JP3955906B1 - Software management system and software management program - Google Patents

Abstract

When distributing various kinds of software, for example, external leakage and unauthorized use of software including highly confidential information related to a pre-commercial product can be reliably prevented by a simple method.
A distribution file (encrypted file) 51B including an encrypted package file and an encrypted installer created by a distribution source terminal 10 is distributed to a distribution destination terminal 20 using a recording medium 50 and a network 40, and When the distribution target software is installed at the distribution destination terminal 20, the file access management server 30 performs double authentication of access authentication and installation authentication, and the distribution target software is an authorized terminal of an authorized user ( It is configured to be installed only on the distribution destination terminal 20) and executed only on the legitimate terminal (distribution destination terminal 20) of the legitimate user. During installation authentication, the location of the distribution destination terminal 20 is detected, and it is confirmed that a predetermined condition is satisfied.
[Selection] Figure 1

Description

  The present invention relates to a technique for managing software so that when distributing various software, the software is installed only on a legitimate user's terminal and executed only on the legitimate user's terminal.

  For example, when evaluating, inspecting, and checking a pre-commercial product (for example, a printer driver, an inspection tool) and software associated therewith, the software is stored on various recording media (flexible disk, CD, DVD, magnetic disk). , Optical discs, magneto-optical discs, etc.) are distributed to the person in charge (user) of the affiliated group company who performs the evaluation, inspection and check, and installed on the terminal of the person in charge.

  Since the software is related to a pre-market product, it naturally includes highly confidential information (external secret information) related to the product, and it is extremely undesirable for the software to leak to the outside.

  However, under the present circumstances, the person in charge of the affiliated group company who has a confidentiality agreement and a confidentiality contract is trusted, and the software is recorded in a raw state and distributed without taking special measures such as encryption processing. There are many cases. Therefore, even if the user does not have malicious intent, there is a possibility that the recording medium is taken out of the company, and software on the recording medium is installed or copied, or an action that leads to leakage of confidential information is performed.

  Thus, as a technique for preventing inadvertent leakage of information such as software provided by a recording medium or a network, for example, techniques disclosed in Patent Documents 1 and 2 below can be cited.

  In Patent Document 1 below, when the medium is activated, the authentication key in the terminal is inquired by the browsing authentication software to determine whether or not the terminal can be used. If the authentication key is not installed in the terminal in advance, an unauthorized copy of the medium is created. But you can protect the browsing of the information you want. As a result, the terminals that can be browsed can be limited, and even if the password is leaked, the use of the copy can be protected.

Also, in Patent Document 2 below, the server encrypts the content using a predetermined key and distributes the encrypted data to the client, and the client stores the distributed encrypted data on the hard disk, and stores the encrypted data in the hard disk. Decoding is performed on a temporary memory area. That is, since the content is decrypted only by using the temporary memory area, it is necessary to create a memory area, and the content can be protected more strongly. Further, by restricting access to the memory area, external output of contents and the like are prevented, and leakage and unauthorized secondary use are prevented.
JP 2002-041363 A JP 2004-246431 A

However, in the technique disclosed in Patent Document 1, the user needs to install the authentication key provided by the authentication medium in advance on the terminal used for browsing, which is troublesome. If there is both an authentication medium and a recording medium holding information to be browsed, even an unauthorized user can view (install) information on the recording medium. There is a problem that unauthorized use cannot be reliably deterred.

  In the technique disclosed in Patent Document 2, content is protected by performing decryption processing in a temporary memory area and restricting access, but the content protection program is run on a terminal that has been distributed in advance. Any terminal can view the content. In other words, even users other than legitimate users (including users who use maliciously) can access (browse) the content and prevent unauthorized secondary use. However, there is a problem that information leakage due to browsing of content by users other than legitimate users cannot be reliably prevented.

  The present invention was devised in view of such problems, and when distributing various software, the software is installed only in a legitimate user's legitimate terminal, and only in a legitimate user's legitimate terminal. In this way, for example, it is possible to more reliably prevent external leaks and unauthorized use of software including highly confidential information (externally confidential information) related to pre-market products with a simple method and The purpose is to prevent the next use.

In order to achieve the above object, the software management system of the present invention is configured as listed below.
(1) According to the first aspect of the present invention, in order to distribute the distribution target software, a distribution source terminal that creates a distribution file storing the distribution target software, and the distribution file generated in the distribution source terminal A distribution destination terminal to which the distribution target software distributed and stored in the distribution file is to be installed, and a file access management server for managing access to the distribution file distributed from the distribution source terminal to the distribution destination terminal The distribution source terminal creates a package file creation means for creating a package file including the distribution target software, and encrypts the package file created by the package file creation means with a first encryption key. The first encryption means for creating the encrypted package file and the distribution target software. A second encryption unit that encrypts a dedicated installer to be installed in the destination terminal with a second encryption key to create an encrypted installer; and a document file that includes information relating to the distribution target software, a completed document file having a container function And the encrypted package file created by the first encryption unit and the first encrypted package file by using the container function of the completed document file converted by the converting unit. 2 attachment means for attaching the encrypted installer created by the encryption means, and encrypting the encrypted package file and the completed document file attached with the encryption installer by the attachment means with a third encryption key. A third encryption means for creating an encrypted file as the distribution file, Prior to access to the encrypted file distributed from the distribution source terminal, the distribution destination terminal notifies the file access management server of access authentication information, and the user of the distribution destination terminal accesses the encrypted file. An access authentication requesting unit for requesting access authentication as to whether or not the user is an authorized user, and the user of the distribution destination terminal from the file access management server in response to the access authentication request by the access authentication requesting unit When receiving a notification that the user is authenticated, the encrypted file is decrypted into the completed document file, and access according to the access information set for the encrypted file is enabled. First decryption means and activation of the encrypted installer attached to the completed document file decrypted by the first decryption means Upon receiving the request, the file access management server is notified of the installation authentication information, whether or not the user of the distribution destination terminal is an authorized user permitted to install the distribution target software and the distribution destination terminal Install authentication requesting means for requesting installation authentication as to whether or not the distribution target software is to be installed, and the distribution from the file access management server in response to the installation authentication request by the installation authentication requesting means Second decryption means for decrypting the encrypted installer into the dedicated installer when receiving a notification that the user of the destination terminal is an authorized user and the distribution destination terminal is authenticated. And executing the dedicated installer decrypted by the second decryption means, thereby completing the completed document file. Third decryption means for decrypting the encrypted package file attached to the file on the memory of the distribution destination terminal, and the package file decrypted on the memory by the third decryption means Processing means functioning as installation means for installing the distribution target software on the distribution destination terminal, and when the file access management server receives the access authentication request from the distribution destination terminal, the access An authentication unit that authenticates whether or not the user of the distribution destination terminal is an authorized user based on the authentication information, and notifies the distribution destination terminal of the authentication result; and when the installation authentication request is received Position detecting means for detecting the location of the distribution destination terminal based on the installation authentication information; and a position detected by the position detecting means. It is determined whether the location location satisfies a predetermined condition, and when the installation authentication request is received from the distribution destination terminal, the distribution destination is based on the installation authentication information and the determination result. Authenticates whether the terminal user is an authorized user and whether the distribution destination terminal is an authorized terminal on which the distribution target software is to be installed, and notifies the distribution destination terminal of the authentication result The software management system is characterized by comprising an installation authentication means.

  (2) In the invention described in claim 2, the distribution target software includes a main program and a subprogram used by the main program, and the package file creation means of the distribution source terminal includes the main program. The package file is created by encrypting the program with the fourth encryption key to create an encrypted main program, creating an execution-only program including the encryption main program, and packaging the execution-only program and the subprogram. When the distribution destination terminal starts the execution-only program in the distribution target software installed in the distribution destination terminal by the installation means, it notifies the file access management server of activation authentication information, and The user of the distribution destination terminal An activation authentication requesting means for requesting activation authentication as to whether or not the authorized user is permitted to execute a line and whether or not the distribution destination terminal is an authorized terminal on which the distribution target software is to be installed, and the activation In response to an activation authentication request by an authentication requesting unit, a notification is received from the file access management server that the user of the distribution destination terminal is an authorized user and that the distribution destination terminal is authenticated as an authorized terminal And a fourth decryption means for decrypting the encrypted program included in the execution-only program into the main program, wherein the file access management server receives the activation authentication from the distribution destination terminal. When receiving the request, it is authenticated whether the user of the distribution destination terminal is a regular user and whether the distribution destination terminal is a regular terminal based on the activation authentication information. , Characterized in that the authentication result is configured by further comprising a startup authentication means for notifying the distribution destination terminal, a software management system of claim 1, wherein.

  (3) In the invention according to claim 3, the activation authentication means of the file access management server determines the distribution destination terminal that has made the activation authentication request, the distribution destination terminal that has made the access authentication request, and the installation authentication request. 3. The software management system according to claim 2, wherein one of the activation authentication conditions is that at least one of the performed distribution destination terminals is the same.

  (4) In the invention according to claim 4, one of the activation authentication conditions is that the activation authentication means of the file access management server specifies that the distribution destination terminal that has made the activation authentication request is a specific terminal. The software management system according to claim 2 or claim 3, wherein

  (5) In the invention described in claim 5, the distribution destination terminal that has made the access authentication request and the distribution destination terminal that has made the installation authentication request are the same in the installation authentication means of the file access management server. The software management system according to any one of claims 1 to 4, wherein the software management system is one of installation authentication conditions.

  (6) In the invention described in claim 6, the installation authentication means of the file access management server uses one of the installation authentication conditions that the distribution destination terminal that has made the installation authentication request is a specific terminal. The software management system according to claim 1, wherein the software management system is a software management system.

  (7) In the invention according to claim 7, the position detecting means detects the country where the distribution destination terminal is located as the location from the connection environment of the distribution destination terminal at the time of receiving the installation authentication request, The software management system according to any one of claims 1 to 6, wherein the predetermined condition is that the country where the location detected as the location is specified is a previously specified country.

  (8) In the invention according to claim 8, when the file access management server determines that the location of the distribution destination terminal does not satisfy the predetermined condition by the determination means, the distribution is notified. The software management system according to any one of claims 1 to 7, further comprising notification means for notifying the user or administrator of the destination terminal. .

  (9) In the invention according to claim 9, when the determining means determines that the location detected by the position detecting means does not satisfy a predetermined condition, the managing means The software management system according to any one of claims 1 to 8, wherein an instruction to delete the distribution target software is given to a destination terminal.

  (10) The invention according to claim 10 is a software management program characterized by causing a computer to function as each means in the software management system according to any one of claims 1 to 9. is there.

In the software management system as described above, the activation authentication unit of the file access management server performs the distribution destination terminal that has made the activation authentication request, the distribution destination terminal that has made the access authentication request, and the installation authentication request. The activation authentication condition may be that at least one of the distribution destination terminals is the same as one of the activation authentication conditions, or that the distribution destination terminal that has made the activation authentication request is a specific terminal. One of the activation authentication conditions may be that the global IP (Internet Protocol) address of the distribution destination terminal that has made the activation authentication request is a predetermined address.

  Further, as one of the installation authentication conditions, the installation authentication unit of the file access management server is configured such that the distribution destination terminal that has made the access authentication request and the distribution destination terminal that has made the installation authentication request are the same. Alternatively, it may be one of the installation authentication conditions that the distribution destination terminal that has made the installation authentication request is a specific terminal, or the global IP address of the distribution destination terminal that has made the installation authentication request is predetermined. The address may be one of the installation authentication conditions.

