JP2003295964A - Data supply system, program and data supply method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data supply system that can effectively prevent both an unauthorized copy of a file for installation on a PC as well as unauthorized copies such as applications and contents, which are written in terminals of PDA, etc. <P>SOLUTION: A password is generated by a password generating means 123 in a password supply device 121 using only a terminal ID 103, or both the terminal ID 103 and PC-ID. The password is written in an original data 115 and customized, and an unauthorized user is automatically determined when installed and/or executed. Consequently, permission is not given to activation of the installed program in an unauthorized PC 105, installation to an unauthorized terminal 101, and execution of the program in the unauthorized, terminal 101. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data supply system, and more particularly to a personal computer (hereinafter
Connect a terminal such as a portable information terminal (hereinafter referred to as "PDA") to a vendor machine such as "PC"),
The present invention relates to a data supply system for setting up programs and downloading contents.

[0002]

2. Description of the Related Art In recent years, with the rapid spread of computers and the rapid development of information and communication technology, there is an increasing demand for portable information terminal devices such as PDAs that can be used outside the house.

Conventionally, as a method for setting up or downloading a program or content (hereinafter collectively referred to as "application") to such a portable information device (hereinafter collectively referred to as "install"), a CD- There are a method of supplying by a recording medium such as a ROM and a method of distributing via a network.

However, due to the recent popularization of CD-Rs, the data of the application supplied to the user is illegally copied from the authorized user to other users, and as a result, the profit of the application provider is unjustified. The number of cases of harm is increasing.

In order to prevent such illegal copying,
Various techniques have been used conventionally.

For example, when data is supplied by a CD-ROM or the like, a method of inputting a serial key described in a manual or the like when a user installs an application, or starting or reproducing an application for the first time (hereinafter When these are collectively called “execution”, a method of performing processing for specializing an installed application to a certain terminal has been used.

When data is supplied via a network, the management server on the provider side determines whether the data requester is a legitimate user and permits the data supply and application installation. Alternatively, the server can encrypt the application data itself in advance and decrypt it when the application is executed.Send an email containing the password to the email address entered by the user, and the user will see the email and enter the password. The method of doing was used.

[0008]

However, these methods have various problems.

First, in the case of a data supply system using a CD-ROM or the like, the method of inputting the serial key by the user is troublesome because the user has to enter the serial key, and the user needs to input this serial key. It had to be managed and was often lost.

Further, in such a method, a CD-ROM
If you give it to another person by duplicating it and at the same time tell the other person the serial key, you cannot prevent illegal copying at all, and it became ineffective. Particularly, this problem is desired to be solved promptly due to the spread of CD-R and the like in recent years.

Further, when the application is executed for the first time,
In the method of performing the processing for specializing the installed application on a certain terminal, the application installed on the user's PC or the CD-ROM itself is copied before the first execution. Once illegal, illegal copying is possible, and there has been no method for technically preventing such illegal copying.

On the other hand, in the case of a data supply system that distributes via a network, the method of managing user information by a management server requires a management server for managing the user information, resulting in high operating costs. There was a problem of being lost. In particular, due to the rapid development of broadband technology in recent years, it is expected that a large number of terminal devices will spread to each user in the future, and such a method will put an excessive burden on the service provider. Is predicted.

Further, even if the application installation is restricted by such a method, the application installation program is copied from one user's PC or the like to another user's PC or the like, or the installed application is installed. However, there is a possibility that the data will be directly copied from one user's PDA or the like to another user's PDA or the like, and there has been a problem that unauthorized copy cannot be sufficiently prevented.

In the case of a method of encrypting application data itself by the server and decrypting this encrypted data by the terminal, if it is decrypted at the first start after the download, an illegal copy will be made after such decryption. On the other hand, if the decryption is performed at every start-up, there is no problem if the terminal on the user side is a device having a certain processing capacity such as a PC, but a portable terminal or the like. In a relatively simple terminal device, the processing time for this decryption processing is required at each startup, and such decryption processing imposes a heavy processing burden, and each time the user waits for a long time. There were challenges.

Further, in the method of sending a mail in which a password is written to the mail address entered by the user and prompting the user to enter the password, various operations are required of the user, and the serial number is also required. Similar to the method of inputting the number, there was a problem that the user had to manage the password.

The present invention has been made in order to eliminate the above-mentioned drawbacks of the prior art. The object of the present invention is to connect a terminal such as a PDA to a vendor machine such as a PC and store the program. In a data supply system for setting up and downloading contents, illegal copying of installation files on a PC and P
An object of the present invention is to provide a data supply system capable of effectively preventing both illegal copying of an application installed in a DA without imposing a burden on the user and appropriately protecting the interests of a program development maker and a content provider.

[0017]

In order to achieve the above object, the invention described in claim 1 has a terminal device having different terminal identification data for each terminal, and a program executed by the terminal device. In a data supply system having a program writing device which is installed in the terminal device and is connectable to the terminal device, and a password supplying device which supplies a password set in the terminal device, the program writing device is the terminal device. Is supplied from the password supply device for causing the terminal device to execute the program, the terminal identification data acquiring device for acquiring the terminal identification data from the device, the program writing device for writing the program in the terminal device, Password setting means for setting a password to the terminal device And, the password supply device,
It is characterized in that it has a password generation means for generating password data based on the terminal identification data acquired by the terminal identification data acquisition means.

Further, in the invention described in claim 2, the terminal device having different terminal identification data for each terminal, the content reproduced by the terminal device is written in the terminal device, and the terminal device can be connected. In a data supply system having a content writing device and a password supplying device for supplying a password set to the terminal device, the content writing device includes terminal identification data acquisition means for acquiring the terminal identification data from the terminal device. Content writing means for writing the content to the terminal device, and password setting means for setting the password supplied from the password supply device to the terminal device in order to reproduce the content on the terminal device. The password supply device has the terminal identification data. Characterized in that it has a password generation means for generating a password data based on the terminal identification data acquired by the data acquisition means.

