JP7053031B2 - Information processing system, information processing device, information processing method and information processing program - Google Patents

Description

The present invention relates to an information processing system, and more particularly to a system that manages licenses of software and the like by utilizing a blockchain.

Conventionally, whether or not the user holds a legitimate license when using application software (hereinafter, simply referred to as application) and digital contents such as music and electronic books (hereinafter, simply referred to as contents). It was determined by the so-called client / server system.
In the conventional method, the client device sends a permission request to the server device when the application or content is executed or used. After receiving the license request, the server device verifies the license request and then sends the license information to the client device. The client device can execute the application or the content in response to receiving this permission information.
The permission request transmitted by the client device is, for example, a pair of identification information (user ID) that identifies the client device or the user himself / herself and a license code. The server device that receives such identification information refers to the authentication database, and if the corresponding pair is registered in the database, sends the permission information to the client device.
Alternatively, in the system disclosed in Patent Document 1, the user terminal (client device) includes a key generation unit, a license request unit, and a content utilization unit. The key generation unit generates a first key pair and a second key pair. The license request unit digitally signs and transmits a license request including the public encryption key of the second key pair with the secret encryption key of the first key pair.
On the other hand, the right holder terminal (server device) includes a key management unit, a license verification unit, and a license issuing unit. The key management unit stores the third key pair and the content decryption key. The license verification unit verifies the license request received from the user terminal. The license issuing department encrypts the content decryption key using the public encryption key of the second key pair included in the license request, and the license information including the encrypted content decryption key is used as the secret encryption key of the third key pair. Digitally sign and send.
The content user unit of the user terminal that has received the license information acquires the content decryption key from the license information using the secret decryption key of the second key pair, and uses the content.

JP-A-2017-050763

The conventional license authentication (cloud authentication) based on the client / server system has the following problems. That is, if the server device and the right holder terminal are in a non-operating state due to a failure or maintenance, license authentication cannot be performed. Furthermore, if the licensed entity terminates the service and the operation of the server device or the right holder terminal is terminated, authentication can no longer be performed and the application or content cannot be used. ..
The present invention has been made in view of the above problems, and an object of the present invention is to provide a system capable of stably and continuously executing license authentication of applications and contents.

The present invention has been made to solve the above-mentioned problems, and can be realized by the following forms.
The first embodiment includes a first device and a second device, and the first device includes an encryption processing unit that performs encryption processing of input data and outputs encrypted data. The encrypted data is provided with a license granting processing unit that grants a license related to the data to a user of the second device and sends license information related to the granting of the license to a blockchain network. Includes a first virtual currency wallet address created to identify the encrypted data, the second device is based on license information recorded on the blockchain when the encrypted data is used. It is characterized by an information processing system including a license authentication processing unit that performs authentication and a decryption processing unit that performs decryption processing on the encrypted data when the authentication is successful.
The second form is to grant a license related to the data to a user of another device and an encryption processing unit that performs encryption processing of the input data and outputs the encrypted data, and the license is given. The encrypted data includes a first virtual currency wallet address created to identify the encrypted data, including a license granting processing unit that sends out the license information related to the granting to the blockchain network. It features an information processing device.
The third mode is a license authentication processing unit that authenticates based on the license information stored on the blockchain when the encrypted data is used, and a decryption process for the encrypted data when the authentication is successful. The encrypted data includes a decryption processing unit, and the encrypted data is characterized by an information processing device including a first virtual currency wallet address created for specifying the encrypted data .
The fourth embodiment relates to an encryption processing unit that performs encryption processing on data and generates encrypted data, and grants a license related to the data to a user of the data, and grants the license. The encryption processing unit that sends license information to the blockchain network and the code that inquires the blockchain network about the license information in order to authenticate according to the license information when using the encrypted data are encrypted. The additional unit includes an additional unit to be added to the data, and the additional unit further converts the first virtual currency wallet address created for identifying the encrypted data when the encrypted data is used into the encrypted data. It features an additional information processing device.
A fifth form is an information processing method executed by a computer, in which data is encrypted, encrypted data is generated, and a user of the data is licensed for the data. The code for inquiring the license information to the blockchain network in order to send the license information related to the grant of the license to the blockchain network and perform authentication according to the license information when the encrypted data is used is the encryption. It is characterized by an information processing method in which a first virtual currency wallet address is added to the encrypted data and created to specify the encrypted data when the encrypted data is used, and the first virtual currency wallet address is added to the encrypted data .
In the sixth mode, data is encrypted, encrypted data is generated, a license related to the data is granted to a user of the data, and license information related to the granting of the license is distributed to a blockchain network. In order to perform authentication according to the license information when the encrypted data is used, a code for inquiring the license information to the blockchain network is added to the encrypted data, and the encrypted data is used. It is characterized by an information processing program that causes a computer to execute a process of adding a first virtual currency wallet address created for specifying the encrypted data to the encrypted data .

With the above configuration, according to the present invention, it is possible to realize a system capable of stably and continuously executing license authentication of applications, contents, and the like.

