JP2004361996A - Client evaluation method, client evaluation apparatus, service provision method, and service provision system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To evaluate the reliability and performance of a client by on high and low level evaluation, and to distribute contents whose quality or kind is individually changed according to the evaluation result. <P>SOLUTION: A distribution server 3 issues a request command to a client in response to access from a client 2, and adopts the system environment information of a client. An evaluation server 4 which has received the environment information from the distribution server judges the reliability and performance of the client based on high and low level evaluation by comparison with the evaluation standard of an evaluation standard DB45. The distribution server selects matched service specifications from various service specifications depending on the difference of resolutions or the presence/absence of encryption of the contents(moving image data) to be provided to the client according to the evaluation result returned from the evaluation server, and distributes the contents by converting the contents into the moving image data of the service specifications. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention provides a technique for providing information relating to contents such as moving image data and music data or information such as personal information via a communication network, and performing user authentication and evaluation by stepping into the environment of a client to be provided. In addition, the present invention relates to a technology for changing or restricting information to be provided in accordance with the result of user authentication / evaluation. More specifically, in executing an information providing service, the reliability of a client (security, confidence) And / or individually changing the quality and / or type of the information to be provided based on the result of the evaluation, and / or the client evaluation method and the client evaluation device for performing the stepwise evaluation of the performance (the possibility of providing the provided information). The present invention relates to a service providing method and a service providing system for providing information after restricting information content.
[0002]
[Prior art]
2. Description of the Related Art Conventionally, there has been provided an information providing service of distributing information related to content including data such as moving images, still images, music, and software data such as game programs via a communication network. In providing such an information providing service to a client, ID information for user authentication such as a user ID and a password is transmitted from a client to which the information providing service is provided, and the ID information is collated with pre-registered ID information. After determining and confirming that the user is a genuine user, the requested content is distributed and provided (for example, see Patent Document 1).
[0003]
Further, in order to prevent unauthorized use of the provided content on the client side, there are various known content distribution methods in which the distribution data is encrypted and transmitted so that only the client having the composite key can use the content. For example, see Patent Document 2).
[0004]
[Patent Document 1]
JP-A-2002-359835
[Patent Document 2]
JP 2003-87237 A
[0005]
[Problems to be solved by the invention]
However, in the above-described user authentication technology, the confidentiality (reliability) of the user authentication itself is extremely low, and security (security) may be lacking. There is an inconvenience that information such as provided contents cannot be appropriately protected from unauthorized use.
[0006]
That is, there is a possibility that the user ID, the password, etc. may be leaked, and if another person pretends to be the holder of the user ID and transmits the ID information such as the user ID, the server of the content distribution company side or the information providing organization side may send the information. If the ID information matches, the contents and information will be provided to the client of another person other than the original user. Such “spoofing” can result in unauthorized use of paid content or information that should be provided only to specific authentic users. This belongs to security even in the reliability of the client side, and is caused by whether or not the user authentication matches the registered ID information, that is, whether or not YES or NO is determined. is there.
[0007]
Also, in the provision of services mainly for content distribution, even if a genuine user transmits ID information such as his / her own user ID and properly receives content distribution, the user is malicious. There is a possibility that the provided content may be copied and illegally diverted or secondary used. In other words, even if the content distribution company distributes the content to the client of the genuine user based on the user authentication, the genuine user himself may use the content illegally.
[0008]
Such unauthorized use belongs to the confidentiality in the reliability of the client side, and is caused by the intention of the user who operates the client. It is not directly possible to determine whether or not there is an intention of unauthorized use, and this is an issue that cannot be prevented. To cope with this, the above-mentioned method of distributing the encrypted data can be adopted, but since the composite key itself becomes ineffective due to leakage or unauthorized acquisition, various encryption and decryption technologies have been developed. Have been.
[0009]
On the other hand, in services provided for content distribution, there are inconveniences caused by the performance of clients receiving the content distribution. For example, in the case of distributing moving image data as content, the moving image data cannot be smoothly reproduced and displayed depending on the performance of the client, which is a cause of complaints to content distributors. This is because the rapid progress in computer-related technology has caused significant performance gaps between clients, and in order to deal with this, the content distribution company has decided to use moving image data (for example, Even if moving image data generated for various resolutions is prepared, the user who selects the image data is subjectively judged on the performance of the client and makes a selection. You will not be able to do it.
[0010]
In recent years, developments have been made toward realizing information provision services between local governments, between local governments and other institutions, or between local governments and residents through communication networks. I have. This is a service for providing electronic data such as basic resident register information, and an electronic service for mainly issuing personal information, such as personal information. It is expected that these information providing services may lack protection of personal information, which is a provided service, due to security and confidential problems on the client side to be provided in the same manner as described above. In other words, information provision organizations such as local governments may provide information to non-authentic users due to the above-mentioned "spoofing" and other factors. May be used. Therefore, in order to avoid these inconveniences, it is necessary to protect personal information (provided information) such as basic resident register information and resident's card provided as electronic information.
[0011]
The present invention has been made in view of such circumstances, and a purpose of the present invention is to provide a client evaluation method capable of evaluating the reliability and / or performance of a client to which information is provided in providing information by a high-level evaluation. And a client evaluation device. In addition, a service that can change the quality and / or type of the information provided in accordance with the results of the gradual evaluation or restrict the provided information to provide appropriate information and appropriately protect the provided information An object of the present invention is to provide a providing method and a service providing system.
[0012]
[Means for Solving the Problems]
In order to achieve the above object, the present invention provides an environment for a client (user terminal) system environment (environment including components such as an OS, a CPU, installed applications, and various external devices). Information is obtained, and based on the obtained environment information, how much the client can trust (high or low security or high or low confidence) and how much performance it has to be able to reproduce the provided information Each of them can be evaluated and judged stepwise. Then, according to the graded evaluation result, even if the same content (for example, moving image data) is provided as the provided information, the service specifications such as the quality and type of the provided content are distinguished for each client, Alternatively, a service specification of whether or not the provision of the information is permitted or to what stage the provision of the information is permitted (restricted) is distinguished for each client. For example, in the case of moving image data, a high-reliability evaluation is provided to provide a high-quality image, and a low-reliability evaluation is provided to provide a low-quality image.
[0013]
Specifically, in the invention according to the client evaluation method, the quality and / or type of information provided to the client via the communication network, whether or not to provide the information, or whether or not to limit the information to be provided. In order to use as a criterion for determining a service specification regarding the client, the following specific items are provided for the client evaluation method for authenticating the client reliability evaluation. That is, an evaluation relationship in which a correspondence relationship between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating the level of security and / or confidence is preset for each component and stored. A reference database is prepared, and when environment information about a specific system environment of an individual client is received, each component included in the environment information is compared with the storage content of the above-described evaluation reference database for each component. Through a procedure of calculating the evaluation level value and a procedure of integrating the calculated evaluation level value for each component, the reliability according to the magnitude of the integrated evaluation level value is determined as the reliability evaluation for the individual client. Authentication is performed based on the high and low grade evaluation (claim 1).
[0014]
In the case of the invention according to claim 1, it is possible to authenticate the reliability evaluation of each client by the high-low evaluation. In other words, the environment information of the client's system environment is obtained from the environment information, and if the security function of the client is high depending on the components, the possibility of "spoofing" due to information leakage is low and the reliability is low. May be determined to be high, or may betray the confidence in an environment where unauthorized use is possible, and may be determined to be low in reliability. By evaluating the degree of possibility of whether or not the client's system environment is in a state in which information leakage or abuse is possible, by using a low-to-high evaluation, the security awareness of the user operating the client computer can be improved. It is possible to infer the level of confidence awareness indirectly and evaluate the reliability by grade evaluation. For example, if the type of OS in the environment information is professional, the security function is high, and the higher the version of the OS, the higher the security function, and therefore, it can be determined that the reliability is high. On the other hand, if a large-capacity writing device (storage device) is externally attached to the environment information, the distributed content can be reused by copying, so that the reliability can be evaluated with low reliability. By setting an evaluation level value for each component in advance and creating an evaluation standard database, it is possible to authenticate a reliability evaluation by a high-low evaluation based on the client's environment information. Then, based on the reliability evaluation, the service specification of the provided information is distinguished for each client, or the information provision is refused, whereby the illegal acquisition of the provided information due to the unauthorized use of the user ID information or the unauthorized use of the provided information are prevented. It is possible to protect the provided information by avoiding or suppressing the occurrence of abuse.