According to a third aspect of the present invention, in the data supply system according to the first or second aspect, the password setting means writes the password data in a predetermined area of the terminal device. To do.

The invention according to claim 4 is the data supply system according to any one of claims 1 to 3, wherein the program writing device or the content writing device installs the program or writes the content in the terminal device. The password setting means stores the password data in a predetermined area of the original data stored in the data storage device or data related to duplication thereof. It is characterized by writing.

The invention described in claim 5 has a terminal device having different terminal identification data for each terminal and a different writing device identification data for each program writing device, and is executed by the terminal device. A program writing device that installs a program in the terminal device and is connectable to the terminal device; a data supply device that supplies data used when the program writing device installs the program in the terminal device; and the data In a data supply system having a data storage device that stores original data used by a supply device, the program writing device includes a terminal identification data acquisition unit that acquires the terminal identification data from the terminal device, and the program writing device. Writing for obtaining the writing device identification data Device identification data acquisition means, and program installation means for installing a program in the terminal device using the data supplied from the data supply device, wherein the data supply device includes the terminal identification data and / or Password generating means for generating password data based on the writing device identification data, and original data stored in the data storage device are converted by using the password data to supply data to be supplied to the program writing device. And a conversion unit for generating the data.

According to a sixth aspect of the present invention, a terminal device having different terminal identification data for each terminal and a different writing device identification data for each content writing device are reproduced by the terminal device. A content writing device that writes content to the terminal device and is connectable to the terminal device, a data supply device that supplies data used when the content writing device writes content to the terminal device, and the data supply device In the data supply system having a data storage device for storing original data used by the content writing device, the content writing device obtains the terminal identification data from the terminal device, and the content writing device performs the writing. The device identification data for writing, which acquires the device identification data Data acquisition means and content installation means for installing content in the terminal device using the data supplied from the data supply device, wherein the data supply device includes the terminal identification data and / or the writing device. Password generation means for generating password data based on identification data, and conversion for converting original data stored in the data storage device using the password data to generate data to be supplied to the content writing device. And means.

Further, the invention described in claim 7 is the data supply system according to claim 5 or 6, wherein the conversion means stores the original data stored in the data storage device or data relating to the copy thereof. The password data is written in a predetermined area.

According to an eighth aspect of the present invention, a step of reading the terminal identification data of a terminal device connected to the computer to a computer, and the terminal identification data to a password supply device connected to the computer. A step of notifying, a step of receiving the password data notified from the password supply device, a step of installing a terminal program in the terminal device, and a predetermined reference referred to when the terminal program is executed in the terminal device. And a step of setting the password data in the area (1).

According to a ninth aspect of the present invention, the step of reading the terminal identification data of the terminal device connected to the computer to the computer, and the terminal identification data to the password supply device connected to the computer. A step of notifying, a step of receiving the password data notified from the password supply device, a step of writing the content in the terminal device,
It is a program for executing the step of setting the password data in a predetermined area referred to when the content is reproduced on the terminal device.

According to a tenth aspect of the present invention, a computer reads the terminal identification data of a terminal device connected to the computer, the writing device identification data of the computer, and the computer. A step of notifying the data supply device connected to the terminal of the terminal identification data and the writing device identification data, a step of receiving the installation data notified from the data supply device, and a predetermined area of the installation data. Comparing the password data set in step 1 with the writing device identification data and terminating execution if execution is not permitted; and installing a terminal program in the terminal device using the installation data. , The terminal program Is a program for executing the step of setting the second password data set in the predetermined area of the installation data in a predetermined area referred to when the is executed in the terminal device. Characterize.

According to an eleventh aspect of the present invention, a computer reads out terminal identification data of a terminal device connected to the computer, a step of reading out writing device identification data of the computer, and the computer. A step of notifying the data supply device connected to the terminal of the terminal identification data and the writing device identification data, a step of receiving the content writing data notified from the data supplying device, and a predetermined step of the content writing data. Comparing the password data set in the area of the writing device with the writing device identification data, and if the execution is not permitted, ending the execution; and writing the contents to the terminal device using the contents writing data. And the storyboard And a step of setting the second password data set in a predetermined area of the content writing data in a predetermined area referred to when the user sets is reproduced in the terminal device. It is characterized by

According to a twelfth aspect of the present invention, there is provided a data supply method for supplying data such as a program or content written in a terminal device, wherein original data as a source of the data is distributed, and the terminal device is provided. The writing device that writes the data to the terminal device acquires terminal identification data included in the terminal device, causes the writing device to notify the acquired terminal identification data, generates a password based on the terminal identification data, and generates the password. The writing device is notified, and the writing device is caused to set the password in a predetermined area of the terminal device.

The invention described in claim 13 is a data supply method for supplying a program or data for causing a terminal device to write data such as a program or content, which is a writing device for writing the data to the terminal device. , Causing the writing device to obtain the terminal identification data of the terminal device, the writing device to obtain the writing device identification data of the writing device, and the writing device to notify the terminal identification data and the writing device identification data, A password is generated based on the terminal identification data and the writing device identification data, original data which is a source of the data is converted by the password, and the converted original data is supplied to the writing device. .

A fourteenth aspect of the present invention is a data supply method for supplying data such as a program or content written in a terminal device, wherein the writing device for writing the data in the terminal device includes the terminal device. To obtain the terminal identification data included in the writing device, the writing device to obtain the writing device identification data included in the writing device, and the writing device to notify the terminal identification data and the writing device identification data. And generating a password based on the writing device identification data, converting the original data that is the source of the data by the password, supplying the converted original data to the writing device, and supplying the writing device with the password and the password. Write device identification data is compared and written by the comparison If the variable in the determination has been made, and wherein said password be set in a predetermined area of the terminal device to the writing device.