It is a schematic diagram which shows the system configuration of this embodiment. It is a figure explaining the outline of the license management system of this embodiment. It is a figure which shows the functional structure of the user terminal apparatus which executes an application in this embodiment. It is a figure which shows the functional structure of the provider terminal apparatus which provides an application in this embodiment. It is a figure explaining the encryption application generated by the encryption tool. It is a flowchart explaining the application encryption process executed by the provider terminal apparatus. It is a flowchart explaining the process at the time of starting an application executed by a user terminal apparatus. It is a flowchart explaining the license authentication process of FIG. It is a flowchart explaining the license granting process which a provider terminal apparatus executes. It is a flowchart explaining the license transfer process executed by a user terminal apparatus.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 is a schematic diagram showing a system configuration of the present embodiment.
FIG. 1A is a schematic diagram showing a network configuration according to the system of the present embodiment.
In the system 1 according to the present embodiment, the user terminal device 10 used by the user of the application and the provider terminal device 20 used by the provider (developer) of the application are connected to each other via the Internet. ing.
Further, a large number of minor devices 30 used by miners who participate in the blockchain network and perform mining work are connected to the Internet.

The blockchain network x is configured by a large number of minor devices 30x (30x-1, 30x-2 ...), And the blockchain network y is configured by a large number of minor devices 30y (30y-1, 30y-2 ...). Has been done.
These blockchain networks are P2P (Peer to Peer) networks, the blockchain network x is a network of virtual currency X, and the blockchain network y is a network of virtual currency Y.

There are many things in the blockchain, including those used for cryptocurrencies. In addition to the typical Bitcoin, altcoin is also known as a virtual currency. As representatives of altcoin, Ethereum and Monacoin (registered trademark) are known.

On the Internet, there are a blockchain network for operating and functioning Bitcoin, and a blockchain network for operating and functioning various altcoins.
Many minor devices 30 are connected to each blockchain network to perform proof of work (PoW). In addition, some other blockchain networks adopt proof of stake (PoS) and proof of consensus (PoC) as consensus algorithms.

In either case, the blockchain network is a P2P network that does not have a centralized server. In the blockchain, the same transaction information is stored in the storage of each minor device belonging to the blockchain network, the server device, and the storage provided in the pool server. This is why blockchain is called a decentralized transaction ledger.

FIG. 1B is a diagram showing a blockchain included in a device belonging to a blockchain network.
The outline of the blockchain will be described with reference to FIG. 1 (b).
A blockchain is established by connecting transaction information and the like that are generated sequentially in block units.

That is, in blockchain technology, data whose contents are to be guaranteed, such as transaction records and contracts, are handled in units called blocks. A blockchain is a block that is connected and stored by a predetermined method. A hash function is used in the generation of the blockchain, and the hash function is a function for obtaining a fixed-length hash value for arbitrary data of arbitrary length.
The hash function has the characteristic of one-way, and it is easy to obtain the hash value from arbitrary data, but conversely, it is said that it is practically impossible to restore the original data from the hash value. To.

When connecting a new block to the blockchain, the miner device applies a hash function to the hash value of the previous block, the data of the current block, and the original data using any Nonce. .. Then, the minor device searches for a Nonce value such that the upper-order bit of the hash value of the original data becomes 0. The data of the current block is data called Merkle root, which is a collection of transaction data of a new block to be connected. The Nonce is, for example, a 32-bit fixed length value. As the hash function, for example, SHA-256 that calculates a hash value of 256 bits using arbitrary data is used. When SHA-256 is applied, the probability that the upper 10 bits of the hash value becomes 0 is 1/1024.

Since it is difficult for a minor device to restore the original data from the hash value, the hash function is applied to the original data while changing the Nonce value, and the specified number of 0s are lined up in the upper few bits of the hash value. Explore the Nonce. The minor device that finds the correct Nonce sends the correct Nonce to the blockchain network. Then, another minor device included in the blockchain network approves that the received Nonce is correct, so that the block is connected to the blockchain.
The consensus algorithm for approving the above blocks is called proof of work.
By performing the approval work by the proof of work, as shown in FIG. 1 (b), the data of the block, the hash value of the immediately preceding block, and the searched Nonce value are added to each block of the blockchain. include.

In such a blockchain, each block has the hash value of the previous block, so it is possible to confirm the validity of all blocks by tracing from the tip (oldest starting point) in order. I can.
If an attempt is made to tamper with a block in the middle, it is necessary to recalculate the Nonce of all blocks after that block, but it is impossible in terms of computational complexity because the above-mentioned round-robin must be performed for all blocks.
By having such a feature, the reliability of the blockchain is guaranteed.

In the field of virtual currency using blockchain, "sending virtual currency to users" is just a convenient expression.
In Bitcoin, remittance of virtual currency is a process that unlocks unused transaction output including the amount of Bitcoin, which is locked to the user's address, and locks it to the destination user's address. .. In Bitcoin, unused transaction output is also referred to as UTXO (Unspent Transaction Output). In the following description, transactional output is also simply referred to as output.
A UTXO is an output in a transaction that is not connected to another transaction and includes a ScriptPubKey that describes the owner's address. The owner's address is the owner's public key or public key hash. In the following description, the owner's address is assumed to be a public key hash.

That is, in the virtual currency remittance, the UTXO locked by the ScriptPubKey including the owner's public key hash (address) is unlocked by the electronic signature generated by the owner's private key. Then, the unlocked UTXO is connected to the transaction newly created by the owner. Also, in the virtual currency remittance, the UTXO of the newly created transaction is locked by the ScriptPubKey including the public key hash of the next owner.
The owner sends the newly created transaction to the blockchain network. Then, the miner device approves the transaction, and the block including the newly created transaction is incorporated into the blockchain, so that the remittance of the virtual currency (transfer of the ownership of UTXO) is completed.

