JP2005063207A - Update program and update method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a convenient update program for both a user and a software provider. <P>SOLUTION: This update program 1 is provided with a check means 11 for determining whether or not package software 3 stored in the terminal of a user is the target of update, and for starting a decoding key decrypting means 23, a backup means 13 for backing up the package software 3 and a re-packaging means 15 for encrypting new software 41 sent by a software provider by using a decoding key 8 decrypted by the decoding key decrypting means 23 when use conditions relating to update are satisfied, and for packaging the new software 41 with package identification information 35 and for replacing it with the package software 3. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

The present invention relates to an update program and an update method, and more particularly to a download-type software update program and update method.

  In recent years, an increasing number of services allow software used on a computer to be downloaded to a user's terminal via a network.

  In such a service, in order to have more users purchase the software for a fee, first, the trial version software with reduced functions of the normal version software is downloaded to the user's terminal free of charge, and the trial period After the elapse of time, the normal version software is often purchased for a fee according to the desire of the user.

  On the other hand, most software needs to be patched or updated to add new functions or fix bugs that occur every day even after it has been officially issued to users. The modified software and update program for that purpose are distributed to users free of charge (in some cases, for a fee) within the warranty period. The user performs the update operation of the software downloaded to his / her terminal.

  However, since such an update operation is troublesome for the user, in order to reduce the user's trouble, the expiration date of the software is not rewritten by the user as disclosed in Patent Document 1. Write to an available hardware protection device, provide it to the user together with the software, and if it is within the usage period, the software provider checks the version of the software owned by the user and performs an update operation that conforms to that version. There is a software user management method and a hardware protection device that perform automatically.

In addition, if an update program is provided free of charge, problems such as unauthorized copying of the update program occur. Patent Document 2 discloses that CD-R, CD-RW, MO, DVD-RAM, etc. are acceptable. Writes the number of installable and updateable softwares to the user-inaccessible area of the replacement recording medium and provides it to the user to prevent unauthorized installation and update by comparing the actual number of installations and updates. A method is disclosed.

JP 2002-182767 A JP 2003-44155 A

However, the inventions disclosed in Patent Document 1 and Patent Document 2 have the following problems.

  That is, in any of the inventions disclosed in Patent Document 1 and Patent Document 2, a user must connect a hardware protect device or a replaceable recording medium provided by a software provider to his / her terminal.

  Therefore, the software provider must prepare and deliver the deliverable for each user, and the user must also connect the deliverable sent by mail to his / her terminal. Both the software provider and the user are troublesome, and this may destroy the significance of constructing a system (server) that allows software to be downloaded via a network.

  Furthermore, in the invention disclosed in Patent Document 1, the software provider must check the version of the software owned by the user and send an update program suitable for each user. When providing software with the same content to a seller, the software provider must perform version management for each software and update operation check test for each version. I spent a lot of time.

  Furthermore, the inventions disclosed in Patent Document 1 and Patent Document 2 relate to installation and update of normal software that is not a trial version, and the idea of updating the trial version software was not included in the first place.

  However, if the terminal of a user using trial version software downloads an update program distributed free of charge, the trial version software already stored on the terminal may be overwritten by the normal version software. The user can use the normal software that should be paid for free of charge.

  For this reason, the source software that prohibits any updates is described as a program in the conventional trial version software in advance, and even if there is a serious malfunction in the trial version software, the user will Had to download the trial software.

The present invention has been made in view of such problems, the purpose of which can be updated software without burden on the user, regardless of whether it is a trial version or a normal version, It is another object of the present invention to provide an update program and an update method that can significantly reduce the time required for updating for software providers.

  In order to achieve the above-described object, the present invention provides a predetermined number of times of use of package software in which software other than a user is encrypted with a common key generated by a common key encryption method and packaged together with package identification information. -An update program for updating the software in a software providing service to be used on a user's terminal under usage conditions such as an amount, a deadline, etc., wherein the update program includes the encrypted software A decryption key decryption program for decrypting a decryption key is stored in the terminal after being stored in the terminal of the user, and the decryption key decryption program updates the use status every time the software is used. A usage database that can be used on a terminal other than the user's terminal The usage status generation means for generating in the user's terminal in a state that cannot be read or updated, the usage status stored in the usage status database, and the usage conditions are collated, and the usage status Only when the usage condition does not exceed the usage condition, the usage status in the usage status database is updated, and the decryption key decryption means for decrypting the decryption key of the encrypted software from the decryption key storage file, and the decryption Expansion means for expanding the decrypted key on the main memory of the user terminal, and the update program determines whether the package software stored in the user terminal is an update target. Determining means for activating the decryption key decryption means, and backup means for backing up the package software; Using the decryption key decrypted when the use condition regarding the update is satisfied by the decryption key decryption means, the new software sent from the software provider is encrypted and packaged together with the package identification information, and the package software And a re-packaging means for replacement.

The invention of claim 14
Package software that is encrypted with a common key generated by a person other than the user using a common key encryption method and packaged with package identification information is used under the usage conditions such as the number of times, amount of money, time limit, etc. An update method for updating the software in a software providing service to be used on a user's terminal, wherein the update method includes a decryption key decryption process for decrypting a decryption key of the encrypted software The decryption key decryption process is executed after at least one pass, and the usage status database that can update the usage status every time the software is used is read by a terminal other than the user terminal, The first to be generated on the user terminal in a state where the update is not possible The usage status stored in the usage status database is compared with the usage conditions, and only when the usage status does not exceed the usage conditions, the usage status in the usage status database is updated, A second step of decrypting the decryption key of the encrypted software from the decryption key storage file, and a third step of expanding the decrypted decryption key on the main memory of the user terminal; The update method includes a fourth step of determining whether or not the package software stored in the terminal of the user is an update target, and a fifth step of backing up the package software; From the software provider using the decryption key decrypted when the use condition regarding the update is satisfied by the decryption key decryption process. Encrypts assigned the new software, and packaged with the package identification information, an update method and a sixth step of replacing said package software.

  According to the inventions of claims 1 and 14, the software for update is sent to the legitimate user, and the update is performed without generating a trouble such as key generation. An update program and an update method that are convenient for the user are provided.

The invention of claim 3
The new software is sent to the user's terminal in an encrypted state with the common key, and the checking means decrypts the decrypted data when the use condition regarding the update is satisfied by the decryption key decrypting means. This is an update program that attempts to decrypt the encrypted new software by using a key, and permits an update when decrypted.

The invention of claim 16
The new software is sent to the user's terminal after being encrypted with the common key. In the fourth process, the new software is decrypted when the use conditions regarding the update are satisfied by the decryption key decryption process. In this update method, the encrypted new software is tried to be decrypted using the decryption key, and the update is permitted when the decrypted new software is decrypted.

  According to the inventions of claims 3 and 16, since the new software is encrypted with the same key as the original software, there is no need to generate a new key, and there is no worry of eavesdropping by a third party. Can be updated. In addition, since the update is not performed by software encrypted with a different key, unauthorized update can be prevented.

The invention of claim 2
Encryption and packaging of new software in the repackaging means is an update program performed on the main memory.

The invention of claim 4
Decryption of the new encrypted software in the checking means is an update program performed on the main memory.

The invention of claim 15
Encryption and packaging of new software in the sixth process is an update method performed on the main memory.

The invention of claim 17
The decryption of the new encrypted software in the fourth process is an update method performed on the main memory.

  According to the inventions of claim 2, claim 4, claim 15, and claim 17, since new software is repackaged on the main memory without being stored on the hard disk, unauthorized use can be prevented. .

The invention of claim 5
The check means is an update program for confirming whether the package software, the decryption key decryption program, the decryption key storage file, and the use state database are stored in the terminal of the user.

The invention of claim 18 provides
The fourth process is an update method for confirming whether the package software, the decryption key storage file, and the usage status database are stored in the user terminal.

  According to the fifth and eighteenth aspects of the present invention, if there is no valid package software or decryption key in the user's terminal, the update is not performed in the first place, so that the valid update can be performed.

The invention of claim 6
The check means is an update program that confirms whether the software version in the package software is older than the new software version.

The invention of claim 19
The fourth process is an update method for confirming whether the software version in the package software is older than the new software version.

  According to the inventions of claims 6 and 19, correct update can be surely performed.

The invention of claim 7
The decryption key storage file contains the decryption key and one or more usage conditions, and is stored in the user terminal so that the decryption key can be decrypted only by the decryption key decryption means. Update program.

The invention of claim 20
The decryption key storage file contains the decryption key and one or more use conditions,
An update method stored in the user terminal so that the decryption key can be decrypted by the decryption key decryption method.

  According to the inventions of claim 7 and claim 20, it is not necessary to obtain a decryption key and use conditions from the software provider every time the software is used, and the use of the software is accelerated, and the decryption key storage file is obtained once. Then, there is no danger of eavesdropping.

The inventions of claims 8 and 21 include
Part or all of the usage conditions are not included in the decryption key storage file, and are an update program and an update method that are issued after the user completes the purchase or update settlement of the package software.

  According to the inventions of claims 8 and 21, usage conditions that differ for each user can be issued as a separate file without being included in the decryption key storage file. Later software usage and updates are possible.

