not require a separate process for writing client identification information), and can be used only by the client, thus solving the problem.

  Data obtained by downloading is executed after the client identification information is stored in the client identification information storage area and the stored client identification information is compared with the client identification information of the client performing the execution process. You may comprise as a program provided with the determination module for determining whether a process is permitted.

  With such a configuration, the program in which client identification information is transparently written from the user of the terminal and stored in the client identification information storage area of the program in the process from acquisition to accumulation by downloading the program etc. Can only run on that client, so the problem is solved.

  In addition, in the client identification information storage area included in the data acquired by downloading or the like, a storage area initial value that is a value calculated by referring to a portion other than the client identification information storage area of the data is stored, The generation module downloads using a sub-module that calculates a storage area initial value by referring to a part other than the client identification information storage area of the received data in the reception and accumulation step, and the calculated storage area initial value For example, the sub-module may be configured to detect the presence or absence of a storage area for data acquired by the above method.

  With such a configuration, even if general data that does not have a storage area is downloaded and downloaded, the data can be downloaded without being modified, and for data that has a client identification information storage area, The effect that the position of the client identification information storage area can be made variable is obtained.

  Further, when the generation module detects that the acquired data has a client identification information storage area, the generation module detects whether a value other than the storage area initial value is stored in the detected client identification information storage area. It may consist of submodules.

  With such a configuration, it is possible to detect that data acquired by a client and having the client identification information of the client written in the client identification information storage area has been downloaded to another client. It is possible to detect that the above has been performed.

  In addition, in the download system including the client and the server configured as described above, arbitrary data can be input to the server, and the input program is provided with a function for securing a client identification information storage area. It is also possible to take a different configuration.

  As a result, it is possible to easily distribute data that can be used only by the client of the distribution destination.

  In addition, data stored for distribution in the server or data distributed by the server may be encrypted.

  Thereby, especially when data is a program, it is possible to prevent cracking by obfuscating the algorithm for obtaining and comparing the client identification information.

  According to the present invention, since the client identification information is transparently written from the client user in the client identification information storage area included in the data in the process from acquisition to accumulation by downloading the data or the like, the accumulated data is The effect that it can be executed only by the client can be obtained, and illegal copying of data can be prevented.

  Hereinafter, the best mode for carrying out the present invention will be described with reference to the drawings as an embodiment. Note that the present invention is not limited to these embodiments, and can be implemented in various modes without departing from the scope of the invention.

(Embodiment 1)
As Embodiment 1, in the reception accumulation process from receiving and acquiring data including a client identification information storage area reserved for storing client identification information to accumulation, it is executed in the reception accumulation process. The generation module is configured to have a sub-module that acquires the client identification information of the client and a sub-module that writes the acquired client identification information to a client identification information storage area included in the received data. A download system composed of clients will be described.

  FIG. 1 illustrates a functional block diagram of a download system 1 according to the embodiment. The download system 100 includes a server 101 and a client 102. The server 101 and the client 102 can communicate with each other via a communication network 103 typified by the Internet. The server 101 and the client 102 do not necessarily communicate with each other. For example, the server 101 may write data on a medium and the medium can be read by the client 102. One of the methods for mounting the server 101 and the client 102 is to use an electronic computer and operate a program for realizing the units and means described below.

  The server 101 includes a transmission data storage unit 104 and a transmission unit 105.

  The “transmission data storage unit” 104 stores data including a client identification information storage area. Here, “data” mainly means digital data. Examples of digital data include data for reproducing music, data for reproducing video and still images, programs, and the like. In addition, in the case of a program, there is data that can be executed by itself, and there is data in a format that can be executed in combination with other modules. For example, there are objects having extensions such as “o” and “obj” and libraries having extensions such as “a”, “lib”, “lo”, and “dll”. In this embodiment, it is assumed that such data includes a client identification information storage area. The “client identification information storage area” is an area reserved for storing client identification information. For example, when data is accumulated in the transmission data accumulation unit 104, a client identification information storage area is added to the data. For example, it is added to the start part of data, the middle part of data, or the end part of data. The client identification information storage area may be distributed in a plurality of parts. Further, for example, a part in which data such as a digital watermark is added to image data without adding a new area may be called a client identification information storage area. A free area such as a header area may be used as a client identification information storage area.

  Here, “client identification information” refers to information that can be used to identify a client, and information that has a high probability of different client identification information for different clients. Examples of client identification information include the client's serial number, the MAC (Media Access Control) address of the communication interface provided by the client, and the CPU name, code name, if the client has a CPU (Central Processing Unit), The number of CPUs, the number of clocks that the CPU operates, the presence or absence of overclocking, the serial number unique to the CPU, the name of the motherboard, if the client has a hard disk drive, the serial number when formatting the hard disk, and the client Operating system version number, serial key for operating the operating system, type of installed software, and usage Username, biometric information of the user, information is generated include, also, there is information generated combinations thereof. The client identification information is not limited to the above examples.

  When the server 101 is mounted using an electronic computer, the transmission data storage unit 104 is realized by a main memory or a disk device of the electronic computer.

