JP2003150873A - User certification system and system using it - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve a problem that a prevention of a sale copy of various contents exists from conventional, in a sale of a network of digital contents (partly including CD-ROM), a user certification system for confirming whether or not a user is a correct user for a predetermined period of time or every at a predetermined interval and a good system for solving a problem that an accounting is carried out corresponding to a period when the user utilizes an electronic information or an incorrect utilization of a person other than the correct user is prevented do not exist. SOLUTION: For the above object, in the user certification system, a user certification means for confirming the user every at a predetermined interval and a resulting means for controlling a function are provided at an electronic information sold. More preferably, for the certification, a case that the certification is confirmed by accessing to a site and a case being not the above case that a confirmation means may be provided exist. When the judgment of the user is not required, for example, a continuing of an accounting, a check method which is not conscious for the user is preferable and such the method is provided.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for selling / renting / providing contents (including all things that become electronic data such as software, music data, image data) in a volume convenient for the user. The present invention relates to a user authentication system and a system using the same, which are used in a sales / rental system that enables purchase / rental of electronic information.

Definitions of characters Purchasers, customers, users and members described in the specification and figures are synonymous with customers for the purpose of using the contents. The programs, transmission lines used for exchanging data, networks, and the Internet described in the specification can transmit digital data, and also have various types of digital data that are interactive with each other. Broadcast and wireless shall be included.

[0003]

2. Description of the Related Art Conventionally, Japanese Unexamined Patent Publication No. 2000-293368,
As disclosed in JP-A-11-27257 and the like,
When selling information that can be copied, such as software, sell a product that has a copy guard function to prevent copying, and incorporate a mechanism to authenticate whether or not you are an authorized user so that you cannot use illegally copied software. However, there are a number of proposals for mechanisms for selling products. For example, with respect to the copy guard function, it is known that the count is increased when copied, and the program is created so as to stop when the copy is performed a predetermined number of times or more. The copy guard is sold as a set together with the software for generating a specific encryption key together with the software. Although it does not have the hardware, it does not operate normally unless a medium for providing the software such as a CD-ROM is set. It is known that it has been created in.

[0004]

In order to achieve the above object, the user authentication system according to claim 1 of the present invention comprises:
It is characterized by having a judging means for judging whether or not the user is an authorized purchaser of the content by periodically checking the authentication data issued at the time of purchase.

According to a second aspect of the invention, the judging means is
First determination means for accessing the authentication server via the network for each first predetermined time and determining whether or not the user is an authorized purchaser; and a second predetermined time shorter than the first predetermined time, or
The second determination means for determining whether or not the user is an authorized purchaser at the start of using the purchased content is provided.
User authentication system described.

The invention according to claim 3 has means for issuing authentication data to a legitimate purchaser and periodically confirming the authentication data when purchasing content that can be purchased using a communication channel. A user authentication system for electronic information, characterized in that

According to a fourth aspect of the present invention, the management server for managing the authorized purchaser is provided, and the confirmation is made at every first predetermined interval by the authentication program used together with the sold usage contents. First confirm
The user authentication system according to claim 3, further comprising an authentication unit and a second authentication unit that performs authentication at a different interval from the first predetermined interval by a method different from that of the first authentication unit.

According to a fifth aspect of the present invention, the user authentication system according to the fifth aspect, wherein the second authentication means performs confirmation by using information for storing the content in the utilizing device.

The invention according to claim 6 is characterized in that the first predetermined interval is set for each expiration date of the purchased content or for each shorter time period.
The user authentication system described in 5).

The invention according to claim 7 is an authentication program for achieving the authentication system according to any one of claims 1 to 6.

According to an eighth aspect of the invention, there is provided a content sales system which uses the authentication system according to any one of the first to sixth aspects and sells the content for each predetermined period.

[0012] A ninth aspect of the present invention is a content lending system which utilizes the authentication system according to any one of the first to sixth aspects and lends content in predetermined time units.

The invention according to a tenth aspect is a system having an authentication means for authenticating whether or not a site is a regular purchaser of the site at a site for accessing, selling, renting or providing contents through a network, every predetermined period.

In the invention according to claim 11, the authenticating means accesses the authenticating server via the network every first predetermined time, and determines the authentic member. 11. The system according to claim 10, further comprising a second determination unit that determines whether or not the user is a regular member when a second predetermined time shorter than the predetermined time or when the user starts using the system.

According to a twelfth aspect of the present invention, the site is
An authentication server and a server that manages content provided to members are provided, and the authentication server manages whether a member is a member or not according to billing information of the member and determines whether the user is a new user, a regular user, or a past user. The operation of controlling the content provided to the content server is controlled.
The system described.

According to a thirteenth aspect of the present invention, the content server provides online content provided online and offline content that is sold out or provided offline. Regarding the online content, the content server connects to the authentication server when the content server is connected. Also has a third judging means for judging whether the user is an authorized user or not, and in the case of offline content, an authentication program constituting the first and second judging means is provided so that the user can use the offline content offline. 13. When performing, the system according to claim 12, wherein the first authentication means or the second authentication means is activated according to the counter of the user use terminal.

