JP2002247021A - Method and device for displaying access limited contents - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method and a device enabling a server to execute access limitation such as the permission of contents display only at fixed frequency or only within fixed time in a system for displaying contents including electronic books through a network. SOLUTION: A client reciphers and stores contents deciphered by a decipher key received from a server and receives a redecipher key for redeciphering the reciphered contents from the server.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for displaying contents such as electronic books using a network, in which display restrictions are set for a part or all of the contents, and the authority and the like of a viewer are stored. The present invention relates to an access-restricted content display method and apparatus for displaying and restricting content based on a response from the server by performing communication of display permission to the server.

[0002]

2. Description of the Related Art Conventionally, when displaying content with access restrictions, a part or all of the content is encrypted, and when a viewer displays the content, he or she inputs a decryption key such as a password, A method is used in which display permission communication is performed with a server in which authority and the like are stored, and a decryption key is obtained from the server, thereby decrypting the encrypted content.

[0003] The type of the decryption key is changed according to the information attached to the decryption key and the judgment by the server, whereby the content is displayed to a legitimate viewer, and the unauthorized viewer is displayed. Thus, the display of content can be restricted.

[0004]

In the conventional example, as described above, the decryption process of the viewer is controlled by the information attached to the decryption key and the type of the decryption key without changing the encrypted content itself. Therefore, it is difficult to permit the display of the content only a certain number of times or within a certain time.

[0005] In other words, in the case where access is restricted by information accompanying the decryption key, the information accompanying the decryption key can be re-displayed so that it can be displayed again, or the type of the decryption key can be changed by the judgment of the server. Therefore, when access restriction is performed, if the decryption key received from the server is stored, an attack called a so-called replay attack is performed, and there is a problem that the display can be performed again without being aware of the server.

[0006] The present invention relates to a system for displaying contents including an electronic book using a network.
It is an object of the present invention to provide a method and an apparatus that allow a server to perform access restriction such as permitting display of content only a certain number of times or within a certain time.

[0007]

According to the present invention, there is provided a re-decryption key for re-encrypting and storing contents decrypted by a decryption key received from a server by a client, and re-decrypting the re-encrypted contents. Is received from the server, the decryption key is always obtained by the server by changing the encrypted information itself without changing the content decrypted by the decryption key transmitted from the server. It creates a situation where you have to go.

[0008]

DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 shows an access-restricted content display system D according to an embodiment of the present invention.
It is a block diagram which shows S1.

Access-restricted content display system D
S1 is roughly divided into a server 10 and a client 20.
Are connected by a communication path (network).

[0010] The server 10 has a content database 1
1, an encryption unit 12, a control unit 13, and a key generation unit 14.
, A key database 15, and a network interface unit 16.

The client 20 has a decryption unit 21, a content storage unit 22, and a network interface unit 23.

The decryption unit 21 has a display unit 31, a decryption unit 32, an encryption unit 33, a control unit 34, a time information generation unit 35, and a public key 36.

FIG. 2 is a diagram showing the contents and the flow of operations in the access-restricted contents display system DS1.

FIG. 3 is a diagram showing definitions of terms used in the description of the above embodiment and requirements for encryption.

As shown in FIG. 3, P indicates a public key,
S indicates a secret key, K indicates a common key, T indicates time information as sequential data, and dat indicates content.

[0016] Here, k = 1, 2, ... and, when a suffix indicating the order, its encryption content dat at key K _k, the encrypted content EK _k (dat)
The content dat encrypted with the public key P _k is referred to as encrypted content EP _k (dat), and the content dat decrypted with the secret key S _k is referred to as decrypted content DS _k (dat). Using a key calculated from the time information T _k , the content dat is encrypted,
It is defined as encrypted content ET _k (dat).

The requirement of the common key encryption in the access-restricted information display system DS1 is DK _k (EK _k (dat))
= Dat, and the requirements for public key cryptography are DP _k (EP _k (dat)) when P _k ≠ S _k
≠ dat and DS _k (ES _k (dat)) ≠ dat, DS
It is necessary that _k (EP _k (dat)) = dat. It is not always necessary that the symmetry DP _k (ES _k (dat)) = dat. In other words, what is encrypted with the public key and decrypted with the private key may not be decrypted with the public key.