Therefore, in the remittance of virtual currency, some value information is not exchanged between the user terminal devices as data. Therefore, the information indicating the balance of the virtual currency is not stored in the terminal device.
The wallet software installed in the terminal device presents the balance of the virtual currency possessed by the user to the user by searching the UTXO associated with the user's address from the blockchain network.

FIG. 2 is a diagram illustrating an outline of the license management system of the present embodiment.
The process is outlined according to the steps (1) to (7) in the figure.
(1) The provider terminal device 20 provides the application to the user terminal device 10 by any means. This application is distributed in the form of an encrypted encrypted application. The user terminal device 10 can be executed by decrypting the encryption application on condition that the existence of a valid license for the user is confirmed.

(2) The user terminal device 10 requests the provider terminal device 20 to grant a license for using the encryption application. In this grant request, the user's virtual currency wallet address is transmitted.
The wallet address of the virtual currency can identify the user who uses the application.
The application is licensed so that the user with a specific wallet address can use the application.

Preferably, the terminal-specific information of the user terminal device 10 is transmitted to the provider terminal device 20 together with the wallet address of the user. The user terminal device 10 can be uniquely identified depending on the terminal-specific information. The terminal-specific information is, for example, hardware-specific information such as CPUID and DISKID. The CPUID is identification information uniquely given to the CPU at the time of manufacture. Further, DISKID is identification information uniquely given to the hard disk at the time of manufacture.
When terminal-specific information is transmitted, a license is granted so that a user with a particular wallet address can run the application only on a particular user terminal device.
It is possible to prevent a user who has a license from simultaneously starting an application on a plurality of terminal devices and reusing the license by a plurality of users.

(3) The provider terminal device 20 that has received the license grant request from the user terminal device is created for each user's wallet address, terminal-specific information included in the grant request, and the application possessed by the provider terminal device 20. Create a license token as the above license information based on the Ethereum wallet address (public key).
The wallet address for each application can be used to identify the target application at the time of license granting and authentication.

In the present embodiment, the wallet address of the virtual currency is preferably the wallet address of Ethereum.
In this embodiment, application license information (information indicating whether or not a specific user has an application license) is recorded on the blockchain. Then, when the application is executed on the user terminal device 10, license authentication is performed based on the license information recorded on the blockchain.
This mechanism can basically be realized by using other blockchains (virtual currencies) such as Bitcoin and MonaCoin. However, Ethereum has a mechanism called smart contract that other blockchain systems do not have.
The smart contract is realized by distributed processing performed by a virtual machine (EVM: Ethereum Virtual Machine) executed on each node constituting the blockchain network.
Smart contracts can automate various contracts and buys and sells on the blockchain.

In the case of this embodiment, in the smart contract, the registration (deployment) of the license information in the token format described later in the blockchain and the license authentication using the license information are automatically performed by the completed process on the blockchain network. It can be carried out.
The license information is stored in the memory area of the blockchain instead of the specific server, and the authentication using the license information is also performed by the distributed processing by each node instead of the specific server.
That is, by using Ethereum instead of other blockchain systems, it is not necessary to separately prepare a server device for license authentication using the license information recorded on the blockchain.
In this embodiment, it is assumed that Ethereum is used as a blockchain system used for granting a license of an application to a user and registering license information related to the grant.
(4) The provider terminal device 20 deploys the created license token to the smart contract. As a result, the fact that the application license has been granted to the user is registered in the blockchain, and the license grant is completed.

(5) The user terminal device 10 executes the decryption code embedded in the encryption application when the encryption application is started.
The decryption code makes an inquiry to a smart contract executed on the blockchain network for license authentication which is a condition of decryption.
This query is a search for the blockchain using the user's Ethereum wallet address and the Ethereum wallet address for each application included in the encryption application as queries.
Depending on the Ethereum wallet address for each application, it is possible to specify the application to be activated.

(6) The smart contract returns the presence or absence of a license or terminal-specific information to the user terminal device 10 as a response to the query.
As described in (2) to (4) above, the license token generated based on the user's Ethereum wallet address, terminal-specific information, and the Ethereum wallet address for each application is recorded on the blockchain. ..
Upon receiving the inquiry, the smart contract identifies the license token from the token list by the wallet address included in the query.
Then, the smart contract returns the terminal-specific information included in the specified license token to the user terminal device 10. Alternatively, the presence or absence of a normal license is simply returned to the user terminal device 10 based on the presence or absence of the license token.
(7) The decryption code executed by the user terminal device 10 is conditioned on the condition that the terminal-specific information returned from the blockchain (smart contract) matches the actual terminal-specific information of the user terminal device 10. Decrypt the encrypted application and run the application.

This embodiment will be described in more detail. The user activates the downloaded encryption application on his / her own user terminal device 10.
If the user terminal device 10 does not have an Ethereum wallet, the user terminal device 10 automatically creates an Ethereum wallet.
In this embodiment, since the license authentication is performed using the user's Ethereum wallet address, it is a major premise that the Ethereum wallet has been created. Therefore, if the Ethereum wallet does not exist, the encryption application is not licensed.
The user terminal device 10 provides the provider terminal device 20 with the Ethereum wallet address and the terminal-specific information of the user terminal device 10 as a license grant request. This information can be transmitted using e-mail or other means of communication.