According to a fourteenth aspect of the present invention, the second determination means comprises an authentication program embedded in the content and an authentication program provided in other than the content.

According to a fifteenth aspect of the present invention, the program embedded in the content of the second determination means activates a program outside the content and performs authentication without the user's knowledge. 14. The system according to 14.

The invention according to claim 16 is the system according to claim 11, wherein the second judging means has a time measuring means for checking the clock counter built in the personal computer on the user side and measuring a predetermined time according to the count number. .

For example, software such as NIFTY's personal computer communication software Nifterm (product name) is provided for members only for software for communication, that is, products used only in a specific environment. However, this does not check whether it is a regular user of the software, although it is checked whether it is a member at the beginning of communication, but rather a service that can be received by regular users such as version upgrades that are performed at any time. I was only asked if I could accept it. Therefore, if this communication software is a product that cannot be used by others by the member ID if the user agrees to start using the communication service, it is, so to speak, specific electronic information that does not need to identify the user on a regular basis. , Did not need a certification program.

The present invention pays attention to such a problem, provides a user authentication system for confirming whether or not the user is a regular user at predetermined intervals or at predetermined intervals, and also according to the period during which the user uses the electronic information. It is intended to provide a system capable of charging or preventing unauthorized use by unauthorized users.

[0022]

Embodiments of the present invention will be described. The described embodiment is roughly classified into an online site system for contents provided online (first
Embodiment) and a sales site system for offline content of software that can be used without connecting to a site for a relatively long period (second embodiment).

First Embodiment: Online Site System The first embodiment relates to a system for contents provided online. FIG. 1 is a schematic diagram of the connection relationship between the site and the user PC of the present invention. In FIG. 1, the online site system is composed of the server A1 of the site A of FIG. 1 and the member authentication server A2. The site A is connected to the personal computers of the users Y1 and Y2 via the Internet.

FIG. 2 is a block diagram showing the structure of the site A, and FIG. 3 shows the structure of the personal computer of the user Y1. 2 and 3, the control units A12, A22, Y1
Reference numeral 2 denotes a CPU of each computer, a cache for assisting them, a VRAM, a display control unit, and the like. The memories A13, A23, and Y13 are primary write areas. RAM, A14, A24, and Y14 are the Internet or It is a communication part that exchanges data with each other, and the types of wireless, wired LAN, dial connection, and leased line are not limited. In addition, the data storage unit A1
1, A21 and Y11 each have a storage function for recording necessary information, and in addition to HDD, CD,
Data may be stored in a medium such as MO. Further, although the display unit Y15 and the input unit Y16 are disclosed only to the user's personal computer, it goes without saying that there is no problem even if they are connected to the server side. Details of the information stored in each data storage unit will be described later.

In the system of the first embodiment, site A
Is an Internet site that provides a plurality of membership-based online contents, and is a site where users can freely use a plurality of contents on the site A after paying a certain monthly membership fee. Therefore,
It is necessary to build a mechanism to provide services only to regular users who have paid the monthly fee. This example shows an example of the mechanism.

Servers A1 and A2 constituting the site A,
Taking the user Y1 as an example, the flow of the site A, user registration, use, billing information confirmation, and member authentication will be described. FIG. 4 schematically shows the communication flow of the site A. As shown in FIG. 4, when the site A receives the information accessed via the Internet, the site A divides the information into certain information units and performs the information receiving process (S1).
00). From the received information, the type of the information is specified, and processing according to the type is performed.

For example, first, the control unit A12 of the server A1
By the program expanded on the memory A13,
It is determined whether or not the information from the communication unit A14 is HELLO packet information (S110). If the information is a HELLO packet, the process is sent to S111. If not, the process is sent to S120. H
The ALLO packet is information indicating that the user has already been authenticated as a legitimate user and has started or is using one of the contents (A, B, C).
In 11, the information which is considered necessary for the user Y1 according to the used contents (A, B, C) is taken out from the data storage unit A11 and is combined into a transmission packet according to the packet capacity of one time, and the communication unit A14 Send from (S1
12). Therefore, if one transmission packet is not enough, S100-S112 is repeated every time a HELLO packet from the user Y1 is received.
The information necessary for the usage content is transmitted to the personal computer of the user Y1.

On the other hand, the control unit A12 determines HEL in S100.
If it is determined that the packet is not an LO packet, in S120, Si
It is determined whether the packet is a gn packet. The Sign packet is
It means a packet indicating that the user Y1 is requesting authentication as to whether or not the user is Y1. Therefore, the control unit A
When 12 determines that the packet is a SIGN packet in S120, the control unit a12 requests the member authentication server A2 from the content server A1 for user authentication. Control unit A of server A2
The communication unit A1 22 receives the authentication request signal from the server A1.
4, received via A24, and compared and collated with the authentication 211 stored in the data storage unit A21 to perform user authentication. The SIGN packet processing (user account authentication processing) in S121 will be described later with reference to FIG.

