JPH11296490A - Multiagent system, agent presenting device recording medium, multiagent operating method and mobile agent system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To execute a special job while maintaining neutrality when the special job that requires the neutrality is occurred in a multiagent system which is operated with agents cooperated with one another. SOLUTION: When a user agent 26 wants to retrieve pay contents stored in a database 19 of a contents provider 7, a third party organization agent 29 of a third party organization 8 is called onto a place 24, and the third party organization agent 29 is provided with profile information of a user to be needed for retrieval. Then, the third organization agent 29 is made to perform the retrieval of the pay contents by propy.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an agent system in which an autonomous software module called an agent acting on behalf of a user operates, for example.

[0002]

2. Description of the Related Art In this type of agent system, a system known in the related art is disclosed in, for example,
JP-179910, JP-A-5-233574, JP-A-5-233596, JP-A-5-346
There has been a multi-agent system in which agents cooperate with each other as disclosed in Japanese Patent Application Laid-Open No. 910 and Japanese Patent Application Laid-Open No. 5-151178.

[0003] In these conventional multi-agent systems, agents having independent knowledge cooperate with each other and work so that certain problems can be solved efficiently.

[0004]

However, for example,
In the case where a user agent working for a user and a service agent providing a predetermined service in response to a request of the user cooperate with each other to perform a certain task, a party agent including a user agent and a agent on the agent side In some cases, a problem that cannot be solved only by itself may occur.

[0005] For example, it is assumed that a service provider is a provider that provides paid content, and a user agent searches for paid content in cooperation with the agent on the provider side, and if the desired content is found, the user purchases the content. Try. The user agent moves on the network to the service provider's place, and a meeting with the service agent on the place (me
eting) and get permission to search for paid content. Then, the user-side agent accesses the database of pay contents, searches a plurality of pay contents, examines the contents thereof, and determines whether or not there is desired content. If there is desired content, the user agent carries out a purchase procedure for paying a predetermined amount of money, and then brings back the desired content to the user.

[0006] However, the user agent is developed for the user and operates to operate for the benefit of the user to perform work, and is of a nature subject to the user's instructions. As a result, there is a possibility that the user instructs the user-side agent to act fraudulently, or that the user-side agent is illegally remodeled to be an agent acting fraudulently. When such a user-side agent searches for the above-mentioned paid content, even if the desired content is found, the agent reports to the agent-side that there is no desired content and pays a predetermined fee. There is a possibility that fraudulent action may be taken such that the desired paid content is secretly brought back to the user without performing any purchase procedure.

Therefore, in order to prevent such inconvenience, the user-side agent is prevented from directly accessing the contents database, and the agent on the trader's side is made to search for the paid contents on behalf of the user-side agent. It is possible to do. Specifically, for example, a user agent and a trader agent meet on a service trader's place.
Then, the user agent notifies profile information such as user preference information and purchase price information to the trade agent, and with that knowledge, the trade agent accesses the content database to search and examine paid content, It is conceivable to search for content that the user may prefer and notify the user agent of the result.

[0008] However, the agent on the side of the trader is developed and works only in consideration of the profits of the side of the service trader, and therefore has the property of obeying the order of the service trader. Even if there is no content that the user considers to be preferable, there is a possibility that the user side agent may be informed of a lie report that there is a lot of user-preferred content.

That is, in the case of a party agent composed of a user agent, a trader agent, etc.,
Because they tend to work only for the benefit of each other, they may behave in a selfish manner in favor of their own position, and when certain tasks occur that require neutrality for both parties, A disadvantage arises in that it is difficult to perform a specific task while maintaining neutrality.

[0010] In addition, the user's profile information held by the user agent as knowledge includes secret information such as preference information including various preference information of the user and age, occupation or annual income of the user. Therefore, if the user agent notifies profile information including such confidential information to the agent on the service provider's place, privacy of the user is impaired. May occur. In other words, if the trader agent who has learned the secret information performs work based on the knowledge obtained and the knowledge obtained is no longer needed, the knowledge obtained by the user agent at that stage is discarded. Although the erasure also protects the privacy of the user, as described above, the agent on the provider side knows the profile information of the user because it is an agent working for the benefit of the service provider side. For example, there is a possibility that such profile information will be stored later and effectively used for customer management and marketing and utilized for the benefit of the service provider. The problem of the privacy of the user may be threatened even if the user agent holding the secret information as knowledge moves to the place of the service provider.

The present invention has been conceived in view of the above circumstances, and has as its object that when a plurality of agents operate in cooperation, the parties tend to give priority to their own interests. Various inconveniences caused by such a situation can be prevented.

[0012]

According to the present invention, there is provided a multi-agent system in which agents having independent knowledge operate in cooperation with each other. Includes specific work determining means for determining that a specific work requiring unsuitable neutrality has occurred. On the other hand, a third party agent having neutrality performs the specific task on behalf of the third party agent.

According to a second aspect of the present invention, in addition to the configuration of the first aspect, the third party agent further comprises:
It is an agent that is operated and managed by a third-party organization established to process the specific job, and is developed to perform the specific job.

According to a third aspect of the present invention, in addition to the configuration of the first or second aspect of the invention, the specific job determining means includes a party agent working for each of the parties. Are working together,
The party agent determines that the specific job has occurred when there is a risk of performing a selfish operation that is advantageous to its own position.

According to a fourth aspect of the present invention, in addition to the configuration of the third aspect of the present invention, the content storing means further includes a content storing means for storing paid content, and one of the parties is provided with the content storing means. The other of the parties is a user who wants to search whether or not there is content to be obtained in the content provided by the content provider, and The means determines that the specific job has occurred when a user agent among the party agents desires to search for the pay content stored in the content storage means.

According to a fifth aspect of the present invention, in addition to the configuration according to any one of the first to fourth aspects, the third-party agent is configured to execute the requested work by the third party agent. It is characterized by having a monitoring function for monitoring whether one or both are illegal.

According to a sixth aspect of the present invention, there is provided an agent providing apparatus for providing a third-party agent used in the multi-agent system according to the third aspect, wherein a plurality of types of third-party agents are stored. Agent storage means and a third party agent of a type corresponding to the party agent to be delegated when requested to perform work by a third party agent on behalf of the party agent. Agent search providing means for searching for and providing a third party agent from the third party agents stored in the agent storage means.

The present invention according to claim 7 is used in a multi-agent system in which agents having independent knowledge operate in cooperation with each other, and records an agent program that works for one side of a party. Recording medium, wherein the computer has a first meeting means for meeting with the other agent of the party, and a special job which requires neutrality unsuitable for one or both of the parties to perform. A second meeting means for holding a meeting with a third party agent having neutrality for both parties, and information necessary for having the third party agent execute the specific work on behalf of the third party. Computer-readable recording in which necessary information notifying means for notifying the agent agent and a program for causing the agent to function are recorded Body.

The present invention according to claim 8 is a multi-agent operating method for operating agents having independent knowledge in cooperation with each other. A specific work determination step of determining that a specific required work has occurred;
A third-party agent procurement step of procuring a third-party agent having a neutrality with respect to both of the parties; Executing the specific task by the third-party agent procured in the agent procurement step.

