JP2006178593A - Resource protection system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a resource protection system that enables addition of resources, while keeping costs low, and preventing duplication of the resources. <P>SOLUTION: A printer 100 sends encrypted identification information 201 to a delivery site 300. The printer 100 receives an encrypted resource. The printer 100 decrypts the encrypted resource by means of a resource public key 203. The printer 100 creates a key pair. The printer 100 encrypts a resource by means of a printer private key 161 and stores the resource together with a printer public key 161. The printer 100 decrypts the encrypted resource by means of the printer public key 162. A delivery site 300 receives the encrypted identification information 201. The delivery site 300 decrypts the encrypted identification information 201 by means of an identification information public key 323. The delivery site 300 reads a database 324 and determines whether or not there is the right to use the resource with respect to the identification information. The delivery site 300 sends the encrypted resource to the printer 100. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a resource protection system that prevents a resource written on an external recording medium from being copied and diverted in the market.

In general, when a printing apparatus prints characters, the printing apparatus incorporates several types of font data, and performs printing in accordance with a desired font according to user settings and instructions. By the way, since this font data is expensive, when the printing apparatus is initially shipped, only basic font data is mounted and sold, and special font data is sold separately. However, in order to purchase font data and use it in a printing apparatus, conventionally, a service person of the printing apparatus has to make a special setting.
In addition, as one of the methods in which software and data installed in a computer are not duplicated and used, a method of connecting special hardware to the computer is known. This special hardware is a key device commonly called “dongle”, and it is essential to connect to a computer when using it, and if it is not available, the installed software and data cannot be used. It is. This method is effective in a computer having a plurality of physical means (interfaces) for connecting a key device, but the key device is not useful in an apparatus such as a printing apparatus that does not have many interfaces. In general, since a key device is expensive, providing a key device for each font data leads to an increase in product price and impairs the appeal of the product.
On the other hand, the software itself is distributed by a medium such as a CD-ROM. However, a distribution form is known in which the function is limited or the software can be used only for a predetermined period only by installing it. In this case, when the user pays a predetermined fee to the manufacturer / seller and purchases the “key” on the software and applies it to the installed device, the restriction is released and the software can be used. However, this method cannot prevent the use when the key on the software is copied and distributed. Further, in a printing apparatus with a poor user interface, it is very inconvenient to use a key on software, and there is a problem that practicality is low.
In addition, a technology that uses fonts to store font data that has not been purchased in a state encrypted with a public key in advance in a printing device, allows a user to input a secret key for password authentication, and uses a font Published in Document 1.
However, since this technique stores several types of font data in advance in a printing apparatus in a state where it cannot be used, it is not a function that freely uses newly developed and added fonts in the future. Therefore, there is a problem that fonts that can be used by the printing apparatus are limited at the time of manufacture.
JP 2003-48347 A

  The present invention has been made in view of the above points, and an object of the present invention is to provide a resource protection system that allows a user to add resources and prevents resource duplication while suppressing an increase in cost.

  In order to solve the above-mentioned problem, the invention of claim 1 comprises an electronic device connected to a network, an external recording medium removably connected to the electronic device, and a server connected to the network. In the resource protection system, the external recording medium stores identification information and a first public key, and the server stores storage means for storing resources encrypted by a first private key, and the electronic Receiving a request for a resource together with the identification information from a device, authenticating the identification information, and transmitting the resource to the electronic device based on an authentication result, the electronic device comprising the external storage medium Transmission means for transmitting the identification information in the server to the server, and the resource received from the server by the first public key read from the external storage medium. Decoding means for decoding, said first resource decoded by the public key of a resource protection system characterized by comprising a writing means for writing in the external storage medium or the electronic device.

