JP2009003700A - Program for permitting prescribed processing of application - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an application prescribed processing permission system having a simple system configuration and high security. <P>SOLUTION: A client terminal 2 transmits data β(obtained by encrypting data α being a body ID code A by a first encryption means En1) to a management server 4 together with data X being an application ID code B. In the case of permitting the prescribed processing of an application, the management server 4 decrypts the data β by a first decryption means De1 and transmits data γ obtained by encrypting the decrypted data by a second encryption means En2 to the client terminal 2. When first collating information Ch1 obtained by extracting the body ID coincides with second collating information Ch2 obtained by decrypting the data γ by a second decryption means De2, the client terminal 2 permits the prescribed processing of the application. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an authentication technique for preventing unauthorized use of an illegally copied program by an unauthorized person.

  2. Description of the Related Art Conventionally, a method of performing user authentication via a network is known in order to prevent unauthorized use by an unauthorized person who has illegally copied a commercial program. For example, in order to request authentication from the client side using a registration key that combines a unique serial number assigned to a recording medium that records a commercial program and a device identification number, and the administrator server manages the customer Patent Document 1 discloses that user-specific data is registered in a database for each serial number.

JP 2002-351565 A

  However, the conventional unauthorized use prevention system via the network has the following problems.

(I) Since authentication is performed via a network using low-security communication means such as e-mail during user registration, authentication data (registration key) sent to the administrator side during registration can be easily transmitted to a third party. There was a risk that it would be known and deciphered.

(Ii) At the time of user registration, it was necessary for the user to directly input the password enclosed with the product and information about the user, which was a troublesome work.

  An object of the present invention is to solve the above problems and to provide an effective system for preventing unauthorized use of a program that has been illegally copied. It is another object of the present invention to provide a simple user registration method that allows a user to perform registration without performing any input work such as a password.

(1) An application predetermined process permission program according to the present invention includes:
In a system comprising a unique application ID assigned to each application and a client terminal having a unique machine ID that stores the application, and a management server capable of communicating with the client terminal via a network, An application predetermined processing permission program for permitting predetermined processing for an application stored in a client terminal via a network,
A process in which the client terminal transmits a first encrypted machine ID generated by encrypting the machine ID by a first encryption unit to the management server together with the application ID;
When the management server receives the first encryption machine ID and the application ID from the client terminal and permits a predetermined process in the client terminal for the application corresponding to the application ID, the first server A process of further encrypting the machine ID obtained by decrypting the encrypted machine ID by the first decryption means by the second encryption means, and transmitting the generated second encrypted machine ID to the client terminal;
The client terminal obtains the second verification information obtained by decrypting the second encrypted machine ID received from the management server by the second decryption means and the machine ID of the client terminal. A process for determining whether or not a predetermined process is permitted for the application by collating the first collation information with the first collation information;
Is executed by a computer.

  As a result, a different type of encryption and decryption program is provided in each of the client terminal and the management server, and a high-security system capable of effectively preventing unauthorized use of the illegally copied program is provided. I can.

(2) An application predetermined process permission program according to the present invention includes:
The management server includes a registration information storage unit that stores the machine ID in association with the application ID, and whether or not the machine ID corresponding to the application ID received from the client terminal is stored in the registration information storage unit. When the machine ID corresponding to the application ID is not stored, the machine ID is stored in the registration information storage unit in association with the application ID.

  Thereby, by referring to the registration information storage unit, it is possible to easily determine whether or not to permit a predetermined process in the client terminal of the application corresponding to the application ID.

(3) An application predetermined process permission program according to the present invention includes:
When the application of the client terminal receives a predetermined process input after the second time,
A second verification in which the second encrypted machine ID received by the client terminal from the management server and stored when the client terminal receives the first predetermined processing input is decrypted by a second decryption means. It is characterized in that whether or not the predetermined process is permitted by the application is determined by collating the information with the first collation information obtained by decrypting the encrypted machine ID stored in the collation information storage unit.

  Thereby, after receiving the first predetermined processing input in a high security state, it is possible to prevent unauthorized use by a third party by a simple method in a stand-alone state at the client terminal.

(4) An application predetermined process permission program according to the present invention includes:
When the client terminal application receives the first predetermined processing input,
The management server determines whether the application ID received from the client terminal is registered in the registration information storage unit. If the application ID is registered, the management server receives the first ID received from the client terminal. If the machine ID generated by decrypting one encrypted machine ID matches the machine ID corresponding to the application ID stored in the registration information storage unit, and if the machine ID does not match The second encryption machine ID is not transmitted to the client terminal.

  Thereby, for example, even when the application is deleted by mistake, it is possible to obtain the right to use the application again as a regular user.

(5) An application predetermined process permission program according to the present invention includes:
While the client terminal transmits the first encryption machine ID generated by encrypting the machine ID with the first encryption means to the management server together with the application ID, the machine body is used with the third encryption means. A third encrypted machine ID generated by encrypting the ID is stored in advance in the first verification information storage unit of the client terminal,
Second verification information obtained by decrypting the second encrypted machine ID received from the management server and stored in the second verification information storage unit by a second decryption means, and the first verification information storage It is characterized in that whether or not the predetermined process is permitted by the application is determined by collating with the first collation information obtained by decrypting the third encryption machine ID stored in the section.

