JP2008117191A - License management system, license management method, license management program and wrapping file production method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a license management system allowing construction without making a user of a client terminal perform various procedures, and allowing only use of a file having received use consent among files distributed from a license management server in the client terminal. <P>SOLUTION: The license management server distributes a wrapping file including a monitoring module, an authenticating module, a developing module, and a target file requested from the client terminal. The client terminal executes the authenticating module to transmit authentication information, and executes the developing module to restore the target file (step S27) and uses the target file in a state that the monitoring module is executed (step S28) when a license is imparted from the license management server. When it is detected that use of the target file is completed, the client terminal deletes the target file (step S33). <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a license management system, a license management method, a license management program, and a wrapping file creation method, and in particular, a wrapping file that includes at least a target file to be distributed, a deployment module, an authentication module, and a monitoring module. Management system, license management method, license management program, and wrapping file creation method for delivering a wrapping file over a communication network to a client terminal that has requested delivery of a target file from a license management server About.

  Here, terms used in this specification are defined as follows. The target file refers to a distribution target file for which a distribution request is made from the client terminal to the license management server. In the present invention, as an object file, an executable file with an extension “.EXE”, a data file used in an application program such as Office, a digital content given as a moving image file, or the like is handled. A wrapping file is created by combining at least a target file, a deployment module having at least a function of releasing wrapping, an authentication module, and a monitoring module for monitoring the use of the target file, and is a license management server. A file that is apparently distributed as a single file from the client to the client terminal.

  Unpacking means that if the target file is wrapped as it is without data conversion, the wrapping is canceled and the wrapping file is disassembled, and the target file, authentication module, monitoring module, etc. are each made into individual files. To make it in a state where it can be handled. In addition, when data conversion processing based on a predetermined algorithm such as encryption processing, compression processing, or a combination of encryption processing and compression processing is applied to the target file, decompression is wrapping If the data conversion applied to the target file is an encryption process, the target file is decrypted. If the data conversion applied to the target file is a compression process, the target file is This means that the target file is restored to a usable state by applying reverse data conversion processing based on a predetermined algorithm to the target file, such as performing decompression processing. Next, using the target file means that the target file is executed when the target file is an executable file, and an existing application program or the like is used when the target file is a file other than the executable file. The target file is executed by applying the target file to the first executable file, and the second target file is one or a plurality of files other than the executable file. In the case where the second target file is configured, the second target file is applied to the first target file and executed.

  For example, as described in Japanese Patent Application Laid-Open No. 2004-38247, a system for executing license management using encryption information has been developed. The license management server to which the encrypted unique information is transmitted from the client terminal registers the encrypted unique information and determines whether a legitimate user is operating the client terminal. When it is determined that the user is a legitimate user, the license management server transmits key information to the client terminal. The client terminal sets various environment information in the registry based on the key information. As a result, the client terminal can execute the licensed application program, that is, the licensed application program.

JP 2004-38247 A

  In the license management method using the encryption information as described above, it is necessary to install a license management related program such as an encryption program, and the user of the client terminal must perform various procedures in order to construct a license management system. The convenience of the user was not sufficient. In particular, when software is distributed from a server to unspecified users, requesting various procedures from the client terminal user is an obstacle to the widespread use of the system. It was. Further, in the license management server, when distributing the target file requested to be distributed from the client terminal, the target file is modified to perform the license management related to the target file, or the license management sub-module is converted into the target file. However, it is necessary to develop a modification / addition program or the like according to the type of the target file, which requires a large development cost.

  The present invention has been made to solve the above-described problems, and can be constructed without requiring the user of the client terminal to perform various procedures, and is licensed among the files distributed from the license management server. Another object of the present invention is to provide a license management system that allows only client files to be used at a client terminal. It is another object of the present invention to reduce the development cost of a license management system by eliminating the need to construct a library such as a modification / addition program related to a target file.

In order to solve the above technical problem, a license management system, a license management method, and a license management program according to the present invention include a target file to be distributed, a deployment module having at least a function of releasing wrapping, and an authentication Create a wrapping file that includes at least a module and a monitoring module that monitors the use of the target file, and communicate the wrapping file with a server that distributes the wrapping file via a communication network when requested to distribute the target file. A client terminal that receives the data via a network, executes a deployment module, an authentication module, and a monitoring module included in the wrapping file, and uses the target file. Run the module The process (step) of canceling the wrapping, the process (step) in which the client terminal executes the authentication module and sends the authentication information to the server, and the server is certified as authentic. A step (step) of notifying the client terminal that the license has been granted, and a step (step) of using the target file in a state where the monitoring module is executed if the client terminal is granted the license. The client terminal includes a step (step) of deleting the target file when the monitoring module detects the end of use of the target file.
As a result, when using the license management system, the user of the client terminal can use the license management system without taking various procedures for installing the license management related program. Since it is possible to construct a license management system that allows only the use of a file for which the license management server has been licensed to be used at the client terminal without causing the user of the client terminal to perform various procedures, User convenience can be further improved. In addition, the target file subject to the license can be used after being granted a license, and its use is monitored and deleted when the use ends, preventing unauthorized use of files that violate the license agreement can do.