  According to a second aspect of the present invention, there is provided a resource protection system comprising: an electronic device connected to a network; an external recording medium removably connected to the electronic device; and a server connected to the network. Stores encrypted identification information, an address of the server on the network, and a first public key, and the electronic device reads the encrypted identification information of the external recording medium, Identification information transmitting means for transmitting to the authentication device based on the address; resource receiving means for receiving the resource encrypted with a first private key from the server; and the first public key for the external record. A distribution resource decryption means for reading from the medium and decrypting the encrypted resource with the first public key; and a second public based on the unique identification information. Public key pair generating means for generating a key and a second private key, resource encryption means for encrypting the decrypted resource with the second private key, and encrypted with the second private key Operation resource storage means for storing resources in the external storage medium or the electronic device, and the resource encrypted with the second private key are read from the external storage medium or the electronic device and decrypted with the second public key Operating resource decryption means, wherein the server records a distribution status recording means for recording a distribution status of the resource with respect to the identification information of the external recording medium, and the encrypted with the first private key. Distribution resource storage means for storing resources, and identification information reception for receiving the encrypted identification information of the external recording medium from the electronic device via the network And an identification information decryption means for decrypting the encrypted identification information of the external recording medium with a third public key, and reading the resource distribution status of the resource distribution status storage means, A distribution status verification unit that determines whether or not the resource has a right to use corresponding to the identification information of the recording medium, and the first private key encrypted based on the determination result of the distribution status verification unit A resource protection system comprising: resource transmission means for transmitting a resource to the electronic device.

The invention of claim 3 is a resource protection system comprising an electronic device connected to a network, an external recording medium removably connected to the electronic device, and a server connected to the network. Stores the encrypted identification information, the address of the server on the network, and the resource encrypted with a first private key, and the electronic device stores the encrypted information on the external recording medium. The identification information decrypting means for reading the identified information and decrypting it with the first public key, and the distribution for reading the resource encrypted with the first private key from the external recording medium and decrypting it with the first public key Time resource decoding means, identification information transmitting means for transmitting the decoded identification information of the external recording medium to the server based on the address, and a second public information Public key pair receiving means for receiving a key and a second private key from the server, resource encryption means for encrypting the decrypted resource with the second private key, and encryption with the second private key An operational resource storage means for storing the generalized resources;
Operating resource decryption means for reading out the resource encrypted with the second private key from the resource storage means and decrypting with the second public key, and the server includes identification information of the external recording medium Distribution status recording means for recording the distribution status of the resource to the resource, distribution resource storage means for storing the resource encrypted with the first private key, and the external recording from the electronic device via the network An identification information receiving means for receiving identification information of the medium; and from the received identification information of the external recording medium and the distribution status of the resource of the distribution status storage means, the resource information corresponding to the identification information of the external recording medium Distribution status checking means for determining whether or not there is a right of use, and public for generating the second public key and the second private key based on unique identification information Comprising: a pair generation unit; and a public key pair transmission unit configured to transmit the second public key and the second private key to the electronic device based on a determination result of the distribution status verification unit. It is a resource protection system.

  The invention of claim 4 is the invention of claim 2 or 3, wherein the network is the Internet and the address is a URL.

  The invention of claim 5 is a resource protection system comprising an electronic device, a server capable of transmitting data to the electronic device, and an external recording medium connected to the electronic device and the server and storing attribute information. The external recording medium includes storage means for storing the encrypted identification information, the address of the server on the network, and the resource encrypted with a first private key. Distribution status recording means for recording the distribution status of the resource with respect to identification information of the external recording medium, distribution resource storage means for storing the resource encrypted with the first private key, and attribute information of the external recording medium And an attribute determination means for determining whether the external recording medium can be authenticated offline, and an identification information reading method for reading the identification information of the external recording medium A distribution status verification unit that determines whether or not there is a right to use the resource corresponding to the identification information of the external recording medium from the read identification information and the distribution status of the resource of the distribution status storage unit; Based on the determination result of the distribution status verification unit, the public key pair generation unit that generates the second public key and the second private key based on the unique identification information, the identification information of the external recording medium, Authentication data transmitting means for transmitting a second public key and the second private key to the electronic device, the electronic device including identification information of the external recording medium, the second public key, and the Authentication data receiving means for receiving a second private key from the server, and resource decryption upon distribution for reading the resource encrypted with the first private key from the external recording medium and decrypting it with the first public key means Resource encryption means for encrypting the resource decrypted with the first public key with the second private key, and operational resource storage means for storing the resource encrypted with the second private key; An operational resource decryption unit that reads the encrypted resource from the resource storage unit and decrypts the encrypted resource with the second public key; and a second public key storage unit that stores the second public key. This is a resource protection system.