Upon completion of the SIGN packet confirmation processing in S121, the control unit A22 returns an account packet to the effect that it is an authorized user to the server A1 in S122, and is transmitted from the server A1 to the user Y1. As a result, the personal computer of the user Y1 can confirm that it has been recognized as an authorized user, and the user Y1 can perform the following operation, for example,
You can start using the content or continue using it. The SIGN packet is for the user Y1.
Even if the user is a legitimate user, a SIGN packet is transmitted at a certain timing not only at the start of content use but also by the user side authentication program, and it can be confirmed whether or not the user is a legitimate user. Details will be described later.

Further, the control unit A12 of the server A1 is
When it is determined that the packet is not the SIGN packet in S20, S130
Then, in S130, it is determined whether the packet is a charging packet. If the charging packet is not the charging packet in S130, the control unit A12 determines that the received information is not normal, performs error processing (not shown), and returns to the information waiting state. If the control unit A12 determines in S130 that the packet is a charging packet, the control unit A12 transmits a charging information confirmation command from the server A1 to the server A2 in S131, and the control unit A22 of the server A2.
Confirms the billing information of the user Y1 from the billing information data 212 stored in the data storage unit A21. The control unit A22 returns the confirmation result to the server A1 in S132, and the server A1 transmits the confirmation result to the personal computer of the user Y1 as a charging information packet. As will be described later, if the transmitted billing information (billing information packet) indicates continuation, the control unit Y12 of the personal computer of the user Y1 judges that the billing continuation state, that is, the legitimate user, and as it is,
Perform the following work. If the billing information is NG, determine that the billing has been stopped, that is, the user is not recognized as an authorized user, prohibit the use of site A, and update the billing information as the case may be. Encourage.

Next, a description will be given from the viewpoint of the user Y1. When the control unit Y12 of the personal computer of the user Y1 operates the input unit Y16 to instruct access to the site A by clicking the site A found by searching with the search engine using the browser software in the personal computer. , The menu 112 of the content server A1 and the demo contents A, B,
C can be seen, and the user Y1 determines whether to use the site A1 displayed on the display unit Y15.
Of course, Site A only has temporary user registration,
You may want to be able to experience the demo. In that case, only the menu 112 can be viewed. Then, the user Y1 determines that he / she wants to use the site A, operates the input unit Y16, and clicks the member registration button of the menu 112 (the screen configuration is not shown). According to the communication flow of FIG. The communication process with the server A1 is started.

The case where the user Y1 registers for the first time will be described. When the click is performed, the server A1 processes the user account as a part of the user account process. Therefore, the transmission packet transmitted to the server A1 is SIGN.
The packet becomes a packet, and the server A1 sends the packet to S10 shown in FIG.
After 0, S110, and S120, user account authentication processing is performed in S121.

FIG. 5 shows details of the user account authentication process. In FIG. 5, the server A1 determines whether or not it is a registered user in S210 from the received SIGN packet. At this time, the user Y1 is the first registration, and is naturally not the registered user and is sent to S221 in the process of S220.

In step S221, the server A1 confirms the presence or absence of user information in the SIGN packet from the user Y1.
Of course, there is no user information in the transmission packet that has just been clicked on the register button, and the control unit A12 of the server A1
In S221, of course, is sent to the user information request of S224. In step S224, the control unit A12 creates a transmission packet of the user information registration screen and transmits it to the personal computer of the user Y1.

The PC of the user Y1 inputs the user information using Y16 in accordance with the input format created and transmitted in S224. The information to be input is an account for billing, an account for identifying a user, an email address, or the like. If this registration is temporary registration, that is, a trial, the account is issued, but it is not necessary to input the charging information, and if the charging information is not input, the user becomes a temporary registration user. Of course, when processing such as changing the screen between the temporary registration and the main registration is performed, the items input by the user may be changed accordingly.

When the user Y1 inputs the user information and sends the information to the server A1, the SIGN packet contains:
The input user information is transmitted in the form of being included, and this information-attached SIGN packet is sent by the control unit A12 of the server A1 to the process of S221 via the above-described S210 and S220, and the control unit A12 determines in S221. , Unlike the previous time, since the user information is included, it is sent to S222.

In S222, the control section A12 collates the account data and confirms whether there is another user with the same account. Here, although not in the flow of FIG. 5, of course, if there is a matching account, the user is asked to select another account, and the task of specifying the account is repeated. When the account is specified in S222, the A12 transmits the specified account data and the billing data of the user Y1 to the server A2. Server A2
In the control unit A22, the transmitted account data and the charging information of the user Y1 are stored in the data storage unit A21, and the account of the paying financial institution is confirmed from the charging data. This account confirmation is made by joining an account confirmation system (not shown) at the site A and checking it there, and a description thereof will be omitted. Of course, in this confirmation, if the account cannot be used, another account is set for the user Y1.
Repeat the interaction so that you can instruct me. When the billing data is confirmed, the server A2 returns a check OK signal to the server A1, and the server A1 checks OK.
Is confirmed (S222), a registered user packet including message data indicating that user registration has been completed is created and transmitted to user Y1 (S223). At this time, server A1
Simultaneously transmits a user authentication program, which will be described later and is distributed to the users of the site A.

