JP2011113226A - Download device, content download system and content download method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a download device etc. for detecting the validity of a message received from a provider device or terminal equipment. <P>SOLUTION: The download device 11 generates a first authentication code according to a predetermined algorithm by using at least a part of content sales history received from a provider device 10 as a seed, holds a sales history with authentication code including the first authentication code and terminal equipment ID. When receiving a download request from terminal equipment 12, the download device 11 specifies from the held sales histories with authentication code, one sales history with authentication code by using a URI of a download source and the terminal equipment ID of the terminal equipment 12 which has made the download request, collates the first authentication code included in the specified sales history with authentication code with a second authentication code included in the URI of the download source, and transmits the requested content to the terminal equipment 12 only when collation succeeds. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a technology for causing a terminal device to download content purchased at a site on the Internet using the terminal device.

  A system that sells content such as videos, music, and electronic books on the Internet has become widespread, and a user uses a terminal device to access a provider device that is a server device that operates a site that sells content. , It is now possible to easily purchase content using sites that sell content.

  In a system for selling content on the Internet, the content is sold to a download device, which is a server device that stores various content sold by the provider device and transmits the charged content to the user terminal device. It is generally installed separately from the provider device operated by a certain site.

  Regardless of whether the content is purchased or not purchased, there are many users accessing the sales site operated by the provider device, processing related to user operations such as content search processing, and processing for transmitting content to the user terminal device In addition to reducing the load on the provider device, the maintenance cost of the download device can be reduced by providing a download device that can be used in common at a plurality of sites.

  However, if a download device is provided separately from the provider device, the content corresponding to the sales history received by the download device from the provider device is not included in the user terminal device, without going through the provider device that has charged the content purchased by the user. However, the validity of the terminal device that is the content transmission destination cannot be verified on the download device side, and some method is used to verify the validity of the terminal device that is the content transmission destination. It is necessary to enable verification on the download device side.

  As an invention for verifying the legitimacy of a terminal device that is a content transmission destination, for example, in Patent Document 1, when receiving a content purchase request from a provider device, URI information including an access key is generated. When the URI information is transmitted to the provider device and the URI information is received from the terminal device, the validity of the access key included in the URI information is determined. A server device for transmitting content is disclosed.

  Further, in Patent Document 2, when a video transmission device serving as a download device receives a video transmission request from a terminal device, whether or not the user of the terminal device has a right to reproduce the video information requested to be transmitted. A moving image transmission method is disclosed in which the moving image transmission is stopped when the user does not have the right to reproduce the moving image information requested to be transmitted to the authentication device.

Japanese Patent No. 3428979 Japanese Patent No. 4069652

  However, since the access key used in the invention of Patent Document 1 is generated on the download device side, there is a problem that the validity of the message received from the provider device or the terminal device cannot be verified on the download device side. The invention of Patent Document 2 is an invention for confirming the right of a user, and is not an invention for detecting the validity of a message received from a provider device or a terminal device.

  Accordingly, an object of the present invention is to provide a download device, a system, and a method that can detect the validity of a message received from a provider device or a terminal device.

  A first invention that solves the above-described problem is a download device that transmits content sold at a site operated by a provider device to a terminal device, the identifier of the content that has been charged and the identifier of the site And the terminal device identifier is received from the provider device, the first authentication code generated according to a predetermined algorithm using at least a part of the received sales history as a seed and the identifier of the terminal device are included. Authentication code holding means for holding a sales history with an authentication code, a second authentication code generated by the provider apparatus in the same procedure as the authentication code holding means, an identifier of the content included in the sales history, and the Download using the URI of the download source with at least the site identifier embedded When the download request is received from the terminal device, the content identifier, the site identifier, and the download request included in the URI of the download source from the sales history with the authentication code held by the authentication code holding means The sales history with one authentication code is specified using the identifier of the terminal device, and the first authentication code included in the specified sales history with the authentication code is used to include the sales history with the authentication code. Only when the second authentication code is collated and the collation is successful, a transmission means is provided for transmitting the content requested for download to the terminal device that requested the download.

  According to the first invention, the terminal device used by the user is uniquely determined by the identifier of the terminal device, and the site and the content are uniquely determined by the identifier of the site and the identifier of the content, respectively. Therefore, by using the site identifier, the content identifier, and the terminal device identifier received from the terminal device when receiving the download request, the sales history with the authentication code corresponding to the download request is specified. The first authentication code included in the sales history with the authentication code corresponding to the download request is collated with the second authentication code received from the terminal device when the content download request is received. By doing so, when the download device receives a download request, It is possible to verify the validity of the message received from the terminal apparatus.

  For example, if the identifier of the content received from the terminal device when the download request is received is falsified, the sales history with the authentication code cannot be specified, or the sales history with the authentication code is specified incorrectly. Therefore, the verification of the second authentication code using the first authentication code fails.