  According to a sixth aspect of the present invention, in the first to fifth aspects of the invention, the public key pair generating means generates the second public key and the second private key based on time data at the time of authentication. Further features.

  According to the present invention, the user purchases special font data separately from the printing apparatus, transmits the identification information of the external recording medium indicating the purchase to the apparatus managed by the manufacturer, and permits its use. Later, a unique public key pair is generated on the external recording medium, the resource is encrypted and stored, and decrypted at the time of use, so it is impossible to use the encrypted and stored resource with other printing devices Thus, unauthorized use can be prevented.

  Further, according to the present invention, since a key device such as a dongle is not used, resources can be provided to the user at a low cost.

  According to the fourth aspect of the present invention, since the manufacturer can set up a site on the Internet for resource distribution and update the distribution status in real time, accurate management can be performed.

  According to the third aspect of the present invention, it is possible to assign a URL for each resource and install an authentication device on the Internet. Therefore, when there are a plurality of resource manufacturers, the manufacturers individually distribute them. -An authentication site can be established. As a result, a plurality of resource manufacturers can manage the distribution of resources, and the resource sales business of the printing apparatus can be promoted.

  According to the fifth aspect of the present invention, it is possible to perform offline authentication as to whether or not the user has purchased the resource, so that the resource can be added during operation of the printing apparatus regardless of the installation environment of the user's printing apparatus.

  According to the sixth aspect of the present invention, since different public key pairs are generated for each authentication time, it is possible to generate different public key pairs depending on the authentication time even in the same system, so that resources can be held more securely than before. be able to.

  The electronic device used in the present invention is a device that stores and uses resources after shipment of the electronic device. The resource used in the present invention refers to data such as special font data, image images, and programs that are additionally installed in the printing apparatus and used. In the following, a resource protection system in which resources used in the present invention are applied to font data, and an electronic device used in the present invention is applied to a printing apparatus that receives a character code and prints a corresponding character image in the font data. The first embodiment will be described.

FIG. 1 is a diagram showing a configuration of a resource protection system according to the present embodiment, which is used by connecting to a distribution site 300 connected to the Internet N, a printing apparatus 100 communicating with the distribution site 300, and the printing apparatus 100. An external medium 200 is included. First, the configuration of the printing apparatus 100 will be described. Reference numeral 110 denotes a connection mechanism that connects to the external medium 200. Reference numeral 150 denotes a network I / F (for example, a network card) for communicating with the distribution site 300. Reference numeral 160 denotes a memory. Here, the memory includes a volatile memory and a nonvolatile memory. A control unit 120 includes functions of a read interpretation unit 121, a write unit 122, an access control unit 123, an encryption key generation unit 124, a decryption unit 125, and an encryption unit 126, which will be described later. The reading interpretation unit 121 reads various data stored in the external medium 200 via the connection mechanism 110. The writing unit 122 writes the resource received from the distribution site 300 to the external medium. The resource here refers to font data. The access control unit 123 performs communication control with the distribution site 300 on the Internet N based on the data received from the reading interpretation unit 121. The data received by the access control unit 123 is analyzed by the read interpretation unit 121 described above. The encryption key generation unit 124 generates a public key pair used when encrypting / decrypting the received resource. The decryption unit 125 decrypts the encrypted resource and the like. The encryption unit 126 encrypts the resource. Details will be described later.
The printing apparatus 100 is mounted with a CPU (Central Processing Unit) (not shown), and is realized by loading a program (not shown) for realizing the function of the control unit 120 onto the memory 160 and executing it. .

  Each function described above may be realized using dedicated hardware.