  “Transmitter” 105 transmits the accumulated data. “Accumulated data” includes data accumulated in the transmission data accumulation unit 104. The transmission is assumed to be performed toward the client 102 or the like via the communication network 103. Another way is to write data to a removable medium.

  When the server 101 is implemented using an electronic computer, the transmission unit 105 is realized using a communication interface of the electronic computer, a device driver for operating the communication interface, a program module for communication, and the like. The Further, it may be realized by a device driver for writing to a medium.

  The client 102 includes a receiving unit 106, a storage unit 107, and a generation module holding unit 108.

  The “reception unit” 106 receives data from the server 101. That is, data transmitted from the transmission unit 105 of the server 101 via the communication network 103 is received. Therefore, the data received here includes data having a client identification information storage area. In addition, a medium in which data is written by the server 101 may be loaded into the client 102, and the medium may be read into the client 102 by reading the medium. It is assumed that the communication network 103 represents that data is introduced through the medium as described above (the same applies to other functional block diagrams).

  When the client 102 is mounted using an electronic computer, the receiving unit 106 is realized by using a communication interface, a device driver for operating the communication interface, a program module for communication, and the like. Further, it may be realized using a device driver that reads a medium.

  The “accumulation unit” 107 accumulates accumulation data. “Storage data” is data generated based on received data. “Based on” means that the data for storage is generated using the received data. As will be described later, if the received data has a client identification information storage area, The data obtained by storing the client identification information in the client identification information storage area is storage data. Also, if the received data does not have a client identification information storage area, the received data becomes storage data as it is.

  When the client 102 is mounted using an electronic computer, the storage unit 107 is realized using a hard disk, a main memory, or the like. In particular, it is mainly assumed that among the programs that realize each part of the client, a program that operates in the user mode is a part of the main memory or a part of the hard disk that can be referred to.

  The “generation module holding unit” 108 holds a generation module. The “generation module” is a module that is executed for accumulation data in a reception accumulation process from reception by the reception unit 106 to accumulation by the accumulation unit 107. In other words, the module is executed while the receiving unit 106 receives data via the communication network 103 and generates data for storage that is data to be stored in the storage unit 107 from the received data.

  It is mainly assumed that the generation module is provided as a program module. Therefore, the generation module holding unit 108 can be realized by the main memory of the electronic computer.

  The generation module includes a client identification information acquisition submodule and a client identification information writing submodule.

  The “client identification information acquisition submodule” acquires client identification information of the client 102. For example, the MAC address of the client 102 is acquired. When the client is realized using an electronic computer, the acquired client identification information is held in a memory or a register.

  The “client identification information writing submodule” writes the client identification information acquired by the client identification information acquisition submodule in the client identification information storage area included in the data received by the receiving unit 106. For example, if a client identification information storage area is provided at the start of the data, the client identification information held in the memory or register is written therein. Further, if the client identification information stored in the client identification information storage area is stored as data such as an electronic watermark of image data, the client identification information is stored as such an electronic watermark. For example, the location of the client identification information storage area in the data is defined in advance by a communication protocol with the server 101 or the like. Further, the position may be different depending on the type of data. In addition, instead of determining the position in the data, there is a place where a specific value such as a specific bit pattern (for example, a hexadecimal number AFAFAFAF considered to appear less frequently in normal data) exists in the data. It may be determined that the client identification information is written.

  When the client 102 is mounted using an electronic computer, the generation module can be realized as a part of a communication interface device driver or a communication program module.

  FIG. 2 is a flowchart for explaining the processing flow of the generation module when the generation module is realized as a device driver or the like. In this case, the generation module may be called whenever a bucket or the like for transmitting data by the server 101 is received or acquired. If so, each time a packet or the like is received from the server 101 or block data for reading the medium is obtained, the process proceeds to step S201, and the packet or block data is transferred from the server 101. Receive. Next, the process proceeds to step S202, and it is determined whether the position of the partial data represented by the received packet or block data includes the client identification information storage area. If the client identification information storage area is included, the process proceeds to step S203; otherwise, the process jumps to step S205. In step S203, client identification information is acquired. This process is performed by the client identification information acquisition submodule. In the next step S204, the client identification information is written into the client identification information storage area. This processing is performed by the client identification information writing submodule. In the next step, the partial data represented by the packet is appended to the read buffer. The read buffer is a buffer that temporarily stores data input by modules higher in the generation module because program modules for communication and the like are hierarchized vertically.

  FIG. 3 is a diagram illustrating an example of the position of the device driver when the client is mounted using an electronic computer. The hardware 301 is in the lowest layer, and an operating system 302 for abstracting the hardware 301 operates as a layer above it. The operating system 302 and the execution program 303 executed thereon constitute a program for realizing a client. The device driver 304 operates inside the operating system, abstracts hardware, and enables the functions of the hardware 301 to be operated from the execution program 303 through a system call API (Application Interface). Examples of the execution program 303 include an ftp client for downloading data, a browser, and the like. The execution program 303 is not limited to these.