  As a result, a different type of encryption and decryption program is provided in each of the client terminal and the management server, and a high-security system capable of effectively preventing unauthorized use of the illegally copied program is provided. I can. In addition, since the first collation information and the second collation information are previously decrypted by another encryption unit before collation, it is possible to provide a system with higher security.

(6) An application predetermined process permission program according to the present invention includes:
The predetermined processing is processing for executing installation of an application stored in the client terminal.

  As a result, it is possible to provide an effective system that prevents unauthorized use of an illegally copied program when the installer is executed.

(7) An application predetermined process permission program according to the present invention includes:
The predetermined process is a process of starting an application in the client terminal.

  As a result, it is possible to effectively prevent unauthorized use of the illegally copied program during execution of the application.

(8) An application predetermined process permission program according to the present invention includes:
Transmission and reception by the client terminal and the management server are performed using electronic mail.

  As a result, it is possible to easily provide a system with high security by using a device equipped with mail software as standard, such as a mobile phone or a personal computer.

(9) An application predetermined process permission program according to the present invention includes:
The client terminal is a portable terminal capable of wireless communication.

  As a result, even when the user is moving, the use authority of the application in the client terminal can be quickly and easily acquired with high security using the mobile terminal.

(10) An application predetermined process permission program according to the present invention includes:
In a system comprising a unique application ID assigned to each application and a client terminal having a unique machine ID that stores the application, and a management server capable of communicating with the client terminal via a network, An application predetermined processing permission program for permitting predetermined processing of an application to a client terminal via a network,
A process in which the client terminal receives a predetermined process input of an application via an input unit, and transmits an encrypted machine ID generated by encrypting the machine ID to the management server together with the application ID;
When the management server receives the encrypted machine ID and the application ID from the client terminal and permits predetermined processing in the client terminal for the application corresponding to the application ID, the management server decrypts the encrypted machine ID The machine ID obtained by decryption by the encryption means is further encrypted by the encryption means, and the generated encrypted machine ID is transmitted to the client terminal,
The client terminal collates second verification information obtained by decrypting the encrypted machine ID received from the management server and first verification information obtained by extracting the machine ID of the client terminal. A process for determining whether or not a predetermined process is permitted for the application,
Is executed by a computer.

  As a result, the registration and authentication processing in the system for preventing unauthorized use is automatically performed using only the machine ID and the application ID based on the predetermined processing input of the application, without performing troublesome input work by the user. Is possible.

1. Overview of Application Predetermined Process Permission System 100 First, an overview of the application predetermined process permission system 100 of the present invention will be described with reference to the conceptual diagram of FIG. Note that the client terminal 2 (the client side that uses the application) and the administrator server 4 (the administrator side that manages the client that uses the application) that configure the application predetermined process permission system 100 shown in FIG. Can communicate with each other.

  As shown in FIG. 1, the client terminal 2 having the machine ID IDA that is the machine-specific identification code stores the application 8 to be used from now on and the unique application IDcodeB assigned to the application 8. Yes. In FIG. 1, the machine ID code A is indicated by data “α”, and the application ID is indicated by data “X”.

  The client terminal 2 includes at least a first encryption unit En1 and a second decryption unit De2. As shown in FIG. 1, the data “β encrypted by the first encryption unit En1 is included. "(First encrypted machine ID codeEn1) is transmitted to the management server 4 together with the application ID" X ".

  The first encryption means En1 included in the client terminal 2 is a means for encrypting the data “α” (machine ID IDA) to generate data “β” (first encryption machine IDcodeEn1), The second decryption means De2 is a means for decrypting data γ (second encrypted machine ID code En2), which will be described later, received from the management server 4 into data “α”.

  The management server 4 includes a first decryption unit De1 and a second encryption unit En2, and the client terminal 2 of the application corresponding to the application ID “X” received from the client terminal 2 (machine ID codeA = data “ When the predetermined processing in “α”) is permitted, data γ (second encrypted machine IDcodeEn2) obtained by encrypting the data “α” by the second encryption means En2 is transmitted to the client terminal 2.

  The first decryption means De1 provided in the management server 4 is a means for decrypting the data β (first encrypted machine IDcodeEn1) received from the client terminal 2 shown in FIG. 1 into the data “α”. Yes, the second encryption means En2 encrypts the data “α” decrypted by the first decryption means De1 and generates data γ (second encrypted machine IDcodeEn2 “γ”). It is means of.

  In the client terminal 2 of FIG. 1, when the application 8 receives the first predetermined processing input by starting an installer (not shown) or the like, the encryption processing by the first encryption means En1 in the client terminal 2 After the decryption process by the first decryption means De1 and the encryption process by the second encryption means En2 in the management server 4 and the decryption process by the second decryption means De2 in the client terminal 2 are sequentially performed. In order to determine whether or not the predetermined process by the application 8 is permitted, the following verification process is performed.