  Next, the configuration of the external medium 200 will be described. The external medium 200 is a recording medium having a terminal that can be connected to the connection mechanism 110 of the printing apparatus 100. The external media 200 is sold in the market in a state where data including identification information 201, distribution site information 202, and resource public key 203 is stored. Here, the identification information 201 is a serial number uniquely assigned to each external media, and is encrypted in advance by a private key that forms a pair with the identification information public key 323 held by the distribution site 300 described above. It has become. Further, the distribution site information 202 here indicates an address of a site where the resource is downloaded. For example, the URL (Uniform Resource Locator) of the distribution site.

  Next, the configuration of the distribution site 300 will be described. The distribution site 300 is connected to the Internet N via a network I / F and an access control unit (not shown) similar to those of the printing apparatus. Reference numeral 310 denotes an identification collation unit that collates the identification information 201 of the external medium 200 received from the printing apparatus 100 via the Internet N with the database 324 of the storage unit 320. In addition to the database 324, the storage unit 320 holds a resource 321, a resource private key 322 for encrypting the resource, and the aforementioned identification information public key 323.

Next, an operation in which a user who has purchased the external media 200 downloads a resource from the distribution site 300 and uses the resource in the printing apparatus 100 will be described using the flowchart of FIG.
First, when the user inserts the purchased external media 200 into the connection mechanism 110 of the printing apparatus 100, the read interpretation unit 121 reads various data of the external media, and the identification information 201, the distribution site information 202, and the resources described above are read. It is confirmed whether or not data other than the public key 203 is written (step S11). If not written, the data is temporarily stored in the memory 160. Next, the access control unit 123 controls the network I / F 150 to transmit the encrypted identification information 201 to the distribution site 300 based on the distribution site information 202 in the memory 160 (step S12).

  When the distribution site 300 receives the encrypted identification information 201 transmitted from the network I / F 150, the identification verification unit 310 decrypts it with the identification information public key 323. Next, the distribution status of the resource 321 corresponding to the identification information obtained by decryption is read from the database 324, and it is verified whether or not it has already been distributed (step S21). If the resource 321 has already been distributed for the received identification information, the resource 321 is not distributed. On the other hand, if not yet distributed, the resource 321 is encrypted using the resource private key 322 (step S22) and transmitted to the printing apparatus 100 (step S23). Thereafter, the identification verification unit 310 registers in the database that the resource 321 corresponding to the received identification information has been distributed (step S24).

  When the access control unit 123 of the printing apparatus 100 receives data from the distribution site 300, the reading interpretation unit 121 analyzes the received data. As a result, when it is confirmed that the encrypted resource has been received from the distribution site 300 via the Internet N, the decryption unit 125 decrypts this using the resource public key 203 (step S13). Then, the encryption key generation unit 124 generates a public key pair (a printing device private key 161 and a printing device public key 162) that is used for printing by a public key algorithm based on unique identification information, for example, a serial number (Step S1). S14).

  The encryption unit 126 encrypts the decrypted resource using the printing apparatus private key 162 (step S15). Then, the writing unit 122 writes the encrypted resource to the external medium 200 (step S16), and then deletes the resource public key 203 stored in the external medium. Then, the printing device public key 162 is stored in a nonvolatile memory area in the memory, and the printing device private key 161 is discarded (step S17).

  Next, operations when resources are used in the printing apparatus 100 will be described. First, the user inserts the external medium 200 in which the encrypted resource is stored into the connection mechanism 110 of the printing apparatus 100. The read interpretation unit 121 of the printing apparatus 100 reads the encrypted resource from the external medium 200 and temporarily writes it in the memory 160. The decryption unit 125 reads the printing apparatus public key 162 from the memory 160, decrypts the encrypted resource, and writes it into the memory 160. Thereafter, printing processing is performed using the obtained font data. For example, when the resource is a program, it is executed at a predetermined timing.

