JP4235717B2 - Fraud prevention system, agent providing device, and fraud prevention method - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an agent system in which an autonomous software module called an agent acting on behalf of a user operates, for example.
[0002]
[Prior art]
In this type of agent system, those conventionally known include, for example, JP-A-9-179910, JP-A-5-233574, JP-A-5-233596, JP-A-5-346910, There has been a multi-agent system in which agents operate in cooperation with each other as disclosed in JP-A-5-151178.
[0003]
These conventional multi-agent systems are configured so that agents having independent knowledge can work in cooperation to solve a certain problem efficiently.
[0004]
[Problems to be solved by the invention]
However, for example, when a user side agent who works for a user and a service agent side agent that provides a predetermined service in response to the user's request cooperate with each other, the user side agent and the agent side agent There may be a problem that cannot be solved only by a party agent consisting of.
[0005]
For example, assume that a service provider is a provider that provides paid content, and a user-side agent searches for paid content in cooperation with the provider-side agent and finds desired content, and purchases the content. The user-side agent moves on the network to a place on the service provider side, meets with the supplier agent on the place, and gets permission to search for paid content. Then, the user-side agent accesses the paid content database, searches a plurality of paid content, examines the contents, and determines whether there is desired content. If there is a desired content, the user-side agent takes the desired content to the user side after performing a purchase procedure for paying a predetermined amount of money.
[0006]
However, the user-side agent is developed for the user and operates to work for the benefit of the user to perform work, and has the property of subjecting to the user's command. As a result, there is a possibility that the user instructs the user-side agent to act illegally, or the user-side agent is illegally modified to make the agent acting illegal. When such a user-side agent searches for the above-mentioned paid content, even if the desired content is found, the agent-side agent reports that there is no desired content and pays a predetermined fee. There is a risk that fraud may occur in which the desired paid content is secretly taken back to the user without any purchase procedure.
[0007]
Therefore, in order to prevent such inconvenience, it is possible to prevent the user-side agent from directly accessing the content database and to have the vendor-side agent search for paid content on behalf of the user-side agent. Conceivable. Specifically, for example, the user side agent and the supplier side agent meet on the place of the service agent side, and the user side agent notifies the agent side agent of profile information such as user preference information and desired purchase price information. Based on this knowledge, it is possible that the agent on the merchant side accesses the content database, searches the paid content, searches for the content that the user likes, and notifies the user side agent of the result. .
[0008]
However, since the agent on the merchant side is developed and works taking into account only the profit of the service provider side, it has the property of subjecting to the order of the service provider side. Even if there is no content that the user seems to like, there is a possibility of inconvenience of notifying the user-side agent of a lie report that there is a lot of user-preferred content.
[0009]
In other words, in the case of a party agent consisting of a user side agent, a trader side agent, etc., there is a tendency to work only for the benefit of each other's parties, so there is a risk of performing a selfish action that is advantageous to the person's own position. There is a drawback that when a specific job requiring neutrality occurs for both parties, it is difficult to execute the specific job while maintaining neutrality.
[0010]
Moreover, the user's profile information possessed as knowledge by the user-side agent is subject to secrecy by the user, such as preference information consisting of various user preference information, user age, occupation or annual income, etc. If the user-side agent notifies the agent-side of the profile information containing such confidential information on the place of the service provider side, the privacy of the user may be impaired. Arise. In other words, if the agent on the merchant side who acquired the secret information performs work based on the knowledge acquired and the knowledge acquired is no longer necessary, the knowledge acquired by the user-side agent is discarded at that stage. If deleted, the user's privacy is also protected, but as described above, since the agent on the merchant side is an agent that works for the benefit of the service provider side, it is necessary to know the user's profile information. For example, there is a possibility that such profile information will be memorized and used for customer management and marketing for the benefit of service providers. The user's privacy problem may be threatened even if the user-side agent who holds the secret information as knowledge moves to a place on the service provider side.
[0011]
  The present invention has been conceived in view of such circumstances, and its purpose is as follows.Unauthorized use such as theft of the content to be sold by the seller or the false report by the seller when selling / buying using an agent as an autonomous software module acting on behalf of the user's workIt is to be able to prevent.
[0012]
[Means for Solving the Problems]
  The present invention described in claim 1A fraud prevention system when buying and selling using agents as autonomous software modules acting on behalf of usersBecause
  A third party agent that is neutral to both parties consisting of a merchant and a consumer user, and stores a third party agent for searching the contents of the content to be sold by the merchant A third-party computer with
  Search request means for requesting the third party agent stored in the third party organization computer to search for the contents of the content to be sold by the seller;
  Profile information notifying means for notifying the third party agent requested for search by the search request means for notifying the user profile information used for search,
  The third-party agent has a notification function of searching the contents of the content to be sold by the seller based on the notified user profile information and notifying the search result, Notification of the content evaluation resultsIt is characterized by doing.
[0014]
  In addition to the configuration of the invention described in claim 1, the present invention described in claim 2 is such that the search request means is operated in cooperation between party agents working for each side of the party. Sometimes, when the search is performed based on the content summary, the user side agent itselfBodyWhen performing the search and performing a search based on the contents, the search request is made to the third party agent.
[0016]
  ContractClaim3The present invention described in claim 1OrClaim2In addition to the configuration of the described invention, the profile information of the user is based on a user's response to a result of the third-party agent searching the contents of the sales target content of the seller based on the profile information. It is characterized by being updated.
[0017]
  Claim4The present invention described in claim 1 is an agent providing device for providing a third-party agent used in the fraud prevention system according to claim 1,
  Agent storage means for storing multiple types of third party agents;
  When there is a search request by the search requesting means, a search is made from among the third-party agents stored in the agent storage means for a type of third-party agent corresponding to the party agent to be represented. And agent search providing means.
[0019]
  Claim5The present invention described in (1) is a fraud prevention method when buying and selling using an agent as an autonomous software module acting on behalf of a user's work,
  A third party agent that is neutral to both parties consisting of a merchant and a consumer user, the third party agent for searching the contents of the content to be sold by the merchant; A search request step for requesting a search for the contents of the content to be sold by the merchant;
  Profile information notification for notifying the third party agent requested for search by the search request means of the profile information of the user used for the search.StepIncluding
  The third-party agent has a notification function of searching the contents of the content to be sold by the seller based on the notified user profile information and notifying the search result, The content evaluation result is notified.
[0024]
DETAILED DESCRIPTION OF THE INVENTION
Next, embodiments of the present invention will be described in detail with reference to the drawings.
[0025]
FIG. 1 is a diagram for explaining an outline of the entire information search and distribution system. Referring to FIG. 1, a personal computer (hereinafter simply referred to as a personal computer) 14, a content provider 7, a third party organization 8, a member management center 12, and a program in a user's house 17 with respect to the Internet 13 as an example of wired media. The related data producer 11, the commercial message (hereinafter simply referred to as CM) producer 10, the program producer 9, and the broadcasting station 2 are configured to be connectable.
[0026]
The content provider 7 has a database storing information that can be provided, such as book information, movie information, music information, news information, and the like, and the stored information in the database and its summary (abstract) are stored on the Internet. 13 or is provided to the personal computer 14 of the user's home 17 by satellite broadcasting from the broadcasting station 2 as an example of wireless media. Other types of content that can be provided by the content provider 7 include, for example, encrypted content data encrypted for charging, control program data for controlling so-called Internet home appliances, and the like.
[0027]
The user's personal computer 14 receives the above-described abstract data transmitted from the broadcasting station 2 via, for example, the satellite 1, searches and selects the abstract by the user agent described later, and selects the selected abstract data as the user. And waits for the user's selection instruction. Alternatively, before displaying the abstract information to the user, the content provider 7 that is the source of the abstract information is visited, the actual content information is accessed, the contents are examined, and whether or not the content is really the user's favorite content. You may make it display the abstract after confirmation to a user.
[0028]
If a request to obtain the content is generated based on the user's instruction or the user's own judgment, the content provider 7 transmits the selected content information to the broadcasting station 2 to be broadcast at a predetermined date and time. . The content provider 7 that has received notification of the scheduled broadcast date and time and broadcast channel information from the broadcast station 2 transmits the broadcast date and time and channel information to the user's personal computer 14 via the Internet 13.
[0029]
When paid content is included in the content provided by the content provider 7, it may be necessary to confirm the ID of a user who is a member when selling the paid content. In that case, the content provider 7 requests the user's ID information, transmits the ID information to the member management center 12, asks the user to confirm the ID, and sells paid content only to the confirmed user. Do.
[0030]
The broadcasting station 2 obtains a program produced by the program producer 9 and broadcasts the program to the user home 17 via the antenna 5, the satellite 1, and the antenna 6. A CM for the broadcast program is produced by the CM producer 10, and the CM data is provided to the broadcast station 2 via the Internet 13, and the CM is inserted between the programs and broadcast.
[0031]
A user who has received a program broadcast from the broadcasting station 2 may broadcast the program directly on the TV (television) 16 or directly display it on the CRT of the personal computer 14 for viewing. ) 15 may be recorded, and the recorded information may be reproduced and viewed at a later date. The TV 16 can be linked with the VTR 15 and the personal computer 14 to smoothly execute the intro playback function of skipping only the scene that the user wants to see and the switching of scenes of programs shot and broadcast with a plurality of cameras and angles. It has a function to make. In order to realize this function, a hard disk device or a semiconductor memory capable of high-speed random access is incorporated. On the broadcast station 2 side, the index information related to the video program is added and broadcast. On the user side, the received program data is recorded in the VTR 15 and the received index information is stored in a hard disk device or the like. This hard disk is also used to temporarily store video data read from the VTR 15. Generally, video data stored in a VTR takes time from retrieval to reading. However, if the video data read from the VTR 15 is temporarily stored on the hard disk, the VTR can be fast-forwarded while the video is being played back, and a wait until the necessary video viewed by the user is taken out. Time is shortened.
[0032]
In this way, the so-called intro playback described above can be executed smoothly. As a result, when a CM is inserted in the received program, the user tends to cut only the CM corresponding to the extravagant and view only the program. The CM cut browsing can be easily executed by the function.
[0033]
Therefore, as a method of preventing such CM cut browsing, a method of superimposing program related data on CM and broadcasting from the broadcast station 2 is conceivable. Program related data for that purpose is produced by the program related data producer 11 and transferred to the broadcasting station 2. As the program-related data, an address of a homepage for exchanging opinions on the program, explanation of technical terms appearing in the program, and the like can be considered.
[0034]
The CM creator 10 categorizes users (consumers) into a number of hierarchies and targets only those hierarchies as well as general CMs inserted between programs and broadcast from the broadcasting station 2. Also create. For example, sexes, ages, educational backgrounds, occupations, purchase trends, and the like can be considered for this stratification. A large number of such targeted CMs are produced by the CM creator 10 and stored in the database. Then, the user's agent goes to the CM producer and searches the database, searches for the CM information that the user seems to like, and the searched CM information is broadcast via the Internet 13 or from the broadcasting station 2. Receive by. The CM information searched by the user's agent is also configured to be delivered to the user in a state where the program related data produced by the program related data producer 11 is superimposed.
[0035]
FIG. 2 is an explanatory diagram showing the configuration of the multi-agent system. In the present embodiment, an agent as an autonomous software based on telescript, which is a communication language developed by General Magic, is employed. The user agent 26 is composed of a mobile agent. The mobile agent is an agent having mobility in a distributed computing environment, and is characterized in that the agent is transferred to a server and processed via a network (remote programming). The mobile agent moves to a place, which is a common operating environment provided by the telescript engine, and works in cooperation with other agents on the place to work and solve problems.
[0036]
When the user agent operating in the user's personal computer 14 searches for content by his / her own judgment or in response to the user's operation command, as shown in FIG. Go to place 24 of script engine 18. The user agent 26 moved to the place 24 meets with the destination agent 27 resident in the place 24, searches the content in the database 19 to find the desired content, and takes it back to the personal computer 14. (Send).
[0037]
Note that 52 is a CRT, 53 is a keyboard, 50 is an IC card insertion slot, 51 is a floppy disk (FD) insertion slot, 20 is a WWW server, and 3 is a communication device.
[0038]
On the other hand, a third party resident agent 28 is resident in the place 25 of the telescript engine 22 of the third party 8. In the database 23, a plurality of types of third party agency agents are classified and stored by function. This third party 8 is used when a job requiring neutrality that is difficult or impossible to solve only by a party (for example, a user and a service provider that provides services in response to the user's request) occurs. It is an organization established to execute and solve specific tasks on behalf of the parties, and is preferably composed of public or semi-public organizations such as government offices. In the figure, reference numeral 22a denotes a computer operated and managed by the third party organization 8.
[0039]
The various third-party agents stored in the database 23 of the third-party organization 8 are operated and managed by the third-party organization 8, and the neutrality of the specific work requiring neutrality is protected. It is a dedicated agent developed to solve while running. The user agent 26 includes, for example, a shopping agent for online shopping, a news filtering agent that searches news articles from news sources and selects only necessary ones, an e-mail agent that selects only necessary e-mails, and user's There are various types such as an information collection agent such as a fire fly that searches music information and movie information that matches the taste. Therefore, a third-party agent who performs such a job of the user agent 26 as a proxy needs to prepare a plurality of types for each function according to the type of the user agent 26.
[0040]
When the user agent 26 that has moved to the place 24 of the content provider 7 searches for content in the database 19 in cooperation with the destination agent 27, a third party organization is required to search for paid content in the database 19. Contacting the resident agent 28, a suitable third-party agency agent is searched from the database 23, and the third-party agency agent is sent to the place 24 of the content provider 7.
[0041]
This state is shown in FIG. The second-party agency agent 29 who has been sent meets the user agent 26 and asks the user agent 26 for profile information such as user preferences. Then, the third-party agency agent 29 accesses the database 19 with the knowledge necessary for content search acquired, searches the content on behalf of the user agent 26, and notifies the user agent 26 of the search result.
[0042]
In order for the third-party agency agent 29 to search for content, if the user content 26 has to be informed of confidential information related to the user's privacy (for example, the user's annual income, educational background, savings, etc.) If the user agent 26 notifies the third party agent 29 of the secret information on the place 24 of the content provider 7, the secret information may be leaked to the content provider 7. In the present embodiment, since the user agent 26 encrypts the secret information SI (see FIG. 14) as described above and holds it as encrypted data, the user agent 26 places the content provider 7 in the place 24. The secret information SI is not known to the content provider 7 just by moving. However, when the encrypted secret information SI is decrypted so as to be decrypted by the third party agent 29 on the place 24 of the content provider 7 and is taught to the third party agent 29 in the form of plaintext, There is a possibility that the plaintext secret information SI is known to the content provider 7.
