JP2017151795A - Distribution information management method and distribution information management program for hierarchically managing information under offline authentication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To perform flexible data update by hierarchically managing information under offline authentication requiring no license server.SOLUTION: A distribution information management method includes managing information at a distribution source and a distribution destination by using middle data 10 for configuring and managing authentication data 11 for authenticating a user of content 100 and the content 100, a dataset 200 for storing the authentication data 11 and the content 100 and a specific viewer 30 for making the content 100 available. The middle data 10 includes a place where a launch manager 20 for managing the start of the viewer 30 is stored and a period when the launch manager 20 is available and unique information of a device available by the launch manager 20. Also, an environment editor 40 whose start is separately managed by the launch manager 20 provides means for registering and editing the middle data 10 and the dataset 200.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a method for managing distribution information from a content provider to a provider and a program therefor.

  Conventionally, a content distribution system for managing users of distributed content is known. For example, according to the invention disclosed in Patent Document 1, in a content distribution system in which authorized user information corresponding to a user permitted to use the content is associated with the content to be distributed, the user terminal If the user identification information to be identified and the authorized user information are not in a predetermined relationship, the user identification information and the authorized user information are transmitted to the server. The server generates user-related information using the received user identification information and permitted user information as a distribution destination and a distribution source, respectively, and generates new permitted user information so as to have a predetermined relationship with the user identification information. Provide to the terminal. Then, the user terminal that has acquired the new authorized user information changes the authorized user information to the newly authorized user information.

JP 2009-2111249 A

  By the way, for content providers, we want them to use the content freely, but do not want to use it outside of the provider, so that the user company of the provider will introduce a new authentication system. There is a problem that it is not possible, but we want to update the data as appropriate, but still obsolescence is inevitable. On the other hand, for user companies, we don't want to spend time managing content, we want to manage our own know-how anyway, but we don't want to share that know-how outside (even to the distributor), but we want to share the latest data. There are problems such as not wanting to be troublesome and wanting to acquire and share end user information as appropriate.

  Such a problem cannot be addressed by a conventional distribution system such as the above-mentioned Patent Document 1. In addition, the user environment may be isolated from the Internet and cannot be operated from the outside, and a distribution system that assumes a connection with a license server as in the past could not handle such an offline environment. .

  Therefore, in the present invention, in view of the above-described problems, information management is hierarchically managed under offline authentication that does not require a license server, and the content provided by the content provider is protected from leakage, falsification, and unauthorized use. An object of the present invention is to provide a distribution information management method and a distribution information management program capable of flexible data management that enables independent know-how to be maintained independently.

In order to solve the above problems, the present invention provides the following solution.
(1) A distribution information management method for managing content provided from a distribution source to a distribution destination under offline authentication without providing an authentication server, the authentication data for authenticating the user of the content, and the Using middle data for configuring and managing content and a data set storing the authentication data and the content, the middle data and an information pack packed with the data set are managed as a hierarchy, and the distribution source The information pack is distributed as a protected upper layer that can only be referenced at the distribution destination, and the distribution destination is provided with an information pack that can be used independently at the distribution destination as a lower layer. .

  (2) In the method of (1), the distribution destination distributes the information pack of the distribution source and the distribution destination as a protected upper layer that can only be referenced, and the distribution destination is further subordinate to the distribution destination. An information pack that can be used independently at the distribution destination as a hierarchy is provided.

(3) In the method of (1) or (2), the middle data includes information for starting a specific browsing program that enables browsing of the content, a period during which the browsing program can be used, and the browsing It includes the unique information of the device that the program can use.

(4) In any one of the methods (1) to (3), the authentication data is a content display name, a content expiration date, a content usage restriction, and a device that can use the content for each data set. It includes the unique information.

(5) In the method of (3), the browsing program adds the additional information unique to the distribution destination to the content information of the lower level or further lower layer provided to the distribution destination, or A means for updating is provided.

(6) In the method of (5), the browsing program further escalates the additional information input to the lower hierarchy from the lower hierarchy to an upper hierarchy and shares the specified information in the hierarchy. Means are provided for sharing within the group.