Further, the distribution destination terminal prohibits the extraction access of the encrypted package file and the encrypted installer from the completed document file decrypted by the first decryption means, while installing by the installation authentication request means In response to an authentication request, when the file access management server receives a notification that the user of the distribution destination terminal is an authorized user and the distribution destination terminal is an authorized terminal, the completed document file It is preferable to further comprise permission / rejection means for permitting the extraction access of the encrypted package file and the encrypted installer.

  The distribution file created in the distribution source terminal may be distributed to the distribution destination terminal via a network, or may be distributed to the distribution destination terminal in a state of being recorded on a recording medium.

  The file access management server may further comprise an installation operation log recording means for collecting and recording an installation operation log of the distribution target software at the distribution destination terminal. It may further comprise usage log recording means for collecting and recording usage logs of the distribution target software installed on the computer.

  At that time, the file access management server refers to the installation operation log recorded by the installation operation log recording means, and for the distribution destination terminal that has successfully installed the distribution target software, the subsequent distribution An installation operation restriction means for prohibiting the installation operation of the target software may be further provided, and after the file access management server prohibits the installation operation by the installation operation restriction means, the distribution destination terminal may When there is a request for reinstallation of the distribution target software, the installation operation prohibition state by the installation operation restriction unit may be temporarily canceled according to an instruction from the administrator.

  In addition, the file access management server refers to the installation operation log recorded by the installation operation log recording unit, and the distribution destination terminal in which the distribution target software is installed does not exceed a predetermined number. It may be configured to further include an installation number limiting means for limiting the installation operation of the distribution target software.

According to the present invention described above, the following effects can be obtained.
(1) According to the invention described in claim 1, the encrypted file including the encrypted package file and the encrypted installer created at the distribution source terminal is distributed to the distribution destination terminal as a distribution file using a recording medium or a network. Distributed. When the distribution destination terminal receives a notification from the file access management server to authenticate that the user of the distribution destination terminal is an authorized user in response to an access authentication request, the encrypted file is decrypted into a completed document file. It becomes. The user of the distribution destination terminal can only access the decrypted completed document file according to the access information (access authority and accessible period) set in the distribution source terminal. At the time of this decryption, access to the encrypted package file or encrypted installer from the decrypted completed document file is prohibited, and the user of the distribution destination terminal immediately after decrypting the encrypted file The encryption package file and encryption installer cannot be extracted.

After that, after the user of the distribution destination terminal refers to the information related to the distribution target software in the completed document file, and receives the activation request of the encryption installer to install the distribution target software on the distribution destination terminal, First, an installation authentication request is made from the distribution destination terminal to the file access management server. In response to the installation authentication request, when the file access management server receives a notification that the user of the distribution destination terminal is an authorized user and that the distribution destination terminal is an authorized terminal, the above-mentioned retrieval access is permitted. , The encrypted installer is extracted from the decrypted completed document file and decrypted into a dedicated installer,
The dedicated installer is executed. When the dedicated installer is executed, the encrypted package file is extracted from the decrypted completed document file, decrypted into the package file in memory, and the distribution target software in the package file is installed in the distribution destination terminal. .

  As a result, when distributing software to be distributed, double authentication of access authentication and installation authentication is performed, and the software to be distributed is installed only on the authorized terminal (distribution destination terminal) of the authorized user. In addition to being executed only by a legitimate user's legitimate terminal (distribution destination terminal), the distribution target software is installed only by a dedicated installer. For example, a pre-commercial product (for example, a printer driver) or the like is attached thereto. If the software is distributed to the evaluator (user) and installed on the evaluator's terminal (distribution destination terminal) to evaluate the software, etc., the confidentiality of the pre-market product To prevent external leakage and unauthorized use of software including highly sensitive information (confidential information) with a simple method. Can.

  Then, the location (location country) of the distribution destination terminal at the time of the installation authentication request is detected, and it is determined whether or not the detected location location satisfies a predetermined condition [predetermined country (for example, white country)]. The location of the distribution destination terminal can be confirmed immediately before installation. By permitting installation only when the location of the distribution destination terminal satisfies a predetermined condition (for example, not in the country subject to export control), the contents of the software including highly confidential information can be It can be surely prevented from leaking or leaking without the user's knowledge in the area.

  In addition, in the distribution file (the file that encrypted the completed document file), the package file including the software to be distributed and the dedicated installer are encrypted, so in the unlikely event that the distribution file is distributed by a malicious third party Even if it is extracted from the (completed document file), it is possible to prevent the contents of the package file from leaking or starting the dedicated installer.

  (2) In the invention described in claim 2, in the above (1), when the distribution target software includes a main program and a subprogram used by the main program, the execution-only program including the encrypted main program And a subprogram are created and distributed to the distribution destination terminal. When the execution-only program and the subprogram are installed on the distribution-destination terminal and then the execution-only program is started, the distribution-destination terminal From the server to the file access management server. In response to the activation authentication request, if a notification is received from the file access management server that the user of the distribution destination terminal is an authorized user and that the distribution destination terminal is an authorized terminal, it is included in the execution-only program. The encrypted main program is decrypted into the main program, and the main program is started.

As a result, since the activation authentication is performed when the main program as the distribution target software is executed, the execution of the main program can be permitted only when the authorized user executes the main program on the authorized terminal. . That is, it is possible to realize start control (access control) for the distribution target software after installation, and to reliably prevent illegal secondary usage of the distribution target software. In the distribution destination terminal, the main program is decrypted and executed only at the time of activation, and is stored in an encrypted state when it is not activated. Even if the target software is leaked to the outside, it is impossible to use the distribution target software, and it is possible to reliably prevent its unauthorized use, and there is an advantage that reverse engineering cannot be performed on the main program. Furthermore, when encrypting a program, it is possible to obtain the above-mentioned effects while performing efficient encryption processing by encrypting only the main program, not the entire program. I have to.

  (3) In the invention according to claim 3, in the above (2), at the time of activation authentication, in addition to the above-mentioned authentication of authorized users, distribution is performed with a distribution destination terminal that has issued an activation authentication request and an access authentication request. By setting at least one of the destination terminal and the distribution destination terminal that requested the installation authentication as one of the activation authentication conditions, the activation authentication condition of the distribution destination terminal using the distribution target software is It is set more strictly, and external leakage and unauthorized use of the distribution target software can be prevented more reliably. Here, by using the global IP address as the activation authentication condition, the distribution target software can be executed in the distribution destination terminal when the distribution destination terminal exists at a predetermined position specified by the global IP address.

  (4) In the invention according to claim 4, in (2) or (3), the distribution destination terminal that made the activation authentication request is a specific terminal, or the distribution destination terminal that made the activation authentication request By setting the IP address to be a predetermined address as the activation authentication condition, the activation authentication condition of the distribution destination terminal that uses the distribution target software will be set more severely. Unauthorized use can be prevented more reliably. Here, by using the global IP address as the activation authentication condition, the distribution target software can be executed in the distribution destination terminal when the distribution destination terminal exists at a predetermined position specified by the global IP address.

  (5) In the invention according to claim 5, in the above (1) to (4), at the time of installation authentication, in addition to the authentication of the authorized user and the authorized terminal as described above, the distribution destination terminal that made the access authentication request By making the installation authentication condition that the distribution destination terminal that made the installation authentication request is the same, the installation authentication condition of the distribution destination terminal where the distribution target software should be installed is set more strictly. Therefore, it is possible to more reliably prevent external leakage and unauthorized use of distribution target software. Here, by setting the global IP address as the installation authentication condition, the distribution target software can be installed in the distribution destination terminal when the distribution destination terminal exists at a predetermined position specified by the global IP address.

  (6) In the invention according to claim 6, in the above (1) to (5), at the time of installation authentication, in addition to the authentication of the authorized user and the authorized terminal as described above, the distribution destination terminal that made the installation authentication request By setting an installation authentication condition to be a specific terminal, the installation authentication condition of the distribution destination terminal to which the distribution target software should be installed is set more severely. Unauthorized use can be prevented more reliably. Here, by setting the global IP address as the installation authentication condition, the distribution target software can be installed in the distribution destination terminal when the distribution destination terminal exists at a predetermined position specified by the global IP address.

  (7) In the invention described in claim 7, in (1) to (6) above, the country where the distribution destination terminal is located is detected as the location from the connection environment of the distribution destination terminal when the installation authentication request is received. Therefore, it can be easily determined whether or not the detected location satisfies the predetermined condition, and the location of the distribution destination terminal at the time of the installation authentication request can be confirmed, which includes highly confidential information Software contents can be reliably prevented from leaking or leaking without the user's knowledge in countries and regions subject to export control.

(8) In the invention according to claim 8, when it is determined in (1) to (7) that the location of the distribution destination terminal does not satisfy the predetermined condition, the file access management server Because it notifies the user or administrator of the distribution destination terminal, the distribution destination terminal can know why the installation authentication is not performed, and the contents of the software including highly confidential information However, it can be surely prevented from leaking and leaking without the user's knowledge in countries and regions subject to export control.

  (9) In the invention described in claim 9, in the above (1) to (8), when it is determined on the file access management server side that the location of the distribution destination terminal does not satisfy a predetermined condition, Since the file access management server gives an instruction to the distribution destination terminal to delete the distribution target software, the contents of the software including highly confidential information are known to the user in export regulated countries and regions. It is possible to reliably prevent the leakage or leakage before it occurs.

  (10) In the invention of the software management program according to the tenth aspect, similarly to the above (1) to (9), when distributing the distribution target software, double authentication of access authentication and installation authentication is performed. The distribution target software is installed only on the legitimate user's legitimate terminal (distribution destination terminal) and executed only on the legitimate user's legitimate terminal (distribution destination terminal). Is installed only by a dedicated installer. For example, in order to evaluate pre-commercial products (for example, printer drivers) and their associated software, the software is distributed to evaluators (users). When installing on the evaluator's terminal (distribution destination terminal), highly confidential information related to pre-market products (externally confidential information) The software of external leakage or unauthorized use, including, in a simple method, it is possible to more reliably prevented. Further, the location (location country) of the distribution destination terminal at the time of the installation authentication request is detected, and it is determined whether or not the detected location satisfies a predetermined condition [a predetermined country (for example, a white country)]. The location of the distribution destination terminal can be confirmed immediately before installation. By permitting installation only when the location of the distribution destination terminal satisfies a predetermined condition (for example, not in the country subject to export control), the contents of the software including highly confidential information can be It can be surely prevented from leaking or leaking without the user's knowledge in the area.

  In (1) to (10) above, the file access management server collects and records the installation operation log of the distribution target software in the distribution destination terminal, so that the distribution target software depends on when and by whom. It will be recorded whether it has been installed on the terminal, and if any unauthorized use or unauthorized installation of the distribution target software is detected, the unauthorized operation or unauthorized installation may be analyzed based on the installation operation log. It becomes possible.

  At that time, the file access management server refers to the installation operation log (user information, terminal information, installation date, etc.), and for the distribution destination terminal that successfully installed the distribution target software, the subsequent distribution target software Installation operation (or access to the distribution target software from the completed document file) is prohibited, and installation of the distribution target software is prevented from being installed many times. And unauthorized use can be more reliably prevented.

However, if the file access management server requests the reinstallation of the distribution target software from the distribution destination terminal after prohibiting the installation operation as described above, the installation operation (or completed document) is requested according to the administrator's instruction. It is necessary to reinstall the installed distribution target software due to some troubles, etc. by temporarily canceling the prohibition status of the distribution target software (access from the file). If it occurs, it can be reinstalled under the approval of the administrator, so that convenience at the distribution destination terminal is not impaired.