When the user Y1 receives the registered user packet and the message is displayed on the display section Y15, the content of the site A can be used. User Y1
When using the member-only content of site A1,
First, click the address, bookmark, or favorite that is linked to the menu of the member-only site registered in the Internet browser, etc. to order the connection. At this time, the authentication program previously distributed to the user is started up, and thereafter, while using this authentication program, the member-only contents of the site A are used.

FIG. 6 shows a flow of user authentication and billing information confirmation on the user Y1 side using this authentication program. User Y1 is on site A menu 112
If you select the member-only menu from the
Check whether the user program has been downloaded to C. If the user program is not downloaded, even if it is a regular member, it will be used on a machine different from the personal computer at the time of registration, so send it to 3 for user registration processing. At this time, since the user has already been registered once, the process is ended by downloading the user program to the personal computer of the user Y1, so that it does not take much time.

When the site A1 confirms in S300 that the user Y1's personal computer has the user program, it automatically starts the user program. After that, the contents use service of the member is provided while confirming whether or not the user is an authorized user and the billing information by using the user program. Regarding content usage, if you are recognized as a member in the flow described later, HELLO
This is done by sending the packet to site A1. That is, the personal computer of the user Y1 is the main user program and sends a HELLO packet to the site A1.
Based on FIG. 4, the site A1 sends back the content data when the HELLO packet is received, requests the billing information from the A2 when the billing packet is received, and sends back the billing information. The following is a description of the flow of checking whether or not the authorized user of the user program is active, including the exchange of the billing information.

In the case of the first use after downloading the user program, when the user program is started, the predetermined time 1 is set based on the accounting information of the user Y1 and it is confirmed whether or not the predetermined time 1 is exceeded (S310). .
In S310, the predetermined time 1 is not set for the second and subsequent accesses. The predetermined time 1 is set to a sufficiently long time. For example, when registering as a user, if it is agreed with a monthly contract, a time of one month or several months is set, and if an annual contract is possible, it may be half a year or one year, depending on the billing information. Is set.
Therefore, in the case of a contract that allows access for up to 100 hours even though it is set time 1, the predetermined time is the difference between 100 hours set by billing and the total time connected until now. As they are compared, they do not necessarily match the time on the calendar. In S310, it is configured to compare, according to the contract period, whether or not the count value calculated from the time counter embedded in the user personal computer for the contract time has been reached. This is to prevent the user from resetting and using the clock of the personal computer.

Here, it is assumed that the charge is a fixed amount contract for one month, and the set time 1 is two months. In the case of the first use, in S310, since the set time 1 is not exceeded, it is sent to S330. In S330, the billing information stored in the user personal computer, that is, in the user program, is to check whether or not the member is a member by checking the flag indicating whether or not the member is continuing.
This billing check is performed at the time of the last billing information check.
The billing information sent from the server A2 is recorded in the personal computer of the user Y1 and the recorded data is confirmed at the time of checking. Therefore, just because the billing information is not real-time billing and OK in S330 does not mean that the billing is currently OK.

At S330, the billing information is normal when the user is using the service for the first time, and the member is a member.
315 will be sent. Here, if the billing information is not normal, for example, if it is used on another personal computer, S31
1 and inquires of the charging information to the server A2. When the user Y1 is sent to S315 by the user program, the user Y1 sends a SIGN packet, and the user Y1 makes a login request to the site.

The site A1 receives the SIGN packet, checks whether or not the user Y1 is a member according to the flow of S100 and S120 to S122 shown in FIG. 4, and if Y1 is an authorized user, logs on. Returns an account packet that includes the information to allow. User Y1
When receiving the account packet from the server A1, the user program of the personal computer (1) checks the contents of the account packet in S316, and if the logon is permitted,
Send to S317. If the content of the account packet is not permitted, the user program displays on the display unit Y16 that the account packet is not permitted, and asks the user Y1 to confirm whether or not to update the charging information. The process moves to the information update packet transmission flow S340.

In step S317, the user logon is permitted in step S316, so that the content to be used is selected from the content menu, a HELLO packet is created, and the packet is transmitted.
When the site A1 receives the HELLO packet from the user Y1, it can recognize that the user has already been authenticated, and S3
At 18, the data necessary for using the content is returned to the user Y1. Then, the user program of the user Y1 uses the received data in S318,
While executing the content, it is confirmed in S319 whether the predetermined time 2 has been exceeded. This predetermined time 2
Is considerably shorter than the above predetermined time 1, for example,
Once the time is set to once per hour or once a day, and when the set time exceeds 2, the billing information in the personal computer is automatically checked to see if the user is an authorized user.
By the check in S319, it is possible to restrict the use by illegal copying. For example, even if the content itself is illegally obtained, it is difficult to continue to use the content unless the user is confirmed to be a legitimate user by closely checking the billing information of the user program other than the content. Yes, it is possible to sufficiently prevent illegal copying and unauthorized use.

When the predetermined time 2 is not exceeded, S32
At 0, it is confirmed whether or not the user Y1 has instructed to suspend the use of the content.
The process from S18 to S320 is repeated, and the transmission and reception of the HELLO packet necessary for the used content are repeated.