According to a ninth aspect of the present invention, there is provided a mobile agent system in which an agent moves and operates on a network, the mobile agent system comprising a user and a service provider responding to the user's request. The user agent that works on the network functions as a working area when moving and operating on the network, and includes a working area for keeping secrets that can prevent the leakage of secrets. When the user agent moves and performs work, when it becomes necessary to use the secret data, the user agent holds the secret. To the security working area, and within the confidentiality working area, Release the confidentiality of data, characterized in that to enable the execution of the work.

According to a tenth aspect of the present invention, in addition to the configuration of the ninth aspect, the user-side agent encrypts and holds the secret data, and stores the secret working area. And then decrypting and reproducing the encrypted secret data.

The present invention described in claim 11 provides the present invention in claim 10
In addition to the configuration of the invention described in the above, the user-side agent does not have a decryption key used for decryption of the secret data, and after moving to the secret security working area, The decryption of the confidential data using the decryption key obtained in (1) is enabled.

The present invention according to claim 12 is the invention according to claims 9 to
In addition to the configuration of the invention described in any one of the eleventh aspects, the secret data includes a secret key for personal authentication of the user.

[0024]

Next, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a diagram for explaining the general outline of the information search and distribution system. Referring to FIG. 1, the Internet 13 as an example of a wired medium
In response, a personal computer (hereinafter simply referred to as a personal computer) 14 in the user's home 17, a content provider 7, a third party organization 8, a member management center 12, a program-related data creator 11, and a commercial message (hereinafter simply referred to as a CM) creator 10, the program maker 9 and the broadcasting station 2 are configured to be connectable.

The content provider 7 has a database that stores information that can be provided, such as book information, movie information, music information, news information, and the like. Is provided to the personal computer 14 of the user's home 17 via the Internet 13 or by satellite broadcasting from the broadcasting station 2 as an example of wireless media. Other types of content that can be provided by the content provider 7 include, for example, encrypted content data encrypted for charging, control program data for controlling so-called internet home appliances, and the like.

The user's personal computer 14 receives the above-mentioned abstract data transmitted from the broadcasting station 2 via, for example, the satellite 1, searches for and selects the abstract by a user agent to be described later, and selects the selected abstract. Display the data to the user and wait for the user's selection instruction. Alternatively, before displaying the abstract information to the user, the user goes to the content provider 7 which is the source of the abstract information, accesses the actual content information, examines the content, and determines whether the content is really the content the user likes. May be confirmed, and the abstract after confirmation may be displayed to the user.

If there is a request to obtain the content according to the user's instruction or the agent's own judgment, the content provider 7 transmits the selected content information to the broadcasting station 2 and broadcasts it at a predetermined date and time. do that for me. The content provider 7 receiving the broadcast schedule date and the broadcast channel information from the broadcast station 2 transmits the broadcast date and the channel information to the user's personal computer 14 via the Internet 13.

When paid content is included in the content provided by the content provider 7, it may be necessary to confirm the ID of the user who is a member when selling the paid content. In this case, the content provider 7 requests the ID information of the user, transmits the ID information to the member management center 12, has the ID confirmed, and sells the paid content only to the confirmed user. Do.

The broadcasting station 2 obtains a program produced by the program creator 9, and transmits the program to the antenna 5, the satellite 1, the antenna 6
And broadcast to the user's home 17 via. A CM for the broadcasted program is produced by the CM creator 10, the CM data is provided to the broadcasting station 2 via the Internet 13, and the CM is inserted and broadcast between programs.

A user receiving a program broadcast from the broadcasting station 2 may broadcast the program directly on a TV (television) 16 or directly view the program on a CRT of a personal computer 14 for viewing. In some cases, the recorded information is recorded by the video tape recorder 15 and the recorded information is reproduced and viewed at a later date. The TV 16 uses this VTR 15
And has an intro playback function that allows the user to skip and view only the scenes that the user wants to see, and a function that allows the scenes of programs shot and broadcast with multiple cameras and angles to be smoothly switched. . In order to realize the function, a hard disk device or a semiconductor memory capable of high-speed random access is incorporated. Also, the broadcast station 2 broadcasts by adding index information on the video program. On the user side, the received program data is recorded in the VTR 15, and the received index information is stored in a hard disk device or the like. This hard disk is also used for temporarily storing video data read from the VTR 15. Generally, video data stored in a VTR takes time from retrieval to reading.
However, if the video data read from the VTR 15 is temporarily stored on a hard disk, the VTR can be fast-forwarded while the video is being reproduced, and the user can wait until the necessary video is extracted. Time is shortened.

In this manner, the so-called intro reproduction described above can be smoothly performed. as a result,
When a CM is inserted in a received program, the user tends to cut only the CM corresponding to the extravagance and view only the program. CM cut browsing can be easily performed.

Therefore, as a method of preventing such CM cut browsing, a method of superimposing program-related data on CM and broadcasting from the broadcasting station 2 is conceivable. Program-related data for that purpose is produced by the program-related data producer 11 and transferred to the broadcasting station 2. Examples of the program-related data include an address of a homepage for exchanging opinions of the program, commentary on technical terms appearing in the program, and the like.

The CM creator 10 is not limited to a general CM that is inserted between programs and broadcasted from the broadcasting station 2,
A user (consumer) is classified into a number of layers, and a CM targeting only each layer is also created. This classification can be, for example, by gender, age, educational background, occupation, or purchasing trend. A number of such targeted CMs are produced by the CM creator 10 and stored in a database. And the user's agent
The user goes to the M creator to search the database, searches for CM information that the user prefers, and receives the searched CM information via the Internet 13 or by broadcasting from the broadcasting station 2. The CM information retrieved by the user's agent is also configured to be delivered to the user in a state where the program-related data produced by the program-related data creator 11 is superimposed.

FIG. 2 is an explanatory diagram showing the configuration of the multi-agent system. In the present embodiment, an agent is used as autonomous software using telescript, which is a communication language developed by General Magic. User agent 2
Reference numeral 6 denotes a mobile agent. The mobile agent is an agent having mobility in a distributed computing environment, and is characterized in that the agent is transferred and processed to a server via a network (remote programming). The mobile agent moves to a place, which is a common operating environment provided by the telescript engine, and cooperates with other agents on the place to work and work together to solve the problem.

When the user agent operating in the user's personal computer 14 searches for contents at his own discretion or in response to a user's operation command, FIG.
As shown in (a), the process moves to the place 24 of the telescript engine 18 of the content provider 7. The user agent 26 that has moved to the place 24 meets with the destination agent 27 resident in the place 24, searches the contents in the database 19 to find the desired contents, and returns the contents to the personal computer 14. (Send).

Incidentally, 52 is a CRT, 53 is a keyboard,
50 is an IC card insertion slot, 51 is a floppy disk (FD) insertion slot, 20 is a WWW server, and 3 is a communication device.

