JP4678881B2 - Information processing method, information processing system, program, and storage medium - Google Patents

Description

  The present invention relates to an information processing method, an information processing system, a program, and a storage medium.

  In recent years, with the spread of the Internet, the sales business through distribution using digital content networks has attracted attention. However, in general, the copyright of digital contents is protected, and there is a problem of unauthorized use that is used without paying for it.

  Thus, for example, copyright protection technology using encryption / authentication technology has appeared, such as MagicGate (registered trademark) of Sony Corporation. However, such a technique has a problem that a special recording medium having an encryption / authentication function such as a memory stick must be used. In addition, it has become a method that cannot take advantage of the convenience of digital content copy distribution.

  In addition, conventional content sales are a way of paying the price of the content itself from the user, and there is no difference in the fee paid by the user even if the content is used much or little. It was an inconvenient purchase method.

  As a method for improving such a problem, there are techniques described in Patent Documents 1 and 2 owned by Xerox Corporation of the United States.

  According to Patent Documents 1 and 2, the right to use and charge appropriate to the digital work are attached, stored in the first repository, the second repository starts a session with the first repository, and the second The first repository requests access to the digital work, the first repository checks the usage rights corresponding to the digital work, checks the permission to access the digital work, and if access is denied, the first repository Terminates the session with an error message, and when access is granted, the first repository transfers the digital work to the second repository.

  As a result, when the digital work is transferred to the second repository, the first repository and the second repository generate billing information to the credit server, respectively. Try to prevent.

  In these technologies, free distribution that protects the copyright of digital contents is hindered. Patent Documents 1 and 2 disclose a method for charging a digital content usage fee according to the usage content (how much it is used) and protecting the copyright.

US Pat. No. 5,629,980 JP-A-8-263438

  However, in the above-described conventional example, when the user pays a price in advance and receives a service, the user can set a usage right desired by the user and cannot receive a service according to the set usage right.

  The present invention, for example, allows a user to select service usage conditions, generates usage right information based on the selected usage conditions, and provides the service to the user according to the generated usage right information. An information processing method, an information processing system, a program thereof, and a storage medium are provided.

In order to achieve the above object, the method according to the present invention comprises:
Services and providing apparatus, a first server capable of communicating via the service providing device and the network, the previous SL service providing apparatus and said first server and a second capable of communicating via the network server, the An information processing method using a service providing apparatus and a user terminal capable of communicating with the first server via the network ,
Service selection means of said first server, according to the access received via the network from the user terminal, and a service selection step of selecting a usage rule of the service to User chromatography THE,
Generating means of said first server, a generation step for generating data for performing the usage right information and the service that describes the usage condition of the service on the basis of the selected usage condition,
Transmitting means before Symbol first server, a transmission step of holding transmits data for performing the service to the service providing device,
A holding step in which holding means of the second server receives and holds the usage right information generated in the generating step from the first server;
Processing control means of the previous SL service providing device receives the usage right information held in said holding step from the second server, corresponding to the data for executing the service that is transmitted in the transmission step Controlling according to the usage right information and controlling to provide a service to the user terminal ;
A distribution step of distributing the data for executing the service and the usage right information to another service providing apparatus ;
In the generating step, by describing restriction information for restricting distribution of data for executing the service with respect to the usage right information, data for executing the service from the other service providing device further It is characterized by generating usage right information that is restricted from being distributed .

Services and providing apparatus, a first server capable of communicating via the service providing device and the network, the previous SL service providing apparatus and said first server and a second capable of communicating via the network server, the An information processing system comprising a service providing device and a user terminal capable of communicating with the first server via the network ,
The first server is
According to the access received via the network from the user terminal, a service selection means for selecting a use condition of the service to User chromatography THE,
Generating means for generating data for performing the usage right information and the service that describes the usage condition of the service on the basis of the selected usage condition,
Data for performing pre-SL service and a transmitting means for holding and transmitted to the service providing device,
The second server is
Holding means for receiving and holding the usage right information generated by the generating means from the first server;
Before Symbol service providing apparatus,
Wherein said usage right information held by the holding means received from said second server executes in accordance with the usage right information processing corresponding to the data for executing the service transmitted by the transmitting means, Control means for controlling the user terminal to provide a service ;
Distribution means for distributing the data for executing the service and the usage right information to another service providing device ;
The generating means further describes data for executing the service from the other service providing apparatus by describing restriction information for restricting distribution of data for executing the service to the usage right information. It is characterized by generating usage right information that is restricted from being distributed .

In order to achieve the above object, a storage medium according to the present invention is a computer-readable storage medium storing a program for causing a computer to execute the information processing method.
In order to achieve the above object, a program according to the present invention causes a computer to execute the above information processing method.

  According to the present invention, the service providing side causes the user to select a service usage condition, generates usage right information based on the selected usage condition, and provides the service to the user according to the generated usage right information. Thus, it is possible to provide a flexible service.

  Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the drawings. However, the relative arrangement of components, the display screen, and the like described in this embodiment are not intended to limit the scope of the present invention only to those unless otherwise specified.