[0043]
Therefore, when content cannot be searched without using such secret information SI, the user agent 26 reaches the place 25 of the telescript engine 22 of the third party organization 8 as shown in FIG. It moves and meets with the third party resident agent 28 residing there, and the optimum third party agent is searched, and the retrieved third party agent 29 and the user agent 26 are searched. Meeting is notified of the secret information SI necessary for the search (see FIG. 2D).
[0044]
Thereafter, the user agent 26 returns to the place 24 of the content provider 7 and meets the resident agent 27 to transfer the paid content to the place 25 of the third party 8 in an encrypted form. Then, the transferred paid content is decrypted, and the third party agent 29 searches for the paid content on behalf of the user agent 26 and evaluates it. The evaluation result is notified to the user agent 26 on the place 24. In this way, it is possible to prevent the confidential information SI held as knowledge by the user agent 26 from leaking to the content provider 7 or the like. Note that the place 25 of the third party organization 8 is configured so that information can be prevented from leaking to the outside no matter how much the agents meet.
[0045]
FIG. 3 is a flowchart showing the control operation of the user's personal computer 14. The control circuit of the user's personal computer 14 will be described later with reference to FIG.
[0046]
Referring to FIG. 3, first, in step S (hereinafter simply referred to as S) 1, it is determined whether or not information introducing a site on the Internet has been received. This information is broadcast from the broadcast station 2 by satellite broadcast and received by the user's personal computer 14 or via the Internet 13. If the site introduction information has not been received, the process proceeds to S2, and it is determined whether or not the broadcast date and time of the content to be recorded has come. The content to be recorded is content sent from the broadcast station 2 such as a program scheduled to be recorded in the VTR 15 or the like according to a user input instruction, or the broadcast station 2 scheduled to be recorded by the user agent on its own judgment. It is the content sent from. If it is not the broadcast date and time of the content to be recorded, the process proceeds to S3, where it is determined whether or not an abstract of the broadcast program has been received. As described above, the broadcast station 2 broadcasts a summary (abstract) of the contents of a program to be broadcast to the user in advance, and whether the user receives the abstract broadcast and causes the user agent to record and record the program. Let me judge. If the broadcast program abstract has not been received, the process proceeds to S4, where it is determined whether or not there has been an instruction from the user to the agent.
[0047]
If there is no instruction from the user to the agent, the process proceeds to S5, where it is determined whether or not a content reproduction instruction has been issued. If not, the process proceeds to S6, and it is determined whether or not a transmission request for the key SK1 has been made. This key SK1 is a key used for decrypting the above-described encrypted secret information SI, and is transmitted to the user's personal computer 14 by the third party resident agent 28 as necessary, as will be described later. Make a request. If there is no request for SK1, the process proceeds to S7, where it is determined whether or not a broadcast instruction for recording broadcast content has been received from the user agent. A user agent operating in the user's personal computer 14 may give an instruction to the personal computer 14 to automatically record broadcast content such as a broadcast program based on its own judgment as described later.
[0048]
If there is no broadcast content recording instruction from the user agent, the process proceeds to S8, where it is determined whether the broadcast date and time and the channel have been received. As will be described later with reference to FIG. 9, the user agent moves to the place 25 of the CM creator 10 to search for a CM, and if the desired CM is found, the date and time when the desired CM is broadcast from the broadcast station 2. And the channel are transmitted to the user's personal computer 14. It is determined in S8 whether or not the broadcast date / time and channel from the user agent have been transmitted. If the broadcast date and time and channel have not been received, the process proceeds to S9, other processing is performed, and the process returns to S1.
[0049]
If the site introduction information broadcast from the broadcasting station 2 or the site introduction information transmitted via the Internet 13 is received, a determination of YES is made in S1 and the process proceeds to S10 to operate in the user's personal computer 14. Processing to inform the user agent of the site introduction information is performed.
[0050]
If it is determined in S2 that the broadcast date and time of the content to be recorded has come, the process proceeds to S11 to tune to the broadcast channel frequency, and in S12, the broadcast content is received and recorded in the VTR 15. In step S13, it is determined whether the recorded content includes a CM. If not included, the process returns to S1, but if included, the process proceeds to S14 to determine whether or not there is an editing time. This editing time refers to the CM inserted between the CM that the user agent has moved to the place 58 of the CM creator 10 and searched for and the program broadcast by the broadcasting station 2 and recorded in the VTR 15 or the like. This is the time required to perform editing that replaces.
[0051]
If there is an editing time, the process proceeds to S15, and after editing for replacing the CM part of the corresponding program content with the searched CM, the process returns to S1. If there is no editing time, the process proceeds to S16, the control is performed to switch to the CM searched by the user agent at the moment when the CM broadcast time comes during the program broadcast, and the process returns to S1.
[0052]
If an abstract of a broadcast program is broadcast from the broadcast station 2 and received, a determination of YES is made in S3 and the process proceeds to S17, where processing for notifying the user agent of the received abstract is performed.
[0053]
If the user operates the keyboard 53, mouse, or the like to give any instruction to the agent, the process proceeds to S18, and processing for notifying the user agent active in the personal computer 14 of the instruction is performed.
[0054]
If the user operates the keyboard 53 or the mouse to instruct the reproduction of the content, a determination of YES is made in S5 and the process proceeds to S19 to determine whether or not the content to be reproduced is an encrypted content. Made. In the case of encrypted content, after the content reproduction processing at S20 is performed, the content output processing at S21 is performed and aired on the CRT 52 or TV 16. On the other hand, if the content is not encrypted content, the process directly proceeds to S21 without performing the process of S20, and the content output process is performed. Details of the content reproduction processing in S26 will be described later with reference to FIG.
[0055]
If there is a request for transmission of the key SK1, a determination of YES is made in S6, and the process proceeds to S22, in which processing for transmitting the challenge data CH to the third party resident agent 28 is performed. The challenge data CH is composed of a random number generated by the personal computer 14. The third party resident agent 28 receives this challenge data CH and encrypts it with the private key SK3 of the third party 8, that is, E_SK3(CH) is calculated and returned as response data RES (see SB12 and SB23b).
[0056]
The personal computer 14 that has received the response data RES makes a determination of YES through S22a, proceeds to S22b, and decrypts the received response data RES with the public key of the third party organization 8, that is, D._PK3(RES) is calculated, and it is determined whether or not the calculation result matches the challenge data CH transmitted in S22. If there is a request for SK1 from the third party resident agent 28 of the authorized third party 8, CH = D_PK3In this case, the process proceeds to S22c, and an operation for encrypting the key SK1 using the public key PK3 of the third party organization 8, that is, E_PK3Processing for calculating (SK1) and transmitting it to the third-party institution resident agent 28 is performed. On the other hand, if it is determined from S22b that they do not match, the process returns to S1 without performing the transmission process of S22c.
[0057]
If there is a broadcast content recording instruction from the user agent, the process proceeds to S23, and a process for storing the broadcast date and time and channel of the recording target content for which the instruction has been issued is performed.
[0058]
If the broadcast date / time and channel are transmitted from the user agent, a determination of YES is made in S8 and the process proceeds to S24, where the transmitted broadcast date / time and channel, that is, the broadcast date / time and channel of the content to be recorded are stored. .
[0059]
4 to 6 and 10 are flowcharts showing the operation of the user agent. In SA1, it is determined whether or not the introduction information of the site on the Internet has been received. If not, the process proceeds to SA2, and it is determined whether or not the abstract information of the program has been received. The process proceeds to SA3, where it is determined whether an instruction from the user has been received. If not, the process proceeds to SA4, where it is determined whether it is time for the user agent to move. Proceed to SA5, perform other processing, and then return to SA1.
[0060]
When the site introduction information broadcast from the broadcasting station 2 is received or the site introduction information transmitted via the Internet 13 is received, the process proceeds to SA6, and whether or not the content abstract is included in the information. Judgment is made. If the content abstract is included, the process proceeds to SA7, where the user agent evaluates the abstract and the site introduction information. This evaluation is to determine whether the user who owns the user agent prefers a site or whether the user prefers content. The user agent holds, for example, profile information 96 including user preference information as shown in FIG. 14 to be described later, and performs evaluation using this profile information.
[0061]
On the other hand, if the content abstract is not included, the process proceeds to SA8, and the evaluation is performed only with the site introduction information. Next, the process proceeds to SA9, where it is determined whether or not the evaluation is equal to or greater than a predetermined value. If the evaluation is not equal to or greater than the predetermined value, the process returns to SA1. On the other hand, if the value is equal to or greater than the predetermined value, the process proceeds to SA10, where the address of the site is registered as a destination schedule and the process returns to SA1.
[0062]
When the user's personal computer 14 receives the broadcast program abstract and notifies the user agent in S17, the determination of YES is made in SA2 and the process proceeds to SA11, and the program is evaluated based on the program abstract. As described above, this evaluation is performed by determining how much the user likes based on the profile information 96 of the user. Then, it is determined by SA12 whether or not the evaluation is equal to or greater than a predetermined value. If it is not equal to or greater than the predetermined value, the process returns to SA1. Processing is done. Programs registered in the recommended program list are displayed as recommended programs to the user, and the user's instruction is requested as will be described later. When the user receives the broadcast of the recommended program and gives an instruction to view or record it on the VTR 15, the recommended program instructed is deleted from the recommended program list.
[0063]
Proceeding to SA14, it is determined whether or not there is a program registered in the recommended program list with a broadcast date and time. If not, the process returns to SA1. The fact that it is registered in this recommended program list means that it is a program recommended to the user as described above, but the user has not yet issued an instruction to view or discard the program. When the broadcast date and time of a recommended program that has not been issued has come, it is determined in SA15 whether or not the recommended program is automatically recorded by the user agent's self-determination. If it is determined not to automatically record, the program returns to SA1 after erasing the program whose date and time has come from the recommended program list in SA16. On the other hand, if it is determined that automatic recording is to be performed, the process proceeds to SA17, where the recommended program registered in the recommended program list is transferred to the automatic recorded program list and registered.
[0064]
Next, the process proceeds to SA18, and a content recording instruction is issued to the personal computer 14. As a result, as described above, a determination of YES is made in S7, and the broadcast date and time and channel of the recording target content instructed in S23 are recorded. As a result, since the broadcast date / time is the current time, a YES determination is immediately made in S2, and a process of receiving and recording a recommended program whose broadcast date / time has come is performed after S17.
[0065]
Next, proceeding to SA19, it is determined whether or not there is a CM in the instructed program content. If not, the process proceeds to SA16, and a process of deleting the date and time from the recommended program list is performed. In other words, since the recommended program registered in the recommended program list is received and recorded, it is no longer necessary to register in the recommended program list. It is deleted from the recommended program list.
[0066]
On the other hand, if it is determined by SA19 that there is a CM in the instructed program content, the process proceeds to SA20, and after processing for searching for a CM corresponding to the program sponsor is performed, the process proceeds to SA16. The CM search process corresponding to the SA20 sponsor will be described with reference to FIG.
[0067]
When the user gives an instruction to the user agent, the instruction is notified to the user agent in S18, and as a result, a YES determination is made in SA3 and the process proceeds to SA21. In SA21, it is determined whether or not the instruction from the user is an instruction to browse the recommended program list. If the instruction is a browsing instruction, the process proceeds to SA22, where control of displaying the recommended program list by the CRT 52 or the TV 16 is performed. On the other hand, if the instruction is not for browsing the recommended program list, the process proceeds to SA23, where it is determined whether the instruction is for browsing the automatic recording program list. If YES is determined from SA23, the process proceeds to SA24, where control for displaying the automatically recorded program list on the CRT 52 or the TV 16 is performed.
[0068]
If it is not an instruction to browse the automatically recorded program list, the process proceeds to SA25, where it is determined whether or not the instruction is to browse the content search result. When the user agent searches for content, the search result is transmitted to the personal computer 14 as will be described later. When the search result is a browsing instruction for the search result, the content search result is displayed on the CRT 52 or TV 16 by SA26. Control is performed.
[0069]
If the instruction is not an instruction to browse the content search result, the process proceeds to SA27, where it is determined whether the instruction is to record a recommended program. If a user who has viewed a recommended program displayed in SA22 wants to record and view the recommended program, the recording instruction for the recommended program desired to be recorded is issued. As a result, a determination of YES is made in SA27, and the process proceeds to SA29, in which processing for issuing an instruction to record the designated recommended program content to the personal computer 14 is performed. As a result, the personal computer 14 makes a determination of YES in S7, and in S23, the broadcast date / time and channel of the instructed recording target content are recorded. As a result, in S2, the stored recording target content is recorded. When the broadcast date / time is reached, the content recording process from S11 onward is executed.
[0070]
Next, the process proceeds to SA30, and after the process of deleting the instructed program from the recommended program list is performed, the process proceeds to SA19.
[0071]
If it is not the recommended program recording instruction, the process proceeds to SA28, the user agent executes other processing, and returns to SA1.
[0072]
If NO is determined in SA3, the process proceeds to SA4, in which it is determined whether or not the travel time has come. This movement time is a time when the user agent moves to a site on the Internet via a network and executes a search for content or the like, and is a preset time. If the moving time has not yet arrived, the process proceeds to SA5, and after performing other processes, the process returns to SA1. On the other hand, if the movement time has come, the process proceeds to SA5a, and after executing the agent movement process, the process returns to SA1. This agent movement process is shown in FIGS.
[0073]
Next, a flowchart of the agent movement process will be described with reference to FIGS. In step SA31, a process for moving the user agent is performed. The movement destination of this user agent is specified by the address registered as the movement destination schedule by the SA 10 described above. This movement of the user agent is actually a process of copying the same user agent (clone) as the user agent in the user's personal computer 14 and transferring it to the destination.
[0074]
Next, the process proceeds to SA32 to meet with the destination agent 27 resident in the destination place and perform various necessary information exchanges. Next, the process proceeds to SA33, where it is determined whether or not there is free content in the database 19 based on the result of the meeting. If there is free content, the process proceeds to SA34 to search for the free content. In step SA35, it is determined whether or not the search is completed, and the free content search process is continued until the search is completed. Then, when completed, the process proceeds to SA36. On the other hand, if it is determined that there is no free content, the process proceeds directly to SA36.
[0075]
In SA36, it is determined whether or not there is paid content in the database 19. If not, the process proceeds to SA38, where the meeting with the destination agent 27 is performed and a command to send the selected content to the personal computer 14 is issued. . Next, the process proceeds to SA39 to perform processing for transmitting the search result to the personal computer 14, and the process proceeds to SA40 to determine whether or not the movement is completed. If all the destination plans registered by SA10 have been moved, it is determined that the movement has been completed, and the process proceeds to SA40a, where it is erased and the process ends. On the other hand, if it is determined by SA40 that the movement has not ended, the process proceeds again to SA31, where the user agent moves to the next scheduled movement address and performs the same processing as described above.