On the other hand, in the place 25 of the telescript engine 22 of the third party organization 8, a third party organization resident agent 28 is resident. In the database 23,
A plurality of types of third-party agents are stored categorized by function. This third-party organization 8 can be used when a task requiring neutrality that is difficult or unsolvable only by the parties (for example, a user and a service provider that provides a service in response to the user's request) occurs. It is an organization established to execute and solve various specific tasks on behalf of the parties concerned, and is preferably composed of a public or semi-public organization such as a government agency. In addition,
In the figure, reference numeral 22a denotes a computer operated and managed by the third party organization 8.

Various third party agents stored in the database 23 of the third party 8 are operated and managed by the third party 8 and neutralize the above-described specific work requiring neutrality. It is a dedicated agent developed to execute and solve while protecting the sex. The user agent 26 includes, for example, a shopping agent for online shopping, a news filtering agent for searching news articles from news sources and selecting only necessary ones, an e-mail agent for selecting only necessary e-mails, and a user agent. There are various types such as an information collection agent such as a fire fly that searches for music information or movie information that matches the taste. Therefore, it is necessary to prepare a plurality of types of third-party agents for performing the work of the user agent 26 by function according to the type of the user agent 26.

The user agent 26 that has moved to the place 24 of the content provider 7 is
When searching for contents in the database 19 in cooperation with the PC 7, if the user wants to search for the paid contents in the database 19, he or she contacts the third-party resident agent 28, The agent is searched for and the third party agent is seconded to the place 24 of the content provider 7.

This state is shown in FIG.
The seconded agency agent 29 that has been seconded meets with the user agent 26 and hears profile information such as user preferences from the user agent 26.
Then, the third party agent 29 accesses the database 19 while acquiring the knowledge necessary for the content search, searches the content on behalf of the user agent 26, and notifies the user agent 26 of the search result.

In order for the third-party agent 29 to search for the content, the user content 26 must inform the user content 26 of confidential information (eg, the user's annual income, educational background, savings amount, etc.) that is relevant to the privacy of the user. If so, place 24 of content provider 7
If the user agent 26 notifies the third party agent 29 of the secret information, the secret information may leak to the content provider 7. In the present embodiment, the user agent 26 encrypts the secret information SI (see FIG. 14) as described above and holds it as encrypted data.
Just by moving to the place 24 of the content provider 7, the secret information SI is not known to the content provider 7. However, content providers 7
Third place agent 2 on place 24 of
In the case where the encrypted secret information SI is decrypted so that the content information 9 can be decrypted and the encrypted secret information SI is transmitted to the third party agent 29 in the form of plain text, there is a possibility that the plain text secret information SI is known to the content provider 7. .

Therefore, if the content cannot be retrieved without using such secret information SI, FIG.
As shown in FIG.
To the place 25 of the telescript engine 22, and meet with the resident agent 28 of the third party resident there. The three-party agency agent 29 and the user agent 26 meet,
Notify the secret information SI required for the search (FIG. 2D)
reference).

After that, the user agent 26 returns to the place 24 of the content provider 7 and makes a meeting with the resident agent 27 to transfer the paid content to the place 25 of the third party organization 8 in an encrypted form. Then, the transferred pay content is decrypted, and the third party agent 29 searches for and evaluates the pay content on behalf of the user agent 26. The evaluation result is notified to the user agent 26 on the place 24. In this way, it is possible to prevent the secret information SI held by the user agent 26 as knowledge from leaking to the content provider 7 or the like. In addition, the third party organization 8
On place 25 of the agent, how much meet
It is configured so that information can be prevented from leaking to the outside even if it is inged.

FIG. 3 is a flowchart showing the control operation of the user's personal computer 14. This user's personal computer 1
The control circuit 4 will be described later with reference to FIG.

Referring to FIG. 3, first, in step S (hereinafter simply referred to as S) 1, it is determined whether or not information for introducing a site on the Internet has been received. This information is broadcast by satellite broadcasting from the broadcasting station 2 and received by the user's personal computer 14 or transmitted to the Internet 13.
Receive via If the site introduction information has not been received, the process proceeds to S2, and it is determined whether or not the broadcast date and time of the content to be recorded has come. What is recorded content?
Content sent from the broadcast station 2 such as a program scheduled to be recorded on the VTR 15 or the like by a user's input instruction, or content sent from the broadcast station 2 scheduled to be recorded by the user agent at its own discretion That is. If the broadcast date and time of the content to be recorded has not come, the process proceeds to S3, and it is determined whether or not an abstract of the broadcast program has been received. As described above, broadcasting station 2
Broadcasts a summary of the contents of a program to be broadcast (abstract) to a user in advance, and the user receives the abstract broadcast and causes the user agent to determine whether to record and record the program. If the abstract of the broadcast program has not been received, the process proceeds to S4, and it is determined whether or not the user has instructed the agent.

When there is no instruction from the user to the agent, the process proceeds to S5, and it is determined whether or not there is an instruction to reproduce the content. If not, proceed to S6, where the key S
A determination is made as to whether a K1 transmission request has been made. This key SK1 is a key used for decrypting the above-described encrypted secret information SI, and is transmitted from the third party resident agent 28 to the user's personal computer 14 as necessary, as described later. Make a request. SK
If there is no request, the process proceeds to S7, and it is determined whether or not the user agent has instructed the recording of the broadcast content. The user agent operating in the user's personal computer 14 may issue an instruction to the personal computer 14 to automatically record broadcast content such as a broadcast program based on his / her own judgment, as described later.

If there is no broadcast content recording instruction from the user agent, the process proceeds to S8, where it is determined whether the broadcast date and time and the channel have been received. As described later with reference to FIG. 9, the user agent moves to the place 25 of the CM creator 10 and searches for the CM. Is transmitted to the user's personal computer 14. It is determined in S8 whether the broadcast date and time and the channel have been transmitted from the user agent. If the broadcast date and time and channel have not been received, the process proceeds to S9, where other processing is performed and the process returns to S1.

If the site introduction information broadcast from the broadcast station 2 or the site introduction information transmitted via the Internet 13 is received, a determination of YES is made in S1 and the process proceeds to S10, in which the user's personal computer 14 A process for notifying the operating user agent of the site introduction information is performed.

If it is determined in S2 that the broadcast date and time of the content to be recorded has come, the flow advances to S11 to tune to the channel frequency to be broadcast, and in S12 the process of receiving the broadcast content and recording it on the VTR 15 is performed. You. Next, in S13, it is determined whether or not the recorded content includes a CM. If not included, the process returns to S1, but if included, the process proceeds to S14, where it is determined whether there is any editing time. The editing time is defined as the time between the CM that the user agent moves to the place 58 of the CM creator 10 to search and find the CM and the CM inserted between the programs broadcasted by the broadcasting station 2 and recorded on the VTR 15 or the like. It is the time required to perform the editing that replaces.

If there is an editing time, the process proceeds to S15, performs editing for replacing the CM portion of the corresponding program content with the searched CM, and returns to S1. If there is no editing time, the process proceeds to S16, and at the moment when the CM broadcast time comes during the broadcast of the program, the user agent switches to the searched CM and broadcasts the program, and returns to S1.