(First embodiment)
FIG. 1 is a block diagram showing an overall configuration of a content distribution system according to an embodiment of the present invention. The present embodiment is a technique for managing licenses via the Internet or other electronic communication means, and is used, for example, to enable copyright protection and usage control when distributing digital contents over the Internet. Is preferred.

  Further, the present invention is suitable for a device usage management system that manages usage rights of Internet connection devices and charges usage fees. In addition, it is suitable for any system that requires authentication to be concentrated.

  In FIG. 1, reference numeral 1 denotes an Internet network. Reference numeral 2 denotes a client PC (user terminal) used by the user, which is connected to the Internet 1 using protocols such as HTTP, FTP, POP3, and SMTP.

  Reference numeral 3 denotes a commerce server on which digital contents for sale are placed, which is also connected to the Internet 1. Reference numeral 4 denotes a content execution device as an output device that provides digital content stored in the commerce server to the user. The content execution device is a device such as a network compatible digital copying machine that downloads digital content from a commerce server and displays or prints it.

  The content execution device 4 has a function of connecting to the Internet and operating as a Web server, and further has, for example, a display of 640 × 480 dots as display means. In addition, the content execution device 4 uses, as an operation means, for example, a touch panel that allows the user to specify the position by pointing the display screen with a finger to operate the U / I, a numeric keypad, and a keyboard image displayed on the display screen. You may also provide the soft keyboard etc. which can input a key by pointing. Further, the content execution device 4 includes software (OS, various protocols of the Internet, SSL, WWW browser, etc.) necessary for connecting to the Internet 1 and Java (registered trademark) VM (Java (registered trademark) Virtual Machine). Has an environment. The content execution device 4 is not limited to a digital copying machine, and may be, for example, a personal computer or a workstation.

  Reference numeral 5 denotes a usage right control server for restricting user authentication and content usage. The usage right control server 5 is also connected to the Internet 1. The commerce server 3 and the usage right control server 5 may be a single server that combines the same functions into one.

  A portable information terminal 6 such as an IC card or a PDA has an interface such as Bluetooth (registered trademark) for communicating with at least the content execution device 4. Further, the terminal 6 has tamper resistance.

  Reference numerals 11, 12, and 13 denote content packages, use tickets, and license controls, which indicate data handled in the system.

  This content distribution system has a membership system, and each member is assigned a user ID. Each member (user) has secret key data of a public key cryptosystem such as RSA, and the secret key data is kept secretly in the terminal 6 which is a property of the user.

  The usage right control server 5 stores and manages the public key data corresponding to the member's private key as a key database for all member user IDs.

  In the system shown in FIG. 1, a user who desires to purchase digital contents first accesses the commerce server 3 on the Internet using a browser and communication means installed in a terminal 2 such as a personal computer or a digital multifunction peripheral. When the user finds a favorite content in the commerce server 3, the user designates the digital content, and selects a desired usage condition (for example, the data content) from usage modes permitted by the copyright holder (licensor) of the content. Select whether to use a copy, whether you want a printed material, or just display (within a predetermined range) (service selection).

  The commerce server 3 that has received the input from the user encrypts the designated digital content with the first encryption key, and includes a program (for example, a Java (registered trademark) applet format program including content information. Content package). Further, a usage right script expressed in a usage right language (XML or the like) is generated based on the selected usage conditions.

  Next, the commerce server 3 creates a license control including the content information, the second encryption key, and the usage right script. Further, a use ticket including a first encryption key, license control information, and a second encryption key is generated. Here, the license control information is information for specifying the created license control.

  The user downloads the content package from the commerce server 3 to the content execution device 4 that the user wants to retrieve the content, and downloads the use ticket from the commerce server 3 to the terminal 6 owned by the user.

  The license control is transferred from the commerce server 3 to the usage right control server 5 in order to generate authentication data. However, when the commerce server 3 has a function of generating authentication data, it may be held in the commerce server 3 as it is.

  Next, the user executes the content package on the content execution device 4. As a result, the content package communicates with the terminal 6 to read the license control information in the use ticket, and transfers the license control information to the usage right control server 5.

  The usage right control server 5 reads the license control specified by the received license control information from the license control database. Then, authentication data is created by encrypting data obtained by combining user information, content information, and a random number included in the read license control with the second encryption key. The usage right control server 5 transmits this authentication data to the content execution device 4. The content package decrypts the received authentication data with the second encryption key included in the use ticket or the third encryption key input by the user, and transmits the decrypted data to the usage right control server 5 again.

  The usage right control server 5 checks whether or not the decrypted data matches the data before encryption, and if they match, the usage right script is transmitted to the content execution device 4 assuming that the authentication is successful. The content package decrypts the content with the first encryption key included in the use ticket, and then performs printing, display, performance, distribution, etc. according to the usage conditions of the usage right script.

  Next, the processing performed in this system will be described in more detail with reference to the flowchart of FIG.

  FIG. 2 shows a processing procedure from when the user purchases content until the usage fee is charged. First, the user accesses the commerce server 3 from his terminal 2 using a Web browser such as Netscape Navigator (registered trademark) or Internet Explorer (registered trademark), and issues a content purchase instruction when the content to be purchased is found.