FIG. 2A shows a process of authenticating the operating environment of the client 20 and transmitting the public key 36 from the server 10 to the client 20.

First, the key generation unit 14 of the server 10 generates key pairs P _s and S _s and transmits only the public key P _s to the client 20.

The problem here is that in order to guarantee future communication, the public key P
_s is different from a normal public key in that the client 20 has a role of a normal secret key indicating that the client 20 is an already authenticated module. In order to keep the public key P _s secret may be considered various methods, for example, or to store the decoding section 21 from the outside such as an IC card chip eavesdropping difficult media to be falsified, the client 20 Server 10 sends a different decryption key and re-encryption key to the client 20 each time the operating environment authentication is required (every time the purpose of unauthorized use is checked). later was carried out (was able to confirm that it is not the purpose of unauthorized use), there is a method such as a mechanism that can receive a public key P _s. Either way, the public key P _s, it is necessary to be available only in legitimate decoding unit 21.

FIG. 2B shows a process in which the server 10 transmits the encrypted content in response to a request from the client 20 and stores the encrypted content in the content storage unit 22.

The client 20 transmits a content request, together with information for specifying the content to be displayed, from the control unit 34 to the server 10 via the network interface unit 23 in response to a user operation or the like.

When the server 10 receives the content request via the network interface unit 16, the control unit 13 specifies a content dat that meets the request from the contents stored in the content database 11. If the content dat exists, the key generation unit 14 generates the key pair P ₁ , S ₁ and, together with the reference information of the content dat, generates the key pair P 1.
₁ and S ₁ are requested to the encryptor 12.

The encryptor 12 obtains the content dat from the content database 11, encrypted with the public key P _1, encrypted content EP ₁ (d in this public key P _k
at). The control unit 13 returns the encrypted content EP ₁ (dat) output from the encryptor 12 to the client 20 via the network interface unit 16 and stores the secret key S ₁ in the key database 15.

The control section 34 of the client 20 receives the encrypted content EP ₁ (dat) received from the server 10 via the network interface section 23 and stores it in the content storage section 22 as it is.

In FIGS. 2 (3) and 2 (4), when the encrypted content EP _k (dat) is displayed on the client 20, the server 10 receives the request from the client 20.
After it is determined that there is no problem in the access restriction, the server 10 transmits a key necessary for decrypting the encrypted content EP _k (dat), the client 20 displays the content, and encrypts the content for the next time. Content EP
_The processing for storing _{k + 1} (dat) in the content storage unit 22 and the abnormal processing in the server 10 are shown.

Here, k = 1, 2,... Are suffixes indicating the order, and the actual processing is performed while incrementing a predetermined counter every time the content is displayed. Further, since the time information T ₀ as the counter information has not been stored in the key database 15 yet, it is determined that the first key acquisition has been performed.

The client 20, in response to operation or the like from a user, and displays the encrypted content EP _k (dat) which is stored in the content storage unit 22. For this purpose, first, the time information generating unit 35 calculates time information T _k as counter information based on the current time and the like, and the control unit 34 obtains the calculated time information T _k .

Here, the time information T _k is calculated so that T _{k + 1} > T _k . For example, if the current time is "2001
/ 2/15 14:20:45 ", then T _k
= 45 + (20+ (14+ (15+ (2 + 2001 × 1
2) Assume x31) x24) x60) x60.

The time information T _k does not necessarily need to be generated from the time, and may be, for example, a number requesting a decryption key. The control unit 34 uses the encryptor 33 to convert the time information T _k obtained from the time information generation unit 35 into the public key 36P _s
To obtain encrypted time information EP _s (T _k ),
The encrypted time information EP _s (T _k ) is transmitted to the server 10 via the network interface unit 23 as a decryption key request.

The server 10 sends the decryption key request (encrypted time information E
Upon receiving P _s (T _k )), the control unit 13 sends the secret key S _s
Is used to decrypt the encrypted time information EP _s (T _k ) to obtain time information T _k . In this case, to use a public key encryption, attacks and rogue clients that are using an invalid public key P _s, in order to guard the time information T _k from the attack to try to eavesdropping.