  Further, the file access management server is configured to refer to the installation operation log and restrict the installation operation of the distribution target software so that the number of distribution destination terminals on which the distribution target software is installed does not exceed a predetermined number. As a result, the number of distribution destination terminals on which the distribution target software is installed can be limited, and external leakage and unauthorized use of the distribution target software can be more reliably prevented.

  In addition, the file access management server collects and records the usage log (user information, terminal information, usage date, program start log / end log, etc.) of the distribution target software installed on the distribution destination terminal. When the distribution target software is executed by whom and on which terminal, it is recorded, and when any unauthorized use of the distribution target software is detected, analysis of the unauthorized use is performed based on the usage log. Can be performed.

Embodiments of the present invention will be described below with reference to the drawings.
[1] Configuration of software management system of this embodiment:
FIG. 1 is a block diagram showing the configuration of a software management system as an embodiment of the present invention. As shown in FIG. 1, the software management system 1 of this embodiment includes at least one distribution source terminal 10. The plurality of distribution destination terminals 20 and the file access management server 30 are connected via a network [for example, an in-house LAN (Local Area Network) or the Internet] 40 so that they can communicate with each other.

  The software management system 1 according to the present embodiment uses software to be distributed 52 (see FIG. 2) in order to evaluate a pre-commercial product (for example, a printer driver) and software associated therewith. As a countermeasure against leakage when distributed to multiple evaluation staff (users) at affiliated group companies or when distributing various inspection tools to users as distribution target software 52 To do. In the present embodiment, as shown in FIG. 2, the distribution target software 52 includes a main program 521 and a subprogram (subroutine program, DLL file, etc.) 522 used by the main program 521. FIG. 2 is a schematic diagram for explaining a file configuration in the software management system 1 (distribution source terminal 10) of the present embodiment.

  In the software management system 1 of the present embodiment, the distribution source terminal 10 creates a distribution file (encrypted file; described later) 51B including the distribution target software 52, and the distribution file 51B is distributed to a plurality of users. The distribution target software 52 in the distribution file 51B is installed in the terminals (distribution destination terminals) 20 of a plurality of users, and the file access management server 30 requests from the terminals 10 and 20 as will be described later. In accordance with the distribution of the encryption key / decryption key and various authentications, the installation operation log and the use log of the distribution target software 52 performed on each user's terminal 20 are collected, and based on the collected results. Access to the distribution target software 52 and the like by the distribution destination terminal 20 can be managed.

[1-1] Configuration of distribution source terminal:
The distribution source terminal (client PC) 10 is an information processing apparatus such as a personal computer (PC) used by employees (users; persons distributing software; persons in charge of distribution) in a company or the like. The distribution destination terminal 20 and the file access management server 30 are connected to each other via a network 40 so that they can communicate with each other.

  Then, in order to distribute the distribution target software 52, the distribution source terminal 10 generates a distribution file (encrypted file) 51B storing the distribution target software 52. At least the package file generation means 11, the first It functions as the encryption means 12, the second encryption means 13, the conversion means 14, the attachment means 15, the third encryption means 16, and the setting means 17. These functions are realized by a processing unit [CPU (Central Processin Unit); not shown] constituting the distribution source terminal 10 executing a predetermined application program (part of a software management program).

  As shown in FIG. 2, the package file creating means 11 creates a package file 54 including software to be distributed 52. The main program 521 is stored in an encryption key (fourth encryption key; for example, the file access management server 30). And the encrypted main program 521A is created (see arrow A2 in FIG. 2), and the execution-only program 53 including the encrypted main program 521A is created, A package file 54 is created by packaging the execution-only program 53 and the subprogram 522 (the subprogram 522 remains plain) (see arrows A2 and A3 in FIG. 2).

  The first encryption unit 12 compresses the package file 54 created by the package file creation unit 11 and encrypts it with a first encryption key (for example, one managed by the file access management server 30 and received from the server 30). Thus (see arrow A4 in FIG. 2), the encrypted package file 54A is created.

  The second encryption unit 13 uses the second encryption key (for example, the file access management server 30) to install the dedicated installer 55 for installing the distribution target software 52 (actually the execution dedicated program 53 and the subprogram 522) in the distribution destination terminal 20. The encrypted installer 55 </ b> A is created by encryption (see arrow A <b> 5 in FIG. 2).

  As shown in FIG. 2, the conversion means 14 converts the document file 51 including information related to the distribution target software 52 into a completed document file having a container function [here, a PDF (Portable Document Format) file that is difficult to falsify. ] Is converted into 51A (see arrow A1 in FIG. 2). Here, the document file 51 including information related to the distribution target software 52 is, for example, a user's manual / simplified manual of the distribution target software (a program such as a printer driver or an inspection tool) 52, or distribution target software. A file including a distribution information detail document for the wear 52 and other important documents, which is created in advance by a user or the like. The conversion to the PDF file 51A is performed by, for example, a PDF driver. When the PDF driver is activated, the document file 51 is converted to PDF and a PDF file 51A is generated.

  As shown in FIG. 2, the attachment unit 15 uses the container function of the PDF file 51A converted by the conversion unit 11 to add the encrypted package file 54A created by the first encryption unit 12 to the PDF file 51A and The encryption installer 55A created by the second encryption means 13 is attached (see arrows A6 and A7 in FIG. 2).

  As shown in FIG. 2, the third encryption means 16 manages the PDF file 51A attached with the encryption package file 54A and the encryption installer 55A by the attachment means 15 with a third encryption key (managed by the file access management server 30). The encrypted file 51B is created as a distribution file by encrypting it (received from the server 30) (see arrow A8 in FIG. 2).

  The setting means 17 allows the user information relating to the user who is permitted to access the encrypted file 51B created by the third encryption means 16 (that is, the installation of the distribution target software 52), and permits the user. The access information regarding the access authority and the accessible period, the lending key, and the like are set and notified to the file access management server 30.

  The setting by the setting means 17 is performed before the encryption operation or in parallel with the encryption operation. For a user who accesses the encrypted file 51B, the authority to access the encrypted file 51B (for example, In addition to viewing, annotating, printing, and copying of document files, the authority to execute one selected from various accesses such as extraction of encrypted package file 54A and encrypted installer 55A stored by the container function) Yes, it is assumed that the setting means 17 performs the file access management server 30 (authorization table).

  Here, at least the viewing authority for the document file 51 is set as the access authority. However, the extraction authority of the encryption package file 54A and the encryption installer 55A is not set, that is, the distribution destination terminal 20 is initially set so that the encryption package file 54A and the encryption installer 55A cannot be extracted. ing. The authority to extract the encrypted package file 54A and the encrypted installer 55A can be switched by the permission / refusal means 29 (described later) of the distribution destination terminal 20 as described later.

  The encrypted file (distributed file) 51B created by the third encryption unit 16 is executed to access the file access management server 30 when the encrypted file is decrypted and accessed (viewed) at the distribution destination terminal 20. The plug-in 56 may be distributed to each distribution destination terminal 20 via the network 40 by e-mail or the like, or as shown in FIGS. 1 and 2, a recording medium (for example, a flexible disk, CD, DVD, (A magnetic disk, an optical disk, a magneto-optical disk, etc.) may be distributed to each distribution destination terminal 20 in a state of being recorded. Here, the plug-in 56 is distributed together with the encrypted file (distributed file) 51B. If it is known in advance that the plug-in 56 is installed in each distribution destination terminal 20, the distribution of the plug-in 56 is performed. May be omitted.

  Note that the dedicated installer 55 is an installer dedicated to the distribution target software 52 (actually the execution dedicated program 53 and the subprogram 522), and the distribution target software 52 is transferred to the distribution destination terminal 20 only by the dedicated installer 55. It is supposed to be installed. Detailed functions of the dedicated installer 55 will be described later.

  Further, as described later, a user who can access the encrypted file 51B (a user who is permitted to decrypt the encrypted file 51B, that is, a user who has been authenticated as an authorized user by access authentication described later). , And the distribution destination terminal 20 that has started the dedicated installer 55 is authenticated by the distribution destination terminal 20 only when it is authenticated as an authorized terminal by installation authentication described later. ing.

Further, a method of expanding the encrypted package file 54A that has been compressed (encrypted package executed by the dedicated installer 55 (function as the third decryption means 25 described later) in the distribution destination terminal 20 described later). As for development (restoration / decryption) of the file 54A into the package file 54, for example, a table is formed as a general expansion rule, and a distribution table obtained by the table formation is included in the dedicated installer 55, and this dedicated installer is included. 55 (encrypted installer 55A) may be bundled and distributed.

[1-2] Configuration of distribution destination terminal:
The distribution destination terminal (client PC) 20 is an information processing apparatus such as a personal computer (PC) used by an evaluation person (employee, etc.) in an affiliated group company as described above in this embodiment. The original terminal 10, other distribution destination terminals 20, and the file access management server 30 are connected to each other via a network 40 so that they can communicate with each other.

  The distribution destination terminal 20 distributes the encrypted file (distribution file) 51B created by the distribution source terminal 10 and distributes the distribution target software 52 (actually the execution-only program 53 actually stored in the encryption file 51B). And the subprogram 522) are to be installed, and at least the access authentication request means 21, the first decryption means 22, the installation authentication request means 23, the second decryption means 24, the third decryption means 25, and the installation means 26 , Activation authentication request means 27, fourth decryption means 28 and permission / rejection means 29. These functions are realized by a processing unit (processing unit, CPU; not shown) constituting the distribution destination terminal 20 executing a predetermined application program (part of a software management program). In the present embodiment, the functions of the third decryption unit 25 and the installation unit 26 are such that the processing unit starts the dedicated installer 55 after the decryption of the encrypted installer 55A by the second decryption unit 24 described later. It is realized by executing.

  The access authentication requesting means 21 notifies the access authentication information (user identification information and password) to the file access management server 30 prior to accessing (browsing) the encrypted file 51B distributed from the distribution source terminal 10, and the distribution destination terminal. The access authentication requesting whether or not the 20 users are authorized users permitted to access the encrypted file 51B is requested.

  In addition, as user identification information (hereinafter also referred to as user ID) and password as access authentication information, a password registered in advance in the distribution destination terminal 20 is notified to the file access management server 30 via a plug-in. Alternatively, the file input management server 30 may be notified via the plug-in of what the user inputs using the keyboard or the like.

  When a plug-in for accessing the file access management server 30 is installed in advance in the distribution destination terminal 20, the plug-in is activated, whereas when the plug-in is not installed, The plug-in 56 distributed together with the encrypted file 51B is read from the recording medium 50 or the electronic mail, installed in the distribution destination terminal 20, and then activated.

  When the first decryption means 22 receives a notification from the file access management server 30 to authenticate that the user of the distribution destination terminal 20 is an authorized user in response to the access authentication request from the access authentication request means 21 The encrypted file 51B is decrypted into the original PDF file 51A (see arrow A11 in FIG. 3), and the encrypted file 51B can be accessed according to the set access information. Here, the document (instruction manual or the like) in the original PDF file 51A is displayed on the display (not shown) of the distribution destination terminal 20 so that the user can view it. FIG. 3 is a schematic diagram for explaining a file configuration in the software management system 1 (distribution destination terminal 20) of the present embodiment.