Here, as the terminal device, for example, a PD
A portable information terminal such as A or an electronic notebook, a content reproducing terminal such as karaoke or video, and the like are considered. further,
The terminal device may be a wrist tool such as a wrist watch, other devices that can be worn on a part of the human body, devices such as a mobile phone, a pocket PC, a portable or stationary AV playback device, and a game device.

Further, terminal identification data (hereinafter referred to as "terminal I
"D") may be, for example, the serial numbers attached to these terminal devices, or the serial numbers of devices exclusively used in the terminal devices such as hard disks and other peripheral devices of these terminal devices. To be

Further, as a program writing device or a content writing device (hereinafter, these are collectively referred to as "installing device"), a user side machine such as a PC for allowing a user to connect with a PDA or the like to install an application, , A vendor machine such as a vending machine for information data, a device such as a computer that can be connected to a terminal device through communication, or a location where the terminal device is installed and connected to the terminal device to connect the application. A writing device or the like can be considered.

Further, the writing device identification data (hereinafter,
The "PC-ID") may be a serial number attached to the installation device or a serial number of a device exclusively used by the installation device, such as a hard disk or other peripheral device of the installation device. .

A password supply device or a data supply device (hereinafter, these are collectively referred to as "server")
As the computer, a computer on the application provider side, a computer installed on the provider side, or the like can be considered.

Further, as a data storage device, a CD-R installed in a server or an installation device is used.
In addition to the OM drive, hard disk, MO drive, PD drive, DVD drive, ZIP drive, FDD drive, etc., another computer (file server) or another PC connected via a network is conceivable.

The original data is the installer program executed on the installation device when the installation device installs the application on the installation device, and the application main body executed on the installation device by being copied to the installation device. It refers to installer data that includes. In addition, the original data may include the data of the authentication subprogram operating in the terminal in the application body or separately from the application body.

[0038]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the accompanying drawings.

(First Embodiment) FIG. 1 is a diagram showing an example of a data supply system according to a first embodiment of the present invention.

The terminal device 101 is a portable terminal such as a PDA that executes programs and reproduces contents, and each terminal has a terminal ID 1 corresponding to each terminal.
Has 03.

The installation device 105 is the terminal device 10.
1 is a device such as a PC that is connected to the device 1 and can write data such as an application.
A terminal identification data acquisition unit (hereinafter, referred to as “terminal ID acquisition unit”) 107 that acquires the terminal ID 103 of No. 1 and a password setting unit 109 that generates data to be used when converting the data and writing the data to the terminal device 101. When,
The terminal device 101 is provided with a program writing unit or a content writing unit (hereinafter, referred to as “data writing unit”) 111 for writing application data.

The data storage device 113 is a hard disk or the like connected to the installation device 105. The data storage device 113 stores the original data 115 supplied from the original data supply device 117 such as a CD-ROM.
The installation device 105 is stored as necessary.
Access to read or write data.

The password supply device 121 is a device such as a server computer connected to the installation device 105 via the communication line network 119, and generates a password based on the terminal ID 103 notified from the installation device 105. The generating means 123 is provided.

Next, an example of the operation of the data supply system according to the first embodiment of the present invention will be described with reference to the flow chart shown in FIG.

When the user installs the application on the terminal device 101, the user operates the installation device 105 or the terminal device 101 to make an installation request. Then, the installation device 105 acquires the original data 115 from the original data supply device 117 in step S201, and writes part or all of the original data 115 in the terminal device 101 in step S203. At this time, the installation device 105 may temporarily store the data supplied from the original data supply device 117 in the data storage device 113.

Here, to write the original data means to install the main part of the terminal program in the terminal and to write the content data of the content in the terminal, but only the original data is written in the terminal device 101. When I write it, it doesn't work, or the operation is limited. That is, at this stage, the terminal device 101
Because no password is set in, the application is not started, the functions are limited, or is configured to stop starting in a certain number of days.

When the writing of the original data 115 to the terminal device 101 is completed, the installation device 105 enters a waiting state for an authentication request in step S205. This authentication request may be requested immediately after the writing of the original data 115 is completed, and the process proceeds to the terminal ID request step immediately after writing the original data without an explicit authentication request. May be. On the other hand, if the original data is a trial version of the program, during the trial period such as weeks or months after writing the original data,
There may be a case of waiting for the authentication request in step S205.

Next, the terminal ID of the installation device 105
The acquisition means 107 determines the terminal ID 10 in step S207.
Request the terminal device 101 to send 3. Then, in step S209, the terminal device 101 determines its own terminal ID 10
3 is notified to the installation device 105.

When the terminal ID 103 is acquired by the terminal ID acquisition means 107 in this manner, then step S
At 211, the installation device 105 transmits the terminal ID 103 to the password supply device 121.

Password supply device 121 has terminal ID 10
When 3 is received, the password generation means 123 generates a password based on the terminal ID 103 in step S213. Specifically, this password is generated by a method of encrypting the terminal ID 103 using a secret key according to an asymmetric key algorithm, for example. Then, when the password is generated in this way, the password supply device 121 transmits the generated password to the installation device 105 in step S215.

When the password is transmitted, the password setting means 109 of the installation device 105, in step S217, writes the writing data of the authentication subprogram which is a part of the original data 115 supplied from the original data supply device 117. , Customize with password. Here, “customization” means converting a part of the original data 115 so as to correspond to the terminal device 101 which is currently requesting installation. Note that this “customization” will be described in more detail later with reference to FIG.