The license management system, license management method, and license management program according to the present invention monitor the distribution of a target file, a deployment module having at least a function of canceling wrapping, an authentication module, and the use of the target file. A wrapping file that includes at least a monitoring module that receives the wrapping file via the communication network and a server that distributes the wrapping file via the communication network when the distribution of the target file is requested. The file includes a client terminal that uses the target file by executing the expansion module, the authentication module, and the monitoring module included in the file, and the client terminal executes the expansion module to cancel the wrapping. Process ( Step), the client terminal executes the authentication module and transmits the authentication information to the server (step), and if the server is certified that the authentication information is authentic, the client terminal The process (step) of notifying that the license has been granted and notifying the usage period during which the use of the target file is permitted, and if the client terminal is granted a license, the monitoring module is executed A process (step) of using a file and a process (step) of deleting a target file when the client terminal detects that the usage period has expired are detected by the monitoring module.
As a result, when using the license management system, the user of the client terminal can use the license management system without taking various procedures for installing the license management related program. Since it is possible to construct a license management system that allows only the use of a file for which the license management server has been licensed to be used at the client terminal without causing the user of the client terminal to perform various procedures, User convenience can be improved. In addition, the target file subject to the license can be used after being granted a license, and its use is monitored and deleted when the use ends, preventing unauthorized use of files that violate the license agreement can do. Furthermore, by setting the usage period for the license target file, it is not necessary to receive the wrapping file from the license management server every time the target file is used, and an efficient work environment can be constructed.

In addition, the license management system, license management method, and license management program according to the present invention, when it is detected that the access right of the target file has been changed by the monitoring module, the client terminal changes the access right of the target file. A step (step) of notifying the server of a message indicating that the message has been made, and a step (step) in which the server cancels at least the license relating to the target file for the client terminal or the user of the client terminal. Is.
As a result, if the administrator of the client terminal changes the file access rights and executes unauthorized use that violates the license agreement, the license will be revoked and at least the delivery of the target file will not be possible. Therefore, unauthorized use of files that violate the license agreement can be prevented.

The license management system, the license management method, and the license management program according to the present invention include a step (step) in which a server wraps a target file after data conversion and creates a wrapping file, and a client terminal grants a license. If so, a process (step) for executing the expansion module and restoring the target file is provided.
As a result, the target file to be licensed is distributed to the client terminal in a data-converted state, and after being licensed, it is in an unusable state until it is restored by executing the expansion module. Unauthorized use of files that violate the license agreement can be prevented more reliably.

The license management system, the license management method, and the license management program according to the present invention provide a process in which the client terminal deletes the target file when it is detected that the access right of the target file has been changed by the monitoring module ( Step).
As a result, if the administrator of the client terminal changes the file access rights and attempts to execute unauthorized use that violates the license agreement, the target file is deleted, thus preventing unauthorized use of the file that violates the license agreement. Can do.

The license management system, the license management method, and the license management program according to the present invention are configured such that the client terminal stores the target file expanded by executing the expansion module in the main storage device of the client terminal. is there.
As a result, the target file can be deleted simply by overwriting any other file in the storage area where the target file is stored in the main storage device, so that the target file can be deleted easily and efficiently. Can do. In addition, since the target file is not stored in the non-volatile secondary storage device, unauthorized use of the file can be prevented more reliably.

The wrapping file creation method according to the present invention has a function of developing a wrapping file that includes at least a target file to be distributed, an authentication module, and a monitoring module for monitoring the use of the target file. A step of creating a module for deployment given as a file, a step of creating a module for authentication and a module for monitoring, and a module aggregate which is given as an executable file by combining the module for authentication and the module for monitoring with the deployment module And a step of creating a wrapping file that is provided as an executable file by combining at least one or more files including the target file to the module aggregate.
As a result, the license management related to the target file is executed by the authentication module and the monitoring module included in the wrapping file. Therefore, when distributing the target file requested to be distributed from the client terminal, the purpose is to manage the license. It is no longer necessary to execute the modification process of the target file or the addition process of the submodule to the target file, and it is possible to omit the construction of the library for modification / addition program related to the target file in the license management server, and the license management System development costs can be reduced.

  According to the present invention, the wrapping file includes at least a target file to be distributed by the client terminal, a deployment module having at least a function of releasing wrapping, an authentication module, and a monitoring module for monitoring the use of the target file. From the server, the client terminal executes the deployment module to cancel the wrapping, the client terminal executes the authentication module and sends the authentication information to the server, and the server authenticates the authentication information. If authorized, the client terminal is notified that the license has been granted, and if the client terminal is granted a license, the target file is used while the monitoring module is executed, and the client terminal is targeted by the monitoring module. End of use of file or target file Since the target file is deleted when the end of the usage period is detected, a license management system that allows only the use of a file licensed by the license management server to be used at the client terminal is provided to the user of the client terminal. Since it is possible to construct without taking various procedures, the convenience of the user of the client terminal can be further improved. In addition, the target file subject to the license can be used after being granted a license, and its use is monitored and deleted when the use ends, preventing unauthorized use of files that violate the license agreement There is an effect that can be done.

Embodiments according to the present invention will be described below with reference to the accompanying drawings.
Embodiment 1 FIG.
FIG. 1 is a schematic diagram showing an example of the configuration of a license management system according to the present invention. In FIG. 1, reference numeral 1 denotes a license management server that distributes files such as application programs, data files, and digital contents to client terminals connected via a communication network, and manages use of the files in the client terminals. Communication networks 3a, 3b,..., 3n provided as an intranet or the like are client terminals. In the present invention, in the software distribution via the Internet, the license management system for managing the license of the software related to each user, or the unauthorized use by the employee of the file stored in the server in the corporate network via the intranet It is intended to be applied to license management systems that prevent it.