  Then, in step S201, the commerce server 3 displays the content transaction menu on the Web browser of the display of the terminal 2.

  FIG. 3 shows a content transaction menu screen. On the transaction menu screen, a content ID (301), a content name (302), a selectable usage right, and a charging method thereof are displayed. In the case of FIG. 3, only the “print” right (303) is displayed as the usage right, but “display” right, “copy” right, and the like may also be displayed.

  In FIG. 3, monochrome printing or color printing can be selected as a printing option. Here, the amounts displayed on 309, 310, 311 and 312 are automatically changed depending on whether monochrome printing or color printing is selected.

  Reference numerals 303, 304, 305, 306, and 307 in FIG. 3 are check boxes. When the user selects “print” 303, the user can then select an optional “monochrome” or “color”. FIG. 3 shows a state in which “color” is selected.

  Next, in step S203 in FIG. 2, the user selects either the actual charging method or the prepaid method as the charging method. This is done by checking one of the check boxes 304, 305. When the performance charging method is selected, the basic fee for printing is 300 yen, and 1200 yen is charged for each printing.

  When the prepaid method is selected, the user can further select whether to pre-pay the printing fee for two times (A) or whether to pre-pay for ten times (B). Here, if prepaid (A) for two times is selected, a fee of 2000 yen is required for two times of printing. If the prepaid (B) for 10 times is selected, it is necessary to prepay a fee of 9000 yen for 10 times of printing.

  When the other button 308 is clicked with the mouse, the screen shifts to a prepaid fee selection screen (not shown) in the case of the number of printings other than A and B, and the user can make another selection.

  In addition, a user-specific password (hereinafter referred to as a user key) is entered in the text box 313. 314 is an OK button and 315 is a cancel button. When the cancel button 315 is pressed, the input information is cleared and a re-input state is entered. When the OK button 314 is pressed, the information input in the transaction menu is sent to the content commerce server 3, and the process proceeds to step S204 in FIG.

  Note that secure communication is ensured between the terminal 2 and the content commerce server 3 using a protocol such as SSL (Secure Sockets Layer).

  When the commerce server 3 receives the information specified by the user in the transaction menu of FIG. 3, in step S204, the commerce server 3 encrypts the content data and generates a content package.

  When content data is encrypted, the content data is encrypted by a common key encryption method such as DES using an encryption key (referred to as a content key). A predetermined content key may be used, or a content key created for each content, each transaction, or each user may be used.

  The content package also includes content information such as a content ID and a content name.

  In addition, the commerce server 3 generates a usage right script described in an XML grammar language called Usage Right Script (hereinafter abbreviated as URS) from the usage conditions selected by the user in the transaction menu.

  An example of URS is shown in FIG. In the URS sample of FIG. 4, 401 is content information, 402 is licensor information, 403 is licensee information, 404 is a play (display) rights code, 405 is a print rights code, and 406 is a description of a copy rights code. is there. According to the description of 405, printing is performed in color, and a fee of 2000 yen is charged for two printings. Reference numeral 406 denotes a right description for copying and distributing the right of the content.

  The commerce server 3 combines the URS, the user key input in the text box 313, the content information, and the license control ID into the license control 13 and transmits it to the usage right control server 5. The license control ID is an ID number uniquely assigned to the license control.

  FIG. 5 shows the structure of the URS grammar. 501, 510 to 513, and 520 to 522 in FIG. 5 are all text data sandwiched between XML tags. For example, 511 is surrounded by a content tag and has a form of <content> to </ content>.

  Reference numeral 501 denotes an entire script, 510 is a header part, and content information 511, licensor (person who licenses the content) information 512, and licensee (person who receives the license to use the content) information are included in the header part 510. 513 and sender information 514 are included.

  Subsequent to the header portion 510, a main body 520 describing the conditions of usage rights is described. The main body 520 includes an array of right codes 521. In the fee information 522, billing information when the user (licensee) uses the right code 521 is described.

  The URS has a hierarchical structure, meaning that the description content of the lower block is surrounded by tags of the upper block. Rights codes include Play, Print, Copy, Transfer, Loan, and Delete.

  Play is the right to display / play / play the content, Print is the right to print the content, Copy is the right to distribute a copy of the content to the third party, Transfer is the right to transfer the content to the third party Loan is a right to temporarily lend the content to a third party, and Delete is a right to erase the content and receive a refund.

  In step S204, a use ticket is also generated. A content key, a user key, and a license control ID are stored in the use ticket.

  Next, in step S205, the user downloads a necessary file. The content package is downloaded to the content execution device 4 connected to the Internet. The use ticket is downloaded to the terminal 6, and the license control is transferred to the usage right control server 5 under the management of the content seller (licensor). When the usage right control server 5 is the same as the commerce server 3, the license control is placed on the commerce server as it is.

  When the terminal 6 does not have the Internet connection function, the use ticket is downloaded to the terminal 2 and then the use ticket is transferred from the terminal 2 to the terminal 6 through Bluetooth communication through user operation.

  In step S206, the user executes the content package on the content execution device 4. Since the content package is a Java (registered trademark) applet, it can be executed from a Web browser. In step S207, the content package first performs use qualification authentication to determine whether the user is a user who has purchased the content properly.