  Here, when an external medium storing an encrypted resource is inserted into a printing apparatus different from the printing apparatus 100 used when the resource is downloaded to the external medium 200, the resource is stored in the memory 160 of the printing apparatus 100. Since the printing device public key 162 is different, the resource 321 cannot be correctly decrypted and used. Thereby, it is possible to prevent the same external medium 200 from being diverted by a plurality of printing apparatuses. Similarly, when the encrypted resource 321 is copied to a different external medium, the stored resource can be used only by the printing apparatus 100 used at the time of download, so the resource of the external medium 200 is illegally copied. , Can be prevented from being sold in the market.

  In step S11 described above, it is confirmed whether or not the data stored in the external medium 200 includes data other than the identification information 201, the distribution site information 202, and the resource 203, but this confirmation is not performed. Whether or not to distribute resources may be determined only by collating the distribution status of resources at the distribution site 300.

  In the above-described embodiment, when a display unit such as a liquid crystal display is mounted on the printing apparatus 100 and resources are downloaded from the distribution site 300 to the printing apparatus 100, the authentication status, the communication line status at the time of downloading, The distribution status of resources to the external media being used may be displayed on the display unit. An input unit such as a cancel button for interrupting these processes may be mounted. Note that a touch panel display unit or the like having a single display unit and input unit may be used.

  In the above embodiment, the number of distribution site information 202 stored in the external medium 200 is one. However, a plurality of distribution site information 202 is stored, and the user may select from which site to download. . In that case, the printing apparatus 100 equipped with a display unit and an input unit is used, the URL of each distribution site is displayed on the display unit of the printing apparatus 100, the user selects this, and the access control unit of the printing apparatus 100 123 is realized by accessing a distribution site on the Internet N according to this.

  A plurality of resources may be downloaded from one or a plurality of distribution sites 300 using one external medium 200. In this case, information indicating the resource 321 distributed from each of the plurality of distribution site information 202 of the external medium 200 is attached. Then, the display unit of the printing apparatus displays this identification information, and the user selects the resource 321 to be acquired by pressing a selection button or the like, thereby determining the distribution site 300 to be accessed.

Next, a second embodiment will be described. The difference from the first embodiment is that resources are encrypted and stored in advance in an external medium and sold in the market.
FIG. 3 is a diagram showing the configuration of the resource protection system according to the present embodiment, and is used by connecting to the authentication site 500 connected to the Internet N, the printing apparatus 100 communicating with the authentication site 500, and the printing apparatus 100. External media 400. The configuration of the printing apparatus 100 used in the first embodiment is different from the configuration of the printing apparatus 100 in that there is no encryption key generation unit and the resource public key 163 is stored in the memory 160 in advance at the time of shipment. Compared to the external medium 200 used in the first embodiment, the external medium 400 used in this embodiment does not hold the resource public key 203 but stores attribute information 401 and resources 403. The authentication site information 402 is stored instead of the distribution site information 202. The authentication site 500 stores in the storage unit 530 a database 531 that records the authentication processing status corresponding to the identification information 201 of the external medium 400. Reference numeral 510 denotes an identification verification unit that confirms the authentication status with reference to this database. Reference numeral 520 denotes an encryption key generation unit that generates a public key pair for the printing apparatus 100. Details will be described later.

Next, using the flowchart of FIG. 4, an operation in which a user who has purchased the external medium 400 is authenticated from the authentication site 500 and uses a resource stored in the external medium 400 will be described.
As described above, the external medium 400 is sold / distributed in a state where the attribute information 401, the identification information 201, the authentication site information 402, and the resource 403 are written. Here, the identification information 201 and the resource 403 are encrypted with a private key that is paired with the resource public key 163 that is generated in advance by the manufacturer and stored in the printing apparatus 100. The user purchases the external medium 400 and inserts it into the connection mechanism 110 of the printing apparatus 100 owned by the user. The reading interpretation unit 121 of the printing apparatus 100 reads the data of the external medium 400 and temporarily stores it in the memory 160 (step S31). Thereafter, the decryption unit 125 reads the resource public key from the memory 160, and decrypts the identification information 201 and the resource 403 (step S32). Next, the access control unit 123 reads the authentication site information 402 from the memory 160, and based on this, transmits the decrypted identification information to the authentication site 500 and requests authentication (step S33).