Returning a little, the flow will be described. User Y
The user program No. 1 has a predetermined time 1 in S310 of FIG.
If it exceeds the value, in S311, a billing confirmation packet is transmitted in order to obtain the billing information in the server A2. Server A1
When receiving the charging information confirmation packet, the server recognizes the charging information in S130 via S100 and S120 as shown in FIG. 4, and confirms the charging information in S131. The charge check will be described later. Here, the server A1
Requests the server A2 to check the billing information in S131, the server A2 checks the billing information, and returns the billing result to the server A1. When the server A1 receives the billing check result, in S132, The packet of the charging check result is transmitted to the personal computer of the user Y1.

The user program of the personal computer of the user Y1 waits in S312 of FIG. 6 until the result packet is received, and then, in S313, it is confirmed whether or not the billing information in the server indicates continuation. If the received packet information indicates continuation, the user program sets 1 for a predetermined time.
To update. Since the predetermined time 1 is set according to the billing information in the server A2, if the user Y1 exceeds the previous predetermined time 1 in the flow of S310 in November, for example, the predetermined time is set in January of the following year, two months later. Set and update the time. This setting update is convenient if the billing information in the personal computer is also rewritten at the same time.

On the other hand, the user program is
When the content of the received charging packet is checked and the information indicating that the charging is stopped is received, it indicates to the user Y1 that the charging is suspended, and in S340, a charging update packet for restarting the charging is transmitted. When the site A1 receives the charge update packet, the site A1 exchanges the charge information between the server A2 and the user Y1 and sends the update result to the user Y1.
Reply to. Upon receiving the returned result in S341, the user program updates the billing information in the personal computer in S342 and resets the predetermined time 1 based on the updated billing information.

After updating the billing information in S314, the user program sends the billing information to S315. Since S315 has been described above, it will be omitted below.

Next, the flow of checking and updating the billing information will be described with reference to FIG. When updating the charging information or requesting confirmation, the user program creates and transmits a charging packet. When the server A1 receives the billing packet, the server A1 determines that it is a billing packet in S130 and processes the billing packet in S131 according to the flow shown in FIG. FIG. 7 shows the details of the processing.

Upon receiving the billing packet, the server A1 sends the billing packet to the server A2 to request the processing. The server A2 first confirms in S400 whether or not the user is a registered user. The charging packet has information as to whether the packet is a registered user or a provisional registered user. Judgment is made based on the presence or absence of the flag. If the packet is a registered user, it is sent to S410, and if it is not a registered user, it is sent to S420. The process of the temporarily registered user will be described later.

When the server A2 confirms that the user Y1 is a registered user in S400, the server A2 determines whether or not the charging information is updated in S410. In the case of updating the charging information, S411
At, the charging data 212 stored in the data storage unit A21 is changed according to the charging data transmitted by the user. The billing data sent by the user Y1 corresponds to extension of the contract period, suspension of primary use, cancellation, etc., but here it means extension of the contract. Then, the charging data is automatically updated so as to extend the period of being a regular user, and in S412, the update result data is returned to the server A1. The server A1 returns the communication result data from the received update result data to the personal computer of the user Y1.

Upon receiving the reply data, the user program of the personal computer of the user Y1 updates the billing information in the personal computer or resets the predetermined time 1 according to the flow shown in FIG. Also, the server A2 uses S4
If the charging information is not updated in step 10, S41
3, the charging data 212 from the data storage unit A21
Is read, and confirmation of continuation and cancellation is sent and the confirmation result is returned (S414).

Although it depends on the form of the user contract, in the case of automatic renewal unless the user withdraws monthly, the update of the billing data of the user Y1 is mostly due to delay in payment, withdrawal from membership, and suspension of primary use. Therefore, it is more appropriate to increase the flow of checking the billing information than to update the billing information. Also,
In the case of a temporary registration user, if the temporary registration user has a fixed period of use free of charge, the user program will check the chargeable time even if it is called billing information. Therefore, when the server A2 receives the charging packet from the temporary registration user, the server A2 confirms that the request is from the temporary registration user in step S420 via step S400, and sends the request packet to step S421. The server A2 compares the expiration date information defining the free use time in S421 with the numerical value of the clock counter in the personal computer of the temporary registration user sent from the user. As a result of the comparison, if it is within the valid period, it is valid, and if it has passed, information such as urging registration or notification of suspension of use is returned as a result packet.

The server A2 registers the non-user as a non-user because the temporary registration user who manages the temporary registration user loses the right of the temporary registration user after the expiration date. Since an unauthorized user or a user whose temporary registration has expired is not recognized as a temporarily registered user in S420, it is sent to S430 and a packet is sent to the non-user who has accessed the information indicating that the user is in an unauthorized state, and a packet prompting registration, etc. To reply.

As described above, the system according to the first embodiment is configured to confirm whether or not the user is a legitimate user with the concept of time when forming a service that provides online contents to members so that they can be used. Even if an authorized user accesses another personal computer, the user program is sent to the personal computer to check the billing information. Even if the billing information is not checked every time the user accesses the billing information, By checking, it is possible to prevent unauthorized use of member content for a long period of time, and to check it every time you access it, you can check the work and put a communication burden on both the server and the user. Absent.