  Further, in the second invention, when the authentication code holding means of the download device receives the second authentication code and the sales history from the provider device after holding the first authentication code, the authentication code holding means receives the second authentication code and the sales history. The sales history with the authentication code corresponding to the received sales history is identified from the sales history with the authentication code held by the code holding means, and is included in the sales history with the authentication code, so that the second The content transmission means of the download device holds an authentication code, and the content transmission means of the download device includes the second authentication code obtained from the URI of the download source and is included in the identified sales history with the authentication code. The authentication code of 2 is also verified, and only when the two verifications are successful, the terminal that requested the download of the content requested to be downloaded. A download device according to the first invention, characterized by transmitting device.

  According to the second invention, since the second authentication code received by the download device from the provider device is generated on the provider device side based on at least a part of the sales history, the download device comprises: By collating the second authentication code received from the provider device, the download device can verify the validity of the sales history of the content before transmitting the content.

  Further, in the third invention, the authentication code holding means of the download device uses the identifier of the content and the identifier of the terminal device included in the sales history received from the provider device as a seed of the first authentication code. The download device according to the first invention or the second invention, wherein the download device is included in the first invention.

  The sales history generated by the provider device includes items other than the content identifier and the site identifier, but the download device transmits the content sold at the site to the terminal device. Considering that it is a device that performs this, the minimum contents to be verified on the download device side are the content identifier and the site identifier included in the sales history.

  Further, the fourth invention is characterized in that the authentication code holding means of the download device includes a sales date and time included in the sales history received from the provider device in a seed of the first authentication code. A download device according to a third aspect of the invention.

  If only the content identifier and the site identifier included in the sales history are used as seeds when generating an authentication code, if the content identifier and the site identifier are the same, the sales history is different. However, since the value of the authentication code becomes the same value, it is desirable that the seed when generating the authentication code includes variable information that differs for each sales history, and the variable information is included in the sales history. Use the sales date.

  Furthermore, the fifth invention is a content download system comprising at least a provider device that operates a site selling content and a download device that transmits the content sold on the site to the terminal device. When the provider device receives the content purchase request from the terminal device accessing the site, the provider device generates a sales history including the identifier of the content that has been charged and the identifier of the site, and the terminal that requested the purchase After transmitting the device identifier and the sales history to the download device, a second authentication code is generated according to a predetermined algorithm using at least a part of the sales history as a seed, and the content identifier included in the sales history And the identifier of the site and the second authentication code The download device includes a sales unit that transmits the embedded URI of the download source to the terminal device, and the download device generates the sales history and the identifier of the terminal device from the provider device in the same procedure as the provider device. An authentication code holding means for holding a sales history with an authentication code including the first authentication code and the identifier of the terminal device; and upon receiving a download request using the URI of the download source, the authentication code holding means One sale with an authentication code using the identifier of the content and the identifier of the site included in the URI of the download source and the identifier of the terminal device that requested the download from the held sales history with the authentication code Identify the history and add to the identified sales history with the authentication code. Only when the second authentication code included in the URI of the download source is collated and the collation is successful, the terminal device that requested the download of the content requested to download is used. A content download system comprising a transmitting means for transmitting.

  Further, according to a sixth aspect of the present invention, the selling means of the provider device transmits the download origin URI to the terminal device, and the sales history and second information used for generating the second authentication code. The authentication code holding means of the download device receives the second authentication code and the sales history from the provider device after holding the first authentication code. The sales history with the authentication code corresponding to the received sales history is specified from the sales history with the authentication code held by the authentication code holding means and included in the specified sales history with the authentication code. The second authentication code is stored, and the transmission means of the download device receives the second authentication code obtained from the URI of the download source. In addition to the authentication code, the second authentication code included in the identified sales history with the authentication code is also verified, and the terminal that has requested the download of the content requested to be downloaded only when two verifications are successful A content download system according to a fifth aspect of the present invention, wherein the content download system transmits to a device.

  Further, according to a seventh aspect of the invention, the selling means of the provider device includes the content identifier and the site identifier included in the sales history in a seed of the second authentication code, The authentication code holding means includes the content identifier and the site identifier included in the sales history received from the provider device in the seed of the first authentication code. The content download system according to the sixth aspect of the invention.

  Further, according to an eighth aspect of the invention, the selling means of the provider device includes the sale date and time of the content included in the sales history in the seed of the second authentication code, and the authentication code holding means of the download device. The content download system according to the seventh aspect, wherein the date of sale of the content included in the sales history received from the provider device is included in the seed of the first authentication code.

  Further, the ninth invention provides a provider device that operates a site that sells content, a terminal device that is used when accessing the site, and transmits the content sold at the site to the terminal device. A content download method using a download device, wherein when the provider device receives a purchase request for the content from a terminal device accessing the site, the provider device includes an identifier of the content that has been charged and an identifier of the site After generating the sales history of the content and transmitting the identifier of the terminal device requested for purchase and the sales history to the download device, a second authentication code is obtained according to a predetermined algorithm using at least a part of the sales history as a seed. Generated and included in the sales history and the identifier of the content and the support. A download source URI including at least the second identifier and the second authentication code embedded in the terminal device, and when the download device receives the sales history and the terminal device identifier from the provider device, Step b for holding a sales history with an authentication code in which the first authentication code generated in the same procedure as the provider device and the identifier of the terminal device are included in the sales history, and the download device stores the URI of the download source Upon receiving the download request used, the content identifier and the site identifier included in the download source URI, and the terminal device that requested the download from the sales history with the authentication code held by the download device One such authentication using the identifier of The sales history with a code is identified, and the first authentication code included in the identified sales history with the authentication code is used to verify the second authentication code included in the URI of the download source, and the verification is successful. The content download method is characterized in that step c is transmitted only when the content requested for download is transmitted to the terminal device that requested the download.