The provider terminal device 20 grants a license to the Ethereum wallet address and the terminal-specific information received from the user terminal device 10.
Granting a license specifically means calling the API of a smart contract and adding a token to the received Ethereum wallet address.
Since the token includes the terminal-specific information of the user terminal device 10, node locking can be performed. In other words, node lock allows the execution of an encrypted application only on a specific terminal device specified by terminal-specific information. If you want to limit the simultaneous launch of applications on multiple terminal devices, it is preferable to include terminal-specific information in the token. However, terminal-specific information is not always required when granting a license.
The user terminal device 10 may transmit only the Ethereum wallet address to the provider terminal device 20 as a license grant request.
In that case, the license information (token) does not include terminal-specific information and the above node lock cannot be performed, but since there are no restrictions on the hardware that can execute the application, it becomes easier to transfer the license described later. ..

上記のコードにおいては、ＰＣ（利用者端末装置１０）の端末固有情報と、アプリケーションごとのイーサリアムウォレットアドレスと、購入者（利用者）のイーサリアムウォレットアドレスと、をトークンに組み込み、トークンリストにマッピングすることが行われている。
これにより、特定のアプリケーションソフトウェアに関する利用者のライセンスがブロックチェーンネットワークに記録されたことになる。
スマートコントラクトが使用できないブロックチェーンを使用する場合は、ＯＰ＿ＲＥＴＵＲＮにＰＣの固有ノード情報を記載した、提供者の秘密鍵で署名したトランザクションを購入者のアドレスに送信することによって、ブロックチェーンに書き込む。 The application provider describes the token using a language such as Solidity, and creates and publishes a transaction for deploying it to the blockchain.
The provider terminal device 20 uses a smart contract to write a token indicating that the user specified by the wallet address has a license.
The entity of the token is stored in the memory area on the smart contract.
The token is described, for example, as follows.

In the above code, the terminal-specific information of the PC (user terminal device 10), the Ethereum wallet address for each application, and the Ethereum wallet address of the purchaser (user) are embedded in the token and added to the token list. Mapping is being done.
As a result, the user's license for the specific application software is recorded on the blockchain network.
When using a blockchain that cannot be used by smart contracts, write it to the blockchain by sending a transaction signed with the provider's private key, which describes the unique node information of the PC in OP_RETURN, to the purchaser's address.

If an Ethereum wallet is found in the user terminal device 10 when the encryption application is started, the decryption DLL (decryption code) included in the encryption application tells the blockchain network whether a valid license is granted. Contact us.
Of course, even if an Ethereum wallet exists, it does not necessarily mean that the address is licensed for the cryptographic application. Therefore, the DLL for decryption makes an inquiry to the blockchain network as license authentication.
This inquiry is made by searching the blockchain network using the Ethereum wallet address for each application and the user's Ethereum wallet address as a query (search key).
The search result is returned, for example, as terminal-specific information corresponding to the query.
The decryption DLL collates the returned terminal-specific information with the actual terminal-specific information, and if they match, it is determined that the license is correctly granted.
If the terminal-specific information is not sent when the license is granted, the only inquiry result returned by the smart contract is the presence or absence of a normal license.
As a result of confirming the existence of a normal license, the decryption DLL decrypts the encrypted application by the common key included in the application and makes it executable.

In license authentication, it is difficult for the user terminal device 10 to hold all blockchain data (full nodes) even in consideration of the capacity of the recording medium.
Therefore, it is desirable to make an inquiry to the full node running on any server.
The full node to connect to can be selected by the user when the encryption application is started.
Further, in order to prevent double use of the license, the connection destination full node may be limited to the encryption of the application in the provider terminal device 20. That is, a list of full node addresses (connection destination URLs) that can be used by the application is specified at the time of encryption. That is, the list of connection destination URLs is included in the encryption application.

Once the license token is deployed on the blockchain by the provider terminal device 20, the user's license authentication is executed as a function of the smart contract without the intervention of the provider terminal device 20 anymore.
Therefore, even if the operation of the provider terminal device 20 is terminated or stopped due to the termination of the service or the occurrence of a failure of the application provider, the user terminal device 10 is recorded on the blockchain. License tokens are available. As a result, the user terminal 10 can execute the encryption application by performing license authentication even when the operation of the provider terminal device 20 is terminated or stopped.
In the conventional client-server method authentication, license authentication cannot be performed unless the server device is operating, and applications and contents cannot be used.
However, by managing the information required for the license on the blockchain and automatically performing the license authentication on the blockchain, the above-mentioned problems can be avoided.
Moreover, since it is not necessary to keep the server device for authentication always in operation, it can be said that it is very advantageous in terms of cost and operation for the service operator.

Hereinafter, the configuration of the present embodiment for realizing the above processing will be described in detail.
3A and 3B are diagrams showing a functional configuration of a user terminal device, FIG. 3A is a diagram showing a functional configuration by hardware, and FIG. 3B is a block diagram showing a functional configuration by software.
The user terminal device 10 is, for example, a computer device shown in FIG. 3A.
The user terminal device 10 includes a CPU (Central Processing Unit: processor) 41 and a RAM (Random Access Memory) 42. Further, the user terminal device 10 includes a drive device 43, a recording medium 44, a ROM (Read Only Memory) (not shown), and a network I / F 45.
The CPU 41 executes a general-purpose operating system that controls the entire device, and also executes a program that realizes the functions of the user terminal device 10. Various programs, temporary data, and variables are expanded in the RAM 42 for processing by the CPU 41.

