JP2007183696A - Program, method and device for managing license of application program or content - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To apply a program, method and device for managing the license of an application program or content which is easy for a user to use at low costs, and which is applicable even to a commercial packaged program from which a source code is not available, and which is further applicable even to such content as a music or video which is not a program. <P>SOLUTION: This device is provided with a means 12 for acquiring the identification information of a hardware key incorporated in or connected to a user terminal 1; a means 13 for decoding encrypted license information based on the identification information of the acquired hardware key; and a means 16 for dynamically decrypting the encrypted application program or content when the identification information of the hardware key included in the decoded license information is matched with the identification information of the acquired hardware key. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a program, a method, and an apparatus for managing an application program or content license.

  Conventionally, various measures have been proposed to prevent unauthorized use of an application program or content outside the license range. For example, in Patent Document 1, a special hardware key in which predetermined key information is recorded is distributed to a user side together with an application program, and when the user desires to use the application program, the hardware key is transmitted from the user side. The key information is transmitted to the host computer via the network, and after the necessary verification / determination is performed on the host computer, the activation permission information is transmitted to the user.

In addition, a method called FlexLM that enables license management by embedding an API (application program interface) for license check (decryption) in the program source code (also using a hardware key) is practical. It has become.
JP 2002-312051 A

  The method disclosed in Patent Document 1 requires a special hardware key to be distributed each time, which increases the cost. It is necessary to install a dedicated device driver, and key information is transmitted to the host computer when used. Therefore, there is a problem that it is extremely complicated for the user, and that the dedicated hardware key has a relatively small storage capacity, so that flexible license management is difficult.

  In addition, since FlexLM needs to embed a license check (decryption) API (application program interface) directly in the program source code, it needs to be designed with protection in mind from the design stage of the source code. There are problems such as being unable to be applied to programs such as commercial packages where source code is not available, and not being able to be applied to contents such as music and video that are not programs (because APIs cannot be embedded).

  The present invention has been made by paying attention to such problems of the prior art, can minimize the cost for license management, does not require complicated work for the user, and has a storage capacity. Since a relatively large hardware key can be used, it is possible to build a flexible license model, eliminating the need for protection-conscious design from the source code design stage, and applying it to programs such as commercial packages where source code is not available It is another object of the present invention to provide a program, a method, or an apparatus for managing an application program or a license of content, which can be applied to content such as music and video that is not a program.

  According to the present invention for solving the above problems, an encrypted application program or a program including content (encapsulated / enveloped) is installed or recorded in a recording means built in or connected to a user terminal. In addition, a recording means (which may be a hardware key to be described later) built in or connected to the user terminal, a use permission condition such as a use expiration date of the application program or content, and a hardware key (built in the user terminal or License information including identification information of one or a plurality of pieces of hardware that are connected and whose identification information is electronically readable, and the license information encrypted by the identification information of the hardware key is recorded The application program or A program, method, or apparatus for managing content licenses, the function (step or means) for acquiring identification information of one or more hardware keys built in or connected to a user terminal; A function (step or means) for decrypting the encrypted license information based on the acquired hardware key identification information, and hardware key identification information included in the decrypted license information And a function (step or means) for dynamically decrypting a portion to be executed or reproduced in the encrypted application program or content when the acquired hardware key identification information matches, The hardware key identification information contained in the decrypted license information and the acquired hardware A function (step or means) for dynamically generating a license monitoring program for performing license monitoring of the application program or content when the identification information of the wear key matches, and a function realized by the license monitoring program When the hardware key is no longer built in or connected to the user terminal or when the use permission condition in the license information is no longer satisfied, the decryption of the application program or content is terminated. And a function (step or means) to be performed.

  In the program, method, or apparatus for managing an application program or content license according to the present invention, the hardware key is “built in or connected to the user terminal, and its identification information can be read electronically. Preferably, it is one or a plurality of hardware arbitrarily selected by the user from “a plurality of hardware”.