  Specifically, the first collation information Ch1 obtained by extracting the machine ID code A of the client terminal 2 shown in FIG. 1 and the data γ (second encrypted machine ID code En2) received from the management server 4 are decrypted. Collation is performed by determining whether or not the generated second collation information Ch2 matches.

  As a result of the collation, when the first collation information Ch1 and the second collation information Ch2 match, permission for predetermined processing (activation of the application 8, installation of the application 8, etc.) in the client terminal 2 is obtained. The application 8 can be used.

  As described above, the client terminal 2 and the management server 4 shown in FIG. 1 have different types of encryption means and decryption means (for example, the client terminal 2 includes the first encryption means En1 and the second decryption means). Even if the data encrypted by the first encryption means En1 at the client terminal 2 is decrypted by the second decryption means De2 at the client terminal 2, the original data before encryption is still present. Can't get.) Therefore, for example, even if the data β transmitted from the client terminal 2 to the management server 4 is known to a third party, it cannot be easily restored to the original data, the system configuration is simple, and It becomes possible to construct a system with high safety. As an encryption method for performing the encryption and decryption, RSA (public key encryption method), DES (common key encryption method), or the like can be used.

2. Configuration of Application Predetermined Process Permission System 100 etc. FIG. 2 shows the configuration of the application predetermined process permission system 100 of the present invention. In this embodiment, a case where a PHS (mobile phone) 12 that is a mobile terminal capable of wireless communication is used as the client terminal 2 will be described as an example.

  As shown in FIG. 2, an application predetermined process permission system 100 according to the present invention includes an application approval server 14 that is a management server 4 (FIG. 1) and a PHS 12 that is a client terminal 2, and these include the Internet 16, a center server. 18 is connected to be communicable via a network 6 (FIG. 1) constituted by a telephone line 22 or the like.

  A plurality of base stations 20 are connected to the center server 18 shown in FIG. Further, the PHS 12 that is the client terminal 2 (FIG. 1) can perform wireless communication with the plurality of base stations 20 and can access the application approval server 14 via the center server 18 and the Internet 16.

  FIG. 3 shows a hardware configuration of the PHS 12 (corresponding to the client terminal 2 in FIG. 1) shown in FIG.

  As shown in FIG. 3, the PHS 12 includes a CPU 30, a flash memory 32, a touch panel 34, a ROM 36, an SD reader 38 that can read data from the SD memory card 40, a communication circuit 42, and the like.

  As shown in FIG. 3, a machine ID 52 that is a unique identification code of the PHS 12 is stored in the ROM 36 in advance so that it cannot be rewritten. Further, mail software 50 is preinstalled in the flash memory 32, and the flash memory 32 has a collation information storage unit 54 as a storage area.

  As shown in FIG. 3, the SD memory card 40 has a compressed application 44 (for example, a photography application) and its application ID 46, an installer 48 for decompressing and installing the application 44, and an application approval server 14. An e-mail address (not shown) is recorded. The installer 48 incorporates at least programs corresponding to the first encryption means En1 and the second decryption means De2 shown in FIG. The SD memory card 40 can be obtained by purchasing a commercially available product from the user.

  Further, as shown in FIG. 3, mail software 50 is stored in the flash memory 32 of the PHS 12, and further, verification information which is a storage area for storing verification data used for determining whether or not predetermined processing is permitted by the application. A storage unit 54 is provided.

  In addition to the installer 48 and the mail software 50 of the PHS 12 shown in FIG. 3, an application predetermined process permission program is configured by an application approval program 78 (FIG. 4) of the application approval server 14 to be described later.

  As described above, since the application 44 shown in FIG. 3 is stored in the SD memory card 40 in a compressed state, in order to make it usable, the application 44 is decompressed and installed normally. Need to be completed. For this reason, the user who has purchased the application 44 needs to first insert the SD memory card 40 into the SD reader 38 and activate the installer 48 via the touch panel 34.

  FIG. 4 shows a hardware configuration of the application approval server 14 (corresponding to the management server 4 in FIG. 1) shown in FIG.

  As shown in FIG. 4, the application approval server 14 includes a CPU 60, a RAM 62, a display 64, a hard disk 66, a keyboard / mouse 68, and a communication circuit 70, and uses the application 44 in the PHS 12 (FIG. 3). In order to give authority, various processes described later are performed. The hardware configuration of the center server 18 shown in FIG. 2 similarly includes a CPU 60, a RAM 62, a display 64, a hard disk 66, a keyboard / mouse 68, and a communication circuit 70.

  4, the hard disk 66 of the application registration server 14 stores an application approval program 74, mail software 76, and a user registration DB 78 that is a registration information storage unit. An encryption program and a decryption program corresponding to the first decryption means De1 and the second encryption means En2 shown in FIG. 1 are incorporated.