The inventions of claim 9 and claim 22
The decryption key storage file is an update program and an update method that are encrypted with a second key obtained by replacing a first key such as a random number with a replacement table.

  According to the ninth and twenty-second aspects of the present invention, since the decryption key storage file including the decryption key is encrypted, the decryption key can be further protected.

The inventions of claim 10 and claim 23
The replacement table is an update program and update method generated for each software provider.

  According to the inventions of claims 10 and 23, if the replacement software is changed for each seller if the same software is used, it is possible to specify the sales route in the case of unauthorized use, and the rights of the seller are also protected. The

The invention of claim 11 and claim 24
The replacement table is an update program and an update method that are encrypted by a one-way function such as a hash value obtained from binary data of the package software.

  According to the eleventh and twenty-fourth inventions, it is possible to detect software tampering.

The invention of claim 12
The repackaging means is an update program that encrypts the replacement table with a one-way function such as a hash value obtained from binary data of the package software replaced with the package software.

The invention of claim 25 provides
In the update method, the replacement table is encrypted by a one-way function such as a hash value obtained from binary data of the package software replaced with the package software.

  According to the twelfth and twenty-fifth aspects of the invention, as long as the use conditions are satisfied, it is possible to continue to use the software regardless of whether or not the software has been updated and without being aware of the update.

The inventions of claims 13 and 26 include
The usage database is encrypted at the user's terminal by a one-way function such as a hash value of identification information (MAC address, BIOS serial number, hard disk serial number, etc.) of the terminal. Program and update method.

  According to the thirteenth and twenty-sixth aspects of the present invention, it is impossible to copy and use the usage status database to a terminal other than the user terminal.

  In addition, in the “sending” in this specification, in addition to a transmission form by a download request from a user via a network, a transmission form by attachment to an e-mail, at least one of these is a CD-ROM or the like It is also possible to store the information in a portable recording medium and send it to the user by mail or the like. In other words, in the present invention, as a method for the user to obtain data such as a program, all or a part of the program can be stored in a portable recording medium such as a CD-ROM in addition to downloading via a network and attaching to a mail. It also includes the case where the user makes a copy from the portable recording medium to the terminal.

  Further, in this specification, “software provider” includes not only the manufacturer that created the software, but also those who directly provide or sell the software to users.

  Further, in this specification, “user” refers to a person who is permitted to use specific software by a software provider.

  Further, in this specification, “download, copy, store, and generate to a user terminal” refers to downloading to a rewritable external (auxiliary) storage device in the user terminal. The rewritable external storage device includes a storage device such as an internal hard disk of the terminal and an external disk (MO or FD) connected to the terminal. However, these storage devices are one-to-one correspondence with the terminal, and do not include a shared disk with another terminal or an external storage device connected to the terminal via a network.

In this specification, the “user terminal” is a configuration (CPU, main memory, external) necessary for storing, executing, and using the update program of the present invention, a program such as package software, and data. Any ordinary computer having a storage device, a communication device, an input / output device, or the like may be used.

  According to the update program and the update method of the present invention, the burden on both the software user and the software provider is reduced, and the convenience of software update is increased.

  Since the decryption key necessary for repackaging already exists in the user terminal, the present invention is applied to the user terminal when an update is required without generating a new key for updating. By simply downloading the update program and update software, the user terminal can update the software regardless of whether it is a trial version or a normal version.

  Also, once the decryption key decryption program and package software are stored in the user terminal, it is possible to update the software that can only be performed on the user terminal, which not only prevents unauthorized updates, but also It is possible to provide an update service free of charge only to new users.

Since the update program of the present invention may be the same program and the software may be the same regardless of the seller, the labor required for the update can be greatly reduced. In addition, it is not necessary to prohibit the update of the trial version software, and the effort for inserting the source code for prohibiting the update into the trial version software is reduced. Further, there is no risk of the trial version software being downloaded to the user terminal in duplicate or the trial version software being overwritten with the normal version software.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to FIGS. 1, 2, 3, 4, 5, and 6.

  FIG. 2 shows that the software 31 to be updated is downloaded to the user terminal 7 (software provider side) as a stage before updating the software program (hereinafter referred to as software 31) by the update program 1 and the update method of the present invention. The data stored in the server terminal 6 is transferred via the network), and a program necessary for making the software 31 available only on the user terminal 7 (hereinafter referred to as a decryption key decryption program 2). ), Package software 3 in which the software 31 is packaged, and the configuration of the installation program 5.

  FIG. 1 shows a server terminal when an update from software 31 to software 41 is required after the package software 3, decryption key decryption program 2, and installation program 5 shown in FIG. 6 shows the configuration of the package software 4 and the update program 1 downloaded from the user terminal 7 to the user terminal 7.

  First, the configuration of FIG. 2 will be described. The user terminal 7 downloads the package software 3, the decryption key decryption program 2, and the installation program 5 shown in FIG. 2 from the server terminal 6 via the network after designating and selecting the desired package software 3. These programs including software may be downloaded once and stored in the user terminal 7. These programs are not limited to the download form, but may be attached to an e-mail, or stored in a portable recording medium such as a CD-ROM and sent to the user by mail or the like for use. May be copied to the person terminal 7.

  The user terminal 7 has a configuration (CPU, main memory 71, external storage device, communication device, input / output device, etc.) necessary for storing, executing, and using these downloaded programs. Any ordinary computer may be used.

  The package software 3 includes encryption software 31a, decryption means 33, and package identification information 35 (not shown). The encrypted software 31a is obtained by encrypting the software 31 with an encryption key. Hereinafter, it is assumed that subscripts such as “a” and “b” are attached to the codes of the original data before the encryption process for data such as software, programs, and files subjected to the encryption process.

  The decryption key decryption program 2 includes a usage status generation unit 21, a decryption key decryption unit 23, an expansion unit 25, and a decryption key storage file 29.

  In FIG. 2, the decryption key storage file 29a that is encrypted instead of the decryption key storage file 29 is included in the decryption key decryption program 2, and an encrypted replacement table 27a is also included. The replacement table 27 is necessary for decrypting a key necessary for decrypting the encrypted decryption key storage file 29a. Details of each means will be described sequentially.

  The installation program 5 is a program that provides support such as controlling the activation order of each program and data so that the downloaded package software 3 can actually be used on the user terminal 7. The installation program 5 may include the package software 3 and the decryption key decryption program 2.

  First, the package software 3 will be described with reference to FIG. The software is of course a binary format when downloaded and stored in the user terminal 7, but in order to actually execute and use the software on the terminal or display it on the display, not only the execution program but also the software The program necessary to execute is required.

  The software provider encrypts the execution program and a program necessary for executing the software (hereinafter collectively referred to as software 31) with an encryption key such as an arbitrary random number using an encryption processing apparatus, and encrypts the software 31a. And

  There are two main reasons for encryption, and one point is to prevent the software 31 from being used even if it is a legitimate user who has downloaded the software 31 unless the usage conditions described later are satisfied. There is another point in order to prevent eavesdropping by a Service-to-Self in the process of going through the network.

  That is, in the present invention, even if only the encrypted software 31a is downloaded, even the user cannot use the software 31, and the software 31 can be used for the first time through the process of decrypting the encrypted software 31a. It becomes.

  Further, in the present invention, the decryption key 8 necessary for decryption of the encryption software 31 a is not generated by the user side, and even the user can easily know the decryption key storage file 29. It is saved in a state where it can not be. That is, the decryption key 8 can be obtained only when the use conditions of the software 31 determined for each user are satisfied, and the decryption of the encryption software 31a can be performed only by the decryption key 8 obtained in this decryption process. A mechanism that enables this is adopted.

  Here, a common key cryptosystem is used for encryption / decryption, and the encryption key and the decryption key 8 are common. The encryption / decryption processing time using the key generated by the common key encryption method is shorter than the encryption / decryption processing time using the public key encryption method, which is convenient for both users and software providers. There is no loss of sex.

  A public key cryptosystem may be used instead of the common key cryptosystem. In this case, both the encryption key and the decryption key 8 are provided by the software provider in order to save the user from generating a key. Shall be generated on the side.

  This encryption key (decryption key 8) is a random number generated by a person other than the user, that is, a software provider in the present embodiment. If the packaged software 4 downloaded when updating the software 31 in FIG. 1 includes the encrypted software 41 a instead of the software 41, the encrypted software 41 a is an encryption key of the software 31. It is encrypted with the same key as (decryption key 8).

  As shown in FIG. 3, an encrypted software 31a and programs (decryption means 33, package identification information 35) necessary for decrypting the encrypted software 31a are added with a header 37, which is a package. Software 3

  The software 31 is encrypted and further packaged, so that it can be executed only in conjunction with the installation program 5 (update program 1 in FIG. 1) and other programs. Cannot be stored on a hard disk.

  Therefore, even if the user and the Service-to-Self are aware of the decryption key 8, it is impossible to decrypt the encrypted software 31a illegally, and it is also possible to modify the binary data of the execution program to remove the virus. It cannot be created or used for illegal use.