  In the program, method, or apparatus for managing the application program or content license according to the present invention, the hardware key is a USB device such as a USB flash memory capable of acquiring a unique identification ID, a hard disk device, It is a network card or a USIM (Universal subscriber identity module) card, and the encrypted license information is recorded in a USB flash memory as a hardware key or another electronically recordable recording medium. It is desirable that

  In the program, method, or apparatus for managing the application program or content license according to the present invention, the hard disk built in the user terminal, the USB flash memory connected to the user terminal, the network card, and the USB ID are stored. A commercially available device that is routinely built in or connected to a user terminal, such as an acquirable mouse or printer, is used as a hardware key. Therefore, according to the present invention, unlike the conventional case where dedicated hardware is used as a hardware key, there is no need for special costs or the installation of a dedicated device driver for license management. , Low-cost and easy license management. In the present invention, as described above, since a device having a relatively large storage capacity such as a hard disk or a USB flash memory can be used as a hardware key, a flexible license model can be constructed.

  In the program, method, or apparatus for managing an application program or content license according to the present invention, when a user desires to use the application program or content (for example, the user includes the application program or content) When the encapsulated / enveloped program is double-clicked with the mouse), the hardware key identification information is automatically acquired, and the license check (decryption) of the application program or content is performed from this identification information. And license monitoring is performed automatically. Therefore, according to the present invention, the software vendor can perform easy license management without making the user feel complicated.

  In the program, method, or apparatus for managing the license of the application program or content according to the present invention, the application program or the content itself is encrypted, and the license check is performed using a program different from the application program or the content ( Since decryption and license monitoring are performed, it is not necessary to embed an API for license check (decryption) in the application program or the content itself. Therefore, according to the present invention, it is not necessary to design with the protection in mind at the design stage of the source code of the application program. In addition, the license management according to the present invention can be applied to protect commercially available application programs for which source code is not available or contents that are not programs.

  The best mode for carrying out the present invention is a mode as described in Example 1 below.

  Hereinafter, a program, a method, and an apparatus for managing an application program or content license according to the first embodiment of the present invention will be described. In the following, an application program or content before reversible encryption conversion is referred to as “program A”, and a program encapsulated and enveloped from the application program or content obtained by reversible encryption conversion (provided by the vendor to the user) is “ A program that monitors licenses of program A included in program B and program B is referred to as “program C”. The “content” refers to the content of information such as movies, programs, games, other video software, music software, etc. composed of video and music.

  In the first embodiment, the program A is an original (an unencrypted program) used when the program B is generated. In the first embodiment, as described later, when the program B is executed, the program A and the program C are decoded and generated. Program A and program C are encrypted and stored (enveloped / encapsulated) in program B, and packaged as a single piece of software.

  FIG. 1 is a conceptual block diagram illustrating an application program or content license management apparatus according to the first embodiment, and FIG. 2 is a vendor-side server (license issuing server) that distributes encrypted application programs or content to users with a license. And FIG. 3 is a flowchart showing the operation when decrypting and using the encrypted application program or content on the user terminal side.

  In FIG. 1, 1 is a user terminal such as a personal computer, PDA (portable information terminal), mobile phone, etc. owned by a user, 2 is a USB flash memory connected to the user terminal 1 (in this embodiment 1, this is a hardware key) 3) is a hard disk built in the user terminal 1, and 4 is an input / output unit comprising a keyboard, a display, etc. provided in the user terminal.

  In FIG. 1, reference numeral 11 denotes a program B starting unit for starting the program B based on a predetermined input operation from the user, and 12 denotes the USB flash memory (hardware) based on a signal from the program B starting unit 11. Hardware key ID acquisition unit for reading the ID of the wear key 2 from the ID recording unit 2 a of the USB flash memory 2, 13 is the USB flash based on the hardware key ID from the hardware key ID acquisition unit 12 A license information decryption unit for decrypting the encrypted license information recorded in the license information recording unit 2b of the memory (hardware key) 2.

  In FIG. 1, reference numeral 14 denotes a hardware key ID included in the decrypted license information from the license information decryption unit 13 and a user terminal 1 from the hardware key ID acquisition unit 12. Is a hardware key ID collating / determining unit for collating the IDs of the hardware keys currently built in or connected to each other and determining whether or not they match. When the two IDs do not match as a result of the collation, the hardware key ID collation determination unit 14 displays a warning to disable the decryption of the program A included in the program B. In addition, when the two IDs match as a result of the collation, the hardware key ID collation determination unit 14 outputs a signal indicating that to the next use permission determination unit 15.

  In FIG. 1, when 15 receives a signal indicating that the two IDs match from the hardware key ID collation determination unit 14, 15 in the decrypted license information from the license information decryption unit 13. It is a use permission determination unit that receives information on a use permission condition such as a use expiration date and determines whether the program B satisfies a use permission condition (reverse conversion condition) such as the use expiration date.