  FIG. 6 shows a specific protocol for authentication of the usage qualification. The content package first waits for a response from the terminal 6 via the Bluetooth interface built in the content execution device 4. The terminal 6 establishes a communication session with the content execution device 4 via the Bluetooth interface. Then, the license control ID (LC-ID) in the use ticket 12 stored in the terminal 6 is transmitted to the content package (1). Next, the content execution device 4 establishes a secure communication session such as SSL with the usage right control server 5.

  The content package sends the license control ID to the usage right control server 5 and requests to search for the license control corresponding to the use ticket 12 (2). The usage right control server 5 manages the license control 13 for licenses purchased by a large number of users as a database.

  The usage right control server 5 searches for the corresponding license control 13 and generates a random number. Data obtained by combining the user ID and content ID stored in the license control 13 and the random number is encrypted with the user key stored in the license control 13 or the public key of the user corresponding to the user ID, and the authentication data. Create The user's public key can be obtained by searching the key database with the user ID. Whether the encryption is performed using the user key or the public key of the user is distinguished depending on the security level determined by the license script. This security level is set in advance by the publisher, and is stored in the usage right script after the user presses the OK button 314 in FIG.

  Encryption using the designated character string as a key is a known technique such as a UNIX (registered trademark) Crypt program or DES. Alternatively, if the user key is encrypted as a public key of a public key cryptosystem by an encryption scheme such as RSA or PGP, the security becomes higher.

  The usage right control server 5 sends authentication data to the content execution device 4 and requests decryption of the authentication data (3). The content package transmits this authentication data to the terminal 6 through a session connected by Bluetooth and makes a decryption request (4). In response to this decryption request, the terminal 6 decrypts the received authentication data using the user key in the use ticket. Alternatively, if the authentication data is encrypted using a public key cryptosystem, the authentication data is decrypted using secret key data under the control of the user. This secret key is managed and stored in the terminal 6.

  Then, the decrypted authentication data is transmitted to the content execution device 4 through a session connected by Bluetooth communication (5). The content execution device 4 sends the received decrypted authentication data to the usage right control server 5 to request a check (6). The usage right control server 5 checks whether the authentication data before encryption is the same as the decrypted authentication data sent from the content execution device 4.

  If they are not equal, it is determined that the user of the content execution device 4 does not have a proper use qualification, an authentication error is transmitted to the content execution device 4, and the process is terminated. If they are equal, it is determined that the user of the content execution device 4 has usage qualification, and the URS in the license control is transmitted to the content execution device 4 (7). The processing up to this point ends the use qualification authentication, and then proceeds to step S208 to decrypt the content.

  The content execution device 4 checks and checks the user information to determine whether the transmitted URS is correct. If there is no problem, the content execution device 4 sends a content key transmission request to the terminal 6 (8). In response to this transmission request, the terminal 6 transmits the content key stored in the use ticket to the content execution device 4 (9). Then, the content execution device 4 decrypts the content with the content key from the terminal 6.

  At the same time, the content execution device 4 displays a usage menu on the display device based on the URS.

  For example, in the URS of FIG. 4, three rights of Play (display), Print, and Copy are displayed in the usage right menu. FIG. 7 is an example of the usage right menu. In FIG. 7, reference numeral 701 denotes a check box for selecting a usage right, 702 denotes an OK button for executing the selected usage right, and 703 denotes a cancel button for canceling the process.

  When the user selects a right to be executed (S209), the process proceeds to step S210, where payment capability is checked.

<When printing content>
First, a case where Print (print in FIG. 7) is selected will be described. In FIG. 4, since Print is a prepaid billing system for two times, the content package issues a request to the usage right control server 5 to check whether payment has been made or whether printing for two times has already been used (see FIG. 4). 10).

  The usage right control server 5 checks these, and if there is a problem, transmits a charging check error to the content execution device 4. When receiving the billing check error, the content package ends the process. At this time, the display may indicate that there is a problem with the payment ability.

  If there is no problem with the billing check, OK is transmitted (11). When the content package receives OK, the process proceeds to step S211. Run the content. Here, the Print right is executed. If the execution ends normally, the process proceeds to step S212, and the usage right control server 5 is requested to perform a charging process (12). In response to this, the usage right control server 5 charges the licensee described in the license control accordingly.

  The usage right control server 5 is provided with a storage area (account for accounts receivable) for storing the accounts receivable for the licensee, and the charged amount is additionally added to the accounts receivable account. For example, the account balance is charged to the licensee at the end of each month.

  In this case, since it is a prepaid billing method, when license control (including URS) is created (S204), it is added to the accounts receivable, and in step S212, a process of reducing the available remaining amount paid in advance is performed. . Further, when the right for which the performance charging method is set is executed, the amount of the condition specified in the URS in step S212 is added to the accounts receivable account.