The drive device 43 is a device that reads or writes information stored in the recording medium 44 at least one of them. The recording medium 44 stores the information written by the drive device 43. The recording medium 44 is at least one of types such as a hard disk, SSD (Solid State Drive), CD (Compact Disc), DVD (Digital Versaille Disc), and Blu-ray Disc. Further, for example, the user terminal device 10 includes a drive device 43 corresponding to the type of the recording medium 44 in the user terminal device 10.
Programs and data are stored in at least one of the recording medium 44 and the ROM. The network I / F45 connects the user terminal device 10 to the network.
Further, the user terminal device 10 includes an input device 46 such as a mouse and a keyboard, and a display device 47 such as a liquid crystal display.

Further, as shown in FIG. 3B, the CPU 41 executes the license request processing unit 50, the license authentication processing unit 51, the decryption processing unit 52, and the license transfer processing unit 53 as processing units.
The license request processing unit 50 is a processing unit that performs processing for requesting the provider terminal device 20 to grant the license for the first time to the application provided by the provider terminal device 20.
The license authentication processing unit 51 and the decryption processing unit 52 are a part of the encryption application provided by the provider terminal device 20, and are executed by activating the encryption application downloaded to the recording medium 44.
The license authentication processing unit 51 is a processing unit that performs license authentication to make an inquiry to the blockchain network at the time of starting the encryption application and confirm whether or not a valid license exists. It can be said that the inquiry to the blockchain network is a license authentication request to the blockchain network.
The decryption processing unit 52 is a processing unit that decrypts and executes the encryption application on condition that a valid license is confirmed by the processing by the license authentication processing unit 51.
The license transfer processing unit 53 is a processing unit that performs processing related to smart contracts and creates and transmits a transaction for transferring a license token to another user.

4A and 4B are diagrams showing a functional configuration of a provider terminal device, FIG. 4A is a diagram showing a functional configuration by hardware, and FIG. 4B is a block diagram showing a functional configuration by software.
The provider terminal device 20 is, for example, a computer device shown in FIG. 4A.
The provider terminal device 20 includes a CPU 61 and a RAM 62. Further, the provider terminal device 20 includes a drive device 63, a recording medium 64, a ROM (not shown), and a network I / F 65.
The CPU 61 executes a general-purpose operating system that controls the entire device, and also executes a program that realizes the functions of the provider terminal device 20. In the RAM 62, various programs, temporary data, and variables are expanded for processing by the CPU 61.

The drive device 63 is a device that reads or writes information stored in the recording medium 64 at least one of them. The recording medium 64 stores the information written by the drive device 63. The recording medium 64 is, for example, at least one of a type of storage medium such as a hard disk, SSD, CD, DVD, or Blu-ray disc. Further, for example, the provider terminal device 20 includes a drive device 63 corresponding to the type of the recording medium 64 in the provider terminal device 20.
Programs and data are stored in at least one of the recording medium 64 and the ROM. The network I / F65 connects the provider terminal device 20 to the network.
Further, the provider terminal device 20 includes an input device 66 such as a mouse and a keyboard, and a display device 67 such as a liquid crystal display.

Further, as shown in FIG. 4B, the CPU 61 executes an encryption processing unit (encryption tool) 71 and a license grant processing unit 72 as processing units.
The encryption processing unit 71 is an encryption tool that receives input of application binary data by an application provider, performs encryption processing, and outputs an encrypted application.
The provider creates one Ethereum wallet for one application, and the encryption application contains the Ethereum wallet address for each application.
The Ethereum wallet address created for each application identifies the target application when granting or authenticating a license.
When using a blockchain system other than Ethereum, it is also possible to specify the blockchain to be queried for authentication by the wallet address.

The license granting processing unit 72 calls the smart contract API in response to the license granting request from the user terminal device 10, generates a license token, and registers (deploys) it in the blockchain (smart contract). Is. The license token is license information for performing license authentication by a smart contract.
In the system of the present embodiment, the provider terminal device 20 holds the license token of the application on the blockchain.

FIG. 5 is a diagram illustrating an encryption application generated by an encryption tool of a provider terminal device.
As described above, the encryption tool is installed in the provider terminal device 20.
The encryption tool has an encryption code for encrypting the data of the pre-encryption application.

In the present embodiment, since the application is encrypted and distributed, it is possible to prevent cracking due to rewriting or analysis performed on the binary data.
The common key encryption method to be adopted is typically AES (Advanced Encryption Standard), but other common key encryption methods may also be used.
The encryption application can be suitably downloaded from any website, store application, or the like.

As shown in FIG. 5A, the provider terminal device 20 encrypts the data of the pre-encryption application using a predetermined common key by the encryption tool, and outputs the data of the encrypted application.
The encryption tool is pre-loaded with a decryption dynamic link library (DLL) that includes a program that queries the blockchain, an application wallet address, and a common key for decryption. The decryption DLL has a decryption code for decrypting encrypted data as its main body.
The encrypted application after encryption is output together with the above-mentioned decryption DLL.
The common key used for encryption of the application may be input from the outside of the encryption tool, or may be the one included in the decryption DLL.