When the user makes a request to start the encrypted installer 55A (actually the dedicated installer 55) attached to the PDF file 51A decrypted by the first decryption means 22, the plug authentication request means 23 The installation authentication information is notified to the file access management server 30 through the login, whether the user of the distribution destination terminal 20 is an authorized user permitted to install the distribution target software 52, and the distribution destination terminal 20 is the distribution target. The software 52 is for requesting installation authentication as to whether or not it is a legitimate terminal to be installed.

  As installation authentication information, in addition to user identification information and password, company identification information (information for specifying the related group company), server name, global IP (Internet Protocol) address, MAC (Medium Access Control) address , The host name and the like are notified, and those registered in advance in the distribution destination terminal 20 are notified to the file access management server 30 via the plug-in. At this time, the user ID and password as the installation authentication information may be the same as or different from the user ID and password as the access authentication information, and are registered in advance in the distribution destination terminal 20. May be notified to the file access management server 30 via a plug-in, or what the user inputs using a keyboard or the like may be notified to the file access management server 30 via a plug-in.

If the distribution destination terminal 20 has a GPS (Global Positioning System) function, or if a means having a GPS function is connected, the distribution destination terminal 20 obtained by the GPS function is used. The location information (latitude / longitude information) is notified to the file access management server 30 as information accompanying the installation authentication information through the network.

  The second decryption means 24 determines that the user of the distribution destination terminal 20 from the file access management server 30 is a regular user and the distribution destination terminal 20 is a regular terminal in response to the installation authentication request by the installation authentication request means 23. Is received from the PDF file 51A, and the extracted encrypted installer 55A is decrypted into the original dedicated installer 55 (see arrow A12 in FIG. 3). ).

  The third decryption means 25 is a function realized by executing the dedicated installer 55 decrypted by the second decryption means 24 by the processing unit, and takes out the encrypted package file 54A from the PDF file 51A. The extracted encrypted package file 54A is decrypted into the original package file 54 on the memory (not shown) of the distribution destination terminal 20 using the distribution table described above (see arrow A13 in FIG. 3). .

  At this time, in this embodiment, the setting unit 17 of the distribution source terminal 10 is initially prohibited from taking out the encrypted package file 54A and the encrypted installer 55A. In response to an installation authentication request by means 23, when a notification is received from the file access management server 30 to authenticate that the user of the distribution destination terminal 20 is an authorized user and that the distribution destination terminal 20 is an authorized terminal. The retrieval access of the encrypted package file 54A and the encrypted installer 55A from the PDF file 51A is temporarily permitted. Here, the retrieval access of the encrypted installer 55A and the encrypted package file 54A is performed from the second decryption means 24 and the third decryption means 25, respectively.

The installation unit 26 is a function realized by executing the dedicated installer 55 decrypted by the second decryption unit 24 in the processing unit, and the package decrypted on the memory by the third decryption unit 25. The execution-only program 53 (including the encrypted main program 521A) and the subprogram 522, which are the distribution target software 52 in the file 54, are installed in a folder (not shown) designated by the user in the distribution destination terminal 20. is there.

  When the installation unit 26 executes the installation of the execution-only program 53 and the subprogram 522, the installation unit 26 sends the installation operation log (user information, terminal information, installation date, etc.) to the file access management server 30 (installation operation log described later). The function of notifying the recording means 35) may be fulfilled, or the installation operation log is stored and when the installation operation log transmission request is received from the file access management server 30, the stored installation operation log is subjected to file access management. You may comprise so that the function to notify to the server 30 may be fulfill | performed.

  When the user activates the execution-only program 53 installed on the distribution destination terminal 20 by the installation unit 26, the activation authentication request unit 27 notifies the file access management server 30 of the activation authentication information and uses the distribution destination terminal 20. Requesting activation authentication whether the user is an authorized user permitted to execute the distribution target software 52 and whether the distribution destination terminal 20 is an authorized terminal permitted to execute the distribution target software 52 To do.

  As the activation authentication information, company identification information, server name, global IP address, MAC address, host name, etc., in addition to user identification information and password, are notified and registered in advance in the distribution destination terminal 20. The file access management server 30 is notified via the plug-in. At this time, the user ID and password as activation authentication information may be the same as or different from the user ID and password as access authentication information and installation authentication information, and are registered in advance in the distribution destination terminal 20. May be notified to the file access management server 30 via the plug-in, or what the user inputs using the keyboard or the like may be notified to the file access management server 30 via the plug-in. .

  In the fourth decryption means 28, the user of the distribution destination terminal 20 from the file access management server 30 is a regular user and the distribution destination terminal 20 is a regular terminal in response to the activation authentication request by the activation authentication request means 27. Is received, the encrypted program 521A included in the execution-only program 53 is decrypted into the original main program 521 (see arrow A14 in FIG. 3). Thereafter, the main program 521 is activated and executed in the processing unit.

  When the main program 521 is executed, the processing unit of the distribution destination terminal 20 transmits a usage log (user information, terminal information, usage date, program start log / end log, etc.) to the file access management server 30 ( A function for notifying a usage log recording means 36) to be described later may be fulfilled, or when the usage log is saved and a usage log transmission request is received from the file access management server 30, the saved usage log is file accessed. You may comprise so that the function notified to the management server 30 may be fulfill | performed.

[1-3] Configuration of file access management server:
The file access management server 30 is communicably connected to the distribution source terminal 10 and the distribution destination terminal 20 via the network 40, and applies to an encrypted file (distribution file) 51B distributed from the distribution source terminal 10 to the distribution destination terminal 20. Management of access, management means 31, access authentication means 32, installation authentication means 33, activation authentication means 34, installation operation log recording means 35, usage log recording means 36, installation operation restriction means 37, installation number restriction means 38 And has a function as the position detecting means 39. These functions are realized by a processing unit (CPU; not shown) constituting the file access management server 30 executing a predetermined application program (a part of the software management program).

  Based on the user information set and notified by the setting unit 17 of the distribution source terminal 10 and the access information (information set in the authority table), the management unit 31 encrypts the file 51B (that is, PDF 51A), It manages user access to the encrypted package file 54A (that is, the distribution target software 52) and the encrypted installer 55A (that is, the dedicated installer 55).

  When receiving an access authentication request from the distribution destination terminal 20, the access authentication means 32 authenticates whether or not the user of the distribution destination terminal 20 is an authorized user based on the access authentication information, and the authentication result The user identification information ID and password included in the access authentication information actually match the user identification information and password registered and stored in the file access management server 30 in advance. By determining whether or not, the user is determined / authenticated as to whether or not the user is a regular user (authorized user).

  When the installation authentication means 33 receives an installation authentication request from the distribution destination terminal 20, the user of the distribution destination terminal 20 distributes the software 52 to be distributed (execution-only program 53 and subprogram 522) based on the installation authentication information. And whether the distribution destination terminal 20 is a regular terminal to which the distribution target software 52 (execution-only program 53 and subprogram 522) is to be installed is authenticated. The authentication result is notified to the distribution destination terminal 20.

  As with the above-described access authentication unit 32, the installation authentication unit 33 matches the user identification information and password included in the installation authentication information with the user identification information and password registered and stored in the file access management server 30 in advance. In addition to determining / authenticating whether the user is a legitimate user (a legitimate user), an installation authentication request is made with the distribution destination terminal 20 that made the access authentication request. The distribution destination terminal 20 is the same, the distribution destination terminal 20 that made the installation authentication request is a specific terminal, or the global IP address of the distribution destination terminal that made the installation authentication request is a predetermined address. And that the company identification information indicates a specific company. It may be.

  Further, in the installation authentication means 33, one of the installation authentication conditions may be that the location information obtained by the position detection means 39 described later is a predetermined country (not a predetermined country). .

  When the activation authentication unit 34 receives an activation authentication request from the distribution destination terminal 20, the user of the distribution destination terminal determines that the distribution target software 52 (execution-only program 53 and subprogram 522) is based on the activation authentication information. It is authenticated whether or not the authorized user is permitted to execute, and whether or not the distribution destination terminal 20 is an authorized terminal permitted to execute the distribution target software 52 (execution-only program 53 and subprogram 522). The authentication result is notified to the distribution destination terminal 20.

In the activation authentication unit 34, the user identification information and password included in the activation authentication information match the user identification information and password registered and stored in the file access management server 30 in the same manner as the installation authentication unit 33 described above. In addition to determining / authenticating whether the user is a legitimate user (a legitimate user), an access authentication request is made with the distribution destination terminal 20 that made the activation authentication request. That at least one of the distribution destination terminal 20 and the distribution destination terminal 20 that has made the installation authentication request is the same, that the distribution destination terminal 20 that has made the activation authentication request is a specific terminal, The global IP address of the distribution destination terminal 20 that has performed is a predetermined address, and the company identification information indicates a specific company That you are, it may be used as one of the start-up authentication conditions.

  In the activation authentication unit 34, one of the activation authentication conditions may be that the location information obtained by the position detection unit 39 described later is a predetermined country (not a predetermined country). .

  The installation operation log recording means 35 collects installation operation logs of the distribution target software 52 (execution-only program 53 and subprogram 522) in the distribution destination terminal 20 and records them in a database (not shown). An installation operation log is collected using the notification function by the installation means 26 of the terminal 20.

  The usage log recording means 36 collects usage logs of the distribution target software 52 (execution-only program 53 and subprogram 522) installed in the distribution destination terminal 20 and records them in a database (not shown). Usage logs are collected using the notification function by the processing unit of the destination terminal 20.

  The installation operation restriction unit 37 refers to the installation operation log collected by the installation operation log recording unit 35. For the distribution destination terminal 20 that has successfully installed the distribution target software 52, the installation operation restriction unit 37 of the distribution target software 52 thereafter is installed. The installation operation is prohibited. The function as the installation operation restriction unit 37 can also be realized by the management unit 31 described above. The file access management server 30 installs in response to an instruction from the administrator when a request for re-installation of the distribution target software 52 is received from the distribution destination terminal 20 after the installation operation restriction means 37 prohibits the installation operation. The prohibition state of the installation operation by the operation restriction unit 37 is temporarily canceled.

  The installation number limiting means 38 refers to the installation operation log recorded by the installation operation log recording means 35 and distributes the distribution target software so that the number of distribution destination terminals 20 on which the distribution target software 52 is installed does not exceed a predetermined number. The installation operation of the software 52 is limited. The function as the number-of-installation-number limiting means 38 can also be realized by the management means 31 described above.

  The position detecting means 39 detects the location of the distribution destination terminal 20 at the time when the installation authentication request is received. More specifically, in the present embodiment, the position detection unit 39 detects the country where the distribution destination terminal 20 is located as the location from the connection environment of the distribution destination terminal 20 at the time when the installation authentication request is received.

  Further, the location detecting means 39 refers to the global destination IP address of the network to which the distribution destination terminal 20 is first connected as a connection environment of the distribution destination terminal 20, for example, by referring to the global IP address of the distribution destination terminal 20. It is possible to detect the country where the country is located.

When the distribution destination terminal 20 has a GPS (Global Positioning System) function, the location information (latitude / longitude information) of the distribution destination terminal 20 obtained by the GPS function is distributed through the network 40. By receiving from the destination terminal 20, the position detecting means 39 may be configured to detect the location / country country of the distribution destination terminal 20 from the latitude / longitude information.