<When distributing a copy of content to a third party>
Next, as another example, a case where the user selects copy distribution (3 in FIG. 7) in step S209 will be described. Copy distribution means that a user (hereinafter referred to as a distribution source user) distributes a copy of content to a third party (hereinafter referred to as a distribution destination user). The usage right script 406 of FIG. 4 shows the contents of the copy right for which the distribution source user has received a license. “prepaid =“ no ”” means that the distribution destination user is charged with the content usage fee, and “prepaid =“ yes ”means that the distribution source user prepays the content usage fee (excluding the fee in the actual charging method).

  The description enclosed in the next-copy-rights tag means that the copy right is deleted at the distribution destination. That is, the distribution destination user does not have a copy right.

  The description enclosed by the incentive tag designates the amount of the reward paid to the distribution source user (the reward for the copy distribution). In this case, 10 yen (specified by use = “10”) is paid to the distribution source user by the content licensor for each copy distribution.

  However, rate = “102” means that the distribution source user has contributed to the use or distribution of the content in the past, so it means a 2% increase. In other words, if copy distribution is performed 20 times, 10 × 20 × 102% = 202 yen is a reward for copy distribution.

  In addition, the description enclosed by extra tags defines the premium rate when the number of times of copy distribution increases. In this case, when the number of times of copy distribution reaches 100 times (specified by “use” of accumulation tag = “100”), 105% of the prescribed amount becomes a reward.

  In other words, if 100 copies are distributed, the reward is 10 × 100 × 105% × 102% = 1071 yen. Accumulation tag “reputant =“ yes ”specifies that the same premium rate of 105% is applied to 100 or more copy distributions. For example, for 300 copy distributions, 10 * 300 * 105% * 102% = 3213 yen is a reward.

  FIG. 9 is a flowchart showing a processing procedure in place of steps S209 to S212 when copy distribution is selected in step S209.

  When the distribution source user selects the copy distribution of FIG. 7 in step S209 (step S1001), the payment capability is checked in step S1002. That is, the distribution source user checks whether or not the delinquency has exceeded a predetermined limit so far. In FIG. 11, there is a non-payment point storage area 1212, which the usage right control server 5 refers to.

  The usage right control server 5 displays the distribution menu shown in FIG. 8 on the display of the content execution device (step S1003). In 901 of FIG. 8, the distribution source user inputs the distribution destination user ID. Reference numeral 902 denotes information on the content to be distributed, and reference numerals 903, 904, and 907 denote rights of the license to be distributed and a billing method related to the execution of the right.

  Although the prepaid fee is displayed as the fee for the right, these are borne by the distribution destination user. If prepaid = “yes” is specified in the 406 copy tag, these charges are borne by the distribution source user who distributes. Reference numeral 905 denotes an OK button for executing distribution, and reference numeral 906 denotes a button for canceling distribution. When the distribution source user presses the OK button, a URS for copy distribution is newly generated (S1004). The distribution URS is obtained by adding the following changes to the URS in FIG.

  That is, the licensee information of (A) 403 is replaced with that of the distribution destination user. The licensee information includes information such as name and address that is not input in the distribution menu of FIG. 8, but these may be extracted from the user database managed by the usage right control server 5 using the user ID as a key, or the user ID Other information may be omitted in URS.

  Further, the sender information in (B) 407 is replaced with the following.

<Sender level = "1" incentive-rate1 = "5" incentive-rate2 = "2">
<Person><id> KAD2300835 <id></person></sender>
Here, the level value is a number indicating the number of license recipients as viewed from the licensor of the content of the distribution source user who distributed this URS. In the URS of FIG. 4, the value of level is 0, which means that the person (= licensor) who transmitted the URS of FIG. 4 is the first distribution source.

  If the distribution destination user who has received this URS has been able to further distribute this content, the level value of the sender tag of the user who has received this content from this distribution destination user will increase by 1 to 2. If the distribution continues with its children and grandchildren, the level value increases by 1 for each distribution. However, in the URS of FIG. 4, since the copy right is deleted with the 406 next-copy-rights tag, redistribution is impossible.

  Since the distribution destination user also inherits the copy right, it can be redistributed one after another.

  Now, the license owner of the URS in FIG. 4 is referred to as a first user, and the distribution destination user who has distributed the URS in FIG. 4 is referred to as a second user. Further, the user who has been distributed by the second user can be distributed as a third user to a user generally called user n.

  407 sender tag incentive-rate1 = “5” means that 5% of the content usage fee of the user whose level is 2 (that is, the second user) is paid to the user whose level is 1 (that is, the first user) Means to be paid as. Further, incentive-rate2 = "2" means that 2% of the reward received by the second user from the third user is paid to the first user.

  Similarly, user n will receive a 5% reward for user (n + 1) 's content usage fee and 2% of the reward that user (n + 1) will receive from user (n + 2). Thus, the first user can receive a part of the usage fee of the terminal user to whom the content is distributed as a reward.

  Next, a new URS obtained by adding the changes (A) and (B) to FIG. 4 is transmitted to the distribution destination user (step S1004). The usage right control server 5 gives the license control information owned by each member to all members of the content distribution system, and information on licenses distributed from other users but not yet received (referred to as unreceived licenses). Are managed in the storage device of the usage right control server 5 with the data structure as shown in FIG.