If the abstract of the broadcast program is broadcasted from the broadcast station 2 and received, a determination of YES is made in S3 and the process proceeds to S17, in which the user agent is notified of the received abstract.

If the user operates the keyboard 53 or mouse to give any instruction to the agent, S18
The process is performed to notify the user agent operating in the personal computer 14 of the instruction.

If the user operates the keyboard 53, mouse or the like to give an instruction to reproduce the content, YES is obtained in S5
Is determined, the process proceeds to S19, and it is determined whether the content to be reproduced is an encrypted content. In the case of the encrypted content, after performing the content reproduction process in S20, the content is output in S21 and is broadcasted on the CRT 52 or the TV 16. On the other hand, if the content is not encrypted, S2
The process directly proceeds to S21 without performing the process of 0, and the content output process is performed. Details of the content reproduction process in S26 will be described later with reference to FIG.

If there is a transmission request for the key SK1, S6
Is made, the process proceeds to S22, and the process of transmitting the challenge data CH to the resident agent 28 of the third party is performed. The challenge data CH is composed of a random number or the like generated by the personal computer 14. The resident agent 28 of the third party transmits the challenge data C
It receives H and encrypts it with the secret key SK3 of the third party organization 8, that is, calculates E _{SK 3} (CH) and returns it as response data RES (see SB12 and SB23b).

Upon receiving the response data RES, the personal computer 14 makes a determination of YES in S22a and proceeds to S22b to decrypt the received response data RES with the public key of the third party 8, ie, D
_PK3 (RES) is calculated, and it is determined whether or not the calculation result matches the challenge data CH transmitted in S22. If there is a request for SK1 from the third party resident agent 28 of the authorized third party 8, CH = D _PK3 (RES).
In that case, the process proceeds to S22c, where the key SK1 is
Operation or E is encrypted using the public key PK3 of _PK3
(SK1) is calculated and the third party resident agent 28 is calculated.
The process of transmitting to is performed. On the other hand, if it is determined from S22b that they do not match, the process returns to S1 without performing the transmission process of S22c.

If there is an instruction to record broadcast content from the user agent, the process proceeds to S23, and processing for storing the broadcast date and time and the channel of the content to be recorded according to the instruction is performed.

If the broadcast date and time and the channel are transmitted from the user agent, a determination of YES is made in S8 and the process proceeds to S24, in which the transmitted broadcast date and time, that is, the broadcast date and time of the content to be recorded and the channel are stored. Is made.

FIGS. 4 to 6 and 10 are flowcharts showing the operation of the user agent. By SA1,
It is determined whether or not the introduction information of the site on the Internet has been received. If not, the process proceeds to SA2, and it is determined whether or not the abstract information of the program has been received. If not, the process proceeds to SA3. It is determined whether an instruction from the user has been received. If not, the process proceeds to SA4, and it is determined whether the time at which the user agent moves has come. If not, the process proceeds to SA5. After performing other processing, SA
Return to 1.

When the site introduction information broadcast from the broadcast station 2 is received or when the site introduction information transmitted via the Internet 13 is received, the process proceeds to SA6,
It is determined whether or not the information includes an abstract of the content. If an abstract of the content is included, the process proceeds to SA7, and the user agent evaluates the abstract and the site introduction information. This evaluation is to determine whether or not the site is preferred by the user who owns the user agent or whether the content is preferred by the user.
The user agent includes, for example, profile information 96 including user preference information and the like as shown in FIG.
Is held as knowledge, and evaluation is performed using this profile information.

On the other hand, if the abstract of the content is not included, the process proceeds to SA8, and the evaluation is performed using only the site introduction information. Next, the process proceeds to SA9, where it is determined whether or not the evaluation is equal to or more than a predetermined value. If not, the process returns to SA1. On the other hand, if it is not less than the predetermined value, SA1
The process proceeds to step S0, where the address of the site is registered as the destination, and then the process returns to SA1.

When the user's personal computer 14 receives the broadcast program abstract and informs the user agent in S17, a determination of YES is made in SA2 and the process proceeds to SA11, where the program is evaluated based on the program abstract. . This evaluation is performed by determining how much the user likes based on the user's profile information 96, as described above. And by SA12,
It is determined whether or not the evaluation is equal to or more than a predetermined value. If the evaluation is not equal to or more than the predetermined value, the process returns to SA1. The program registered in the recommended program list is displayed to the user as a recommended program, and the user is instructed as described later. If the user receives the broadcast of this recommended program and issues an instruction to browse or record it on VTR 15,
The specified recommended program is deleted from the recommended program list.

The process proceeds to SA14, where it is determined whether there is any program registered in the recommended program list whose broadcast date and time comes, and if not, the process returns to SA1. The fact that the program is registered in the recommended program list means that the program is recommended to the user as described above, but the user has not yet issued an instruction as to whether to browse or discard the program. If the broadcast date and time of a recommended program that has not been issued has come, it is determined in SA15 whether or not the recommended program is automatically recorded by the user agent's own judgment. If it is determined that automatic recording is not to be performed, the program returns to SA1 after deleting the program whose date and time has come from the recommended program list in SA16. On the other hand, if it is determined that the program is to be automatically recorded, the process proceeds to SA17, in which the recommended program registered in the recommended program list is transferred to the automatically recorded program list and registered.

Then, the flow advances to SA18, where a content recording instruction is issued to the personal computer 14. As a result, as described above, a determination of YES is made in S7, and the broadcast date and time and channel of the recording target content instructed in S23 are recorded. As a result, since the broadcast date and time is the current time, the determination of YES is made immediately in S2, and the process of receiving and recording the recommended program with the broadcast date and time is performed in S1.
7 and later.

Next, the process proceeds to SA19, where it is determined whether or not there is a CM in the program content for which the instruction has been issued. If not, the process proceeds to SA16, and a process for deleting the date and time from the recommended program list is performed. That is, since the recommended programs registered in the recommended program list are received and recorded, there is no need to register them in the recommended program list thereafter. It is deleted from the recommended program list.

On the other hand, if it is determined in SA19 that there is a CM in the program content for which the instruction has been issued, SA20
The process proceeds to SA16 after the process of searching for the CM corresponding to the program sponsor is performed. The CM search processing corresponding to the sponsor of SA20 will be described with reference to FIG.

When the user gives an instruction to the user agent, the instruction is notified to the user agent in S18, and as a result, YES is determined in SA3 and the process proceeds to SA21. In SA21, it is determined whether or not the instruction from the user is an instruction to browse the recommended program list. If the instruction is a browse instruction, the process proceeds to SA22, and control is performed to display the recommended program list on the CRT 52 or the TV 16. On the other hand, when the instruction is not the instruction to browse the recommended program list, the process proceeds to SA23, and it is determined whether the instruction is to browse the automatic recording program list. If a determination of YES is made from SA23, the process proceeds to SA24, and control for displaying the automatically recorded program list on the CRT 52 or the TV 16 is performed.