[0076]
On the other hand, if it is determined in SA36 that there is paid content, the process proceeds to SA37, and processing for searching for the paid content by abstract of the content is performed. The search is continued until the search is completed by SA41. When the search is completed, the process proceeds to SA42, where it is determined whether there is a high-priced content exceeding the predetermined charge in the paid content. If not, the process proceeds to SA39, and the search result based on the abstract of the paid content is displayed on the personal computer 14. Send to. If there is high-priced content, the process proceeds to SA43, and a determination is made as to whether or not there is anything to be obtained in the high-priced content. This determination is made based on the above-described abstract of high-priced content. If there is no item to be obtained, the process proceeds to SA39. If there is any item to be obtained, the process proceeds to SA44.
[0077]
As described above, for a low-priced content that is not a high-priced content, only the abstract of the content is searched and the search result is transmitted to the personal computer 14 for a user instruction. On the other hand, if there is something to be obtained in the high-priced paid content, it is determined in SA44 whether or not confidential information (SI) is necessary for searching for the high-priced content desired to be obtained. If it is not necessary, the process proceeds to SA45, in which the destination agent 27 is informed of the type of its own agent, and a process of requesting a transfer to the nearest third party agent is performed. In response to this request, the destination agent 27 communicates with the third-party resident agent 28 of the nearest third-party organization 8, and the second-party agent agent of the optimum type according to the type of the user agent 26 is transferred. Request (dispatch). In response to the request, if the third party agent is sent to the place 24 of the content provider 7, for example, the destination, a determination of YES is made in SA46 and the process proceeds to SA64.
[0078]
In SA64, a meeting is made with the second-party agency agent 29 who has been sent to the site to request a proxy for the search for the desired high-priced content (see FIG. 2B). Then, as will be described later, the third-party agency agent 29 retrieves necessary profile information 96 from the user agent 26, accesses the database 19 based on it, searches the desired high-priced content, and searches the owner of the user agent 26. The high-priced content that a user is expected to like is searched for and evaluated. Next, in SA66, the user agent 26 informs the third-party agency agent 29 of the evaluation of the search result.
[0079]
In step SA67, the user agent 26 determines whether to purchase the searched paid content. If not purchased, the process proceeds to SA39, but if purchased, the process proceeds to SA68 to meet with the destination agent 27 and the encrypted information E of the order information OI and the payment instruction PI._PK3(OI), E_PK3(PI) is received. This order information OI is content indication information specifying the type of pay content desired to be purchased and intention display information indicating that the purchase is to be made. The payment instruction PI is a payment method such as credit or electronic cash, and payment amount information. The user agent 26 receives from the destination agent 27 information obtained by encrypting the information OI and PI with the public key PK3 of the third party organization 8.
[0080]
Next, the process proceeds to SA69 and moves to the place 25 of the third party organization 8 together with the received information. Next, meeting with the third-party institutional agent 28 is performed by SA 70 (see FIG. 2C), and the user's private key SKU is encrypted with the user's key SK1._SK1(SKU) and E mentioned above_PK3(OI), E_PK3(PI) is sent to the third-party institutional agent 28, and a request for obtaining the decryption key SK1 of the secret information SI from the user's personal computer 14 is made.
[0081]
The third-party resident agent 28 receives SK1 from the user's personal computer 14, performs decryption processing using the key, reproduces SKU, OI, PI, hashes the OI, PI, and orders information digest OI ′. And the payment instruction digest P ′ are generated, encrypted with the user's private key SKU in a state where both digests are combined, and the E_SKU(OI ′, PI ′) is generated. In SA71, the user agent 26 determines that E_SKU(OI ′, PI ′) is received and returned to the place 24 of the content provider 7 which is the transfer destination. Next, meeting with the destination agent 27 by SA72, and E_SKU(OI ′, PI ′) is notified, and a request for sending a selected content to the personal computer 14 is issued. Then, the process proceeds to SA39.
[0082]
The above-described user secret key SKU is a secret key used in, for example, the RSA public key cryptosystem, and this user secret key is used for a digital signature or the like for personal authentication in electric commerce. Note that the algorithm of encryption and decryption using the SKU secret key and the public key corresponding thereto may use a so-called elliptic curve encryption algorithm instead of the algorithm of the RSA public key cryptosystem.
[0083]
Next, when it is determined by SA44 described above that the confidential information SI is necessary for the search for the desired high-priced content, the process proceeds to SA47, where it is determined whether user authentication is necessary. Some content providers require user authentication for user agents who wish to search for expensive content. In other words, because the price of the content to be searched is high, we want to check whether the user agent who has requested to browse and the user who owns it is really himself or not and prevent impersonation by others There is a content provider. In such a case, it is determined by SA47 that user authentication is required, and the process proceeds to SA48, where the encrypted authentication target message E obtained by encrypting the authentication target message NM is obtained._PK3The user agent 26 receives (NM) from the destination agent 27.
[0084]
This PK3 is the public key of the third party organization 8 as described above. Then, the process proceeds to SA49, where the user agent 26 moves to the nearest third party organization 8, meets with the third party resident agent 28, and searches for the optimum third party organization agent, and also decrypts the secret information. A request for obtaining SK1 from the personal computer 14 is made. Next, the process proceeds to SA51 to meet with the retrieved third-party agency agent, and necessary encryption secret information E_SK1(SI) is notified to the third-party agency agent 29. Next, the process proceeds to SA52, where it is determined whether or not user authentication is necessary._SKUAfter receiving (NM), the process proceeds to SA54.
[0085]
As will be described later, the third party agent 29_PK3Information obtained by decrypting (NM) with the private key SK3 of the third-party organization and reproducing the NM with the private key SKU of the user, that is, E_SKU(NM) is generated. The user agent 26 meets with the third-party agent 29, and the E_SKU(NM) is received. The authentication target message NM is, for example, a random number generated by the movement destination agent 27 or the like.
[0086]
Next, in SA54, for example, processing for returning to the destination such as the place 24 of the content provider 7 is performed, and the process proceeds to SA55 to meet with the destination agent 27 and to obtain the encrypted desired high-priced content E_PK3A request is made to transfer (KC) to the third party organization 8.
[0087]
Third-party agency agent 29_PK3(KC) is decrypted and reproduced, and the desired high-priced content KC is retrieved and evaluated, and the evaluation of the retrieval result is encrypted with SK3, which is the secret key of the third party organization 8, and is the encrypted data. E_SK3(HK) is transferred to the user agent 26 on the destination place 24. Then, a determination of YES is made by SA56 and the process proceeds to SA57, in which the received data is decrypted with the public key PK3 of the third party, that is, D_PK3{E_SK3(HK)} is calculated to perform processing for reproducing the evaluation HK.
[0088]
Next, the process proceeds to SA58, where it is determined whether or not to purchase the paid content based on the reproduced evaluation HK. If not purchased, the third party 8 is notified of the completion of the process by SA59. Proceed to SA39. On the other hand, in the case of purchasing, the process proceeds to SA60 and meets with the destination agent 27, and the encryption information E between the order information OI and the payment instruction PI._PK3(OI), E_PK3A request is made to transfer (PI) to the third party organization 8. As described above, the third-party agency resident agent 28_SKU(OI ′, PI ′) is generated and transmitted to the destination user agent 26. As a result, a determination of YES is made by SA 61 and the process proceeds to SA 62 to meet with the destination agent 27 and request that a transmission instruction for the selected content be issued. Next, the process proceeds to SA63, and the third party 8 is notified that the process is completed, and then the process proceeds to SA39.
[0089]
E mentioned above_SKU(OI ′, PI ′) is the user's double signature for order information and payment instructions defined in so-called SET (Secure Electronic Transaction).
[0090]
FIG. 7 is a flowchart showing the operation of the third party institution resident agent 28. SB1 determines whether or not there has been a seconding request (dispatch request). If not, the process proceeds to SB2 where it is determined whether or not the user agent 26 has come to the place 25 of the third party 8. If not, the process proceeds to SB3, and it is determined whether or not the user agent 26 has notified the processing completion. If not, the process proceeds to SB4, where the destination agent 27 sends an E_PK3(OI), E_PK3A determination is made as to whether (PI) has been transmitted, and if it has not been transmitted, the process returns to SB1.
[0091]
The user agent 26 makes a second party agency agent seconding request to the destination agent 27, and the destination agent 27 makes a seconding request and the type (for example, authority information) of the user agent 26 who has made the seconding request. If notified to the institutional agent 28, the process proceeds to SB 5, and the third party institutional agent 28 accesses the database 23 based on the notified type of agent and searches for the third party institution agent. Then, the optimum third party agency agent 29 that matches the type of the user agent 26 is searched, and a process of issuing a seconding instruction to the retrieved third party agency agent 29 is performed by SB6, and the process returns to SB1.
[0092]
If the user agent 26 has come to the place 25 of the third party organization 8 according to SA49 or SA69 described above, a determination of YES is made by SB2, and the process proceeds to SB7 to meet with the user agent 26. Then, necessary various information exchanges are performed, and the process proceeds to SB8, where it is determined whether or not the purpose of the user agent 29 is for a job request to the third party agency agent 29. If the user agent 26 has come to the place 25 of the third party organization 8 based on SA49, a determination of YES is made by SB8, the process proceeds to SB9, and processing for searching for the third party organization agent 29 is performed.
[0093]
Next, the process proceeds to SB10, where the source of the user agent 26, that is, the personal computer 14 is called, and processing for requesting the key SK1 for decrypting the encrypted data of the secret information SI is performed. As described above, the personal computer that has received this request generates a random number to authenticate whether or not the third party organization 8 that has requested SK1 is a genuine third party organization. Is returned as challenge data CH. The third party resident agent that has received the challenge data CH makes a determination of YES through SB11 and proceeds to SB12._SK3(CH) is transmitted to the personal computer 14 as response data RES.
[0094]
On the personal computer 14 side, as described above, the transmitted response data RES is decrypted with the public key PK3 of the third party, and it is determined whether or not it matches the previous challenge data CH. Only when the key SK1 is encrypted with the public key PK3 of a third party_PK3(SK1) is transmitted. In the third party residing agent that has received it, the determination of YES is made in SB14, the process proceeds to SB15, and the received data is decrypted with the private key of the third party institution 8, that is, D_SK3{E_PK3(SK1)} is calculated to reproduce SK1. Next, the process proceeds to SB16, where the searched third party agent 29 is notified of the SK1 and the process proceeds to SB17.
[0095]
In SB17, it is determined whether or not the user agent 26 has returned to the destination, that is, the place 24 of the content provider 7, and a process of waiting until the user agent 26 returns is performed. The user agent 26 that has moved to the place 25 of the third-party organization 8 returns to the destination after performing the above-described processing of SA50 to SA53 (see SA54). When the user agent 26 returns to the place 24, the process proceeds to SB18, where a process of deleting the clone of the user agent 26 is performed. As a result, the user agent 26 that has finished work does not exist on the place 25 of the third-party agency agent 28. Next, proceeding to SB19, the third party institution resident agent 28 meets with the third party institution agent 29 to perform processing to find out the SKU that is the user's private key, and then the control returns to SB1.
[0096]
When the user agent 26 comes to the place 25 of the third-party agency agent 8 based on the above-described SA69, NO is determined by SB8, and the processing after SB20 is performed. That is, the reason that the user agent 26 comes to the third party organization 8 in accordance with SA69 is to perform processing necessary for performing the procedure for purchasing paid content while preventing leakage of confidential information. In such a case, the third-party institution resident agent 28 first sends an EB from the user agent 26 who has arrived by the SB 20._SK1(SKU), E_PK3(OI), E_PK3(PI) is received. Next, the process of reproducing the order information OI and the payment instruction PI by SB21, that is, D_SK3{E_PK3(OI)}, D_SK3{E_PK3(PI)} is calculated.
[0097]
Next, the process proceeds to SB22 where OI and PI are hashed to calculate the digests OI ′ and PI ′ of both. Next, the process proceeds to SB23, where the origin of the user agent 26, that is, the process of requesting SK1 from the personal computer 14 is performed.
[0098]
If the user's personal computer 14 transmits the challenge data CH in the same manner as described above, the SB 23a determines YES and proceeds to SB 23b, and the received challenge data CH is encrypted with the private key SK3 of the third party organization 8. E_SK3Processing for transmitting (CH) as response data RES to the personal computer 14 is performed. In the personal computer 14, as described above, E_SK3The third party 8 is authenticated based on (CH), and if it is determined that the authentication result is correct, E_PK3(SK1) is transmitted. If the third party institution resident agent 28 receives it, it proceeds to SB25, and D_SK3{E_PK3(SK1)} is calculated, and SK1 is reproduced.
[0099]
Next, go to SB26 and D_sk1{E_SK1(SKU)} is calculated to reproduce the user's private key SKU. Next, go to SB27 and E_SKUA process of calculating (OI ′, PI ′) and notifying the user agent 26 is performed. This E_SKU(OI ′, PI ′) is the user's double signature for the order information and payment instruction.
3. Next, the process proceeds to SB 27a to determine whether or not the user agent has returned. As described above, the user agent 26 returns to the place 24 of the content provider 7 that is the destination after performing the processing of SA70 (see SA71), and proceeds to SB27b when the user agent 26 returns, After the process of deleting the user agent clone is performed, the process returns to SB1.
[0100]
FIG. 8 is a flowchart showing the operation of the third party agency agent 29. A determination is made as to whether or not there is a seconding instruction by SC1, and if not, the process proceeds to SC2 and E_SK1It is determined whether or not (SI) has been notified. If not, the process returns to SC1.
[0101]
If the second party resident agent 28 appoints a seconding command during the loop of SC1 and SC2 (refer to SB6), the determination of YES is made by SC1 and the process proceeds to SC3. A process of moving to a destination such as 24 is performed. Specifically, this movement process is a process of transferring the clone of the third party agent 29 to the destination place 24 while leaving the third party agent 29 in the database 23. Next, the process proceeds to SC4, where a meeting with the user agent 26 is performed on the destination place 24 to notify the user of the desired high-priced content and to receive necessary user profile information 96 (see FIG. 14). (Refer to SA64). The user profile information 96 taught by the user agent 26 is limited to the publicly available information NSI (see FIG. 13). This is not the exchange of user profile information on the place 25 of the third party 8 that can prevent leakage of confidential information, but the exchange of user profile information on the place 24 of the information provider 7. It is limited to publicly available information NSI that cannot maintain confidentiality and therefore does not need to maintain confidentiality.
[0102]
Next, the process proceeds to SC5, where processing for evaluating the desired high-priced content is performed. This evaluation is performed by quantifying the degree of guessing that the user would like based on the user profile information 96 taught. Next, proceeding to SC6, it is determined whether or not the desired high-priced content is illegal content. Illegal content is content that violates criminal law, such as content related to drug smuggling routes and content related to handgun acquisition routes. Also, content that violates customs business law may be included in illegal content.