Then, in step S217, the original data 11
5 is customized, the data writing unit 111 of the installation device 105 writes the data to the terminal device using the customized data in step S219. In the case of this embodiment, since the main part of the application has already been written in the terminal device 101 in step S203, the authentication subprogram and the password file are written here.

Next, the customization processing in step S217 will be further described with reference to FIG. FIG. 3 is a diagram showing in detail an example of the contents of the portion of the original data 115 that is customized in step S217.

As shown in FIG. 3, the original data 301 before customization includes data 303 of the authentication subprogram installed in the terminal device 101. Further, the data 303 of the authentication subprogram further includes a password collation processing routine 305 and a reserved area 307.

On the other hand, the data 30 after being customized
9 includes the data 311 of the authentication subprogram installed in the terminal device 101. Further, the data 311 of the authentication subprogram includes the password verification processing routine 313 and the password verification data 3.
15 are included.

When the original data is customized in step S217, for example, the password data transmitted from the supply device is written in the reserved area 307 and used as the password collation data 315.

Here, the authentication subprogram is a code that is sequentially read and executed when the terminal device 101 determines whether or not to permit execution of an application, and can be executed by the terminal. Contains program code data. The password collation processing routine 313 is also a part of the code executed by the terminal device 101, and the code for performing the collation processing corresponding to the password generation processing in step S213 is described.

For example, in the password generation process of step S213, when the password data is generated by the method of encrypting with the secret key according to the asymmetric key algorithm, the public key of the asymmetric key algorithm is included in this portion. It means that the password is used in plain text and the code for performing the process of comparing with the terminal ID 103 of the terminal device 101 in which the application is actually executed is described. Alternatively, the terminal ID 103 of the terminal device 101 on which the application is currently executed is acquired, and the same processing as the password generation processing performed by the password generation unit 123 in step S213 is performed on the terminal side and compared with the password collation data 315. A code for performing the processing may be described.

The data 303 of the authentication subprogram before customization is not always changed as it is in the terminal device 101.
It does not have to be code that can be executed in.
For example, it may be data compressed to reduce the amount of data. Also, in the customization process,
In addition to the processing described above, other data or processing may be written, or the encryption key may be written as password verification data. It is also possible to switch the authentication algorithm of the authentication subprogram for each terminal. By doing so, it becomes more difficult to decipher, and thus illegal copying can be prevented more effectively.

Next, an example of the operation of the terminal device 101 when the application is executed after the application is actually installed in the terminal device 101 will be described with reference to FIG.

When the user requests the execution of the application, step S40 is executed prior to the execution.
In 1, the authentication subprogram is first called, and the password verification processing routine 313 is executed.

That is, prior to the execution of the application body, first, in step S403, the terminal ID 10 of the terminal device 101 in which the application is currently being executed.
3 is acquired, and further, in step S405, the terminal device 1
It is checked whether the password verification data 315 set in the predetermined area 01 and the terminal ID 103 match. Then, only when they match, the process proceeds to step S407, the activation is permitted, and the authentication subprogram ends, whereby the application main body is activated in step S411. On the other hand, if they do not match, the process proceeds to step S409, the activation is rejected, the authentication subprogram ends, and the execution of the application ends in step S413.

Here, as a method of checking whether or not the password collation data 315 and the terminal ID 103 match in step S405, step S21
Various types are conceivable corresponding to various algorithms of the password generation processing part in 3.

For example, if the encryption is performed using the asymmetric key algorithm in step S213, step S213
In 405, the password is plainly written using the public key of the asymmetric key algorithm, and the process of comparing with the terminal ID 103 is performed. Alternatively, the terminal ID 103
On the other hand, in step S209, the password generation means 12
It is also possible to perform the same encryption processing as the password generation processing performed by No. 3 and compare with the password verification data 315.

As described above, in the data supply system according to the first embodiment of the present invention, the password based on the terminal ID 103 is used to execute the regular terminal ID 103 when the program is executed or the content is reproduced. Since the application is configured to be started only on the terminal that the user has, even if the user illegally copies the program or content to another terminal, these cannot be operated. Therefore, it is possible to effectively prevent such illegal copying. You can

Here, since the original data 115 is a program body or content data such as music or video, in general, there are many cases where the data amount is generally large. Therefore, it is desirable to use a device such as a CD-ROM as the original data supply device 117 from the viewpoint that the amount of communication data can be reduced and the communication charge burden on the user can be reduced. Distribution by CD-ROM has the advantage that it can be marketed at electronic stores and the like, and unlike distribution by communication, the user can purchase after checking the actual product.

On the other hand, since music data and the like often have a short life cycle, from the point of view that the latest contents and information can be quickly supplied, a device such as a file server connected via a network is used as the original data supply device. There is an advantage in using it as 117. With respect to this point, even when supplying program data instead of content, there is an advantage that a better program can be appropriately supplied to the user by network distribution so that the version can be appropriately upgraded.

The original data writing process of step S203 may be performed at the same time as the writing of the authentication subprogram in step S219. If the authentication subprogram is incorporated in the application, the original data of step S203 may be written. It is also possible to omit the data writing process and write the data collectively in step S219. Further, when the authentication program is incorporated in the terminal device in advance, it is possible to write only the password data in step S219. Furthermore, in this case, the application (program or content) to be written this time is registered in a table or the like for notifying where the password data of each application is written to the authentication program installed in the terminal device in advance. It is also possible to write the password data above.

Further, step S207 and step S
In 209, instead of the terminal device 101 explicitly performing the transmission process, the terminal ID acquisition unit 107 can automatically read the terminal ID 103 stored in a predetermined area. By doing so, there is an advantage that the processing performed by the terminal device 101 is further reduced and the configuration of the terminal device 101 can be further simplified.