If the instruction is not an instruction to browse the automatically recorded program list, the process proceeds to SA25, and it is determined whether the instruction is to browse content search results. If the user agent searches for the content, the search result is transmitted to the personal computer 14 as described later. Control is performed.

If the instruction is not an instruction to browse the contents search result, the process proceeds to SA27, and it is determined whether the instruction is a recording instruction for a recommended program. If the user who browsed the recommended program displayed by SA22 wants to record and browse the recommended program, the user issues a recording instruction of the recommended program desired to be recorded. As a result, the server makes a determination of YES through SA27, proceeds to SA29, and performs a process of issuing an instruction to record the designated recommended program content to the personal computer 14. As a result, in the personal computer 14, YE is determined by S7.
The determination of S is performed, and the process of recording the broadcast date and time and the channel of the designated content to be recorded is performed in S23. The subsequent content recording process is executed.

Next, the process proceeds to SA30, in which the program for which the instruction has been issued is deleted from the recommended program list, and then SA19.
Proceed to.

If it is not a recommended program recording instruction, SA
Proceeding to 28, the user agent performs other processing and returns to SA1.

If NO is determined in SA3, the process proceeds to SA4, and it is determined whether or not the movement time has come. The movement time is a time at which the user agent moves to a site on the Internet via a network and executes a search for contents or the like, and is a preset time. If the movement time has not yet arrived, the process proceeds to SA5, and after performing other processing, SA1 is executed.
Return to On the other hand, when the moving time has come, the process proceeds to SA5a, executes the agent moving process, and returns to SA1.
This agent transfer process is shown in FIGS.

Next, a flowchart of the agent moving process will be described with reference to FIGS. A process of moving the user agent is performed by SA31. The destination of the user agent is specified by the address registered as the destination by the above-described SA10. This movement of the user agent is actually a process of copying a user agent (clone) that is exactly the same as the user agent in the user's personal computer 14 and transferring it to the destination.

Then, the flow advances to SA32 to meet with the destination agent 27 resident in the destination place to exchange various necessary information. Next, SA3
The process proceeds to step 3 to determine whether or not there is free content in the database 19 based on the result of the meeting. To determine whether or not the search is completed, and continue the free content search process until the search is completed. Then, the process proceeds to SA36 at the stage of completion. On the other hand, if it is determined that there is no free content, the process directly proceeds to SA36.

At SA 36, it is determined whether or not there is paid content in the database 19. If not, the process proceeds to SA 38, where the meeting with the destination agent 27 is made, and a command to transmit the selected content to the personal computer 14 is issued. I will get you out. Next, the process proceeds to SA39, where processing for transmitting the search result to the personal computer 14 is performed, and the process proceeds to SA40, where it is determined whether or not the movement has been completed. If all the destination plans registered in SA10 have been moved, it is determined that the movement has been completed, and the flow advances to SA40a to delete the self and terminate. On the other hand, if it is determined in SA40 that the movement has not been completed, the process proceeds to SA31 again, where the user agent moves to the next scheduled address and performs the same processing as described above.

On the other hand, if it is determined in SA36 that there is a pay content, the flow advances to SA37 to perform a process of searching for the pay content by the abstract of the content. Then, the search is continued until the search is completed by SA41. SA4 when search is completed
In step S2, it is determined whether or not there is a high-paid content exceeding a predetermined fee in the paid content. If not, the process proceeds to SA39, and the search result based on the abstract of the charged content is transmitted to the personal computer. If there is a high-paid content, the process proceeds to SA43, and it is determined whether or not the high-paid content is desired to be obtained. This judgment is made based on the above-described abstract of the high-paid content. If there is nothing to be obtained, the process proceeds to SA39, but if there is something to be obtained, the process proceeds to SA44.

As described above, for a low-paid content that is not a high-paid content, only the abstract of the content is searched, and the search result is transmitted to the personal computer 14, and the user is instructed. On the other hand, if there is a high-paid content that you want to obtain,
By (4), it is determined whether or not the secret information (SI) is necessary for searching for the desired high-priced content. If it is not necessary, proceed to SA45 to move to the destination agent 2
The process of notifying the type of the agent to the agent 7 and requesting the nearest third party agent to be seconded is performed. In response to this request, the transfer destination agent 27 receives the third party resident agent 28 of the nearest third party 8.
And dispatching (dispatching) a third-party agent of an optimal type corresponding to the type of the user agent 26. Upon receiving the request, the third party agent moves to the destination, for example, place 2 of the content provider 7.
If it goes to No. 4, the determination of YES is made in SA46 and the process proceeds to SA64.

At SA64, a request is made to have a meeting with the second party agent 29, which has been seconded, to have the agent search for the desired high-priced content (see FIG. 2B). Then, as will be described later, the third party agent 29 transmits the necessary profile information 96.
Is retrieved from the user agent 26, and the database 19 is accessed based thereon to search for the desired high-priced content, search for the high-priced content expected to be preferred by the user who owns the user agent 26, and evaluate its evaluation. Do. Next, at SA66, the user agent 26 informs the third party agent 29 of the evaluation of the search result.

Next, the process proceeds to SA67, in which the user agent 2 determines whether or not to purchase the searched paid content.
6 does. If the purchase is not made, the process proceeds to SA39, but if the purchase is made, the process proceeds to SA68 and the destination agent 2
7 and receive the encrypted information _EPK3 (OI) and _EPK3 (PI) of the order information OI and the payment instruction PI. The order information OI is content NO specifying the type of pay content desired to be purchased, and information indicating intention to purchase. The payment instruction PI is a payment method such as credit or electronic cash and information on the amount of payment. Information obtained by encrypting the information OI and PI with the public key PK3 of the third party organization 8 is transferred from the destination agent 27 to the user agent 26.
Receive.

Next, the flow advances to SA69, and moves to the place 25 of the third party organization 8 together with the received information. Then S
A70, third party resident agent 28 and meet
(see FIG. 2 (c)), and encrypts the user's secret key SKU with the user's key SK1 to form an encrypted secret key E _SK1 (S
KU) and the above-mentioned E _PK3 (OI) and _{EP K3} (PI) to the agent 28 resident on a third party organization, and the decryption key SK1 of the secret information SI to the personal computer 1 of the user.
Make a request to get it from 4.

The resident agent 28 of the third party receives the SK1 from the user's personal computer 14, performs a decryption process using the key, reproduces the SKU, OI, and PI, and
I and PI are hashed to generate an order information digest OI 'and a payment instruction digest P', and the two digests are combined and encrypted with the user's private key SKU, and the E _SKU (OI ', PI') is Generate.
In SA71, the user agent 26 sets its E _SKU
(OI ′, PI ′) is received and returned to the place 24 of the content provider 7 which is the transfer destination. Next, at SA72, a meeting is made with the destination agent 27, and E
Along with notifying the _SKU (OI ', PI'), a request is made to send an instruction to transmit the selected content to the personal computer 14. Then, the process proceeds to SA39.