  FIG. 10 shows a data structure representing license management information (license control information and unreceived license information) for one user. Reference numeral 1100 denotes a folder corresponding to the user ID (for example, the user ID is a folder name in the case of a Windows (registered trademark) file system), and there are a license control folder 1110 and an unreceived folder 1120 under the folder.

  Under the license control folder, there are 1111 and 1112 license control information files, in which license control information is recorded. The usage right control server 5 has a separate license control database, and the license control information indicates the position of the license control therein. The license control information file is a linear list, and the end is an 1113 END file.

  Under the unreceived folder 1120, there is a linear list of URS information files in which distributed URSs (usage rights scripts) are recorded, and the end is an END file 1123.

  The transmitted URS is added to the end of the list of unreceived folders shown in FIG.

  In step S1005, a billing process is performed for the distribution source user distributing a copy of the content. In the case of FIG. 4, prepaid = “no” is designated by the copy tag, so the charge is 0.

  However, if prepaid = “yes” is designated, the prepaid fee for the display right and the print right is processed as a charge to the user. In the usage right control server 5, there is a charging database for charging and bounty processing for all users of the system.

  FIG. 11 shows the data structure of the accounting database. Reference numeral 1200 denotes a folder whose name is a user ID, 1212 is a billing folder, and 1220 is a bounty folder. Below the billing folder 1210 are a file 1211 for recording a billing balance and a file 1212 for recording a non-payment score, and below the bounty folder 1220 are a file 1221 for recording a bounty balance and an actual bounty score. There is a file 1222 for recording.

  The billing balance record file 1211 records the billing amount accumulated since the previous settlement process, and becomes zero when the billing amount at the next settlement is deducted from the user's bank account. The non-payment score file 1212 is added with a score according to the billing balance when payment cannot be made at the time of payment.

  For example, 1 point is added per 1000 yen. In the reward balance file 1221, a reward to be paid to the user who has accumulated since the previous settlement is added and stored. At the time of settlement, the bonus balance stored in 1221 is transferred to the user's bank account. The reward achievement score 1222 is added and stored in accordance with the amount of reward paid and the amount charged to the user. For example, 1 point is added per 1000 yen.

  The reward achievement score is used to determine the rate value of the incentive tag when generating the URS in the usage right control server 5. The non-payment score is used when checking the payment ability in step S210. If the delinquency score exceeds a certain value, it is considered that there is no payment ability.

  Such a user ID folder is prepared for each user in the accounting database.

  When the license is distributed in step S1004 and a new URS file is added to the unreceived folder 1120, an e-mail notifying the user that the license has been distributed is received. The distribution destination user accesses the usage right control server 5 with his / her terminal 2 and performs a license receiving process (step S1006).

  That is, a menu screen almost similar to that shown in FIG. 3 is presented to the distribution destination user. However, in this case, 303 to 308 are not displayed, and the usage right cannot be selected. When the delivery destination user inputs a password (user key for authentication) in 313 and presses the OK button, the license is received.

  Then, the usage right control server 5 extracts the content key for decrypting the content from the content database based on the content information in the URS, and the content information (in the URS), the user key (the above password), and the URS (distributed). License control.

  In addition, license control information for uniquely specifying the license control is assigned, and a use ticket including a content key, a user key, and license control information is generated. The generated license control information is added as a file under the license control folder 1110. The received URS is deleted from under the unreceived folder 1120.

  Further, the license control is stored in the license control server of the usage right control server 5, and a page for downloading the content package and the use ticket is displayed, and the distribution destination user can download the content package and the use ticket from this page to the user terminal 2 or the user terminal. Download to 6.

  It is assumed that the content database is managed by associating content information, content keys, and content packages with each other in the content commerce server. When the distribution destination user receives the license in step S1006, the reward is added to the reward balance 1221 of the distribution source user (S1007).

  As described above, according to the present embodiment, even if the user's secret key information is not placed on the content execution device, that is, the server that performs the service, the usage qualification is authenticated while keeping the user's secret key information confidential. be able to. Accordingly, the service provider controls the copyright of the content and the right to use the service to be used only by a legitimate user who has paid a fee, and the user does not illegally use his purchased right by a third party. Can be.

(Second Embodiment)
Next, a second embodiment of the present invention will be described.

  In the first embodiment, the authentication data encrypted by the usage right control server is decrypted by the content execution device. However, the present invention is not limited to this. In the second embodiment, the usage right control server transmits a random number as it is to the content execution device, the content execution device encrypts using the random number to generate authentication data, and the authentication data is decrypted by the usage right control server. May be. In this case, the content execution device receives a random number from the usage right control server, encrypts it with the second encryption key included in the use ticket, or the third encryption key (secret key) stored in the terminal 6, and authenticates the authentication data. Create When the content package transmits the authentication data to the usage right control server, the usage right control server decrypts the authentication data with the second encryption key included in the license control, and whether the decrypted data matches the transmitted random number. Check to see if it is valid.

  In this embodiment, the flow from license purchase to license execution is the same as in FIG. 2, but in the first embodiment, the use qualification authentication in step S207 is performed according to FIG. This is performed according to FIG. Since other configurations and operations are the same as those in the first embodiment, the same components are denoted by the same reference numerals and description thereof is omitted.