  Note that files and programs that are common regardless of the user, such as the usage status generation unit 21 and the expansion unit 25 illustrated in FIG. 2, may be included in the package software 3. On the contrary, the decryption means 33 does not need to be included in the package software 3 and may be included in the decryption key decryption program 2.

  In addition, when a plurality of types of software are used in the user terminal 7, means that can be used in common regardless of the type of software do not need to be downloaded repeatedly in the user terminal 7. It is not necessary to be included in the package software 3 or the decryption key decryption program 2, and may be arbitrarily downloaded to the user terminal 7 as a separate package or a separate file.

  The decryption means 33 is a program necessary for decrypting various encrypted data using a key or the like. Note that the decrypting means 33 may generate a hash value or the like in addition to simply decrypting. Further, a program necessary for generating a hash value or the like may be separately prepared and downloaded to the user terminal 7.

  The package identification information 35 is information that can identify the type of software and / or the software seller. In this embodiment, the package identification information 35 is used to activate the decryption key decryption means 23 downloaded together with the package software 3. Used as input information.

  Next, details of the decryption key decryption program 2 will be described with reference to FIG.

  The decryption key decrypting means 23 is means for decrypting the decryption key 8 in cooperation with the decryption key storage file 29 containing the decryption key 8 for decrypting the encrypted software 31a. As described above, in the present embodiment, the decryption key decryption means 23 is activated by the input of the package identification information 35.

  An example of the configuration of the decryption key decryption means 23 and the decryption key storage file 29 is shown in FIG. 4 shows a state in which these programs and files are downloaded from the server terminal 6 to the user terminal 7 via the network and stored in an auxiliary storage device (external storage device) such as a hard disk of the user terminal 7. However, the decryption key 8 in the decryption key storage file 29 can be decrypted and extracted only by the decryption key decrypting means 23.

  In this embodiment, the decryption key decryption means 23 has collation / update means 231, 232, and 233. The collation / update means 231, 232, and 233 sequentially collate the usage conditions in the decryption key storage file 29 and the usage status in the usage status database 21 a described later, and only when the usage status does not exceed the usage conditions. The usage status database 21a is updated. Only when all verifications are completed without any problem, the decryption key 8 in the decryption key storage file 29 is decrypted and expanded on the main memory 71 of the user terminal 7 by the expansion means 25.

  Thereafter, the decryption means 33 decrypts the encrypted software 31a only with the decryption key 8 decrypted by the decryption key decryption means 23, and the decompression means 25 decompresses the decrypted software 31 on the main memory 71. . The software 31 can be used on the main memory 71.

  The decryption key storage file 29 is composed of one or more keys, one or more usage conditions, and a decryption key 8. By passing the key to the verification / update means 231, 232, 233, the usage conditions and usage status corresponding to the key are extracted and verified. Note that the key here is also generally generated by a random number generator like the decryption key 8.

  In the present embodiment, the decryption key storage file 29 is downloaded once together with the package software 3 as part of the decryption key decryption program 2 as shown in FIG. It is not necessary to acquire the decryption key 8 and usage conditions via the network each time an update is performed.

  In addition, as described above, the decryption key 8 is extracted only by collation between the use conditions and the use status, and therefore may be common regardless of the user. Therefore, the decryption key storage file 29 becomes a common file regardless of the user, and can be included in the common installation program 5 regardless of the user. The installation program 5 on the software provider side or the decryption key storage file The trouble of creating 29 is reduced.

  Returning to the description of FIG. 4, the expansion means 25 temporarily stores the decrypted decryption key 8, the software 31 decrypted by the decryption key 8, and other keys in the main memory 71. It is a means to store in. That is, since these data and keys cannot be stored alone in an external storage device such as a hard disk, the software 31 can be used / updated beyond the predetermined usage conditions, It is impossible to copy or transmit the decrypted software 31 from the user terminal 7 to another person's terminal.

  Therefore, the decryption key 8 cannot be known even by the user unless the decryption process of the decryption key 8 in the decryption key storage file 29 by the decryption key decrypting means 23 is performed. Cannot be saved to a hard disk.

  The usage status generation means 21 generates an usage status database 21a that cannot be illegally updated by the user himself / herself and cannot be read or updated by a terminal other than the user terminal 7, and is stored in the external storage device of the user terminal 7. It is a means to generate only.

  The usage status database 21a stores the usage status of the software 31 by the user terminal 7. The usage status is the number of times the software 31 is actually used, the amount of money, the date and time, the number of times of updating, the date and time, etc. Each time the user uses or updates the software 31 on the user terminal 7, the corresponding usage conditions ( The number of times, the amount of money, the date and time, the deadline, etc.) are not exceeded, that is, until a predetermined usage limit is reached. When it is likely that the software 31 will be used / updated beyond the use conditions, the use / update of the software 31 and the previous process (decryption key decryption process) of the software use / update are stopped on the spot.

  As a matter of course, the software provider can calculate the usage amount of the software (for example, charge 200 yen if used for 1 hour, charge 100 yen for each use) or count the number of times of use depending on the software. Etc. need to be determined in advance.

  Further, either the server terminal 6 or the user terminal 7 can grasp the usage status of the software 31 by the user terminal 7 and can be reflected in the update of the usage status database 21a (for example, Counting means, timing means, fee calculation means, etc.) are required.

  In addition, when “amount” is set as one of the usage conditions, a billing means is provided on the server terminal 6 side, and the user determines the amount in advance by some means (cash, transfer, credit card, etc.) It is necessary that the key and the usage conditions are issued to the user terminal 7 after the payment is confirmed by the software provider (server terminal 6).

  In addition, a prepaid method can be adopted as the charging method. In this case, for example, the user purchases a usage condition for 5000 yen from the server terminal 6, and the usage condition for 5000 yen is obtained upon completion of the settlement. And a key corresponding to this use condition is issued. The user can use the software 31 as long as the usage status does not exceed the usage of 5000 yen in total and as long as other usage conditions are satisfied.

  If the use of the software 31 is a membership system and a monthly fee system, it is desirable that the key and usage conditions are issued after confirming the credit card number and bank account owned by the user. . As a result, a fee corresponding to the usage time of the software 31 or a fixed fee is automatically paid every month.

  As described above, when the use of the software 31 is started after the payment is made, or when the use condition related to money is required to be checked when the software 31 is used, Since the key corresponding to this differs depending on the user, it is desirable that the key is not included in the decryption key storage file 29 but received separately from the software provider.

  If the software 31 is to be used free of charge and the usage conditions are common regardless of the user, all the usage conditions are stored in the decryption key storage file 29 as shown in FIG. A corresponding key may be included.

  The usage status database 21a is read and updated only in the decryption process of the decryption key 8 by the decryption key decryption means 23, and is not updated or falsified by the user or the Service-to-Self in any other process. To do.

  In addition, it is possible to detect the usage status in the usage status database 21a without permission update, falsification, unauthorized use, and the like using a known hash (one-way) function technique or the like. For example, the consistency of whether or not it was encrypted with the correct hash value at the time of the next update or reading, such as by always encrypting the usage status with the hash value of the usage status at the time of the last update or reading Check.

  If an illegal read or update has been performed, the correct read key 8 is obtained whether the usage status is not encrypted with the original hash value, even if the next normal read or update is attempted. Can not be decrypted.

  Also, for example, the usage status can be updated only by a predetermined number, for example, by reducing it by one, for example, and the usage status should be updated from 2 to 3 times. It can be made impossible to tamper with.

  In this way, in the unlikely event that unauthorized reading or falsification is made, the use of the software 31 or the decryption of the decryption key 8 should be stopped on the spot, or the correct data that has been backed up by encryption in the registry or the like The usage status is read and the altered usage status database 21a is restored to the original state.

  In order to be able to generate the usage status database 21a only in the user terminal 7, a program capable of generating the database is provided only once at the terminal where the package software 3 is first downloaded, or a server terminal before downloading 6 recognizes the identification information (MAC address, BIOS serial number, hard disk serial number, etc.) of the user terminal 7 in advance, encrypts the usage situation database 21a with the hash value of the identification information, etc. In the terminal having the information, a program for preventing the encrypted usage database 21a from being decrypted is provided.

  Next, in order to make the usage database 21a unreadable by terminals other than the user terminal 7, when the decryption key decrypting means 23 checks the usage conditions and the usage status, it is registered on the server terminal 6 side. It is confirmed whether or not the usage status database 21a is generated in the external storage device in the user terminal 7 having the identified identification information. If the usage status database 21a is not found, a terminal other than the user terminal 7 is used. Assuming that the software 31 is about to be used / updated, a method for stopping the use / update of the software 31 or the usage status database 21a is encrypted with a hash value of identification information unique to each user terminal 7, For example, a method for preventing the usage status database 21a from being decrypted by a hash value of identification information of another terminal or the like. That.

  In addition, the identification information of the user terminal 7 is added as one condition in the usage conditions generated in advance, and when the usage conditions and the usage status are collated, the terminal actually used as the usage status is identified. A method may be used in which the information is checked and the use / update of the software 31 is stopped if the information does not match the identification information of the terminal to be originally used as a use condition. It should be noted that this usage condition naturally varies from user to user, and therefore it is desirable that the decryption key storage file 29 is not included when the decryption key storage file 29 is shared.