(7) In any of the above methods (1) to (6), registration and editing of the middle data and the data set of the lower layer or lower layer provided to the distribution destination are distributed. An environment editing program to be executed by the previous system administrator is further provided.

(8) In any of the above methods (1) to (7), means for reporting the installation environment of the lower hierarchy to the upper hierarchy, and the information distributed to the lower hierarchy in the upper hierarchy The apparatus further comprises means for updating the pack.

(9) A distribution information management program for managing the content provided from the distribution source to the distribution destination under offline authentication without providing an authentication server, and confirming the authentication data so that the content can be browsed Using the specific browsing program, authentication data for authenticating a user of the content, middle data for configuring and managing the content, and a data set for storing the authentication data and the content, the middle data, An information pack in which the data set is packed is managed as a hierarchy.

  According to the present invention, information is hierarchically managed under offline authentication that does not require a license server, and a higher hierarchy owned by the distribution source and one or more lower hierarchies owned by the distribution destination are separately managed, While preventing the leakage, falsification, and unauthorized use of the content provided by the distribution source, it is possible to maintain independent know-how at each distribution level, such as the system administrator of the distribution destination and the end user of the distribution destination. To provide a distribution information management method and a distribution information management program capable of independent information management and flexible data management from an upper layer in which even a distribution source cannot view information on a distribution destination it can.

It is a figure which shows the image of the hierarchy management of the information under offline authentication which concerns on embodiment of this invention. It is a figure which shows the basic composition of the middle data and distribution information management program (system program) of this embodiment. It is a figure which shows the example of a screen of the lunch manager of this embodiment. It is a figure which shows the example of a screen of the viewer of this embodiment. It is a figure which shows the example of a screen of the environment editor of this embodiment. It is a figure which shows the outline | summary (until setting of the silent installation environment by a system administrator) at the time of using the distribution information management method of this embodiment. It is a figure which shows the outline | summary (escalation / group sharing by an end user) at the time of using the distribution information management method of this embodiment. Directory structure of system in distribution source, user company system administrator, end user of this embodiment It is a figure which shows the basic structure (L1) of the middle data whose distribution source of this embodiment is an owner. It is a figure which shows the basic structure (L2) of the middle data which the user company system administrator of this embodiment owns. It is a figure which shows the basic structure (L3) of the middle data whose end user of this embodiment is an owner. It is a figure which shows the middle data in an application example (CAE analysis code error countermeasure guidance system). It is a figure which shows the example of a screen of the information addition by the system administrator in an application example (CAE analysis code error countermeasure guidance system). It is a figure which shows the example of a screen of the information addition writing by the end user in an application example (CAE analysis code error coping guidance system).

  DESCRIPTION OF EMBODIMENTS Hereinafter, embodiments for carrying out the present invention (hereinafter referred to as embodiments) will be described in detail with reference to the accompanying drawings. In the subsequent drawings, the same numbers or symbols are assigned to the same elements throughout the description of the embodiments. In the functional configuration diagram, an arrow between functional blocks represents a data flow direction or a process flow direction.

(Basic image)
FIG. 1 is a diagram showing an image of information hierarchy management (management according to information hierarchy) under offline authentication according to an embodiment of the present invention (hereinafter referred to as this embodiment). The distribution information management method or distribution information management program according to the present embodiment manages, for example, manages or shares unique information at each level of the distribution destination while protecting the provided content from the distribution source at the distribution destination from outflow, falsification, and unauthorized use. Offers flexible data management, offline authentication without a license server, content provided by the distributor and its management information can be used only by a specific viewer (viewing program) (viewable, and may be edited in some cases) Possible) and hierarchical management of information by “middle data”. Here, “middle data” is data for protecting the data of the distribution source and ensuring the independence of user company data, and configures and manages authentication data and content to control access to data at each level. Say data for. By managing the data of each layer as separate and independent with this “middle data”, only the owner of each layer can update the data of that layer, and the lower layer only refers to the content of the upper layer It is possible to make it impossible for the upper layer to refer to the data of the lower layer. In addition, “offline authentication” here means that there is no need for authentication by a license server (authentication server) in which the distribution source and the distribution destination are connected via a network. Does not prevent being connected with. In the following, the “user company” includes not only general companies but also government agencies, local public bodies, schools, and other organizations having organizations.