  FIG. 2 is a schematic diagram showing an example of the configuration of a license management server used in the license management system according to the present invention. 2, the same reference numerals as those in FIG. 1 denote the same components, and the detailed description thereof is omitted. 11 is a keyboard, 12 is a mouse, 13 is a display, 14 is a network interface unit for controlling communication with the communication network 2, and 15 is an input means such as a keyboard 11 and mouse 12 connected to the license management server 1. An input / output interface unit that controls transmission of data to and from display means such as a display 13, 16 is a control unit that is given as a CPU or the like and controls components in the license management server 1, and 17 is via the communication network 2. This is a file transmission / reception unit that transmits and receives files. For example, a wrapping file stored in a temporary storage unit 22 described later is distributed to the client terminal 3 via the communication network 2 by the file transmission / reception unit 17.

  Reference numeral 18 denotes a file storage unit storing a target file to be distributed to the client terminal 3 such as an application program, a data file, and digital contents. Reference numeral 19 denotes a wrapping cancellation process for encrypting and compressing the target file. Self-function that restores the target file to a usable state by applying reverse data conversion processing such as decryption processing and decompression processing when data conversion processing based on a predetermined algorithm such as It is a self-expanding module storage unit in which expansion modules are stored.

  20 stores a launcher module that executes activation of various modules, activation according to the type of the object file, monitoring and deletion of use, etc., in order to perform integrated license management in the client terminal 3 of the object file. The launcher module storage unit 21 includes an authentication process and a billing process required when using the distributed wrapping file (target file) in the client terminal 3, and a digest display and an announcement display for a user who uses the license management system for the first time. It is an action module memory | storage part in which the action module which performs various processes, such as a display process concerning, is memorize | stored. Note that various types of modules such as a self-expanding module, a launcher module, and an action module are configured such that a plurality of types of modules are stored in the respective storage units in accordance with attribute information such as the type of target file to be distributed. It is possible.

  Reference numeral 22 denotes a temporary storage unit used as a work area or the like when calculation processing such as creation of a wrapping file is executed by the control unit 16, and reference numeral 23 is necessary for authentication processing of the user ID and password of the user of the client terminal 3. An authentication information storage unit 24 stores authentication information, and a client terminal information storage unit 24 stores client terminal information related to the client terminal 3 such as a machine ID of the client terminal 3 and an operating system. The file storage unit 18, the self-expanding module storage unit 19, the launcher module storage unit 20, the action module storage unit 21, the authentication information storage unit 23, and the client terminal information storage unit 24 are, for example, an HDD (hard disk drive) or the like. Are constructed in a predetermined storage area in the secondary storage device. The temporary storage unit 22 is realized using a storage area in the RAM, for example.

  FIG. 3 is a schematic diagram showing an example of the configuration of a client terminal used in the license management system according to the present invention. In FIG. 3, the same reference numerals as those in FIGS. 1 and 2 indicate the same components, and detailed description thereof is omitted. Reference numeral 31 denotes a network interface unit that controls communication with the communication network 2, and 32 denotes transmission of data to / from input means such as a keyboard 11 and mouse 12 connected to the client terminal 3 and display means such as a display 13. The input / output interface unit 33 controls the components in the client terminal 3 provided as a CPU, 34 is a file transmission / reception unit for transmitting / receiving files via the communication network 2, and 35 is a RAM or the like. A main storage device that temporarily stores a target file or the like that is realized and provided as an application program in an executable format, for example, 36 is a file storage unit that stores various files such as a wrapping file distributed from the license management server 1, 37 is a user ID, password, etc. An authentication information storage unit that the authentication information is stored necessary witness processing. The file storage unit 36 and the authentication information storage unit 37 are constructed in a predetermined storage area in a secondary storage device such as an HDD. Further, in principle, all or part of the wrapping file distributed from the license management server 1, particularly the target file, is stored in a temporary folder set for temporary storage of the file in the file storage unit 36.

  Next, the operation of the license management system according to the first embodiment of the present invention will be described. FIG. 4 is a flowchart showing an example of the operation of the license management server according to the present invention. The license management server 1 connected to the communication network 2 determines whether there is a file distribution request from the client terminal 3 via the communication network 2 (step S1). If there is no distribution request from the client terminal 3, the process of step S1 is repeated as it is. If there is a distribution request from the client terminal 3, the requested target file is converted into data and combined with a self-expanding module, a launcher module, an action module, etc. to create a wrapping file (step S2). If the wrapping file is created, the wrapping file is distributed to the client terminal 3 via the communication network 2 (step S3). The configuration of the wrapping file will be described later. In this embodiment, the data conversion process based on a predetermined algorithm such as an encryption process or a compression process is applied to the target file. However, without applying the data conversion process, The target file may be directly wrapped with various modules and distributed to the client terminal 3.

  After the distribution of the wrapping file is completed, it is determined whether authentication information is transmitted from the client terminal 3 to which the wrapping file is distributed (step S4). In order for the user of the client terminal 3 to which the wrapping file is distributed to use the target file, it is necessary to receive a license from the license management server 1. If the authentication information is not transmitted, the process of step S4 is repeated as it is. When the authentication information is transmitted, the control unit 16 of the license management server 1 compares the transmitted authentication information with the authentication information stored in the authentication information storage unit 23, and the user determines the target file. It is determined whether or not the user is eligible for a license (step S5). Here, the license means a use right with use conditions of a target file given as an application program, a data file, digital content, or the like.

  If the user is authenticated, that is, if it is confirmed that the user is eligible to receive a license, a message indicating that the license has been granted is sent to the client terminal 3 (step S6). If the user is not authenticated, the client terminal 3 is notified of a message indicating that no license is granted (step S7). If the user is not authenticated, after completing the process in step S7, the process related to the target file for the client terminal that has requested the distribution of the target file is terminated.