  FIG. 5 shows a specific example of data stored in the user registration DB 78.

  As shown in FIG. 5, the user registration DB 78 is provided with application ID codeA, machine ID codeB, mail address UMA, registration date date1, update date date2, etc. as data items. IDcodeB is stored in association with it.

  For example, as shown in FIG. 5, for the application with the application ID code A “ABCDE”, the fact that the usable machine ID code B of the PHS 12 is “12345” is stored in association with each other and registered in the user registration DB 78.

  Further, the user address UMA shown in FIG. 5 is referred to when the mail software 76 of the management server 4 transmits a mail to each client terminal 2. The date of registration date1 is data indicating the date of first registration in the user registration DB 78, and the date of update date2 is, for example, a case where application execution permission is required every year or an application once installed This is data indicating the date when the user registration DB 78 was updated when 44 is reinstalled.

3. Flowchart of Application Execution Permission Processing Hereinafter, processing performed by the application predetermined processing permission program (the installer 48 in FIG. 3 stored in the PHS 12 and the application approval program 74 in FIG. 4 stored in the application approval server 14) will be described with reference to FIG. Description will be made with reference to the flowchart shown in FIG. 8 and the schematic diagram of FIG. 6 and 8 are flowcharts showing a series of processes performed by the application predetermined process permission program. FIG. 7 is a flowchart showing details of permission determination (step S24 in FIG. 6) for the predetermined process by the application shown in FIG.

  As shown in FIG. 6, first, the user operates the PHS 12 with the SD memory card 40 storing the application 44 inserted into the SD reader 38, and starts the installer 48 via the touch panel 34 (FIG. 3). (Step S10 in FIG. 6). When the installer 48 is activated (Yes in step S10 shown in FIG. 6), in order to obtain permission to install the application 44 (predetermined processing) in the PHS 12, the following series of processing is performed in the PHS 12 and the application approval server 14. It will be.

  As shown in FIG. 6, when the installer 48 is activated (Yes in step S <b> 10 shown in FIG. 6), the CPU 30 of the PHS 12 first reads the machine ID 52 stored in the ROM 36 and the first encryption unit En <b> 1 ( A first encryption machine IDcodeEn1 is generated by performing processing using FIG. 1) (step S12 in FIG. 6).

  For example, the data “12345” of the machine ID codeB shown in FIG. 5 is encrypted, and the data “abcde” is generated as the first encrypted machine ID code En1 (FIG. 1).

  Further, the mail software 50 of the PHS 12 is automatically activated, and the data of the application ID 46 (code A in FIG. 5) stored in the SD memory card 40 together with the generated first encryption machine ID code En1 (FIG. 1) The file is transmitted to the application approval server 14 as an attached file (step S14).

  When receiving the mail from the PHS 12, the CPU 60 of the application registration server 14 extracts the data of the first encryption machine ID codeEn1 and the application ID 46 from the attached file (step S20 in FIG. 6). Further, the first encrypted machine ID code En1 is decrypted into the original machine ID code A by the first decryption means De1 incorporated in the application approval program 74 (step S22 in FIG. 6).

  Thereafter, a process of determining permission of the predetermined process by the application (step S24) is performed. Note that the decryption process (step S22 in FIG. 6) to the machine ID codeA may be performed in the following predetermined process permission determination process (step S24).

  FIG. 7 is a flowchart showing details of the predetermined process permission determination process (step S24) shown in FIG.

  As shown in FIG. 7, after being decrypted to the original machine ID code A by the first decryption means De1 (step S22 in FIG. 6), the CPU 60 of the application approval server 14 first refers to the user registration DB 78. Then, it is determined whether or not the received application ID 46 is already registered in the user registration DB 78 (step S240 in FIG. 7).

  If the application ID 46 received from the PHS 12 is not registered in the user registration DB 78 (No in step S240), it is determined that the application is made by a new user, and the machine ID codeB decrypted from the first encrypted machine ID code En1 is stepped in step S22. A new user registration process is performed by storing in the user registration DB 78 (FIG. 5) in association with the application ID 46 extracted in S20 (step S242 in FIG. 6). After the new user registration process (step S242 in FIG. 6) is performed, the process proceeds to the second encryption machine IDcodeEn2 generation process (step S26) shown in FIG.

  On the other hand, when the CPU 60 of the application approval server 14 determines that the application ID 46 has already been registered in the user registration DB 78 in step S240 of FIG. 6 (Yes in step S240), it is further stored in association with the application ID 46. It is determined whether the machine ID codeB matches (step S244).

  Further, if the machine ID codeB corresponding to the application ID 46 stored in the user registration DB 78 matches, the CPU 60 of the application approval server 14 determines that the application is made by a registered regular user, and the second encryption unit En2 A second encrypted machine IDcodeEn2 encrypted by (FIG. 1) is generated (step S26 in FIG. 6). Further, the mail software 76 of the application approval server 14 is activated, and the data of the second encrypted machine ID codeEn2 is attached to the mail and transmitted to the PHS 12 (step S28 in FIG. 6).