  By configuring the usage status database 21a as described above, even if the usage conditions (including update conditions) are unlimited or free use, the content is empty or meaningless. If the generated usage status database 21a is generated in the user terminal 7 and the process of checking the usage status database 21a is confirmed when the usage conditions and the usage status are collated, the usage status database 21a other than the user terminal 7 is used. The use / update of the software 31 at the terminal, that is, the unauthorized use / update of the software 31 by the user and the Service-to-Self can be prevented.

  In addition, even if the usage conditions (including update conditions) do not require an unlimited number of payments or free use during the trial period, if the payment is made at 0 yen, the software provider side There are the following merits.

  First, when making a user make a payment, it is common to register the user together. However, if the user registration is made together with the 0 yen payment, the software provider obtains the user information. It can be used for user support, violation copy tracking, and the like. Furthermore, with the consent of the user, other software sales information and the like can be sent and notified to the user.

  Also, especially when letting users use free trial version software, if the software can only be downloaded without user registration, the trial version software may be abused and become a hotbed for unauthorized use. It is recommended that the user make 0 yen settlement and also register as a user.

  If free trial software is provided, the user will pay attention to this and automatically register as a user, so the software provider will concentrate the user's information in a costly and labor-intensive manner. The user information acquired in this way can be used for sales promotion and the like.

  Here, a specific process until the decryption key 8 in the decryption key storage file 29 is decrypted by the decryption key decryption means 23, the decryption key storage file 29, and the usage status database 21a will be described in detail with reference to FIG. explain.

  First, the first collation / update means 231 is activated by the key 0. The acquisition path, generation method, and the like of the first key 0 are not limited, but the key 0 is the package identification information 35 in the present embodiment. In this case, the decryption key decryption means 23 can be activated directly.

  The collation / update unit 231 searches the usage conditions in the usage status database 21a corresponding to the usage conditions after searching for the corresponding usage conditions, and the usage status database 21a is a valid place (user terminal 7 The usage condition 1 is checked against the usage condition 1, and if the usage condition 1 does not exceed the usage condition 1, the usage condition 1 is updated and the key 1 is acquired.

  The key 1 activates the next verification / update means 232. The collation / update means 232 collates the usage conditions 2 and the usage status 2 and updates the usage status 2 in the same manner as the previous procedure, and acquires the key 2.

  The key 2 activates the next verification / update means 233. The collation / update means 233 collates the usage conditions 3 and the usage status 3 and updates the usage status 2 in the same manner as the previous procedure, and acquires the key 3.

  Finally, when all the usage conditions and the usage status are collated without problems and the last key 3 is acquired, the decryption key 8 is decrypted and expanded on the main memory 71 by the expansion means 25. Note that the presence of the last key 3 is arbitrary, and the collation / update means 233 may directly acquire the decryption key 8.

  In addition, when the number of usage conditions is small as shown in FIG. 4 or in order to make the decryption key 8 more difficult to decrypt, the same usage conditions and usage status collation are repeated in the decryption key storage file 29. It may be possible to use a simple structure, or to subdivide one use condition (for example, use limit amount 5000 yen) (for example, divide 5000 yen into each digit).

  Further, all or a part of the keys and usage conditions in the decryption key storage file 29 may be stored in the server terminal 6 or a recording medium in which data cannot be rewritten without being downloaded to the user terminal 7. In the case of a key, not only the key is stored, but an entrance (means for receiving and confirming check results by the collation / update means 231, 232, 233) and an exit (next) It is assumed that the means for indicating the location of the proceeding collation / update means 231, 232, 233 are also stored.

  For example, in FIG. 4, when the key 1 is stored in the server terminal 6 together with the identification information of the user terminal 7, the collation / update means 231 accesses the server terminal 6 to collate the usage condition 1 with the usage situation 1. After notifying the server terminal 6 that there is no problem in the result, the key 1 is obtained from the server terminal 6. Of course, the server terminal 6 needs to confirm that the access source is a valid user terminal 7.

  Further, for example, when the usage condition 2 is stored in the CD-ROM, the collation / update means 232 always accesses the CD-ROM from the legitimate user terminal 7 to set the usage condition 2 in the CD-ROM. After acquisition, the usage status 2 is checked.

  Since alteration of data in the server terminal 6 and rewriting of data in the CD-ROM are extremely difficult, unauthorized use of the software 31 by a user and a Service-to-Self becomes more difficult, and further protection of the decryption key 8 is achieved. Will be.

  As described above, when the usage conditions and a part of the key in the decryption key storage file 29 are stored in the recording medium such as the server terminal 6 or the CD-ROM, the user terminal 7 receives the server whenever the software 31 is used. Although it is necessary to access the terminal 5 and the recording medium, the time required for processing and communication increases accordingly, and communication costs also increase.

  Therefore, in the case where the user purchases the software 31 for a fee, the server terminal 6 issues a usage condition and a part of the key separately from the decryption key storage file 29 after the settlement of the user, It is desirable to have the user terminal 7 download it.

  In this case, the usage status generation means 21 in the user terminal 7 stores the issued usage conditions and key in the usage status database 21a, and further generates a usage status corresponding to the usage conditions.

  As a result, the decryption key storage file 29 may be a common file regardless of the user without incurring communication costs and processing time, and only a key corresponding to the use condition is generated and issued for each user. Thus, only the user terminal 7 of the user can use the software 31 within the range of the usage conditions, and the convenience of both the user and the software provider is achieved.

  Note that the decryption means 33 enables the decryption of the encryption software 31a only with the decryption key 8 decrypted in order through all decryption processes by the decryption key decryption means 23. That is, even if the decryption key 8 is known by some method, the decryption of the encryption software 31a is performed by the user terminal in which the decryption key 8 in the decryption key storage file 29 is decrypted by the decryption key decrypting means 23. It can only be done within 7.

  Therefore, even if the decryption key storage file 29 is common to all users, if the key is changed to a random number each time among the keys corresponding to the use conditions issued for each user, the decryption key 8 is obtained as a result. Can be changed for each user, and only the user can use the software 31.

  The decryption key 8 is extracted from the decryption key storage file 29 through the decryption process as described above. An example of the file structure of the decryption key storage file 29 is shown in FIG.

  Referring to FIG. 6, the decryption key storage file 29 includes an acquisition path for the decryption key 8, a path directory indicating the acquisition order, a generation location of the usage status database 21a, and a usage status update method under the root directory. The usage status directory shown in FIG.

  In FIG. 6, the portion surrounded by the dotted line frame is stored in the decryption key storage file 29 when the software 31 is used for a fee (when payment is required) or when the usage conditions differ for each user. It is a part that is not included and is separately issued from the software provider and stored in the usage database 21a.

  Under the path directory, keys for activating the collation / update means 231, 232, 233 and usage conditions corresponding to the keys are arranged in order, and the finally obtainable decryption key 8 itself is also included.

  Further, for example, when a trial period for using the software 31 free of charge for a certain period is provided and the software 31 is continuously used only for a fee after the trial period has elapsed, the decryption key 8 is displayed under the path directory during the trial period. The usage condition path corresponding to the key for acquiring the key and the usage condition path corresponding to the key for acquiring the decryption key 8 after the trial period elapses are arranged in parallel.

  Thereby, even if the trial period of the software 31 elapses, the user does not need to newly purchase and download the normal version software, and only has the remaining usage conditions and key issued after the purchase settlement is completed. Software 31 can be used continuously. As will be described later, the normal version software can be used immediately by simply updating the trial version to the normal version by the update program of the present invention.

  Also, under the usage status directory, a usage status prototype corresponding to each usage condition is included, and the usage status generation means 21 stores the usage status prototype in the usage status database 21a when the software 31 is used for the first time. Copy or move.

  For example, when the usage state prototype corresponds to a usage condition with a frequency limit (for example, 10 times), it is composed of data “0 times” or data “10 times”. Is done.

  When the usage status prototype is composed of data of “10 times”, the usage status database 21a is updated to reduce the number of times once each time the software 31 is used, and becomes “0 times”. Since the software 31 can no longer be used at this point, the collation work in the collation / update means 231, 232, 233 is substantially unnecessary.

  On the other hand, when the usage pattern is composed of data of “0 times”, the collation / update means 231, 232, 233 perform update work in the usage condition database 21a to increase the number of uses, and Therefore, it is necessary to perform a collation operation with the use condition as to whether or not the use condition is satisfied.

  That is, the collation / update means 231, 232, 233 searches the usage status database 21a for the location of the usage status database 21a corresponding to the key, updates the usage status database 21a, and finally acquires the next key. In some cases, the corresponding use condition is searched from the use condition directory, and the use condition and the use status are collated. The key stored in each branched directory in the decryption key storage file 29, the usage conditions, and the usage status storage location are linked to each other.

Since the decryption key storage file 29 has such a tree structure, the decryption key 8 cannot be acquired unless it passes through a normal order. Also, since the decryption key 8 cannot be decrypted unless the data in one directory corresponds to the data in the other directory, only a part of the directory is copied or the storage location or path name of one of the directories is changed. As a result, the cooperation with the decryption key decryption means 23 is not performed, and thus there is an effect that unauthorized use is difficult to be performed.