  In step S6, after notifying the message indicating that the license has been granted, whether or not a message indicating that the access right of the target file has been changed is transmitted from the client terminal 3 to which the target file has been distributed. Determination is made (step S8). If it is an administrator of the client terminal 3, the file access right can be arbitrarily changed. Regarding the access right of the target file distributed from the license management server 1, when the target file is an executable file, only "execute" and "delete" are permitted when the wrapping file (target file) is expanded. Then, setting is made so that “read” and “write” are not permitted. Changing the access rights that allow "read" or "write" by the administrator is a violation of the license agreement. To prevent such unauthorized use of the file, the file is forcibly forced as described later. It needs to be deleted.

  In step S8, when a message indicating that the access right of the target file is changed is transmitted, a message indicating cancellation of the license related to the target file is notified to the client terminal 3 (step S9). After notifying the message indicating the license revocation of the target file, the process related to the target file is terminated. In step S8, if there is no transmission of a message indicating that the access right of the target file has been changed, it is determined whether or not a message indicating that the use of the target file has ended is transmitted from the client terminal 3. (Step S10). If there is no transmission of a message indicating that the use of the target file has ended, the process proceeds to step S8. As a result, during the use of the target file, the determination about the change of the access right of the target file and the end of the use of the target file is repeatedly executed. If a message indicating that the use of the target file has ended is transmitted, the processing related to the target file is ended. When the license management server 1 notifies the message indicating that the license is granted, the message indicating that the license is not granted, and the message indicating that the license is revoked, the communication history relating to these notifications is recorded. To do. When the license is revoked, if there is a request for distribution of at least the target file related to unauthorized use from the user or client terminal involved in unauthorized use, the wrapping file is not delivered or authentication information is sent from the client terminal 3 It is preferable that the authentication is failed when the authentication is performed.

  FIG. 5 is a diagram illustrating an example of a file structure of a wrapping file. For example, the control unit 16 of the license management server 1 allocates a predetermined storage area in the temporary storage unit 22 for creating a wrapping file, and writes various data in the storage area based on a predetermined algorithm. A wrapping file is created by combining modules and files stored in various storage areas. Various modules such as a self-expanding module, a launcher module, and an action module that provide an environment in which the target file can be used under license management are written in the file area 41 at the top of the wrapping file. When a plurality of types of modules are prepared in each storage unit, the control unit 16 of the license management server 1 determines the client terminal information read from the client terminal information storage unit 24, the attribute information of the target file, and the like. Each appropriate self-expanding module is read from the self-expanding module storage unit 19, the launcher module is read from the launcher module storage unit 20, and the action module is read from the action module storage unit 21. Write. Since the file size of the action module or the like changes according to the type of the target file, the file area 42 following the file area 41 is set as a play area in which no significant data exists. As a result, the storage capacity of the file area including the file area 41 and the file area 42 can be fixed, and the read position of the file written in the next file area can be specified.

  A size information table is written in the file area 43. In the size information table, for a plurality of files following the size information table, information related to a) type, b) resource size, c) offset position on the wrapping file, etc. is registered. For example, in the item relating to the type of the size information table, “setting information”, “icon information”, and “target file (executable file)” are registered as information for specifying the type of the subsequent file. The control unit 16 stores, for example, in the registry of the client terminal 3 in order to set an execution environment in which various modules and target files can be used according to the client terminal information read from the client terminal information storage unit 24. Setting information and the like are created and written in the file area 44.

  In the file area 45, data related to icons displayed on the client terminal 3 when various modules and target files are used is written. In the file area 46, the target file is written. For the target file, it is preferable to write the target file obtained by performing data conversion based on a predetermined algorithm, including encryption processing, compression processing, or a combination of encryption processing and compression processing. The data-converted target file is restored to the original usable file by executing a self-expanding module in the distributed client terminal 3. When the creation of the wrapping file is completed in the temporary storage unit 22, the control unit 16 uses the file transmission / reception unit 17 to distribute the wrapping file to the client terminal 3 via the communication network 2.

  FIG. 6 is a flowchart showing a procedure for creating a wrapping file. The self-expanding module read out from the self-expanding module storage unit 19 is directly written in a predetermined storage area, or is subjected to correction / update processing such as parameter setting according to attribute information such as the type of the target file, and the predetermined storage area To create a self-expanding module corresponding to the target file (step S11). This self-expanding module is created as an executable file. Next, the launcher module read from the launcher module storage unit 20 and the action module read from the action module storage unit 21 are respectively written in a predetermined storage area as they are, or parameters according to attribute information such as the type of the target file A launcher module and an action module corresponding to the target file are respectively created by writing in a predetermined storage area through correction / update processing such as setting (step S12). If the above three modules are created, the launcher module and the action module are combined with the self-expanding module (step S13). By adopting a program creation mode in which other modules are coupled to the self-expanding module that is an executable format file, a module aggregate obtained by this coupling is also created as an executable format file.

  If the module aggregate is created, the target file to be distributed is read from the file storage unit 18 and written in a predetermined storage area (step S14). At this time, the target file is not altered in order to carry out license management, and the submodule for license management is not added to the target file. If the target file is obtained, a wrapping file name corresponding to the target file is determined (step S15). The wrapping file name may be determined automatically based on a predetermined algorithm, or may be determined by a server administrator based on a predetermined rule or arbitrarily. If the wrapping file name is determined, the setting information is read (step S16), and the icon resource file is selected (step S17). The icon resource file may be selected automatically based on a predetermined algorithm, or may be selected by a server administrator based on a predetermined rule or arbitrarily.