  In FIG. 1, reference numeral 16 denotes a portion (program A is a part necessary for execution of the program A in response to a signal indicating that the program B determines that the program B satisfies the use permission condition by the use permission determination unit 15. A program A decrypting unit 17 for partially decrypting a part necessary for reproduction in the case of content), 17 is determined when the use permission determining unit 15 determines that the program B satisfies the use permission condition A program C generation unit for dynamically generating a program C in response to a signal indicating the signal.

  The program B execution part 10 is comprised by the part shown with the code | symbols 11-17 demonstrated above. The program B execution unit 10 is actually realized by the program B and a CPU or memory for executing the program B.

  In FIG. 1, reference numeral 21 denotes a program A execution unit for executing the program A partially decoded by the program A decoding unit 16, and a decrypted program A and a CPU for executing the program A. It is realized by memory.

  In FIG. 1, reference numeral 22 denotes a program C execution unit for executing the program C dynamically generated by the program C generation unit 17, and a dynamically generated program C and a CPU for executing the program C. And memory. The program C is for monitoring the license of the program A executed by the program A execution unit 21. The hardware key (USB flash memory) 2 is removed from the user terminal 1, or the license expiration date is used. Is detected, the program A is immediately terminated and then the program C is immediately terminated.

  Next, the operations of the vendor-side license issuance server (also serving as the software providing server) and the user terminal will be described with reference to FIG.

  When a transmission request for the program A is transmitted from the user side (step S1), the vendor side downloads only the program B to the user side via the Internet without designating the hardware key (shipping stage of the program B. step). S2, S3).

  Thereafter, when the downloaded program B is installed on the user terminal side (step S4), the installer of the program B is built in or connected to the user terminal, and a unique product number, ID such as a MAC address is electronically Readable hardware devices such as a built-in hard disk 3, an external USB flash memory 2 (see FIG. 1), a network card, and a printer or mouse having a USB ID are detected. (Step S5). For example, in FIG. 1, the USB flash memory 2 and the hard disk 3 can be detected by the installer of the program B because an ID such as a unique product number can be read electronically.

  Next, the installer of the program B displays a list of a plurality of devices whose IDs can be read electronically on the screen as described above, and provides a program to the user from the list of displayed devices. It is urged to arbitrarily select one or a plurality of hardware keys for decrypting B (step S6). On this screen, when the user selects, for example, the USB flash memory 2 as a hardware key, the installer of the program B reads the ID of the selected USB flash memory and transmits it to the vendor side as the hardware key ID. (Step S7).

  The vendor uses the hardware key ID (the ID of the USB flash memory 2) sent to generate license information including the hardware key ID and use permission conditions for the program A, and encrypts the license information. (Step S8). The vendor side transmits the encrypted license information to the user terminal 1 (step S9).

  In the user terminal 1, the installer of the program B records the encrypted license information transmitted from the vendor side in the license information recording unit 2b in the USB flash memory 2 (hardware key), and The installation of program B is terminated (step S10).

  Next, referring to FIG. 3, when the user activates the program B, performs a license check, decrypts the encrypted program A, and executes or reproduces the decrypted program A The operation of will be described.

  First, when the user starts the program B (step S21), the hardware key ID acquisition unit 12 is connected to or built in the user terminal 1 based on a signal from the program B activation unit 11 (see FIG. 1). The ID of the hardware key (USB flash memory 2 in the first embodiment) is acquired (step S22). Thereafter, the license information decryption unit 13 decrypts the license information recorded in the USB flash memory 2 based on the hardware key ID acquired by the hardware key ID acquisition unit 12 (step S23).

  Next, the hardware key ID collation determination unit 14 includes the hardware key ID acquired by the hardware key ID acquisition unit 12 and the hardware included in the license information decrypted by the license information decryption unit 13. It is verified and determined whether or not the key IDs match each other (step S24).

  If it is determined in step S24 that the two IDs do not match, the program A cannot be decrypted, and the process ends (step S25). On the other hand, if it is determined in step S24 that the two IDs match, the process proceeds to step S26, where the use permission determination unit 15 sets the use permission condition included in the decrypted license information to program B. It is determined whether (the program A included therein) is satisfied.

  When it is determined in step S26 that the use permission condition is not satisfied, the decryption of the program A is disabled and the process is terminated (step S25). On the other hand, when it is determined in step S26 that the use permission condition is satisfied, the process proceeds to step S27, and the program A decoding unit 16 dynamically decodes a portion necessary for execution (or reproduction) of program A. And is executed (or reproduced) by the program A execution unit 21. In step S28, the program C generation unit 17 dynamically generates the program C, and the program C execution unit 22 executes the program C.