  Next, details of the update program 1 of the present invention will be described with reference to FIG.

  The update program 1 is downloaded to the user terminal 7 via the network together with the new software 41 used for the update when the software 31 needs to be updated after the package software 3 is downloaded to the user terminal 7. Program. The update program 1 and the new software 41 are not limited to the download form, but may be attached to an e-mail, or stored in a portable recording medium such as a CD-ROM and sent to the user by mail or the like. After that, it may be copied to the user terminal 7.

  The update program 1 replaces the original software 31 stored in the user terminal 7 with the new software 41, and supports the control of the starting sequence of each program and data so that it can be used on the user terminal 7. Therefore, it plays almost the same role as the installation program 5 downloaded for the first time, and the point is merely the difference between whether the software 31 is installed or updated.

  Therefore, although not described in detail, the update program 1 has the same function as that of a general installation program. An update program is generally called an updater, and an installation program is often called an installer.

  The package software 4 downloaded together with the update program 1 includes at least software 41 and package identification information 35. The software 41 may be encrypted software 41a encrypted with an encryption key (decryption key 8). The package software 4 may include the decryption means 33. The package software 4 is generally included in the update program 1 and can be extracted only by executing the update program 1. Like the package software 3, the package software 4 cannot be executed or used alone. It is possible.

  The update program 1 includes check means 11, backup means 13, and repackage means 15.

  The checking means 11 is means for confirming whether or not the software 31 to be updated exists in the user terminal 7 to which the update program 1 has been downloaded, and whether or not the software 31 may be updated. At this time, it is also confirmed whether or not the software 31 to be updated is stored in the user terminal 7.

  The package software 4 downloaded together with the update program 1 includes package identification information 35, and the check unit 11 already has software 31 having the same package identification information 35 as the package identification information 35 in the user terminal 7. Check if you want to. Further, it is confirmed whether or not the existing software 31 is encrypted and packaged. The confirmation is performed by searching on an external storage device such as a hard disk or by looking at the registry.

  Since the update program 1 targets the software 31 that has been encrypted and packaged, if the retrieved software 31 is not encrypted or packaged, the update program 1 stops the update here. To do.

  When it is confirmed that the software 31 to be updated exists, the check unit 11 activates the decryption key decryption unit 23 already stored in the user terminal 7 by the package identification information 35. Here, if the decryption key decrypting means 23 does not exist, the update is stopped because the software 31 is not properly obtained in the first place.

  When the decryption key decryption means 23 is activated, the collation / update means 231, 232, 233 collate the usage conditions and the usage status in the usage status database 21a, as described above with reference to FIG.

  In this case, the check unit 11 sends a command to the collation / update unit 231 to collate the usage conditions (for example, the number of times and the time limit) related to the update and the usage status. The usage condition regarding the update may be a condition such as unlimited number of times and indefinite period. However, the usage status is updated in accordance with the actual number of updates and the update date and time, and the usage status database 21a is a user terminal. 7 is confirmed whether it is present or not, so that unauthorized updating is prevented.

  Here, the usage conditions relating to the update may be included in the decryption key storage file 29 by forming a route different from the key acquisition route based on the usage conditions relating to the usage of the software 31 in parallel. Further, if the usage condition regarding the update is not included in the initial decryption key storage file 29, the usage condition and a key corresponding thereto may be issued separately (for example, after completion of the settlement of the update contract).

  Further, the usage conditions regarding the update may be the same as the usage conditions when using the software 31. For example, the use of the software 31 once and the update once may be regarded as equivalent to the use of the software 31. If the update is performed once, the usage status database 21a is updated. The usage status regarding the number of times of usage is updated once.

  If the use conditions regarding the update are satisfied, the decryption key 8 in the decryption key storage file 29 is decrypted and temporarily stored in the main memory 71. The decryption of the decryption key 8 means that the software 31 may be updated on the user terminal 7.

  The check unit 11 may instruct the collation / update unit 231 to confirm the version of the software 31. For example, when the version of the current software 31 stored in the usage status database 21a must be older than the version as the usage conditions, the version as the usage conditions is older, and the predetermined conditions are satisfied. If not, you may not be able to update.

  When the encrypted software 41a encrypted with the encryption key (decryption key 8) is downloaded together with the update program 1, the check means 11 uses the decryption key 8 obtained by the decryption key decryption means 23, When the decryption of the encryption software 41a is attempted and the decryption is performed, the update of the software 31 may be permitted, and when the decryption is not performed, the update may be stopped.

  If the software 41 is encrypted, the risk of eavesdropping is reduced, and the process for confirming whether the software 41 has been encrypted with the correct encryption key is increased, so that a reliable update is performed.

  The backup means 13 is a means for taking a backup of the package software 3 originally stored in the user terminal 7 before performing the update. A copy of the package software 3 is stored in a backup folder or the like of the user terminal 7. The backup by the backup unit 13 may be performed after receiving an instruction from the check unit 11 that the software 31 to be updated may be updated, and the order does not matter.

  The purpose of performing the backup is to return the package software 3 to the original storage location in the user terminal 7 in the event that the update operation fails.

  The repackaging unit 15 uses the decryption key 8 extracted by the decryption key decryption unit 23 to transfer the software 41 in the package software 4 sent together with the update program 1 after the backup unit 13 backs up the original package software 3. The encrypted software 41a is encrypted and packaged together with necessary programs such as the decryption means 33 and the package identification information 35, and overwritten on the original package software 3 at the storage location of the original package software 3. .

  Since the package software 4a packaged by the repackaging unit 15 is stored in the storage location of the original package software 3, when the user software 7 is used thereafter, the decryption key decryption unit 23 is used as before. Thus, the decryption key 8 is decrypted, the encrypted software 41a is decrypted with the decryption key 8, and the software 41 can be used on the main memory 71.

  The new software 41 is taken out by the activation of the update program 1, but the repackaging by the repackaging means 15 is generally performed after it is once saved on the hard disk.

  Also, new software 41 is not stored on the hard disk, but is temporarily placed on the main memory 71, encryption or packaging processing is performed on the main memory 71, and it is overwritten on the original package software 3 for the first time on the hard disk. It may be stored in the storage location. As a result, the new software 41 that has not been encrypted is not stored in the hard disk, so that there is no fear of unauthorized use such as copying at that stage.

  After the update is completed normally, the original package software 3 backed up by the backup means 13 is deleted to prevent unauthorized use. This deletion function is realized by any means of the update program 1.

  As described above, as long as the decryption key storage file 29 for storing the decryption key 8 of the encryption software 31a, the decryption key decryption means 23, the use state database 21a, and the like are available before the update, repackaging is necessary. The decryption key 8 is already present in the user terminal 7, so that the user terminal 7 is informed of the present invention when an update is required without generating a new key for updating. By simply downloading the update program 1 and the update software 41, the user terminal 7 can update the software 31 regardless of the trial version or the normal version.

  Since the decryption key 8 is extracted only when the user terminal 7 satisfies the use conditions, once the decryption key decryption program 2 and the package software 3 are stored in the user terminal 7, the decryption key 8 is used. It is possible to update the software 31 that can be performed only at the user terminal 7, not only preventing unauthorized updates, but also providing an update service free of charge only to legitimate users.

  Conventionally, when the same type of software is provided to a plurality of sellers, the software provider side manages the version of the software for each seller and creates the update program 1 and the software 41 for each seller. It was. As a result, the time and effort required for the update and the update operation check are generated individually, and the time required for the update is enormous.

  However, since the update program 1 of the present invention may be the same update program 1 and the software 41 may be the same regardless of the seller, the labor required for the update can be greatly reduced. In addition, it is not necessary to prohibit the update of the trial version software, and the effort for inserting the source code for prohibiting the update into the trial version software is reduced. Further, there is no risk that the trial version software is downloaded to the user terminal 7 in duplicate or the trial version software is overwritten with the normal version software.

As described above, according to the update program and the update method of the present invention, the burden on both the software user and the software provider is reduced, and the convenience of the software update is increased.

  Next, when the decryption key storage file 29 is encrypted and downloaded to the user terminal 7 in order to further protect the decryption key 8, prevent falsification of the software 31, 41 and the decryption key storage file 29, and prevent unauthorized updates. An example will be described with reference to FIG.

  First, the server terminal 6 obtains a key A (first key) made of random numbers using a random number generator. The key A may be a hash value of binary data of the original decryption key storage file 29. As a result, even if the encrypted decryption key storage file 29a is altered after being decrypted, the hash value is different from the previous hash value as a result of the alteration, so re-encryption cannot be performed. 29 tampering detections are possible. The key A is attached to the decryption key storage file 29 or the like and downloaded to the user terminal 7.

  Next, the server terminal 6 converts the key A into a key B (second key) using the replacement table 27 by the converter, and encrypts the decryption key storage file 29 with the key B by the encryption processing device. Here, the key B is a common key for both encryption and decryption.

  The replacement table 27 is a kind of cryptanalysis table, and is a table showing the correspondence before and after replacement. By using the replacement table 27, the key is not directly touched by the user or the Service-to-Self, and it becomes difficult to decrypt or illegally use the key.