That is, according to the present embodiment, since there is no opportunity to go to the server A2 to check the charging information for a time shorter than the set time 1, there is a possibility that the server A2 may be illegally used, but while avoiding charging for a long time. Since the user cannot use it, if the user wants to use it for a predetermined period of time 1 or more, the charge information must be updated in the end, so that an inexpensive charge check system can be constructed.

Further, since the charging state is confirmed by the data in the personal computer in the set time 2 and in a time shorter than the predetermined time 1, the program considered necessary for using the online content is copied in the initial stage after the authentication. Even in such a case, it is possible to prevent the use for a predetermined time of 2 or more. Therefore, it is possible to construct a system without providing an advanced copy guard function, and to prevent communication traffic from deteriorating when using contents by repeatedly communicating with the billing server A2 or the server A1. You can

In the above embodiment, the use of the site A is charged regardless of the number of contents, and the predetermined time 1 is set to 2 months. However, when a plurality of contents are provided, the contents may be set for each content provided by the system, or the contents may be divided into categories and the charging and time management may be performed for each of the contents.
If a certain content is used for a long period of time, it may be set to a longer time, and if the short-term use is main, short-term or prepaid billing may be used.

If there are many contents themselves or there are many contents that require frequent communication with the user, use a plurality of server computers.
The site A1 may be configured, and the same applies to the authentication server A2. Also, the user program is described as being simply downloaded to the user's personal computer and automatically started when accessing the site A. However, if this user program is also copied and used together with the content, it will take a predetermined time. The account data and the billing information may be saved as a separate file or embedded in another shared file because the account data and the billing information may be illegally used for one period. The user program itself may be generated in a separate file, for example, in the form of DLL software of a computer system and used. In this case, unless the user is at a considerable technical level, it is difficult to find the user program and update the billing information and the account illegally.

Next, the second embodiment will be described. Software sales system

The present sales system corresponds to a system for selling offline contents or managing users. The offline content means software that can be used without accessing the server as compared with the online content of the first embodiment. As shown in FIG. 1, the sales system includes a sales site server A3, a user authentication server A2, a user terminal Y1 and a communication network connecting them.
For example, it is composed of the Internet.

The configuration of the sales server A3 is the server A of FIG.
Although it is almost the same as 1 and is not shown, only the numbers will be replaced in the description. That is, the server A3 includes a data storage unit A31, a control unit A32, a memory unit A33, and a communication unit A3.
4 and is connected to the server A2 via the communication unit. The sales site server A3 prepares a user authentication program in addition to the offline content D to be sold.

The user Y1 accesses the sales site A from the personal computer through the Internet, and the software D
To buy. It is assumed that the user purchases this software D because he wants to use it for two years. User Y1
Acquired the right to purchase and use this software D for a period of two years. At the time of sale, the site A3 downloads and sells this software D, and simultaneously downloads a user program for user authentication. At that time, the user program is set to download for a set time 3 which is shorter than the time of two years.

The operation of the user program at the site A3 and the user Y1 in this case will be described with reference to FIGS. 8 and 9 and FIGS. 2 and 3 for reference of the configuration. FIG. 8 shows the operation of the servers A3 and A2 at the site A. FIG. 9 shows the operation of the user program. The user Y1 accesses the site A in order to purchase the content D to be sold on the site A.

Since the site A cannot purchase contents unless it is a member (free), first, a registration packet is transmitted in order to register as a member. As shown in FIG. 8, site A3
Performs packet reception processing when receiving a packet from the user Y1. The control unit A32 of the server A3 uses S510.
Then, determine the type of packet, and if it is a SIGN packet, S
511, otherwise send to S520. S5
Also at 20, it is confirmed whether the packet is a purchase packet. in this case,
The registration packet is neither, so in S520, S
It is sent to 530, and a regular user confirmation process is performed in S530.

In the regular user confirmation process, the server A3 transmits a registration packet to the user authentication server A2 in S530, and the server A2 performs the user registration process. After registering the user Y1, the server A2 returns a registration completion packet to the user Y1 via the server A3, and ends the process. The user Y1 accesses the server A2 of the site A again by using the registered user account, and executes SIGN.
Send the packet to server A3. Server A3 is SI
When the GN packet is received (S500), again S51.
At 0, the SIGN packet is identified, and at S511,
User Y1 user account approval processing is performed.

When the server A3 authenticates the user, the server A3 confirms the presence / absence of the user program with the user Y1. If the user program does not have the user program, the user program is downloaded. In this case, if this is the first purchase, user Y
1 does not have a user program, so download it. The user program will not be downloaded from the second content.

When the user program is downloaded, the server A3, in turn, activates the user program on the personal computer of the user Y1 and transmits an account packet to the user Y1 so that the user program can recognize the information of the authorized user. .

As a result, the user Y1 can access the purchase screen and click to send a purchase packet. Upon receiving this purchase packet, the server A3 sends it to S521 in S520, and confirms whether the purchase content has been selected (S521).
If not, the contents selection is waited in S531.
When the purchase content is determined in S531, the purchase price of the content is notified to the user in S532, and the server A2 is requested to perform the charging process. When the accounting process is completed by the server A2, the user Y1 is notified that the accounting process is completed (S533).