The above-mentioned user private key SKU is, for example, a private key used in the RSA public key cryptosystem, and this user private key is used for a digital signature for personal authentication in electric commerce and the like. Note that the algorithm of encryption and decryption using the secret key of the SKU and the corresponding public key may use a so-called elliptic curve encryption algorithm instead of the RSA public key encryption algorithm.

Next, if it is determined in SA44 that the secret information SI is necessary for searching for the desired high-priced content, the process proceeds to SA47 to determine whether user authentication is necessary. . Some content providers may request user authentication from a user agent who wants to search for expensive content. In other words, since the price of the content to be searched is high, the user agent who issued the browsing request and the user who owns the user agent are sure whether or not they are themselves, and wish to prevent impersonation by others. There is a content provider. In such a case, the SA 47 determines that the user authentication is necessary, and proceeds to SA 48 to send the encrypted authentication target message _EPK3 (NM) obtained by encrypting the authentication target message NM to the user agent 2.
6 is received from the foreign agent 27.

This PK 3 is the public key of the third party 8 as described above. Proceeding to SA49, the user agent 26 moves to the nearest third-party organization 8, and meets with the resident agent 28 of the third-party organization to search for an optimal third-party organization agent. Request that SK1 be ordered from personal computer 14. Next, the process proceeds to SA51, where the meeting is performed with the searched third party agent, and the necessary encrypted secret information E _SK1 (SI) is notified to the third party agent 29. Next, the process proceeds to SA52, where it is determined whether or not user authentication is necessary.
Proceed to 3 and E _SKU (NM)
Then, the process proceeds to SA54.

As will be described later, the third party agent 29 decrypts _EPK3 (NM) with the secret key SK3 of the third party and encrypts the reproduced NM with the user's secret key SKU. Generate E _SKU (NM). The user agent 26 and the third party agent 29
Meeting and receive the E _SKU (NM).
The authentication target message NM is, for example, a random number generated by the foreign agent 27.

Next, at SA54, a process of returning to the destination such as the place 24 of the content provider 7 is performed.
ing and encrypted desired high-priced content E _PK3
(KC) is requested to be transferred to the third party organization 8.

The third-party agent 29
_PK3 (KC) is decrypted and the _requested high-priced content KC reproduced is searched and evaluated, and the evaluation of the search result is encrypted by SK3 which is the secret key of the third party organization 8, and the encrypted data is used. A certain E _SK3 (HK) is transferred to the user agent 26 on the destination place 24.
Then, YES is determined by SA56 and SA5 is determined.
7 and transfer the received data to the public key P
The process of decoding with K3, that is, D _PK3 ｛E _SK3 (H
K) A process for reproducing the evaluation HK is performed by calculating｝.

Next, the flow advances to SA58, where the reproduced evaluation HK is reproduced.
It is determined whether or not to purchase the paid content based on the above. If the content is not to be purchased, the completion of the process is notified to the third party 8 by SA59, and then the process proceeds to SA39. On the other hand, when purchasing, proceed to SA60, meet with the destination agent 27, and transfer the encryption information _EPK3 (OI) and _EPK3 (PI) between the order information OI and the payment instruction PI to the third party organization 8. Make a request to do so. The third-party resident agent 28, as described above, uses the _{ESK U} (O
I ′, PI ′), and sends it to the destination user agent 26. As a result, YE
After the determination in S, the process proceeds to SA62, where a meeting is performed with the destination agent 27, and a request is made to have the selected content transmitted. Next, proceed to SA63,
After notifying the third party 8 that the processing has been completed, SA39
Proceed to.

The above-mentioned E _SKU (OI ', PI') is a user's double signature for order information and a payment instruction specified in so-called SET (Secure Electronic Transaction).

FIG. 7 shows a third-party resident agent 28.
6 is a flowchart showing the operation of the first embodiment. At SB1, it is determined whether or not a secondment request (dispatch request) has been made. If not, the process proceeds to SB2, where it is determined whether or not the user agent 26 has come to the place 25 of the third party organization 8, and it has been determined. If not, the process proceeds to SB3, where it is determined whether or not a notification of the completion of the process has been received from the user agent 26. If not, the process proceeds to SB4, where the destination agent 27 receives the _EPK3 (OI), _EPK3 (PI ) Is transmitted or not, and if not transmitted, the process returns to SB1.

The user agent 26 sends a second party agent's secondment request to the destination agent 27, and the destination agent 27 indicates that there is a second request and the type of the second agent 26 (eg, authority information). Third-party resident agent 28
Proceeds to SB5, the third party resident agent 28 accesses the database 23 based on the notified type of the agent and performs a process of searching for the third party agent. Then, a process of searching for an optimal third-party agent 29 that matches the type of the user agent 26 and issuing a secondment instruction to the searched third-party agent 29 by SB6 is performed.
Return to SB1.

According to SA49 or SA69 described above,
User agent 26 is third place 8 place 25
In step SB2, a determination of YES is made by SB2, and the flow advances to SB7 to meet with the user agent 26. Then, various necessary information exchanges are performed, and the process proceeds to SB8, where it is determined whether or not the purpose of the user agent 29 is a job request to the third-party agent 29. If the user agent 26 came to the place 25 of the third party 8 based on SA49,
A determination of YES is made in SB8, and the flow advances to SB9 to perform processing of searching for the third party agent 29.

Next, the process proceeds to SB10, where the source of the user agent 26, that is, the personal computer 14 is called, and the secret information S is called.
Processing for requesting a key SK1 for decrypting the encrypted data of I is performed. As described above, the personal computer that has received this request generates a random number to authenticate whether the third party 8 that has requested SK1 is really a legitimate third party. Challenge data CH
Reply as The third party resident agent that has received the challenge data CH determines YES in SB11.
Is determined, the process proceeds to SB12, and E _SK3 (CH) is transmitted to the personal computer 14 as response data RES.

As described above, the personal computer 14 decrypts the transmitted response data RES with the public key PK3 of the third party and determines whether or not the response data RES matches the challenge data CH. Only when they match, _EPK3 (SK1) obtained by encrypting the key SK1 with the public key PK3 of the third party is transmitted. The third party resident agent that has received the request makes a determination of YES through SB14, proceeds to SB15, and decrypts the received data with the secret key of the third party 8, that is, D _{SK 3} @E
Calculate _PK3 (SK1)｝ to reproduce SK1. Then S
Proceeding to B16, the searched third party agent 29
The process of notifying SK1 is performed, and the process proceeds to SB17.

At SB17, it is determined whether or not the user agent 26 has returned to the destination, that is, the place 24 of the content provider 7, and a process of waiting for the return is performed. The user agent 26 that has moved to the place 25 of the third party 8 is the SA5 described above.
After performing the processing of 0 to SA53, the process returns to the destination (see SA54). When the user agent 26 returns to the place 24 of the content provider 7 as the destination, the process proceeds to SB18, where the user agent 26 A process for deleting the clone is performed. As a result, the user agent 26 whose work has been completed does not exist on the place 25 of the third party agent 28. Next, the process proceeds to SB19, where the resident agent 28 of the third party meets the agent 29 of the third party,
After performing the process of listening for the SKU, which is the user's secret key, the control returns to SB1.