  Furthermore, in a tenth aspect of the present invention, in the step a, the provider device sends the download history URI used to generate the second authentication code before sending the download source URI to the terminal device. When the download device receives the second authentication code and the sales history from the provider device in step b, the download device holds the authentication code held by the download device. The sales history with an authentication code corresponding to the received sales history is specified from the sales history with code, and the second authentication code is held by being included in the specified sales history with the authentication code, In c, the download device uses the second authentication code obtained from the URI of the download source. In addition, the second authentication code included in the identified sales history with the authentication code is also verified, and the content requested for download is transmitted to the terminal device that requested the download only when two verifications are successful. The content download method according to the ninth aspect is characterized by the above.

  Further, in an eleventh aspect of the invention, in step a, the provider device includes the content identifier and the site identifier included in the sales history in a seed of the second authentication code, and in step b. The download device causes the seed of the first authentication code to include the content identifier and the site identifier included in the sales history received from the provider device. The content download method according to the tenth invention.

  Furthermore, in a twelfth aspect of the invention, in the step a, the provider device includes the sale date and time of the content included in the sales history in a seed of the second authentication code, and in the step b, the download device The content download method according to the eleventh aspect of the invention is characterized in that the sale date and time of the content included in the sales history received from the provider device is included in the seed of the first authentication code.

  The fifth to eighth inventions relate to the content download system. According to the fifth to eighth inventions, the same effects as the first to fourth inventions can be obtained. it can. The ninth to twelfth inventions relate to a content download method. According to the ninth to twelfth inventions, the same effects as the first to fourth inventions can be obtained. it can.

  As described above, according to the present invention, it is possible to provide a download device, a system, and a method that can detect the validity of a message received from a provider device or a terminal device.

The figure explaining the structure of a content download system. The figure explaining the hardware with which the server apparatus was equipped. The block diagram of a provider apparatus and a download apparatus. The flowchart of the process performed when selling a content. The figure explaining the web page which displays the list of contents. The figure explaining the web page explaining the detail of a content. The figure explaining the web page for content purchase confirmation. The figure explaining the web page for download. The figure explaining the content of the sales history with an authentication code. The figure explaining URI of download origin.

  From this, the embodiments of the present invention will be described to the extent that those skilled in the art of the present invention can understand the contents of the present invention and implement the present invention.

  FIG. 1 is a diagram illustrating a configuration of a content download system 1 according to the present embodiment. The content download system 1 illustrated in FIG. 1 is a system developed for a system for selling content. The content download system 1 illustrated in FIG. 1 includes at least the Internet 13 as a network, and is a terminal possessed by a user. The device 12, the provider device 10 on which a sales site (for example, an electronic book site) for selling content such as moving images, music, and electronic books is sold on the Internet 13, and a number of products sold on the sales site A download device 11 that stores content and transmits content purchased by a user at a sales site to the terminal device 12 is included.

  If the download device 11 for transmitting content is provided separately from the provider device 10 as in the content download system 1 illustrated in FIG. 1, the sales site is used without using the provider device 10 that sells the content. Since the download device 11 receives the download request for the content purchased by the user from the terminal device 12, the download device 11 cannot verify the validity of the download request received from the terminal device 12, and When transmitting content to the terminal device, there is a problem that the validity of the sales history of the content cannot be verified on the cache device 11 side.

  There are various methods for solving this problem. However, in the content download system 1 shown in FIG. 1, the validity of the download request received from the terminal device 12 and the validity of the sales history of the content transmitted to the terminal device 12 are verified. For the verification, an authentication code generated based on the sales history of the content transmitted to the terminal device 12 is used.

  When the billing process for the content ends normally, a content sales history is generated on the provider device 10 side and transmitted to the download device 11, and a first authentication code is generated on the download device 11 side based on the content sales history. The provider device 10 also generates a second authentication code based on the content sales history, and the second authentication code is embedded in the URI (Uniform Resource Identifier) of the content download source to provide the provider device. 10 to the terminal device 12.

  When the terminal device 12 requests the download device 11 to download the content using the URI of the download source, the download device 11 sends the second authentication code obtained by disassembling the URI of the download source and the download request. The validity of the download request received from the terminal device 12 is verified by collating the first authentication code generated on the download device 11 side based on the sales history of the content that has been set.