  The authentication site 500 reads the authentication status corresponding to the received identification information from the database 531 and checks whether or not it has been authenticated (step S41). If it is not authenticated, the encryption key generation unit 520 generates a public key pair (step S42) and transmits it to the printing apparatus 100 (step S43). Here, the public key pair is generated based on identification information received by the distribution site 500 and random elements such as the time of authentication. Then, the data in the database 531 corresponding to the received identification information is updated and registered so as to indicate authentication (step S44).

  When the reading interpretation unit 121 of the printing apparatus 100 detects that the public key pair has been received via the Internet N, it temporarily writes it in the memory 160 (the printing apparatus private key 161 and the printing apparatus public key 162 in FIG. 3). The encryption unit 126 encrypts the resource in the memory 160 with the printing apparatus private key 161 (step S34). Next, the writing unit 122 writes this in the external medium 400 (step S35). At this time, the resources stored in the external medium 400 are overwritten and deleted. Thereafter, the encryption unit 126 stores the printing device public key 162 in the nonvolatile memory of the printing device 100, and discards the printing device private key 161 (step S36).

  In this way, even if an unauthorized copy of a resource downloaded from a distribution site and stored on external media is performed, the use of that resource can be prohibited, so a business that stores and sells expensive resources on external media A form can be established.

  In the second embodiment described above, the encryption key generation unit 520 of the authentication site 500 generates a public key pair based on the identification information of the external medium 400 received from the printing apparatus 100 and the authentication time. The printing apparatus 100 may transmit its own serial number to the authentication site 500, and the encryption key generation unit 520 may further generate a public key pair using this serial number. Alternatively, the IP address of the printing apparatus 100 may be read from the received data from the printing apparatus 100, and public key pair generation may be performed using this.

In the second embodiment described above, the authentication site 500 may store the generated public key pair or printing apparatus public key. As a result, when a problem occurs in the printing apparatus 100 and the printing apparatus public key in the memory 160 is lost, the authentication site 500 re-distributes the resources to the printing apparatus 100, thereby specially redistributing resources from the manufacturer. Without using the encrypted resources stored in the external medium.
Further, the authentication site 500 may store only the printer private key.

  In the second embodiment described above, the encrypted identification information 201 of the external medium 400 is decrypted by the printing apparatus 100 and transmitted to the authentication site 500. However, the authentication site 500 previously uses a key for decryption. Alternatively, the printing apparatus 100 may transmit the identification information 201 to the authentication site 500 as it is, and the authentication site 500 may perform decryption processing. This prevents leakage of identification information on the Internet.

  In the first and second embodiments described above, the database storing the authentication status held by the distribution site 500 is data corresponding to the identification information of the external medium 500. However, the printing apparatus 100 at the time of authentication is used. The serial number may be transmitted from the printer 100 and the serial number of the printing apparatus 100 may be stored together. Accordingly, the authentication site 500 can manage the authentication status not only for the authentication of the external media but also for the printing apparatus 100 that uses the resource.

Next, a third embodiment will be described. The second embodiment is that a resource or a service person of a printing apparatus goes to a user's printing apparatus installation location, and the printing apparatus is authenticated offline by a computer brought by the service person without being connected to the Internet or the like. Is different.
First, the external medium 400 stores attribute information that enables offline authentication. The service person connects the authentication computer and the printing apparatus with a parallel cable or a network. Here, the authentication computer stores a database similar to that of the authentication site 500 used in the above-described second embodiment, and software for performing equivalent verification processing is installed and executable. Yes. Next, when the service person connects the external medium 400 to the authentication computer, the authentication computer confirms the attribute information and confirms whether the external medium can be authenticated offline. If it is an external medium capable of offline authentication, the identification information is read out, and the same processing as the authentication site authentication in the second embodiment described above is performed. When the authentication is successful, the authentication computer generates a public key pair as in the second embodiment. Thereafter, the public key pair is transmitted to the printing apparatus together with the identification information 201 of the external medium 400.