  In addition, when the user deletes the installed application by mistake, it is necessary to install it again from the SD memory card 40. Even in such a case, the use of the application 44 is performed again through the permission determination process. It is possible to apply for authority.

  On the other hand, if the application ID 46 has already been registered in the user registration DB 78 (Yes in step S240), but it is determined that the machine ID corresponding to the application ID 46 does not match (No in step S244), the user has use authority. It is determined that the user is an unauthorized user, and a message to the effect that the use of the application is refused is transmitted to the PHS 12 by the mail software 76 (step S246). Thereby, the display which shows that installation failed, for example is made on the touch panel of PHS12. In step S246, when it is determined that the user is an unauthorized user, a message is transmitted to the PHS 12. However, no data may be transmitted to the PHS 12.

  The PHS 12 that has received the second encrypted machine IDcodeEn2 transmitted from the application registration server 14 in step S28 of FIG. 6 extracts the second encrypted machine IDcodeEn2 from the attached file as shown in FIG. The data is stored in the collation information storage unit 54 (for example, registry) of the SD memory card 40 (step S30).

  Further, the CPU 30 of the PHS 12 reads the second encrypted machine IDcodeEn2 from the collation information storage unit 54, and decrypts this with the second decryption means De2 (second collation information Ch2 shown in FIG. 1). Then, collation processing is performed by comparing whether the machine ID 52 (first collation information Ch1 shown in FIG. 1) read from the ROM 36 matches (step 32).

  If the CPU 30 of the PHS 12 determines that the first collation information Ch1 and the second collation information Ch2 (FIG. 1) match as a result of the collation (Yes in step S34), the compressed application of the SD memory card 40 44 is decompressed and copied and stored in the flash memory 32 (step S36). Thereby, the installation (predetermined process) of the application 44 is completed, and the authority to use the application in the PHS 12 is obtained.

  On the other hand, if the CPU 30 of the PHS 12 determines that the first collation information Ch1 and the second collation information Ch2 (FIG. 1) do not match as a result of the collation (No in step S34), the data is stored in the SD memory card 40. The decompressed application 44 is not decompressed and the installer 48 is forcibly terminated, and for example, a display indicating that the PHS 12 does not have access authority is displayed (step S38).

4). FIG. 9 is a diagram illustrating a hardware configuration of the PHS 12 after the application is installed. When the application 44 is decompressed and installation is completed (step S36 in FIG. 8), the decompressed application 80 is copied to the flash memory 32 of the PHS 12 as shown in FIG. The application 80 performs comparison processing of the collation information (first collation information Ch1 and second collation information Ch2) in a stand-alone state at the time of activation. An activation permission program 82 is incorporated.

  FIG. 10 is a flowchart showing a process performed by the activation permission program 82 when the application 80 that has completed installation is activated (when a predetermined process input is received after the second time).

  As shown in FIG. 10, the CPU 30 of the PHS 12 determines whether or not the installed application 80 has been activated (step S40). When the user operates the PHS 12 to activate the application 80 via the touch panel 34 (Yes in Step S40), the application 80 is stored in the collation information storage unit 54 (FIG. 3) of the SD memory card 40 in Step S30 of FIG. The second encrypted machine ID codeEn2 is read out, and the data (second verification information Ch2 shown in FIG. 1) obtained by decrypting it with the second decryption means De2 and the machine ID 52 (read out from the ROM 36 of the PHS 12) The first collation information Ch1) shown in FIG. 1 is compared, and collation processing is performed in a stand-alone state (step 42).

  As a result of the above collation, when the CPU 30 of the PHS 12 determines that the first collation information Ch1 and the second collation information Ch2 match (Yes in step S44), the application 80 is normally started as it is (step S44). S46). As a result, the user can use the application 80 with the PHS 12.

  On the other hand, as a result of the collation, if the CPU 30 of the PHS 12 determines that the first collation information Ch1 and the second collation information Ch2 do not match (No in step S44), the application stored in the flash memory 32 shown in FIG. 80 is forcibly terminated without being activated, and for example, a display indicating that the user does not have the access authority for PHS 12 is displayed (step S48).

5). Second Embodiment In the above embodiment, the machine ID 52 read from the ROM 36 of the PHS 12 at the time of collation is used as the first collation information, and this is compared with the second collation information (step of FIG. 8). S32) The machine ID 52 may be pre-encrypted and stored, read out at the time of collation, decrypted, and compared with the second collation information. This makes it possible to provide a system that can perform authentication with higher safety.

  The hardware configuration of the PHS 12 in this embodiment is shown in FIG. As shown in FIG. 11, the PHS 12 includes a CPU 30, a flash memory 32, a touch panel 34, a ROM 36, an SD reader 38 that can read data from the SD memory card 40, a communication circuit 42, and the like, as in FIG. 3. The hardware configuration of the application approval server 14 is the same as that shown in FIG.