  Next, in order to fix the total storage capacity of the file area 41 and the file area 42 shown in FIG. 5, the storage capacity of the play area is calculated (step S18). When the capacity of the play area is calculated, the control unit 16 of the license management server 1 adds, for example, to the module aggregate given as the executable file in the storage area for creating the wrapping file set in the temporary storage unit 22. Various files such as the target file are combined to create a wrapping file (step S19). By adopting a program creation mode in which various files are combined with a module aggregate which is an executable format file, a wrapping file obtained by this combination is also generated as an executable format file.

  Next, FIG. 7 is a flowchart showing an example of the operation of the client terminal in the first embodiment. The wrapping file distributed from the license management server 1 is stored in the file storage unit 36 of the client terminal 3. The control unit 33 determines whether or not the user instructs the use of the target file (step S21). If there is no instruction from the user, the process of step S21 is repeated as it is. If there is an instruction from the user, the self-expanding module is activated to cancel the wrapping of the wrapping file (step S22). If the wrapping is released, the launcher module is activated (step S23). As described above, the use of the target file is performed under the overall management by the launcher module.

  After starting the launcher module, the authentication module is started and authentication information is transmitted to the license management server 1 (step S24). As authentication information, for example, a user ID and a user password are used. It is preferable that the user ID and the user password are configured to be input by the user using a user interface, for example. Further, when a license is set for each client terminal, for example, a configuration may be adopted in which the license management server 1 automatically transmits a terminal ID and a terminal password registered in advance in a registry in the client terminal. Of course, the user ID and user password, and the terminal ID and terminal password may be transmitted together.

  After transmitting the authentication information to the license management server 1, it is determined whether or not a message indicating that a license has been granted is notified from the license management server 1 (step S25). If it is determined that a message indicating that the license is not granted has been notified, a message indicating that the target file cannot be used is displayed on the display 13 (step S26). If no license is granted, the process by the launcher module is terminated. If it is determined in step S25 that a message indicating that the license has been granted has been notified, the self-expanding module is activated, and an inverse data conversion process based on a predetermined algorithm is applied to the data-converted target file. The target file is restored to a usable state (step S27).

  If the target file is restored, an execution process related to the target file is started (step S28). The execution process to be monitored by the launcher module is not limited to a single process. A plurality of processes such as a parent process, a child process, and a process executed in parallel can be set as monitoring targets of the launcher module. Regarding the activation of the execution process of the target file, if the target file is an executable file, the execution process is started by executing the target file as it is. In addition, when the target file is a file other than an executable file such as a data file or digital content, an existing application program is started, and the target file is applied to the application program and executed. Start up.

  If the execution process of the target file is started, it is determined whether or not the access right of the target file has been changed (step S29). If a change in the access right of the target file is detected, a message indicating that the access right of the target file has been changed is notified to the license management server 1 (step S30). If no change in the access right of the target file is detected in step S29, it is determined whether or not the end of the execution process has been detected (step S31). Regarding the detection of the end of the execution process, when the target file is an executable file, the end of the execution process can be directly detected by the launcher module. When the target file is a file other than an executable file, the end of the execution process is detected by, for example, periodically executing an inquiry from the launcher module to the application program to which the target file is applied, for example, at intervals of several seconds. .

  If the end of the execution process is not detected in step S31, the process proceeds to step S29. Thereby, during the operation of the execution process, the determination about the change of the access right of the target file and the end of the execution process is repeatedly executed. If the end of the execution process is detected in step S31, a message indicating the end of use of the target file is sent to the license management server 1 (step S32). After the process of step S30 is completed and after the process of step S32 is completed, the target file stored in the temporary folder in the client terminal 3 is deleted (step S33), and the process by the launcher module is terminated. When the execution process related to the target file is completed, not only the target file but also various modules stored in the temporary folder may be deleted.

  The algorithm shown in FIG. 7 shows a standard operation of the client terminal 3 when targeting a user who has already used the license management system. For a user who uses the license management system for the first time, the client terminal 3 operates differently in connection with the authentication process. FIG. 8 is a flowchart illustrating an example of a partial operation of the client terminal according to the first embodiment. In FIG. 8, the same reference numerals as those in FIG. When the launcher module is activated in step S23, the user of the client terminal 3 is inquired, or the setting information stored in the registry of the client terminal 3, for example, is referred to, and the license management system is used for the user for the first time. Is determined (step S41). If it is determined that it is not the first time, the authentication process is executed (step S24) in the same manner as shown in FIG. 7, and it is determined whether or not a license has been granted by the license management server 1 (step S25).

  If it is determined in step S41 that it is the first use for the user, a digest indicating the outline of the license management system is displayed (step S42). If the digest is displayed, a user input indicating a user's intention regarding the purchase of the target file is received, and it is determined whether or not the user purchases the target file (step S43). If it is determined that the user purchases the target file, a charging process such as credit credit is executed (step S44). For this billing process, for example, it is determined whether or not billing for the target user is authenticated by connecting to an external billing server or the like via the communication network 2 and receiving authentication information from the billing server. (Step S45).