Further, in the password generation process in step S213, it is possible to use a table in which the result of the encryption process or the like is registered in advance in order to reduce the burden of the server performing the encryption process. It is also possible to register the ID and password in the table at the time of the first access and use this table after the second time.

Further, the password setting means 109 can be configured so as to be provided in the password supply device 121 on the server side, and which one is desired from the viewpoint of reducing the processing load of either the installation device or the server. It can be decided whether or not to have it.

Further, in the present embodiment, the password setting means writes the password in the reserved area of the original data, but the password is directly written in a predetermined area of the terminal device 101 or the password file is directly written on the terminal device 101. May be created. By doing so, the password file can be created directly in each terminal without changing the original data, so that the process is simplified and the original data can be generalized.

Further, instead of writing the authentication subprogram and the password file separately, the authentication subprogram in which the password is embedded in the code may be written in the terminal device. In this way, the password can be decrypted. The effect becomes even more difficult.

For the program portion of the authentication subprogram other than the password data, step S2
When writing the original data in 03, the terminal device 1
Alternatively, it may be configured to be written in 01. Further, the authentication subprogram 303, the password collation processing routine 305, and the reserved area 307 may be embedded in the main body of the application program installed in the terminal device 101.

Further, in the present embodiment, since the data storage device for storing the original data is provided in the program writing device or the content writing device, what is common to each terminal as the main body of the application is stored as the original data. Since the password data, which is unique data for each terminal, can be made to have an extremely small data amount, the system configuration required on the server side can be reduced, and the terminal device associated with broadbandization can be reduced. It has become possible to provide a data supply system that can easily cope with diversification and increase in number.

(Second Embodiment) Next, an example of a data supply system according to a second embodiment of the present invention will be described with reference to FIG.

The terminal device 501 is the same terminal as the terminal device 101 in FIG. 1, and also has a terminal ID 503.

The installation device 505 is also a device such as a PC similar to the installation device 105 in FIG. 1, and has a terminal ID acquisition means 511 for acquiring the terminal ID 503.
And an installation means 513 for writing data such as programs and contents to the terminal device 501.

The installation device 50 of this embodiment is also used.
5 further has a different PC-ID 507 for each installation device 505.
Writing device identification data acquisition means (hereinafter, referred to as "PC-ID acquisition means") 50 for reading this PC-ID
9 is equipped.

The PC storage device 515 is, for example, a hard disk connected to the installation device 505. The storage device 515 for PC is the installation device 5
05 stores the installation data 517 used when installing an application in the terminal device 501, and the installation device 505 accesses the data as necessary to read or write data.

The data supply device 521 is a device such as a server computer similar to the password supply device 121 of FIG. 1, is connected to the installation device 505 through the communication network 519, and is notified from the installation device 505. A password generation unit 523 for generating a password corresponding to the terminal ID 503 is provided. In addition, the data supply device 521 according to the present embodiment further includes the original data 5
The conversion means 525 which performs conversion of 29 is provided.

Further, in this embodiment, the data supply device 52
The data storage device 527 for storing the original data 529 used in the first conversion unit 525 is the data supply device 5
21 is connected. This data storage device 527 is
Specifically, a hard disk on the server side or a CD-RO
It is an M drive, a file server, etc., and does not necessarily have to be integrated with the supply device.

Next, an example of the operation of the data supply system according to the second embodiment of the present invention will be described with reference to the flowchart shown in FIG.

When the user installs the application on the terminal device 501, the user operates the installation device 105 such as a PC or the terminal device 101 to make an installation request, as in the first embodiment. The installation device 505 waits for this installation request in step S601.

When there is an installation request, the installation device 505 first acquires from the data supply device 521 and executes the installer program for performing the following installation process in step S603. In this embodiment, the CD-R is obtained from the server via the network.
Of course, it may be acquired from the OM or the like.

When the installer program is executed,
The terminal ID acquisition means 511 of the installation device 505
In step S605, the terminal ID for the terminal device 501
Request to notify 503. Then, the terminal device 50
1 transmits the terminal ID 503 to the installation device 505 in step S607.

Next, the PC-I of the installation device 505
In step S609, the D acquisition unit 509 acquires the PC-ID 507, which is its own individual identification data.

In this way, the terminal ID 503 and the PC-I
When D507 is acquired, the installation device 505 sends the terminal ID 5 to the data supply device 521 in step S611.
03 and PC-ID 507 are transmitted.

Upon receiving these ID data, the data supply device 521 generates a password based on the sent terminal ID 503 and PC-ID 507 in step S613. And further, the data supply device 5
In step S615, 21 customizes the original data 529 to generate the installation data 517 used when the installation device 505 installs the application in the terminal device 501.

Here, the "installation data" means
The term "installer program" that is run on a PC to install an application in the terminal device 501, or the data used by the installer program when the installer program installs the application. In addition,
The password generation and customization processing will be described in more detail later with reference to FIG.

When the installation data 517 is generated, the data supply device 521 transmits the installation data 517 to the installation device 505 in step S617.

When the installation device 505 receives the installation data 517, the installation means 513 of the installation device 505 operates in step S621.
Then, installation of the application to the terminal device 501 is started using the installation data 517 sent. At this time, the installation data 5
17 is the storage device for PC 5 as in step S619.
It is generally stored in 15 or the like.

Next, the password generation processing in step S613 and the customization processing in step S615 will be further described with reference to FIG. Figure 7
FIG. 9 is a diagram showing in detail an example of the content of the data portion customized in step S615 of the original data 529.

As shown in FIG. 7, the original data 701 before customization describes a PC installation program 703 for causing the installation device 505 to perform an installation process, and data used by the PC installation program 703. The installation program data 705 is included.

Of these, the PC installation program 703 includes a PC collation processing routine 70 for determining whether or not to permit the installation when the installation device 505 installs the program.
9, a first reserved area 711 and a second reserved area 713 are included.