  In this embodiment, by eliminating the need for a license server, it is possible to prevent information leakage such as outflow outside the company by using a method other than an ID / password in an environment isolated from the Internet and without a license server. In addition, the user company that is the distribution destination of the content can further narrow the range specified by the distribution source of the content. For example, even if the range specified by the distribution destination is the entire user company, The use of content can be limited only to a specific hierarchy or user layer in the user company.

  Here, the hierarchical management of information by “middle data” enables isolation of unique information from other layers and flexible environment setting, and “viewer” provided together with distribution source provided information (content) Since an independent encryption key is incorporated into the program for each level of the user company, it is impossible to change unauthorized information. In addition, the lower layer can also raise information to the upper layer (this is called “escalation”). By this escalation, the lower layer information can be shared throughout the company. The lower layers can also share information with each other (this is called “group sharing”). Although the content distribution source is located at the top of the hierarchy, the user company is independent of the distribution source with respect to the unique information, and enables flexible management of information.

(Basic configuration)
FIG. 2 is a diagram illustrating the role of “middle data” and the configuration of a distribution information management program (also referred to as a system program) in the present embodiment. As described above, “middle data” is data for configuring and managing content information. Specifically, as illustrated in FIG. 2A, the middle data 10 configures and manages the authentication data 11 and the content 100, a data set 200 in which they are packed, and a viewer 30 for browsing the content 100. Contains information for. Further, the middle data 10 includes a folder (location) where the system program is stored (referred to as an “address path”) and data for managing usage restrictions of the own layer (in the present embodiment, a usage terminal device ( Hereinafter, the MAC address may be used as a means for restricting (which may be simply referred to as a device), but may include other device-specific information, a Tongle ID number, or the like). The middle data 10 includes definition data for screen display labels controlled by the viewer 30 and definition data for controlling screen display / screen development (screen transition). Hierarchization of information is realized by using middle data for packing information of each distribution source and distribution destination.

  As shown in FIG. 2B, the distribution information management program (system program) for realizing the distribution information management method of this embodiment is functionally a launch manager 20 (startup management program) and a viewer 30. (Browsing program) and an environment editor 40 (environment editing program). However, it is not limited to such a configuration.

  The launch manager 20 is a program for managing a viewer 30 that decrypts and displays information encrypted for each layer and an environment editor 40 that edits the middle data 10. These programs are distributed to each user and installed locally on the PCs of those users. The distribution method at this time may be distributed on a CD or DVD. The lunch manager 20, the viewer 30, and the environment editor 40 generate display screens corresponding to the functions such as the screen 21, the screen 31, and the screen 41, respectively.

  The launch manager 20 (1) confirms the authentication data of the content user and activates a viewer that displays the content, (2) a function that activates the environment editor, and (3) an encryption key for each layer to be incorporated in the viewer A function for setting a public key for each layer to be incorporated into the environment editor, (4) To specify a range of IP addresses and identify a MAC address (Media Access Control address: network device) of a target PC (use terminal device) (5) a function for automatically updating higher-level information packs (L1, L2) used by the end user (this is called “silent installation”) ), (6) Function for checking escalation information for company-wide sharing by end users, (7) Group by end users A function for confirming shared information; and (8) a function for reporting an installation environment of an end user for enabling “silent installation”.

  The functions (1) and (2) (viewer activation, environment editor activation) can be used by the distribution source and the user company (system administrator, end user). The function (3) (encryption key setting) can be used by the system administrator of the distribution source and the user company. Further, the function (4) (MAC address acquisition), the function (5) (silent installation), and the function (6) (escalation information confirmation) can be used only by the system administrator of the user company. The function (7) (group shared information confirmation) can be used by system administrators and end users of user companies. The function (8) (installation environment report) can be used only by the end user.