  FIG. 4 is an example of a configuration of the hardware 301. The hardware 400 includes a CPU 401, a RAM 402, an external storage medium 403 such as a hard disk, a ROM 404, an input / output interface 405, and a communication interface 406, which are connected to each other via a bus. When the power is turned on, the CPU 401 starts processing from a predetermined address of an initial startup program (for example, BIOS) stored in the ROM 404. The initial startup program reads, for example, the boot program stored in the first sector of the hard disk into the RAM 402, and transfers control to the boot program. For example, the boot program expands an operating system recorded at a predetermined position of the hard disk in the RAM, and transfers control to the operating system. The operating system reads and executes the execution program 303 from the hard disk. For example, the execution program 303 reads an instruction from the user of the client 102 from the input / output interface 405 to which a mouse, a keyboard, and a display are connected, communicates with the server using the communication interface 406, and receives data. To do. At this time, a generation module realized as a device driver operates to generate storage data, which is stored in the RAM 402 or the external storage medium 403.

  In an operating system developed in recent years, a device driver can be provided as a dynamic library, and a generation module can also be provided as such a dynamic library. In addition, the generation module is not realized so as to operate in the kernel of the operating system. For example, the generation module may be incorporated in a system call API or a library using the system call API. Good. Further, it may be incorporated in the execution program 303. For example, if the execution program 303 is a browser, the execution module may be provided as a plug-in for the browser.

(Embodiment 1: Another configuration)
FIG. 5 illustrates a functional block diagram in another configuration of the first embodiment. The download system 500 includes a server 501 and a client 502. The server 501 and the client 502 can communicate with each other via a communication network 503 typified by the Internet.

  The server 501 includes a transmission data storage unit 504 and a transmission unit 505. The difference from the server 101 described above is that the transmission data storage unit 504 has a transmission program storage unit 509.

  The “transmission program storage unit” 509 stores data including a program including the determination module in whole or in part. The “determination module” means the client identification information stored in the client identification information storage area when the program is executed after the client identification information is stored in the client identification information storage area. This is a module for comparing the client identification information of the client performing the processing and determining whether to permit the execution processing. That is, in this configuration, even if data is copied to a client other than the client introduced by downloading the data as a program from the server, the program that is the data is not executed. This is because there is a high probability that the client identification information of the downloaded client is different from the client identification information of the client who performs the copy and executes the program.

  It is possible to add a determination module later to a program without a determination module. When a program used for this addition is called a conversion program, the conversion program may be operated by the server 501 and the program obtained as a result of the conversion program may be stored in the transmission program storage unit 509. . Further, the conversion program may operate on a conversion server that is a server other than the server 501, and may be configured as a so-called application service provider. That is, the server 501 once transmits a program without a determination module to the conversion server, and the conversion server operates the conversion program and returns a program with the determination module added. The server 501 stores the returned program in the transmission program storage unit 509.

  FIG. 6 shows an example of the structure of a program that does not have a client identification information storage area and the structure in which a program having such a structure has a client identification information storage area. 6A shows an example of the structure of a program that does not include a client identification information storage area. The program includes a header area 601,. text region 602,. data area 603. A header area 601 includes a magic number indicating that the format is an execution format,. It holds the size of the area such as the text area 602, the entry point address, and the like. . A text area 602 is an area in which instructions are stored. . The data area 603 is an area including initialized data. Note that the program structure differs for each operating system, and is not limited to the examples in this specification. For example,. The data area is first, then. There is a text region,. An rsrc region or the like may follow thereafter.

  FIG. 6B illustrates an example of a structure in which a client identification information storage area 604 is provided in the program having the structure illustrated in FIG. Here, the client identification information storage area 604 includes. arranged following the text region 602,. It is provided as a part of the text area 602. Of course, the arrangement of the client identification information storage area 604 is not limited to that illustrated in FIG. For example, it is secured in a free area of the header area 601 or the header area 601. You may arrange | position between text areas. Also,. It may be arranged following the data area 603.

  The client 502 includes a receiving unit 506, a storage unit 507, a receiving module holding unit 508, and a client identification information generating unit 510. The difference from the client 102 described above is that a client identification information generation unit 510 is further provided.

  The “client identification information generation unit” 510 is a unit that generates client identification information that can be used by the determination module. For example, if the client identification information is a MAC address, it is constituted by a hardware or software module that reads the MAC address. Further, if the client identification information is calculated as a combination of a plurality of pieces of information such as a combination of a MAC address and a CPU name, it is configured by a module that reads each piece of information and calculates the combination. The read client identification information and the calculated client identification information are stored in a register or a memory area so that they can be used by the determination module.

  FIG. 7 exemplifies a flowchart for explaining the processing flow of the determination module when the program stored in the transmission program storage unit 509 is executed after being downloaded and introduced to the client. First, as step S701, the client identification information stored in the client identification information storage area provided in the program is read. For example,. When a client identification information storage area is provided after the text area 602,. Client identification information stored in an area of a predetermined size is read from the end of the text area. In step S702, the client identification information generation unit 510 generates and acquires client identification information of the client that performs the program execution process. In step S704, the client identification information read in step S701 is compared with the client identification information acquired in step S702. In step S705, the comparison result is determined. If the comparison results are the same, or if the two pieces of client identification information meet the predetermined conditions, the process proceeds to step S706 and the program execution process is permitted. For example, the processing of the part of the program to be executed following execution of the determination module is continued. If the comparison results are different and the two pieces of client identification information do not match under a predetermined condition, the process proceeds to step S707 and the program execution process is not permitted. For example, the program execution is forcibly terminated.