  In the following, the usage qualification authentication step will be described.

  FIG. 12 shows a specific protocol for authentication of the usage qualification. The content package first waits for a response from the terminal 6 via the Bluetooth interface built in the content execution device 4. The terminal 6 establishes a communication session with the content execution device 4 via the Bluetooth interface. Then, the license control ID in the use ticket stored in the terminal 6 is transmitted to the content package (1). Then, the content package establishes a secure communication session such as SSL with the usage right control server 5.

  The content package sends the license control ID to the usage right control server 5 and requests to search for the license control corresponding to the use ticket (2). The use right control server (use right control server 5) manages license control for licenses purchased by a large number of users as a database.

  The usage right control server 5 searches for the corresponding license control and generates a random number. Then, data obtained by combining the user ID and content ID stored in the license control with this random number is set as first authentication data.

  The usage right control server 5 sends the first authentication data to the content execution device 4 to request the signature data of the first authentication data (3). The content package sends the first authentication data to the terminal 6 through a session connected by Bluetooth communication to make a signature data request (4). In response to the signature data request, the terminal 6 converts the received first authentication data into signature data using the user's private key stored and managed in the terminal 6 to obtain second authentication data.

  Then, the second authentication data is transmitted to the content execution device 4 through a session connected by Bluetooth communication (5).

  The content execution device transmits the received second authentication data to the usage right control server 5 to request a check (6).

  The usage right control server 5 restores the second authentication data with the public key of the user to obtain third authentication data. The usage right control server 5 checks whether the authentication data before encryption is the same as the third authentication data.

  If they are not equal, it is determined that the user of the content execution device 4 does not have a proper use qualification, an authentication error is transmitted to the content execution device 4, and the process is terminated. If they are equal, it is determined that the user of the content execution device 4 has usage qualification, and the URS in the license control is transmitted to the content execution device 4 (7).

  The content execution device 4 checks and checks the user information to determine whether the transmitted URS is correct. If there is no problem, the usage menu of FIG. 7 is displayed on the display of the content execution device 4 based on the URS. Also, the content execution device 4 makes a content key transmission request to the terminal 6 (8). In response to this transmission request, the terminal 6 transmits the content key stored in the use ticket to the content execution device 4 (9). Then, the content is decrypted with this content key.

  When the user selects the right to be executed in FIG. 7, the content package issues a request to check the payment ability to the usage right control server 5 (10).

  The usage right control server 5 checks these, and if there is a problem, transmits a charging check error to the content execution device 4. When receiving the billing check error, the content package ends the process. If there is no problem with the billing check, OK is transmitted (11).

  When the content package receives OK, the content is executed. If the execution ends normally, the usage right control server 5 is requested to perform a billing process (12). The usage right control server 5 charges the licensee described in the license control accordingly.

  Note that the processing of (4) to (6) in FIG. 12 is not limited to the above, and other encryption methods may be used. For example, the terminal 6 that has received the first authentication data from the content execution device 4 may generate the first hash data from the first authentication data with a predetermined one-way hash function (for example, SHA1). In this case, the first hash data is encrypted with the user's private key stored and managed in the terminal 6 and transmitted to the content execution device 4 as second authentication data. On the other hand, in this case, when the usage right control server 5 receives the second authentication data via the content execution device 4, it decrypts it using the user's public key to obtain the first hash data. Then, the first hash data and the second hash data generated from the first authentication data using the one-way function may be compared to check whether they match.

(Supplementary explanation about signature data conversion)
In the following, a supplementary explanation will be given regarding signature data conversion.

  As described in “Encryption and Information Security” (edited by Shigeo Sakurai and Masao Kasahara, Shosodo Publishing, 1990), P.62-P.65, any data in the RSA cryptosystem can be used as a public key. It can be encrypted data, and the encrypted data can be decrypted with a secret key corresponding to the public key. Arbitrary data can be converted into signature data with a secret key, and the signature data can be returned to the original data with a public key corresponding to the secret key. In the latter case, it is usually intended for digital signatures. However, since conversion to signature data is a symmetric process with encryption, it is not an error to use signature data or encryption.

  In this specification, “encryption” means encryption using a public key, encryption using a secret key, encryption using a common key, encryption such as scrambling without using a key, and data encryption. Including hashing.

(Other embodiments)
Although the embodiments of the present invention have been described in detail above, the present invention may be applied to a system constituted by a plurality of devices or may be applied to an apparatus constituted by one device.

  In the present invention, a software program (in this embodiment, a program corresponding to the flowcharts shown in FIGS. 2 and 10) for realizing the functions of the above-described embodiment is directly or remotely supplied to a system or apparatus. This includes the case where the system or apparatus computer also achieves by reading and executing the supplied program code. In that case, as long as it has the function of a program, the form does not need to be a program.

  Accordingly, since the functions of the present invention are implemented by computer, the program code installed in the computer also implements the present invention. That is, the claims of the present invention include the computer program itself for realizing the functional processing of the present invention.

  In this case, the program may be in any form as long as it has a program function, such as an object code, a program executed by an interpreter, or script data supplied to the OS.