  In the ROM 36 shown in FIG. 11, the machine ID 52 that is a unique identification code of the PHS 12 is stored so that it cannot be rewritten. In addition, mail software 50 is preinstalled in the flash memory 32, and the first verification information storage unit 54a for storing the first verification information Ch1 (FIG. 1), the second verification information Ch2 (FIG. 1). ) Is stored in the second verification information storage unit 54b.

  As shown in FIG. 11, the SD memory card 40 stores a compressed application 44 (for example, photography software), its application ID 46, and an installer 48. The installer 48 of FIG. 11 incorporates programs corresponding to the first encryption means En1 and the second decryption means De2 shown in FIG. 1, as in FIG. Third encryption means En3 for pre-encrypting the machine ID 52 with the PHS 12, and third decryption means De3 used for decrypting the data encrypted by the third encryption means En3 at the time of collation It has been incorporated. The third encryption means En3 and the third decryption means De3 (FIG. 11) are the first encryption means En1, the first decryption means De1, the second encryption means En2, and the second encryption means. The second decryption means De2 is an encryption means and a decryption means, and by using such another encryption means, the system can be further secured.

  12 and 13 are flowcharts showing the processing performed by the application predetermined processing permission program in this embodiment. 12 and 13 are flowcharts corresponding to FIGS. 6 and 8, respectively.

  FIG. 12 is different in that steps S16 and S18 are added to the flowchart shown in FIG. FIG. 13 is different in that the contents of collation processing steps S31 and S33 are different from the contents of collation steps S30 and S32 in the flowchart shown in FIG. The details of the predetermined process permission determination process (step S24 in FIG. 12) shown in this embodiment are the same as those in the flowchart shown in FIG. Hereinafter, parts different from the flowcharts shown in FIGS. 6 and 8 will be described.

  In step S14 shown in FIG. 12, the mail software 50 of the PHS 12 is automatically activated, and the data of the application ID 46 stored in the SD memory card 40 is attached together with the generated first encryption machine ID codeEn1 (FIG. 1). When the mail is transmitted to the application approval server 14, at the same time, the CPU 30 of the PHS 12 encrypts the machine ID 52 read from the ROM 36 by the encryption software En3 that is the third encryption means, and the third encryption machine. An ID is generated (step S16). Further, the third encrypted machine ID is stored in advance in the first verification information storage unit 54a (for example, registry) of the flash memory 32 (step S18).

  The CPU 30 of the PHS 12 that has received the mail from the application registration server 14 in step S28 in FIG. 13 extracts the second encrypted machine ID code En2 from the attached file, and the second verification information storage unit 54b (for example, registry) of the flash memory 32 (Step S31). Further, the CPU 30 of the PHS 12 uses the data (first collation information) obtained by decrypting the second encrypted machine IDcodeEn2 read from the second collation information storage unit 54b by the second decryption means De2, and FIG. Data (second verification information) obtained by decrypting the third encrypted machine IDcodeEn3 stored in the first verification information storage unit 54a of the flash memory 32 by the third decryption means De3 in step S18 of A comparison process is performed by comparison (step S33).

6). Other Embodiments In the above embodiment, the installer 48 (FIG. 3) is provided as a separate program from the application 44, but the installer 48 may be incorporated in the application.

  In the above embodiment, when the second or subsequent predetermined processing (execution) input is received, the client terminal 2 performs verification in the stand-alone state. However, the second or subsequent predetermined processing (execution) input is performed. Even when it is received, the approval (application execution permission processing shown in FIGS. 6 to 8) connected to the management server 4 may be performed at all times.

  In the above embodiment, the first predetermined processing input is performed by starting (executing) the installer 48 (FIG. 3). However, the present invention is not limited to this, and by directly starting (executing) the application. You may make it perform the first predetermined process input.

  In the above-described embodiment, the encrypted data (second encrypted machine ID) is stored in the first verification information storage unit (step S16 in FIG. 6). You may make it memorize | store the data (machine ID itself) which is not performed in a 1st collation information storage part (for example, registry).

  In the above embodiment, the activation permission program 82 is incorporated in the installed application 80 shown in FIG. 9, but it may be configured as a program different from the application 80.

  In the above embodiment, the device ID 52 of the client terminal 2 is stored in the ROM 36 so that it cannot be rewritten. However, the present invention is not limited to this.

  In the above embodiment, the machine ID codeB of the client terminal 2 is stored in the flash memory 32 (for example, a registry), but may be stored in the SD memory card 40.

  In the above embodiment, transmission and reception by the client terminal 2 and the management server 4 are performed using e-mail. However, the present invention is not limited to this, and other communication means such as FTP is used. You may do it.

  In the above embodiment, the PHS which is a portable terminal capable of wireless communication is used for the client terminal. However, the present invention is not limited to this. Other portable terminals such as a PDA and other personal computers such as a desktop personal computer performing wired communication are used. A terminal may be used.

  In the above embodiment, as shown in FIG. 1, different encryption means and decryption means are used on the client side and the administrator side. However, the same encryption means and decryption means may be used. . For example, in FIG. 1, the first decryption unit De1 may be used instead of the second decryption unit De2, and the first encryption unit En1 may be used instead of the second encryption unit En2 on the administrator side. it can.