  The replacement table 27 may be the same for any user and any software. However, if the same replacement table is used, it becomes easier to guess the replacement table, resulting in unauthorized use. In this embodiment, a replacement table 27 is prepared for each software seller. Thus, even if the same software is illegally used, it is possible to specify an illegally sold route and protect the rights of the seller.

  When the encrypted decryption key storage file 29a is downloaded to the user terminal 7, as shown in FIG. 2, it is necessary to download the replacement table 27 as well. Since the meaning of encrypting the decryption key storage file 29 disappears if it is known to the user, the server terminal 6 further encrypts the replacement table 27 by the encryption processing device.

  The replacement table 27 is encrypted and encrypted with the value of a one-way function such as a hash value generated from binary data that may cause problems such as unauthorized use if tampered with the package software 3 or the like. The replacement table 27a is downloaded to the user terminal 7. As a result, if the software 31 or the like has been tampered with when the encrypted decryption key storage file 29a is decrypted, the replacement table 27 is not decrypted. Therefore, the decryption of the encrypted decryption key storage file 29a is also performed. Not.

  When the replacement table 27 is encrypted with the hash value of the binary data of the package software 3, the software 31 included in the package software 3 does not change the hash value before and after the replacement table 27 is encrypted. It is necessary to be binary data. In other words, setting files and saved data whose contents are rewritten before and after using the software 31 should not be included in the package.

  Therefore, after the software 31 is updated by the update program 1 of the present invention, the hash value is naturally different from the hash value before the update, and the encrypted replacement table 27a cannot be decrypted after the update. The repackaging unit 15 needs to take the hash value of the updated package software 4a, encrypt the replacement table 27 with the hash value, and re-store the encrypted replacement table 27b.

  In addition, when the key 0 to the key n, the decryption key 8, the key A, and the replacement table 27 are generated with random numbers by the random number generator, the key and the replacement table are detected in order to detect falsification of these keys and the replacement table itself. , A random number part, an information part, and a hash part.

  Here, the random number part includes a random number generated by a random number generator, and corresponds to a substantial key constituting the key 0 to the key n, the decryption key 8, the key A, and the substitution table 27 in the present embodiment. It is a part to do. The information part describes a handling method for the random number part. For example, when the random number portion is used as a key as in the present embodiment, the key length may be limited by the export restriction law, so the key length (for example, 40 bits, 128 Bit etc.) is described in the information section. Of course, other useful information can be described in the information section.

  The hash part includes hash values of the random number part and the information part. Thereby, even if either the random number part or the information part is falsified, the falsification can be detected by the fact that the hash value after falsification is different from that before falsification. Further, even if the hash part itself is tampered with, it becomes different from the original hash value, so that tampering can be detected at that time.

  In the process of replacing the key A with the key B using the replacement table 27, the random number part, the information part, and the hash part of the key A are all replaced as one data. And the information part and the hash part are added to generate the key B.

Further, as described above, the key A may be attached to the encrypted decryption key storage file 29a, but the key A (random number part + information part + hash part) is added to the header part of the decryption key storage file 29. Is included, it is not necessary to attach a file for the key A. At that time, if the key A is not encrypted, such as the version information of the decryption key storage file 29 and the package identification information 35, and is encrypted with a hash value of fixed data, wiretapping and tampering are prevented. I can do it.

  Next, FIG. 7 to FIG. 7 show an example of the flow of a process for allowing the user to use the software 31 using the decryption key decryption program 2 and then updating the software 31 using the update program 1 of the present invention. This will be described in detail with reference to the flowcharts up to 13 and the configuration diagrams from FIGS.

  The user terminal 7 accesses the server terminal 6 via the network and selects the desired software 31.

  The server terminal 6 generates a usage key for each user (user terminal 7) and an encryption key consisting of a random number, and the software 31 is an encryption key (a key generated by a common key method, including a decryption key 8). Same). The encryption software 31a is packaged together with the decryption means 33 and the package identification information 35 to form the package software 3. Further, the decryption key 8 and the use conditions are accommodated in the decryption key storage file 29, and the decryption key shown in FIG. The decryption program 2 (including the encrypted decryption key storage file 29a) and the installation program 5 are downloaded to the user terminal 7. When the software 31 is used free of charge or when the usage conditions are common regardless of the user, the decryption key storage file 29 may include keys corresponding to all the usage conditions.

  As a premise for generating the decryption key storage file 29, registration means, billing means, etc. of the user terminal 7 are provided on the server terminal 6 side, and the software provider receives an e-mail, a homepage, a fax from the user. It is assumed that after receiving user registration, software application, remittance notification, etc. by means such as telephone, the user terminal 7 of the user is permitted to use the software 31 within certain conditions.

  Further, it is assumed that the decryption key storage file 29 is encrypted by the method described above. It is assumed that the usage status database 21a is generated only in the user terminal 7.

  When the user terminal 7 downloads the program such as the package software 3, the installation program 5 is automatically started in the user terminal 7 or in response to a request from the user terminal 7. Then, the installation program 5 is activated (S510).

  When the user terminal 7 uses the software 31 for the second time and later, the software 31 can be used in the following flow by starting the package software 3 without starting the installation program 5. May be. That is, in this embodiment, a program describing the usage procedure of the software 31 is included in the installation program 5, but when the initial installation program 5 is activated, the program describing the usage procedure is stored in the user terminal 7. It is stored in an external storage device such as a hard disk, and may be linked to the activation of the package software 3 after the second time.

  When the user terminal 7 uses the software 31 for the first time (S520), the usage status generation means 21 stores the software program 31 in an external storage device such as a hard disk of the user terminal 7 in which the installation program 5 is started. The usage status database 21a is generated (S530). If the usage status database 21a corresponding to the software 31 has already been generated, the usage status database 21a is not generated.

  The usage status database 21a stores the usage conditions in the downloaded decryption key storage file 29 (if a part or all of the usage status is not included in the decryption key storage file 29, etc. after completion of the user's software purchase settlement). It is generated based on issued usage conditions.

  In FIG. 4, since the number of usage conditions is three, three usage situations corresponding to each usage condition are generated in the usage situation database 21a. In addition, the usage status may be updated by increasing the number of times and the amount for each use, or the limit of usage conditions is first reflected in the usage status, and thereafter updated by reducing the number of times and the amount for each usage. May be.

  The usage status database 21a is encrypted based on the identification information of the user terminal 7, or only the user terminal 7 having the identification information recognized in advance by the server terminal 6 is permitted to generate the usage status database 21a. By this method, generation, copying, reading and updating in other terminals are made impossible.

  The installation program 5 is responsible for a process for making the software 31 finally available. First, the package software 3 is executed (S540). However, since the software 31 is still encrypted at this point, and it is impossible to use the software 31 even if it is simply executed, the decryption means 33 and the decompression means 25 included in the package are It will be activated (S550).

  If the decryption means 33 is activated, the data can be decrypted as long as the keys for decrypting the encrypted data are prepared. When the expansion means 25 is activated, data that must be stored in the hard disk of the user terminal 7 such as various keys and software 31 can be expanded on the main memory 71.

  Next, the package identification information 35 is input using a keyboard or the like, and the decryption key decrypting means 23 is activated (S560, S570). It is optional to activate the decryption key decryption means 23 by inputting the package identification information 35, and the input is not input by a keyboard or the like, but the package identification information 35 is taken out from the package software 3 and automatically It may be entered. Further, the input of such identification information may be prompted when a means other than the decryption key decryption means 23 is activated and expanded. Whether or not the identification information is encrypted is also arbitrary.

  The process flow up to this point does not need to be in this order.

  In this embodiment, the package identification information 35 corresponds to the key 0 in FIG. That is, the decryption key decryption means 23 is activated, and further, the first collation / update means 231 is activated. The collation / update means 231 takes out the corresponding usage condition 1.

  Here, when the decryption key storage file 29 is encrypted (S580), since the usage condition 1 cannot be extracted, the decryption key decryption means 23 extracts the encrypted replacement table 27a (S610). .

  In order to decrypt the encrypted replacement table 27a, a hash value of binary data of the package software 3 is generated (S615). The generation of the hash value may be performed by the decryption unit 33 or may be performed by another program in the user terminal 7.

  The decryption means 33 decrypts the encrypted replacement table 27a using the generated hash value as a key for decryption (S620). Here, if the replacement table 27 is not decrypted, it means that someone has tampered with the inside of the package software 3, so that the tampering is detected and it is not possible to proceed to the subsequent steps. (S625).

  The decrypted replacement table 27 is expanded on the temporary main memory 71 by the expansion means 25 (S630).

  Next, the decryption key decryption means 23 takes out the key A attached to the decryption key storage file 29 or described in the header part of the decryption key storage file 29 (S635). If the key A is the hash value of the decryption key storage file 29 itself, tampering of the decryption key storage file 29 can be detected. Further, if the hash value of the key A is also described in the header part of the decryption key storage file 29, the alteration of the key A can be detected.

  The decryption key decryption means 23 (or the decryption means 33) replaces the key A with the key B using the decrypted replacement table 27 (S640). Here, when the replacement from the key A to the key B is not performed, the decryption key storage file 29 and / or the replacement table 27 has been falsified by someone, and the falsification is detected. Do not proceed to the step (S645).