[0015]
Here, the “evaluation level value” may be a specific evaluation point from 1 to infinity, for example, or may be a high or low ranking value. In addition, the above-mentioned “high-low evaluation” may be a specific numerical evaluation from 1 to infinity or a ranking evaluation of a plurality of levels as described above. Therefore, the integrated evaluation level value may be used as it is for the high / low step evaluation. These interpretations are also applied to the following claims.
[0016]
Further, in the invention according to another client evaluation method, the performance evaluation of the client is authenticated in order to use it as a criterion for determining a service specification relating to the quality and / or type of information provided to the client via a communication network. The following specific items will be provided for the client evaluation method to be performed. That is, a correspondence relationship between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating whether the function realizability of realizing the provided information reproduction function is high or low is determined in advance for each component. An evaluation reference database that is set and stored is prepared, and when environment information on a specific system environment of an individual client is received, the storage contents of the evaluation reference database are compared for each component included in the environment information. Through the procedure of calculating the evaluation level value of each component by performing the above-described steps, and the procedure of integrating the evaluation level value of each of the determined component elements. The authentication is performed based on a high-low evaluation of the performance according to the magnitude of the above (claim 2).
[0017]
In the case of the invention according to the second aspect, the performance evaluation of each client can be authenticated by high-low evaluation. That is, it is possible to acquire from the environment information what components make up the system environment of the client based on the environment information, and determine whether or not the feasibility of the function of reproducing the provided information is high or low depending on the components. More specifically, the function of reproducing the provided information is evaluated based on the evaluation level value set in the evaluation reference database for each component configuring the system environment, and the integrated evaluation level value for each component. It is possible to certify whether the feasibility of is high, that is, the performance evaluation by the high-low evaluation step for each client. Then, by providing the information of the service specification determined by using such performance evaluation, what kind of quality and / or type of information is provided to the client, and the function of reproducing the information can be appropriately exerted. Can be accurately grasped, and it is possible to avoid the disadvantage that inappropriate quality or type of information is provided based on a subjective selection of a user who operates a computer as a conventional client. . For example, in spite of selecting delivery of high-quality video data as information to be provided, it is possible to avoid the inconvenience that the performance of the client is inconsistent and the video data cannot be smoothly reproduced and displayed. Thus, it is possible to provide appropriate quality or type of information based on objective performance evaluation. Note that the above-mentioned "playback function of the provided information" means whether or not the provided information is moving image data and can be smoothly reproduced and displayed without frame skipping as described above. This is a function for determining whether or not music data can be smoothly played back, and so on. This is to evaluate step by step whether or not the system environment is provided (the same applies to other claims).
[0018]
In the invention according to the client evaluation device for performing the client evaluation method as described above, environment information about a system environment of a client to which information is provided via a communication network is received, and information of the information to be provided is received. A client evaluation device that authenticates the client's reliability evaluation used as a criterion for determining a service specification of quality and / or type, whether to provide information, or whether to limit information to be provided. The following specific items have been provided for In other words, a correspondence relationship between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating the level of security and / or confidence is preset and stored for each component. It is provided with an evaluation criterion database and reliability evaluation means for authenticating the reliability evaluation of each client based on the environment information. And as the reliability evaluation means, an index processing unit for calculating an evaluation level value for each component by comparing the storage content of the evaluation criterion database for each component included in the environment information, and an index processing unit An integration processing unit that integrates the calculated evaluation level value for each component, and the reliability of the individual client by performing a high-to-low evaluation based on the level of the evaluation level value integrated by the integration processing unit An authentication processing unit for authenticating the evaluation is provided (claim 3).
[0019]
In the case of the third aspect, the client evaluation method according to the first aspect can be automatically and reliably implemented to obtain a reliability evaluation based on a high-low evaluation. That is, based on the information of each component included in the environment information on the system environment from the client that is the information providing destination, an evaluation indicating the level of security and / or confidence of each component stored and stored in the evaluation criterion database. The level value is determined by the index processing unit, and the evaluation level value for each of the determined components is integrated by the integration processing unit. Will be authenticated.
[0020]
Further, in the invention according to another client evaluation device, a service related to the quality and / or type of information to be provided is received by receiving environment information about a system environment of a client to which information is provided via a communication network. The following specific items are provided for the client evaluation device that authenticates the performance evaluation of the client, which is used as a criterion for determining specifications. That is, the correspondence relationship between what is assumed as each component configuring the system environment of the client and the evaluation level value indicating whether the function realizability for realizing the provided information reproducing function is high or low is determined in advance for each component. An evaluation criterion database that is set and stored and a performance evaluation unit that authenticates a performance evaluation of each client based on the environment information are provided. And, as the performance evaluation means, an index processing unit for calculating an evaluation level value for each component by comparing the storage content of the evaluation standard database for each component included in the environment information, and an index processing unit for determining the evaluation level value for each component. The performance evaluation of each individual client is authenticated by the integration processing unit that integrates the evaluation level values for each of the issued components, and the high and low grade evaluation of the performance according to the magnitude of the evaluation level value integrated by the integration processing unit And an authentication processing unit (claim 4).
[0021]
In the case of the invention according to the fourth aspect, the client evaluation method according to the second aspect can be automatically and reliably implemented to obtain a performance evaluation based on a high-low evaluation. That is, based on the information of each component included in the environment information about the system environment from the client to which the information is provided, an evaluation level value indicating whether the function realizability of each component stored in the evaluation criterion database is high or low. Is calculated by the calculation processing unit, and the evaluation level value for each of the calculated components is integrated by the integration processing unit, and the evaluation processing unit authenticates the high and low grade evaluation for reliability based on the size of the integrated evaluation level value. Will be done.
[0022]
The client evaluation device according to claim 3 or 4, for example, is provided in or provided in a providing server for providing information to each client, and is provided by its own providing server for each content distributor or each information providing organization. The evaluation may be performed on the client registered as a user in the environment. However, in an environment where the client evaluation device is connected to a communication network, the evaluation result (authentication result) authenticated by the client evaluation device is 1 or You may make it provide to each provision server by communication with two or more provision servers. In such a case, the client evaluation device according to claim 3 or 4 is further provided with a transmission / reception unit for transmitting / receiving information via the communication network, and receiving the environment information via the transmission / reception unit. A configuration for transmitting an authentication result via the transmission / reception unit to a providing server that provides information to the client may be added (claim 5). In this manner, one or more providing servers receive an individual evaluation request from the providing server, and the high or low grade evaluation of the reliability or performance of each client to which the information of each providing server is provided. Is provided to the providing server.
[0023]
In the invention related to the service providing method using the authentication based on the high-level evaluation of the client as described above, the following specific items are targeted for the service providing method in which the providing server provides information to the client via the communication network. I prepared for it. That is, when receiving the information provision request from the client, a procedure of transmitting an acquisition request command for acquiring environment information about the system environment of the specific client to the specific client that has requested information provision, and acquiring the environment information, A step of determining the reliability evaluation of the specific client by a high-low evaluation based on a comparison between the acquired environmental information and an evaluation criterion in which a correspondence relationship between an evaluation level with respect to security and / or confidence evaluation is set in advance. And the quality and / or type to be provided for the information requested by the specific client in accordance with the determined high / low evaluation of the reliability evaluation, whether or not to provide the information, or restrictions on the information to be provided. Procedures for determining service specifications on whether to add Based on the service specification that is was possible and a procedure for executing the information provision for the specific client (claim 6).
[0024]
In the case of the invention according to claim 6, before the information is provided from the providing server to the client, the reliability of the client is evaluated each time. It is possible to determine service specifications related to the quality and / or type of the received information, and to provide information in the determined service specifications. That is, if there is an information provision request from a client, the client issues a request to acquire environmental information on the system environment of the client, and performs a reliability evaluation based on the acquired environmental information by a high-low evaluation, and the reliability evaluation is performed. And providing and changing the quality and / or type of the information to be provided (for example, moving image data requested to be provided by the client) according to the result of the information provision, including whether to permit or reject the information provision After determining a service specification to be provided, such as restricting to which level (level) personal information is provided (for example, providing personal information), information provision based on the determined service specification is performed by the specific client. Will be performed. This makes it possible to grasp the different situation of each client, which was previously unrecognizable or difficult, in terms of reliability, based on the high-low evaluation, and based on the reliability evaluation based on the high-low evaluation, for each individual client, In addition, every time information is provided to each client, the information providing service can be implemented in a state where the provided information is protected by suppressing abuse such as unauthorized use without deteriorating the value of the information providing service.