The control unit 13 of the server 10 compares the obtained time information T _k with the time information T _k-1 stored in the key database 15, and if T _k ≦ T _k−1 , 2
The process branches to the abnormal process shown in (4). At this time, processing according to the access restriction policy is also performed. For example, if there is an access restriction policy of “only within a certain time”, it is determined whether or not the current time managed by the server 10 is within the access restriction.
The process branches to the abnormal process shown in (4). Also, for example,
If there is an access restriction policy "only a certain number of times", the server 10 counts the number of times the decryption key request has been received, and if there is a problem, performs processing such as branching to the abnormal processing in FIG. .

If the control unit 13 of the server 10 determines that there is no problem with the time information T _k and the access restriction policy,
The key generation unit 14 generates the next key pair P _{k + 1} , S _{k + 1} .

The control unit 13 obtains the secret key S _k stored in the key database 15 and encrypts the secret key S _k with the public key P _{k + 1} using the encryption key calculated from the time information T _k . The key pair ET _k (S _k , P _{k + 1} ) is obtained and returned to the client 20 via the network interface unit 16, and the time information T _k and the secret key S _{k + 1} are stored in the key database 15. I do. Here, the encryption key that is calculated from the time information T _k, for example, generated by such applying a T _k to the hash function.

The control unit 34 of the client 20 transmits the encryption key pair E via the network interface unit 23.
When T _k (S _k , P _{k + 1} ) is received from the server 10, it is decrypted using an encryption key calculated from the time information T _k to obtain a key pair S _k , P _{k + 1} . The control unit 34 passes the encrypted content EP _k (dat) and the secret key S _k to the decryption unit 32, and the decryption unit 32 performs the decryption process DS _k (EP _k (da
t)) to obtain the content dat and display it on the display unit 31.

After displaying the content, the control unit 34 of the client 20 passes the content dat and the public key P _{k + 1} to the encryptor 33 for the next (k + 1).
The encrypted content EP _{k + 1} (dat) is obtained and stored in the content storage unit 22.

In FIG. 2D, an abnormal process in the server 10 is executed, and a process of notifying the client 20 that a problem regarding the access restriction or the like has been found in the determination process in the server 10 is stored as a log. Processing and the like are performed.

As described above, the content decrypted by the decryption key received from the server 10 is re-encrypted,
By changing the encrypted content itself,
A situation in which the decryption key must always be obtained by the server 10 can be created.
It is possible to realize an environment in which access is restricted, such as permitting display of content only for a certain number of times or for a certain time.

FIG. 4 is a diagram showing the flow of FIG. 2 in a simplified manner, focusing on the flow of content in the above embodiment.

Content d stored in server 10
at is, encrypted with the public key P _1, is sent to the client 20.

In order to display the encrypted content EP ₁ (dat) on the client 20, the following is performed. That generates time information T _1, the public key P _s that is stored in the client 20 as confidential information, encrypts the time information T _1, then transmitted to the server 10, the server 1
0 transmits the received encrypted time information EP _s (T ₁ ) to the secret key S
decrypted with _s, to retain the time data T _1.

The server 10 generates the next key pair P ₂ , S ₂ , encrypts the secret key S ₁ and the public key P ₂ with T1, and returns it to the client 20. Client 20
Transmits the received encryption key ET ₁ (S ₁ , P ₂ ) to the time information T ₁
In decrypted, to obtain a secret key S _1, encrypted content EP
Decoding the ₁ (dat), displayed, encrypted content dat a public key P ₂ for the next and holds the encrypted content EP ₂ (dat). Substantially the same processing is performed for k = 2 and thereafter.

In the information display device DS1 with access restriction,
When the content is encrypted when stored in the content storage unit 22, the content is encrypted using the public key encryption. Instead of using the public key encryption, the content is encrypted using the common key encryption. You may.

FIG. 5 is a diagram showing an operation of encrypting the content using the common key encryption when encrypting the content when storing the content in the content storage unit 22 in the above embodiment.

Content d stored in server 10
at is encrypted with the common key K ₁ and transmitted to the client 20. In the client 20, to view the encrypted content EK ₁ (dat) generates time information T _1, and encrypted with the public key P _s that are stored as secret information to the client 20, and transfers to the server 10.