[0103]
If it is determined that the content is not illegal, the process proceeds to SC10, and the third party agent 29 deletes itself and ends. On the other hand, if it is determined that the content is illegal, the process proceeds to SC7 to notify the user agent 26 of an evaluation that the content cannot be purchased because of the illegal content, and to notify the police that the content is illegal by SC8. Next, the process proceeds to SC9, where illegal content is taken back to the third party organization 8 and stored as evidence, and then the process proceeds to SC10.
[0104]
E, which is information obtained by encrypting the secret information SI in the user profile information by the user agent 26 during the loop of the loop of SC1 and SC2._sk1When (SI) is notified (refer to SA51), the determination of YES is made by SC2, and the process proceeds to SC11 to meet with the third party resident agent 28 and have the key SK1 for decryption notified. Processing is done. Next, go to SC12 and D_SK1{E_sK1(SI)} is calculated and the secret information SI is reproduced and stored.
[0105]
Next, the process proceeds to SC18, where it is determined whether user authentication is necessary. If not, the process proceeds directly to SC15, but if necessary, the process proceeds to SC14. In SC14, E_SKUA process of calculating (NM) and informing the user agent 26 is performed. This NM is an authentication target message received by the user agent 26 from the destination agent 27, and is received as encrypted information encrypted with a public key of a third party (see SA48). This encrypted authentication target message is brought from the user agent 26 to the place 25 of the third party organization 8, and the authentication target message NM decrypted and reproduced by the third party organization resident agent 28 is the third party organization agent 29. To be informed. Based on the notified NM and the user's private key SKU (see FIG. 14) included in the SI reproduced by the SC 12, the third-party agent 29_SKU(NM) is calculated and notified to the user. This E_SKU(NM) becomes user authentication data, and the user agent 26 receives it (see SA 53), returns to the destination place 24 (see SA 54), and moves to the destination agent 27 on the place 24. E_SKUInform (NM).
[0106]
Next, go to SC15, E_PK3It is determined whether or not (KC) has been received and waits until it is received. E_SKUThe user agent 26 that has taken (NM) back to the destination place 24 encrypts the desired high-priced content KC with respect to the destination agent 27._PK3A request is made to transfer (KC) (see SA55). Receiving this, the destination agent 27 sends E_PK3(KC) is transmitted to the third party agency agent 28 of the third party agency 8. The E that has been sent_PK3If (KC) is received, proceed to SC16, D_PK3{E_PK3(KC)} is calculated to reproduce KC. Next, the process proceeds to SC17, where processing for evaluating the desired high-priced content KC is performed.
[0107]
Next, the process proceeds to SC18, where it is determined whether or not the desired content is illegal content. This determination is performed in the same manner as in SC6 described above. If the content is illegal, the process proceeds to SC7. If the content is not illegal, the process proceeds to SC19, and the data HK encrypted with the private key SK3 of the third party organization 8 with respect to the evaluation HK of the desired high-value content KC, that is, E_SK3(HK) is calculated, and the process of transmitting the calculation result to the user agent 26 on the destination place 24 is performed in SC20, and then the process proceeds to SC10.
[0108]
FIG. 9 is an explanatory diagram for explaining the operation of the agent in the CM producer 10. A resident agent 59 exists in the CM place 58 in the telescript engine 57 of the CM producer 10. In the figure, 56 is a database storing a large number of commercials produced by the commercial producer 10, 54 is a WWW server, and 55 is an information processing computer.
[0109]
The user agent operating in the user's personal computer 14 moves to the CM place 58 of the CM producer 10 via the Internet 13 as necessary. On the CM place 58, the user agent 26 and the resident agent 59 meet to search for a CM that the user seems to prefer in cooperation with both.
[0110]
FIG. 10 is a user agent flowchart showing a specific operation of the CM search corresponding to the sponsor shown in SA20 of FIG. By SA73, the user agent moves from the personal computer 14 to the CM place 58. This movement is performed by duplicating the user agent 26 in the personal computer 14 to create a clone and dispatching the clone to the CM place 58 as the user agent 26. Next, the process proceeds to SA74, where it is determined whether or not the clone is already stationed in the CM place 58. If the clone is already stationed, the process returns to SA73 and moves to the CM place 58 of the next CM producer 10. To do.
[0111]
With these SA73 and SA74, the user agent 26 finds out and moves to the CM place 58 where its own clone is not stationed. When the CM place where the clone is not stationed is found, the process proceeds to SA75, where the database 56 is accessed to search for the CM. Next, the process proceeds to SA76, where it is determined whether or not there is a desired CM. If not, the process proceeds to SA81, but if there is, the process proceeds to SA77. In SA77, it is determined whether the desired CM is transmitted to the user's home 17 using radio wave media (wireless media) or transmitted using wired media such as the Internet. If it is determined that the radio wave media is not used, the process proceeds to SA78, and processing for transmitting the desired CM to the personal computer 14 via the Internet 13 is performed.
[0112]
On the other hand, when using the radio wave media, the process proceeds to SA79 and meets with the resident agent 59 to perform processing for informing the broadcast date and channel of the desired CM. Next, the process proceeds to SA80, where the broadcast date / time, channel, and recording instruction are transmitted to the personal computer 14 via the Internet 13.
[0113]
Next, the process proceeds to SA81, where it is determined whether or not the user agent 26 is stationed at the CM place 58. If it is not resident, the process proceeds to SA86, where it is determined whether or not the movement has been completed, and if there are any CM creators that have not yet moved, the process returns to SA73 for the next movement. Move forward. On the other hand, when all the CM creators 10 scheduled to move have been moved, the process proceeds to SA78, where the process of returning the user agent 26 to the user's personal computer 14 is performed, and the control ends.
[0114]
On the other hand, if it is determined that the user agent 26 is stationed at this CM place 58, the process proceeds to SA82, where a process of creating its own clone and moving it to the CM place of another CM creator 10 scheduled to move to is performed. Made. Next, the process proceeds to SA83, and the user agent 26 stationed at the CM place 58 meets the resident agent 59 to determine whether or not a new CM has been created. When the CM creator 10 creates a new CM and stores it in the database 56, the resident agent 59 informs the user agent 26 residing in the CM place 58 that the new CM has been produced. If there is, a determination of YES is made in SA83 and the process proceeds to SA88.
[0115]
In SA88, the user agent 26 stationed at the CM place 58 searches and evaluates the new CM. Next, the process proceeds to SA89, where it is determined whether or not it is desired to obtain the new CM as a result of the evaluation. If not, the process proceeds to SA83, but if desired, the process proceeds to SA90 and the user of the desired CM. As a transmission method to the home 17, it is determined whether or not to use radio wave media (wireless media). If not used, a process of transmitting the desired CM to the personal computer 14 via the Internet 13 is performed in SA93, and then the process proceeds to SA83. On the other hand, when using radio wave media, the process proceeds to SA91 and meets with the resident agent 59 to tell the broadcast date / time and channel of the CM to be obtained. According to SA92, the broadcast date / time, channel and recording instruction are transmitted to the Internet. After processing to transmit to the personal computer 14 via 13, the process proceeds to SA 83.
[0116]
If it is determined by SA83 that there is no new CM creation, the process proceeds to SA84, and it is determined whether or not to end the stay. If the stay of the user agent 26 is still continued, the process proceeds to SA83. If the user agent 26 is to be terminated, the process proceeds to SA85, where the process of deleting the stationed user agent 26 itself is performed, and the control is terminated.
[0117]
FIG. 11A is a flowchart showing the operation of the resident agent 59 on the CM place 58, and FIG. 11B is a flowchart showing the control operation of the information processing computer 55 of the CM producer 10.
[0118]
First, the operation of the resident agent 59 resident in the CM place 58 will be described.
[0119]
Based on SD1, it is determined whether or not a new CM has been produced. If it has not been produced, the process proceeds to SD3, but if it has been produced, the process proceeds to SD2. In SD2, a process of notifying that a new CM has been produced is performed by meeting with the user agent 26 stationed at the CM place 58. Next, the process proceeds to SD3, where it is determined whether or not a CM broadcast date / time and channel notification request has been received. If not, the process returns to SD1. On the other hand, if the user agent 26 makes a CM broadcast date / time and channel notification request based on SA79 or SA93 described above, a determination of YES is made in SD3 and the process proceeds to SD4.
[0120]
In SD4, it is determined whether or not the CM for which a notification request has been made is already scheduled to be broadcast. If the broadcast is already scheduled, the scheduled broadcast date and time and the channel are already determined, so the process proceeds to SD5, and the broadcast scheduled date and time and the channel are notified to the user agent 26 in the CM place 58. Then return to SD1.
[0121]
On the other hand, if the broadcast is not scheduled, the process proceeds to SD6, where a process of sending a CM to the broadcast station 2 to request a broadcast is performed. Next, the process proceeds to SD7, where it is determined whether or not a broadcast date and time and a channel have been replied, and waits until a reply is received. Upon receiving the broadcast request, the broadcasting station 2 schedules when the requested CM is broadcast, and if determined, informs the resident agent 59 of the CM place 58 of the CM producer 10 of the broadcast date and time and the channel. Send. Then, a determination of YES is made by SD7, and the process proceeds to SD8, in which a process of storing the broadcast date and time and the channel returned by classifying for each CM number is performed. Next, the process proceeds to SD9, where a process for notifying the user agent 26 on the CM place 58 of the broadcast date and time and the channel is performed, and then the process returns to SD1.
[0122]
Next, the operation of the information processing computer 55 will be described. Whether or not program-related data has been received is determined by SE1, and if not, the process proceeds to SE4. As described with reference to FIG. 1, if program-related data is transmitted from the program-related data producer 11 to the CM producer 10, a determination of YES is made by SE 1 and the process proceeds to SE 2, and the CM of the corresponding program is stored in the database 56. A process of superimposing the CM and the received program-related data as the received data is performed. As a result, the CM in the database 56 becomes CM data in which program-related data is superimposed. In addition, since the program-related data differs depending on which program is broadcast for the same CM, even in the same CM, a plurality of CM data in which different program-related data is superimposed for each target program is stored in the database 56. Will be. As a result, the CM transmitted to the broadcasting station according to the above-described CD6 becomes CM data in which program-related data of a program corresponding to the CM is superimposed. Further, when the user agent 26 requests the resident agent 59 to notify the CM broadcast date and time and the channel, the user agent 26 is notified of which program is inserted and aired. The resident agent 59 searches the database 56 for CM data in which program-related data corresponding to the target program is superimposed, and transmits it to the broadcast station 2. In addition, the database 56 is divided into two, and is composed of a CM dedicated database storing only CMs and a program related data dedicated database storing only program related data transmitted from the program related data producer 11, and a user agent When the CM broadcast date / time and channel notification request from 26 is received, the resident agent 59 searches for program-related data related to the program to be inserted and broadcast of the CM, and the CM data searched by the user agent 26 and the resident data are resident. The program-related data searched by the agent 59 may be superposed and transmitted to the broadcast station 2. Next, the process proceeds to SE3, and a process of transmitting to the broadcasting station 2 a CM that is broadcast together with the program among the superimposed CMs is performed. That is, a CM inserted and broadcast between programs is transmitted to the broadcasting station by this SE3, and a CM in which program-related data is superposed together with the broadcasting of the program is broadcast from the broadcasting station 2.
[0123]
Next, the process proceeds to SE4, where it is determined whether or not there is an input to the newly produced CM database 56. If there is no input, the process returns to SE1. On the other hand, if there is an input, the process proceeds to SE5, where the new CM is recorded in the database 56. Next, the process proceeds to SE6, where the resident agent 59 is notified that the new CM has been produced. After that, the process returns to SE1.
[0124]
FIG. 12 is a screen view in which a CM on which program-related data is superimposed by the above-described SE2 is received and the CM is broadcast by the CRT 52 or the TV 16 of the personal computer 14 in the user home 17. FIG. 12 shows a screen view in which a CM is broadcast by the CRT 52 of the personal computer 14. The case of FIG. 12 is a case of a suit CM inserted between suspense programs in which a hero called the Colombo Police Department appears. The user of the personal computer 14 is a person who graduates from university next year and becomes a first-year member of society, and information that graduates next year is held as knowledge by the user agent 26 as user profile information.
[0125]
Therefore, the user agent 26 searches for a CM as shown in FIG. 12 based on the knowledge of graduating next year. Then, as the program-related data, the address of the homepage for exchanging opinions of this program is displayed (see FIG. 12 (a)). For example, the message “Please pay attention to Colombo's right hand at the murder scene” is displayed (see FIG. 12B). Also, as shown in FIG. 12 (c), explanation of technical terms appearing in the program, for example, “subliminal effect: character display that appeals to the subconscious by inserting a video for a moment that humans cannot be aware of” is performed. Also good. In this way, the superposition by SE2 is a superposition of CM video and character information, as shown in FIG.
[0126]
FIG. 13 is a block diagram showing a control circuit between the communication device 3 of the content provider 7 and the user personal computer 14 shown in FIG. The communication device 3 includes a variable length data generation unit 31, a random number acquisition unit 32, an encryption processing unit 33, a logic circuit 34, a communication control unit 35, an authentication processing unit 36, and a master key encryption processing unit 37.
[0127]
The variable-length data generating unit 31 generates variable-length data having a size corresponding to the communication capacity of the content transmitted from the telescript engine 18 based on the selected content transmission command (see SA38) by the destination agent 27. . For example, variable length data is generated for each image for a still image and for each display screen for a moving image. This variable length data is digital data composed of an arbitrary bit string. The random number acquisition unit 32 acquires a natural random number from the random number generation device 4 every time the content is oscillated. The encryption processing unit 33 generates a variable length random number sequence based on the variable length data and the natural random number. For encryption, SXAL / MBAL (described later) is used.
[0128]
The logic circuit 34 determines the exclusive OR of each bit of the content transmitted from the telescript engine 18 and the variable length random number sequence generated by the encryption processing unit 33. This content is stream-encrypted. This stream encrypted information is used as transmission information. The communication control unit 35 is configured to communicate with each user's personal computer 14 to transmit the transmission information and notification information described later, and to receive information sent from the personal computer 14 of each user.
[0129]
The authentication processing unit 36 is a processing unit for performing user authentication for user access control and the like. The master key encryption processing unit 37 uses the variable-length data and natural random numbers (if there are a plurality of data) used in the encryption processing unit 33 when the authentication results by the authentication processing unit 36 and the management server 69 of the member management center 12 are authentic. (Including information on the order of use) as a transmission master key, which is encrypted based on a key unique to the user, and information obtained by the encryption is used as notification information from the communication control unit 35 to the personal computer 14 of the user. To send to. SXAL / MBAL (described later) is used for encryption.
[0130]
The member management center 12 is provided with a database 70 in which member IDs and various member information for user authentication are classified and stored for each user. The management server 69 accesses this database 70, searches the stored information, performs user authentication, and transmits the result to the authentication processing unit 36 via the communication control unit 30 via the Internet 13.