[0025]
Here, the above-mentioned “when an information provision request is received” means that, when receiving login information of ID information such as a user ID and a password in order to receive information provision from a client, receiving a selection instruction of information to be provided. Or when the user accesses the providing server to receive the information regardless of whether the login information has been received. If the information to be provided is, for example, moving image data, the "quality of information" refers to the resolution, frame rate, compression rate, and the like, and the "type of information" refers to the presence or absence of encryption. "Whether or not to provide information" means whether to permit or deny the provision of information. "Whether or not to limit the information to be provided" means whether the information has a hierarchical structure or multiple items. If this is the case, it is up to which level or up to which item the provision is permitted, that is, whether restrictions are imposed. Note that these interpretations are the same for the inventions according to the other claims.
[0026]
Further, in the invention according to another service providing method, the following specific items are provided for a service providing method in which a providing server provides information to a client via a communication network. That is, when receiving the information provision request from the client, a procedure of transmitting an acquisition request command for acquiring environment information about the system environment of the specific client to the specific client that has requested information provision, and acquiring the environment information, The performance evaluation for the specific client is evaluated in a high-low grade by comparing the acquired environmental information with the evaluation criteria set in advance to determine the correspondence between the evaluation levels for the performance evaluation related to the function feasibility of realizing the provided information reproducing function. , A procedure for determining a service specification concerning quality and / or type to be provided for information requested to be provided by the specific client in accordance with the estimated high-low evaluation of the performance evaluation, and the determined service Providing information to the above specific clients based on specifications It was decided and a procedure for the row (claim 7).
[0027]
In the case of the invention according to claim 7, before the information is provided from the providing server to the client, the performance of the client is evaluated, and the information requested by the client is provided based on the performance evaluation based on the high-low evaluation. Although the content itself is the same, the quality and / or type of the information can be changed and provided. That is, if there is an information provision request from a client, a command is issued to request the acquisition of environmental information on the system environment of the client, and a performance evaluation is performed based on the acquired environment information by a high-low evaluation, and the result of the performance evaluation is performed. Service specifications relating to the quality and / or type of the information to be provided (for example, moving image data requested to be provided by the client) in accordance with the request, and the determined quality and / or type information is transmitted to the specific client. Provided. As a result, it is possible to provide information that can be reliably reproduced in terms of performance in an individual system environment that differs for each client.
[0028]
Further, in the invention according to another service providing method, the following specific items are provided for a service providing method in which a providing server provides information to a client via a communication network. That is, when receiving an information provision request from the client, a procedure of transmitting an acquisition request command for acquiring environment information about the system environment of the specific client to the specific client that has requested information provision and acquiring the environment information, The above-described identification is performed by comparing the acquired environmental information with the evaluation criteria set in advance, in which the correspondence relations of the evaluation levels with respect to the reliability evaluation regarding security and / or confidentiality and the performance evaluation regarding the function feasibility for realizing the function of the content are set. A request to provide from the specific client according to both the procedure of estimating the reliability evaluation and the performance evaluation of the client by the high-low evaluation, and the estimated low-high evaluation of the reliability evaluation and the high-low evaluation of the performance evaluation. Quality to provide for sensitive information And / or a procedure for determining a service specification regarding whether or not to provide information, or whether to limit the information to be provided, and to provide information to the specific client based on the determined service specification. And a procedure (claim 8).
[0029]
According to the eighth aspect of the present invention, information provision based on the service specification determined according to the reliability evaluation according to the sixth aspect of the invention and the service specification determined according to the performance evaluation according to the seventh aspect of the invention are provided. And information provision based on the information. In other words, it is possible to provide information in consideration of both the reliability evaluation based on the elevation table evaluation and the performance evaluation based on the elevation table evaluation.
[0030]
In this case, as a procedure for determining a service specification to be provided, the following is a concrete embodiment of the method. That is, as a first mode, a plurality of levels of service specifications classified according to the quality and / or type of content, whether to provide information, or whether to restrict information to be provided. The service specifications to be provided should be set in advance by associating the service specifications with the reliability evaluation and the performance evaluation, and by allowing the above service specifications to be acceptable for each of the high and low evaluations of the reliability evaluation and the high and low evaluations of the performance evaluation. As a procedure for determining the service evaluation, a service specification allowed in the high-low evaluation based on the high-low evaluation of the determined reliability evaluation is extracted from the correspondence, and the performance evaluation is determined from among the extracted service specifications. The highest service specification allowed in the resulting high-low evaluation is determined (claim 9). In this case, based on the reliability evaluation and the performance evaluation determined using the above-described correspondence set in advance, a range of service specifications to be provided first with priority given to the reliability evaluation result is determined. From among the service specifications within the range allowed by the reliability evaluation result, the highest service specification within the range allowed by the performance evaluation result is selected and set. In short, various service specifications are related by two factors, that is, high and low grades of reliability and performance. The service specification range set for each grade of reliability evaluation and the grade of high and low grade for performance evaluation are set. If the service specification range is associated with a partially overlapping relationship, the service specification range is first determined by reliability evaluation, and then the final service specification is determined by performance evaluation. is there. As a result, when deciding on service specifications for information to be provided to individual clients, while emphasizing reliability evaluation, the performance of the information provided by each client in terms of performance from within the service specification range that matches the reliability evaluation. It is possible to determine the best service specification that can realize the playback function.
[0031]
As a second aspect, a plurality of levels of service specifications are classified according to the quality and / or type of information, whether to provide information, or whether to restrict information to be provided. The service specifications to be provided should be set in advance by associating the service specifications with the reliability evaluation and the performance evaluation, and by allowing the service specifications to be provided for each of the high and low evaluations of the reliability evaluation and the high and low evaluations of the performance evaluation. As a procedure for determining the range, the range of service specifications allowed in the high-low evaluation based on the high-low evaluation of the determined performance evaluation is extracted from the correspondence, and the reliability evaluation is performed from among the extracted service specifications. The service specification on the highest side allowed in the high-low evaluation, which is the result of the determination, is determined (claim 10). In this case, on the basis of the reliability evaluation and the performance evaluation determined by using the above-mentioned correspondence set in advance, the service to be provided with priority given to the performance evaluation result, contrary to the first aspect. The range of the specification is determined, and then the highest service specification within the range permitted by the reliability evaluation result is determined from the service specification within the range permitted by the performance evaluation result. As a result, when deciding on service specifications for information to be provided to individual clients, each client is selected from within a service specification range that matches the performance evaluation while placing importance on the performance evaluation of the feasibility of the provided information reproduction function. It is possible to determine the best service specification that meets the reliability evaluation in.
[0032]
As a service providing system for implementing the above service providing method, there is a reliability evaluation or performance based on a high-to-low grade evaluation of the specific client in each providing server of the content distributor or each providing server of the information providing organization. The procedure for determining the evaluation may be performed including the procedure for determining the evaluation. However, the procedure for determining the reliability evaluation or the performance evaluation may be performed in an evaluation server different from the above-described providing servers, and may be executed between the providing servers. The system may be configured such that the result of authentication of the reliability evaluation or the performance evaluation by communication is provided to the providing server.
[0033]
The invention according to the first service providing system having such a configuration includes the following specific items. In other words, a providing server that provides information to a providing destination, one or more clients as the providing destination, and an evaluation server that authenticates a reliability evaluation regarding security and / or confidentiality for each of the clients by a high-low evaluation. Are connected to each other via a communication network so as to be able to transmit and receive each other, and each client is provided with environment information collecting means for collecting environment information about its own system environment, and an acquisition request for environment information from the providing server is provided. When receiving the command, the environment information collected by the environment information collecting means is transmitted to the providing server. Then, as the providing server, the quality and / or type of information to be provided to the corresponding client based on the authentication result by the evaluation server, whether or not to provide the information, or whether or not to limit the information to be provided Provided a service specification determining means for determining and determining a service specification related to, when receiving an information provision request from a client, transmitting the environment information acquisition request command to the client and receiving environment information from the client Then, an evaluation request command is transmitted to the evaluation server together with the environmental information, and information is provided to the client based on the service specification determined by the provided service specification determining unit based on the authentication result returned from the evaluation server. It is configured to execute. In addition, as the above-mentioned evaluation server, a correspondence relationship between what is assumed as each component constituting the system environment of the above-mentioned client and an evaluation level value indicating the level of security and / or confidence is preset for each component. The evaluation criteria database stored and stored, and the reliability evaluation of the corresponding client is verified by a high-low evaluation based on a comparison between the correspondence stored in the evaluation criteria database and the environment information received from the providing server. A reliability evaluation unit that performs an authentication process by the reliability evaluation unit when receiving an evaluation request command together with the environmental information from the providing server, and returns an authentication result to the providing server. (Claim 11).