  FIG. 3 is a diagram illustrating an example of a screen displayed by the lunch manager 20. Which PC the launch manager 20 can start up is managed by the middle data 10. The lunch manager 20 also incorporates an encryption key. As shown in the figure, the lunch manager 20 is provided with three types of screens for a distribution source, a user company system administrator screen 22 and an end user screen 23 for each level. The distribution source screen 21 includes an encryption key setting button, a viewer activation button and an environment editor activation button as basic functions. The screen 22 for the user company system administrator includes an encryption key setting button, a MAC address acquisition button for acquiring machine information, a button for the basic function described above, and an escalation information button for confirming shared information. , A group sharing information button and a silent installation button for distributing an update information pack. The end user screen 23 includes an install environment report button for environment report, a button for the basic function described above, and a group shared information button for confirming shared information.

  The viewer 30 has a function of (1) authenticating a used terminal device (PC) and authenticating content. Specifically, matching between the registered MAC address group and the MAC address of the device, and content usage restrictions (for example, usage period, printing availability, character extraction (copying) availability, screenshot availability, etc.) And confirm. The distribution source designates the maximum range that can be used by the lunch manager 20 by the range (list) of MAC addresses. The address range authenticated by the distribution source includes the address range authenticated by the user company system administrator and the address range authenticated by the end user. However, the user company cannot register the device beyond the range of the MAC address specified by the distribution source. In addition, the user company can restrict access of user-specific information to the distribution source. Further, the user company can add company information independently.

  The viewer 30 has other functions such as a function for registering a comment (one piece of unique information) by a user company, an information escalation function by an end user (a function for sharing information throughout the user company), A group sharing function (a function for sharing information within a specified specific group, and the target group is defined by “L3” in middle data described later). Note that group sharing can be used for temporary information exchange (consultation and consultation) as well as information sharing and storage.

  FIG. 4 is a diagram illustrating an example of a screen displayed by the viewer 30. This figure shows an example of a screen for searching for an error code output by a certain application software provided as content. This application software will be described later in the application example.

  A screen 31 shown on the left side of FIG. 4 is a content display screen that is a basic function of the viewer 30, and includes an error number input area, a message display field and a guideline display field that are display areas of distribution source information, and a distribution destination user. It includes a user comment display field that is a display area for company information. The data displayed in the display area of the distribution source is extracted from the distribution source information pack (L1). The data in the user comment display column is extracted from the distribution destination information pack (for example, 202 (L2)).

  A screen 32 illustrated on the right side of FIG. 4 is a screen (additional update information input screen) used when adding / updating a user comment, which is one of the user company's unique information. It includes a field for existing registration (information already registered) as a display area and a field for newly added as an input area for system administrator or end user information. The newly added data will be displayed in the existing registration column from the next time. At this time, the data for the existing registration is extracted from the information pack 202 (L2) of the user company. The newly registered data is encrypted by using the L3 encryption key managed by the end user and stored in the end user information pack 203 (L3).

  The environment editor 40 encrypts the license setting function for registering the MAC address of the PC permitted to be used, the registration function for the middle data 10 and the data set 200, and the “information pack” of the own layer (an encryption key that differs between companies) A function for registering encrypted information in a viewer, and an information pack updating function for updating an information pack based on escalation / group shared information in a user company. Here, the “information pack” refers to a state where middle data and content are encrypted. This environment editor 40 enables flexible environment setting on the user company side.

  FIG. 5 is a diagram showing an example of a screen displayed by the environment editor 40 of the present embodiment. The environment editor 40 encrypts each information pack with the incorporated public key. In addition, the information pack is incorporated into the viewer 30. Screens 41, 42, and 43 are screens of environment editors in each layer used at this time. The screen 41 is a screen when the middle data and the data set are encrypted and incorporated in the information pack 201 of the distribution source, and the screen 42 is encrypted and incorporated in the information pack 202 of the user company. The screen 43 is a screen when the middle data and the data set are encrypted and incorporated in the information pack 203 of the end user. The input items on each screen will be described in the middle data configuration described later.