When the user program of the user Y1 receives the charge processing result packet, it checks whether the charged content has already been downloaded, and if not, sends a purchase packet to the server A3. Since the transmitted purchase packet also determines the purchased content D, that is, the selected content D, the server A3
In S521, the content is transmitted to S522, and in S522, the purchased content is resized to the packet size and the download packet is transmitted to the personal computer of the user Y1 (S52).
2). The server A3 transmits the data until the download is completed (S523), and when the download is completed, the server A3 transmits an end message to the user and records the purchased content as purchased in the user program.

FIG. 9 shows the operation of the user program. When the user Y1 uses the content D downloaded from the server of the site A, the user Y1 clicks the content (S600), and the content D confirms whether the content user is the user or not. The presence or absence is confirmed (S610).
If the user program has not been installed, there is a high possibility that the user is not a legitimate user, so the user Y1 is notified (S63).
1) Then, the user registration process is continued. In this case, since the authorized user, the user Y1, wants to use the content D, the user program has already been installed and is transmitted to S611. The content D is S621.
Then, start the user program, and the user program
It is confirmed whether the content D has been purchased (S61).
2).

At the time of purchasing the content D, the purchased flag is updated in the user program, so it is determined that the user program has been purchased. If not purchased, user Y
1 is notified (S631), but if it is determined that S612 has been purchased, it is sent to S613. The user program confirms whether the predetermined time 3 has elapsed. This predetermined time 3 is an indefinite period at the time of purchase for offline content, or a long period (for example, 3
Even if (Year) is selected, it is set in a shorter period of time, for example, 3 months, and is set at the time of purchase or renewal based on the purchase date and time. If it is confirmed in S613 whether or not the predetermined time 3 has been exceeded, if the user Y1 who has just purchased, S614
Will be sent to and will be authenticated on the computer. For example, a mechanism that allows the user to enter a password may be used. When the user is authenticated, the content D can be used for the first time.

Here, although the description is omitted, as described in the first embodiment, after S615, the user program is provided with a program for user approval at a time interval shorter than the predetermined time 3. A mechanism that prevents unauthorized use even after starting may be used. In addition, when the content D is used for several months, the user program executes S6.
In step 13, the predetermined time 3 is compared with the purchase date, and if it exceeds the predetermined time, it is sent to S621. In S621, the content D is activated and made available, and in the background, a SIGN packet is transmitted to the site A for access, and user authentication is performed in S622. When it is confirmed by the user authentication that the user is an authorized user, the predetermined time 3 is updated. It should be noted that if the user authentication fails in S622, although not shown, it may be sent to S631 to notify the user and perform the user registration process, for example.

Next, the content D is, for example, user Y.
A case where the data is copied from No. 1 to the user Y2 will be described. Since the user Y2 has not registered as a user in the site A, when the copied content D is started, the user program does not start in S610.
Is notified, and the user Y2 cannot use the service unless he stops the use or accesses the site A to register the user. Even if the user program is also copied, the user is not authenticated because the user is authenticated by accessing the site A periodically, that is, every time the predetermined period 3 is reached. Therefore, it is possible to prevent unauthorized use for a long period of time.

Since the user program can be started in a few seconds, the user program can be operated without making the user aware that another program is running. That is, the operation may be performed without displaying it on the display unit Y16 of the user Y1. In the above-mentioned embodiment, although no specific method of charging is disclosed, for example, it may be transfer of a transfer form, credit payment, or electronic money payment, and should not be limited. Absent. For example, if it is electronic payment, it can be immediately debited and the result can be sent and notified, and if it is monthly usage payment, server A
For item 2, it is sufficient to make payment once a month and reflect the result in the billing information.

In the first and second embodiments, the predetermined time periods 1 and 3 are explained as if they are fixed. However, for example, depending on the charging method or the past record of settlement. The period may be changed accordingly. The same applies to the predetermined time 2.

Although the first embodiment and the second embodiment have been described separately, the site A is the server A as shown in FIG.
It is also possible to handle both online content and offline content at the same time by configuring with 1, A2 and A3. In this case, if the user program is compatible, the predetermined time may be set or the type of the transmission packet at the time of updating with the server may be controlled according to the content used, or the user program may be provided separately. Good.

When an authorized user uses online / offline contents on another PC,
When multiple people use a computer at work, etc.,
If the user program manages the user's account and password, one user program can be used for each device, and in the case of multiple devices, use by multiple devices depending on the content used. It is also possible to set whether to serve as content that can be downloaded or whether to charge for each device. For example, if the first device is 2000 yen and the second device is 2500 yen as the monthly usage fee, even if there are multiple devices, only the usage month needs to be charged 500 yen separately.

In the case of charging for each content, the user may be notified and charged when using a personal computer that has not been downloaded. When the site A is accessed and used by another person's personal computer, setting the setting time 1 to be short can not only restrict the use by another person but also have the effect of promoting the site A to another person. Further, in that case, when the user Y1 accesses the server A after the second-generation setting time 1 has passed, it is configured to confirm whether or not the continuous use is permitted for the use by another person's personal computer as the billing information. By doing so, long-term unauthorized use can be restricted.