  If the provider device 10 transmits the second authentication code to the download device 11 when the second authentication code is generated, it is received from the provider device 10 when the download device 11 receives a download request. The second authentication code is verified on the download device 11 side, and the validity of the sales history of the content requested to be downloaded can be verified.

  From here, each apparatus which comprises the content download system 1 illustrated in FIG. 1 is demonstrated. The terminal device 12 used by the user of the content download system 1 has a function as an Internet terminal, and a computer program (here, a browser) for browsing a web page published on the Internet 13 is implemented. A general-purpose device can be used. Specifically, a commercially available device such as a mobile phone, a smartphone, or a personal computer can be used as the terminal device 12.

  The provider device 10 and the download device 11 of the content download system 1 are servers realized by using a commercially available server device, and the commercially available server device has hardware as illustrated in FIG. Is common.

  FIG. 2 is a diagram illustrating hardware provided in the server device 2 used as the provider device 10 and the download device 11.

  A commercially available server device includes, as hardware, a CPU 2a (CPU: Central Processing Unit), a ROM 2b (ROM: Read-Only Memory) on which a BIOS is mounted, and a RAM 2c (RAM: Random Access Memory) which is a main memory of a computer. ), A large-capacity data storage device 2d (for example, a hard disk) as an external storage device, an input / output interface 2e for data communication with an external device, a network interface 2f for network communication, a display 2g, and characters An input device 2h and a pointing device 2i are provided.

  The data storage device 2d of the server device 2 used as the provider device 10 is mounted with a computer program for functioning as the provider device 10 according to the present invention, and is stored in the data storage device 2d of the server device 2 used as the download device 11. Is implemented with a computer program for functioning as the download device 11 according to the present invention. In addition to the data storage device 2d, the server device 2 used as the download device 11 is connected to a storage system capable of storing a large number of contents and reducing the time until the contents can be transmitted after receiving a download request. In general.

  FIG. 3 is a block diagram of the provider device 10 and the download device 11 included in the content download system 1.

  As shown in FIG. 3 (a), the provider device 10 operating the content sales site operates the sales means 100 for selling content and the terminal device 12 as functions realized by a computer program. A user authentication unit 101 for authenticating a user and a charging unit 102 for executing a charging process related to the sale of the content are provided. The sales unit 100 for selling the content includes a second one based on the sales history of the content for which the charging process has been completed. The function of generating the authentication code is provided.

  The user authentication unit 101 provided in the provider apparatus 10 is a unit for authenticating a user who purchases content. A specific method of user authentication may be used, but a user ID for identifying the user and a user password are input. A technique of displaying a web page on the terminal device 12 and collating a password transmitted from the terminal device 12 is widely used.

  Further, the charging unit 102 provided in the provider apparatus 10 is a unit for executing a charging process related to the sale of content, and a specific method of the charging process may be arbitrary. When credit settlement is used for billing processing related to the sale of content, the billing means 102 provided in the provider apparatus 10 transmits credit information such as a credit number input by the user to the credit company server, thereby allowing the user to Becomes a means to settle the purchased content. Further, when the points on the sales site are used for the billing process related to the sale of the content, the billing means 102 provided in the provider apparatus 10 determines the amount of the content from the point balance possessed by the user input at this time. This is a means for subtracting points corresponding to.

  The selling device 100 provided in the provider device 10 is a device for selling content to the user by switching the web page displayed on the terminal device 12 in accordance with the operation received from the user. The selling device 100 is provided in the provider device 10. The details of the selling means 100 will be described following the procedure executed when selling the content.

  From here, the download apparatus 11 which comprises the content transmission content shown in FIG. 1 is demonstrated. As illustrated in FIG. 3B, the download device 11 storing a plurality of contents is received as a database (DB: DataBase) from the content DB 112 storing contents of various genres and the provider device 10. A sales history DB 113 for storing a sales history and an authentication code DB 114 for storing a sales history with an authentication code, which is a sales history including the first authentication code generated based on the sales history received from the provider device 10, are provided. As a function realized by the computer program, a first authentication code is generated based on the sales history received from the provider device 10, and the sales history with the authentication code that is the sales history including the first authentication code is authenticated. Authentication code holding means 110 stored in the code DB 114 and the terminal device 12 A content transmission unit 111 to transmit the content received the download request to the terminal device 12 is provided.

  The content DB 112 provided in the download device 11 can transmit the content sold on the sales site, the content creator, the publisher, the tax-included price, the content ID that is the content identifier, and the content in addition to the content main body. Information indicating whether or not the attribute information is added and stored as attribute information.

  In addition, the sales history DB 113 provided in the download device 11 stores the sales history transmitted from the provider device 10, and the sales history with an authentication code stored in the authentication code DB 114 provided in the download device 11 includes: In addition to the sales history received from the provider device 10, a first authentication code generated based on the sales history and a terminal device ID that is an identifier of the terminal device 12 used when purchasing content corresponding to the sales history are included. When the download device 11 receives the second authentication code from the provider device 10, the second authentication code received from the provider device 10 is added to the sales history with the authentication code stored in the authentication code DB 114.