  FIG. 8 illustrates a flowchart for explaining the flow of processing in the server and the client from the client side. In step S801, a communication session with the server is established. On the server side, for example, a listen system call is executed to wait for establishment of a communication session, and on the client side, a communication system call is executed to establish a communication session. In step S802, a predetermined amount of information is read through the generation module. The predetermined amount is, for example, the size of a buffer for reading by a read system call. The read system call at the client is processed in accordance with the write of the data stored in the transmission data storage unit of the server. That is, when data is passed from the communication interface 406 of the hardware 301 to the execution program 303, the generation module operates to write the client identification information in the client identification information storage area and write it to the read buffer. The read data is read by the read system call. When the reading is completed, it is determined in step S803 whether or not it is EOF (End of File). If so, the process is ended. If it is not EOF, the read data is added to the hard disk or the like, and the process returns to step S802.

  In many operating systems, as described above, data reading through communication with the server is performed in substantially the same manner as file reading. Therefore, in the present embodiment, it has been described that the data is transmitted from the server. However, when the client reads data recorded on a medium such as a CD-ROM on which the program is recorded by the server, the generation module is executed. It may be like this. That is, data including a client identification information storage area is recorded on the medium, and the generation module is executed in the process of reading and storing the recorded data, and the client provided in the data The client identification information of the client may be written in the identification information storage area.

  According to the present embodiment, client identification information is transparently written from the client user in the client identification information storage area included in the data in the process from acquisition to accumulation by downloading data, etc., and only the client Therefore, unauthorized use of data due to unauthorized copying can be prevented.

(Embodiment 2)
As Embodiment 2, the client identification information storage area included in the data acquired by downloading or the like stores a storage area initial value that is a value calculated by referring to a portion other than the client identification information storage area of the data. The generation module uses a sub-module that calculates a storage area initial value by referring to a portion other than the client identification information storage area of the received data in the reception and accumulation step, and the calculated storage area initial value. An embodiment configured using submodules for detecting the presence or absence of a storage area for data acquired by downloading or the like will be described.

  In this embodiment, the client identification information storage area of the data stored in the transmission data storage unit of the server stores a storage area initial value. Here, the “storage area initial value” is a value calculated with reference to a portion of the data other than the client identification information storage area.

  FIG. 9 shows an example of calculation of the storage area initial value. As shown on the left side of FIG. text region,. A program consisting of a data area is data,. When a client identification information storage area (abbreviated as “storage area” in FIG. 9) is provided following the text area, the storage area initial value that is a value stored in the storage area is a value other than the storage area. A header area,. text region,. It is calculated with reference to the data area. Note that the storage area initial value is the header area,. text region,. It is not necessary to calculate with reference to all parts of the data area, and it may be calculated with reference to a part thereof.

  FIG. 10 shows a header area,. text region,. a header region that is part of the data region,. The storage area initial value is calculated with reference to the text area and stored in the storage area. As described above, when the storage area initial value is calculated with reference to the part before the storage area, there is an advantage that the presence / absence of the storage area can be detected without reading all the data. In addition, even in a portion after the storage area, a portion separated by a distance within about the size indicated by the same buffer size that is an input / output unit such as data transmission and reception (for example, by a certain reading, The part read into the same buffer as the storage area (Examples using specific numbers are as follows. That is, the buffer size is 1024 bytes and the storage area is from 1030 bytes to 50 bytes of data. If the storage area initial value is calculated by referring to the portion from 1080 bytes to 2048 bytes, the same advantage can be obtained.

  In this embodiment, as illustrated in FIG. 11, the generation module 1101 held by the generation module holding unit of the client is stored in addition to the client identification information acquisition submodule 1102 and the client identification information writing submodule 1103. An area initial value calculation submodule 1104 and a storage area detection submodule 1105 are provided.

  The “storage area initial value calculation submodule” 1104 calculates a storage area initial value by referring to a data portion other than the client identification information storage area in the reception and accumulation process. The algorithm for calculating the storage area initial value by the storage area initial value calculation submodule is substantially the same as the algorithm for calculating the storage area initial value stored in the client identification information storage area of the data stored in the transmission data storage unit of the server. Are equivalent. “Substantially equivalent” means that the same output (here, the data part other than the client identification information storage area) is the same output (here, even if the expression of the program embodying the algorithm is the same or different. In this case, the storage area initial value is given.

  Here, as an algorithm for calculating the storage area initial value, for example, a hash value calculation algorithm that converts variable-length information into information of a certain size can be used. More specifically, SHA or MD5 can be used. Further, the value calculated by such an algorithm may be further encrypted using a server secret key or the like. As a result, it is possible to prevent the same value as the storage area initial value from appearing outside the client identification information storage area and erroneously writing.