As shown in FIG. 5B, the pre-encryption application stored in the recording medium 64 of the provider terminal device 20 is composed of a pre-encryption program, a resource, and an entry point. The entry point points to the starting point of the program.

FIG. 5 (c) shows the data structure of the encryption application. The encryption application is a configuration in which a stub program is added to the configuration of the pre-encryption application shown in FIG. 5 (b).
Unlike before encryption, the entry point points to the starting point of the stub program, and the stub program points to the starting point of the program after encryption.

When the encryption application downloaded to the user terminal device 10 is executed, the stub program is first executed. The stub program calls the decryption DLL and causes the encryption program to perform the decryption process. This process includes inquiring the blockchain for the existence of a license.
That is, the decryption DLL includes a program corresponding to the functions of the license authentication processing unit 51 and the decryption processing unit 52 described above.
The main body of the recovery DLL functions as a decoding processing unit 52 when executed by the user terminal device 10. Further, the program for inquiring about the blockchain included in the decryption DLL functions as a part of the license authentication processing unit 51 when executed by the user terminal device 10.
In the encryption tool, a program that queries the blockchain is automatically inserted (added) into the encryption application by hooking an arbitrary application and injecting it so that the decryption DLL is called when the encryption application is executed. The program that inquires about the blockchain is a program that causes the CPU 41 to function as the license authentication processing unit 51.
Only the program body in FIG. 5B is encrypted in the encryption application. The encrypted program body is the post-encryption program in the encryption application of FIG. 5 (c).
The decryption DLL is inserted into the encrypted application as a code separate from the encrypted program, like the entry point, the resource, and the stub program.
The decryption DLL may be added as a file separate from the execution binary of the encryption application, or may be included in the execution binary.

FIG. 6 is a flowchart illustrating an application encryption process executed by the provider terminal device.
In step S51, the CPU 61 (encryption processing unit 71) accepts the input of the binary data of the application to be encrypted.
As mentioned above, the application executable file consists of an entry point, a program body, and resources.
In step S52, the CPU 61 (encryption processing unit 71) encrypts the program main body of the input application data using a predetermined common key to generate an encryption program.

In step S53, the CPU 61 (encryption processing unit 71) inserts a decryption DLL and a stub program into an encryption application including an entry point, an encryption program, and a resource.
As described above, the decryption DLL includes a blockchain inquiry program for license authentication, an Ethereum wallet address for each application, and a common key for decryption.
In step S54, the CPU 61 (encryption processing unit 71) outputs the data of the "encryption application" including the entry point, the encryption program, the resource, and the DLL for decryption.

FIG. 7 is a flowchart illustrating the application startup process executed by the user terminal device.
In step S101, the CPU 41 determines whether or not an application startup operation such as a mouse double-click operation has been performed.
When it is determined that the application start operation has not been performed (No in step 101), the CPU 41 ends the process as it is.
When it is determined that the application start operation has been performed (Yes in step S101), the CPU 41 starts the encrypted application start process in step S102.

In step S103, the CPU 41 (license request processing unit 50) determines whether or not the user's Ethereum wallet exists in the user terminal device 10.
When it is determined that the Ethereum wallet does not exist in the user terminal device 10 (No in step S103), the CPU 41 (license request processing unit 50) newly creates an Ethereum wallet in step S107. Then, in step S108, the CPU 41 (license request processing unit 50) sends a license grant request to the provider terminal device 20 by transmitting the Ethereum wallet address and the terminal-specific information of the user terminal device 10. conduct.

When it is determined that the wallet exists (Yes in step S103), the CPU 41 (license authentication processing unit 51) performs the license authentication process described with reference to FIG. 8 in step S104.
In step S105, the CPU 41 determines whether or not the license authentication in step S104 was successful, that is, whether or not the encryption program was decrypted or whether or not the encryption was decrypted.
If it is determined that the encryption has been decrypted (Yes in step S105), the CPU 41 starts the application in step S106 and ends the process.
If it is determined that the encryption has not been decrypted (No in step S105), the CPU 41 cannot start the application and ends the process as it is.

FIG. 8 is a flowchart illustrating the license authentication process of FIG. 7.
In step S111, the license authentication processing unit 51 inquires the blockchain network whether or not there is a valid license. At this time, the license authentication processing unit 51 transmits the wallet address for each application and the wallet address of the user to the blockchain network.
In step S112, the license authentication processing unit 51 determines whether or not the inquiry result (terminal-specific information, presence / absence of a normal license) has been received from the blockchain network.
If it is determined that the inquiry result has not been received (No in step S112), the license authentication processing unit 51 repeats the process of step 112 and waits for the inquiry result to be received.

When it is determined that the inquiry result has been received (Yes in step S112), the license authentication processing unit 51 determines in step S113 whether the terminal-specific information of the inquiry result matches the actual terminal-specific information, and the inquiry result is normal. Determines whether or not to indicate the existence of a unique license.
When it is determined that the terminal-specific information of the inquiry result matches the actual terminal-specific information, or the inquiry result indicates the existence of a normal license (Yes in step S113), the license authentication processing unit 51 is common in step S114. Decrypt the application using the key and end the process.
If it is determined that the terminal-specific information of the inquiry result does not match the actual terminal-specific information, or the inquiry result does not indicate the existence of a normal license (No in step S113), the license authentication processing unit 51 ends the processing as it is. And do not deactivate the application.