(Working / processing procedures)
FIG. 6 is a diagram showing an outline of work and processing procedures when using the distribution information management method of the present embodiment (until the setting of the silent installation environment by the system administrator). In FIG. 6 and FIG. 7, as a legend, a one-dot chain line represents an operation on the launch manager, a solid line represents an operation on the environment editor, a broken line represents an operation on the viewer, and a dotted line represents a normal operation on the PC. Hereinafter, each step of the work / processing procedure will be described in order.

  First, in step S01, the distribution manager sends the lunch manager to the system administrator of the user company in order to acquire the MAC address. Next, in step S02, the system administrator activates the lunch manager sent from the distribution source, acquires the MAC addresses of all PCs whose contents are to be browsed, and sends the MAC addresses to the distribution source.

  Thereafter, in step S03, the distribution source uses the environment editor to register the L1 middle data and the data set associated with the middle data, pack the information, and set the L1 encryption key set in advance. Use to encrypt. In step S04, the L1 encryption key is incorporated into the viewer and the environment editor. In step S05, an installer for the system administrator is created and sent to the system administrator of the user company. This installer may be created by a method unique to the distribution source.

  In step S06, the process again proceeds to the system administrator process, and the installer sent from the distribution source is executed. When the installation is completed, registration and packing of the L2 information pack in step S07 are performed, and encryption is performed using an L2 encryption key set in advance. Here, the L2 middle data and the data set associated with the L2 middle data are registered using the environment editor, and the information is packed and encrypted. In step S08, the L2 encryption key is incorporated into the viewer and the environment editor. In step S09, an installer for the end user is created and sent to the end user. The installer at this time may be created by a method unique to the user company.

  The end user who sent the installer executes the installation in step S10, registers the L3 middle data and the data set associated with the middle data using the environment editor in step S11, packs the information, Encrypt using the L3 encryption key set in. In step S12, the launch manager is activated and the installation environment is reported to the system administrator. Finally, in step S13, the system administrator activates the launch manager, confirms the installation environment report from the end user, and sets the silent installation environment.

  FIG. 7 is a diagram showing an overview of work / processing procedures (escalation / group sharing by end users) when using the distribution information management method of the present embodiment. In this figure, the steps performed by the system administrator are represented by A0x, the steps performed by the user 1 are represented by U1x, and the steps performed by the user 2 are represented by U2x.

  First, when user 1 inputs a user comment as registration information in step U11, in accordance with an instruction whether or not to share the registration information in step U12, if not, the registration information is stored locally on user 1's PC. (Step U13). If sharing, follow the instruction whether or not to share the entire company in step U14. If not sharing the entire company, only share the information within the group, and use the "group sharing" function of the viewer, then step U11 The comment input in is sent to each member of the group (step U15). When sharing the entire company, in step U16, the comment entered in step U11 is sent to the system administrator using the "escalation" function of the viewer.

  In step A01, the system administrator who has received the escalation confirms the escalation information using the lunch manager and registers it in the L2 information pack. In step A02, the updated L2 information pack is distributed to end users simultaneously using the lunch manager. The users 1 and 2 distributed all at once receive the information pack update (steps U17 and U22). At this time, the reception is automatically performed on the viewer when the network is used. Escalation / group sharing is realized by the above processing.

(Data structure)
FIG. 8 is a diagram showing a directory structure in each hierarchy of the present embodiment. Hereinafter, the directory structure means a tree structure of a plurality of folders. 8A shows the directory structure of the system in the distribution source, FIG. 8B shows the directory structure of the system in the user company system administrator, and FIG. 8C shows the directory structure of the system in the end user. Yes.