  As a recording medium for supplying the program, for example, floppy (registered trademark) disk, hard disk, optical disk, magneto-optical disk, MO, CD-ROM, CD-R, CD-RW, magnetic tape, nonvolatile memory card ROM, DVD (DVD-ROM, DVD-R) and the like.

  As another program supply method, a client computer browser is used to connect to an Internet homepage, and the computer program of the present invention itself or a compressed file including an automatic installation function is downloaded from the homepage to a recording medium such as a hard disk. Can also be supplied. It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server that allows a plurality of users to download a program file for realizing the functional processing of the present invention on a computer is also included in the claims of the present invention.

  In addition, the program of the present invention is encrypted, stored in a storage medium such as a CD-ROM, distributed to users, and key information for decryption is downloaded from a homepage via the Internet to users who have cleared predetermined conditions. It is also possible to execute the encrypted program by using the key information and install the program on a computer.

  In addition to the functions of the above-described embodiments being realized by the computer executing the read program, the OS running on the computer based on the instruction of the program is a part of the actual processing. Alternatively, the functions of the above-described embodiment can be realized by performing all of them and performing the processing.

  Further, after the program read from the recording medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function expansion board or The CPU or the like provided in the function expansion unit performs part or all of the actual processing, and the functions of the above-described embodiments are realized by the processing.

1 is a block diagram showing an overall configuration of a system as a first embodiment of the present invention. It is a flowchart which shows the process sequence of 1st Embodiment. It is a figure which shows an example of the screen of a transaction menu. It is a figure which shows the example of Usage Right Script. It is a figure explaining the structure of Usage Right Script. It is a figure explaining the protocol of use qualification authentication. It is a figure explaining an example of a usage right menu. It is a figure explaining an example of a delivery menu. It is a flowchart which shows an example of the procedure of delivery. It is a figure explaining the data structure showing the license management information about one user. It is a figure explaining an example of the management method of charge and reward for every user. It is a protocol explanatory drawing of the use qualification authentication of 2nd Embodiment.

Claims (8)

Services and providing apparatus, a first server capable of communicating via the service providing device and the network, the previous SL service providing apparatus and said first server and a second capable of communicating via the network server, the An information processing method using a service providing apparatus and a user terminal capable of communicating with the first server via the network ,
Service selection means of said first server, according to the access received via the network from the user terminal, and a service selection step of selecting a usage rule of the service to User chromatography THE,
Generating means of said first server, a generation step for generating data for performing the usage right information and the service that describes the usage condition of the service on the basis of the selected usage condition,
Transmitting means before Symbol first server, a transmission step of holding transmits data for performing the service to the service providing device,
A holding step in which holding means of the second server receives and holds the usage right information generated in the generating step from the first server;
Processing control means of the previous SL service providing device receives the usage right information held in said holding step from the second server, corresponding to the data for executing the service that is transmitted in the transmission step Controlling according to the usage right information and controlling to provide a service to the user terminal ;
A distribution step of distributing the data for executing the service and the usage right information to another service providing apparatus ;
In the generating step, by describing restriction information for restricting distribution of data for executing the service with respect to the usage right information, data for executing the service from the other service providing device further An information processing method characterized by generating usage right information that is restricted from being distributed . The usage conditions of the service can be selected within a predetermined range for the service,
The information processing method according to claim 1, wherein the service selection step causes the user to select a use condition of the service within the predetermined range.   The information processing method according to claim 1, wherein the control step executes any one of printing, display, performance, and distribution according to the usage right information. Services and providing apparatus, a first server capable of communicating via the service providing device and the network, the previous SL service providing apparatus and said first server and a second capable of communicating via the network server, the An information processing system comprising a service providing device and a user terminal capable of communicating with the first server via the network ,
The first server is
According to the access received via the network from the user terminal, a service selection means for selecting a use condition of the service to User chromatography THE,
Generating means for generating data for performing the usage right information and the service that describes the usage condition of the service on the basis of the selected usage condition,
Data for performing pre-SL service and a transmitting means for holding and transmitted to the service providing device,
The second server is
Holding means for receiving and holding the usage right information generated by the generating means from the first server;
Before Symbol service providing apparatus,
Wherein said usage right information held by the holding means received from said second server executes in accordance with the usage right information processing corresponding to the data for executing the service transmitted by the transmitting means, Control means for controlling the user terminal to provide a service ;
Distribution means for distributing the data for executing the service and the usage right information to another service providing device ;
The generating means further describes data for executing the service from the other service providing apparatus by describing restriction information for restricting distribution of data for executing the service to the usage right information. An information processing system for generating usage right information that is restricted from being distributed . The usage conditions of the service can be selected within a predetermined range for the service,
The information processing system according to claim 4, wherein the service selection unit causes the user to select a use condition of the service within the predetermined range.   The information processing system according to claim 4 or 5, wherein the control unit executes any one of printing, display, performance, and distribution according to the usage right information.   A computer-readable storage medium storing a program for causing a computer to execute the information processing method according to any one of claims 1 to 3. A program for causing a computer to execute the information processing method according to any one of claims 1 to 3.

Images