Also, the installation program data 7
05 includes terminal program code data 707 such as an authentication subprogram to be installed in the terminal. Further, this terminal program code data 70
7 includes a terminal collation processing routine 715 that determines whether or not to permit execution of an application program or content when the terminal executes the program, and a third reserved area 717.

On the other hand, the customized installation data 751 contains the PC installation program 75.
3 and installation program data 755 in which data used by the PC installation program 753 is described.

Of these, the PC installation program 753 includes a PC collation processing routine 759.
Further, from the PC installation program 703 in the original data 701, at least the first reserved area 711.
Is rewritten to the PC password collation data 761 and the second reserved area 713 is rewritten to the terminal password collation data 763.

Also, the installation program data 7
55 includes terminal program code data 757. Further, the terminal program code data 757 includes a terminal collation processing routine 765, and at least the third reserved area 7 from the terminal program code data 707 in the original data 701.
17 is rewritten to the terminal password verification data 767.

As the PC password collation data 761, for example, the PC-ID 507 transmitted from the installation device 505 in step S611 is encrypted in step S613, and the password data is stored in the first reserved area 71.
It is generated by writing to 1.

Further, terminal password collation data 763
Similarly, and 767 are generated by encrypting the terminal ID 503 transmitted from the installation device 505 in step S611 in step S613 and writing the password data in the second reserved area 713 in step S615. is there.

The terminal password verification data 767
Instead of writing in step S615, the installation password may be written in the installation device 505 in step S621 by using the terminal password collation data 763. By doing so, the processing load of the server can be reduced. . In that case, the third reserved area 717
The terminal password verification data 767 does not necessarily have to exist.

Further, the PC collation processing routine 759 is
It may be the same as the PC matching processing routine 709 in the original data 701, or the processing method may be changed for each terminal. Similarly, the terminal collation processing routine 765 may be the same as the terminal collation processing routine 715 in the original data 701, or the processing method may be changed for each terminal. The former has the advantage of reducing the processing load on the server, while the latter has the advantage of maintaining confidentiality of the verification process, making the decryption process difficult, and further preventing illegal copying.

Next, with reference to FIG. 8, an example of the operation when the installation device 505 actually installs the application in the terminal device 501 in step S621 will be described.

When the installation device 505 installs an application, the PC collation processing routine 759 included in the PC installation program 753 is first executed. Then, first, step S8
01, the PC-ID 507 of the installation device 505 which is actually installing the application.
Is the PC-ID acquisition means 50 of the installation device 505.
9 acquired. Further, in step S803, the terminal ID 503 of the terminal device 501 in which the application is about to be installed is acquired by the terminal ID acquisition unit 511 of the installation device 505.

If both IDs have been acquired, step S8
05, PC password verification data 761 and PC-I
It is determined whether D507 is consistent.
Specifically, this determination is performed by performing the same encryption as that performed in step S 613, and the PC-ID 507 of the installation device 505 which is actually performing the installation or the like.
The password data is generated based on the above, and this password data is compared with the PC password collation data 761. Alternatively, the PC-I of the installation device 505, which is permitted to be installed, obtained by decrypting the PC password verification data 761 with the public key.
This can also be realized by comparing D with the PC-ID 507 of the installation device 505 which is actually trying to install.

Then, if the two data do not match, that is, if the installation device 505 that is currently performing installation is not a PC of an authorized user,
In step S811, the installer is terminated and the program installation and the content download are not permitted. On the other hand, if both data are consistent,
It proceeds to step S807.

In step S807, it is determined whether the terminal password collation data 763 and the terminal ID 503 match. This judgment is also made in step S80.
Similarly to 5, by encrypting the terminal ID 503 of the terminal device 501 that is about to be installed or the like, or by decrypting the terminal password verification data 763 included in the writing data 751 and comparing them. Done.

If the two data do not match, that is, if the terminal device 501 that is currently trying to install is not the terminal device of a legitimate user, the installer is terminated in step S811 to set up the program and contents. Do not allow downloads. On the other hand, if the two data match, the process advances to step S809 to install the application in the terminal.

Here, in FIG. 8, PC-ID is used for convenience.
Although it is assumed that the acquisition of 507 is performed before the acquisition of the terminal ID 503, whichever may be acquired first, one is acquired and the other ID is acquired after determining whether or not they match. It goes without saying that it does not matter.

When the application installed in this manner is to be executed on the terminal, the terminal ID 503 of the terminal device 501 which is actually to be executed is prior to the execution as in the case shown in FIG. Use to authenticate. Therefore, even if the application written by the installation device 505 is illegally copied between the terminal devices 501, the application cannot be executed by the illegally copied terminal device.

As described above, in the data supply system according to the second embodiment of the present invention, the installation device 5
The installation program supplied to
Only when the terminal device 501 having the formal terminal ID 503 is connected to the installation device 505 having the C-ID 507, the terminal device 501 can be started, and the application installed by the installation program also has the formal terminal ID 503. Since it is configured so that it cannot be started unless it is the terminal device 501, even if the installation program is illegally copied on the PC, another terminal is connected to the legitimate PC to attempt illegal installation. Even in the case, even if the unauthorized copy is made from the authorized terminal to another terminal after being installed on the authorized terminal, it is possible to effectively prevent the unauthorized copying of all these modes. And effectively protect the interests of the application provider

In this embodiment, step S611.
In the above, the PC-ID 507 and the terminal ID 503 are separately encrypted to generate different password collation data, but one ID is used as a key and the other ID is encrypted, and thus, It is also possible to use one generated password data as password collation data, and in that case, the PC collation processing routine 759 is also configured to perform the processing corresponding thereto. By doing so, only one password data need be used, which is effective in simplifying the process and reducing the amount of data. It is also possible to combine these IDs on the basis of a certain rule such as combining every other character, and to encrypt the combined ID data. It is even more effective in preventing illegal copying because it is more difficult to decipher.