  In the directory structure of the system at the distribution source, as shown in FIG. 8A, a folder (in this case “¥ JSOL”) representing the provider (which may be a company or an individual) has a folder with the company name of the provider ( Further, a folder (“menu1”) of the provided content 1 is further created thereunder, and a distribution source folder (“L1”) is further created in a tree structure therebelow. In the “address” under the “L1” folder, the MAC address of the PC administrator of the user company, the content entity under the “contents” folder, and the system program (launch manager, under the “system” folder) Viewer, environment editor). However, the L1 public key and private key are stored directly under the “L1” folder and are not subject to distribution information packs. The L1 public key is incorporated into the lunch manager, the private key is incorporated into the viewer, and the public key is incorporated into the environment editor. Information packing targets are all files under the “L1” folder except the encryption key directly under the “L1” folder and the “system” folder.

  In the system directory structure of the user company system administrator, as shown in FIG. 8B, the folder (menu1) of the provided content 1 is directly stored under the source folder (JSOL), and the “menu1” folder contains Below the “L1” folder, the “address” folder storing the MAC address, and the “contents” folder storing the content entity are arranged under the “L1” folder in the distribution source directory. In the same manner, here, a folder ("midde_data") storing middle data is arranged under the "L1" folder. Data under the “address”, “contents”, and “middle_data” folders indicated by the reference symbol L1b is encrypted with the L1 encryption key managed by the distribution source.

  In addition, an “L2” folder is placed under the “menu1” folder as a user company management folder. Under this “L2” folder, a MAC address (“address”), content (“contents”), Each folder includes middle data (“middle_data”), system program (“system”), and temporary storage (“temp”). The L2 public key and private key are placed directly under the “L2” folder. These keys are set by the user administrator and are not subject to distribution information packs. “Address”, “contents”, and “middle_data” under the “L2” folder indicated by the symbol L2b are empty folders when received from the distribution source, but are encrypted with the L2 encryption key after data input. . The “temp” folder is a folder for temporarily storing escalation / group shared information.

  The L2 encryption key is incorporated into the launch manager, the private key is incorporated into the viewer, and the public key is incorporated into the environment editor. Information packing targets are all files under the “L2” folder except for the “system” and “temp” folders except for the encryption key directly under L2.

  In the directory structure of the system for the end user, as shown in FIG. 8C, the directory structure up to “menu 1”, “L1”, and “L2” is almost the same as that for the system administrator in FIG. 8B. The same. However, in the directory structure of the end user, the end user folder “L3” is added under the “menu1” folder. In the directory structure of the system administrator (see FIG. 8B), the “system” folder and the “temp” folder that were under the “L2” folder are moved under the “L3” folder. In addition, the “address”, “contents”, and “middle_data” folders are placed under the “L3” folder in the same manner as the “L2” folder. However, the data under the folder indicated by the symbol L1c is encrypted with the L1 encryption key managed by the distribution source, and the data under the folder indicated by the symbol L2c is encrypted with the L2 encryption key managed by the user company system administrator. The The data under the folder indicated by the symbol L3c is an empty folder when received from the system administrator, but is encrypted with the L2 encryption key after the data is input.

  FIG. 9 is a diagram showing a basic structure (L1) of middle data whose owner is the distribution source of this embodiment. The middle data in L1 (distribution source) includes the number of data sets (the number of data set information), the lunch pass (pass of the lunch manager), the expiration date of the lunch (a period during which the lunch manager can be used), the management MAC address (of the user company) Each data item includes a MAC address that can be used by a system manager launch manager. The data set information here includes “authentication data” and content and viewer information (indicated by “content” and “viewer” in the figure). In the example of the figure, there is one data set information. However, when there are a plurality of data sets, data items of “authentication data”, “content”, and “viewer” exist for each data set information.

  “Authentication data” includes a “data set number” that is a primary key, a “content display name” that is a display name on the viewer, a “content expiration date” that is the expiration date of the content, a printability and a display text It includes information on “content usage restriction” indicating whether extraction is possible and “MAC address”, which is a storage path of a PC MAC address group that can be displayed in an encrypted state.