FIG. 9 is a flowchart illustrating a license granting process executed by the terminal device of the application provider (developer).
In step S201, the CPU 61 (license granting processing unit 72) determines whether or not the user's Ethereum wallet address and the terminal-specific information of the user terminal device 10 have been received as the license grant request. As described above, the terminal-specific information of the user terminal device 10 is not indispensable for the license grant request.
When it is determined that the license grant request has been received (Yes in step S201), the CPU 61 (license grant processing unit 72) calls the smart contract API (smart contract processing unit) in step S202, and in step S203, the user's A license token is given to the wallet address, and the license granting process is completed.

The procedure of license transfer in the system of this embodiment will be described.
A licensed user can transfer the license token to another user by authenticating with the private key of his wallet.
That is, the user can execute a smart contract that transfers the license to any wallet.
Execution of smart contracts in Ethereum requires a fee called gas, but by automatically granting Ethereum to the user's wallet, it is possible to prevent users from having to purchase Ethereum. It is possible.
For example, prior to the license transfer, one user sends a transfer notification to the provider terminal device 20 indicating that the license is transferred to another user.
This migration notification includes at least the wallet address of the migration source user and the wallet address of the migration destination user.
In this case, the user terminal device 10 includes a transition notification transmission unit that transmits a transition notification, in addition to the processing unit of FIG. 3 (b). The migration notification transmitter is, for example, e-mail client software capable of transmitting e-mail. Then, the transition notification is transmitted to the provider terminal device 20 by the transition notification transmission unit.
Upon receiving the migration notification, the provider terminal device 20 remits Ethereum to the wallet address that is the migration source described in the migration notification.
In this case, the provider terminal device 20 creates, in addition to the processing unit of FIG. 4B, a transition notification receiving unit for receiving the migration notification and a transaction for granting virtual currency (Ethereum) to the user's wallet. , Equipped with a remittance department that processes public information.
If the migration notification is sent by email, the migration notification receiver is also an email client software capable of receiving the email.
The license transfer processing unit 53 shown in FIG. 3B confirms the wallet of the migration source user and confirms whether or not Ethereum from the provider terminal device 20 has been deposited.
Upon confirming the payment, the license transfer processing unit 53 executes the license transfer process described below.
Further, the transfer notification may be transmitted from the provider terminal device 20 after executing the smart contract for transferring the license.

FIG. 10 is a flowchart illustrating a license transfer process executed by the user terminal device of the application.
In step S301, the CPU 41 (license transfer processing unit 53) creates a transfer transaction for transferring the license token to the wallet of the transferee user.
The transfer transaction includes at least an electronic signature based on the private key of the wallet of the migration source user who uses the user terminal device, and the wallet address of the migration destination user.
In step S302, the CPU 41 (license transfer processing unit 53) exposes the transfer transaction created in step S301 to the blockchain network.
As a result, smart contracts that transfer tokens will be executed on the blockchain, and license transfer will be realized.
It should be noted that the remittance of Ethereum for the fee associated with the license transfer is not performed based on the transfer notification transmitted by the user terminal device 10, but the provider terminal device 20 monitors the blockchain and the license transfer is performed. This may be done when the provider terminal device 20 discovers that.
In this case, the provider terminal device 20 creates and publishes a blockchain monitoring unit that constantly monitors the blockchain and a transaction that grants a virtual currency (Ethereum) to the user, in addition to the processing unit shown in FIG. 4B. It is equipped with a remittance department.
When the blockchain monitoring department, which was monitoring the blockchain, discovers a transfer transaction for license transfer, the remittance department processes the transfer of Ethereum to the wallet of the user who published the transfer transaction.

In the system 1 of the present embodiment, such processing of blockchain monitoring and automatic granting of Ethereum is not performed by the provider terminal device 20, but by a server device separately provided from these terminal devices. You may go.
The server device includes at least a CPU and RAM as a control unit, and is connected to the Internet by a network I / F.
The CPU of the server device executes a blockchain monitoring unit that constantly monitors the blockchain, and a remittance unit that creates and publishes a transaction that grants a virtual currency (Ethereum) to a user.
When the blockchain monitoring department, which was monitoring the blockchain, discovers a transfer transaction for license transfer, the remittance department processes the transfer of Ethereum to the wallet of the user who published the transfer transaction.

Since it is configured as described above, according to the system of the present embodiment, the operation of the provider terminal device 20 is terminated or stopped due to the provider who provided the application terminating the service or a failure. Even in this case, the user terminal device 10 can always perform license authentication and execute the encryption application by using the license token recorded on the blockchain.
The service provider also does not need to constantly operate the authentication server (license server), which can be an advantageous system in terms of cost and operation.

In the above explanation, the smart contract mechanism of Ethereum is used to record the license information on the blockchain, and the license authentication function in the application is completed on the blockchain (completely serverless). It has been realized.
On the other hand, although the license information is recorded on the blockchain, a search server that searches the blockchain and inquires about the existence of a license may be separately provided.
Even with the blockchain protocol other than Ethereum described above, a similar mechanism can be realized by using the blockchain as the storage for storing the license information and performing the license authentication by the server device provided separately.
In this case, the license authentication processing unit 51 included in the decryption DLL makes an inquiry to the search server when the encryption application is executed. That is, the wallet address of the application and the wallet address of the user are transmitted to the search server.
Based on this information, the search server searches the memory area of the blockchain and performs a process of returning the presence or absence of a license to the license authentication processing unit 51.