  The program C is a program for monitoring the license when the program A is dynamically executed. The program C immediately terminates the program A when the hardware key is no longer connected or built in from the user terminal 1 or when the license expiration date of the program A expires, and the program C also terminates immediately.

  The embodiments of the present invention have been described above. However, the present invention and the constituent elements constituting the present invention are limited to those described as the respective embodiments and the respective elements constituting the respective embodiments, respectively. Various modifications and changes are possible. For example, in the first embodiment, the USB flash memory 2 externally attached to the user terminal 1 is used as a hardware key. However, the present invention is not limited to this, and various devices are used as hardware keys. can do. For example, a mouse or a printer can be used as a hardware key if it is a device that can acquire a USB ID, like a USB flash memory. Also, a device that electronically has a unique product number such as a hard disk or a device that electronically has a MAC address such as a network card can be used as a hardware key. In addition, subscriber / subscriber information such as “USIM (universal subscriber identity module) cards” such as “FOMA card” (trade name) provided by NTT DoCoMo, Inc. for 3G mobile phones is also available. A device capable of electronically recording and identifying a contractor / subscriber electronically can also be used as a hardware key.

  In the first embodiment, the encrypted license information including the hardware key ID and the use permission condition is recorded in the hardware key. However, in the present invention, the encrypted license information is recorded. The license information may be recorded in recording means other than the hardware key (other recording means built in or connected to the user terminal 1). For example, in the case of a mouse or printer capable of acquiring the USB ID, the encrypted license information is recorded on another recordable medium (hard disk, USB flash memory, CD-R, etc.).

  In the first embodiment, as a method for issuing a license to the user side, a hardware key ID is transmitted online from the user side to the server side, and license information is generated and encrypted based on the hardware key ID. Although the method of transmitting to the user (online activation method by the user) has been described, the present invention is not limited to this method, and other methods are possible. For example, a method similar to that in a conventional security product in which a license is issued to a hardware key that can be used at the time of software shipment from the vendor and attached to the software (a hardware key activation method by the vendor) The hardware key information specified by the user is sent to the vendor by e-mail or FAX, and the vendor automatically generates a license auto-configuration program based on that information, which is sent to the user by e-mail or mail. Various methods such as a method of sending by method (activation method by sendback) can be adopted.

1 is a conceptual block diagram illustrating an operation principle of an application program or content license management apparatus according to Embodiment 1 of the present invention. 6 is a flowchart showing an operation of a vendor side (license issuing server and software providing server) for distributing an encrypted application program or content with a license to a user side in the first embodiment. 5 is a flowchart showing an operation when an application program or content encrypted on the user terminal side in the first embodiment is decrypted and used.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 User terminal 2 USB flash memory 2a Hardware key ID recording part 2b License information recording part 3 Hard disk 10 Program B execution part 11 Program B starting part 12 Hardware key ID acquisition part 13 License information decoding part 14 Hardware key ID collation determination Unit 15 Use Permission Determination Unit 16 Program A Decoding Unit 17 Program C Generation Unit 21 Program A Execution Unit 22 Program C Execution Unit

Claims (9)