The server 10 decrypts the transferred encrypted time information EP _s (T ₁ ) with the secret key S _s and holds the time information T ₁ . Server 10 generates a next encryption key K _2, and a common key K ₁ and K _2, by encrypting the time information T _1, and returns to the client 20. Client 20, the received encryption key _{ET 1 (K 1, K 2} ), decoded by the time information T _1, to obtain a common key K _1, the encrypted content EK ₁ (da
t) is decrypted and displayed, and for the next time, the encryption key K
_{At 2} , the encrypted content EK ₂ (dat) obtained by encrypting the content dat is held.

For k = 2 and thereafter, substantially the same processing as described above is executed.

[0048] When encrypted when stored in the content storage unit 22, using the common key cryptography, since the encryption key K _k and decryption key K _k is the same, decrypted encrypted by time information T _k Then, the risk that the encrypted content EK _k (dat) stored in the content storage unit 22 may be eavesdropped increases, but the calculation cost of the encryption process performed in the client 20 can be reduced. There is the advantage that you can.

FIG. 6 is a diagram showing what effects are obtained in the above embodiment against replay attacks and tampering.

FIGS. 6 (1) and 6 (2) show a replay attack, and FIG. 6 (3) shows a falsification.

The upper part of FIG. 6 shows exactly the same processing as the processing at k = 1 shown in FIG.

FIG. 6A shows that k = 1 on the network.
, The encrypted time information EP _s(T₁Eavesdropping)
This eavesdropped encrypted time information EP_s(T₁) Using dark
Encrypted content EP₁Secret key S for decrypting (dat)₁
Is shown when trying to defraud.

At this time, when the encrypted time information EP _s (T ₁ ) received by the server 10 is decrypted with the secret key S _s and the time information T ₁ is obtained, the decrypted time information T _s (T ₁ ) is obtained. ₁ is
It is determined that the received time information is the same as the time information received last time, and the process branches to abnormality processing. Here, the time information T _k is T _{k + 1} > T _k
Therefore, even if an attempt is made to perform the same fraud at the stage of k = 2 or more, it can be rejected and the processing can be shifted to abnormal processing.

FIG. 6 (2) shows that the encryption key ET ₁ (S ₁ , P ₂ ) in the case of k = 1 is eavesdropped on the network, and is used to encrypt the content EP ₁ (dat).
Shows an attempt to illegally decrypt the.

At this time, since the client 20 has already shifted to the next time information T ₂ (k = 2), the encryption key E received by the unauthorized access impersonating the server 10 has been transferred.
T ₁ (S ₁ , P ₂ ) cannot be decoded with the time information T ₂ , and therefore, can prevent this illegal decoding.

FIG. 6 (3) shows that the public key P
Without using _s , an illegal decryption key request EP _s (T ₂ ′) is created, and the encrypted content EP ₁ (dat) or EP
FIG. 3 is a diagram illustrating a case where an attempt is made to decrypt ₂ (dat) illegally.

Also in this case, the next time information T ₂ (k = 2
State), the client 20
Is ET ₂ ′ (S ₂ , encrypted with time information T ₂ ′)
P ₃ ′) cannot be decoded with the time information T ₂ , and this unauthorized decoding can be prevented. Since the keys S ₂ and S ₁ are different from each other, the encrypted contents EP ₁ (d
at) cannot be decrypted. However, the public key P
If the time information T ₂ ′ is known, for example, if _s is leaked, the private key S ₂ may be illicitly acquired, so it is necessary to strictly manage the public key P _s. is there.

According to the above embodiment, the content decrypted by the decryption key transmitted from the server 10 is re-encrypted and the encrypted content itself can be changed and stored, so that the content is displayed. Prior to the operation, it is necessary to always obtain the decryption key from the server 10,
Accordingly, the server 10 can unify access restrictions such as allowing the content to be displayed a certain number of times or within a certain period of time.

In this manner, in the method of restricting access with information accompanying the decryption key, it is possible to prevent the information from being displayed again by rewriting the information accompanying the decryption key, and the server can change the type of the decryption key. However, in the method of restricting access, the decryption key received from the server is stored, and an attack called a so-called replay attack or the like is performed, so that it is possible to prevent the display again without being related to the server.