[0131]
The user's personal computer 14 is provided with a CPU 60 as a control center, a ROM 61 in which programs are stored, a RAM 62 as a working area of the CPU 60, and an EEPROM 63 capable of electrically erasing stored data. Further, an input / output interface 64 is provided for consistency of signals with the outside. The clock generation circuit, address decoding circuit, power-on reset circuit, etc. are not shown.
[0132]
A card reader / writer 66 is connected to the input / output interface 64, and signals are exchanged with the user's IC card 65 between the CPU 60 via the card reader / writer 66 and the input / output interface 64. A floppy disk reader / writer 67 is connected to the input / output interface 64, and information can be read from and written to the floppy disk.
[0133]
A hard disk reader / writer 68 is connected to the input / output interface 64, and information can be read from and written to the hard disk. A keyboard 53 is connected to the input / output interface 64, and when the user operates the keyboard 53, the operation signal is input to the CPU 60 via the input / output interface 64. A CRT 52 is connected to the input / output interface 64, and a CRT display control signal is supplied from the CPU 60 to the CRT 52 via the input / output interface 64. A CD-ROM reader 68a is connected to the input / output interface 64, so that recorded information on the CD-ROM 68b can be read. The above-mentioned user agent 26 is recorded on the CD-ROM 68b. The user agent 26 is sold to the user from the agent manufacturer in a state recorded in the CD-ROM 68b. Note that the sales of the user agent 26 may be distributed by the agent manufacturer online via the Internet 13 and sold instead of the sales recorded in the CD-ROM 68b.
[0134]
FIG. 14 is a diagram showing a control circuit and stored data of the IC card 65 owned by the user. The IC card 65 includes a CPU 91 as a control center, a ROM 92 storing a control program, a RAM 93 as a working area of the CPU 91, an EEPROM 94 capable of electrically erasing stored data, and an external device. An I / O port 90 for inputting / outputting signals is provided. The ROM 92 stores an OS (Operating System) for the IC card 65. As this OS, it is desirable to use an IC card general-purpose OS such as MULTOS (multi-application IC card general-purpose operating system) which is a de facto world standard.
[0135]
For example, the EEPROM 94 stores various application software 95 as necessary. As application software, for example, various software such as credit, debit (deposit automatic deposit), Mondex, access control, etc., and various data such as electronic certificate, knowledge data for agents, electronic medical records, etc. can be considered. These various types of application software are configured to be rewritten to other types of application software as necessary.
[0136]
The agent knowledge data 96 is classified and stored into publicly available information NSI that does not require confidentiality and secret information SI that requires confidentiality. The publicly available information NSI includes, for example, the user's occupation, hobby, address, music preference, movie preference, user public key PKU, and the like. As the secret information SI, for example, the user's annual income, telephone number, opposite sex preference, educational background, savings amount, property,... This secret information SI is stored in an encrypted state with SK1, which is a user-specific secret key.
[0137]
When the user uses his / her user agent 26, for example, the user agent recorded on the CD-ROM 68b is read by the CD-ROM reader 68a, and the IC card 65 owned by the user is read by the personal computer 14. The agent knowledge data 96 is read, and the user agent 26 is operated in a state where the agent knowledge data 96 is held in the user agent 96. In the user profile information 96, if there is a job change or a move, the user rewrites and updates the occupation, address, and the like. Also, the user agent 26 performs work for the user and provides the result to the user, and observes the user's reaction (whether satisfied or dissatisfied) with the provided result, and needs to If there is, the user agent 26 updates or supplements the user profile information 96. As a result, the user's profile information 96 becomes more suitable for the user as the user agent 26 is used, and the user's satisfactory work is performed as the user agent 26 is used.
[0138]
Furthermore, the user agent 26 observes the user's reaction (whether satisfied or dissatisfied, etc.) who provided the result of the work, and improves not only the user profile information 96 but also the program of the user agent 26 itself. If so-called machine learning is applied, the user agent 26 needs to be stored in a storage medium such as the EEPROM 63 that can rewrite information.
[0139]
Further, in the user profile information 96 shown in FIG. 14, which type of profile information is stored at which address or in what data structure is stored in accordance with a unified format on a global scale. Yes.
[0140]
FIG. 15 is an explanatory diagram showing an outline of the above-described SXAL / MBAL.
In the illustrated example, 20-byte variable-length data, which is plaintext data, is encrypted using an 8-byte (64-bit) encryption key K to obtain a 20-byte variable-length cipher string. In the figure, P, E, F, G, H, I, and C are data in each conversion process, and the subscript represents the number of bytes. Fm is a cryptographic function.
[0141]
Referring to FIG. 15, first, the exclusive OR of the leftmost 8 bytes of variable length data P and the expanded key KO is determined, and the determination result is converted into data by function fm. Next, the 4 bytes at both ends are combined and converted by SXAL, and the rest is left as it is. Subsequently, the order of the data is reversed, and after the data is converted by the encryption function fm, the order of the data is reversed. The data is converted by the encryption function fm, the exclusive OR of the leftmost 8 bytes of the converted data and the extended key KI is determined, and the encrypted variable length cipher string C is obtained. .
[0142]
In this embodiment, since the encryption algorithm encrypts data or files of 16 bytes or more as one unit, it is possible to perform encryption for each large capacity of megabyte class, and bidirectional data exchange as described above. Since the encryption is performed multiple times, the decryption becomes extremely difficult, and the normal decryption of all information becomes impossible when encountering bit corruption or data alteration of about 1 bit in the information transmission form. Focusing on this, this is used to ensure security when high-capacity information is transmitted at high speed. In particular, when garbled or data falsification of about 1 bit is encountered, in the DES type encryption algorithm, only the vicinity of the bit garbled or falsified part or the part other than that part is not normally decrypted at the time of decryption. Anomaly detection becomes extremely difficult. On the other hand, in SXAL / MBAL, since all parts are changed to abnormal information, it is very easy to detect, and a quick request such as using a resend request during communication and a backup file being stored for files. Correspondence becomes possible.
[0143]
FIG. 16 is a flowchart showing the operation of the transmission apparatus 3 shown in FIG. SF1 determines whether or not a content transmission command has been issued. If not, the process proceeds to SF14. After performing user authentication processing, the process returns to SF1. If there is a content transmission command from the telescript engine 18 as described above during the loop of SF1 and SF14, the process proceeds to SF2 and the commanded content is already scheduled to be broadcast. It is determined whether or not. In the case of content that is already scheduled to be broadcast, since the broadcast date and time and channel have been transmitted from the broadcast station 2 to the content provider 7, the broadcast date and time and channel are transmitted to the user's personal computer 14 and then SF1. Return to.
[0144]
On the other hand, if the content for which the transmission command has been received is new content that is not yet scheduled to be broadcast, the process proceeds to SF4, and variable length data ("") corresponding to the transmission unit of the selected content, for example, one frame Fs. 111... 1 ″). Next, the process proceeds to SF5, where, for example, two natural random numbers (R1, R2) are obtained from the random number generator 4, and encryption processing is performed. Specifically, the variable length data is encrypted by the above-described SXAL / MBAL using the first natural random number R1 as a key (encryption key) to generate an initial random number sequence kd0 (corresponding to the variable length encryption sequence C in the lower part of FIG. 15). . Next, the process proceeds to SF7, and a random number sequence KS (= kd1, kd2,... Kdi) is generated by exclusive OR determination of the corresponding byte of the initial random number sequence kd0 and the reference logical value 01h.
[0145]
Here, kd1 is an exclusive OR determination result of the first byte of kd0 and 01h, kd2 is an exclusive OR determination result of the second byte of kd0 and 01h, and so on. Further, the random number sequence KS is encrypted by SXAL / MBAL using the next natural random number R2 as a key (encryption key) to generate a new random number sequence RS (= rd1, rd2,..., Rdn: variable length encryption sequence) (SF8). Here, rd1 is the encryption processing result of kd1, rd2 is the encryption processing result of kd2, rdn is the encryption result of the data kdi whose data amount is adjusted, and so on.
[0146]
Next, the process proceeds to SF9, where the exclusive OR condition between the random number sequence RS generated as described above and the transmission unit Fs is determined to generate transmission information RDn, and the process proceeds to SF10, where the generated transmission information RDn is Transmit to broadcasting station 2. The broadcast station 2 receives the transmission information RDn, determines when and on which channel to broadcast it, and returns the determined broadcast date and channel to the content provider 7. If there is a reply, the determination of YES is made by SF11, and the process proceeds to SF12. A process of storing the broadcast date and time and the channel by classifying each is performed. Next, the process proceeds to SF13, where the broadcast date / time and channel are transmitted to the user's personal computer 14, and then the process returns to SF1.
[0147]
FIG. 17 is a flowchart showing the content reproduction processing operation by the user's personal computer 14, and is a specific flowchart of S20 shown in FIG. Through S25, it is determined whether variable length data and random numbers (R1, R2) are stored. Both pieces of data are sent from the content provider 7 to the user's personal computer 14 as will be described later on condition that the user authentication using the user's personal computer 14 is determined to be appropriate. It is a thing. If neither of these data is stored, the process proceeds to S26. First, user authentication processing (described later with reference to FIG. 18) is performed, and then the process proceeds to S27.
[0148]
In S27, the variable length data is encrypted with SXAL / MBAL using the first natural random number R1 to generate an initial random number sequence kd0. Next, the process proceeds to S28, and a random number sequence KS (= kd1, kd2,... Kdi) is generated by exclusive OR determination of the corresponding byte of the initial random number sequence kd0 and the reference logical value 01h. In step S29, the random number sequence KS is encrypted by SXAL / MBAL using the next natural random number R2 as a key, and a new random number sequence RS (= rd1, rd2,... Rdn) is generated. The initial random number sequence kd0 and the random number sequences ks and rs are the same as those described with reference to FIG.
[0149]
A transmission unit Fs is generated by determining an exclusive OR condition between the random number sequence RS thus generated and the received transmission information RDn (S30), and the content is reproduced (S31).
[0150]
FIG. 18 is a flowchart showing the user authentication process, and is a flowchart showing specific operations of SF14 and S26 described above. This flowchart is a flowchart of each of the user's personal computer 14, the communication device 3 of the content provider 7, and the management server 69 of the member management center 12.
[0151]
The user first inserts his IC card 65 into the IC card insertion slot 50 of the personal computer 14. In this state, the process of S32 is performed on the condition that the user performs card authentication by inputting a personal identification number and the like, and it is determined that the card authentication is appropriate. In S32, the member ID stored in the IC card 65 is read, and the read member ID and the selected content NO. Is transmitted to the communication device 3 of the content provider 7. In the communication device 3, a process of relaying and transmitting the transmitted information to the management server 69 of the member management center 12 is performed by the SF 15. In the management server 69, the member ID sent by referring to the member management information stored in the database 70 is confirmed by SH1, and the random number is obtained on the condition that the confirmation is made that it is appropriate. A process of generating and transmitting as a challenge code CC is performed.
[0152]
In the communication device 3 of the content provider 7, the challenge code CC is relayed and transmitted to the user's personal computer 14 by the SF 16. In S33, the user's personal computer 14 calls the user's net key SK stored in the IC card 65, generates a response code RC using the key, and sends it back. This process is RC = E_SKThis is a process of calculating (CC) and returning the calculation result.
[0153]
In the communication device 3 of the content provider 7, the response code RC is relayed by the SF 17 and transmitted to the management server 69 of the member management center 12.
[0154]
The management server 69 authenticates the user based on the response code RC transmitted by the SH 2 and confirms it. If it can be confirmed that it is appropriate, the management server 69 replies to the communication device 3 of the content provider 7. Processing is performed. Specifically, the processing of SH2 is as follows: RC = D_SKThis is based on whether (CC) is satisfied. The net key SK is classified and stored in the database 70 of the member management center 12 for each member ID, and the management server 69 searches the SK corresponding to the member ID and uses it to perform user authentication. .
[0155]
The communication device 3 of the content provider 7 that has received the user authentication confirmation information encrypts the variable length data KH and the random numbers (R1, R2) corresponding to the content desired by the user with the user's net key SK by using the SF 18. The process of transferring to the user's personal computer 14 in a concealed form is performed. In the user's personal computer 14, the transferred information is decrypted by the net key SK and the variable length data K1 and the random numbers (R1, R2) are reproduced and stored in S34. This K1 and random numbers (R1, R2) are used for the processing after S27 shown in FIG.
[0156]
FIG. 19 shows a control circuit for preventing unauthorized copying in which, for example, a user who purchases paid content copies and distributes the content to other users. This control circuit is built in the user's personal computer 14, for example. The user's personal computer 14 receives the pay content provided by the content provider 7 or the pay program broadcast by the broadcast station 2 and records the content on the hard disk 81 or the like. As described above, in the case of paid content, since it is generally transferred as encrypted data, the personal computer 14 records the transferred data on the hard disk 81 in an encrypted state as it is. As described with reference to FIG. 17, the information read from the hard disk 81 is decrypted by predetermined decryption means 81a, and the content is reproduced.
[0157]
In this decrypted content, a control signal CCS (Copy Control Signal) is embedded as watermark information by a so-called digital watermark technique. In general, watermark information can be read out by decoding with MPEG2. The content data decoded by the decoding means 81a is input to the MPEG2 decoder 82, and the decoded information is input to the digital watermark detector 83, whereby the control signal CCS which is watermark information can be detected. it can. The CCS detected by the digital watermark detector 83 is input to the APS 86. This APS is an analog protection system developed by Macrovision Corp., for example, and performs anti-duplication processing.
[0158]
Content data including watermark information is supplied from the digital watermark detector 83 to the graphics module 84, and the content data is supplied from the graphics module 84 to the NTSC (National Tetevison System Committee) encoder 85, and converted into the NTSC signal. Converted. Then, the NTSC signal is supplied to the CRT 52, TV 16, VTR 15, etc. of the personal computer 14.
[0159]
The CCS given to the APS 86 is, for example, a copy control signal such as “copy prohibited” or “copy only once”, and the APS 86 operates in accordance with this signal to perform control such as copy prohibition according to the data content of the CCS. .
[0160]
FIG. 20 is an explanatory diagram showing an example in which information is exchanged between the content provider 7 and the third party organization 8 or the broadcast station 2 and the program-related data producer 11 using wireless media. FIG. 20 shows an example using a so-called wireless local network WLL (Wireless Local Loop). The content provider 7, the third party organization 8, the broadcast station 2, and the program related data producer 11 are provided with wireless devices 71, 72, 74, and 75, respectively. As described above, transmission of the user agent 26, the paid content, the third party agency agent 29, etc. between the third party organization 8 and the content provider 7 is performed using this WLL. In the figure, reference numerals 76, 77, 78, 79, and 80 denote antennas for WLL.
[0161]
Also, transmission of program related data between the broadcasting station 2 and the program related data producer 11 is performed using WLL. In addition, 1 is a satellite and 5 is a satellite antenna.