  The “storage area detection module” 1105 detects the presence or absence of a client identification information storage area in the received data. For example, it is determined whether or not the same value as the storage area initial value calculated by the storage area initial value calculation submodule is stored in the client identification information storage area. It is determined that there is a region, otherwise it is determined that it does not exist. If it is determined that the client identification information storage area exists, the client identification information writing module writes the client identification information in the client identification information storage area determined to be present.

  Further, when the initial value of the storage area is calculated from the part read into the same buffer as the client identification information storage area even if there is a part before or after the client identification information storage area as shown in FIG. The generation module calculates the storage area initial value while receiving data, determines whether the storage area initial value calculated so far appears in the newly received part, The presence or absence of a client identification information storage area may be detected.

  In this embodiment, even general data that does not have a storage area can be downloaded without being modified even if it is obtained by downloading or the like, and data that has a client identification information storage area can be downloaded. Even if it exists, the effect that the position of the client identification information storage area can be changed is acquired. For example, the location of the client identification information storage area can be changed each time data is downloaded or data is stored in the transmission data storage unit, making it difficult to illegally copy data.

(Embodiment 3)
As Embodiment 3, when the generation module detects that the acquired data has a client identification information storage area, whether or not a value other than the storage area initial value is stored in the detected client identification information storage area A case in which the sub module is configured to detect the above will be described.

  FIG. 12 is an example of a configuration of the generation module in the present embodiment. In this embodiment, the generation module 1201 includes a storage area initial value calculation submodule 1204, a storage area detection submodule 1205, in addition to the client identification information acquisition submodule 1202 and the client identification information write submodule 1203. And a fraud detection submodule 1206.

  When it is detected that the received data has a client identification information storage area, the “fraud detection submodule” 1206 determines whether a value other than the storage area initial value is stored in the detected client identification information storage area. To detect. If the data structure or the position of the client identification information storage area in the data is determined in advance or the position can be calculated from the information stored in the data header area, etc. It is possible to calculate a storage area initial value by referring to the portion. Then, it can be determined whether or not the calculated storage area initial value is stored in the client identification information storage area.

  If the calculated initial value of the storage area is not stored in the client identification information storage area, the received data is not normally received from the server and has been altered in the middle or from the server It is received by another client, and it is found that it has been received, and it is possible to detect that some kind of fraud has been performed. When fraud is detected in this manner, data acquisition may be stopped or data may be destroyed. Alternatively, it may be displayed via the input / output interface 405 that fraud is present in the client user.

  As described above, in this embodiment, it is possible to detect that data obtained by a client and having the client identification information of the client written in the client identification information storage area is downloaded to another client. It is possible to detect that an illegal act has been performed.

(Embodiment 4)
As a fourth embodiment, a description will be given of a download system in which arbitrary data can be input to a server and the input program has a function of securing a client identification information storage area.

  FIG. 13 illustrates a functional block diagram of a download system according to the fourth embodiment. The download system includes a server 1301 and a client 1302. The server 1301 and the client 1302 can communicate with each other via a communication network 1303 or the like.

  The server 1301 includes a transmission data storage unit 1304, a transmission unit 1305, a data input unit 1309, and a storage area reservation unit 1310. The transmission data storage unit 1304 may further include a transmission program storage unit.

  The client 1302 includes a receiving unit 1306, a storage unit 1307, and a generation module holding unit 1308. Note that the client 1302 may further include a client identification information generation unit.

  Therefore, the configuration of the download system according to the present embodiment is a configuration in which the server further includes the data input unit 1309 and the storage area securing unit 1310 in the download system according to the first embodiment.

  A “data input unit” 1309 inputs arbitrary data. For example, data is received from a company that has generated data using a predetermined protocol, or data recorded on a medium sent from a company that has generated data is read.

  A “storage area securing unit” 1310 secures a client identification information storage area in the data input to the data input unit 1309. For example, the client identification information storage area is secured at a predetermined position among the data start part, the data middle part, and the data end part. Further, if the client identification information storage area is a portion added as data such as digital watermark such as image data, an initial value of data such as digital watermark to be added may be set. This initial value may indicate, for example, who and when the data was input to which server.

  FIG. 14 is a flowchart illustrating the processing flow of the server in the download system according to the fourth embodiment. In step S1401, the data input unit 1309 inputs arbitrary data. In subsequent step S1402, the storage area securing unit 1310 secures a client identification information storage area for the input data. In step S1403, the transmission data storage unit 1304 stores data.

  By configuring the download system server in this way, it is possible to easily distribute data that can be used only by the client of the distribution destination.

(Embodiment 5)
As a fifth embodiment, a description will be given of a download system including a server that adds a determination module to a program when data including the whole or a part of the program is input.

  FIG. 15 illustrates a functional block diagram of a download system according to the fifth embodiment. The download system 1500 includes a server 1501 and a client 1502. A server 1501 and a client 1502 can communicate with each other via a communication network 1503 or the like.

  The server 1501 includes a transmission data storage unit 1504, a transmission unit 1505, a data input unit 1509, a storage area securing unit 1510, and a determination module addition unit 1511. The transmission data storage unit 1504 may further include a transmission program storage unit.