  If charging for the user is authenticated, authentication related information is displayed on the display 13 (step S46). As authentication-related information, it is notified that the license management system can be used only by normal authentication processing from the next use, and if necessary, the user ID and password required for the authentication processing are notified. After the authentication related information in step S46 is displayed or when a notification indicating that a license has been granted is received from the license management server 1 in step S25, the usage related information of the target file is displayed (step S47). . After the usage related information is displayed, the user uses the target file as it is, or uses the target file after setting environment information related to the usage environment of the target file. When a notification indicating that the license is not granted is received from the license management server 1 at step S25, when the user determines not to purchase the target file at step S43, and when charging for the user is not authenticated at step S45. Ends the processing by the launcher module.

  Next, target file expansion processing will be described. FIG. 9 is a flowchart illustrating an example of a target file expansion algorithm. If the wrapping file is distributed, setting information such as environment information defining the execution environment related to the target file is read from the file area where the setting information in the wrapping file is registered (step S51). About these setting information, you may comprise so that all or one part of setting information may be registered into a registry. When the reading of the setting information from the wrapping file is completed, the setting information input by the user is read using the user interface (step S52). By adopting a configuration in which the user can arbitrarily set the execution environment of the target file within a predetermined range, the usage mode of the target file can be further diversified. Setting information that can be input by the user includes a software key name that uniquely identifies the target file, a software name that indicates the common name of the software, an application program type, a folder type that indicates a storage area in which the target file is expanded, and a target folder Examples include argument control information that defines the execution form. As the application type, there are a normal Windows (registered trademark) application, an Office application for starting Office from an Office file, and the like.

  When reading of various setting information is completed, the self-expanding module is activated to expand the target file (step S53). If the wrapping is canceled, the temporary folder of the storage destination is determined based on the environment information registered in the registry, and the target file is stored in the folder. If data conversion processing is applied to the target file, apply the reverse data conversion processing based on a predetermined algorithm such as decryption processing or decompression processing, and store the restored target file in a predetermined folder To do. If the target file is stored in a predetermined folder, if the target file is an executable file, the access right of the target file is set to “execute” and “delete” (step S54). As a result, normal users other than the administrator cannot read the target file and write to the target file. Regarding the setting of such an access right, an application program using Windows as a platform can be realized by using an OS (operating system) function. Even when the target file is a file other than the executable file, it is preferable to set the access right as appropriate according to the use environment.

  In the first embodiment, the wrapping file including the target file is stored in a predetermined folder (including a temporary folder) in the secondary storage device of the client terminal 3 and stored in the temporary folder in the secondary storage device. The configuration is such that the target file is expanded. After the use of the target file is finished, only the target file is deleted, or all or a part of the target file and the wrapping file are deleted. In the present invention, instead of such a configuration, the wrapping file including the target file is stored in a predetermined folder in the secondary storage device of the client terminal 3, and the target file expanded using the self-expanding module is used as the main file. It is also possible to adopt a configuration for storing in the storage device 35. In this case, since the target file exists only in the volatile main storage device 35, the target file can be deleted only by overwriting the target file with another file in the main storage device 35. An Office application macro can also be used as the target file. In this case, simple duplication can be prevented by invalidating the menu using a macro. If the monitoring module detects a macro setting change by the administrator, the license management server 1 is similarly notified of unauthorized use of a file that violates the license agreement.

  As described above, according to the license management system and the like according to the first embodiment, the client terminal 3 uses the target file to be distributed, the self-expanding module having at least the function of releasing wrapping, and the use of the target file. The client terminal 3 receives a wrapping file including at least a launcher module having a monitoring function and an action module having at least an authentication function from the license management server 1, and the client terminal 3 executes the self-expanding module to release the wrapping, and the client terminal 3 executes the action module and transmits the authentication information to the license management server 1, and if the license management server 1 determines that the authentication information is authentic, it indicates that the license has been granted to the client terminal 3. Notify and If the client terminal 3 is granted a license, the target file is used while the launcher module is executed, and if the client terminal 3 detects the end of use of the target file by the launcher module, the target file is deleted. Therefore, when using the license management system, the user of the client terminal 3 can use the license management system without taking various procedures for installing a license management related program. Since it becomes possible to construct a license management system that allows the client terminal 3 to use only the file for which the license management server 1 has been licensed, without causing the user of the client terminal 3 to perform various procedures. The convenience of the user of the client terminal 3 can be further improved. In addition, the target file subject to the license is not usable until the license is granted, and even if it is deployed, its use is monitored and deleted when the use is completed. Unauthorized use of violating files can be prevented. Further, by deleting the target file, it is possible to prevent the target file from being analyzed by disassembly.

  Further, according to the license management system or the like according to the first embodiment, if it is detected by the launcher module that the access right of the target file has been changed, the client terminal 3 has changed the access right of the target file. Is sent to the license management server 1, and the license management server 1 cancels at least the license relating to the target file for the client terminal 3 or the user of the client terminal 3, so that the administrator of the client terminal 3 If you change the access rights of a file and misuse it in violation of the license agreement, the license will be revoked and you will not be able to receive at least the target file afterwards. F Abuse yl can be prevented.

  Further, according to the license management system and the like according to the first embodiment, the client terminal 3 is configured to delete the target file when it is detected that the access right of the target file has been changed by the launcher module. When the administrator of the client terminal 3 changes the file access right and tries to execute unauthorized use that violates the license agreement, the target file is deleted, so that unauthorized use of the file that violates the license agreement is prevented. be able to.

  Further, according to the license management system or the like according to the first embodiment, the license management server 1 wraps the target file after data conversion to create a wrapping file, and if the client terminal 3 is granted a license, Since the target file is restored by executing the module, the target file is delivered to the client terminal 3 in a data-converted state until it is restored by executing the expansion module after being granted a license. Since it is in an unusable state, unauthorized use of a file that violates the license agreement can be prevented more reliably.