A program containing an encrypted application program or content is installed or recorded in recording means built in or connected to the user terminal, and the application program or content is stored in recording means built in or connected to the user terminal. License information including a use permission condition such as a use expiration date of the hardware and identification information of a hardware key built in or connected to the user terminal, and the license information encrypted by the identification information of the hardware key is recorded. A program for managing a license of the application program or content under a certain environment,
A function of acquiring identification information of one or a plurality of hardware keys built in or connected to the user terminal when the user wishes to use the application program or content;
A function of decrypting the encrypted license information based on the acquired hardware key identification information when the hardware key identification information is acquired;
When the hardware key identification information included in the decrypted license information matches the acquired hardware key identification information, execution or reproduction from the encrypted application program or content is started. A function to dynamically decrypt the part to be
A license monitoring program for monitoring the license of the application program or content when the hardware key identification information included in the decrypted license information matches the acquired hardware key identification information The ability to generate dynamically,
A function realized by the license monitoring program, wherein the hardware key is no longer built in or connected to the user terminal when the application program or content is partially dynamically executed or reproduced; or A function that terminates decryption of the application program or content when the use permission condition in the license information is no longer satisfied;
An application program or a program for managing content licenses.   The hardware key according to claim 1, wherein the hardware key is one or more arbitrarily selected by the user from “a plurality of hardware built-in or connected to the user terminal and whose identification information is electronically readable”. An application program characterized by being hardware, or a program for managing content licenses.   3. The hardware key according to claim 1, wherein the hardware key is a USB device such as a USB flash memory capable of acquiring a unique identification ID, a hard disk device, a network card, or a USIM (universal subscriber identity module) card. The recorded license information is recorded on the hardware key or an electronically recordable recording medium different from the hardware key, or a program for managing a license for content. A program containing an encrypted application program or content is installed or recorded in recording means built in or connected to the user terminal, and the application program or content is stored in recording means built in or connected to the user terminal. License information including a use permission condition such as a use expiration date of the hardware and identification information of a hardware key built in or connected to the user terminal, and the license information encrypted by the identification information of the hardware key is recorded. A method for managing a license of the application program or content under an environment,
A first step of acquiring identification information of one or more hardware keys built in or connected to the user terminal when the user desires to use the application program or content;
A second step of decrypting the encrypted license information based on the acquired hardware key identification information when the hardware key identification information is acquired;
When the hardware key identification information included in the decrypted license information matches the acquired hardware key identification information, execution or reproduction from the encrypted application program or content is started. A third step of dynamically decoding the portion to be performed;
When the hardware key identification information included in the decrypted license information matches the acquired hardware key identification information simultaneously with or before or after the third step, the application program or A fourth step of dynamically generating a license monitoring program for content license monitoring;
When the application program or content is partially dynamically executed or played, the use permission condition in the license information is not satisfied when the hardware key is not built in or connected to the user terminal. A fifth step of terminating the decryption of the application program or content by the license monitoring program;
A method for managing licenses for application programs or contents.   5. The hardware key according to claim 4, wherein the hardware key is one or more arbitrarily selected by the user from “a plurality of hardware built in or connected to the user terminal and whose electronic identification information can be read”. A method for managing a license of an application program or content, which is hardware.   6. The hardware key according to claim 4, wherein the hardware key is a USB device such as a USB flash memory capable of acquiring a unique identification ID, a hard disk device, a network card, or a USIM (universal subscriber identity module) card. A method for managing a license of an application program or content, wherein the license information recorded is recorded on the hardware key or a recording medium that is electronically recordable separately from the hardware key. A program containing an encrypted application program or content is installed or recorded in recording means built in or connected to the user terminal, and the application program or content is stored in recording means built in or connected to the user terminal. License information including a use permission condition such as a use expiration date of the hardware and identification information of a hardware key built in or connected to the user terminal, and the license information encrypted by the identification information of the hardware key is recorded. A license management apparatus for managing a license of the application program or content under a certain environment,
Hardware key ID acquisition means for acquiring identification information of one or more hardware keys built in or connected to the user terminal when the user desires to use the application program or content;
License information decryption means for decrypting the encrypted license information based on the acquired hardware key identification information when the hardware key identification information is acquired;
When the hardware key identification information included in the decrypted license information matches the acquired hardware key identification information, execution or reproduction from the encrypted application program or content is started. Hardware key ID match determination means for dynamically decrypting a portion to be
A license monitoring program for monitoring the license of the application program or content when the hardware key identification information included in the decrypted license information matches the acquired hardware key identification information A license monitoring program generating means for dynamically generating;
License monitoring means realized by the license monitoring program, wherein the hardware key is no longer built in or connected to the user terminal when the application program or content is partially dynamically executed or played License monitoring means for ending decryption of the application program or content when the use permission condition in the license information is no longer satisfied, or
A license management apparatus for managing licenses for application programs or contents.   8. The hardware key according to claim 7, wherein the hardware key is one or more arbitrarily selected by a user from “a plurality of hardwares that are built in or connected to the user terminal and whose identification information can be read electronically”. A license management apparatus for managing a license of an application program or content that is hardware.   9. The hardware key according to claim 7, wherein the hardware key is a USB device such as a USB flash memory capable of acquiring a unique identification ID, a hard disk device, a network card, or a USIM (universal subscriber identity module) card. The license management apparatus for managing the license of the application program or content, wherein the license information recorded is recorded on the hardware key or an electronically recordable recording medium different from the hardware key.

Images