  The client 1502 includes a reception unit 1506, a storage unit 1507, and a generation module holding unit 1508. Note that the client 1502 may further include a client identification information generation unit.

  Therefore, the configuration of the download system according to the present embodiment is a configuration in which the server further includes a determination module adding unit 1511 in the download system according to the fourth embodiment.

  The “determination module addition unit” 1511 is a unit that adds a determination module to the data input to the data input unit 1509. In this case, the data input to the data input unit 1509 is preferably a program. However, it may not be a program. For example, in the case of music reproduction data, the reproduction program may read the determination module added to the data and execute the determination module.

  FIG. 16 shows an example of adding a determination module. The header area as shown in FIG. a text region; It is assumed that a program consisting of a data area is input. In this case, as illustrated in FIG. 16B, the storage area securing unit 1510 secures the client identification information storage area, and then the determination module adding unit adds the determination module before the client identification information storage area. Is done.

  Although it has been described that the client identification information storage area is secured and then the determination module is added, the determination module may be added first. In FIG. 15, the program is stored in the transmission data storage unit 1504 after the determination module is added. However, the determination module is added to the program stored in the transmission data storage unit 1504. Instead, a determination module may be added to the program at the time of transmission by the transmission unit 1505.

  In this embodiment, since the determination module is added on the server side, the program creator does not need to add the determination module to create the program. In addition, how the client identification information is analyzed by analyzing the processing of the judgment module source code and the object code with the symbol table necessary for linking the judgment module to the creator of the program. It can be prevented that the comparison or the like is made publicly known.

(Embodiment 6)
As the sixth embodiment, a description will be given of an embodiment in which data accumulated for distribution to the server or data distributed by the server is encrypted.

  FIG. 17 illustrates a functional block diagram of a download system according to the sixth embodiment. The download system 1700 includes a server 1701 and a client 1702. The server 1701 and the client 1702 can communicate with each other via a communication network 1703 or the like.

  The server 1701 includes a transmission data storage unit 1704, a transmission unit 1705, a data input unit 1709, a storage area securing unit 1710, and an encryption unit 1711. Note that the server 1701 may further include a determination module addition unit. The transmission data storage unit 1704 may further include a transmission program storage unit.

  The client 1702 includes a receiving unit 1706, a storage unit 1707, and a generation module holding unit 1708. Note that the client 1702 may further include a client identification information generation unit.

  Therefore, the configuration of the download system according to the present embodiment is a configuration in which the server further includes the encryption unit 1711 in the download system according to the fifth embodiment.

  The “encryption unit” 1711 encrypts the input data. At this time, it is preferable to encrypt the data other than the client identification information storage area secured by the storage area securing unit 1710 in the data. This is because when the client performs decryption, the value stored in the client identification information storage area is decrypted, so that the value is changed, and the existence of the storage area initial value is present as in the second embodiment. This is because it may be difficult or impossible to detect the presence or absence.

  The encryption is performed using the secret key of the server 1701, for example. Further, the encryption may be performed immediately before data is transmitted by the transmission unit 1705 rather than being performed before the data is stored in the transmission data storage unit. As a result, encryption can be performed using a shared key determined between the server 1701 and the client 1702, and the cost of data encryption required by the server and the cost of decryption required by the client can be reduced. it can.

  The purpose of encryption in the server 1701 is obfuscation of data on the client or on the data acquisition path by the client. For example, what kind of data structure is used, and the client identification on the structure This makes it difficult to analyze the position of the information storage area.

  In the present embodiment, the data may be general-purpose data, but it is preferable that all or part of the data is a program. In this case, it is preferable that the encrypted program which is the whole or a part of the encrypted data is self-decrypted by the client.

  FIG. 18 illustrates a functional block diagram of the download system in such a case. The download system 1800 includes a server 1801 and a client 1802. The server 1801 and the client 1802 can communicate with each other via a communication network 1803 or the like.

  The server 1801 includes a transmission data storage unit 1804, a transmission unit 1805, a data input unit 1809, a storage area securing unit 1810, a determination module addition unit 1811, and an encryption unit 1812. The encryption unit 1812 has a decryption module addition unit 1813. If all or part of the data is a program, the transmission data storage unit 1804 further includes transmission program storage means.

  The configuration of the client 1802 is the same as that of the client 1702 in FIG.

  The “decryption module adding unit” 1813 adds a decryption module. The “decryption module” is a module that decrypts and executes the portion encrypted by the encryption unit 1812. Here, “decryption” means decryption processing performed prior to execution processing at the client.

  FIG. 19 shows an example of how the program changes when all or part of the data input to the server 1801 is a program. As shown in FIG. 19A, the header area,. a text region; It is assumed that a program configured as a data area is input. In this case, the storage area securing unit 1810 and the determination module adding unit 1811 secure the client identification information storage area as shown in FIG. Added to the text area. Next, as shown in FIG. text region,. The data area is encrypted and encrypted. text field, encryption. It becomes a data area. Then, the decryption module is added by the decryption module adding means as shown in FIG. An arrow line extending from the header to the decryption module indicates that the entry point has been rewritten and that the decryption module is first executed. As a result, when the program shown in FIG. 19D is executed, the encoding module is executed first, and encryption. text, encryption. before the data is decrypted and encrypted. Data before the encryption using data in the data area. The instruction in the text area is executed. It was decrypted. data area data,. The instructions in the text area may be arranged in the heap area of the process that executes the program. The above technique is disclosed in Japanese Patent Application No. 2000-90787 filed by the applicant.