Therefore, according to the above embodiment, in a system for displaying contents including electronic books using a network, display restrictions are set for some or all of the contents, and the authority of the viewer is stored. It is possible to construct a system that communicates display permission to the server that has been displayed and displays or regulates content based on a response from the server.

The server 10 transmits a decryption key for decrypting the encrypted content transmitted to a predetermined client and a re-encryption key for re-encrypting the decrypted content to the client. 5 is an example of a server that transmits a re-decryption key for re-decoding the content re-encrypted to the client to the client.

That is, the control unit 13 is an example of an encrypting unit for encrypting a part or all of the content, and is an example of an orderly data storage unit for storing predetermined orderly data. The sequential data is compared with the previous sequential data stored in the sequential data storage means, and if there is no inconsistency, the sequential data received from the client is stored in the sequential data storage means. 5 is an example of a storage control unit that causes the storage control unit to perform the operation.

The key generation means 14 is an example of a re-encryption key generation means for generating a re-encryption key used when the client re-encrypts contents. The network interface unit 16 is an example of a transmitting unit that transmits the decryption key and the re-encryption key to the client.

The client 20 displays and decrypts the content decrypted with the decryption key received from the server, stores the re-encrypted content, and re-decrypts the re-encrypted content. It is an example of a client that receives a decryption key from the server.

That is, the decryptor 32 is an example of a decryption means for decrypting the content using the decryption key received from the server. The display unit 31 is an example of a display unit that displays the decrypted content. Encryptor 33
Is an example of a re-encryption means for re-encrypting a part or all of the content using a re-encryption key received from the server.

The content storage section 22 is an example of storage means for storing the re-encrypted content. The time information generation unit 35 is an example of a sequential data generation unit that generates sequential data. The network interface unit 23
It is an example of a sequential data transmission unit that transmits the sequential data to the server.

Furthermore, the above embodiment can be grasped as a program invention. That is, in the above embodiment, when displaying contents such as electronic books using a network, based on the authority of the viewer. A step of displaying or regulating the content by using the server; a step of encrypting a part or all of the content by the server;
A procedure in which the server transmits to the client a re-encryption key for re-encrypting the content in the client; a procedure in which the client decrypts the encrypted content received from the server; A step of displaying the decrypted content by the client, a step of re-encrypting the decrypted content, and a step of:
The procedure stored by the client and the sequential data
A step in which the client generates, the step in which the generated sequential data is transmitted to the server, and the step in which the server receives the sequential data received from the client,
When comparing with the stored sequential data and confirming that there is no inconsistency, the server stores the sequential data received from the client and a decryption key for decrypting the re-encrypted content. The server sends to the client, the server generates a re-encryption key to generate a re-encryption key, and the client uses the decryption key received from the server to perform the re-encryption. Re-decrypting, displaying, re-encrypting the encrypted content, transmitting the sequential data, and, on the other hand, repeating the process of transmitting the re-encryption key in the client by the server, and causing the computer to execute the procedure. It is.

The above embodiment is an example of a computer readable recording medium on which the above program is recorded. In this case, FD, CD, DVD, H
D, a semiconductor memory, and the like.

By the way, as means for transmitting the contents, attention is paid to a device for transmitting the contents to a person in an easily understandable manner, such as a layout of a paper or a book or structuring of the contents. A CyberBook that realizes the operation method is preferable. This Cy
By using berBook, the browsing method of “click and scroll” using a “browser” can be changed to a browsing method using “page turning” using a metaphor of a book, and the listability can be improved. In addition, the user can use the table of contents and index to search for the required content, and attach sticky notes to the page, which can improve the usability for beginners of personal computers.

The installation work is a great barrier for beginners of personal computers, and there is a need to redevelop and maintain software for various platforms. On the other hand, Java VM is adopted in Web browsers of various platforms, and the applet developed using Java does not need to be installed.
Java that can use conventional book-type content data in order to realize diversification of browsing methods using the web browser
The version CyberBook is preferred.

The use of the Java applet is useful not only for improving portability but also for ensuring security for the above-mentioned access restriction.