  Further, according to the license management system or the like according to the first embodiment, the client terminal 3 is configured to store the target file expanded by executing the self-expanding module in the main storage device 35 of the client terminal 3. Therefore, the target file can be deleted simply by overwriting another arbitrary file in the storage area in which the target file is stored in the main storage device 35. Therefore, the target file can be easily and efficiently deleted. Can do. In addition, since the target file is not stored in the non-volatile secondary storage device, unauthorized use of the file can be prevented more reliably.

  Further, according to the wrapping file creation method according to the first embodiment, a launcher module and an action module are combined with a self-expanding module given as an executable format file to create a module aggregate given as an executable format file. Since it is configured to create a wrapping file that is given as an executable file by combining multiple files including the target file into the module aggregate, license management related to the target file can be performed by executing the launcher module or action module. Therefore, when distributing the target file requested to be distributed from the client terminal 3, it is not necessary to execute a modification process of the target file for the purpose of license management, a process of adding a submodule to the target file, etc. Rye It is possible to omit the construction of libraries of such modifications, addition program according to the target file in Nsu management server, it is possible to reduce the development cost of the license management system.

Embodiment 2. FIG.
The license management system or the like according to the second embodiment of the present invention has a license according to the first embodiment in that the usage period of the target file is set in advance, and the target file is deleted and disabled after the usage period. Different from the management system. FIG. 10 is a flowchart illustrating an example of the operation of the client terminal according to the second embodiment. In FIG. 10, the same reference numerals as those in FIG.

  If a message indicating that a license has been granted is notified from the license management server 1 in step S25, the license management server 1 transmits to the client terminal 3 license information related to the usage period of the target file along with the notification. To do. The client terminal 3 reads the license information such as the usage period transmitted from the license management server 1 (step S61). In this case, it is preferable that all or part of the license information such as the usage period is registered in the registry.

  After detecting the end of the execution process and notifying the license management server 1 of the message indicating the end of use of the target file in step S32, the control unit 33 of the client terminal 3 operates in the client terminal 3. It is determined whether or not the time of the system clock is outside the usage period of the target file (step S62). If the time of the system clock is within the usage period of the target file, the process proceeds to step S21. Then, it waits until the user instructs to use the target file again. In step S62, if the time of the system clock is outside the usage period of the target file, the target file is deleted (step S33). In this embodiment, the launcher module is made resident in the main storage device 35 until the target file is deleted, and the access right of the target file is changed even after the use of the target file is finished. Monitor constantly. If a change in the access right of the target file is detected, a message indicating that the access right of the target file has been changed is notified to the license management server 1 in the same manner as the processing in step S30 and step S33, and the target file is stored. delete.

  In the second embodiment, after the message indicating that the use of the target file is finished is notified to the license management server 1 in step S32, is the system clock time set to a time outside the use period of the target file? However, after it is determined in step S21 that the use of the target file has been instructed by the user, it is determined whether or not the time of the system clock is outside the use period of the target file. Alternatively, the determination may be made at another timing.

  As described above, according to the license management system and the like according to the second embodiment, the client terminal 3 uses the target file to be distributed, the self-expanding module having at least the function of releasing wrapping, and the use of the target file. A wrapping file including at least a launcher module having a monitoring function and an action module having at least an authentication function is received from the license management server 1, and the client terminal 3 executes the self-expanding module to release the wrapping, and the client The terminal 3 executes the action module and transmits the authentication information to the license management server 1, and if the license management server 1 determines that the authentication information is authentic, the client terminal 3 is granted a license. If you notify The client terminal 3 uses the target file in a state in which the launcher module is executed if the license is granted, and the client terminal 3 uses the target file by the launcher module. Since it is configured to delete the target file when it is detected that the usage period has expired, the user of the client terminal 3 uses various procedures for installing a license management related program and the like when using the license management system. It is possible to use the license management system without taking Since it becomes possible to construct a license management system that allows the client terminal 3 to use only the file for which the license management server 1 has been licensed, without causing the user of the client terminal 3 to perform various procedures. The convenience of the user of the client terminal 3 can be further improved. In addition, the target file subject to the license can be used after being licensed, its use is monitored, and it is deleted when the usage period of the target file has passed. Unauthorized use can be prevented. Furthermore, by setting the usage period for the license target file, it is not necessary to receive the wrapping file from the license management server every time the target file is used, and an efficient work environment can be constructed.

  Note that the license management system and the like described in the first and second embodiments are not intended to limit the present invention but are disclosed for the purpose of illustration. The technical scope of the present invention is defined by the description of the scope of claims, and various design changes can be made within the technical scope of the invention described in the scope of claims. For example, in the above embodiment, the target file is deleted by the launcher module, but the target file may be deleted by the launcher module in response to a command message notified from the license management server. Needless to say, such a license management system is also included in the technical scope of the present invention.

  The present invention can be applied to license management in a software distribution system that distributes software such as executable files, data files, and digital contents via a communication network.

It is the schematic which shows an example of a structure of the license management system which concerns on this invention. It is the schematic which shows an example of a structure of the license management server of the license management system which concerns on this invention. It is the schematic which shows an example of a structure of the client terminal of the license management system which concerns on this invention. It is a flowchart which shows an example of operation | movement of the license management server which concerns on this invention. It is a figure which shows an example of the file structure of a wrapping file. It is a flowchart which shows the procedure which produces a wrapping file. 3 is a flowchart illustrating an example of an operation of a client terminal in the first embodiment. 3 is a flowchart illustrating an example of a partial operation of the client terminal according to the first embodiment. It is a flowchart which shows an example of the expansion | deployment algorithm of an object file. 10 is a flowchart illustrating an example of an operation of a client terminal in the second embodiment.