  In this embodiment, since the determination module is encrypted, it is difficult to analyze the algorithm of the determination module, and it is difficult for others to know how to acquire client identification information, compare client identification information, and the like. Thus, unauthorized use of the program can be further prevented.

(Embodiment 7)
As an embodiment 7, an example will be described in which a program downloaded in the reception / accumulation step expands and starts a program for installation or the like.

  FIG. 20 illustrates the structure of a program described as “a program for installation”. If this program is called “Setup.exe”, this program includes a “check module”, and this check module is called Setup.exe. It is executed during the execution of exe.

  FIG. 21 exemplifies a flowchart for explaining the flow of processing of the check module. First, in step S2101, the check module reads data stored in a predetermined area. The “predetermined area” means Setup. It is a predetermined area that can be accessed by both exe and programs downloaded by the reception and accumulation process. This area is, for example, Setup. It may be provided in a shared memory shared by a process for executing exe and a process for executing a program downloaded by the reception and accumulation step. Alternatively, it may be provided at a predetermined position of a storage medium such as a hard disk. In addition, the area may be provided in a server that can be accessed through network communication such as a file server installed outside. Note that “reading” may include, for example, obtaining data stored in a predetermined area and performing processing such as decoding.

  In step S2102, it is determined whether the data read in step S2101 is equal to a predetermined value. The “predetermined value” is a value that can be determined to be set by a process that executes a program downloaded by the receiving and accumulating process. For example, a fixed value, identification information such as a client that executes the process, or the like A value calculated by using.

  If it is determined that the data read in step S2101 is equal to the predetermined value, the process proceeds to step S2103. That is, the processing is continued to the module to be executed next to the check module. If it is not determined that the data read in step S2101 is equal to the predetermined value, the process proceeds to step S2104. The processing is interrupted when the processing proceeds to step S2104. That is, Setup. Execution of exe is interrupted in step S2104.

  As a result, Setup. Only when exe is started by a process that executes a program downloaded by the reception accumulation step, Setup. The processing of exe will be continued.

  The check module is, for example, Setup. It may be handed over to a company that produces exe as a library. Alternatively, the dynamic execution library may be provided as a dynamic execution library, and the calling method may be communicated to the company, and the main body of the dynamic execution library may be installed in the client.

  FIG. 22 shows an example of the structure of a program downloaded by the reception accumulation process. If this program is called “HTSetup.exe”, HTSetup.exe is called. exe has a determination module, a client identification information storage area, and Setup. exe in an expandable format. “Expandable format” refers to Setup.com in a temporary folder such as C: \ temp. A form in which a file or folder for storing exe can be created. For example, HTSetup. In the data area of exe, Setup. The exe program code is stored as it is. Alternatively, Setup. The program code of exe is HTSetup. In a form that can be decrypted by exe, HTSetup. stored in the exe data area.

  Due to such a structure, Setup. with companies that produce exe, HTSetup. It can be made different from a company that produces exe. That is, Setup. exe is received from other companies, and HTSetup. Establish a company dedicated to producing exe.

  FIG. 23 shows HTSetup. After exe is stored on the client, HTSetup. It is a flowchart explaining the flow of the process performed when exe is started.

  In step S2301, a determination module is executed. If the execution client is HTSetup. If exe is a client accumulated in the reception accumulation process, the process continues to step S2302 after the process of the determination module. However, the executing client is HTSetup. If exe is different from the client accumulated in the reception accumulation process, the process is interrupted in step S2301, and the process does not continue to step S2302.

  In step S2302, predetermined data is stored in a predetermined area. For example, predetermined fixed value data, HTSetup. The identification information of the client or the like in which exe is activated, the value calculated using the identification information, and the like are stored in a predetermined area.

  In step S2303, the temporary. exe is expanded and Setup. exe is started. As a result, the processing shown in FIG. 21 is performed.

  In step S2304, Setup. Wait for exe to finish.

  In step S2305, a predetermined area is cleared or deleted.