The user agent 26 determines that SA6
Place 25 of third party agent 8 based on 9
Is reached, SB8 determines NO and S
The processing after B20 is performed. That is, the fact that the user agent 26 comes to the third-party organization 8 in accordance with SA69 is to perform the processing required for performing the purchase procedure of the pay content while preventing the leakage of the secret information. In such a case, the resident agent 28 of the third party first receives the E _SK1 (SKU), E _PK3 (OI),
_Receive E _PK3 (PI). Next, the SB 21 reproduces the order information OI and the payment instruction PI, that is,
D _SK3 {E _PK3 (OI)}, D _SK3 {E _PK3 (PI)}
Is calculated.

Next, the process proceeds to SB22, where a process of hashing the OI and PI to calculate digests OI 'and PI' of both is performed. Next, the process proceeds to SB23, where the source of the user agent 26, that is, the personal computer 14 is SK1
Is performed.

When the user's personal computer 14 transmits the challenge data CH in the same manner as described above, a determination of YES is made by the SB 23a and the process proceeds to the SB 23b, where the received challenge data CH is transmitted to the secret key SK3 of the third party organization 8 using the secret key SK3. A process of transmitting the encrypted E _SK3 (CH) to the personal computer 14 as response data RES is performed. PC 1
In step 4, as described above, the third party 8 is authenticated based on E _SK3 (CH), and if it is determined that the authentication result is correct, _EPK3 (SK1) is transmitted. When the third party resident agent 28 receives it, the process proceeds to SB25, where D _SK3 {E _{PK 3} (SK1)} is calculated, and SK1 is reproduced.

Next, the process proceeds to SB26, where D_sk1｛E_SK1(S
KU) A process for calculating｝ to reproduce the user's private key SKU
Is performed. Next, proceed to SB27,_SKU(O
I ′, PI ′) and passes the result to the user agent 26.
An informing process is performed. This E _SKU(OI ', P
I ') is the user's dual response to order information and payment instructions
It becomes a signature. Third, the process proceeds to SB27a, where the user agent
A determination is made whether the event has returned. User age
As described above, the agent 26 performs the processing of SA70.
Place 2 of the content provider 7 that is the destination
4 (see SA71) and the user age
When the agent 26 returns, the process proceeds to SB27b, where the user
S after deleting the agent's clone
Return to B1.

FIG. 8 is a flowchart showing the operation of the third party agency agent 29. At SC1, it is determined whether or not there is a dispatch command. If not, the process proceeds to SC2, and it is determined whether or not E _SK1 (SI) has been notified. If not, the process returns to SC1.

If a secondment instruction is designated by the resident agent 28 of the third party organization during the circulation of the loop of SC1 and SC2 (see SB6), a determination of YES is made by SC1 and the process proceeds to SC3. A process of moving to a destination such as the place 24 of No. 7 is performed. More specifically, this transfer processing is performed while leaving the third party agent 29 in the database 23 and replacing the clone of the third party agent 29 with the destination place 2.
4. Next, the process proceeds to SC4, where the user agent 26 and the me
The user is notified of the desired high-priced content, and the necessary user profile information 96 (FIG. 1)
4) is performed (see SA64). The profile information 96 of the user to be taught from the user agent 26 is the publicly available information NSI
(See FIG. 13). This is not the exchange of the user profile information on the place 25 of the third party 8 that can prevent the leakage of the confidential information, but the information provider 7
Since the user profile information is exchanged on the place 24, the confidentiality cannot be maintained, and therefore the information is limited to the publicly available information NSI which does not need to maintain the confidentiality.

Then, the flow advances to SC5, where a process of evaluating the desired high-priced content is performed. This evaluation is performed by numerically expressing the degree that the user is likely to like based on the user profile information 96 that has been taught. Next, the process proceeds to SC6, and it is determined whether or not the desired high-priced content is illegal content. Illegal content is, for example, content that violates criminal law, such as content related to drug smuggling routes and content related to handgun acquisition routes. Also, contents that violate the Customs Sales Act may be included in the illegal contents.

If it is determined that the content is not illegal, the process proceeds to SC10, where the third party agent 29 erases itself and ends. On the other hand, if it is determined that the content is illegal, the process proceeds to SC7, where the evaluation that the content cannot be purchased due to illegality is notified to the user agent 26, and the police is notified of the illegality by SC8. Next, proceed to SC9, where illegal contents are
SC1 after performing the process of storing it as take-away evidence
Go to 0.

_Esk1 which is information obtained by encrypting the secret information SI of the user's profile information by the user agent 26 during the circulation of the loop of SC1 and SC2.
If (SI) is notified (see SA51), SC
A determination of YES is made by 2 and the process proceeds to SC11, where a meeting is performed with the resident agent 28 of a third-party organization, and a process of receiving a key SK1 for decryption is performed. Next, the processing proceeds to SC12, the process of storing and reproducing secret information SI and calculates a _{D SK 1 {E sK1 (SI} )} is performed.

Then, the flow advances to SC18, where it is determined whether or not user authentication is necessary.
Go directly to 5, but if necessary go to SC14. SC
At 14, the process of calculating E _SKU (NM) and informing the user agent 26 is performed. The NM is a message to be authenticated received by the user agent 26 from the foreign agent 27 and received as encrypted information encrypted with a public key of a third party (see SA48).
Then, the encrypted authentication target message is brought into the place 25 of the third party organization 8 by the user agent 26,
The authentication target message NM decrypted and reproduced by the third party resident agent 28 is notified to the third party agent 29. Third Party Agent 29
Is the S that is reproduced by the notified NM and SC12.
Based on the user's private key SKU (see FIG. 14) included in I, E _SKU (NM) is calculated and _reported to the user. This E _SKU (NM) becomes data for user authentication, and the user agent 26 receives the data (see SA53), returns to the destination place 24 (see SA54), and moves to the destination on the place 24. _Inform agent 27 of E _SKU (NM).

Then, the flow advances to SC15, where it is determined whether _EPK3 (KC) has been received or not, and the process stands by until _EPK3 (KC) is received.
The user agent 26 who has brought the E _SKU (NM) back to the destination place 24 _transmits the E _PK3 (K
Request to transfer C) (see SA55).
Upon receiving this, the destination agent 27 sets the E _PK3 (K
C) to the third party agent 28 of the third party 8. If the transmitted _EPK3 (KC) is received, the process proceeds to SC16, where processing of calculating _DPK3 { _EPK3 (KC)} and reproducing the KC is performed. Next, the process proceeds to SC17, where processing for evaluating the desired high-priced content KC is performed.

Then, the flow advances to SC18, where it is determined whether or not the desired content is illegal. This determination is made in the same manner as in SC6 described above. If the content is illegal, the process proceeds to SC7. If the content is not illegal, the process proceeds to SC19. E _SK3 (HK)
Is calculated by the SC 20 and the result of the calculation is transmitted to the user agent 26 on the destination place 24, and then the process proceeds to SC10.