[0162]
Information exchange between the third-party organization 8 and the content provider 7 is performed because a large number of user agents, a large number of third-party agents, and a large number of contents are collected and transmitted. By transmitting and receiving such a large amount of data using this WLL, there is an advantage that it can be efficiently transmitted and received.
[0163]
FIG. 21 is a control circuit diagram showing another example for preventing unauthorized copying. This control circuit is also built in the user's personal computer 14, for example. The encrypted content data received by the user's personal computer 14 is recorded on the hard disk 81 as described above. In the encrypted content data, the variable length data K1 and the random numbers R1 and R2 for decrypting the encrypted content are incorporated as watermark information in a state encrypted with the user's net key SK. It is.
[0164]
Such encrypted content data recorded on the hard disk 81 is input to the MPEG2 decoder 82, where it is decrypted and converted into a state in which watermark information can be detected, and the data is input to the digital watermark detector 83. E which is watermark information_SK(K1, R1, R2) is detected and input to the CRT 52 and TV 16 of the personal computer 14. On the other hand, the encrypted content data from the digital watermark detector 83 is input to the NTSC encoder 85 via the graphics module 84 and provided to the CRT 52, TV 16 and VTR 15 as NTSC signals. Since this NTSC signal is an NTSC signal of encrypted content data, even if it is broadcast as it is based on this NTSC signal, such as a CRT 52, a TV 16 or the like, only the video according to the encrypted data is broadcast. The video cannot be recognized by the user.
[0165]
Therefore, for example, by inserting the user's IC card 65 into the IC card insertion slot 50 of the user's personal computer 14, the user's net key SK stored in the IC card 65 is read by the personal computer 14 and input to the personal computer 14. E_SK(K1, R1, R2) is encoded from the user's net key SK to reproduce K1, R1, R2, and the NTSC signal is decoded using these data to be converted into an NTSC signal for normal content data. The display is controlled by the CRT 52.
[0166]
An IC card insertion slot is also formed in the TV 16 and the IC card 65 is inserted therein, whereby the NTSC signal is decoded by the TV 16 in the same manner as described above, converted into an NTSC signal for normal content data, and broadcast.
[0167]
With this configuration, the paid content cannot be played and broadcast unless the IC card 65 of the user who has purchased the paid content is inserted into the personal computer 14 or the TV 16. Note that since the IC card insertion slot is not formed in the VTR 15, the data recorded in the VTR 15 is an NTSC signal for the encrypted content. When the NTSC signal for the encrypted content recorded in the VTR 15 is reproduced by the CRT 52 or the TV 16, the IC card 60 is inserted, decrypted and reproduced as described above.
[0168]
According to another embodiment shown in FIG. 21, when content is played back on the TV 16, the content playback processing function shown in FIG. 17 is built in the TV 16. Also, when content is played back by the CRT 52, the IC card 65 is inserted into the IC card insertion slot 50 of the personal computer 14 and played back. However, as shown in FIG. 21, supplied from the NTSC encoder 85 to the CRT 52. The NTSC signal is decoded, and the NTSC signal is decoded in the personal computer 14 so that the decoded NTSC signal cannot be output to, for example, the TV 16 or the VTR 15.
[0169]
Further, in another embodiment shown in FIG. 21, after the user authentication process shown in FIG. 18 is performed to authenticate that the user is an appropriate user, the variable length data K1, random numbers (R1, R2), The data encrypted with the user's net key SK is incorporated into the encrypted content data as watermark information, and the information is transferred to the user's personal computer 14 via the broadcasting station 2 or the like.
[0170]
22 to 24 are diagrams illustrating other examples of the control operation illustrated in FIGS. 16 to 18.
[0171]
FIG. 22 is a flowchart showing the operation of the communication device 3 of the content provider 7 and corresponds to FIG. The SF 19 determines whether or not a content transmission command has been issued. If not, the process proceeds to the SF 19a, performs user authentication processing, and then returns to the SF 19.
[0172]
If there is a content transmission command from the telescript engine 81, the process proceeds to SF20, where it is determined whether or not the content is already scheduled to be broadcast. Proceeding to SF21, the broadcast date and time and channel are transmitted to the personal computer 14 and the process returns to SF19. On the other hand, if there is a transmission command for new content that has not yet been scheduled to be broadcast, the process proceeds to SF22, where a process of generating a random number RN having the same number of bits as the user's private key SKU is performed. Generally, since the number of bits of a secret key used in a public key cryptosystem such as RSA is 1024 bits, the random number RN generated by this SF 22 is also likely to be 1024 bits.
[0173]
Next, the processing proceeds to SF23, where the selected content is divided into the same number of bits (for example, 1024 bits) as the user's private key SKU to generate divided content A (= A1, A2,... An). When divided into the same number of bits as SKU, it is common for fractions to occur in the content. In this case, the last divided content An is data having a bit number smaller than the bit number of SKU. Next, the process proceeds to SF24, and an exclusive OR (exclusive OR) between the divided content A and the random number RN generated by SF22 is calculated. 22 to 24, a symbol in which + is drawn in a circle is used as the exclusive OR, but the symbol (+) is used in the specification. The specific calculation content of SF24 is to calculate the exclusive OR between each of the divided contents A1, A2,... An and the random number RN. Next, the process proceeds to SF25, and a process of transmitting the calculation result A (+) RN by SF24 to the broadcast station 2 is performed. Receiving this, the broadcasting station 2 determines the date and channel for broadcasting A (+) RN, and returns the determined broadcasting date and channel to the content provider 7. If there is a reply, the judgment of YES is made by SF26 and the process proceeds to SF27. The broadcast date / time and channel are stored in a classified manner, and the process proceeds to SF28. After the broadcast date / time and channel are transmitted to the personal computer 14, the process returns to SF19.
[0174]
Note that the last An (+) RN of the SF 24 is equal to the number of bits of the divided content An from the beginning of the random number RN when the divided content data An is a divided content having a bit number smaller than the SKU due to the fraction. The data is taken out and the exclusive OR of the data and An is calculated.
[0175]
FIG. 23 is a flowchart showing a specific operation of the user authentication process shown in SF 19a and S36 described later, and corresponds to FIG.
[0176]
First, the user inserts his / her IC card 65 into the IC card insertion slot 50 of the personal computer 14 and performs card authentication in the same manner as described above. The user ID stored in the IC card 65 is read and the member ID and the selected content NO. Are transmitted to the communication device 3 of the content provider 7. In the communication device 3, the transmitted information is relayed by the SF 19 and transmitted to the management server 69 of the member management center 12. In the management server 69, the membership ID sent by accessing the database 70 is confirmed by SH3 to determine whether or not it is appropriate, and after confirming that it is appropriate, a random number is generated and challenged. The code CC is transmitted to the communication device 3.
[0177]
In the communication device 3, the transmitted challenge code CC is relayed by the SF 20 and transmitted to the user's personal computer 14. In step S39, the user's personal computer 14 reads the net key SK in the IC card, generates a response code RC using the SK as a key, and returns the response code RC. That is, RC = E_SKCalculate (CC) and send it back. In the communication device 3, a process of relaying the returned RC to the management server 69 via the SF 21 is performed. In the management server 69, when SH4 confirms that the user is properly authenticated based on the transmitted response code RC and confirms that the authentication is proper, the management server 69 performs a process of returning that fact. . That is, in SH4, CC = D_SKIt is determined whether or not (RC) is established, and the user authentication is performed.
[0178]
When the communication device 3 receives the confirmation information of the user authentication, the communication device 3 divides the selected content in the same manner as the SF 23 and transmits the divided content A (= A1, A2,... An) to the management server 69. . In the management server 69, by SH5,
SKU (+) {I1 (+) (A1 (+) RN)} = A1
SKU (+) {I2 (+) (A2 (+) RN)} = A2
・
SKU (+) {In (+) (An (+) RN)} = An
I (= I1, I2,... In) satisfying_SKProcessing for transmitting (I) to the communication device 3 is performed.
[0179]
Here, I1, I2,... In are data having the same number of bits (eg, 1024 bits) as the number of bits of the divided contents of A1, A2,. In addition, when An has a smaller number of bits than usual due to the fraction, In also has a smaller number of bits according to An. The calculation of I1, I2,... In can be performed relatively easily. For example, if the most significant bits of SKU, A1 and RN are all “1”,
1 (+) {the most significant bit of I1 (+) (1 (+) 1)} = 1
Thus, the most significant bit of I1 is naturally “0”. If the next bit of the most significant bit of SKU is 0 and the next bits of the most significant bit of A1 and RN are both 1,
0 (+) {the bit next to the most significant bit of I1 (+) (1 (+) 1)} = 1
Thus, the bit next to the most significant bit of I1 is naturally “1”.
[0180]
In the communication device 3, E_SKIn response to (I), a process of transmitting to the user's personal computer 14 via the SF 23 is performed. In the user's personal computer 14, in S40, the received information is decrypted with the key SK, that is, T_SK{E_SK(I)} is calculated and I is reproduced and stored. In this alternative embodiment, the member (user) secret key SKU is stored in the database 70 of the member management center 12 categorized for each member ID. The secret key SKU is stored in the database 70 in a state where confidentiality can be maintained, and is configured such that only a limited operator of the member management center 12 can access the SKU by the management server 69.
[0181]
FIG. 24 is a flowchart showing the operation of the user's personal computer 14 and corresponds to the flowchart shown in FIG. First, in S35, it is determined whether or not I (= I1, I2,... In) is stored. Since I is stored in the user's personal computer 14 at the stage where the user authentication shown in FIG. 23 is completed (see S40), a determination of YES is made in S35 and the process proceeds to S37, but I is not yet stored. In this case, the process proceeds to S36, and after the user authentication process shown in FIG.
In S37,
A = SKU (+) {I1 (+) (A1 (+) RN}
+ SKU (+) {I2 (+) (A2 (+) RN}
+ SKU (+) {I3 (+) (A3 (+) RN}
:
+ SKU (+) {IN (+) (AN (+) RN}
Is processed to reproduce the content.
[0182]
In this other embodiment, as shown in S37, in order to reproduce the content A, the SKU that is the secret key of the user is required. That is, the process of decrypting the encrypted content using the user's private key SKU is an essential process for reproducing the content A. As a result, in order for a user other than the user who normally purchased the encrypted content to decrypt the encrypted content and reproduce the content A, the encrypted content is encrypted using the private key SKU of the authorized user who purchased the encrypted content. The content A cannot be obtained unless the IC card 65 is obtained from a legitimate user. Therefore, security is improved.
[0183]
The other embodiments of FIGS. 22 to 24 will be briefly described with different expressions as follows.
[0184]
A content created by the content provider 7 is A, and the content provider 7 encrypts the paid content A with a key RN made up of a random number or the like to create an E_RN(A) is calculated and broadcasted from the broadcasting station 2. The content provider 7 is D_SKU[D_I{E_RN(A)}] = A key I satisfying A is generated, encrypted with the key SK, and transmitted to the user's personal computer 14 via the Internet 13 or the like.
[0185]
The user receives the E received from the broadcasting station 2._RN(A) is decrypted with the key I received from the content provider 7 and reproduced, and further decrypted with its own secret key SKU. As a result, content A can be obtained.
[0186]
If an algorithm for encryption and decryption using a key such as RN, I, or SKU is used as an algorithm of RSA public key cryptosystem or so-called elliptic curve cryptography, D_I{E_RN(A)} = E_PKU(A) is established. Therefore, it is sufficient if the content provider 7 calculates I satisfying this equation and transmits it to the user's personal computer 14, and the user's public key PKU is sufficient to generate I, and the user's private key SKU is necessary. It will not be.
[0187]
Next, modifications, feature points, and the like of the embodiment described above are listed below.
(1) In the embodiment described above, the program related data produced by the program related data producer 11 is broadcast on the CM produced by the CM producer 10, and the CM inserted between the programs is broadcast to the user. An invention of a CM cut browsing prevention system for preventing the inconvenience of browsing only a part of a program after being cut is disclosed.
[0188]
The present invention relates to an advertising system (advertisement method) in which a commercial message is inserted between contents for requesting a user to browse, and the invention belongs to the technical field.
[0189]
A publicly known publicity system (promotional method) has a commercial message (CM) inserted between television programs and broadcasts from a broadcasting station, and the user receives the broadcast and receives a TV (television television). ) And broadcast commercials to promote commercial sponsors and sponsors' products.
[0190]
On the other hand, VTRs (video tape recorders) have recently become widespread in the homes of users, and programs including CMs broadcast by broadcasting stations are temporarily recorded on these VTRs and played back later on TVs and personal computers. The number of recording / playback browsing has increased.
[0191]
As a result, since the CM inserted between the programs is a portion corresponding to a luxury for the user, CM cut browsing is performed in which only the CM portion is cut and only the program portion is reproduced and browsed. It is expected to increase.
[0192]
When such CM cut browsing increases, the sponsor of the commercial broadcast program cannot expect the profit from the commercial, and there is a possibility that the commercial broadcast made up of the sponsors will collapse.
[0193]
In other words, in the conventional advertising system (advertisement method), the user cuts only the commercial message inserted between the contents for requesting the user to browse, and only the content is viewed by inserting the commercial message. There was a disadvantage that profits could not be expected.
[0194]
The invention of this advertising system has been conceived in view of such circumstances, and its purpose is to prevent the above-described CM cut browsing by the user as much as possible.
[0195]
As a means to achieve this goal, the invention of this advertising system is
An advertising system that advertises by inserting a commercial message between the contents that the user wants to view,
It is characterized by further comprising simultaneous broadcasting means for broadcasting content related information produced by a producer who produces content related information related to the content for which the commercial message is inserted at the same time as the commercial message.
[0196]
As a result of adopting such means, the content related information related to the content in which the commercial message is inserted is broadcast at the same time as the commercial message. Since a user who is interested in the content desires to view the content related information, viewing the content related information results in viewing a commercial message at the same time. Therefore, it is possible to prevent as much as possible from browsing the content by cutting the commercial message.
[0197]
The simultaneous broadcasting means includes content-related information related to the content (program) to which the commercial message is inserted (in a message or program that calls attention to an important point of a program homepage or program) Superimposing means (SE1, SE2) for superimposing the content related information produced by the producer (program related data producer 11) producing the commentary of the technical terms that appear on the commercial message, and the content by the superimposing means Broadcasting means (SE3, SD3 to DS9, broadcasting station 2, personal computer 14 or TV16) for broadcasting a commercial message with related information superimposed between the contents.
[0198]
As the superimposing means, for example, a superimposing means such as a conventionally known character creating apparatus that displays a message of extraordinary news that an earthquake or the like has occurred during the broadcast of a television program as character information may be used. In the above-described embodiment, the superimposing means is provided at the CM producer 10, but may be provided at the broadcasting station 2 instead. In that case, the program-related data produced by the program-related data producer 11 is transmitted to the broadcasting station 2 via the Internet 13, and the program-related data is superposed on the commercial message broadcasted by the broadcasting station 2 and broadcast. .