[0034]
In the case of the invention according to claim 11, it is possible to provide a service providing system capable of reliably executing the service providing method according to claim 6, and the operation of the service providing method according to claim 6 can be provided. It is possible to obtain it reliably. Here, the "environmental information collecting means" may be configured to be one in which environmental information is collected by a process on software in response to the acquisition request command, or, for example, triggered by turning on a power supply. The collection of the environment information can be implemented by a chip that is automatically executed in advance. This point is the same in the following invention.
[0035]
Further, in the invention according to the second service providing system, the following specific items are provided. In other words, the performance evaluation relating to the providing server that provides information to the providing destination, one or more clients as the above-mentioned providing destination, and the function feasibility of realizing the provided information reproducing function for each of the above-mentioned clients is performed by high-low evaluation. The authentication server is connected to the evaluation server via a communication network so as to be able to transmit and receive each other, and each client is provided with environment information collecting means for collecting environment information about its own system environment, and an acquisition request from the providing server is provided. When receiving the command, the environment information collected by the environment information collecting means is transmitted to the providing server. The provision server includes provision service specification determining means for determining a service specification concerning quality and / or type of information to be provided to a corresponding client based on an authentication result by the evaluation server. When the provision request is received, the environment information acquisition request command is transmitted to the client, and when the environment information is received from the client, an evaluation request command is transmitted to the evaluation server together with the environment information, and returned from the evaluation server. Information is provided to the client based on the service specification determined by the provided service specification determining means based on the authentication result. In addition, as the above-mentioned evaluation server, a correspondence relationship between what is assumed as each component constituting the system environment of the above-mentioned client and an evaluation level value indicating the degree of the degree of the function feasibility is previously determined for each component. An evaluation criterion database that is set and stored, and a performance evaluation unit that authenticates a performance evaluation of a corresponding client as a high / low degree based on a comparison between the correspondence and the environment information stored in the evaluation criterion database. When an evaluation request command is received from the providing server together with the environment information, an authentication process by the performance evaluation unit is executed, and an authentication result is returned to the providing server.
[0036]
In the case of the twelfth aspect of the present invention, it is possible to provide a service providing system capable of reliably performing the above-described service providing method of the seventh aspect. It is possible to obtain it reliably.
[0037]
【The invention's effect】
As described above, according to the client evaluation method of the first aspect, the system environment of each client to which the content is to be distributed is determined based on the environment information indicating what components constitute the system environment. It is possible to evaluate the reliability of the possibility of leakage or abuse in a state where it is possible to evaluate whether it is in a state where it is possible or not. Can be identified and authenticated by high-low evaluation. Then, based on such reliability evaluation, service specifications for information to be provided are distinguished for each client, or information provision itself is refused, thereby making it possible to obtain information illegally due to unauthorized use of user ID information. The provided information can be protected by avoiding or suppressing the occurrence of abuse such as unauthorized use.
[0038]
According to the client evaluation method of the second aspect, it is possible to authenticate whether the reproduction function of the provided information is high or low for each client, that is, to authenticate the performance evaluation for each client by the high and low grade evaluation. By using such a performance evaluation, it is possible to accurately grasp what service specification information is provided to the client if the information reproduction function can be appropriately performed. It is possible to avoid the inconvenience of providing inappropriate quality and type of information based on the subjective selection of the user who operates a computer, and to appropriately evaluate each client based on objective performance evaluation. Quality or type of information.
[0039]
According to the client evaluation device of the third or fifth aspect, the client evaluation method of the first aspect can be automatically and reliably performed to reliably obtain the reliability evaluation by the high-low evaluation.
[0040]
According to the client evaluation device of the fourth or fifth aspect, the client evaluation method of the second aspect can be automatically and reliably performed to reliably obtain a performance evaluation based on a high-low evaluation.
[0041]
In particular, according to the fifth aspect, the client evaluation device according to the third or fourth aspect is used to individually receive an evaluation request from one or more providing servers and provide the information to the information providing destination. It is possible to realize an authentication service of providing a high-low evaluation of the reliability or performance of each client to each of the providing servers.
[0042]
According to the service providing method of the present invention, before providing information to the client from the providing server, the reliability of the client is evaluated. Service specifications to be provided, such as changing the quality and / or type of the information provided, or restricting to what level information provision is permitted, and providing information based on the determined service specifications It can be performed. With this, it is possible to grasp, by a high / low grade evaluation, a different situation of reliability, which was conventionally impossible or difficult for each client, based on the reliability assessment by the high / low grade evaluation, and for each individual client, and Each time information is provided to each client, the information providing service can be implemented in a state in which abuse such as unauthorized use is suppressed and provided information is protected without impairing the value of the information providing service.
[0043]
According to the service providing method of the present invention, before providing information from the providing server to the client, performance evaluation of the client is performed, and information requested to be provided by the client based on the performance evaluation based on the high-low evaluation. Can be provided with varying quality and / or type. This makes it possible to provide information that can be reliably reproduced in terms of performance in individual system environments different for each client.
[0044]
According to the service providing method of any one of claims 8 to 10, the reliability is evaluated by the high / low step table evaluation in the service providing method of claim 6, and the performance evaluation is performed by the high / low step evaluation in the service providing method of claim 7. Information provision can be realized in consideration of both.
[0045]
In particular, according to claim 9 or claim 10, in the service providing method of claim 8, a more specific method can be provided as a procedure for determining a service specification to be provided to each client. According to the ninth aspect, while emphasizing the reliability evaluation, the highest quality and / or the highest quality capable of realizing the function of reproducing the provided information in the performance of each client from within the service specification range corresponding to the reliability evaluation. Alternatively, a type of service specification can be determined. According to the tenth aspect, while emphasizing the performance evaluation of the feasibility of the provided information reproducing function, the highest service specification matching the reliability evaluation of each client is selected from the service specification range matching the performance evaluation. Can be determined.
[0046]
According to the service providing system of the eleventh aspect, it is possible to provide a service providing system capable of reliably executing the service providing method of the sixth aspect, and to reliably obtain the effect of the service providing method of the sixth aspect. be able to.
[0047]
According to the service providing system of the twelfth aspect, it is possible to provide a service providing system capable of reliably performing the service providing method of the seventh aspect, and to reliably obtain the effect of the service providing method of the seventh aspect. be able to.
[0048]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[0049]
FIG. 1 shows a service providing system according to an embodiment of the present invention. Reference numerals 2, 2,... Denote clients that receive content (eg, moving image data) as information, and reference numeral 3 denotes a distribution server as a providing server that distributes content. Numeral 4 denotes an evaluation server which receives an evaluation request command from the distribution server 3 and authenticates the reliability and performance of each client 2 by a high-low evaluation. , The distribution server 3 and the evaluation server 4 are communicably connected to each other via a communication network (for example, the Internet or a network such as a LAN). The content distribution executed by the service providing system constitutes an embodiment of a service providing method, the evaluation server 4 constitutes an embodiment of a client evaluation device, and the evaluation processing executed by the evaluation server 4 is executed by a client. An embodiment according to an evaluation method is configured. That is, the present embodiment is directed to an information providing service provided by distributing content such as moving image data, still image data, or music data as information from the distribution server 3 to each of the clients 2, 2,. .
[0050]
Each client 2 transmits and receives via a central processing unit (CPU) 21, an input unit 22 such as a memory, a keyboard and a mouse, a display unit 23 such as a CRT or a TFT monitor, an internal storage device 24 such as a hard disk, and a communication network 5. And a transmission / reception unit 25 for collecting the environment information of each component constituting the system environment of each client 2. The environment information collecting unit 26 is configured by an API (Application Programming Interface) constituting a part of the OS. If the OS is, for example, Windows (trade name of Microsoft Corporation), the environment information collecting unit 26 may be part of Windows (trade name of Microsoft Corporation). ) An API is provided, and this Windows (trade name) API is used as the environment information collection unit 26. Then, at the discretion of the individual user operating the client 2, each of the clients 2, the external storage device 27 such as an external hard disk or a large-capacity writing device (for example, a CD-RW), and various devices (for example, fingerprints) An authentication device or the like 28 is selectively connected to constitute a part of the system environment. The internal storage device 24 stores programs for realizing various functions such as a browser application in addition to the OS.