  From here, the sales unit 100 provided in the provider device 10 and the authentication code holding unit 110 and the content transmission unit 111 provided in the download device 11 will be described in detail while explaining the processing executed when selling the content. Explained. Note that the description of the process executed when selling the content also serves as the description of the invention relating to the method.

  FIG. 4 is a flowchart of processing executed when selling content. When the user starts a browser on the terminal device 12 and accesses a sales site operated by the provider device 10 (S1), the sales means 100 of the provider device 10 displays a web for displaying contents sold at the sales site. The page is transmitted to the terminal device 12.

  FIG. 5 is a diagram for explaining the web page 3a that displays a list of contents that are included in the web page for content display and sold on the sales site. In FIG. 5, the content is an electronic book, and as shown in FIG. 5, the web page 3 a displaying the content list includes one search button 3 a 1 for searching by keyword or genre, and one included in the search result. The content list 3a2 is displayed, and a link to a web page explaining the details of the contents is pasted on the text 3a3 explaining the outline of the contents.

  When the text 3a3 of the content that the user wants to purchase (here, novel 1) is clicked on the browser, the web page displayed on the browser jumps to the link destination affixed to the text, and the user purchases. A web page describing details of the content desired to be displayed is displayed on the terminal device 12.

  FIG. 6 is a diagram for explaining a web page 3b for explaining details of contents. The web page 3b illustrated in FIG. 6 displays a button 3b2 to be clicked when purchasing content in addition to an image of the content (here, novel 1) selected by the user and a detailed description 3b1. .

  The HTML that displays the button 3b2 illustrated in FIG. 6 includes a URI that describes the host name of the provider device 10, the name of a program that executes processing related to the purchase of the content, and the content of the content that is displayed in FIG. An element for delivering the ID to the provider apparatus 10 is included.

  When the button 3b2 illustrated in FIG. 6 is clicked, a message related to a content purchase request specified by the delivered content ID is transmitted from the terminal device 12 to the provider device 10, whereby the terminal device 12 sends the provider A content purchase request is made to the apparatus 10 (S3), and the message includes at least the name of a program that executes processing related to the content purchase and the content ID of the content purchased by the user.

  Upon receiving a content purchase request from the terminal device 12, the selling means 100 of the provider device 10 starts processing related to content purchase, and first receives a purchase request from the terminal device 12 as processing related to content purchase. A request for content transmission confirmation is made to the download device 11 (S4). Here, the transmission confirmation request for the content received from the terminal device 12 is requested to sell the content for the convenience of the content creator (for example, publisher) regardless of the convenience of the sales site operator. This is because may be stopped.

  When the provider device 10 requests the download device 11 to confirm the transmission of the content, the site ID of the sales site operated by the provider device 10, the content ID of the content, the format of the content, the sales price of the content, etc. 10 to the download device 11.

  When the content transmission unit 111 of the download device 11 receives a content transmission confirmation request from the provider device 10, the content transmission unit 111 refers to the content DB 112 to confirm whether or not the content requested for transmission confirmation is valid, and requests for content transmission confirmation. The content transmission confirmation result is transmitted to the provider apparatus 10 that has been performed (S5).

  When the transmission confirmation result received from the download device 11 indicates that the content is valid, the selling means 100 of the provider device 10 dynamically generates a purchase confirmation web page for the requested content. Then, the purchase confirmation web page for the requested content is transmitted to the terminal device 12 (S6), and the content purchase confirmation web page is displayed on the browser of the terminal device 12 (S7).

  FIG. 7 is a diagram for explaining a web page 3c for content purchase confirmation. The content purchase confirmation web page 3c illustrated in FIG. 7 is used for canceling the content purchase and the button 3c2 used for determining the content purchase, in addition to the content title, sales price, and the like 3c1. Button 3c3 is displayed.

  The HTML for displaying the button 3c2 used for determining the purchase of the content includes a URI in which the host name of the provider device 10, the name of the program that executes the billing process for the content purchase, and the content purchase confirmation are displayed. An element for delivering the content ID of the content displayed on the web page 3c and the terminal device ID of the terminal device 12 to the provider device 10 is included.

  As a method for acquiring the terminal device ID which is an identifier of the terminal device 12, there is a method in which a cookie to be stored in the browser of the terminal device 12 by the provider device 10 is stored in a personal computer. In the case of a smartphone, an attribute for transmitting an individual identification number stored in a USIM mounted on a mobile phone or a smartphone may be described in HTML that displays a button 3c2 used for determining content purchase. .

  When the button 3c2 illustrated in FIG. 7 is clicked, a message related to the charging process for the content purchase is transmitted from the terminal device 12 to the provider device 10, whereby the terminal device 12 charges the provider device 10 for the content purchase. A processing request is made (S8), and the message includes at least the name of the computer program that executes the charging processing for the content purchase, the content ID, and the terminal device ID.

  When a billing processing request for content purchase is received from the terminal device 12, the sales unit 100 of the provider device 10 first activates the user authentication unit 101, and the user authentication unit 101 authenticates the user who operates the terminal device 12. If successful, the charging unit 102 of the provider apparatus 10 is activated to execute the charging process for the content purchase (S9).