  The replaced key B is expanded on the temporary main memory 71 by the expansion means 25 (S650).

  The decryption means 33 decrypts the encrypted decryption key storage file 29a using the replaced key B (S655). Here, if the encrypted decryption key storage file 29a has not been decrypted, it means that the key B has been tampered with by someone, and the tampering is detected and the following steps are taken. (S660).

  Since the decryption key storage file 29 has been decrypted, the collation / update unit 231 can take out the use condition 1 (S710).

  As described above, all or a part of the usage conditions and keys may be stored in a recording medium such as the server terminal 6 or CD-ROM where data cannot be rewritten. In some cases, it is issued to the user as a separate file from the decryption key storage file 29 after the purchase settlement is completed.

  In particular, when the software provider provides the software 31 for a fee, all or part of the keys and usage conditions are stored in the server terminal 6 or the like, or a file different from the decryption key storage file 29 This is more effective in preventing unauthorized use of the software 31. However, when the software 31 is to be used for trial, it is convenient for the user and the software provider that all the usage conditions and keys are stored in the decryption key storage file 29.

  In this way, different usage conditions for each user can be prepared for each user, and the common usage conditions can be stored in the decryption key storage file 29. Therefore, the decryption key storage file 29 on the software provider side Ease of creation is reduced. However, if a key or usage conditions are stored on the server terminal 6 side, the user terminal 7 must access the server terminal 6 each time the software 31 is used, and the network connection burden increases accordingly. Therefore, caution is necessary.

  The collation / update unit 231 checks whether or not the usage status 1 corresponding to the extracted usage condition 1 exists in the usage status database 21a in the user terminal 7 (S715). If the usage status database 21a itself or the usage status 1 does not exist in the user terminal 7, it indicates that the software 31 is likely to be used on a terminal other than the user terminal 7, so that the following steps are performed. Is not allowed to proceed (S720).

  Further, the collation / update means 231 can detect falsification of the decryption key storage file 29, usage conditions, and usage status hash values.

  When the usage status 1 exists in the user terminal 7, the collation / update unit 231 checks whether the usage status 1 satisfies the usage condition 1, that is, whether the usage status 1 is within the range of the usage condition 1. (S725).

  For example, if the usage condition 1 is “use limit amount is 5000 yen” and the use status 1 stored in the user terminal 7 is “cumulative use amount is 3000 yen”, the use condition 1 is satisfied. Shall. On the other hand, even if the accumulated usage amount is 5000 yen or more or less than 5000 yen, if there is no remaining amount per use of the software 31, it is assumed that the usage condition 1 is not satisfied and the following Do not proceed to step (S730).

  When the usage condition 1 and the usage status 1 are verified, the usage status 1 is updated, and the key 1 necessary for proceeding to the next verification / update means 232 is taken out (S735).

  For example, when the corresponding usage condition is related to “number of times”, the usage status is updated automatically by adding 1 to the cumulative usage count or subtracting 1 from the remaining usage count. Is done. If the usage condition is related to “amount”, the usage status database 21a is updated by subtracting the usage fee for one time if the usage fee is charged for each use of the software 31. In the case where the user is charged according to the time when the software 31 is actually used, the usage status database 21a may be updated after the use of the software 31 is completed.

  In addition, even if the usage conditions are like a permanent usage right such as indefinite or unlimited number of times, the contents are empty or in order to prevent the user from passing the software 31 to others for illegal use. A process of generating the usage situation database 21a composed of meaningless data on the user terminal 7 and confirming the existence of the usage situation database 21a is always performed when the usage conditions and the usage situation are collated. This is particularly effective when the trial software is updated free of charge.

  Here, it is confirmed what number the extracted key is (S740). For example, if the total number of usage conditions is 3, after the key 3 is extracted, the decryption key 8 of the software 31 is extracted and expanded on the temporary main memory 71 by the expansion means 25 (S750). In FIG. 4, when the key 1 and the key 2 are taken out, all usage conditions have not been checked against the usage status, and the process proceeds to the next usage status and usage status verification (S745). .

  Using the decryption key 8 finally decrypted by the decryption key decryption means 23 and developed on the main memory 71, the decryption means 33 decrypts the encrypted software 31a (S755).

  The decrypted software 31 is expanded not on the hard disk of the user terminal 7 but on the main memory 71, and the software 31 can be used on the main memory 71 (S760). The reason why the software 31 is not stored in the hard disk of the user terminal 7 is to prevent the use of the software 31 ignoring the use conditions once stored in the hard disk. .

  However, every time the software 31 is used, data to be saved (setting data that cannot be used alone without an execution program, document data, etc.) cannot be opened without the decrypted software 31 in the first place. Therefore, it may be stored in an external storage device such as a hard disk.

When the use of the software 31 on the main memory 71 is completed, the software 31 is also deleted from the main memory 71. Naturally, the package software 3 remains on the hard disk, and the software 31 is removed from the second time onward. Also in the case of use, the software 31 can be used within the range of use conditions through the same decryption key decryption process as before.

  Next, a procedure for updating the software 31 used in the user terminal 7 will be described. The server terminal 6 on the software provider side prepares the update program 1 and the package software 4 and downloads them to the user terminal 7 via the network. In this embodiment, it is assumed that the package software 4 is packaged with package identification information 35 and encrypted software 41a encrypted with the same encryption key as the original software 31 is encrypted. .

  The user terminal 7 activates the downloaded update program 1 (S810). Note that the update program 1 may be automatically activated when downloaded.

  When the update program 1 is activated, the check unit 11 extracts the package identification information 35 from the package software 4 downloaded together with the update program 1 (S820), and the package software 3 having the same package identification information 35 is stored in the user terminal 7. It is confirmed whether it exists (S830).

  If the package software 3 does not exist, there is no update target, so the update program 1 stops updating (S850).

  When the package software 3 exists, the check unit 11 further confirms the version information of the package software 3 to confirm whether it is older than the version of the new software 41, and further, in the user terminal 7, It is confirmed whether or not the decryption key decryption means 23 and the decryption key storage file 29 exist (S840).

  This is because without the decryption key decryption means 23 and the decryption key storage file 29, it is impossible to determine whether the package software 3 in the user terminal 7 is an update target in the first place.

  If the decryption key decryption means 23 and the decryption key storage file 29 exist, the decryption key 8 is extracted from the decryption key storage file 29 by the procedure from S570 to S750, as in the case of using the software 31.

  In the process of taking out the decryption key 8, the check means 11 instructs the decryption key decryption means 23 to collate the use condition and the use status regarding the update, and the decryption key decryption means 23 receives the user terminal 7. If the usage conditions regarding the update are satisfied, the usage status in the usage status database 21a is updated and the decryption key 8 is decrypted.

  The usage conditions regarding the update may be the same as the usage conditions regarding the usage of the software 31 or may be different usage conditions. In the case of another use condition, a key corresponding to the use condition may be issued after the completion of the update contract settlement. In addition, it may be an empty condition such as indefinite or free of charge, and it is possible to perform an update at a valid user terminal 7 by confirming the existence of the usage status database 21a. It is possible to prevent.

  Further, the version check of the software 31 performed earlier may be performed as a process of checking the usage conditions and the usage status.

  If the decryption key 8 cannot be decrypted in this decryption key decryption process, the software 41 and the update program 1 may have been downloaded illegally, or tampering may have occurred, so the update is stopped.

  The backup unit 13 receives a notification from the check unit 11 that the update of the software 31 is permitted, and backs up the package software 3 originally stored in the user terminal 7 and the data of the replacement table 27 and the like. Store in a backup folder or the like (S860).

  In this embodiment, the backup is performed after receiving the notification that the update is permitted first. However, based on the package software 3 and the replacement table 27 that were backed up first, Decoding of 8 may be performed, and the order is not limited.

  The decryption means 33 (or check means 11) tries to decrypt the encrypted software 41a in the new package software 4 downloaded together with the update program 1 with the decrypted decryption key 8 (S870, S880).

  Here, if the decryption is successful, it can be seen that the new package software 4 is a valid update software 41, and if the decryption fails, the new package software 4 is an illegally obtained software. Since it is understood that there is, the update is canceled (S890).

  If the decryption of the encrypted software 41 is successful, the repackaging unit 15 encrypts the decrypted software 41 again with the decryption key 8 to obtain the encrypted software 41a, and the original package identification information 35 and the original software The program and data (decryption means 33 etc.) included in the package software 3 are combined and packaged to generate the package software 4a (S900). The generated package software 4a is overwritten on the original package software 3. That is, the new package software 4a is stored in the storage location of the original package software 3.

  Furthermore, in this embodiment, when the decryption key 8 is decrypted, the decryption process of the encrypted replacement table 27a is performed, and the replacement table 27 is encrypted with the hash value of the binary data of the package software 3. Therefore, the repackaging unit 15 calculates the hash value of the binary data of the new package software 4a, encrypts the replacement table 27 with this hash value, and re-stores it in the original storage location as the encrypted replacement table 27b. (S920).