[0051]
The distribution server 3 includes a central processing unit (CPU) 31, a memory, an input unit 32 such as a keyboard and a mouse, a display unit 33 such as a CRT or a TFT monitor, and a transmission / reception unit 34 for transmitting and receiving via the communication network 5. In addition to the above, an environment information storage unit 35 for storing and updating environment information transmitted from each client 2, an evaluation result storage unit 36 for storing and updating evaluation results returned from an evaluation server 4 described later, Provided content determining unit 37 as provided service specification determining means for determining and determining the service specification (quality and / or type) of the content to be provided to the corresponding client 2 based on the information, and various DBs (databases) 38. ing. As the DB 38, a user information DB (database) 381 that stores ID information for identifying a user such as a user ID and a password of each client 2 is provided in association with reliability evaluation and performance evaluation as described later. It is composed of various types of DBs such as a service level DB 382 that stores and stores correspondences that define service specifications of contents, and a content DB 383 that stores and stores original data of various contents to be provided.
[0052]
The evaluation server 4 includes a central processing unit (CPU) 41, an input unit 42 such as a memory, a keyboard and a mouse, a display unit 43 such as a CRT or a TFT monitor, and a transmission / reception unit 44 for transmitting and receiving via the communication network 5. And a performance evaluation means including an evaluation criterion DB 45 for performing reliability evaluation and performance evaluation based on environmental information of each client 2, an index processing unit, an integration processing unit, and an authentication processing unit. And a reliability evaluation unit 47 similarly as a reliability evaluation unit including an index processing unit, an integration processing unit, and an authentication processing unit.
[0053]
Next, the flow of processing from when any specific client (hereinafter, referred to as “specific client”) 2 accesses the distribution server 3 and finally when the predetermined content is distributed from the distribution server 3 to the specific client 2 Will be described with reference to FIG. The dotted arrows shown in FIG. 2 indicate transmission or reception communication performed via each of the transmission / reception units 25, 34, and 44 and the communication network 5.
[0054]
In the specific client 2, first, when the distribution server 3 is accessed and the user inputs login information such as a user ID and a password by the input unit 22, the login information is accepted (step S 1), and the login information is transmitted to the distribution server 3. (Step S2).
[0055]
Next, when the acquisition request command transmitted from the distribution server 3 is received, the environment information collecting unit 26 is activated to collect the current environment information on the system environment of the specific client 2 (step S3), and the collected environment The information is transmitted to the distribution server 3 (Step S4). The details of the above environment information will be described later.
[0056]
Then, the content data transmitted from the distribution server 3 is received (step S5), and the content data is reproduced and displayed on the display unit 23 (step S6).
[0057]
When the distribution server 3 receives the login information transmitted from the specific client 2 in step S2 (step S11), the distribution server 3 checks the login information against the contents stored in the user information DB 381 to confirm that they match. After the user is authenticated (step S12), an environmental information acquisition request command is transmitted to the specific client 2 (step S13). When the environment information collected from the specific client 2 is received by the transmission in step S4 (step S14), the environment information is stored in the environment information storage unit 35 as the current environment information of the specific client 2, while the environment information is stored. It is transmitted to the evaluation server 4 together with the evaluation request command (step S15).
[0058]
Next, when the evaluation result (authentication result) of the reliability evaluation and the performance evaluation transmitted from the evaluation server 4 is received (step S16), the evaluation result is stored as an evaluation result storage unit for the specific client 2 this time. The storage contents are stored in the provided contents determination unit 37 based on the evaluation result and the contents stored in the service level DB 382 (step S17). The details of the provided content determination will be described later.
[0059]
Then, based on the service specification (quality and / or type) determined and determined by the provided content determination, the original data of the content stored in the content DB 383 is converted to generate content data to be provided (step S18). ), And transmits the generated content data to the specific client 2 (step S19). The details of the service specification will be described later.
[0060]
On the other hand, when the evaluation server 4 receives the environment information together with the evaluation request command transmitted from the distribution server 3 in step S15 (step S21), the performance evaluation is performed based on the environment information and the contents stored in the evaluation criterion DB 45. The performance evaluation judgment (Step S22) by the unit 46 and the reliability evaluation judgment (Step S23) by the reliability evaluation unit 47 are executed, and both evaluation results are transmitted (replyed) to the distribution server 3 (Step S24).
[0061]
The transmission of the environment information from the specific client 21 to the distribution server 3 and from the distribution server 3 to the evaluation server 4 may be performed by encryption (for example, hashing). In this case, information on the correspondence between each component and its content and the hash value representing them is stored and set in advance in the distribution server 3 and the evaluation server 4, and based on this correspondence, each component is The information may be recognized and an evaluation described in detail below may be performed.
[0062]
Next, the detailed contents of each of the above processes will be described. The environment information collected in step S3 is, for example, the components constituting the system environment of the specific client 2 as shown in the column of “authentication factor” in FIG. Information about an element. Specifically, the environment information includes the type of CPU and its clock frequency, the memory capacity, the type of OS and its revision, the MAC (Media Access Control) address vendor code, the MBR (Master Boot Record), and the type of graphic chip. Model number and its operation clock, hard disk capacity of internal storage device 24 and its access speed, type and version of browser application, type and version of virus check application, CD-R, CD-RW, DVD-R, DVD-RW , DVD-RAM, etc., whether or not a large capacity writing device is connected, an authentication device using an IC card, and an authentication device such as an authentication device (biometrics device) using a fingerprint or an iris are connected. Including.
[0063]
The correspondence between the content of each component included in such environmental information, the evaluation level value in performance evaluation and the evaluation level value in reliability evaluation corresponding to the content is set in advance, and this is stored and stored. Is the evaluation criterion DB45. Such evaluation level values for performance evaluation and reliability evaluation are set according to the following criteria. As the evaluation level value in the performance evaluation, the higher the function feasibility that can realize the content reproduction function, that is, the higher the point is set, the higher the function environment that can reproduce or display high-quality content is set. Also, as the evaluation level value in the reliability evaluation, the higher the security, the higher the point is set, but the higher the possibility of being against the confidence, that is, the lower the point in an environment where the degree of abuse is possible, the lower the point. Is set.
[0064]
For example, FIG. 3 shows an example of a criterion for setting an evaluation level value (evaluation criterion) when the content is moving image data. The individual components (authentication factors) will be described. For the CPU type and its clock frequency, the higher the grade of the CPU, the higher the evaluation level value in the performance evaluation, and the higher the clock frequency, the higher the evaluation level. I have. For example, Intel (trademark) manufactured by Intel (trademark) has Pentium (trademark) rather than Celeron (trademark), Pentium (trademark) has a III higher than Pentium (trademark) II, and Pentium (trademark) III Also set a higher evaluation level value for each IV. In addition, if the clock frequency is high even for a low-grade CPU, the evaluation level value is set higher than that for a high-grade CPU with a low clock frequency. Specifically, a specific numerical evaluation level value is set for each of various combinations of the CPU grade and the clock frequency. On the other hand, the evaluation level value on the reliability evaluation sets a higher point as the release time for each type of CPU and each clock frequency is newer. The reason for this is that the newer the release date, the more likely it is that the security features have been enhanced.
[0065]
As for the memory capacity, the higher the memory capacity, the higher the evaluation level value in the performance evaluation is set, and in the reliability evaluation, the set memory capacity set as the standard memory for personal use (for example, 256 MB at the time of release in the spring of 2003). In the case of exceeding, the evaluation level value is set lower as the excess is larger. The larger the memory capacity, the faster the processing becomes possible and the higher the performance becomes. On the other hand, when the specific client 2 has an unnecessarily large memory capacity in spite of the fact that it is originally for personal use, the This is because the specific client 2 can be determined to have an environment where it can be used for technically advanced uses, that is, an environment where it can be misused.
[0066]
As for the type of OS and its revision, the higher the image display speed or the execution speed of the program, the higher the evaluation level value in the performance evaluation, and the higher the revision release time, the higher the evaluation level value. are doing. On the other hand, in the reliability evaluation, a higher evaluation level value is set if the OS type is professional use, and a lower evaluation level value is set if the OS type is personal use. The level value is set high. The higher the image display speed and the like, the higher the performance in the reproduction of moving image data and the higher the performance. Therefore, the higher the image display speed, the higher the performance evaluation. "XP Professional" (trademark of Microsoft Corporation) has a higher security function than personal use (for example, "Windows Me" (trademark of Microsoft Corporation) or "Windows XP Home Edition" (trademark of Microsoft Corporation). It is highly likely that the security hole has been improved if it is new, so it can be highly evaluated in terms of reliability evaluation. For the above-described image display speed, program execution speed, graphic chip display speed, or processing speed of a browser application or a virus check application described later, a benchmark test is performed for all combinations in advance, and the test results are obtained. Is stored in the evaluation criterion DB 45.
[0067]
The MAC address vendor code is not considered for performance evaluation, and the reliability evaluation is based on the manufacturer name specified by the preceding 3 byte vendor code in the 6-byte data for reliability evaluation. Some manufacturers set a low evaluation level value. Information about the maker in which such a defect is reported is stored and set in the evaluation criterion DB 45 in advance.