  The “content” includes a “data set number” serving as a primary key and a “content path” indicating a content reference source when the content is imported into the viewer. The “viewer” includes “data set number” as a primary key and information of “label name 1”, “label name 2”, and “label name 3” which are names of display labels on the screen. For example, “error number”, “message”, and “guideline” in the screen 31 for displaying the content in FIG. 4 correspond to the label names 1 to 3, respectively. It is possible to determine in which area of the screen the content information is displayed based on the label name.

  FIG. 10 is a diagram showing a basic structure (L2) of middle data owned by the user company system administrator of the present embodiment. The middle data in L2 (user company system administrator) includes “number of data sets”, “launch path” indicating the path of the lunch manager to be used, and “management MAC address” which is a MAC address available to the end manager for the end user. Path ". “Number of data sets” is the same as the definition of the data set information of L1. The “management MAC address path” is equivalent to a “MAC address path” of “authentication data” to be described later.

  The data set information here includes “authentication data” and “content”. “Authentication data” includes “data set number”, “content display name”, and “MAC address path”. “Content” includes “data set number” and “content path”. The content path is a path for storing additional information separately from the upper layer, and the MAC address path is an address for simultaneous distribution (default is L1 setting value; addresses other than L1 setting cannot be set).

  FIG. 11 is a diagram illustrating a basic structure (L3) of middle data owned by an end user according to the present embodiment. The middle data in L3 (end user) is composed only of the “number of data sets” and the “lunch pass” that are the same as the L1 definition. The data set here includes only “authentication data” and “content”. Note that the “content path” included in the “content” is a folder path for storing additional information separately from the upper layer. The “MAC address path” is a storage path of the address group of PCs to be shared when sharing the group. The default is an L2 setting value, and addresses other than the L1 setting cannot be set. The description of the directory configuration and the middle data configuration is not limited to the above configuration.

(Case Study)
FIG. 12 shows a middle data configuration and a viewer screen in a system (referred to as a CAE analysis error handling guidance system) that searches for an error code of a CAE analysis application and provides a guideline for handling the error code as an application example of this embodiment. FIG. Here, CAE (Computer Aided Engineering) refers to checking whether a designed structure satisfies the required performance by simulating on a computer. The simulation target is a physical phenomenon (displacement field, stress field). , Temperature field, flow field, etc.) by using appropriate tools to model the analysis target (mathematical modeling) and calculating with numerical analysis method, mainly design performance and strength prediction, failure occurrence It is used to elucidate the cause of time

  Although the detailed description is omitted, the middle data configuration shown in FIG. 12 is the middle data and data set (authentication data) of the distribution source (Layer 1), the system administrator (Layer 2) of the user company, and the end user (Layer 3). , Content, viewer). Also, the screen shown in the lower right in FIG. 12 is a viewer screen 31 that displays content, as described in FIG.

  13 and 14 are diagrams showing examples of viewer screens in the CAE analysis error handling guidance system. The screen of FIG. 13 shows a state where the original information by the system administrator of the user company is added to the screen 31A of the distribution source original information. In this case, when the system administrator presses the “Edit in-house shared information” button 1 on the screen 31A, the “In-house shared information additional update” screen 32A on the screen 32A is displayed. Here, when the system administrator inputs additional information from the input area 2 of the screen 32A and presses the “additional update / close” button 3, the internal shared information 4 is added to the screen 31A of the distribution source original information, and the screen 31B. The display is as shown.

  The information addition by the end user (when the entire company / group is shared) is the same. As shown in FIG. 14, when the “edit internal shared information” button 5 is clicked from the screen 31B after the system administrator adds, the end user The additional update screen 32B is displayed, and the end user adds escalation or group sharing information to the “new addition” input area. When sharing the entire company, when the “escalation” button 6 on the screen 32B is pressed and the “additional update / close” button 7 is pressed, the additional update information is reflected in the “internal shared information” column of the screen 31C. In addition to the “escalation” button 6, a “group sharing” button is also displayed on the screen 32 B for the end user. When sharing a group, this button is pressed and the “additional update / close” button 7 is pressed. Reflected in the “Internal Shared Information” column.