  As a result, it is possible to use the same type of software on the user terminal 7 as long as the use conditions are satisfied, regardless of whether it is before or after the update.

  In order to prevent unauthorized use such as copying of the software 41, the repackaging process of the software 41 by the repackaging means 15 (decryption, reencryption, and packaging of the encrypted software 41a) is based on the package software 4a. It is desirable that the process is performed on the main memory 71 until the package software 3 is stored. Also, it is desirable that the process of converting the replacement table 27 into a replacement table 27b encrypted with a new hash value is performed on the main memory 71 as well.

After the update is completed, the original package software 3 backed up by the backup means 13 is deleted by the update program 1.

  Each means and database in the present invention are logically distinguished from each other in function, and may be physically or virtually the same area. Needless to say, a data file may be used instead of the database, and the description of the database includes the data file.

  In carrying out the present invention, the present invention is also realized by supplying a storage medium storing a software program for realizing the functions of the present embodiment to the system, and reading and executing the program stored in the storage medium by the computer of the system. Is done.

  In this case, the program itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the program constitutes the present invention.

  The program of the present invention is supplied mainly by a method of downloading to a computer via a network such as the Internet. In addition, a portable recording medium such as a magnetic disk, an optical disk, a magneto-optical disk, a magnetic tape, and a nonvolatile memory card can be supplied to the computer.

Further, by executing the program read by the computer, not only the functions of the above-described embodiments are realized, but also an operating system running on the computer is one of the actual processes based on the instructions of the program. A case where the function of the above-described embodiment is realized by performing part or all of the processing and the processing is also included in the present invention.

It is a block diagram which shows one Embodiment of the update program of this invention. It is a block diagram which shows one Embodiment of a decryption key decryption program. It is a figure which shows one Embodiment of encryption of software and packaging. It is a figure which shows an example of a structure of a decoding key decoding means, a decoding key storage file, and a utilization condition database. It is a figure which shows an example of encryption of a decryption key storage file. It is a figure which shows an example of the file structure of a decryption key storage file. It is a flowchart figure which shows an example of the flow of the process using software. It is a flowchart figure which shows an example of the flow of the process using software. It is a flowchart figure which shows an example of the flow of the process using software. It is a flowchart figure which shows an example of the flow of the process using software. It is a flowchart figure which shows an example of the flow of the process using software. It is a flowchart figure which shows an example of the flow of the process which updates software. It is a flowchart figure which shows an example of the flow of the process which updates software.

Explanation of symbols

1: Update program 11: Check means 13: Backup means 15: Repackaging means 2: Decryption key decryption program 21: Usage status generation means 21a: Usage status database 23: Decryption key decryption means 231, 232, 233: Verification / update means 25: Expansion means 27: Replacement table 27a, 27b: Encrypted replacement table 29: Decryption key storage file 29a: Encrypted decryption key storage file 3, 4, 4a: Package software 31, 41: Software 31a, 41a : Encryption software 33: Decryption means 35: Package identification information 37: Header 5: Installation program 6: Server terminal 7: User terminal 71: Main memory 8: Decryption key

Claims (26)

Package software that is encrypted with a common key generated by a person other than the user using a common key encryption method and packaged with package identification information is used under the usage conditions such as the number of times, amount of money, time limit, etc. In a software providing service to be used on the user's terminal, an update program for updating the software,
The update program is stored in the terminal after a decryption key decryption program for decrypting the decryption key of the encrypted software is stored in the terminal of the user,
The decryption key decryption program is
Usage status generation that generates a usage status database that can be updated every time the software is used, on a terminal other than the user's terminal and that cannot be updated on the user's terminal. Means,
The usage status stored in the usage status database is collated with the usage conditions, and the usage status in the usage status database is updated only when the usage status does not exceed the usage conditions, and the encryption is performed. Decryption key decryption means for decrypting the decryption key of the software that has been decrypted from the decryption key storage file;
Expanding means for expanding the decrypted decryption key on a main memory of the user terminal;
The update program is
A check unit that determines whether the package software stored in the user terminal is an update target, and activates the decryption key decryption unit;
Backup means for backing up the packaged software;
Using the decryption key decrypted when the use condition regarding the update is satisfied by the decryption key decryption means, the new software sent from the software provider is encrypted and packaged together with the package identification information, and the package software Repackage means to replace with,
An update program characterized by comprising: The update program according to claim 1, wherein encryption and packaging of new software in the repackaging means is performed on a main memory. The new software is sent to the user's terminal in a state encrypted with the common key,
The check means tries to decrypt the new encrypted software using the decryption key decrypted when the use condition regarding the update is satisfied by the decryption key decryption means, and when the decrypted key is decrypted, The update program according to claim 1 or 2, wherein the update is permitted. The update program according to claim 3, wherein decryption of the new encrypted software in the check means is performed on a main memory. The said check means confirms whether the said package software, the said decryption key decryption program, the said decryption key storage file, and the said usage condition database are stored in the said user's terminal. Item 5. The update program according to any one of Items 4 to 6. The update program according to any one of claims 1 to 5, wherein the check unit confirms whether a version of software in the package software is older than a version of the new software. The decryption key storage file contains the decryption key and one or more use conditions,
The update program according to any one of claims 1 to 6, wherein the update program is stored in the user terminal so that the decryption key can be decrypted only by the decryption key decryption means. Part or all of the use conditions are not included in the decryption key storage file,
The update program according to any one of claims 1 to 7, wherein the update program is issued after completion of purchase or update settlement of the package software by the user. The update program according to any one of claims 1 to 8, wherein the decryption key storage file is encrypted with a second key obtained by replacing a first key such as a random number with a replacement table. The update program according to claim 9, wherein the replacement table is generated for each software provider. The update program according to claim 9 or 10, wherein the replacement table is encrypted by a one-way function such as a hash value obtained from binary data of the package software. The update according to claim 11, wherein the repackaging means encrypts the replacement table with a one-way function such as a hash value obtained from binary data of the package software replaced with the package software. program. The usage status database is encrypted at the user terminal by a one-way function such as a hash value of identification information (MAC address, BIOS serial number, hard disk serial number, etc.) of the terminal. The update program according to any one of claims 1 to 12, wherein: Package software that is encrypted with a common key generated by a person other than the user using a common key encryption method and packaged with package identification information is used under the usage conditions such as the number of times, amount of money, time limit, etc. In a software providing service to be used on a person's terminal, an update method for updating the software,
The update method is executed after at least one decryption key decryption process for decrypting the decryption key of the encrypted software,
The decryption key decryption process includes:
A usage database that can update the usage status every time the software is used is read by a terminal other than the user's terminal, and is generated on the user's terminal in a state in which it cannot be updated. Process,
The usage status stored in the usage status database is collated with the usage conditions, and the usage status in the usage status database is updated only when the usage status does not exceed the usage conditions, and the encryption is performed. A second step of decrypting the decryption key of the generated software from the decryption key storage file;
A third step of expanding the decrypted decryption key on a main memory of the user terminal;
The update method is:
A fourth step of determining whether or not the packaged software stored in the user terminal is an update target;
A fifth step of backing up the packaged software;
In the first decryption key decryption process, the decryption key decrypted when the use condition regarding the update is satisfied is used to encrypt the new software sent from the software provider, and package the package with the package identification information. A sixth process to replace the packaged software;
An update method characterized by comprising: 15. The update method according to claim 14, wherein encryption and packaging of new software in the sixth process is performed on a main memory. The new software is sent to the user's terminal in a state encrypted with the common key,
In the fourth step,
Try to decrypt the new encrypted software using the decryption key decrypted when the update usage conditions are satisfied by the decryption key decryption process, and permit the update when decrypted. The update method according to claim 14 or 15, wherein: The update method according to claim 16, wherein the decryption of the new encrypted software in the fourth process is performed on a main memory. In the fourth step,
The update method according to any one of claims 14 to 17, wherein it is confirmed whether or not the package software, the decryption key storage file, and the usage status database are stored in the user terminal. In the fourth step,
The update method according to any one of claims 14 to 18, wherein it is confirmed whether or not a software version in the package software is older than a version of the new software. The decryption key storage file contains the decryption key and one or more use conditions,
The update method according to any one of claims 14 to 19, wherein the update key is stored in the user terminal so that the decryption key can be decrypted by the decryption key decryption method. Part or all of the use conditions are not included in the decryption key storage file,
The update method according to any one of claims 14 to 20, wherein the update is issued after the user completes the purchase of the package software or the completion of the update settlement. The update method according to any one of claims 14 to 21, wherein the decryption key storage file is encrypted with a second key obtained by replacing a first key such as a random number with a replacement table. The update method according to claim 22, wherein the replacement table is generated for each software provider. The update method according to claim 22 or 23, wherein the replacement table is encrypted by a one-way function such as a hash value obtained from binary data of the package software. The update method is:
The update method according to claim 24, wherein the replacement table is encrypted by a one-way function such as a hash value obtained from binary data of the package software replaced with the package software. The usage status database is encrypted at the user terminal by a one-way function such as a hash value of identification information (MAC address, BIOS serial number, hard disk serial number, etc.) of the terminal. The update method according to any one of claims 14 to 25, wherein:

Images