[0068]
The MBR is used as confirmation information for confirming the type of the OS and the release time thereof without being evaluated in performance evaluation and reliability evaluation.
[0069]
Regarding the type and model number of the graphic chip and its operation clock, the higher the display speed, the higher the performance level in performance evaluation, so the higher the evaluation level, the higher the evaluation level. Those having special functions such as, etc. are set to a low evaluation level value because unauthorized copying is possible. Whether or not it has such a special function is stored in advance in the evaluation criterion DB 45 by comparing data specified by associating with the model number of the graphic chip (model number indicating a predetermined maker).
[0070]
Regarding the capacity of the hard disk of the internal storage device 24 and the access speed thereof, a higher evaluation level value is set for a larger capacity in the performance evaluation and a higher function as the access speed is higher. On the other hand, in terms of reliability evaluation, when the hard disk capacity and the access speed exceed standard setting values for personal use, a low evaluation level value is set. The reason is the same as described for the case of the memory capacity.
[0071]
Regarding the type and version of the browser application, a higher evaluation level value is set because the higher the processing speed is, the higher the performance level is in terms of performance evaluation, while the browser application is known for reliability evaluation (for example, “Internet”). In the case of "Explore" (trade name of Microsoft Corporation) or "Netscape Communicator" (trademark of Netscape), a high evaluation level value is set, and when it is not well known, a low evaluation level value is set. This reason is also based on whether it is personal use or not. In addition, in the reliability evaluation, a higher evaluation level value is set because it can be determined that a newer version has higher security.
[0072]
Regarding the type and version of the virus check application, and the version of the virus pattern file (virus definition file), the higher the processing speed, the higher the performance level. In terms of reliability evaluation, a higher evaluation level value is set for each newer version. This is because the possibility of information leakage or the like caused by a virus is reduced.
[0073]
Regarding the presence / absence of the connection of the large capacity writing device, a higher evaluation level value is set if the connection is made in performance evaluation, and a higher evaluation level value is set as the writing capacity is larger. Conversely, a lower evaluation level value is set for reliability evaluation if connected, and a lower evaluation level value is set for a larger write capacity. This means that if connected, it is unclear whether or not there is any intention of abuse, but it is determined that the environment is such that contents such as moving image data provided from the distribution server 3 can be copied and used illegally. Because you get.
[0074]
Regarding the presence or absence of the connection of the authentication device, the evaluation level value is set high because the security function is high if the device is connected on the reliability evaluation without being evaluated in the performance evaluation. At this time, a higher evaluation level value is set for an authentication device using a fingerprint or an iris than for an authentication device using an IC card. That is, the function of preventing improper access by so-called spoofing is higher when the connection is established than when the connection is not made, and the spoofing becomes more difficult depending on the type of the authentication device.
[0075]
The performance evaluation unit 46 and the reliability evaluation unit 47 respectively include the environmental information in the performance evaluation unit 46 and the reliability evaluation unit 47 based on the correspondence relationship between each component described above and the evaluation level value in the performance evaluation and the evaluation level value in the reliability evaluation. The evaluation level value for each component is determined by the determination processing unit, and the determined evaluation level values are integrated by the integration processing unit, and the authentication processing unit performs high-low evaluation according to the magnitude of the integrated evaluation level value. Certify each of the performance evaluation and the reliability evaluation. It should be noted that the evaluation level values set for the respective constituent elements are given different weights in performance evaluation and reliability evaluation. For example, in terms of performance evaluation, the CPU type and clock frequency are ranked first, the memory capacity and graphic chip type and operating clock are ranked second, and the OS type, revision, and hard disk capacity are ranked third. Are ranked from severe to mild. In terms of reliability evaluation, the type and revision of the OS are ranked first, the types and versions of the browser application and virus check application are ranked second, and the presence or absence of a large-capacity writing device or authentication device is ranked third. There is a ranking from heavy to light, such as rank.
[0076]
The provided content determination performed by the provided content determination unit 37 that is executed in response to the authentication information of the performance evaluation and the reliability evaluation based on the above-described high-low evaluation is performed using the following service level DB 382. That is, when the content is moving image data as the type of service specification, “quality” is classified by frame rate (eg, four frame rates of 7, 10, 15, 30) and resolution (eg, 160 × 120 dots). , 320 × 240 dots, 640 × 480 dots, 800 × 600 dots, and 1024 × 768 dots in five levels of resolution) and compression ratios (for example, a predetermined number of levels in the range of 1 to 100%). Are prepared separately from low-specification services, and whether to encrypt content data to be distributed as “type” is prepared. The above-mentioned high-specification service cannot be realized (reproduced) unless the function has a high-performance function. Therefore, the service is selected and set as a target to be provided to the client 2 with a high grade evaluation (large integrated value of the evaluation level value) in the performance evaluation. In addition, since the content has a high protection value, the content is selected and set as a target to be provided to the client 2 with a high-level evaluation (large integrated evaluation level value) in the reliability evaluation. In addition, since unencrypted content data can be easily diverted, it is selected and set as a target to be provided to the client 2 with a high evaluation in reliability evaluation, and it is difficult to divert encrypted content data. Therefore, it is selected and set as a target to be provided to the client 2 with a low grade evaluation in the reliability evaluation.
[0077]
For example, in FIG. 4, moving image data (contents) divided into six types of service specifications are divided and set in a rectangular coordinate system in which reliability evaluation is set on the horizontal axis and performance evaluation is set on the vertical axis, and reliability evaluation and performance are set. The example which linked | related with evaluation is shown. In this case, high-definition video data that is not encrypted in the rectangular area of the high-performance evaluation in the high-reliability evaluation, medium-resolution video data that is not encrypted in the rectangular area of the medium-performance evaluation in the high-reliability evaluation, The low-definition video data that is not encrypted in the rectangular area of the high-performance evaluation and the low-performance evaluation, and the high-definition video data that is encrypted in the rectangular area of the high-performance evaluation in the low-reliability evaluation are used in the low-reliability evaluation. Medium-resolution moving image data encrypted in a rectangular area for medium performance evaluation is set, and encrypted low-definition moving image data is set in a rectangular area for low performance evaluation in low reliability evaluation. In other words, service specifications are divided according to the combination of resolution as quality and the presence or absence of encryption as a type, and encryption is performed if reliability evaluation is high, encryption is performed if reliability evaluation is low, and high definition is performed if performance evaluation is high. If the resolution is medium, the resolution is set to medium, and if the resolution is low, the resolution is set to low. The reason is that high-definition video data with a large number of pixels requires high performance for its reproduction, so it is set in an area with high performance evaluation. The distribution is set in an area with low reliability evaluation because it is difficult for the client 2 to reuse the distribution.
[0078]
The correspondence between the reliability evaluation and the performance evaluation stored and set in the service level DB 382 and the service specification associated with both of these evaluations is such that the reliability evaluation and the performance evaluation as shown in FIG. It is defined by setting an area in a rectangular coordinate system as an axis. That is, a region defined by a certain reliability evaluation range (for example, an evaluation level value range integrated for reliability evaluation) and a performance evaluation range (for example, an evaluation level value range integrated for performance evaluation) has The range of service specifications (service specifications within the available range) that are allowed for the client 2 in the range of the performance evaluation and the range of the performance evaluation are set. Such service specification areas are set in the rectangular coordinate system by the number of service specification types.
[0079]
Then, as shown in FIG. 6, an example of the provided content determination by the provided content determination unit 37, the reliability evaluation value (the integrated evaluation level value) for the reliability evaluation is used as the authentication information transmitted from the evaluation server 4 to the distribution server 3. ) Is x1 and the performance evaluation value (integrated evaluation level value) for the performance evaluation is y1, the content of the service specification (the B service in FIG. 6) set in the area to which the intersection (x1, y1) belongs. The content is selected and set (determined) as provided content.
[0080]
On the other hand, areas of a plurality of service specifications having different contents partially overlap each other, and an intersection of a reliability evaluation value and a performance evaluation value may be located in the above-described overlapping area, and a plurality of service specifications may be applicable. . In this case, it is also possible to prioritize or prioritize the reliability evaluation in the orthogonal coordinate system, and conversely, perform selection setting (determination) of the provided content with priority or emphasis on the performance evaluation. For example, as shown in FIG. 7, when the reliability evaluation value is x2 and the performance evaluation value is y2, the intersection (x2, y2) corresponds to two service specifications (A service and B service in FIG. 7). . In this case, the contents of both service specifications may be selected as the provision target, or one of the service specifications may be selected. When one of the service specifications is selected, if the service B is selected by giving priority to the reliability evaluation, a margin in performance evaluation, that is, a margin in performance can be obtained. If the service A is selected with priority given to, a margin in the reliability evaluation can be obtained. In other words, if a margin in performance is desired, the B service is selected and set with priority on reliability evaluation, and if a margin in reliability is desired, the A service is selected and set with priority on performance evaluation. In such a case, the selection setting policy can be determined according to the circumstances of the distributor operating the distribution server 3 or the situation of each client 2 and set in the provided content determination unit 37.