  In the above embodiment, the application is compressed and stored in the client terminal 2 and decompressed at the time of installation and copied to the flash memory. However, the present invention is not limited to this, and the application is not compressed. And may be simply copied to the flash memory during installation.

  In the above embodiment, the image photographing software is an application. However, the present invention is not limited to this, and for example, a word processor, an operation system, or the like may be used as the application.

  In the above embodiment, the application 44 is installed from the SD memory card 40 (FIG. 3) of the client terminal 2. However, the application may be installed, copied, etc. by downloading via the network. .

  Note that the program may be configured to automatically perform a series of processes after the first predetermined process input, or the program may be configured to be partially or entirely performed manually. For example, the program can be configured to manually perform data extraction processing from mail transmitted and received between the client terminal 2 and the management server 4 and registration processing in the user registration DB 78.

  In the above embodiment, the flash memory 32 is provided with the first verification information storage unit 54a and the second verification information storage unit 54b (FIG. 11), but the first verification information storage unit 54a and the second verification information are provided. The storage unit 54b or one of these may be provided in the SD memory card 40.

It is a conceptual diagram of the application predetermined process permission system 100 of this invention. It is a figure which shows the structure of the application predetermined process permission system 100 of this invention. It is a figure which shows the hardware constitutions of PHS12 (client terminal 2). It is a figure which shows the hardware constitutions of the application approval server 14 (management server 4). It is a figure which shows the example of the data memorize | stored in user registration DB78. It is a flowchart which shows the process which an application predetermined process permission program performs. It is a flowchart which shows the detail of the judgment process of application predetermined process permission. It is a flowchart which shows the process which an application predetermined process permission program performs. It is a figure which shows the hardware constitutions of PHS12 after installing an application. It is a flowchart which shows the process which an application starting permission program performs when starting the installed application. It is a figure which shows the hardware constitutions of PHS12 (client terminal 2) in other embodiment. It is a flowchart which shows the process which the application predetermined process permission program in other embodiment performs. It is a flowchart which shows the process which the application predetermined process permission program in other embodiment performs.

Explanation of symbols

100 ··· Application predetermined processing permission system 2 ··· Client terminal 4 ··· Administrator server 6 ··· Network 8 ··· Application
codeA ... Aircraft ID
codeB ... Application ID
En1... First encryption means En2... Second encryption means De1... First decryption means De2.
codeEn1 ··· First encryption machine ID
codeEn2 ... Second encryption machine ID
Ch1... First collation information Ch2... Second collation information

Claims (14)