[0199]
Further, as an invention for achieving the object of preventing the above-described commercial message cut browsing, the following means may be provided.
[0200]
An advertising method in which a commercial message is inserted between contents for requesting the user to browse,
A content-related information generating step for generating content-related information related to the content to which the commercial message is inserted;
A superposition step of superposing the content-related information generated by the content-related information generation step and the commercial message;
And a broadcasting step of broadcasting the commercial message in which the content related information is superimposed by the overlapping step between the contents.
[0201]
The content related information generating step is configured by the explanation part in which the program related data producer 11 described above produces the program related data as shown in FIG. The polymerization step is constituted by SE2. The broadcasting step is configured by SE3, SD3 to SD9, broadcasting station 2, and S13 to S16.
[0202]
(2) In the above-described embodiment, an invention is disclosed in which a commercial message that a user seems to like is retrieved and the user is allowed to browse and view the broadcast. The present invention relates to an advertising system (advertisement method) for advertising to a user by a commercial message.
[0203]
In this kind of advertisement system (advertisement method), for example, a commercial message for a sponsor for a commercial program is produced by a CM producer, and the produced commercial message is broadcast. It is provided to the station and broadcast while being inserted between programs. The user receives a broadcast that he / she wishes to browse from the broadcast program, browses it on a TV or personal computer, etc., and broadcasts a commercial message inserted in the middle of the viewing, thereby promoting the sponsor to the user. It was.
[0204]
However, in this type of conventional advertising system (advertisement method), a CM producer creates a CM for a sponsor unilaterally, regardless of whether the user likes it or not. I was broadcasting. As a result, for the user, the user is in a state of browsing commercials of products that are completely uninterested and commercials almost unrelated to him. For example, when advertising a beer to a user who does not accept alcohol, the advertisement is not only useless for the user but also has no effect on the sponsor side. As described above, the conventional advertisement system (advertisement method) has a drawback that both the user side and the sponsor side are wasteful and less profitable.
[0205]
The present invention has been conceived in view of such circumstances, and an object thereof is to prevent waste on both the advertiser side and the user side as much as possible.
[0206]
As means for achieving this object, the present invention is an advertising system for advertising to a user by a commercial message,
Commercial message storage means for classifying users for each of a plurality of types of attributes, and storing commercial messages produced targeting only users belonging to the classification for each classification;
Search means for storing user profile information as knowledge, and causing a user agent working for the user to search for a commercial message stored in the commercial message storage means;
And a commercial message providing means for providing the commercial message searched by the search means to a user who owns the user agent.
[0207]
As a result of adopting such means, a commercial message is produced for each user classified into a plurality of types of attributes, targeting only the users belonging to the classification, and the user agent selects a user from among such a plurality of commercial messages. Commercial messages that are likely to be preferred are retrieved and selected and provided to the user. As a result, a fine commercial message suitable for the user can be provided for each user, and waste that the commercial message unnecessary for the user is provided to the user can be prevented as much as possible.
[0208]
The database 56 constitutes commercial message storage means for classifying users into a plurality of types of attributes and storing commercial messages produced by targeting only users belonging to the classification for each classification. The telescript engine 57 has search means for storing user profile information as knowledge and allowing the user agent 26 working for the user to search for commercial messages stored in the commercial message storage means. . Commercial message providing means for providing the commercial message searched by the search means to the user who owns the user agent by the SA76 to SA80, SA89 to SA93, the Internet 13, the broadcasting stations 2, S2, and S11 to S16. Has been.
[0209]
As a specific example of classifying the user into a plurality of types of attributes, for example, the user is classified according to age, sex, academic level, occupation, user consumption trend, user preference, etc. Can be considered. As the broadcast time of a commercial message inserted between contents such as programs, a plurality of types of broadcast times such as 20 seconds, 40 seconds, 60 seconds, 80 seconds, 100 seconds, etc. are standardized in advance. The plurality of commercial messages stored in the commercial message storage means are also produced so as to fit within the standardized time by broadcasting one message or a plurality of messages in combination.
[0210]
On the other hand, when a program including a commercial message is broadcast from the broadcast station 2, data for specifying the broadcast time of the commercial message is broadcast immediately before switching from the program broadcast to the commercial broadcast. On the user side, information specifying the broadcast time of the commercial message is received by the personal computer 14 or the like, and switched to the commercial message searched by the user agent for the commercial message broadcast time specified based on the information, and broadcasted.
[0211]
On the other hand, in some cases, the user may watch programs other than the programs that are selected and reserved in advance by the user agent. As a method for dealing with this, the user agent searches for commercial messages in advance for all sponsors of the program broadcast on the day. For example, it may be stored in a hard disk or the like of the user's personal computer 14.
[0212]
It is desirable to store a plurality of types of commercial messages by searching for and storing a plurality of types of commercial messages so that the user does not get bored by replacing the types of commercial messages.
[0213]
On the other hand, the user agent does not search for commercial messages that the user does not need at all, for example, commercial messages such as beer and whiskey for users who do not accept alcohol at all. As a result, an unfair situation arises in such a case that the commercial message of the sponsor is not broadcast to the user even though the program is sponsored by the user. Therefore, for example, in a certain area, it is desirable to install an adjusting means for adjusting the number of commercial messages between sponsors to be equal.
[0214]
As a method of broadcasting a commercial message using the satellite broadcast shown in FIG. 1, for example, a satellite broadcast that broadcasts only commercial messages one after another is opened over one channel or many channels, and a user agent stores the commercial message in the commercial message storage means. Data that can specify the date and time when the commercial message accessed, searched and selected is broadcast by satellite broadcasting is transmitted to the user's personal computer. When the user's personal computer 14 receives the date and time of transmission, the user's personal computer 14 tunes to the transmitted channel, catches the broadcast radio wave, and stores a commercial message as the broadcast content in a hard disk or the like.
[0215]
At the stage where the user agent searches for a commercial message for almost all sponsors and stores it in the hard disk or the like of the user's personal computer 14, the new commercial message is only generated when a new commercial message is created for a certain sponsor thereafter. If the user agent searches for the message and determines that it is necessary, the commercial message is stored in the hard disk or the like of the user's personal computer 14. A commercial message that has been deleted for a certain sponsor is deleted from the hard disk if the commercial message is stored in the hard disk of the personal computer 14.
[0216]
In that case, every time a commercial message newly created and newly stored or an old and erased commercial message is generated in the commercial message storage means, for example, the push personal computer 14 is used to that effect. Is transmitted. The user's personal computer 14 updates the stored contents of the hard disk based on the transmitted information.
[0217]
Further, when it is desired to obtain more detailed data about the commercial message searched by the user agent 26, the address of the WWW server for the commercial message so as to be accessible by accessing a predetermined WWW server via the interface 13. Is preferably transmitted to the user's personal computer 14. The address data of the WWW server is transmitted using, for example, satellite data distribution / broadcasting or data multiplex broadcasting using terrestrial waves for television broadcasting.
[0218]
(3) In the above-described embodiment, as shown in FIGS. 22 to 24, a system (or method) for ensuring the security of information such as paid content is disclosed.
[0219]
The present invention relates to a security system (or a method for ensuring security) for information provided from an information provider side to an information requester side.
[0220]
As a technology for ensuring this kind of security, for example, if paid content is purchased by a certain user, for example, if the paid content is encrypted, the encrypted content is encrypted from a broadcasting station, for example. To be broadcast. The user who purchased the encrypted content is notified in advance of the broadcast date and channel of the encrypted content, and the user receives the broadcast of the encrypted content and sends the encrypted content to a VTR or the like. Record. Then, a pay content provider distributes a key for decrypting and reproducing the encrypted content to an authorized user who purchased the pay content. The legitimate user decrypts the encrypted content recorded in the VTR or the like using the distributed key, plays it back, and browses it.
[0221]
In the case of such a conventional technology, since encrypted content is broadcast over a wide area by radio wave media (wireless media), many other users other than legitimate users who pay for paid content are encrypted. Paid content can be received. When many other users than the regular user receive and record the above-mentioned encrypted paid content, the key for decrypting the encrypted content distributed from the content provider is used thereafter. By simply obtaining (hereinafter simply referred to as a decryption key) by some method, the encrypted content can be decrypted and reproduced and viewed. As a result, there arises a disadvantage that a large number of users who have not paid a fee for pay content can reproduce and view the pay content.
[0222]
Therefore, the decryption key FK is encrypted with the public key PKU of the authorized user who has paid the fee, and E_PKUDistribution in the form of (FK) to the regular user via the Internet or the like can be considered. In that way, many other users can use this E_PKUEven if (FK) is intercepted, unless it has the secret key SKU of the legitimate user who has paid the fee, it cannot be decrypted and the decryption key FK cannot be reproduced, and security seems to be maintained for the time being.
[0223]
However, all members of a group receive the broadcast of the encrypted content data, and one of the members pays the fee as a representative._PKU(FK) is received, decrypted with the secret key of the representative, and D_SKU{E_PKU(FK)} is calculated to reproduce the FK, and when the FK is distributed to all the other members of the group, a large number of people receive encrypted content data even though they only pay for one person. It becomes possible to browse.
[0224]
The present invention has been conceived in view of such circumstances, and its purpose is to prevent unauthorized use of information other than authorized ones having authority to use information such as paid content as much as possible. is there.
[0225]
In order to achieve such an object, the present invention employs the following means.
[0226]
A method for ensuring security for information provided to an information requester by an information provider,
A conversion step of converting the information according to an algorithm using a first key on the information provider side;
A conversion information providing step of providing the information requester side with the conversion information converted by the conversion step;
A second key generation step of generating a second key on the information provider side;
Providing the second key generated by the second key generation step to the information requester side, and
In the second key generation step, the conversion information is converted according to an algorithm using the second key and the conversion according to an algorithm using the secret key of the information requester side. A method for ensuring the security of information, comprising generating the second key determined so that the information can be reproduced on condition that the processing is performed.
[0227]
Further, as another means for achieving the above-described object, the present invention may adopt the following configuration.
[0228]
A security system for information provided by an information provider to an information requester,
Conversion means for converting the information according to an algorithm using a first key on the information provider side;
Conversion information providing means for providing conversion information converted by the conversion means to the information requester side;
A second key generating means for generating a second key on the information provider side;
And second key providing means for providing the second key generated by the second key generating means to the information requester side,
The second key generation means converts the conversion information according to a certain algorithm using the second key and a conversion according to an algorithm using the secret key of the information requester side. A security system for information, characterized in that the second key defined so that the information can be reproduced on condition that processing is performed.
[0229]
As a result of adopting such means by the present invention, when the encrypted information is decrypted and reproduced, the information provider side uses the private key of the legitimate information requester side to whom the information is provided. Processing is essential. As a result, in order to decrypt and reproduce the encrypted information, it is necessary to obtain the secret key on the regular information requester side. However, a secret key is a property that must maintain confidentiality, and is unlikely to be lent to someone else for use. Therefore, it is generally not considered that a person other than the legitimate information requester obtains a secret key from the legitimate information requester, and a person other than the legitimate information requester decrypts the encrypted information. Can be prevented as much as possible.
[0230]
In the second key generation step (second key generation means), after the conversion process is executed on the conversion information according to an algorithm using the second key, the information requester side It is desirable to generate the second key determined so that the information can be reproduced on condition that a conversion process according to an algorithm using a secret key is performed.
[0231]
A conversion step (conversion means) that converts the information according to an algorithm (exclusive OR) using a first key (random number RN) on the information provider (content provider 7) side by the SF22 to SF24. It is configured. The conversion information (A (+) RN) converted by the conversion step (conversion means) by the SF25 to SF28, broadcasting stations 2, S7, S23, S8, S24, S2, and S11 to S16 is converted into the information requester ( A conversion information providing step (conversion information providing means) to be provided to the user) is configured.
[0232]
The SH5 constitutes a second key generation step (second key generation means) for generating a second key on the information provider side. A second key providing step (second key provision) of providing the second key generated by the second key generation step (second key generation means) to the information requester side by SH5 and SF23. Means).
[0233]
The second key generation step (second key generation means) uses the second key (I1, I2,... In) for the conversion information (A (+) RN). The information (content) on condition that the conversion process according to the exclusive OR) and the conversion process according to an algorithm (exclusive OR) using the secret key (SKU) on the information requester side are performed. The second key (I1, I2,... In) determined so that A) can be reproduced is generated.
[0234]
(4) In the present embodiment described above, as described with reference to FIG. 21, an invention for preventing unauthorized copying of information is disclosed.
[0235]
The object of the present invention is to prevent unauthorized copying, and in order to achieve the object, the following means are adopted.
[0236]
Key information for decrypting the encrypted information is embedded in the encrypted encrypted information, and key reading means for reading the key information (MPEG2, decryptor 82, digital watermark detector 83). When,
Decryption means (IC card 65, TV16, personal computer 14) for decrypting the encrypted information using the key read by the key reading means and reproducing the information,
The decryption means is incorporated in an output device (a personal computer 14 having a TV 16 and a CRT 52) that outputs the reproduced information so that the user can recognize it.
[0237]
(5) The IC card 65 may store not only the agent knowledge data but also the user agent 26 program itself. In such a configuration, the agent knowledge data and the user agent program itself are always recorded on the IC card carried by the user, so that the agent knowledge data is peeped by others. In addition to reducing the risk, the inconvenience of using the user agent by another person can be prevented as much as possible. In addition, when a user wants to use his own user agent using a personal computer installed in his office, etc., it becomes possible by inserting the portable IC card 65 into the personal computer. It is not necessary to have the user agent program and agent knowledge data transmitted from the personal computer 14 at home. The EEPROM 94 of the IC card 65 constitutes agent knowledge data storage means for storing agent knowledge data. The EEPROM 94 of the IC card 65 constitutes agent program storage means for storing the agent program. The agent program stored in the agent program storage means is an agent that works for the owner of the IC card.
[0238]
Instead of SXAL / MBAL shown in FIG. 15, an RSA public key cryptosystem or an elliptic curve cryptosystem may be used.
[0239]
The wireless devices 71 and 72 and the antennas 76 and 77 constitute a wireless media utilization type information communication means for performing communication of information between the content provider and the third party using the wireless media. Yes.
[0240]
Whether or not what has been accessed through S22, S22a, S22b is a third party institution established to handle a specific job that requires neutrality that is unsuitable for one or both parties. Third-party organization authentication means for authenticating The S15 constitutes commercial message editing means for replacing the commercial message inserted and broadcast between programs with the commercial message searched by the user agent and editing it. By the S16, switching broadcast means for switching the commercial message inserted and broadcast between programs to the commercial message searched by the user agent and broadcasting it is configured.