[0072]

According to the present invention, in a system for displaying contents such as electronic books using a network, the server restricts access such as permitting the display of the contents only a certain number of times or within a certain time. Is achieved.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an access-restricted content display system DS1 according to an embodiment of the present invention.

FIG. 2 is an access-restricted content display system DS1.
FIG. 3 is a diagram showing a content and a flow of an operation in FIG.

FIG. 3 is a definition of terms used in the description of the embodiment,
FIG. 3 is a diagram illustrating requirements for encryption.

FIG. 4 is a diagram showing the flow shown in FIG. 2 in a simplified manner, focusing on the flow of content in the embodiment.

FIG. 5 is a diagram illustrating an operation of encrypting content using common key encryption when encrypting the content when storing the content in the content storage unit 22 in the embodiment.

FIG. 6 is a diagram showing what effects are exerted on a replay attack and falsification in the embodiment.

[Explanation of symbols]

 DS1: Access-restricted content display system, 10: Server, 11: Content database, 12: Encryptor, 13: Control unit, 14: Key generation unit, 15: Key database, 16: Network interface unit, 20: Client, DESCRIPTION OF SYMBOLS 21 ... Decryption part, 22 ... Content storage part, 23 ... Network interface part, 31 ... Display part, 32 ... Decryptor, 33 ... Encryptor, 34 ... Control part, 35 ... Time information generation part, 36 ... Public Key (secret information).

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification code FI Theme coat ゛ (Reference) G06F 17/60 512 H04L 9/00 601B 601F (72) Inventor Toru Sadakata 2-Chome Otemachi, Chiyoda-ku, Tokyo No.3-1 Nippon Telegraph and Telephone Co., Ltd. (72) Inventor Hiroto Inagaki 3-1, Otemachi 2-chome, Chiyoda-ku, Tokyo F-term within Nippon Telegraph and Telephone Co., Ltd. 5B017 AA03 BA07 CA16 5B085 AA08 AE29 BA07 BG07 CA04 CA07 5J104 AA01 AA16 EA01 EA04 EA16 JA21 NA02 PA07

Claims (13)