  The above is summarized as follows. (1) For example, when company A generates a program such as an installer (for example, Setup.exe), is there a specific predetermined data (for example, a specific character string) in a predetermined area such as a shared memory? Embed a module such as a library to be checked. (2) For example, Company B has a binary level of a program (for example, HTSetup.exe) having a client identification information storage area and a function for writing predetermined data in a predetermined area such as a shared memory. In Setup. Combine with exe. Bind to here is HTSetup. When executing exe, Setup. exe can be generated. It means to be incorporated into exe. For example, HTSetup. In the data area of exe, Setup. Import the contents of the exe file. If necessary, Setup. The contents of the exe file are encrypted, and HTSetup. The encrypted content may be decrypted when exe is executed. (3) HTSetup. When the exe is downloaded and installed in the client, the client identification information is set to Setup. exe is written in the client identification information storage area. (4) HTSetup. When exe is started, HTSetup. The exe determination module includes the client identification information written in the client identification information storage area, the HTSetup. exe is compared with the client identification information of the client on which the exe has been started, and if the same or compatible, the HTSetup. Other processing of exe is performed. As a result, predetermined data is written in a predetermined area such as a shared memory. (5) Also, HTSetup. exe is set up in Setup. exe is expanded and stored in a temporary folder, and Setup. exe is started. (6) Setup. When exe confirms that the predetermined data is written in the predetermined area, the processing is continued, and the predetermined area is not accessible or the predetermined data is not written. If so, the process is canceled. (7) Setup. If the predetermined area becomes unnecessary because the exe process is finished, the predetermined area is cleared or discarded.

  With the above configuration, HTSetup. exe can be executed only by the client that has undergone the reception and accumulation process. Also, Setup. exe is an HTS setup. Only executed when run from exe.

Functional block diagram of a download system according to embodiment 1 Generation module processing flowchart Example diagram showing the position of the device driver Example of hardware configuration Functional block diagram of another configuration of the download system according to the embodiment 1 Example of program structure Flow chart of processing of judgment module Flowchart explaining processing of download system from client side Example of storage area initial value calculation Example of storage area initial value calculation FIG. 10 is an example of a configuration of a generation module according to the second embodiment. Example of configuration of generation module in embodiment 3 Functional block diagram of a download system according to Embodiment 4 Flowchart of download system processing according to embodiment 4 Functional block diagram of a download system according to Embodiment 5 Example of adding a judgment module Functional block diagram of a download system according to Embodiment 6 Another functional block diagram of the download system according to the sixth embodiment Example of processing for input program Example of program structure such as installation Flow chart of processing of program check module such as installation An example of the structure of a downloaded program Flow chart of processing of downloaded program

Explanation of symbols

100 download system 101 server 102 client 103 communication network 104 transmission data storage unit 105 transmission unit 106 reception unit 107 storage unit 108 generation module holding unit

Claims (9)

A download system consisting of a server and a client,
The server
A transmission data storage unit for storing data including a client identification information storage area reserved for storing client identification information;
A transmission unit for transmitting the accumulated data;
Have
The client
A receiving unit for receiving the data from the server;
An accumulation unit for accumulating accumulation data generated based on the received data;
A client identification information acquisition sub-module that acquires the client identification information of the client, and is a module that is executed for generating the storage data in the reception and accumulation process from the reception to the accumulation, and the acquired client identification A generation module holding unit that holds a generation module having a client identification information writing sub-module that writes information in a client identification information storage area of the received data;
Download system with. The transmission data storage unit of the server,
After the client identification information is stored in the client identification information storage area in whole or in part, the stored client identification information is compared with the client identification information of the client performing the execution process, and the execution process is permitted. Transmission program storage means for storing data that is a program having a determination module for determining whether or not
The client
The download system according to claim 1, further comprising: a client identification information generation unit that generates client identification information that can be used by the determination module. The client identification information storage area of the data stored in the transmission data storage unit of the server stores a storage area initial value that is a value calculated by referring to a portion other than the client identification information storage area of the data. And
The generation module held by the generation module holding unit of the client is
A storage area initial value calculation submodule that calculates a storage area initial value by referring to a part of data other than the client identification information storage area in the reception and accumulation step;
A storage area detection submodule that detects the presence or absence of a client identification information storage area in the received data;
The download system according to claim 1, further comprising: The generation module held by the generation module holding unit of the client is
A fraud detection sub-module that detects whether a value other than the initial value of the storage area is stored in the detected client identification information storage area when it is detected that the received data has a client identification information storage area The download system according to claim 3. The server
A data input section for inputting arbitrary data;
A storage area securing unit for securing a client identification information storage area for storing client identification information in the input data;
The download system according to claim 1, comprising: The server
Client data stored after the client identification information of the client on which the program is executed is stored in the client identification information storage area when data including all or part of the program is input to the data input unit 6. The download system according to claim 5, further comprising a determination module adding unit for adding a determination module for comparing the identification information with the client identification information of the client executing the program to determine whether the execution process is permitted. .   The download system according to claim 5 or 6, wherein the server includes an encryption unit that encrypts a data portion other than the secured client identification information storage area. The encryption unit is
The decryption module adding means for adding a decryption module for decrypting and executing the encrypted part when data having the whole or a part of the program is input to the data input unit. Download system. A method of operating a download system comprising a server and a client,
In the server,
A transmission data accumulation step for accumulating data having a client identification information storage area reserved for storing client identification information;
A transmission step for transmitting the accumulated data;
Is executed,
In the client,
Receiving the data from the server;
An accumulation step for accumulating accumulation data generated based on the received data;
A module that is executed for generation of the storage data in a reception and accumulation process from the reception to the accumulation, the submodule obtaining client identification information of the client, and the received client identification information A generation module holding step for holding a generation module, and a writing submodule for writing the data into the client identification information storage area
Operating system of the download system where is executed.

Images