Explanation of symbols

1 license management server, 2 communication network, 3 client terminal, 11 keyboard, 12 mouse, 13 display, 14 network interface unit, 15 input / output interface unit, 16 control unit, 17 file transmission / reception unit, 18 file storage unit, 19 self-development Module storage unit 20 Launcher module storage unit 21 Action module storage unit 22 Temporary storage unit 23 Authentication information storage unit 24 Client terminal information storage unit 31 Network interface unit 32 Input / output interface unit 33 Control unit 34 File transmission / reception unit, 35 main storage device, 36 file storage unit, 37 authentication information storage unit

Claims (11)

Creating a wrapping file including at least a target file to be distributed, a deployment module having at least a function of releasing wrapping, an authentication module, and a monitoring module for monitoring the use of the target file; A server that distributes the wrapping file via a communication network when requested to be distributed,
A client terminal that receives the wrapping file via the communication network, executes the deployment module, the authentication module, and the monitoring module included in the wrapping file and uses the target file; Configured,
The client terminal executes the deployment module to release wrapping,
The client terminal executes the authentication module and sends authentication information to the server,
If the authentication information is authorized, the server notifies the client terminal that a license has been granted,
If the license is granted, the client terminal uses the target file in a state where the monitoring module is executed,
The license management system according to claim 1, wherein the client terminal deletes the target file when use of the target file is detected by the monitoring module. Creating a wrapping file including at least a target file to be distributed, a deployment module having at least a function of releasing wrapping, an authentication module, and a monitoring module for monitoring the use of the target file; A server that distributes the wrapping file via a communication network when requested to be distributed,
A client terminal that receives the wrapping file via the communication network, executes the deployment module, the authentication module, and the monitoring module included in the wrapping file and uses the target file; Configured,
The client terminal executes the deployment module to release wrapping,
The client terminal executes the authentication module and sends authentication information to the server,
If it is determined that the authentication information is authentic, the server notifies the client terminal that a license has been granted and notifies the usage period during which use of the target file is permitted. ,
If the license is granted, the client terminal uses the target file in a state where the monitoring module is executed,
The license management system, wherein the client terminal deletes the target file when the monitoring module detects that the usage period has passed. When the monitoring module detects that the access right of the target file has been changed, the client terminal notifies the server that the access right of the target file has been changed, and
The license management system according to claim 1, wherein the server cancels a license related to at least the target file for the client terminal or the user of the client terminal. The server creates a wrapping file by wrapping after converting the target file,
3. The license management system according to claim 1, wherein, when a license is granted, the client terminal executes the expansion module to restore the target file. 4. Requesting file delivery;
Receiving a wrapping file including at least a target file to be distributed, a deployment module having at least a function of releasing wrapping, an authentication module, and a monitoring module for monitoring the use of the target file;
Executing the unfolding module to release wrapping;
Executing the authentication module and transmitting authentication information to a server via a communication network;
Receiving a message indicating that a license has been granted from the server, using the target file in a state in which the monitoring module is executed;
And a step of deleting the target file when an end of use of the target file is detected by the monitoring module. Requesting file delivery;
Receiving a wrapping file including at least a target file to be distributed, a deployment module having at least a function of releasing wrapping, an authentication module, and a monitoring module for monitoring the use of the target file;
Executing the unfolding module to release wrapping;
Executing the authentication module and transmitting authentication information to a server via a communication network;
When receiving a message indicating that a license has been granted from the server and information relating to a usage period during which use of the target file is permitted, using the target file in a state where the monitoring module is executed;
And a step of deleting the target file when the monitoring module detects that the usage period of the target file has passed. 7. The license management method according to claim 5, further comprising a step of deleting the target file when it is detected that the access right of the target file has been changed by the monitoring module. 7. The license management method according to claim 5, wherein the target file expanded by executing the expansion module is stored in a main storage device. Requesting delivery of the file;
Receiving a wrapping file including at least a target file to be distributed, a deployment module having at least a function of releasing wrapping, an authentication module, and a monitoring module for monitoring use of the target file;
Executing the deployment module to release wrapping;
Executing the authentication module and transmitting authentication information to a server via a communication network;
Receiving the message indicating that the license has been granted from the server, using the target file in a state where the monitoring module is executed;
And a step of deleting the target file when the monitoring module detects the end of use of the target file. Requesting delivery of the file;
Receiving a wrapping file including at least a target file to be distributed, a deployment module having at least a function of releasing wrapping, an authentication module, and a monitoring module for monitoring use of the target file;
Executing the deployment module to release wrapping;
Executing the authentication module and transmitting authentication information to a server via a communication network;
When receiving a message indicating that a license has been granted from the server and information on a usage period during which use of the target file is permitted, using the target file in a state where the monitoring module is executed;
And a step of deleting the target file when the monitoring module detects that the usage period of the target file has passed. A step of creating a deployment module that has a function of deploying a wrapping file including at least a target file to be distributed, an authentication module, and a monitoring module that monitors the use of the target file and that is given as an executable file When,
Creating the authentication module and the monitoring module;
Combining the authentication module and the monitoring module with the deployment module to create a module aggregate given as an executable file;
And a step of creating one or more files including at least a target file in the module assembly to create the wrapping file given as an executable file.

Images