[0081]
As a selection setting policy in the case of the example of FIG. 7 described above, a service specification is selected with priority given to reliability evaluation, and a higher service level permitted in performance evaluation is selected from the range of the selected service specification. Setting service specifications can also be adopted. For example, if the service specification is selected with priority given to the reliability evaluation value x2, there are two services, service A and service B. If the service specification with the higher performance evaluation value y2 belongs is selected from the two, the service A is selected. Will be set. As a result, moving image data of higher image quality is distributed to the client 2 while satisfying the reliability evaluation.
[0082]
In the case of the above-described embodiment, in the related art, only high-quality contents such as high-quality moving image data are uniformly distributed to the client by the user authentication of YES or NO. In some cases, the content distributor may suffer painful damages, but in the present embodiment, it is possible to obtain the reliability evaluation of each client and grasp the reliability evaluation by a high-low evaluation. Based on this reliability evaluation, the quality and / or type of the provided content can be individually changed to prevent the occurrence of unauthorized use and the like in advance.
[0083]
In addition, since it is possible to obtain a performance evaluation based on a high-low evaluation, it is necessary to grasp the performance of each client 2 and provide each client 2 with appropriate quality and / or type of content that can be reproduced and displayed according to the performance. Thus, it is possible to avoid occurrence of a failure in reproduction or display on the client 2 side due to an incompatibility between the performance of the client 2 side and the quality of the provided content.
[0084]
<Other embodiments>
Note that the present invention is not limited to the above-described embodiment, but includes various other embodiments. That is, in the above embodiment, FIG. 1 illustrates one distribution server 3 of a certain content distribution company and clients 2, 2,... However, the present invention is not limited to this, and one or more other distribution servers (not shown) of the above-mentioned content distributors and one or more other distribution servers (not shown) of the other content distributors may communicate with the communication network. The authentication information about the reliability evaluation and the performance evaluation may be obtained by being connected and communicating with the evaluation server 4. Thus, one evaluation server 4 can provide authentication information for reliability evaluation and performance evaluation to a plurality of distribution servers.
[0085]
In the above-described embodiment, the environment information collecting unit 26 is configured by the API. However, the present invention is not limited to this. For example, an environment information collecting chip mounted in each client 2 in advance as the environment information collecting unit 26 is replaced with the API. Alternatively, it may be used together with the API. In the case where the environment information collection 26 is composed of the API and the chip, the environment information is collected and stored in the chip when the power of the specific client 2 is turned on, as shown as S0 (step S0) in FIG. On the other hand, in response to the acquisition request command from the distribution server 3, environment information is collected by the API in step S3, and the environment information collected by both the chip and the API is transmitted to the distribution server 3 in step S4. become. In this case, since the large-capacity writing device or the like may be connected to the specific client 2 after the power is turned on and activated, the latest environment information is adopted or the environment information collected by the chip is used. , An environment information obtained by adding the difference of the environment information collected by the API may be used.
[0086]
As the authentication factor (see FIG. 3) in the above embodiment, in addition to a browser application and a virus check application, installation of an application such as a moving image editing program or a copy (writing) program to a large-capacity writing device such as a DVD. May be employed. If these applications are installed, unauthorized copying of the moving image data as the provided information is possible, so that the evaluation level value for the reliability evaluation is set lower.
[0087]
In the above embodiment, after receiving the login information from the specific client 2 (step S11) and performing user authentication based on the information (step S12), the acquisition request command to the specific client 2 is transmitted (step S13). The present invention is not limited to this. If the distribution server 3 does not require prior user registration and allows the client 2 to access the distribution homepage and select the content desired to be distributed, the above-described access or content Any of the selections may be regarded as a provision request command, and the above acquisition request command may be transmitted to the client 2. In this case, steps S1 and S2 and steps S11 and S12 in FIG. 2 are omitted.
[0088]
In the above-described embodiment, the distribution server 3 has been described as a providing server, and the distribution service of the content of the distribution server 3 to each client 2 has been described as an object of the information providing service. However, the present invention is not limited to this, and information other than the content is provided. The present invention may be applied to an information providing service to be performed. For example, the present invention may be applied to an information providing service in which personal information of a basic resident register or resident's card data is provided to a client such as a resident through a communication network from a providing server installed in a local government. Good. In this case, the same reliability evaluation as described in the above-described embodiment is authenticated for each client by the high-low evaluation, and the provision level (providing stage) of the personal information is limited according to the authentication result. Alternatively, a service specification regarding whether to refuse the provision of the resident card data may be determined.
[0089]
For example, for the information of the name, gender, date of birth, and address constituting the personal information, the information is ranked and set in ascending order of importance, from name to gender, date of birth, and address. Even if the Basic Resident Register code is transmitted from the client to the providing server, if the authentication result of the client's reliability evaluation is, for example, an evaluation at a low stage, only the name or gender is added to the name. Service specifications such as providing only personal information such as name, gender, date of birth and address only when the reliability evaluation is a grading evaluation in the highest range decide. Alternatively, if the authentication result of the client's reliability evaluation is an evaluation in a predetermined low-level range, the provision of resident's card data is refused, while the resident's card is only evaluated if the evaluation is in a predetermined high-level range. Determine service specifications to allow the provision of data. As described above, the information providing service for the personal information can be implemented while the personal information and the like are securely protected.
[Brief description of the drawings]
FIG. 1 is a schematic diagram showing an embodiment according to a service providing system of the present invention.
FIG. 2 is a flowchart showing each processing in a specific client, a distribution server, and an evaluation server and mutual communication.
FIG. 3 is a table showing a relationship between each component constituting a system environment and each evaluation criterion of reliability and performance.
FIG. 4 is a diagram showing an example in which a service specification is set as an area in an orthogonal coordinate system having two orthogonal axes for reliability evaluation and performance evaluation.
FIG. 5 is a diagram for explaining the correspondence between reliability evaluation and performance evaluation and service specification areas.
FIG. 6 is a diagram for explaining a method of selectively setting service specifications based on the results of both reliability evaluation and performance evaluation.
FIG. 7 is a diagram illustrating a case where the results of both the reliability evaluation and the performance evaluation match two service specifications that overlap each other.