[0241]
The SA10 constitutes a destination plan registration means for registering a destination schedule of the user agent. The SA45 constitutes a seconding request processing means for performing processing for requesting a third party agent to be seconded. SA49 constitutes third-party organization moving means for the user agent to move to the third-party organization.
[0242]
SA68 to SA72 constitute a purchase procedure means for performing a purchase procedure by the user agent. The purchase procedure means includes digital signature means (SA70, SA71, SA72) for performing a digital signature of the user for the purchase procedure. This digital signature means has a function of performing a double signature of order information that can specify a purchase target and a payment instruction that can specify a payment method. SB20 to SB27 and SB4 to SB31 constitute a digital signature generating means for generating the digital signature of the user. The digital signature generation means has a function of generating the double signature.
[0243]
By SA73 and SA74, a destination selection moving means is constructed in which the user agent moves by searching for a place where the user agent clone is not stationed and avoiding where the user agent clone is already stationed. SA81 to SA83 and SA88 to SA92 constitute user agent resident evaluation means for evaluating a commercial message when the user agent is resident and a new commercial message is produced.
[0244]
When a user agent or the like moves to a foreign site or the like, it may be necessary to check in which country the agent has moved. Just as a human needs a visa (entry permit) to go abroad, an agent checks the visa (entry permit) equivalent and the agent's entry It is desirable to determine whether or not to permit this.
[0245]
Therefore, nationality certification data for checking in which country the agent who accesses the agent works for the user or the merchant in the country is given to the agent. This nationality certification data is issued to an agent who intends to go abroad by a nationality certificate issuing organization such as the above-mentioned third party organization. The nationality certificate issuing institution is registered with the agent's public key and, if necessary, a private key. The nationality certificate issuing institution uses the public or private key to verify the identity of the agent. And issue a nationality certificate to the agent. And when the agent accesses a foreign site and tries to move to that site, the site uses the public key or secret key of the agent to verify the identity of the agent, Check the nationality certificate held by the agent to determine whether or not to allow access.
[0246]
On the other hand, instead of issuing the nationality certificate, an entry permit may be issued to the agent that the agent may enter the foreign country to which the agent intends to move. In such a case, as described above, the immigration institution, which consists of a third-party organization, etc., confirms the identity of the agent using the registered public key, private key, etc. Issue an immigration certificate to the agent.
[0247]
As described above, an embodiment in which the public key and secret key stored as knowledge by the user agent 26 and the like are the same public key and secret key as the user of the user agent 26 has been described. A public key or secret key different from the user's public key or secret key may be stored in the user agent 26 or the like. By doing so, when the user agent 26 performs a digital signature or the like, it becomes possible to determine later whether the user himself or herself has made a digital signature or whether or not the user agent has made a digital signature. In this way, when different keys are used for the user and the agent, the user's public key or secret key and the agent's public key or secret key are registered with the key registration authority that registers the public key or secret key. It is desirable to associate and register.
[0248]
In the above-described embodiment, the third-party agent has been shown to monitor whether or not one or both parties are illegal as the execution of the requested work. The third party agent patrols the network, and the third party monitoring agent interrogates the user agent and the vendor side agent on the place where the third monitoring agent visits. The presence / absence may be monitored.
[0249]
The agent's past work history data such as which site the user agent or the like visited in the past and what work was performed for whom may be stored in the agent. By doing so, when distributing tasks using a so-called contract net, the manager side can determine which contractor (agent) is suitable for executing the task based on the work history data. And a designated-award can be made to the appropriate contractor (agent). The contract net is a model for dividing a problem through negotiation of a large number of processing modes and assigning a sub-problem (called a task) to each mode.
[0250]
[Specific examples of means for solving the problems]
The content provider 7 and the user or the CM producer 10 and the user constitute a party. SA44 and SA47 constitute specific work determination means for determining that a specific work requiring neutrality unsuitable for one or both of the parties has occurred. The third party agent 29 and the third party resident agent 28 constitute a third party agent that is neutral to both parties. The third-party agent is not limited to an agent that is operated and managed by the third-party organization 8; for example, the third-party agent works on the same place as the place in the telescript engine where the party agent works. This third party agent may be configured by other agents.
[0251]
Work request means for requesting the specific work to a third party agent having neutrality to both parties according to the determination result of the specific work determination means by SA45, SA64 or SA49 to SA53 or SA60 or SA69, SA70 Is configured. The work requested by the work request means is executed on behalf of the third-party agent (flow charts shown in FIGS. 7 and 8). The third party organization 8 constitutes a third party organization established to process the specific job. The third-party agents (third-party agency agent 29, third-party agency resident agent 28) are agents that are operated and managed by the third-party agency and developed to perform the specific job.
[0252]
The user agent 26 and the destination agent 27 constitute a party agent that works for each side of the party. The specific job determination means is a selfish action (for example, illegal take-back of paid content or false charge for paid content) that is advantageous to the position of the party agent when the party agents are operating in cooperation with each other. In the case where there is a possibility of performing the evaluation of the above, it is determined that the specific work has occurred.
[0253]
The database 19 constitutes content storage means for storing paid content. A content provider that provides stored content in the content storage means is configured by the content provider 7. A user who resides in the user's home 17 constitutes a user who desires to search for whether or not there is content desired to be obtained in the content provided by the content provider. Then, the specific job determination means determines that the user-side agent (user agent 26) of the party agents desires to search for the paid content stored in the content storage means (YES is determined by SA43). If the specific job has occurred, it is determined.
[0254]
Further, the third-party agent has a monitoring function (SC6, SC18) for monitoring whether one or both of the parties are illegal through the execution of the requested job.
[0255]
The SA43, SA44, SA67, and SA58 constitute a specific job determination step for determining that a specific job that requires neutrality unsuitable for one or both of the parties has occurred. The SA45, SB1, SB5, SB6, SA49, SA50, and SB7 to SB9 constitute a third-party agent procurement step for procuring a third-party agent that is neutral to both parties. Procured in the third-party agent procurement step when it is determined in SA45, SA46, SA64, SA49 to SA53, SA69, SA70, SA60 that the specific job has occurred in the specific job determination step. A job request step for requesting the third party agent for the specific job is configured. Then, the specific job requested by the third party agent requested in the job requesting step is executed (the flowcharts shown in FIGS. 7 and 8).
[0256]
The telescript engine 22 and the database 23 constitute an agent providing apparatus for providing a third party agent. The database 23 constitutes agent storage means for storing a plurality of types of third party agents. When the telescript engine 22 requests that the work be performed on behalf of a party agent by a third party agent, a third party of a type corresponding to the party agent to be represented Agent search providing means for searching for and providing an agent from the third party agents stored in the agent storage means is configured.
[0257]
An agent that works for the user side by the user agent 26 and is configured by a mobile agent that moves and operates on the network is configured. The content provider 7 constitutes a service provider that meets the user's request. The destination agent 27 constitutes a trader side agent that works for the service trader side. The computer 22a having the place 25 of the third party organization 8 functions as a working area for the user-side agent and constitutes a secret holding working area that can prevent secret leakage.
[0258]
The user-side agent stores secret data (secret information SI) to be kept secret as the knowledge in a manner (encrypted) in which the confidentiality can be maintained, and the user-side agent moves to work. When it is necessary to use the secret data when performing (when YES is determined by SA44), the user-side agent moves to the secret holding working area (SA49), and the secret data is stored. The confidentiality of the secret data is canceled in the holding working area (SA50, SA51), and the work can be executed.
[0259]
The user side agent encrypts and holds the secret data (see FIG. 14). Then, after the user-side agent moves to the secret holding working area, the encrypted secret data can be decrypted and reproduced (SA50, SA51).
[0260]
In addition, the user-side agent does not have a decryption key (SK1) used for decrypting the secret data, and after moving to the secret holding working area, the user side agent ordered the secret holding working area The secret data can be decrypted using the decryption key (SA50, SA51, SC2, SC11, SC12).
[0261]
The secret data includes a secret key (SKU) for user authentication (see FIG. 14).
[0262]
Recording medium recording agent program used for multi-agent system in which agents having independent knowledge operate cooperatively by CD-ROM 68b or IC card 65, and which works for one side of the parties Is configured. The program recorded on this recording medium is executed by both the first meeting means (SA32, SA45, SA55, SA60, SA62, SA68, SA72) for meeting with the other agent of the party on the computer. When a specific job requiring neutrality that is unsuitable for the second party occurs, a meeting is made with a third party agent (third party resident agent 28, third party agency agent 29) having neutrality for both parties. 2 meeting means (SA50, SA51, SA64, SA70) and information (user profile information 96, etc.) necessary to have the third party agent perform the specific job on behalf of the third party agent. For functioning as necessary information notifying means (SA64, SA70, SA51) A.
[0263]
Other examples of specific tasks that require neutrality unsuitable for one or both of the parties described above include arbitration in the event of a conflict between party agents and the determination of which agent is correct Probing by a third party to prove that one or both of the party agents are really the right party agents is conceivable. In other words, this specific job covers all jobs that require neutrality that are difficult or impossible to solve by the parties alone.
[0264]
[Effects of specific examples of means for solving the problems]
  Regarding claim 1,The third party agent who is neutral to both parties consisting of the seller and the consumer user is requested to search the contents of the content to be sold by the seller, and The user's profile information used for the search is notified, and based on the notified user's profile information, the third party agent searches the contents of the content to be sold by the seller.While maintaining neutrality to act on behalfSearch for content for saleIs possible.
[0266]
  With respect to claim 2, in addition to the effect of claim 1, in the case of performing a search based on the content summary, the agent on the user sideBodyWhen the search is executed and the search is performed based on the contents of the content, a search request is made to the third party agent, and a proxy search is performed by the third party agent. It is possible to prevent as much as possible the inconvenience caused by the selfish action by the party agent during the search.
[0269]
  ContractClaim3With regard toOrClaim2In addition to the effect, the user's profile information is updated based on the user's response to the results of the third party agent searching the content of the seller's content for sale based on the profile information, The more it is used, the more the user's profile information becomes suitable for the user, and the user's satisfactory work can be performed.
  Claim4In addition to the effect of claim 1, when a search request is made by the search request means, a third-party agent of a type corresponding to the party agent to be represented is searched and provided. A suitable agent similar to the party agent can be appointed as a third party agent acting on behalf of the party agent.
[0271]
  Claim5With regard to the above, it is possible to have a third-party agent having neutrality for both parties consisting of a seller and a consumer user perform a search on the contents of the content to be sold by the seller.
[Brief description of the drawings]
FIG. 1 is an explanatory diagram for explaining search and distribution of information.
FIG. 2 is an explanatory diagram for explaining operations of various agents;
FIG. 3 is a flowchart showing a control operation of the personal computer.
FIG. 4 is a flowchart showing an operation of a user agent.
FIG. 5 is a flowchart showing an operation of a user agent.
FIG. 6 is a flowchart showing an operation of a user agent.
FIG. 7 is a flowchart showing the operation of a third-party agency resident agent.
FIG. 8 is a flowchart showing the operation of a third-party agency agent.
FIG. 9 is an explanatory diagram for explaining an operation of an agent for searching for a CM;
FIG. 10 is a flowchart showing an operation of a user agent.
11A is a flowchart showing the operation of the CM place resident agent, and FIG. 11B is a flowchart showing the control operation of the information processing computer of the CM producer.
FIG. 12 is a display screen view of a commercial message displayed by a CRT of a user's personal computer.
FIG. 13 is a block diagram showing a control circuit between a communication device of a content provider and a personal computer of a user.
FIG. 14 is a block diagram showing a control circuit and recording information of a user's IC card.
FIG. 15 is a schematic explanatory diagram of an encryption method SXAL / MBAL.
FIG. 16 is a flowchart showing the control operation of the communication device of the content provider.
FIG. 17 is a flowchart showing a control operation of a user's personal computer.
FIG. 18 is a flowchart showing a control operation of user authentication processing.
FIG. 19 is a block diagram illustrating a control circuit for preventing unauthorized copying of content.
FIG. 20 is an explanatory diagram showing another example of information search and distribution;
FIG. 21 is a block diagram illustrating another example for preventing unauthorized copying of content.
FIG. 22 is a flowchart illustrating another example of the control operation of the communication device.
FIG. 23 is a flowchart illustrating another example of user authentication processing.
FIG. 24 is a flowchart showing another example of the control operation of the user's personal computer.
[Explanation of symbols]
1 is satellite
2 is a broadcasting station
10 is the CM producer
11 is a program related data producer
7 is a content provider
8 is a third-party organization
14 is a personal computer
16 is TV
15 is VTR
13 is the Internet
26 is a user agent
27 is the destination agent
28 is a third party resident agent
29 is a third-party agency agent
19, 23, 56, 70 are databases
52 is CRT
50 is the IC card slot
18, 22, and 57 are telescript engines
24, 25 and 58 are places
3 is a communication device
59 is a resident agent
69 is the management server
68b is a CD-ROM
65 is an IC card
96 is profile information
82 is an MPEG2 decoder
83 is a digital watermark detector
86 is APS

Claims (5)

An anti-fraud system when buying and selling using an agent as an autonomous software module acting on behalf of a user,
A third party agent that is neutral to both parties consisting of a merchant and a consumer user, and stores a third party agent for searching the contents of the content to be sold by the merchant A third-party computer with
Search request means for requesting the third party agent stored in the third party organization computer to search the contents of the content to be sold by the seller;
Profile information notifying means for notifying the third party agent requested for search by the search request means for notifying the user profile information used for search,
The third-party agent has a notification function of searching the contents of the content to be sold by the seller based on the notified user profile information and notifying the search result, A fraud prevention system for notifying the evaluation result of the contents of the content. The search request unit, when the parties between agents that work for each side of the party is operating in cooperation, the user side of the agents themselves in case of a search based on a summary of the content 2. The fraud prevention system according to claim 1, wherein the search request is made to the third-party agent when the search is executed and the search is performed based on the content. The user's profile information is updated based on a user's response to a result of the third party agent searching the contents of the content to be sold by the seller based on the profile information. The fraud prevention system according to claim 1 or 2 . An agent providing apparatus for providing a third party agent used in the fraud prevention system according to claim 1,
Agent storage means for storing multiple types of third party agents;
When there is a search request by the search requesting means, a search is made from among the third party agents stored in the agent storing means for a type of third party agent corresponding to the party agent to be represented. And an agent search providing means for providing the agent. An anti-fraud method when buying and selling using an agent as an autonomous software module acting on behalf of the user's work,
A third party agent that is neutral to both parties consisting of a merchant and a consumer user, the third party agent for searching the contents of the content to be sold by the merchant; A search request step for requesting a search for the contents of the content to be sold by the merchant;
A profile information notifying step for notifying the third party agent requested for search by the search request means of the profile information of the user used for the search,
The third-party agent has a notification function of searching the contents of the content to be sold by the seller based on the notified user profile information and notifying the search result, An anti-fraud method characterized by notifying an evaluation result of contents of the content.

Images