When used by an individual user, at most, it is considered that there is only one device in the environment for two personal devices, and it is possible to have a corporate contract for more than that. In the case of a corporation, the usage status of each person may be directly received from the site A, or the usage status details for a corporate personal computer may be sent to the individual user program for management.

Further, in the embodiment, the content is downloaded via the electric transmission line, but it may be distributed by a CD-ROM. If the user recognition program check is included in the content to be distributed and instructed, the same processing as the above example can be performed.

[0084]

As described above with reference to the embodiments,
Since user authentication is performed every predetermined time, users are required to use electronic contents without paying special attention to the contents and without frequent communication to confirm user information. It is possible to charge as.

[0085]

[Brief description of drawings]

FIG. 1 is a conceptual diagram showing a connection state of a system of the present invention.

FIG. 2 is a block diagram showing a configuration of a site A according to the first embodiment.

FIG. 3 is a block diagram showing a configuration of a personal computer of a user Y1 according to the first and second embodiments.

FIG. 4 is a flowchart showing a communication flow of a site A of the first embodiment.

FIG. 5 is a flow diagram showing a flow of a SIGN packet of the site A of the first embodiment.

FIG. 6 is a flowchart showing a flow on the personal computer side of a user Y1 according to the first embodiment.

FIG. 7 is a flowchart showing a charging process of site A according to the first embodiment.

FIG. 8 is a flowchart showing a flow of a site A of the second embodiment.

FIG. 9 is a flowchart showing a flow of a user Y1 according to the second embodiment.

[0086]

[Explanation of symbols]

A: Example site A A1 ... Online content server of the first embodiment A11 / Server A data storage A12 / Control unit of server A1 A2 ... User authentication server of the first and second embodiments A21 / Server A2 data storage A22 / Control unit of server A2 A3 ... Offline content server of the second embodiment

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) G06F 15/00 310 G06F 15/00 310A F term (reference) 5B017 AA06 BA09 BB00 CA15 CA16 5B085 AE01 BA07 BG07

Claims (16)

[Claims] 1. A user authentication system having a judgment means for judging whether or not a person is an authorized purchaser of content by regularly checking the authentication data issued at the time of purchase. 2. The first judging means for accessing the authentication server via the network for every first predetermined time, and judging whether or not the customer is a legitimate purchaser, and the first judging means shorter than the first predetermined time. 2. The user authentication system according to claim 1, further comprising: a second determination means for determining whether or not the user is an authorized purchaser at a predetermined time or when starting to use the purchased content. 3. An electronic device comprising means for issuing authentication data to a legitimate purchaser and periodically confirming the authentication data when purchasing content that can be purchased using a communication channel. Information user authentication system. 4. A management server for managing authorized purchasers is provided,
According to the authentication program used together with the used contents sold, the confirmation is performed at a first predetermined interval by a first authentication means for accessing and confirming the management server, and at a different interval from the first predetermined interval. The user authentication system according to claim 3, further comprising a second authentication unit that performs authentication by a method different from the authentication unit. 5. The user authentication system according to claim 5, wherein the second authentication means performs confirmation by using information for storing the content in the device to be used. 6. The user authentication system according to claim 1, wherein the first predetermined interval is set for each expiration date of the purchased content or for each shorter time period. 7. An authentication program for achieving the authentication system according to any one of claims 1 to 6. 8. A content sales system that sells content in units of a predetermined period, using the authentication system according to claim 1. 9. A content lending system that lends content on a predetermined time basis by using the authentication system according to claim 1. 10. A system having authentication means for authenticating whether or not a site is a regular purchaser of the site at a site for accessing, selling, renting, or providing contents through a network. 11. The authenticating means accesses the authenticating server via a network at every first predetermined time to judge whether or not the user is a regular member, and a second shorter than the first predetermined time. For a predetermined time or when the user starts using,
11. The system according to claim 10, further comprising a second judging means for judging whether or not the member is a regular member. 12. The site comprises an authentication server and a server for managing contents provided to members, and the authentication server manages whether or not a member is a member according to the charging information of the member, and whether the user is a new user or authorized. The system according to claim 11, wherein the system determines whether the user is a past user or not and controls the operation of the content provided to the content server. 13. The content server provides online content that is provided online and offline content that is sold out or provided offline.
Regarding the online content, when connecting to the content server, it has a third judging means for checking with the authentication server to judge whether the user is a legitimate user. 13. The system according to claim 12, wherein a program is provided to activate the first authenticating means or the second authenticating means according to the counter of the user terminal when the user uses the offline content offline. 14. The second determining means comprises an authentication program embedded in the content and an authentication program provided for other than the content.
The system according to 1. 15. The system according to claim 14, wherein the program embedded in the content of the second determining means activates a program outside the content and performs authentication without the user being aware of it. 16. The second judging means checks the user's personal computer built-in clock counter, and according to the count number,
The system according to claim 11, further comprising time measuring means for measuring a predetermined time.