In the installation authentication by the installation authentication means 33 described above, as the authentication condition, for example, the location country detected as the location by the position detection means 39 is set to a predetermined country specified in advance. . More specifically, as a predetermined country specified in advance, for example, the “Catchall Regulation” (see Table 16 of the Export Trade Control Order Appendix Table 1 and the Foreign Exchange Order Appendix Table) defined by the Ministry of Economy, Trade and Industry 26 white countries not covered (Argentina, Australia, Austria, Belgium, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, South Korea, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden, Switzerland, United Kingdom, United States; “Regions listed in Schedule 4-2 of Export Trade Control Order”). It is clear that countries that have joined the Convention on Weapons of Mass Destruction, participated in all export control regimes, and introduced the catch-all system are not likely to spread weapons of mass destruction from these countries. In other words, these countries are called “white countries”.

  Note that, as described above, the authentication condition may be that the country of residence is the predetermined country as described above, but if the distribution destination terminal 20 has a GPS function, the distribution destination It may be set as the predetermined condition that the terminal 20 exists in a more limited place or region specified by the latitude / longitude information.

  Further, the position detection means 39 may detect the location of the distribution destination terminal 20 at the time when the activation authentication request is received. More specifically, in the present embodiment, the position detecting means 39 detects the country where the distribution destination terminal 20 is located from the connection environment of the distribution destination terminal 20 at the time when the activation authentication request is received. Also good. In this case, when the activation authentication is performed by the activation authentication unit 34 described above, as the authentication condition, for example, the country detected as the location by the position detection unit 39 is set to a predetermined country specified in advance. The In addition, as described above, the activation authentication condition may be that the country of residence is the predetermined country as described above, but if the distribution destination terminal 20 has a GPS function, the distribution is performed. It may be set as the predetermined condition that the destination terminal 20 exists in a more limited place or region specified by the latitude / longitude information.

[2] Operation of the software management system of this embodiment:
Next, the operation of the software management system 1 according to the present embodiment configured as described above will be described with reference to FIGS.

[2-1] Operation of distribution source terminal:
With reference to FIG. 2, the operation (distribution file set creation operation) of the distribution source terminal 10 in the software management system 1 of the present embodiment will be described according to the flowchart (steps S11 to S22) shown in FIG. FIG. 2 is a schematic diagram for explaining a file configuration and a distribution file creation operation in the software management system 1 (distribution source terminal 10) of the present embodiment.

  In the distribution source terminal 10, first, distribution target software is created or prepared, and a document file of a user manual / simplified manual such as distribution target software (for example, printer driver, inspection tool) is generated. (Step S11), the document file 51 is converted into a PDF file 51A having a container function by the conversion means 11 (Step S12; see arrow A1 in FIG. 2).

In addition to the creation of the PDF file 51A, the package file creation unit 11 creates the encrypted main program 521A by encrypting the main program 521 in the distribution target software 52 such as a printer driver and an inspection tool (step S13). ; See arrow A2 in FIG. 2), this encrypted main program 521A is executed program 5
3 (step S14; see arrow A2 in FIG. 2), this execution-only program 53 and subprogram 522 (subprogram 522 remains plain) are packaged, and a package file 54 is created (step S15; see arrows A2 and A3 in FIG. This package file 54 is encrypted by the first encryption means 12, and an encrypted package file 54A is created (step S16; see arrow A4 in FIG. 2).

  Further, separately from the creation of the PDF file 51A and the encrypted package file 54A, the dedicated installer 55 prepared in advance is encrypted by the second encryption means 13 to create the encrypted installer 55A (step S17; FIG. 2 arrow A5).

  Then, by using the container function of the PDF file 51A, the attachment unit 15 adds the encrypted package file 54A created by the processes of steps S13 to S16 to the PDF file 51A and the encrypted installer created by the process of step S17. 55A is attached and stored (step S18; see arrows A6 and A7 in FIG. 2).

  Thereafter, the user (distributor in charge) of the distribution source terminal 10 uses the setting unit 17 to permit access to the PDF file 51A (encrypted file 51B) (that is, installation of the distribution target software 52). User information, access information regarding the access authority and access period permitted for the user, a rental key, and the like are set, notified to the file access management server 30, and set in the authority table (step S19). ). In this embodiment, as described above, at least the viewing authority for the PDF file 51A is set as the access authority, and the extraction of the encrypted package file 54A and the encrypted installer 55A is prohibited.

  After setting the access authority etc., the PDF file 51A attached with the encrypted package file 54A and the encrypted installer 55A is encrypted by the third encryption means 16 with the encryption key managed by the file access management server 30, The encrypted file 51B is created as a distribution file (step S20; see arrow A8 in FIG. 2). The encrypted file 51B created in this way is stored and recorded in a recording medium 50 such as a CD together with the plug-in 56 as necessary (step S21; see arrow A9 in FIG. 2). It is distributed by passing to the user (step S22). As described above, the encrypted file 51B may be distributed to each distribution destination terminal 20 via the network 40 by e-mail or the like without being recorded in the recording medium 50.

[2-2] Operation of distribution destination terminal:
Next, referring to FIG. 3, according to the flowchart shown in FIG. 5 (steps S31 to S49) and the flowchart shown in FIG. 6 (steps S51 to S56), the distribution destination terminal 20 in the software management system 1 of the present embodiment. The operation (installation operation and activation operation of the distribution target software 52) will be described. FIG. 3 is a schematic diagram for explaining the file configuration, the installation operation and the activation operation of the distribution target software 52 in the software management system 1 (distribution destination terminal 20) of the present embodiment.

  In each distribution destination terminal 20, the recording medium 50 is installed in order to install the distribution target software 52 (actually the execution-only program 53 and the subprogram 522 in the package file 54) from the recording medium 50 distributed by the person in charge of distribution. Is inserted into the distribution destination terminal 20 (YES route of step S31), it is first determined whether or not the plug-in 56 is already installed in the distribution destination terminal 20 (step S32). The NO route of step S32), the plug-in 56 is installed from the recording medium 50 (step S33). When the plug-in 56 is installed (YES route in step S32), the process in step S33 is skipped.

  After that, when the plug-in 56 is activated and the user of the distribution destination terminal 20 designates the encrypted file 51B, the access authentication request means 21 sends the access authentication information (user identification information and password) to the file access management server 30. Then, access authentication is requested to determine whether or not the user of the distribution destination terminal 20 is an authorized user permitted to access the encrypted file 51B (PDF file 51A) (step S34).

  When the response from the file access management server 30 in response to this access authentication request is a notification that the user of the distribution destination terminal 20 is not a regular user (NO route in step S35), the distribution destination terminal An error notification is made at 20 (step S36), and the process is terminated.

  On the other hand, when the response from the file access management server 30 is a notification that the user of the distribution destination terminal 20 is authenticated (YES route in step S65), the decryption means 22 The encrypted file 51B is decrypted into the original PDF file 51A (step S37; see arrow A11 in FIG. 3), and the document (instruction manual etc.) in the PDF file 51A is displayed on the display (not shown) of the distribution destination terminal 20. It is displayed and browsed by the user (step S38). At this time, as described above, it is prohibited to extract the encrypted package file 54A and the encrypted installer 55A from the PDF file 51A.

  When a user who has viewed the document requests installation of the distribution target software 52 and makes a request to start the encrypted installer 55A (actually the dedicated installer 55) attached to the PDF file 51A (YES route of step S39) ) The user authentication information and password are requested by the installation authentication request means 23, and the server name, global IP address, MAC address, and host name described above together with the user identification information and password input by the user in response to the request. , The company ID is notified to the file access management server 30 as installation authentication information, and whether the user of the distribution destination terminal 20 is an authorized user permitted to install the distribution target software 52 and the distribution destination terminal 20. Installed the distribution target software 52 Whether installation authentication is authorized terminals to be stalled is requested (step S40).

At this time, if the distribution destination terminal 20 has a GPS (Global Positioning System) function, the location information (latitude / longitude information) of the distribution destination terminal 20 obtained by the GPS function is used as the installation authentication information. Is notified to the file access management server 30 as information attached thereto.

  The response from the file access management server 30 in response to the installation authentication request is a notification that the user of the distribution destination terminal 20 is not an authorized user permitted to install the distribution target software 52, and distribution If at least one of the notifications that the destination terminal 20 is not a legitimate terminal to which the distribution target software 52 is to be installed (NO route of step S41), an error notification is made at the distribution destination terminal 20 (step S41). S42), the process is terminated.

On the other hand, the response from the file access management server 30 is that the user of the distribution destination terminal 20 is an authorized user permitted to install the distribution target software 52 and the distribution destination terminal 20 is installed with the distribution target software 52. If it is a notification to authenticate that it is a legitimate terminal (YES route in step S41), the encryption package file 54A and the encryption from the PDF file 51A designated / selected by the user by the permission / rejection means 29 Access to the integrated installer 55A is temporarily permitted (step S43).
.

  In response to this, the second decryption means 24 extracts the encrypted installer 55A from the PDF file 51A from the PDF file 51A (step S44; see arrow A12 in FIG. 3), and the extracted encrypted installer 55A is the original. Decrypted by the dedicated installer 55 (step S45; see arrow A12 in FIG. 3), the decrypted dedicated installer 55 is executed by the processing unit (step S46).

  When the dedicated installer 55 is executed, the third decryption means 25 extracts the encrypted package file 54A from the PDF file 51A (step S47; see arrow A13 in FIG. 3), and uses, for example, the distribution table described above. The extracted encrypted package file 54A is decrypted into the original package file 54 on the memory (not shown) of the distribution destination terminal 20 (step S48; see arrow A13 in FIG. 3). The execution-only program 53 and the subprogram 522 in the decrypted package file 54 are installed in the folder specified by the user in the distribution destination terminal 20 by the installation means 26 (step S49; arrow in FIG. 3). A13).

  After the execution-only program 53 and the subprogram 522 are installed in the distribution destination terminal 20 as described above, the user activates the execution-only program 53 in the distribution destination terminal 20 to execute the execution-only program 53 (step S51). YES route), the user authentication information and password are requested by the activation authentication request means 27, and together with the user identification information and password input by the user in response to the request, the above server name, global IP address, MAC address , The host name, the company ID, etc. are notified to the file access management server 30 as installation authentication information, and whether or not the user of the distribution destination terminal 20 is authorized to execute the distribution target software 52 and distribution The destination terminal 20 is the software to be distributed An authorized terminal is permitted second run whether activation authentication is required (step S52).

At this time, if the distribution destination terminal 20 has a GPS (Global Positioning System) function, the location information (latitude / longitude information) of the distribution destination terminal 20 obtained by the GPS function is used as the activation authentication information. Is notified to the file access management server 30 as information attached thereto.

  The response from the file access management server 30 in response to the activation authentication request is a notification that the user of the distribution destination terminal 20 is not a regular user, and the distribution destination terminal 20 executes the distribution target software 52. Is at least one of notifications that the terminal is not authorized (NO route in step S53), an error notification is made in the distribution destination terminal 20 (step S54), and the process ends.

If there is an instruction to delete the distribution target software from the file access management server 30 together with the error notification, the distribution target software is deleted.
On the other hand, the response from the file access management server 30 is that the user of the distribution destination terminal 20 is an authorized user who is permitted to execute the distribution target software 52 and the distribution destination terminal 20 executes the distribution target software 52. If it is a notification that the authorized terminal is authenticated (YES route in step S53), the encryption program 521A included in the execution-only program 53 by the fourth decryption means 28 is the original main. The program 521 is decrypted (step S55; see arrow A14 in FIG. 3), and the main program 521 is activated and executed in the processing unit (step S56).