  The printing apparatus receives the identification information and the public key pair from the authentication computer. When the user connects the external medium 400 to the printing apparatus, the printing apparatus reads the identification information of the external medium, decrypts it with the resource public key 163, and collates it with the identification information received from the authentication computer. Then, the encrypted resource 403 is decrypted with the resource public key. Thereafter, if the received identification information and the identification information read from the external medium can be confirmed to be the same as a result of the above-described collation, the processes after step S34 in the second embodiment are performed.

  In the above description, a USB memory unit may be used for data exchange between the printing apparatus and the authentication computer. In that case, the authentication computer writes the identification information of the external medium and the generated public key pair in the USB memory unit. Thereafter, the user may connect to a printing apparatus having a USB interface (however, a host function), and the printing apparatus may read it.

  In addition, when the above-described authentication computer performs authentication processing, the manufacturer establishes an authentication site that connects to an authentication site on the Internet and stores an authentication status database and verification processing software on the Internet. The authentication computer may access this during authentication. Accordingly, even if the printing apparatus does not have a function of connecting to the Internet, authentication processing can be performed using the latest database.

  In the first to third embodiments described above, the available resources are stored in the external medium. However, a nonvolatile memory having a sufficient capacity is installed in the printing apparatus, and the resources are stored in the printing apparatus. Also good.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes a design and the like within the scope not departing from the gist of the present invention.

It is a figure which shows the structure of the resource protection system by the 1st Embodiment of this invention. FIG. 8 is a flowchart illustrating an operation in which the printing apparatus downloads and uses resources from a distribution site in the embodiment. It is a figure which shows the structure of the resource protection system by the 2nd Embodiment of this invention. 4 is a flowchart illustrating an operation in which the printing apparatus receives authentication of resource use from an authentication site in the embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Printing apparatus 110 ... Connection mechanism 120 ... Control part 121 ... Reading interpretation part 122 ... Writing part 123 ... Access control part 124 ... Encryption key generation part 125 ... Decryption part 126 ... Encryption part 150 ... Network I / F
DESCRIPTION OF SYMBOLS 160 ... Memory 161 ... Printer private key 162 ... Printer public key 163 ... Resource public key 200 ... External media 201 ... Identification information 202 ... Distribution site information 203 ... Resource public key 300 ... Distribution site 310 ... Identification information part 320 ... Memory Part 321 ... resource 322 ... resource private key 323 ... identification information public key 324 ... database 400 ... external media 401 ... attribute information 402 ... authentication site information 403 ... resource 500 ... authentication site 510 ... identification verification part 520 ... encryption key generation part 530 ... Storage unit 531 ... Database N ... Internet

Claims (6)