Upon receiving from the billing unit 102 that the billing process for the content that the user wishes to purchase is completed, the selling unit 100 of the provider apparatus 10
・ Site ID that is the identifier of the sales site
-Content ID that is the content identifier
Sales date and time when content billing processing ends. Sales history of content including the sales price of the sold content is generated, and the generated sales history and the terminal device ID delivered from the terminal device 12 are displayed. It transmits to the download device 11 (S10).

  When the sales history and the terminal device ID are transmitted from the provider device 10, the authentication code holding means 110 of the download device 11 stores the sales history in the sales history DB 113 (S11), and then receives the sales received from the provider device 10. Authenticate the sales history with an authentication code that is the sales history including the first authentication code generated according to a predetermined algorithm and the terminal device ID received from the provider device 10 with the content ID and site ID included in the history as seeds. By storing it in the code DB 114, the first authentication code is held (S12).

  If the same content is sold at the same sales site, the first authentication code based on the sales history will have the same value even though the sales history is different. Is included in the seed of the first authentication code, the value of the first authentication code can be changed even in the case described above.

  The algorithm for generating the first authentication code can be arbitrarily selected, and it is preferable to use a hash function as the algorithm. However, when it is desired to increase security, an algorithm using an encryption key may be used. If the provider device 10 and the download device 11 can have a common encryption key, a MAC (Message Authentication Code) may be used for the algorithm.

  The sales unit 100 of the provider device 10 transmits the sales history of the content for which the charging process has been completed to the download device 11 in S10 of FIG. 4, and then uses the sales history transmitted to the download device 11 to obtain the second authentication code. The sales history used when the second authentication code is generated and the second authentication code are transmitted to the download device 11 (S13). The contents of the second authentication code generated by the sales unit 100 of the provider device 10 are the same as the authentication code holding unit 110 of the download device 11. Here, the sales unit 100 of the provider device 10 uses the second authentication code. The details to be generated will not be described.

  When the sales history and the second authentication code are transmitted from the provider device 10, the authentication code holding means 110 of the download device 11 receives the sales history and the sales history with the authentication code stored in the authentication code DB 114. The matching sales history with the authentication code is searched, and the second authentication code received from the provider apparatus 10 is held by including the authentication code secondly in the searched sales history with the authentication code (S14).

  FIG. 9 is a diagram for explaining the contents of the sales history with an authentication code stored in the authentication code DB 114. FIG. 9A is a diagram for explaining the sales history with authentication code 4a stored in the authentication code DB 114 after the download device 11 generates the first authentication code, as shown in FIG. 9A. After the download device 11 generates the first authentication code, the sales history with authentication code stored in the authentication code DB 114 includes the terminal device ID and the first authentication code in addition to the sales history.

  FIG. 9B is a diagram for explaining the sales history 4b with an authentication code stored in the authentication code DB 114 after the download device 11 receives the second authentication code from the provider device 10. As illustrated, when the download device 11 receives the second authentication code from the provider device 10, the second authentication code is added to the searched sales history with authentication code 4a, and the sales history with authentication code 4b includes: In addition to the sales history, the terminal device ID, the first authentication code, and the second authentication code are included.

  When the sales means 100 of the provider device 10 generates a second authentication code from the sales history of the content for which the accounting process has been completed and transmits it to the download device 11, the content ID of the content purchased by the user, the sales site ID of the sales site, and A download source URI in which at least the second authentication code is embedded is generated, a download web page including the download source URI is dynamically generated, and the download web page is transmitted to the terminal device 12 (S15). The web page for download is displayed on the browser of the terminal device 12 (S16).

  FIG. 8 is a diagram for explaining a download web page. The download web page 3d shown in FIG. 8 includes a button 3d2 for downloading the content purchased by the user to the terminal device 12 in addition to the detailed content 3d1 of the content purchased by the user, and the content of the content purchased by the user. A button 3d3 for canceling the download is included.

  The HTML for displaying the button 3d2 for downloading the content purchased by the user to the terminal device 12 is used to deliver the URI of the download source of the content purchased by the user and the terminal device ID of the terminal device 12 to the download device 11. Contains elements.

  FIG. 10 is a diagram for explaining the URI of the download source of the content purchased by the user. As shown in FIG. 10, a scheme (http: //) indicating that http is used for the URI of the download source of the content purchased by the user, and the host name (www.downloadserver.xxx) of the download device 11 And the name of the computer program that downloads the content (download), the site ID of the sales site where the user purchased the content (SiteID = XXXX), and the content ID of the content purchased by the user (ContentID) = YYYYYYYY) and a second authentication code (AuthenticationCode2 = ZZZZ) generated on the provider apparatus 10 side.

  When the button 3d2 illustrated in FIG. 8 is clicked, a message related to a download request for content purchased by the user is transmitted from the terminal device 12 to the download device 11, so that the content is downloaded from the terminal device 12 to the download device 11. A request is made (S17), and the message includes the terminal device ID of the terminal device 12 that requested the download in addition to the URI path of the download source.