[2-3] File access management server operation:
Next, the operation of the file access management server 30 in the software management system 1 of this embodiment will be described with reference to the flowchart shown in FIG. 7 (steps S61 to S81).

  When the file access management server 30 receives an access authentication request from the distribution destination terminal 20 (YES route in step S61), the access authentication means 32 determines that the user of the distribution destination terminal 20 is a regular user based on the access authentication information. It is authenticated whether or not there is, and the authentication result is notified to the distribution destination terminal 20 (step S62).

  At that time, for example, the storage unit (not shown) of the file access management server 30 is searched based on the user identification information included in the access authentication information, and the registered password corresponding to the user identification information is read from the storage unit, and the access authentication is performed. The password included in the information is compared with the registered password read from the storage unit, and it is determined whether or not these passwords match. If these passwords match, the distribution destination terminal 20 is notified that the user of the distribution destination terminal 20 has been authenticated as an authorized user.

  Upon receiving an installation authentication request from the distribution destination terminal 20 (YES route in step S63), the installation authentication means 33 determines whether the user of the distribution destination terminal 20 is a regular user based on the installation authentication information and the distribution destination. It is authenticated whether or not the terminal 20 is a legitimate terminal on which the distribution target software 52 (execution-only program 53 and subprogram 522) is to be installed, and the authentication result is notified to the distribution destination terminal 20 (step S64). .

  At this time, as in the case of the access authentication described above, the storage unit (not shown) of the file access management server 30 is searched by the user identification information included in the installation authentication information, and the registration information (password, Company identification information, server name, global IP address, MAC address, host name, etc.) are read from the storage unit, and the information included in the installation authentication information is compared with the registration information read from the storage unit. It is determined whether the pieces of information match.

  At the time of installation authentication by the installation authentication means 33, as one of the authentication conditions, the location country and the location (latitude / longitude) of the distribution destination terminal 20 detected as the location by the position detection means 39 are designated in advance. It is determined that the country is a predetermined country (for example, the above-mentioned “white country”), is in its own premises, is not in the vicinity of the rival company, or the like.

When these pieces of information match, the distribution destination terminal 20 is notified that the user of the distribution destination terminal 20 is authenticated and the distribution destination terminal 20 is authenticated.
When an activation authentication request is received from the distribution destination terminal 20 (YES route in step S65), the activation authentication unit 34 determines whether the user of the distribution destination terminal 20 is a regular user based on the activation authentication information and the distribution destination. It is authenticated whether or not the terminal 20 is a legitimate terminal permitted to execute the distribution target software 52 (execution-only program 53 and subprogram 522), and the authentication result is notified to the distribution destination terminal 20 (step S64). ).

At that time, as in the case of the installation authentication described above, the storage unit (not shown) of the file access management server 30 is searched based on the user identification information included in the activation authentication information, and the registration information (password, Company identification information, server name, global IP address, MAC address, host name, etc.) are read from the storage unit, and the information included in the activation authentication information is compared with the registration information read from the storage unit. It is determined whether the pieces of information match. When these pieces of information match, the distribution destination terminal 20 is notified that the user of the distribution destination terminal 20 is authenticated and the distribution destination terminal 20 is authenticated.

  In the activation authentication by the activation authentication unit 34, as in the above-described installation authentication, as one of the authentication conditions, the country and location (latitude of latitude) of the distribution destination terminal 20 detected as the location by the position detection unit 39 It may be determined that the longitude is a predetermined country (for example, “White Country” described above), that it is within the company premises, or not in the vicinity of the rival company.

  Further, when it is time to collect the installation operation log of the distribution target software 52 in each distribution destination terminal 20, or the distribution destination software 20 has been notified of the installation of the distribution target software (installation operation log). In this case (YES route in step S67), the installation operation log recording means 35 collects the installation operation log of the distribution target software 52 in each distribution destination terminal 20 (step S68), and is collected or notified from each distribution destination terminal 20. The installation operation log is recorded in a database or the like (step S69).

  Then, the installation operation log recorded in the database or the like is referred to (step S70), and when there is a distribution destination terminal 20 that has successfully installed the distribution target software 52 (YES route of step S71), the installation operation restriction means 37 As a result, the subsequent distribution target software installation operation is prohibited in the distribution destination terminal 20 (step S72). Further, it is determined whether or not the number of distribution destination terminals 20 on which the distribution target software 52 has been installed has exceeded a predetermined number by the installation number limiting means 38 (step S73). After that, the installation of the distribution target software 52 to the new distribution destination terminal 20 is prohibited (step S74). On the other hand, when there is no distribution destination terminal 20 that has successfully installed the distribution target software (NO route of step S71), or when the number of distribution destination terminals 20 that have the distribution target software 52 installed does not exceed the predetermined number. (NO route of step S73), the process of step S72 and step S74 is skipped.

  In addition, when there is a re-installation request for the distribution target software 52 from the distribution destination terminal 20 that has successfully installed the distribution target software 52 (YES route in step S75), the file access management server 30 permits the re-installation. Asking the administrator to determine whether or not to do so, receiving an instruction from the administrator (step S76), and if the administrator instructs re-installation (YES route of step S77), a re-installation request is made. For the distribution destination terminal 20, the installation operation prohibition state by the installation operation restriction means 37 is temporarily canceled (step S78), and the distribution target software 52 is reinstalled in the distribution destination terminal 20 that has requested re-installation. It becomes possible. When the administrator gives an instruction not to permit reinstallation (NO route of step S77), the process of step S78 is skipped.

  Also, when it is time to collect the usage log of the distribution target software 52 at each distribution destination terminal 20, or when the distribution target software 52 is notified (execution log) from each distribution destination terminal 20 (YES route of step S79), the usage log of the distribution target software 52 in each distribution destination terminal 20 is collected by the usage log recording means 36 (step S80), and the usage log collected or notified from each distribution destination terminal 20 Is recorded in a database or the like (step S81).

[3] Effects of the software management system of this embodiment:
Thus, according to the software management system 1 as an embodiment of the present invention, when distributing the distribution target software 52, double authentication of access authentication and installation authentication is performed, and the distribution target software The software 52 is installed only on a legitimate user's legitimate terminal (distribution destination terminal) 20 and is executed only on the legitimate user's legitimate terminal (distribution destination terminal) 20, and the distribution target software 52 is dedicated. Since it is installed only by the installer 55, as described above, the software is distributed to the evaluator (user) in order to evaluate the pre-commercial product (for example, printer driver) and the software accompanying it. When installing on the terminal (distribution destination terminal) 20 of the person in charge of evaluation, the confidentiality of the product before the commercial sale Information external leakage and illegal use of software including (confidential information), by a simple approach, it is possible to more reliably prevented.

  Then, the location (location country) of the distribution destination terminal at the time of the installation authentication request is detected, and it is determined whether or not the detected location location satisfies a predetermined condition [predetermined country (for example, white country)]. The location of the distribution destination terminal can be confirmed immediately before installation. By permitting installation only when the location of the distribution destination terminal satisfies a predetermined condition (for example, not in the country subject to export control), the contents of the software including highly confidential information can be It can be surely prevented from leaking or leaking without the user's knowledge in the area.

  Further, in the encrypted file (distributed file) 51B, the package file 54 including the distribution target software 52 and the dedicated installer 55 are respectively encrypted in the encrypted package file 54A and the encrypted installer 55A. Even if the encrypted file 51B is taken out by a malicious third party, it is possible to prevent the contents of the package file 54 from leaking and the dedicated installer 55 from being activated.

  At the time of installation authentication by the installation authentication means 33, the distribution destination terminal 20 that made the access authentication request is the same as the distribution destination terminal 20 that made the installation authentication request, or the distribution destination terminal 20 that made the installation authentication request specifies The installation authentication condition is that the distribution destination terminal 20 that made the installation authentication request is a predetermined address, or that the terminal is located in a country or region that satisfies the predetermined condition. As a result, the installation authentication condition of the distribution destination terminal 20 to which the distribution target software 52 should be installed is set more severely, and external leakage and unauthorized use of the distribution target software 52 can be prevented more reliably. . Here, by setting the global IP address as the installation authentication condition, the distribution target software 52 can be installed in the distribution destination terminal 20 when the distribution destination terminal 20 exists at a predetermined position specified by the global IP address. it can.

In the case of performing authentication based on the global IP address (location location check of the distribution destination terminal 20) at the time of installation authentication, for example, a GPS (Global Positioning System) provided in the distribution destination terminal 20 is used instead of the global IP address at the time of the location check.
) Function may be used. In that case, at the time of installation authentication, the current location (latitude / longitude information) of the distribution destination terminal 20 detected by the GPS function is notified to the file access management server 30 as installation authentication information. Only when the location (latitude / longitude information) included in the information is at a predetermined position (for example, in-house), installation is permitted, that is, it is authenticated that the distribution destination terminal 20 is a regular terminal.

In addition, the location country and location (latitude / longitude) of the distribution destination terminal 20 detected as the location by the location detection means 39 are stored for a certain period of time, and the past was performed in places other than the White country or near the rival site. In some cases, or in the past, if it has been performed more than a predetermined number of times outside of the White country or near the rival site, it may be considered that installation authentication is not performed for a certain period. Further, when the installation authentication is not performed as described above, the file access management server may instruct the distribution destination terminal 20 to delete the distribution target software.

  At this time, in this embodiment, when distributing the distribution target software 52 including the main program 521 and the subprogram 522 used by the main program 521, the execution-only program 53 including the encrypted main program 521A and the subprogram 522 A package file 54 including the program 522 is created and distributed to the distribution destination terminal 20 for installation. That is, the distribution destination terminal 20 completes the installation of the distribution target software 52 with the encrypted main program 521A still encrypted.

  In the distribution destination terminal 20, when the execution dedicated program 53 is installed after the execution dedicated program 53 and the subprogram 522 are installed, first, the distribution destination terminal 20 issues an activation authentication request to the file access management server 30. In response to the activation authentication request, the processing is executed upon receiving notification from the file access management server 30 that the user of the distribution destination terminal 20 is an authorized user and that the distribution destination terminal 20 is authenticated. The encrypted main program 521A included in the dedicated program 53 is decrypted into the original main program 521, and the main program 521 is activated.

  As a result, when the main program 521 as the distribution target software 52 is executed, activation authentication is performed, so that the execution of the main program 521 is permitted only when a legitimate user executes the main program 521 on a legitimate terminal. can do. That is, activation control (access control) for the distribution target software 52 after installation can be realized, and illegal secondary usage of the distribution target software 52 can be reliably prevented.

  Further, in the distribution destination terminal 20, the main program 521 is decrypted and executed only at the time of activation, and is stored in an encrypted state when it is not activated. Even if the distribution target software 52 (package file 54) including the information is leaked to the outside, it is impossible to use and execute the distribution target software 52, and it is possible to reliably prevent its unauthorized use and to reverse the main program 521. There is also an advantage that engineering cannot be performed. Furthermore, when the program as the distribution target software 52 is encrypted, the entire program is not encrypted, but only the main program 521 is encrypted, thereby performing efficient encryption processing as described above. It is possible to obtain an advantageous effect.