In addition, step S605 and step S
In 607, it is also possible to configure the terminal ID 501 to automatically read the terminal ID 503 stored in a predetermined area, instead of explicitly performing the transmission processing by the terminal device 501. By doing so, there is an advantage that the processing performed by the terminal device 501 is further reduced and the configuration of the terminal device 101 can be further simplified.

The method described in each of the above embodiments, that is, the application installation process by the PC or the installation device of the first embodiment shown in the flowchart of FIG. 2, the password generation process by the server or the password supply device, and the process of FIG. Each method such as the application installation processing by the PC or the installation apparatus and the customization processing by the server or the data supply apparatus of the second embodiment shown in the flowchart can be realized by a program that can be executed by a computer.

According to the method described in each of the above embodiments, after the user issues an installation request,
It is possible to automatically proceed with the installation process, so users of various skill levels can be provided without the burden of requiring the user to enter the password or saving and managing the password. ,
It has become possible to provide a data supply system that enables applications to be used with simple operations.

Furthermore, the conversion means of this embodiment can be provided on the PC side so that the ID data and password data can be transmitted and received between the server and the PC. In the case of distribution, the amount of data transmitted and received between the server and the PC can be reduced, and the communication cost of the user and the communication time can be reduced. In particular, when the server issues licenses for a plurality of terminal devices to one PC, it is possible to configure only the password data to be transmitted and received for the second and subsequent terminal devices. The communication load can be reduced.

[0118]

As described above, according to the present invention, in the data supply system, the password data is generated based on the terminal identification data, the password data is set in the terminal device, or the password data is used. Since it is configured to convert data, even if the user illegally copies the program or content to another terminal, they cannot operate, and it is possible to effectively prevent such illegal copy. .

Further, in the present invention, in the data supply system, the password supply device or the password generation means provided in the data supply device generates the password data based on the terminal identification data and / or the writing device identification data, Since the password data is set in the terminal device or the original data is converted by using the password data, even if the installation program is illegally copied on the writing device,
In addition, even if you try to install illegally by connecting an illegal terminal to a legitimate writing device,
Even if an unauthorized copy is made from the authorized terminal to another terminal after installing on the authorized terminal, it is possible to effectively prevent unauthorized copying of all of these aspects.
The interests of the application provider can be effectively protected.

Further, according to the present invention, in the data supply system, the password supply device or the password data generated by the password generation means provided in the data supply device is used to convert the original data in the data supply device. Therefore, it is possible to make it difficult for the user to decipher the password, and it is possible to extremely effectively prevent the illegal copying of the application and the illegal use of the password. Because, in this way, when the user tries to steal the password illegally compared to when the password file is a separate file, the user decrypts the entire program code and where of that is the part of the password. It is necessary to determine whether or not it is, and for this purpose, extremely specialized operations such as decompilation are required.Therefore, it is necessary for someone who has only general user level knowledge of PCs to steal passwords. Is extremely difficult.

Further, according to the present invention, in the data supply system, each of terminal identification data acquisition means, program writing means, content writing means, password setting means, conversion means, installation means, writing device identification data, password generation means, etc. Since the means is provided in the writing device or the supplying device other than the terminal device, the processing load of the terminal device can be reduced, and the hardware performance required for the terminal device is greatly reduced, which is very simple. It has become possible to use the data supply system according to the present invention with terminal devices having various configurations.

[Brief description of drawings]

FIG. 1 is a diagram showing an example of a data supply system according to a first embodiment of this invention.

FIG. 2 is a flowchart showing an example of operation of the data supply system according to the first embodiment of this invention.

FIG. 3 is a diagram showing an example of contents before customization and contents after customization of a data portion customized in step S217.

FIG. 4 is a flowchart showing an example of the operation of the terminal device 101 when executing a program or reproducing a content.

FIG. 5 is a diagram showing an example of a data supply system according to a second embodiment of this invention.

FIG. 6 is a flowchart showing an example of operation of the data supply system according to the second embodiment of the present invention.

FIG. 7 is a diagram showing an example of contents before customization and contents after customization of a data portion customized in step S615.

FIG. 8 shows an installation device 505 installed in step S621.
FIG. 13 is a diagram showing an example of an operation when a program is actually set up and contents are written in the terminal device 501.

[Explanation of symbols]

101 terminal device 103 terminal ID 105 Installation device 107 terminal ID acquisition means 109 password setting method 111 data writing means 113 data storage device 115 original data 117 original data supply device 119 communication network 121 Password supply device 123 Password generation means 501 terminal device 503 Terminal ID 505 Installation device 507 PC-ID 509 PC-ID acquisition means 511 Terminal ID acquisition means 513 Installation means 515 PC storage device 517 Installation data 519 Communication network 521 Data supply device 523 Password generation means 525 conversion means 527 data storage device 529 original data

Claims (14)