[Claims] 1. A decryption key for decrypting encrypted content transmitted to a predetermined client and a re-encryption key for re-encrypting the decrypted content are transmitted to the client, and re-encrypted by the client. A server for transmitting, to the client, a re-decryption key for re-decrypting the content. 2. A server that displays or regulates content based on the authority of a viewer when displaying content including an electronic book using a network, wherein a part of the content or Encrypting means for encrypting the whole; sequential data storing means for storing predetermined sequential data; and sequential data stored in the sequential data storing means for receiving the sequential data received from the client. Storage control means for storing the sequential data received from the client in the sequential data storage means if there is no inconsistency; and re-encryption used when the client re-encrypts the content. A re-encryption key generation means for generating a key; and a transmission means for transmitting the decryption key and the re-encryption key to the client. In centrally, server and performs management of access limiting conditions. 3. The content decrypted by the decryption key received from the server is displayed and re-encrypted.
A client storing the re-encrypted content and receiving a re-decryption key for re-decrypting the re-encrypted content from the server. 4. When displaying a content including an electronic book using a network, a client that displays or regulates the content based on the authority of a viewer receives the content received from the server. A decryption means for decrypting the content using a decryption key; a display means for displaying the decrypted content; and a part or all of the content, using a re-encryption key received from the server. Re-encrypting means for re-encrypting; storing means for storing the re-encrypted content; sequential data generating means for generating sequential data; and sequential data for transmitting the sequential data to the server. Transmitting means; and a client. 5. A decryption key for decrypting encrypted content transmitted to a predetermined client and a re-encryption key for re-encrypting the decrypted content are transmitted to the client, and re-encrypted by the client. A server for transmitting a re-decryption key for re-decoding the decrypted content to the client; displaying and decrypting the content decrypted by the decryption key received from the server, and storing the re-encrypted content; And a client that receives a re-decryption key for re-decrypting the re-encrypted content from the server. 6. A server transmitting, to a predetermined client, an encrypted content, a decryption key for decrypting the encrypted content, and a re-encryption key for encrypting the decrypted content again; The client decrypting the encrypted content with the decryption key received from the server and displaying the decrypted content for a predetermined time; and the client re-encrypts the decrypted content. Encrypting and storing the re-encrypted content; and the server transmitting to the client a re-decryption key for re-decrypting the re-encrypted content at the client;
The client receiving the re-decryption key from the server device; re-decrypting and displaying the content;
A repetition step of repeating re-encryption, storage, and transmission and reception of the re-decryption key. 7. A method of displaying or restricting content based on the authority of a viewer when displaying content such as an electronic book using a network, wherein the server encrypts part or all of the content. The server transmits the encrypted content and a re-encryption key for re-encrypting the content at the client to the client; and the client decrypts the encrypted content received from the server. The client displays the decrypted content a certain number of times or within a fixed time; re-encrypting the decrypted content; Storing by the client; generating the sequential data by the client; Transmitting the ordered data to the server; and comparing the ordered data received from the client with the previously stored sequential data and confirming that there is no inconsistency. The server storing the sequential data received from the client; the server transmitting a decryption key for decrypting the re-encrypted content to the client; the server generating a re-encryption key The client re-decrypting and displaying the re-encrypted content using the decryption key received from the server, displaying, re-encrypting, and transmitting the sequential data; On the other hand, the re-encryption key in the client is
Repeating a process transmitted by the server; and displaying an access-restricted content. 8. The method according to claim 7, wherein in order to protect the sequential data transmitted from the client to the server, public key cryptography is used, and each time the client needs to authenticate the operating environment of the client, An access restriction characterized in that after receiving a different authentication module from the server and confirming the operating environment, the public key is received, and only a client in a valid operating environment can obtain the public key. Attached content display method. 9. The encryption method according to claim 7, wherein the sequential data is data composed of a current time and a communication number of a display permission communication, and the encryption calculated based on the sequential data. A method for displaying access-restricted content, wherein return data is encrypted using a key. 10. The method according to claim 7, wherein the encryption is a public key encryption. 11. The method according to claim 7, wherein the encryption is a common key encryption. 12. A procedure for displaying or restricting content based on the authority of a viewer when displaying content such as an electronic book using a network;
A procedure for encrypting part or all of the content; a procedure for the server to transmit the encrypted content and a re-encryption key for re-encrypting the content at the client to the client; and an encryption received from the server. Decrypting the content by the client;
A procedure in which the client displays the decrypted content for a predetermined number of times or within a predetermined time; a procedure in which the decrypted content is re-encrypted; and the client stores the re-encrypted content. A step of generating the sequential data by the client; a step of transmitting the generated sequential data to the server; and the server storing the sequential data received from the client. Comparing with the previous sequential data and confirming that there is no inconsistency, the server stores the sequential data received from the client; and a decryption key for decrypting the re-encrypted content, A procedure for the server to send to the client;
A re-encryption key generation procedure in which the server generates a re-encryption key; and the client re-decrypts, displays, and re-encrypts the re-encrypted content using the decryption key received from the server. , Sending the above sequential data,
On the other hand, a program for causing a computer to execute a procedure of repeating the process of transmitting the re-encryption key in the client by the server. 13. A procedure for displaying or restricting content based on the authority of a viewer when displaying content such as an electronic book using a network;
A procedure for encrypting part or all of the content; a procedure for the server to transmit the encrypted content and a re-encryption key for re-encrypting the content at the client to the client; and an encryption received from the server. Decrypting the content by the client;
A procedure in which the client displays the decrypted content for a predetermined number of times or within a predetermined time; a procedure in which the decrypted content is re-encrypted; and the client stores the re-encrypted content. A step of generating the sequential data by the client; a step of transmitting the generated sequential data to the server; and the server storing the sequential data received from the client. Comparing with the previous sequential data and confirming that there is no inconsistency, the server stores the sequential data received from the client; and a decryption key for decrypting the re-encrypted content, A procedure for the server to send to the client;
A re-encryption key generation procedure in which the server generates a re-encryption key; and the client re-decrypts, displays, and re-encrypts the re-encrypted content using the decryption key received from the server. , Sending the above sequential data,
On the other hand, a computer-readable recording medium in which a program for causing a computer to execute a process of transmitting the re-encryption key in the client by the server is repeated.