  At the time of activation authentication by the activation authentication means 34, at least one of the distribution destination terminal 20 that made the activation authentication request, the distribution destination terminal 20 that made the access authentication request, and the distribution destination terminal 20 that made the installation authentication request is the same. The activation authentication condition is that the distribution destination terminal 20 that made the activation authentication request is a specific terminal, or that the global IP address of the distribution destination terminal 20 that made the activation authentication request is a predetermined address. As a result, the activation authentication condition of the distribution destination terminal 20 that uses the distribution target software 52 is set more severely, and external leakage and unauthorized use of the distribution target software 52 can be more reliably prevented. . Here, by setting the global IP address as the activation authentication condition, the distribution target software 52 can be executed in the distribution destination terminal 20 when the distribution destination terminal 20 exists at a predetermined position specified by the global IP address. it can.

In the case of performing authentication based on the global IP address (location location check of the distribution destination terminal 20) at the time of activation authentication, for example, a GPS function provided in the distribution destination terminal 20 is used instead of the global IP address for the location check. Also good. In that case, at the time of activation authentication, the current location (latitude and longitude information) of the distribution destination terminal 20 detected by the GPS function is notified to the file access management server 30 as activation authentication information, and the file access management server 30 performs activation authentication. The activation / execution is permitted only when the location (latitude / longitude information) included in the information is at a predetermined position (for example, in-house), that is, authenticating that the distribution destination terminal 20 is a regular terminal. .

  Further, in the file access management server 30, the installation operation log recording means 35 collects and records the installation operation log of the distribution target software 52 in the distribution destination terminal 20, so that the distribution target software 52 depends on when and by whom. It is recorded whether it has been installed on the terminal 20, and when any unauthorized use or unauthorized installation is detected for the distribution target software 52, the unauthorized use or unauthorized installation is analyzed based on the installation operation log. It becomes possible.

  At that time, the file access management server 30 refers to the installation operation log, and for the distribution destination terminal 20 in which the distribution target software 52 has been successfully installed by the installation operation restriction unit 37, By configuring so that the installation operation (or fetching access of the distribution target software 52 from the PDF file 51A) is prohibited, installation of the distribution target software 52 many times is suppressed. External leakage and unauthorized use can be prevented more reliably.

  However, when the file access management server 30 requests the reinstallation of the distribution target software 52 from the distribution destination terminal 20 after prohibiting the installation operation as described above, the installation operation (in response to an instruction from the administrator ( Alternatively, by temporarily canceling the prohibition state of the removal access of the distribution target software 52 from the PDF file 51A), the installed distribution target software 52 should be installed for some trouble. When reinstallation is required, reinstallation is possible under the authorization of the administrator, so that convenience at the distribution destination terminal 20 is not impaired.

  Further, the installation number limiting means 38 refers to the installation operation log and limits the installation operation of the distribution target software 52 so that the number of distribution destination terminals 20 on which the distribution target software 52 is installed does not exceed a predetermined number. With this configuration, the number of distribution destination terminals 20 on which the distribution target software 52 is installed can be limited, and external leakage and unauthorized use of the distribution target software 52 can be more reliably prevented. .

  Further, in the file access management server 30, the usage log recording means 36 collects and records the usage log of the distribution target software 52 installed in the distribution destination terminal 20, so that the distribution target software 52 is determined by who and when. It is recorded about which terminal is executed, and when any unauthorized use of the distribution target software 52 is detected, it is possible to analyze the unauthorized use based on the use log.

  Further, since the location of the distribution destination terminal 20 is detected as the location from the connection environment of the distribution destination terminal 20 when the file access management server 30 receives the installation authentication request, the detected location is It can be easily determined whether or not the predetermined condition is satisfied, the location of the distribution destination terminal 20 at the time of requesting the installation authentication can be confirmed, and the content of the software including highly confidential information is the country subject to export control. It can be surely prevented from leaking or leaking without the user's knowledge in or in the area.

When it is determined that the location of the distribution destination terminal 20 does not satisfy the predetermined condition, the file access management server 30 notifies the user or administrator of the distribution destination terminal 20 to that effect. The distribution destination terminal 20 can also know for what reason installation authentication is not performed, and the contents of software including highly confidential information are not known to the user in export regulated countries or regions. Can be reliably prevented from leaking or leaking.

  If the file access management server side 30 determines that the location of the distribution destination terminal 20 does not satisfy a predetermined condition, the file access management server side 30 sends a distribution target to the distribution destination terminal 20. In order to give instructions to delete the software 52, the contents of software including highly confidential information are securely prevented from leaking or leaking without the user's knowledge in countries and regions subject to export control. can do.

  Similarly to the installation authentication described above, the country where the distribution destination terminal 20 is located is detected as the location from the connection environment of the distribution destination terminal 20 when the file access management server 30 receives the activation authentication request. Therefore, it is easy to determine whether or not the detected location satisfies a predetermined condition, and the location of the distribution destination terminal 20 at the time of activation authentication request can be confirmed, and software including highly confidential information The contents of the wear can be reliably prevented from leaking or leaking without the user's knowledge in the countries and regions subject to export control.

  When it is determined that the location of the distribution destination terminal 20 does not satisfy the predetermined condition at the time of activation authentication, the file access management server 30 notifies the user or administrator of the distribution destination terminal 20 to that effect. Therefore, the distribution destination terminal 20 can know why the activation authentication is not performed, and the contents of the software including highly confidential information can be obtained by the user in the export regulated country or region. It is possible to reliably prevent leakage and leakage without knowing.

[4] Other:
The present invention is not limited to the above-described embodiment, and various modifications can be made without departing from the spirit of the present invention.

  For example, in the above-described embodiment, the software management system 1 uses the software as a distribution target software as a distribution target software in order to evaluate a pre-commercial product (for example, a printer driver) and software associated therewith. It is applied to prevent leakage when distributed to multiple evaluation personnel (users) in a company, etc., or when various inspection tools are distributed to users as distribution target software. The present invention is not limited to this, and can be applied to the case where various highly confidential software is provided and installed to the user, or the case where various software is charged and provided to the user. Similar effects can be obtained.

  In the embodiment described above, the distribution source terminal 10 and the distribution destination terminal 20 are configured as different terminals, but both the function as the distribution source terminal 10 and the function as the distribution destination terminal 20 are a single terminal. May also be provided.

  Furthermore, the functions (all or a part of the functions of each means) as the means 11 to 17, 21 to 29, and 31 to 38 described above are determined by a computer (including a CPU, an information processing apparatus, and various terminals) as a predetermined application program. This is realized by executing (software management program).

The program is, for example, a flexible disk, CD (CD-ROM, CD-R, CD-RW, etc.), DVD (DVD-ROM, DVD-RAM, DVD-R, DVD-RW).
, DVD + R, DVD + RW, etc.) and the like. In this case, the computer reads the predetermined application program from the recording medium, transfers it to the internal storage device or the external storage device, and uses it. Further, the program may be recorded in a storage device (recording medium) such as a magnetic disk, an optical disk, or a magneto-optical disk, and provided from the storage device to a computer via a communication line.

  Here, the computer is a concept including hardware and an OS (operating system), and means hardware operating under the control of the OS. Further, when the OS is unnecessary and the hardware is operated by the application program alone, the hardware itself corresponds to the computer. The hardware includes at least a microprocessor such as a CPU and means for reading a program recorded on a recording medium. The predetermined application program (software management program) includes a program code for causing the above-described computer to realize the functions as the means 11 to 17, 21 to 29, and 31 to 38. Also, some of the functions may be realized by the OS instead of the application program.

  Furthermore, as a recording medium in the present embodiment, in addition to the flexible disk, CD, DVD, magnetic disk, optical disk, and magneto-optical disk described above, an IC card, ROM cartridge, magnetic tape, punch card, computer internal storage device (RAM) In addition, various computer-readable media such as an external storage device or a printed matter on which a code such as a barcode is printed can be used.

[5] Note:
(Appendix 1)
A distribution source terminal that creates a distribution file storing the distribution target software in order to distribute the distribution target software;
A distribution destination terminal to which the distribution file created in the distribution source terminal is distributed and the distribution target software stored in the distribution file is to be installed;
A file access management server for managing access to the distribution file distributed from the distribution source terminal to the distribution destination terminal;
The distribution source terminal is
Package file creation means for creating a package file including the distribution target software;
First encryption means for encrypting the package file created by the package file creation means with a first encryption key to create an encrypted package file;
Second encryption means for creating an encrypted installer by encrypting a dedicated installer for installing the distribution target software on the distribution destination terminal with a second encryption key;
Conversion means for converting a document file including information relating to the distribution target software into a completed document file having a container function;
Using the container function of the completed document file converted by the converting means, the completed package file is created by the encrypted package file created by the first encrypting means and the second encrypting means. Attaching means for attaching the encrypted installer;
Third encryption means for encrypting the completed document file attached with the encryption package file and the encryption installer with the third encryption key by the attachment means to create an encrypted file as the distribution file is provided. Configured,
The distribution destination terminal is
Prior to accessing the encrypted file distributed from the distribution source terminal, the access authentication information is notified to the file access management server, and the user of the distribution destination terminal is authorized to access the encrypted file. Access authentication requesting means for requesting access authentication as to whether or not the user is
In response to an access authentication request from the access authentication request means, the file access management server completes the encrypted file when it is notified that the user of the distribution destination terminal is an authorized user. First decryption means for decrypting a document file and enabling access according to the access information set for the encrypted file;
When receiving the activation request of the encrypted installer attached to the completed document file decrypted by the first decryption means, the installation access information is notified to the file access management server, and the user of the distribution destination terminal Installation requesting whether or not the distribution target software is authorized to install the distribution target software and whether the distribution destination terminal is a regular terminal to which the distribution target software is to be installed Authentication request means;
In response to an installation authentication request by the installation authentication request means, a notification is received from the file access management server to authenticate that the user of the distribution destination terminal is an authorized user and that the distribution destination terminal is an authorized terminal. A second decryption means for decrypting the encrypted installer into the dedicated installer when
Third decryption means for decrypting the encrypted package file attached to the completed document file on the memory of the distribution destination terminal by executing the dedicated installer decrypted by the second decryption means And processing means functioning as installation means for installing the distribution target software in the package file decrypted on the memory by the third decryption means in the distribution destination terminal,
The file access management server is
When receiving the access authentication request from the distribution destination terminal, it authenticates whether or not the user of the distribution destination terminal is an authorized user based on the access authentication information, and displays the authentication result as the distribution destination terminal. An access authentication means to notify
Position detecting means for detecting the location of the distribution destination terminal based on the installation authentication information when the installation authentication request is received;
It is determined whether or not the location detected by the position detection means satisfies a predetermined condition, and when the installation authentication request is received from the distribution destination terminal, the installation authentication information and the determination And authenticating whether the user of the distribution destination terminal is a regular user and whether the distribution destination terminal is a regular terminal to which the distribution target software is to be installed, based on the result, Installation authentication means for notifying the distribution destination terminal of the authentication result;
A software management system, comprising:

(Appendix 2)
The distribution target software includes a main program and a subprogram used by the main program,
The package file creating means of the distribution source terminal creates an encrypted main program by encrypting the main program with a fourth encryption key, creates an execution-only program including the encrypted main program, and executes the execution-only program. Creating the package file by packaging the program and the subprogram;
The distribution destination terminal is
When the execution-only program in the distribution target software installed on the distribution destination terminal by the installation means is activated, activation authentication information is notified to the file access management server, and a user of the distribution destination terminal Activation authentication request means for requesting activation authentication as to whether or not the authorized user is permitted to execute software and whether or not the distribution destination terminal is an authorized terminal on which the distribution target software is to be installed; ,
In response to an activation authentication request by the activation authentication request means, a notification is received from the file access management server to authenticate that the user of the distribution destination terminal is an authorized user and that the distribution destination terminal is an authorized terminal. And a fourth decrypting means for decrypting the encrypted program included in the execution-only program into the main program,
When the file access management server determines whether the location detected by the location detection unit satisfies a predetermined condition, and receives the activation authentication request from the distribution destination terminal, Based on the activation authentication information and the determination result, it is authenticated whether the user of the distribution destination terminal is a regular user and whether the distribution destination terminal is a regular terminal, and the authentication result is The software management system according to appendix 1, further comprising activation authentication means for notifying the distribution destination terminal.