  When a content download request is received from the terminal device 12, the content transmission unit 111 of the download device 11 first searches the authentication code DB 114 for a sales history with an authentication code corresponding to the content specified by the URI of the download source. The first authentication code used for verification is acquired (S18).

  As described above, the site ID and content ID added to the URI of the download source and the terminal device ID are used for searching the sales history with the authentication code. The content transmission means 111 of the download device 11 includes the site ID and content ID obtained by disassembling the URI of the download source in the sales history, and includes an authentication code including the terminal device ID delivered from the terminal device 12 The sales history is searched from the authentication code DB 114.

  When the content transmission unit 111 of the download device 11 searches the authentication code DB 114 for the sales history with an authentication code corresponding to the download request, the content transmission unit 111 uses the first authentication code included in the searched sales history with the authentication code to download the content. The second authentication code obtained by disassembling the URI is compared with the second authentication code added to the searched sales history with the authentication code (S19).

  Since the terminal device 12 used by the user is uniquely determined by the terminal device ID, the sales site where the user purchased the content is uniquely determined by the site ID, and the content purchased by the user is uniquely determined by the content ID. The sales history with the authentication code corresponding to the download request can be uniquely specified from the content ID, the site ID and the terminal device ID received from the terminal device 12 when receiving the request. By comparing the first authentication code included in the history with the second authentication code received from the terminal device 12 when the content download request is received, the download device receives the download request when the terminal receives the download request. The validity of the message received from the device can be verified.

  Further, since the second authentication code received by the download device 11 from the provider device 11 is generated on the provider device 11 side based on at least a part of the sales history, the download device 11 receives the second authentication code received from the provider device 10. By verifying the authentication code of 2, the validity of the message received from the provider device 10, that is, the sales history can be verified.

  When the content transmission unit 111 of the download device 11 succeeds in each collation, the content DB 112 searches the content DB 112 for content corresponding to the content ID obtained by decomposing the URI of the download source, and starts transmitting the content to the terminal device 12. However, if the content transmission unit 111 of the download device 11 fails in any of the collations, the procedure illustrated in FIG. 4 ends without transmitting the content.

  When the content is transmitted from the download device 11 to the terminal device 12, the terminal device 12 starts downloading the content received from the download device 11. When the content download is completed, the content is transmitted by the browser function of the terminal device 12. The download completion request is transmitted to the download device 11 (S21).

  The content transmission unit 111 of the download device 11 receives a download completion request from the terminal device 12, generates a completion notification indicating that transmission of the content transmitted to the terminal device 12 is completed (S22), and sends the generated completion notification. When the transmission is transmitted to the provider apparatus 10 and the provider apparatus 10 receives the completion notification (S23), the procedure illustrated in FIG. 4 ends.

DESCRIPTION OF SYMBOLS 1 Content download system 10 Provider apparatus 100 Sales means 101 User authentication means 102 Billing means 11 Download apparatus 110 Authentication code holding means 111 Content transmission means 112 Content DB
113 Sales history DB
114 Authentication code DB
12 Terminal device 13 Internet

Claims (12)