[Explanation of symbols]
2 Client
3 distribution server (providing server)
4 Evaluation server (client evaluation device)
5 Communication network
26 Environmental information collecting unit (Environmental information collecting means)
37 Provided content determination unit (provided service specification determination unit)
44 Transceiver (Transceiver)
45 Evaluation Standard DB (Evaluation Standard Database)
46 Performance Evaluation Unit (Performance Evaluation Means)
47 Reliability Evaluation Unit (Reliability Evaluation Means)

Claims (12)

To be used as criteria for determining the quality and / or type of information provided to a client via a communication network, whether or not to provide information, or whether to limit the information to be provided, or to determine service specifications. A client evaluation method for authenticating the reliability evaluation of the client,
An evaluation criterion database in which a correspondence relationship between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating the level of security and / or confidence is preset for each component and stored. Have prepared,
When receiving environment information about a specific system environment of an individual client, calculating an evaluation level value for each component by comparing the storage content of the evaluation criterion database for each component included in the environment information, Through the procedure of integrating the calculated evaluation level values for each of the constituent elements, and as the reliability evaluation for the individual client, the authentication is performed by the high / low level evaluation of the reliability according to the size of the integrated evaluation level value. A client evaluation method. A client evaluation method for authenticating the performance evaluation of the client for use as a criterion for determining a service specification regarding quality and / or type of information provided to the client via a communication network,
A correspondence relationship between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating the level of function feasibility of realizing the provided information reproducing function is set in advance for each component. Prepare an evaluation criteria database
When receiving environment information about a specific system environment of an individual client, calculating an evaluation level value for each component by comparing the storage content of the evaluation criterion database for each component included in the environment information; Through the procedure of integrating the calculated evaluation level values for each of the constituent elements, as the performance evaluation of the individual client, by performing the high-to-low level evaluation of the performance according to the magnitude of the integrated evaluation level value. A client evaluation method. Receives environmental information about the system environment of the client to which the information is provided via the communication network, and determines the quality and / or type of the information to be provided, whether or not to provide the information, or the information to be provided. A client evaluation device that authenticates the reliability evaluation of the client, which is used as a criterion for determining a service specification of whether to add a restriction,
An evaluation criterion in which a correspondence relationship between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating the level of security and / or confidence is preset and stored for each component. Database and
A reliability evaluation unit that authenticates a reliability evaluation of each client based on the environmental information,
The reliability evaluation means includes: an index processing unit for calculating an evaluation level value for each component by comparing the content of the evaluation standard database for each component included in the environment information; An integration processing unit that integrates the evaluation level values for each of the components, and a reliability evaluation for each of the above-described individual clients based on a high / low level evaluation of reliability according to the magnitude of the evaluation level value integrated by the integration processing unit. A client evaluation device, comprising: an authentication processing unit for performing authentication. Receiving the environment information about the system environment of the client to which the information is to be provided via the communication network, and using the information as a criterion for determining service specifications relating to the quality and / or type of the information to be provided; A client evaluation device for authenticating a client performance evaluation,
Correspondence between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating whether the function feasibility of realizing the provided information reproducing function is high or low is preset for each component. An evaluation criteria database stored and stored
A performance evaluation unit that authenticates a performance evaluation of each client based on the environment information,
The performance evaluation means includes an index processing unit for calculating an evaluation level value for each component by comparing the content of the evaluation standard database for each component included in the environmental information, and an index processing unit for determining an evaluation level value for each component. An integration processing unit that integrates the evaluation level value of each of the constituent elements, and an authentication that authenticates the performance evaluation of the individual client by performing a high / low grade evaluation of the performance according to the magnitude of the evaluation level value integrated by the integration processing unit. A client evaluation device comprising: a processing unit. The client evaluation device according to claim 3 or 4, wherein:
Further comprising a transmitting / receiving means for transmitting / receiving information via the communication network,
A client evaluation device configured to receive the environment information via the transmission / reception unit and transmit an authentication result via the transmission / reception unit to a providing server which provides information to the client. In a service providing method for providing information to a client via a communication network by a providing server,
When receiving an information provision request from the client, a procedure for transmitting an acquisition request command to acquire environment information about the system environment of the specific client to the specific client that has requested information provision, and acquiring the environment information,
A procedure of determining the reliability evaluation of the specific client by a high-low evaluation based on a comparison between the acquired environmental information and an evaluation criterion in which a correspondence relationship between an evaluation level for security and / or confidence reliability evaluation is set in advance. When,
The quality and / or type of the information requested by the specific client to be provided according to the determined high / low evaluation of the reliability evaluation, whether or not to provide the information, or whether to limit the information to be provided Procedures for determining service specifications for
A step of providing information to the specific client based on the determined service specification. In a service providing method for providing information to a client via a communication network by a providing server,
When receiving an information provision request from the client, a procedure for transmitting an acquisition request command to acquire environment information about the system environment of the specific client to the specific client that has requested information provision, and acquiring the environment information,
The performance evaluation for the specific client is evaluated in a high-to-low evaluation by comparing the acquired environment information with the evaluation criterion in which the correspondence between the evaluation levels for the performance evaluations related to the function feasibility of realizing the provided information reproduction function is set in advance. A procedure for determining
A procedure for determining a service specification relating to quality and / or type to be provided for information requested to be distributed from the specific client in accordance with the determined high-level evaluation of the performance evaluation;
A step of providing information to the specific client based on the determined service specification. In a service providing method for providing information to a client via a communication network by a providing server,
When receiving an information provision request from the client, a procedure for transmitting an acquisition request command to acquire environment information about the system environment of the specific client to the specific client that has requested information provision, and acquiring the environment information,
By comparing the acquired environmental information with the evaluation criterion in which the correspondence relationship between the evaluation level for each of the reliability evaluation related to security and / or confidence and the performance evaluation related to the function feasibility of realizing the provided information reproducing function is set in advance. A procedure of determining the reliability evaluation and the performance evaluation of the specific client by high-level evaluation and low-level evaluation, respectively;
The quality and / or type to be provided for the information requested to be provided by the specific client in accordance with both the determined high / low evaluation of the reliability evaluation and the high / low evaluation of the performance evaluation, or whether to provide the information, or , A process for determining service specifications regarding whether to limit the information provided,
A step of providing information to the specific client based on the determined service specification. 9. The service providing method according to claim 8, wherein
Multi-level service specifications categorized according to the quality and / or type of information, whether to provide information, or whether to limit the information to be provided, for both reliability evaluation and performance evaluation In advance, the correspondence of the above-mentioned service specifications that is acceptable for each of the high and low grade evaluations of the reliability evaluation and the high and low grade evaluation of the performance evaluation in association with
As a procedure for determining a service specification to be provided, a service specification allowed in the high-low evaluation based on the high-low evaluation of the determined reliability evaluation is extracted from the correspondence relationship, and from among the extracted service specifications, A service providing method for determining the highest service specification that is allowed in the high-low evaluation, which is the result of the performance evaluation. 9. The service providing method according to claim 8, wherein
Multi-level service specifications categorized according to the quality and / or type of information, whether to provide information, or whether to limit the information to be provided, for both reliability evaluation and performance evaluation In advance, the correspondence relation of the service specifications allowed for each of the high and low grade evaluations of the reliability evaluation and the high and low grade evaluation of the performance evaluation in association with
As a procedure for determining a service specification to be provided, a service specification allowed in the high-low evaluation based on the high-low evaluation of the determined performance evaluation is extracted from the correspondence relationship, and the service specification is extracted from among the extracted service specifications. A service providing method for determining the highest service specification allowed in a high-low evaluation, which is an estimation result of reliability evaluation. A providing server that provides information to a providing destination, one or more clients as the providing destination, and an evaluation server that authenticates a reliability evaluation regarding security and / or confidentiality for each of the clients by a high / low evaluation. Are connected to each other via a network so that they can transmit and receive
Each of the clients includes an environment information collecting unit that collects environment information about its own system environment. When the client receives an acquisition request command for environment information from the providing server, the client performs the collection process by the environment information collecting unit. Configured to transmit environment information to the providing server,
The providing server is a service related to the quality and / or type of information to be provided to a corresponding client based on the authentication result by the evaluation server, whether or not to provide information, or whether to limit the information to be provided. A service service specification determining means for determining and determining specifications is provided. When an information provision request is received from a client, the environment information acquisition request command is transmitted to the client, and when environment information is received from the client, the environment information is transmitted. And transmitting an evaluation request command to the evaluation server, and providing information to the client based on the service specification determined by the provided service specification determining means based on the authentication result returned from the evaluation server. And
In the evaluation server, a correspondence relationship between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating the level of security and / or confidence is preset and stored for each component. A reliability for authenticating a reliability evaluation of a corresponding client by a high-low evaluation based on a comparison between the stored evaluation criterion database and the correspondence stored in the evaluation criterion database and the environmental information received from the providing server. Evaluation means, and when the evaluation request command is received from the providing server together with the environment information, the authentication processing is executed by the reliability evaluation means and an authentication result is returned to the providing server. And service providing system. A performance server for providing information to a provider, one or more clients as the provider, and a performance evaluation related to a function feasibility of realizing a function of reproducing the provided information for each of the clients are authenticated by a high-low evaluation. The evaluation server and the evaluation server are connected via a communication network so as to be able to transmit and receive each other,
Each of the clients has environment information collecting means for collecting environment information about its own system environment, and when the client receives an acquisition request command for environment information from the providing server, the environment is collected by the environment information collecting means. Configured to send information to the providing server,
The providing server includes a provided service specification determining unit configured to determine and determine a service specification related to the quality and / or type of information provided to a corresponding client based on an authentication result by the evaluation server. When receiving the environment information, the client transmits the environment information acquisition request command to the client, and when receiving the environment information from the client, transmits an evaluation request command to the evaluation server together with the environment information. Configured to execute information provision to the client based on a service specification determined by the provided service specification determination unit based on a result,
In the evaluation server, a correspondence relationship between what is assumed as each component configuring the system environment of the client and an evaluation level value indicating whether the function feasibility is high or low is set in advance for each component. An evaluation criterion database that is stored and stored, and a performance evaluation unit that authenticates a performance evaluation of a corresponding client based on a comparison between the correspondence and the environmental information stored in the evaluation criterion database by a high-low evaluation, A service providing system configured to execute an authentication process by the performance evaluation means when receiving an evaluation request command together with the environment information from a providing server, and return an authentication result to the providing server.

Images