(Appendix 3)
The activation authentication means of the file access management server is characterized in that one of the activation authentication conditions is that a global IP (Internet Protocol) address of a distribution destination terminal that has made the activation authentication request is a predetermined address. The software management system according to any one of appendix 1 to appendix 2.

(Appendix 4)
One of the installation authentication conditions is that the installation authentication means of the file access management server uses a global IP (Internet Protocol) address of a distribution destination terminal that has made the installation authentication request as a predetermined address. The software management system according to any one of appendix 1 to appendix 2.

(Appendix 5)
While the distribution destination terminal prohibits the extraction access of the encrypted package file and the encrypted installer from the completed document file decrypted by the first decryption means, the installation authentication request by the installation authentication request means In response to the notification from the file access management server that the user of the distribution destination terminal is an authorized user and that the distribution destination terminal is authenticated as a regular terminal, The software management system according to any one of appendix 1 to appendix 4, further comprising permission / rejection means for permitting the extraction access of the encryption package file and the encryption installer.

(Appendix 6)
6. The software management system according to any one of appendix 1 to appendix 5, wherein the distribution file created in the distribution source terminal is distributed to the distribution destination terminal via a network.

(Appendix 7)
The software according to any one of appendix 1 to appendix 6, wherein the distribution file created in the distribution source terminal is distributed to the distribution destination terminal in a state of being recorded on a recording medium. Management system.

(Appendix 8)
The file access management server is
Any one of appendix 1 to appendix 7, further comprising installation operation log recording means for collecting and recording an installation operation log of the distribution target software in the distribution destination terminal The software management system described.

(Appendix 9)
The file access management server is
Installation that refers to the installation operation log recorded by the installation operation log recording means and prohibits the subsequent installation operation of the distribution target software for the distribution destination terminal that has successfully installed the distribution target software. 9. The software management system according to appendix 8, further comprising operation restriction means.

(Appendix 10)
The file access management server is
If the distribution destination terminal makes a re-installation request for the software to be distributed after the installation operation restriction unit prohibits the installation operation, the installation operation restriction unit prohibits the installation operation according to an instruction from the administrator. The software management system according to appendix 9, wherein the software management system is configured to temporarily cancel the state.

(Appendix 11)
The file access management server is
With reference to the installation operation log recorded by the installation operation log recording means, the installation operation of the distribution target software is restricted so that the number of distribution destination terminals installed with the distribution target software does not exceed a predetermined number The software management system according to any one of appendix 8 to appendix 10, wherein the software management system is further provided with installed number limiting means.

(Appendix 12)
The file access management server is
Any one of appendix 1 to appendix 11, further comprising usage log recording means for collecting and recording usage logs of the distribution target software installed in the distribution destination terminal Software management system described in 1.

It is a block diagram which shows the structure of the software management system as one Embodiment of this invention. It is a schematic diagram for demonstrating the file structure and distribution file creation operation | movement in the software management system (distribution origin terminal) of this embodiment. It is a schematic diagram for explaining the file configuration, the installation operation and the start operation of the distribution target software in the software management system (distribution destination terminal) of the present embodiment. It is a flowchart for demonstrating operation | movement (distribution file creation operation | movement) of the distribution origin terminal in the software management system of this embodiment. It is a flowchart for demonstrating operation | movement (distribution target software installation operation | movement) of the distribution destination terminal in the software management system of this embodiment. It is a flowchart for demonstrating operation | movement of the distribution destination terminal (starting operation | movement of distribution object software) in the software management system of this embodiment. It is a flowchart for demonstrating operation | movement of the file access management server in the software management system of this embodiment.

Explanation of symbols

1 Software management system 10 Distribution terminal (client PC; personal computer)
DESCRIPTION OF SYMBOLS 11 Package file preparation means 12 1st encryption means 13 2nd encryption means 14 Conversion means 15 Attachment means 16 3rd encryption means 17 Setting means 20 Distribution destination terminal (client PC; personal computer)
21 Access Authentication Requesting Unit 22 First Decryption Unit 23 Installation Authentication Request Unit 24 Second Decryption Unit 25 Third Decryption Unit 26 Installation Unit 27 Activation Authentication Request Unit 28 Fourth Decryption Unit 29 Permit / Deny Unit 30 File Access Management Server 31 Management Unit 32 Access Authentication Unit 33 Installation Authentication Unit 34 Activation Authentication Unit 35 Installation Operation Log Recording Unit 36 Usage Log Recording Unit 37 Installation Operation Limiting Unit 38 Installed Number Limiting Unit 39 Location Detection Unit 40 Network 50 Recording Medium 51 Document File 51A PDF File (completed document file)
51B Encrypted file (distributed file)
52 Software to be distributed 521 Main program 521A Encryption main program 522 Subprogram 53 Execution dedicated program 54 Package file 54A Encryption package file 55 Dedicated installer 55A Encryption installer 56 Plug-in

Claims (10)

A distribution source terminal that creates a distribution file storing the distribution target software in order to distribute the distribution target software;
A distribution destination terminal to which the distribution file created in the distribution source terminal is distributed and the distribution target software stored in the distribution file is to be installed;
A file access management server for managing access to the distribution file distributed from the distribution source terminal to the distribution destination terminal;
The distribution source terminal is
Package file creation means for creating a package file including the distribution target software;
First encryption means for encrypting the package file created by the package file creation means with a first encryption key to create an encrypted package file;
Second encryption means for creating an encrypted installer by encrypting a dedicated installer for installing the distribution target software on the distribution destination terminal with a second encryption key;
Conversion means for converting a document file including information relating to the distribution target software into a completed document file having a container function;
Using the container function of the completed document file converted by the converting means, the completed package file is created by the encrypted package file created by the first encrypting means and the second encrypting means. Attaching means for attaching the encrypted installer;
Third encryption means for encrypting the completed document file attached with the encryption package file and the encryption installer with the third encryption key by the attachment means to create an encrypted file as the distribution file is provided. Configured,
The distribution destination terminal is
Prior to accessing the encrypted file distributed from the distribution source terminal, the access authentication information is notified to the file access management server, and the user of the distribution destination terminal is authorized to access the encrypted file. Access authentication requesting means for requesting access authentication as to whether or not the user is
In response to an access authentication request from the access authentication request means, the file access management server completes the encrypted file when it is notified that the user of the distribution destination terminal is an authorized user. First decryption means for decrypting a document file and enabling access according to the access information set for the encrypted file;
When receiving the activation request of the encrypted installer attached to the completed document file decrypted by the first decryption means, the installation access information is notified to the file access management server, and the user of the distribution destination terminal Installation requesting whether or not the distribution target software is authorized to install the distribution target software and whether the distribution destination terminal is a regular terminal to which the distribution target software is to be installed Authentication request means;
In response to an installation authentication request by the installation authentication request means, a notification is received from the file access management server to authenticate that the user of the distribution destination terminal is an authorized user and that the distribution destination terminal is an authorized terminal. A second decryption means for decrypting the encrypted installer into the dedicated installer when
Third decryption means for decrypting the encrypted package file attached to the completed document file on the memory of the distribution destination terminal by executing the dedicated installer decrypted by the second decryption means And processing means functioning as installation means for installing the distribution target software in the package file decrypted on the memory by the third decryption means in the distribution destination terminal,
The file access management server is
When receiving the access authentication request from the distribution destination terminal, it authenticates whether or not the user of the distribution destination terminal is an authorized user based on the access authentication information, and displays the authentication result as the distribution destination terminal. An access authentication means to notify
Position detecting means for detecting the location of the distribution destination terminal based on the installation authentication information when the installation authentication request is received;
It is determined whether or not the location detected by the position detection means satisfies a predetermined condition, and when the installation authentication request is received from the distribution destination terminal, the installation authentication information and the determination And authenticating whether the user of the distribution destination terminal is a regular user and whether the distribution destination terminal is a regular terminal to which the distribution target software is to be installed, based on the result, Installation authentication means for notifying the distribution destination terminal of the authentication result;
A software management system characterized by comprising: The distribution target software includes a main program and a subprogram used by the main program,
The package file creating means of the distribution source terminal creates an encrypted main program by encrypting the main program with a fourth encryption key, creates an execution-only program including the encrypted main program, and executes the execution-only program. Creating the package file by packaging the program and the subprogram;
The distribution destination terminal is
When the execution-only program in the distribution target software installed on the distribution destination terminal by the installation means is activated, activation authentication information is notified to the file access management server, and a user of the distribution destination terminal Activation authentication request means for requesting activation authentication as to whether or not the authorized user is permitted to execute software and whether or not the distribution destination terminal is an authorized terminal on which the distribution target software is to be installed; ,
In response to an activation authentication request by the activation authentication request means, a notification is received from the file access management server to authenticate that the user of the distribution destination terminal is an authorized user and that the distribution destination terminal is an authorized terminal. And a fourth decrypting means for decrypting the encrypted program included in the execution-only program into the main program,
The file access management server is
When receiving the activation authentication request from the distribution destination terminal, based on the activation authentication information, whether the user of the distribution destination terminal is an authorized user and whether the distribution destination terminal is an authorized terminal Further comprising activation authentication means for authenticating or notifying the distribution destination terminal of the authentication result,
The software management system according to claim 1. The activation authentication means of the file access management server includes at least one of a distribution destination terminal that has made the activation authentication request, a distribution destination terminal that has made the access authentication request, and a distribution destination terminal that has made the installation authentication request. Is one of the activation authentication conditions,
The software management system according to claim 2, wherein: One of the activation authentication conditions is that the activation authentication unit of the file access management server specifies that the distribution destination terminal that has made the activation authentication request is a specific terminal.
The software management system according to claim 2 or claim 3, wherein One of the installation authentication conditions is that the installation authentication means of the file access management server has the same distribution destination terminal that made the access authentication request and the distribution destination terminal that made the installation authentication request.
The software management system according to any one of claims 1 to 4, wherein the software management system is characterized in that: One of the installation authentication conditions is that the installation authentication means of the file access management server is that the distribution destination terminal that has made the installation authentication request is a specific terminal.
The software management system according to any one of claims 1 to 5, wherein The location detecting means detects the country of the distribution destination terminal as the location from the connection environment of the distribution destination terminal at the time of receiving the installation authentication request;
The predetermined condition is the country where the location country detected as the location is designated in advance.
The software management system according to any one of claims 1 to 6, wherein When the file access management server determines that the location of the distribution destination terminal does not satisfy the predetermined condition by the determination means, the fact is notified to the user or administrator of the distribution destination terminal. Further comprising notification means for notification,
The software management system according to any one of claims 1 to 7, wherein When the determination unit determines that the location detected by the position detection unit does not satisfy a predetermined condition, the management unit sends the distribution target software to the distribution destination terminal. Give instructions to remove,
The software management system according to any one of claims 1 to 8, wherein A computer is caused to function as each means in the software management system according to any one of claims 1 to 9.
A software management program characterized by that.

Images