(Effect of embodiment)
According to the present embodiment, it is possible to prevent information leakage such as outflow outside the company by using a method other than ID / password in an environment in which a license server is not required and the license server is isolated from the Internet. In addition, the hierarchy management of information is realized by middle data, the launch manager using the middle data manages the PC that starts the viewer with the device-specific information (MAC address in this embodiment), and the information pack is independent for each hierarchy. Therefore, the information can be used only by a viewer in which the encryption key to be set is incorporated. In addition, as a viewer function, there are provided an escalation means capable of sharing information company-wide, and a group sharing means enabling lower layer users to mutually share information. In addition, since the middle editor and the data set can be registered / edited by the user company using the environment editor, flexible settings can be made without depending on the distribution source.

  As mentioned above, although this invention was demonstrated using embodiment, it cannot be overemphasized that the technical scope of this invention is not limited to the range as described in the said embodiment. It will be apparent to those skilled in the art that various modifications or improvements can be added to the above embodiment. Further, it is apparent from the scope of the claims that the embodiments added with such changes or improvements can be included in the technical scope of the present invention.

10 Middle data 11 Authentication data 20 Launch manager (startup management program)
21 Lunch manager distribution source screen 22 Lunch manager user company system administrator screen 23 Lunch manager end user screen 30 Viewer (viewing program)
31, 31A, 31B, 31C Viewer content display screen 32, 32A, 32B Viewer additional update information input screen 40 Environment editor (environment editing program)
41 Environment editor distribution source information pack creation screen 42 Environment editor user company information pack creation screen 43 Environment editor end user information pack creation screen 100 Content 200 Data set 201 Distribution source information pack 202 User company information pack 203 End-user information pack

Claims (9)

A distribution information management method for managing content provided from a distribution source to a distribution destination under offline authentication without providing an authentication server,
Authentication data for authenticating a user of the content and middle data for configuring and managing the content;
A data set for storing the authentication data and the content;
The middle pack and the information pack packed with the data set are managed as a hierarchy, the distribution source information pack is distributed as a protected upper hierarchy that can only be referenced at the distribution destination, and the distribution destination has a lower level. A distribution information management method comprising providing an information pack that can be used independently at a distribution destination as a hierarchy.   At the distribution destination, the information pack of the distribution source and the distribution destination is distributed as a protected upper layer that can only be referred to, and can be used independently by the distribution destination as a lower layer to the distribution destination. The distribution information management method according to claim 1, further comprising: providing an information pack.   The middle data includes information for starting a specific browsing program that enables browsing of the content, a period during which the browsing program can be used, and unique information of a device that can use the browsing program. The distribution information management method according to claim 1 or 2.   4. The authentication data according to claim 1, wherein the authentication data includes a content display name, a content expiration date, a content usage restriction, and unique information of a device that can use the content for each data set. The distribution information management method described in the section.   The browsing program includes means for adding or updating unique additional information of the distribution destination to the content information of the lower layer or further lower layer provided to the distribution destination. Item 4. The distribution information management method according to Item 3.   The browsing program further includes means for escalating and sharing the additional information input to the lower hierarchy from the lower hierarchy to an upper hierarchy, and sharing within a specific group within the hierarchy. The distribution information management method according to claim 5.   The system further comprises an environment editing program that allows a system administrator of the distribution destination to register and edit the middle data and the data set of the lower layer or lower layer provided to the distribution destination. The distribution information management method according to any one of claims 1 to 6.   8. The apparatus according to claim 1, further comprising: means for reporting an installation environment of a lower hierarchy to an upper hierarchy; and means for updating the information pack distributed to the lower hierarchy in the upper hierarchy. The distribution information management method according to any one of the above items. A distribution information management program for managing content provided from a distribution source to a distribution destination under offline authentication without providing an authentication server,
A specific browsing program that verifies the authentication data and enables the content to be viewed;
Authentication data for authenticating a user of the content and middle data for configuring and managing the content;
A data set for storing the authentication data and the content;
A distribution information management program for managing, as a hierarchy, an information pack in which the middle data and the data set are packed.

Images