In a resource protection system comprising: an electronic device connected to a network; an external recording medium detachably connected to the electronic device; and a server connected to the network.
The external recording medium stores identification information and a first public key,
The server
Storage means for storing resources encrypted by the first private key;
Receiving a resource request together with the identification information from the electronic device, authenticating the identification information, and transmitting means for transmitting the resource to the electronic device based on an authentication result,
The electronic device is
Transmitting means for transmitting identification information in the external storage medium to the server;
Decryption means for decrypting the resource received from the server with the first public key read from the external storage medium;
Writing means for writing the resource decrypted by the first public key to the external storage medium or the electronic device;
A resource protection system comprising: In a resource protection system comprising: an electronic device connected to a network; an external recording medium detachably connected to the electronic device; and a server connected to the network.
The external recording medium is
Storing encrypted identification information, an address of the server on the network, and a first public key;
The electronic device is
An identification information transmitting means for reading out the encrypted identification information of the external recording medium and transmitting it to the authentication device based on the address;
Resource receiving means for receiving the resource encrypted with the first private key from the server;
Distribution resource decryption means for reading the first public key from the external recording medium and decrypting the encrypted resource with the first public key;
Public key pair generating means for generating the second public key and the second private key based on the unique identification information;
Resource encryption means for encrypting the decrypted resource with the second private key;
Operation resource storage means for storing the resource encrypted with the second private key in the external storage medium or the electronic device;
A resource decryption unit for operation that reads out the resource encrypted with the second private key from the external storage medium or the electronic device and decrypts the resource with the second public key;
The server
Distribution status recording means for recording a distribution status of the resource for the identification information of the external recording medium;
Distribution resource storage means for storing the resource encrypted with the first private key;
Identification information receiving means for receiving the encrypted identification information of the external recording medium from the electronic device via the network;
Identification information decryption means for decrypting the encrypted identification information of the external recording medium with a third public key;
A distribution status verification unit that reads out the resource distribution status of the resource distribution status storage unit and determines whether or not the resource has a right to use corresponding to the decrypted identification information of the external recording medium;
A resource protection system comprising: a resource transmission unit configured to transmit a resource encrypted with the first private key to the electronic device based on a determination result of the distribution status verification unit. In a resource protection system comprising: an electronic device connected to a network; an external recording medium detachably connected to the electronic device; and a server connected to the network.
The external recording medium is
Storing the encrypted identification information, the address of the server on the network, and the resource encrypted with a first private key;
The electronic device is
An identification information decryption means for reading out the encrypted identification information of the external recording medium and decrypting it with a first public key;
A resource decryption unit at the time of distribution that reads the resource encrypted with the first private key from the external recording medium and decrypts the resource with the first public key;
Identification information transmitting means for transmitting the decrypted identification information of the external recording medium to the server based on the address;
Public key pair receiving means for receiving a second public key and a second private key from the server;
Resource encryption means for encrypting the decrypted resource with the second private key;
Operational resource storage means for storing resources encrypted with the second private key;
An operational resource decryption unit that reads out the resource encrypted with the second private key from the resource storage unit and decrypts the resource with the second public key;
The server
Distribution status recording means for recording the distribution status of the resource for the identification information of the external recording medium;
Distribution resource storage means for storing the resource encrypted with the first private key;
Identification information receiving means for receiving identification information of the external recording medium from the electronic device via the network;
Distribution status verification for determining whether or not there is a right to use the resource corresponding to the identification information of the external recording medium from the received identification information of the external recording medium and the distribution status of the resource of the distribution status storage means Means,
Public key pair generating means for generating the second public key and the second private key based on unique identification information;
A resource protection system comprising: a public key pair transmission unit configured to transmit the second public key and the second private key to the electronic device based on a determination result of the distribution status verification unit.   The resource protection system according to claim 2 or 3, wherein the network is the Internet, and the address is a URL. A resource protection system comprising: an electronic device; a server capable of transmitting data to the electronic device; and an external recording medium connected to the electronic device and the server to store attribute information,
The external recording medium is
Storage means for storing the encrypted identification information, the address of the server on the network, and the resource encrypted with a first private key;
The server
Distribution status recording means for recording the distribution status of the resource for the identification information of the external recording medium;
Distribution resource storage means for storing the resource encrypted with a first private key;
Attribute determination means for reading out attribute information of the external recording medium and determining whether the external recording medium is capable of offline authentication;
Identification information reading means for reading the identification information of the external recording medium;
A distribution status checking means for determining whether or not there is a right to use the resource corresponding to the identification information of the external recording medium from the read identification information and the distribution status of the resource of the distribution status storage means;
Public key pair generating means for generating the second public key and the second private key based on the unique identification information;
Based on the determination result of the distribution status verification means, comprising identification information of the external recording medium, authentication data transmission means for transmitting the second public key and the second private key to the electronic device,
The electronic device is
Authentication data receiving means for receiving the identification information of the external recording medium, the second public key and the second private key from the server;
Distribution resource decryption means for reading the resource encrypted with the first private key from the external recording medium and decrypting with the first public key;
Resource encryption means for encrypting the resource decrypted with the first public key with the second private key;
Operational resource storage means for storing resources encrypted with the second private key;
An operational resource decryption unit that reads the encrypted resource from the resource storage unit and decrypts the encrypted resource with the second public key;
Second public key storage means for storing the second public key;
A resource protection system comprising: The resource protection system according to claim 1, wherein the public key pair generation unit further generates the second public key and the second private key based on time data at the time of authentication.

Images