Further, in the above description, the subject of license granting and authentication is limited to application software, but the present invention is not limited thereto.
The same applies to contents such as electronic books, videos, and music.
For example, the provider encrypts and distributes these content data. The browsing software executed on the terminal device used by the user who has acquired the encrypted content data queries the blockchain network and authenticates each time the content is displayed.
If the authentication is successful, the browsing software decrypts and displays the encrypted content data. With such a configuration, even if the provider who provided the digital content terminates the service or the operation of the provider terminal device 20 is terminated or stopped due to the occurrence of a failure, the user terminal device 10 can use the license token recorded on the blockchain to perform license authentication and display digital contents.

1 system, 10 user terminal device, 20 provider terminal device, 30 minor device, 41 CPU, 42 RAM, 43 drive device, 44 recording medium, 45 network I / F, 46 input device, 47 display device, 51 license authentication Processing unit, 52 Decryption processing unit, 53 License transfer processing unit, 61 CPU, 62 RAM, 63 drive device, 64 recording medium, 65 network I / F, 66 input device, 67 display device, 71 encryption processing unit (encryption) Tools), 72 License Grant Processing Department, 73 Smart Contract Processing Department

Claims (11)

A first device and a second device are provided,
The first device is
An encryption processing unit that performs encryption processing of the input data and outputs the encrypted data,
It is provided with a license granting processing unit that grants a license related to the data to a user of the second device and sends license information related to the granting of the license to a blockchain network.
The encrypted data includes a first virtual currency wallet address created to identify the encrypted data.
The second device is
When using the encrypted data, the license authentication processing unit that performs authentication based on the license information recorded on the blockchain, and
A decryption processing unit that performs decryption processing on the encrypted data when the authentication is successful, and
To prepare
An information processing system characterized by this. In the information processing system according to claim 1,
The information processing unit is characterized by transmitting license information based on the second virtual currency wallet address related to the user and the first virtual currency wallet address to the blockchain network. system. In the information processing system according to claim 1,
The license granting processing unit uses the blockchain for license information based on the second virtual currency wallet address related to the user, the first virtual currency wallet address, and the unique information related to the second device. An information processing system characterized by sending to a network. In the information processing system according to any one of claims 1 to 3,
At the time of the authentication, the license authentication processing unit makes an inquiry to an external device that stores the blockchain.
The encryption processing unit is an information processing system characterized in that, at the time of encrypting the data, the encryption processing unit includes a list of connection destinations of external devices that can be used by the license authentication processing unit in the encrypted data. In the information processing system according to any one of claims 1 to 4.
The second device is characterized by comprising a license transfer processing unit that transfers the license by disclosing the migration information for transferring the license from the user to another user to the blockchain network. Information processing system. In the information processing system according to claim 5,
The second device further includes a migration notification transmission processing unit that transmits a migration notification notifying the transfer of the license to the first device.
The first device is an information processing system further comprising a remittance unit that performs a process of remittance of virtual currency to the user based on the transition notification. An encryption processing unit that performs encryption processing of the input data and outputs the encrypted data,
It is equipped with a license granting processing unit that grants a license related to the data to users of other devices and sends out the license information related to the granting of the license to a blockchain network.
The encrypted data includes a first virtual currency wallet address created to identify the encrypted data.
An information processing device characterized by this. A license authentication processing unit that authenticates based on the license information stored on the blockchain when using encrypted data,
A decryption processing unit that performs decryption processing on the encrypted data when the authentication is successful, and
Equipped with
The encrypted data includes a first virtual currency wallet address created to identify the encrypted data.
An information processing device characterized by this. An encryption processing unit that performs encryption processing on data and generates encrypted data,
A license granting processing unit that grants a license related to the data to a user of the data and sends the license information related to the granting of the license to the blockchain network.
An additional part that adds a code for inquiring the license information to the blockchain network to the encrypted data in order to authenticate according to the license information when the encrypted data is used.
Equipped with
The additional part further
A first virtual currency wallet address created to identify the encrypted data when the encrypted data is used is added to the encrypted data.
An information processing device characterized by this. An information processing method executed by a computer
Performs encryption processing on the data, generates encrypted data,
Grant the license related to the data to the user of the data,
The license information related to the grant of the license is sent to the blockchain network,
In order to authenticate according to the license information when using the encrypted data, a code for inquiring the license information to the blockchain network is added to the encrypted data.
A first virtual currency wallet address created to identify the encrypted data when the encrypted data is used is added to the encrypted data.
An information processing method characterized by that. Performs encryption processing on the data, generates encrypted data,
Grant the license related to the data to the user of the data,
The license information related to the grant of the license is sent to the blockchain network,
In order to authenticate according to the license information when using the encrypted data, a code for inquiring the license information to the blockchain network is added to the encrypted data.
A first virtual currency wallet address created to identify the encrypted data when the encrypted data is used is added to the encrypted data.
An information processing program characterized by having a computer execute processing.

Images