A download device for transmitting content sold on a site operated by a provider device to a terminal device,
When the sales history including the identifier of the content that has been charged and the identifier of the site and the identifier of the terminal device are received from the provider device, at least a part of the received sales history is generated as a seed according to a predetermined algorithm. Authentication code holding means for holding a sales history with an authentication code including an authentication code of 1 and an identifier of the terminal device;
The provider device uses the second authentication code generated by the same procedure as the authentication code holding means, and the URI of the download source in which at least the content identifier and the site identifier included in the sales history are embedded. When a download request is received from the terminal device, the content identifier and the site identifier included in the download source URI and the download request from the sales history with the authentication code held by the authentication code holding means The sales history with one authentication code is specified using the identifier of the terminal device, and the first authentication code included in the specified sales history with the authentication code is used to include the sales history with the authentication code. Only if the second authentication code is verified and verification is successful, Downloads apparatus characterized by comprising a transmitting means for transmitting to said terminal device download request the content that has been unload request.   When the authentication code holding means of the download device receives the second authentication code and the sales history from the provider device after holding the first authentication code, the authentication code holding means holds the second authentication code and the sales history. From the sales history with the authentication code, the sales history with the authentication code corresponding to the received sales history is specified, and the second authentication code is held in the specified sales history with the authentication code, In addition to the second authentication code obtained from the URI of the download source, the transmission means of the download device also checks the second authentication code included in the identified sales history with the authentication code. Only when two verifications are successful, the content requested to be downloaded is transmitted to the terminal device that requested the download. Wherein, download device according to claim 1.   The authentication code holding means of the download device includes an identifier of the content and an identifier of the terminal device included in the sales history received from the provider device in a seed of the first authentication code. The download device according to claim 1 or 2.   The download according to claim 3, wherein the authentication code holding means of the download device includes a sales date and time included in the sales history received from the provider device in a seed of the first authentication code. apparatus. A content download system comprising at least a provider device that operates a site selling content and a download device that transmits the content sold on the site to the terminal device,
When the provider device receives a purchase request for the content from a terminal device that has accessed the site, the provider device generates a sales history including the identifier of the content that has been charged and the identifier of the site. After transmitting the identifier and the sales history to the download device, the second authentication code is generated according to a predetermined algorithm using at least a part of the sales history as a seed, and the identifier of the content included in the sales history and the Sales means for transmitting to the terminal device a download source URI embedded with at least the site identifier and the second authentication code;
When the download device receives the sales history and the identifier of the terminal device from the provider device, the download device sells the first authentication code generated in the same procedure as the provider device and the authentication code including the identifier of the terminal device. Upon receiving a download request using the authentication code holding means for holding the history and the URI of the download source, from the sales history with the authentication code held by the authentication code holding means to the URI of the download source One sales history with an authentication code is specified using the identifier of the content and the identifier of the site and the identifier of the terminal device that requested the download, and the first sales history with the authentication code is included in the specified sales history with the authentication code Using the authentication code, the second included in the URI of the download source Collates the authentication code, only when succeeding in the verification, the content download system which is characterized in that it comprises transmitting means for transmitting to said terminal device download request the content downloaded requested. The sales unit of the provider device transmits the sales history and the second authentication code used for generating the second authentication code to the download device before transmitting the URI of the download source to the terminal device. Send
When the authentication code holding means of the download device receives the second authentication code and the sales history from the provider device after holding the first authentication code, the authentication code holding means holds the second authentication code and the sales history. From the sales history with the authentication code, the sales history with the authentication code corresponding to the received sales history is specified, and the second authentication code is held in the specified sales history with the authentication code, In addition to the second authentication code obtained from the URI of the download source, the transmission means of the download device also checks the second authentication code included in the identified sales history with the authentication code. Only when two verifications are successful, the content requested to be downloaded is transmitted to the terminal device that requested the download. Wherein, the content download system according to claim 5.   The sales unit of the provider device includes the content identifier and the site identifier included in the sales history in a seed of the second authentication code, and the authentication code holding unit of the download device includes the provider The content download system according to claim 5 or 6, wherein the content identifier and the site identifier included in the sales history received from a device are included in a seed of the first authentication code. .   The sales unit of the provider device includes the sale date and time of the content included in the sales history in the seed of the second authentication code, and the authentication code holding unit of the download device has received from the provider device 8. The content download system according to claim 7, wherein the date of sale of the content included in the sales history is included in a seed of the first authentication code. Content download using a provider device that operates a site selling content, a terminal device used when accessing the site, and a download device that transmits the content sold on the site to the terminal device A method,
When the provider device receives a purchase request for the content from a terminal device that has accessed the site, the provider device generates a sales history of the content including the identifier of the content that has been charged and the identifier of the site, and the purchase request is made After transmitting the identifier of the terminal device and the sales history to the download device, the second authentication code is generated according to a predetermined algorithm using at least a part of the sales history as a seed, and the identifier of the content included in the sales history Transmitting a URI of the download source embedded with at least the identifier of the site and the second authentication code to the terminal device a,
When the download device receives the sales history and the identifier of the terminal device from the provider device, the first authentication code generated in the same procedure as the provider device and the identifier of the terminal device are included in the sales history. Step b for maintaining a sales history with an authentication code,
When the download device receives a download request using the URI of the download source, an identifier of the content included in the URI of the download source from the sales history with the authentication code held by the download device, and One download history with an authentication code is identified using the identifier of the site and the identifier of the terminal device that requested the download, and the download is performed using the first authentication code included in the identified sale history with the authentication code. The second authentication code included in the original URI is collated, and only when the collation is successful, the content requested to be downloaded is transmitted to the terminal device that requested the download c.
A content download method characterized in that is executed. In the step a, the provider device transmits the sales history and the second authentication code used for generating the second authentication code to the download device before transmitting the URI of the download source to the terminal device. To
In the step b, when the download device receives the second authentication code and the sales history from the provider device, the download device receives the sales received from the sales history with the authentication code held by the download device. Identifying the sales history with the authentication code corresponding to the history, including the second authentication code by including it in the identified sales history with the authentication code,
In step c, in addition to the second authentication code obtained from the URI of the download source, the download device also checks the second authentication code included in the identified sales history with the authentication code. The content download method according to claim 9, wherein the content requested to be downloaded is transmitted to the terminal device that requested the download only when two collations are successful.   In step a, the provider device includes the content identifier and the site identifier included in the sales history in a seed of the second authentication code. In step b, the download device The content download method according to claim 9 or 10, wherein the content identifier and the site identifier included in the sales history received from a device are included in a seed of the first authentication code. . In the step a, the provider device includes the sale date and time of the content included in the sales history in the seed of the second authentication code, and in the step b, the download device receives the content from the provider device. 12. The content download method according to claim 11, wherein a sale date and time of the content included in the sales history is included in a seed of the first authentication code.

Images