In a system comprising a unique application ID assigned to each application and a client terminal having a unique machine ID that stores the application, and a management server capable of communicating with the client terminal via a network, An application predetermined processing permission program for permitting predetermined processing for an application stored in a client terminal via a network,
A process in which the client terminal transmits a first encrypted machine ID generated by encrypting the machine ID by a first encryption unit to the management server together with the application ID;
When the management server receives the first encryption machine ID and the application ID from the client terminal and permits a predetermined process in the client terminal for the application corresponding to the application ID, the first server A process of further encrypting the machine ID obtained by decrypting the encrypted machine ID by the first decryption means by the second encryption means, and transmitting the generated second encrypted machine ID to the client terminal;
The client terminal obtains the second verification information obtained by decrypting the second encrypted machine ID received from the management server by the second decryption means and the machine ID of the client terminal. A process for determining whether or not a predetermined process is permitted for the application by collating the first collation information with the first collation information;
An application predetermined process permission program for causing a computer to execute. In the application predetermined process permission program of claim 1,
The management server includes a registration information storage unit that stores the machine ID in association with the application ID, and whether or not the machine ID corresponding to the application ID received from the client terminal is stored in the registration information storage unit. When the machine ID corresponding to the application ID is not stored, the machine ID is associated with the application ID and stored in the registration information storage unit.
An application predetermined process permission program. In the application predetermined process permission program according to claim 1 or 2,
When the application of the client terminal receives a predetermined process input after the second time,
A second verification in which the second encrypted machine ID received by the client terminal from the management server and stored when the client terminal receives the first predetermined processing input is decrypted by a second decryption means. Determining whether or not the predetermined process is permitted by the application by comparing the information with the first verification information obtained by decrypting the encrypted machine ID stored in the verification information storage unit;
An application predetermined process permission program. In the application predetermined process permission program of claim 2,
When the client terminal application receives the first predetermined processing input,
The management server determines whether the application ID received from the client terminal is registered in the registration information storage unit. If the application ID is registered, the management server receives the first ID received from the client terminal. If the machine ID generated by decrypting one encrypted machine ID matches the machine ID corresponding to the application ID stored in the registration information storage unit, and if the machine ID does not match Do not send the second encryption machine ID to the client terminal;
An application predetermined process permission program. In the application predetermined process permission program according to any one of claims 1 to 4,
While the client terminal transmits the first encryption machine ID generated by encrypting the machine ID with the first encryption means to the management server together with the application ID, the machine body is used with the third encryption means. A third encrypted machine ID generated by encrypting the ID is stored in advance in the first verification information storage unit of the client terminal,
Second verification information obtained by decrypting the second encrypted machine ID received from the management server and stored in the second verification information storage unit by a second decryption means, and the first verification information storage Determining whether or not the predetermined processing by the application is permitted by collating the first collation information obtained by decrypting the third encrypted machine ID stored in the unit;
An application predetermined process permission program. In the application predetermined process permission program according to any one of claims 1 to 5,
The predetermined process is a process of executing installation of an application stored in the client terminal.
An application predetermined process permission program. In the application predetermined process permission program according to any one of claims 1 to 5,
The predetermined process is a process of starting an application in the client terminal;
An application predetermined process permission program. In the application predetermined process permission program in any one of Claims 1-7,
Transmission and reception by the client terminal and the management server are performed using email.
An application predetermined process permission program. In the application predetermined process permission program according to claim 1,
The client terminal is a portable terminal capable of wireless communication;
An application predetermined process permission program. In a system comprising a unique application ID assigned to each application and a client terminal having a unique machine ID that stores the application, and a management server capable of communicating with the client terminal via a network, An application predetermined processing permission program for permitting predetermined processing of an application to a client terminal via a network,
A process in which the client terminal receives a predetermined process input of an application via an input unit, and transmits an encrypted machine ID generated by encrypting the machine ID to the management server together with the application ID;
When the management server receives the encrypted machine ID and the application ID from the client terminal and permits predetermined processing in the client terminal for the application corresponding to the application ID, the management server decrypts the encrypted machine ID The machine ID obtained by decryption by the encryption means is further encrypted by the encryption means, and the generated encrypted machine ID is transmitted to the client terminal,
The client terminal collates second verification information obtained by decrypting the encrypted machine ID received from the management server and first verification information obtained by extracting the machine ID of the client terminal. A process for determining whether or not a predetermined process is permitted for the application,
An application predetermined process permission program for causing a computer to execute. The client terminal comprising: a unique application ID assigned to each application and a client terminal storing the application and having a unique machine ID; and a management server capable of communicating with the client terminal via a network An application predetermined processing permission system for permitting predetermined processing for an application in the network via a network,
A process in which the client terminal transmits a first encrypted machine ID generated by encrypting the machine ID by a first encryption unit to the management server together with the application ID;
When the management server receives the first encryption machine ID and the application ID from the client terminal and permits a predetermined process in the client terminal for the application corresponding to the application ID, the first server A process of further encrypting the machine ID obtained by decrypting the encrypted machine ID by the first decryption means by the second encryption means, and transmitting the generated second encrypted machine ID to the client terminal;
The client terminal obtains the second verification information obtained by decrypting the second encrypted machine ID received from the management server by the second decryption means and the machine ID of the client terminal. A process for determining whether or not a predetermined process is permitted for the application by collating the first collation information with the first collation information;
An execution permission system for causing a computer to execute. A client terminal having a unique application ID assigned to each application that can communicate with the management server via a network and a unique machine ID that stores the application,
Sending the first encrypted machine ID generated by encrypting the machine ID by the first encryption means together with the application ID to the management server;
Second verification information obtained by receiving the second encrypted machine ID from the management server and decrypting the second encrypted machine ID by the second decryption means, and the machine ID of the client terminal Judging whether or not the predetermined process for the application is permitted by collating the first collation information obtained by the extraction;
A client terminal characterized by that. A management server storing a unique application ID assigned to each application and a client terminal having a unique machine ID that stores the application, and capable of communicating via a network,
When receiving the first encryption machine ID and the application ID from the client terminal and permitting a predetermined process in the client terminal for an application corresponding to the application ID, the first encryption machine ID is set to The machine ID obtained by decryption by the first decryption means is further encrypted by the second encryption means, and the generated second encrypted machine ID is transmitted to the client terminal.
A management server characterized by that. The client terminal comprising: a unique application ID assigned to each application and a client terminal storing the application and having a unique machine ID; and a management server capable of communicating with the client terminal via a network An application predetermined processing permission method for permitting predetermined processing for an application in the network via a network,
The client terminal sends a first encrypted machine ID generated by encrypting the machine ID by a first encryption unit to the management server together with the application ID,
When the management server receives the first encryption machine ID and the application ID from the client terminal and permits a predetermined process in the client terminal for the application corresponding to the application ID, the first server The machine ID obtained by decrypting the encrypted machine ID by the first decryption means is further encrypted by the second encryption means, and the generated second encrypted machine ID is transmitted to the client terminal,
The client terminal obtains the second verification information obtained by decrypting the second encrypted machine ID received from the management server by the second decryption means and the machine ID of the client terminal. Determining whether or not the predetermined processing for the application is permitted by comparing the first verification information with the first verification information;
A predetermined processing permission method.

Images