[Claims] 1. A terminal device having different terminal identification data for each terminal, a program writing device connectable to the terminal device, which installs a program executed by the terminal device into the terminal device, and the terminal device. In a data supply system having a password supply device for supplying a password set to, the program writing device obtains terminal identification data acquisition means for obtaining the terminal identification data from the terminal device, and the program for the terminal device. And a password setting unit configured to set a password supplied from the password supply device to the terminal device so that the program is executed by the terminal device. , The terminal identification data acquisition means Data supply system characterized by having a password generating means for generating a password data on the basis of acquired said terminal identification data. 2. A terminal device having different terminal identification data for each terminal, a content writing device for writing content reproduced by the terminal device to the terminal device, the content writing device connectable to the terminal device, and the terminal device. In a data supply system having a password supply device that supplies a password to be set, the content writing device writes terminal content to the terminal device, the terminal identification data acquisition means acquiring the terminal identification data from the terminal device. And a password setting unit configured to set a password supplied from the password supply device to the terminal device in order to reproduce the content on the terminal device. Acquired by the terminal identification data acquisition means Data supply system characterized by having a password generating means for generating a password data based on the terminal identification data. 3. The data supply system according to claim 1, wherein the password setting means writes the password data in a predetermined area of the terminal device. 4. The program writing device or the content writing device further comprises a data storage device for storing original data used when installing the program or writing the content in the terminal device, and the password setting means. The data supply system according to any one of claims 1 to 3, wherein the password data is written in a predetermined area of the original data stored in the data storage device or the data relating to the copy thereof. 5. A terminal device having different terminal identification data for each terminal and different writing device identification data for each program writing device, and a program executed by the terminal device is installed in the terminal device. A program writing device connectable to the terminal device, a data supply device that supplies data used when the program writing device installs a program in the terminal device, and original data used by the data supply device are stored. In the data supply system having a data storage device, the program writing device obtains terminal identification data obtaining means for obtaining the terminal identification data from the terminal device, and writing for obtaining the writing device identification data from the program writing device. Device identification data acquisition means A program installation unit that installs a program in the terminal device using the data supplied from the data supply device, wherein the data supply device is based on the terminal identification data and / or the writing device identification data. And password generating means for generating password data, and converting means for converting the original data stored in the data storage device using the password data to generate data to be supplied to the program writing device. A data supply system characterized in that 6. A terminal device having different terminal identification data for each terminal, and different writing device identification data for each content writing device, wherein the content reproduced by the terminal device is written in the terminal device. A content writing device connectable to a terminal device, a data supply device that supplies data used when the content writing device writes content to the terminal device, and data that stores original data used by the data supply device In a data supply system having a storage device, the content writing device obtains the terminal identification data obtaining means for obtaining the terminal identification data from the terminal device, and the writing device obtains the writing device identification data from the content writing device. Identification data acquisition means, and the data Content installation means for installing content in the terminal device using data supplied from a power supply device, wherein the data supply device is password data based on the terminal identification data and / or the writing device identification data. And a conversion unit that converts the original data stored in the data storage device using the password data to generate data to be supplied to the content writing device. And data supply system. 7. The conversion unit writes the password data in a predetermined area of the original data stored in the data storage device or the data related to the copy of the original data. Data supply system. 8. A step of reading the terminal identification data of a terminal device connected to the computer to a computer, a step of notifying the password identification device connected to the computer of the terminal identification data, and the password supply device. Receiving the password data notified from the terminal device, installing the terminal program in the terminal device, and setting the password data in a predetermined area referred to when the terminal program is executed in the terminal device. The steps to perform, and the program to execute. 9. A step of reading out the terminal identification data of a terminal device connected to the computer to a computer, a step of notifying the password identification device connected to the computer of the terminal identification data, and the password supply device. Receiving the password data notified from the device, writing the content to the terminal device, and setting the password data in a predetermined area referred to when the content is reproduced in the terminal device. , A program for running. 10. A method of reading terminal identification data of a terminal device connected to the computer to a computer, a step of reading writing device identification data of the computer, and a data supply device connected to the computer, Notifying the terminal identification data and the writing device identification data, receiving the installation data notified from the data supply device, password data set in a predetermined area of the installation data, and the writing Comparing the device identification data, if the execution is not permitted, ending the execution, installing the terminal program in the terminal device using the installation data, the terminal program in the terminal device Fruit The predetermined region is referred to when the program for executing the steps of: setting a second password data set in a predetermined area of the data the installation. 11. A method of reading terminal identification data of a terminal device connected to the computer in a computer, a step of reading writing device identification data of the computer in a data supply device connected to the computer, Notifying the terminal identification data and the writing device identification data, receiving the content writing data notified from the data supply device, and password data set in a predetermined area of the content writing data Comparing the writing device identification data and ending the execution if the execution is not permitted; writing the content to the terminal device using the content writing data; and The predetermined region is referred to when is produced, a program for executing the steps of: setting a second password data set in a predetermined area of the content data for writing. 12. A data supply method for supplying data such as a program or content written to a terminal device, wherein original data as a source of the data is distributed, and the writing device writes the data to the terminal device,
The terminal identification data included in the terminal device is acquired, the writing device is notified of the acquired terminal identification data, a password is generated based on the terminal identification data, and the password is notified to the writing device. A data supply method comprising causing a device to set the password in a predetermined area of the terminal device. 13. A data supply method for supplying a program or data for writing data such as a program or content to a terminal device, wherein the writing device writes the data to the terminal device,
The terminal identification data included in the terminal device is acquired, the writing device is caused to acquire the writing device identification data included in the previous writing device, and the writing device is notified of the terminal identification data and the writing device identification data. A data characterized by generating a password based on the terminal identification data and the writing device identification data, converting the original data that is the source of the data by the password, and supplying the converted original data to the writing device. Supply method. 14. A data supply method for supplying data such as a program or content to be written to a terminal device, the writing device writing the data to the terminal device,
The terminal identification data included in the terminal device is acquired, the writing device is caused to acquire the writing device identification data included in the previous writing device, and the writing device is notified of the terminal identification data and the writing device identification data. A password is generated based on the terminal identification data and the writing device identification data, the original data that is the source of the data is converted by the password, the converted original data is supplied to the writing device, and the writing device A data supply method, characterized in that a password is compared with the writing device identification data, and when the writing permission is determined in the comparison, the writing device is caused to set the password in a predetermined area of the terminal device. .