FIG. 9 is an explanatory diagram for explaining the operation of the agent in the CM creator 10. A resident agent 59 exists in the CM place 58 in the telescript engine 57 of the CM creator 10. In the figure, 5
Reference numeral 6 denotes a database storing a large number of CMs produced by the CM creator 10, 54 a WWW server, and 55 an information processing computer.

The user agent operating in the user's personal computer 14 is connected to the Internet 13 as necessary.
To CM place 58 of CM creator 10 via. On the CM place 58, the user agent 26 and the resident agent 59 meet and search for a CM that the user prefers in cooperation with each other.

FIG. 10 is a flowchart of the user agent showing the specific operation of the CM search corresponding to the sponsor shown in SA20 of FIG. By SA73,
User agent from PC 14 to CM place 5
Move to 8. This movement is performed by duplicating the user agent 26 in the personal computer 14 to create a clone, and using the clone as the user agent 26 in the CM place 58.
This is done by dispatching to. Next, the process proceeds to SA74, where it is determined whether or not its own clone is already resident in the CM place 58. If it is already resident, the process returns to SA73, and the CM place 5 of the next CM creator 10 is returned.
Move to 8.

According to SA73 and SA74, the user agent 26 sets the C where the own clone is not resident.
The M place 58 is found and moved there. If the CM place where the own clone is not located is found, the process proceeds to SA75 and the database 5
Then, a process of accessing CM 6 and searching for a CM is performed. Next, the process proceeds to SA76, where it is determined whether there is a desired CM. If not, the process proceeds to SA81, but if there is, the process proceeds to SA77. In SA77, the desired CM is transmitted to the user's home 17 using radio wave media (wireless media).
It is determined whether the data is to be transmitted or transmitted using a wired medium such as the Internet. If it is determined that the radio wave media is not used, the process proceeds to SA78, and a process of transmitting a desired CM to the personal computer 14 via the Internet 13 is performed.

On the other hand, when using radio wave media, S
Proceed to A79, meet with the resident agent 59,
A process is performed to get the broadcast date and time and channel of the desired CM. Next, the process proceeds to SA80, where processing of transmitting the broadcast date and time, the channel, and the recording instruction to the personal computer 14 via the Internet 13 is performed.

Next, the flow advances to SA81, where it is determined whether or not the user agent 26 is stationed at the CM place 58. If not, the flow advances to SA86 to determine whether or not the movement has been completed. If any of the CM creators to be moved has not been moved yet, the flow returns to SA73 to perform the next movement. Go ahead. On the other hand, if all the CM creators 10 to be moved have been moved, the process proceeds to SA78, where the user agent 2
6 is returned to the user's personal computer 14, and the control ends.

On the other hand, the user agent 26
If it is determined that the CM is resident in the place 58, the process proceeds to SA82, in which a process of creating a clone of itself and moving it to a CM place of another CM creator 10 which is scheduled to be moved is performed. Next, proceed to SA83, CM place 58
The user agent 26 who has been stationed at is meeting with the resident agent 59 to determine whether or not a new CM has been created. If the CM creator 10 creates a new CM and stores it in the database 56, the resident agent 59 notifies the user agent 26 stationed in the CM place 58 that the new CM has been created. If there is, a determination of YES is made by SA83 and the process proceeds to SA88.

At SA88, the user agent 26 residing in the CM place 58 searches for and evaluates the new CM. Next, the process proceeds to SA89, and as a result of the evaluation, it is determined whether or not to obtain the new CM. If not, the process proceeds to SA83, but if so, the process proceeds to SA90 and the user of the desired CM is checked. As a transmission method to the house 17, it is determined whether or not to use radio wave media (wireless media). If not used, the process proceeds to SA93 to transmit the desired CM to the personal computer 14 via the Internet 13, and then the process proceeds to SA83. On the other hand, when using the radio wave media, proceed to SA91, meet with the resident agent 59, and have him / her know the broadcast date / time and channel of the CM that he / she wants to obtain. After the process of transmitting the data to the personal computer 14 via the PC 13 is performed, the process proceeds to SA83.

If it is determined in SA83 that there is no new CM to be created, the process proceeds to SA84, and it is determined whether or not to terminate the resident operation. However, if the resident is to be terminated, the process proceeds to SA85, where the process of deleting the resident user agent 26 itself is performed, and the control ends.

FIG. 11A is a flowchart showing the operation of the resident agent 59 on the CM place 58.
FIG. 11B is a flowchart illustrating a control operation of the information processing computer 55 of the CM creator 10.

First, the operation of the resident agent 59 resident in the CM place 58 will be described.

A determination is made as to whether a new CM has been produced according to SD1.
Proceeds to SD2 if it is produced. SD
In step 2, a process is performed to meet with the user agent 26 stationed at the CM place 58 to notify that a new CM has been produced. Next, the process proceeds to SD3, where it is determined whether or not a request for notification of the CM broadcast date and time has been made. If not, the process returns to SD1. On the other hand, when the user agent 26 requests the notification of the CM broadcast date and time and the channel based on SA79 or SA93 described above, a determination of YES is made in SD3 and the
Proceed to 4.

In SD4, a determination is made as to whether the CM for which notification has been requested is a broadcast that has already been scheduled. In the case of a broadcast that has already been scheduled, the broadcast date and time and the channel have already been determined.
Then, after the process of notifying the user agent 26 in the CM place 58 of the scheduled broadcast date and time and the channel is performed, the process returns to SD1.

On the other hand, if the broadcast is not scheduled, S
Proceeding to D6, a process of transmitting a CM to the broadcast station 2 and requesting a broadcast is performed. Next, the process proceeds to SD7, where it is determined whether or not the broadcast date and time and the channel have been returned. Upon receiving the broadcast request, the broadcast station 2 schedules when the requested CM will be broadcasted, and if it is decided, notifies the resident agent 59 of the CM place 58 of the CM creator 10 of the broadcast date and time and the channel. Send.
Then, a determination of YES is made by SD7 and SD8
And a process of storing the broadcast date and time and the channel returned by classifying for each CM number is performed. Next, SD9
After the process of notifying the user date and time and the channel to the user agent 26 on the CM place 58 is performed,
Return to D1.

Next, the operation of the information processing computer 55 will be described. In SE1, it is determined whether or not the program-related data has been received. If not, the process proceeds to SE4. As described in FIG. 1, the program-related data creator 11
When the program-related data is transmitted to the CM creator 10 from SE, the determination of YES is made by SE1 and the process proceeds to SE2, and the CM of the corresponding program is searched from the database 56, and the CM and the received program-related data are retrieved. A process for polymerizing the data is performed. As a result, the database 56
The CMs in the above are CM data obtained by superimposing program-related data. In addition, even if the same CM
Since the program-related data differs depending on the M, even for the same CM, a plurality of CM data in which different program-related data are superimposed for each target program are stored in the database 56. As a result, the CM transmitted to the broadcasting station in accordance with the above-described CD6 becomes CM data in which program-related data of a program corresponding to the CM is superimposed. Also, the user agent 26 makes the resident agent 59
When making a request for notification of the broadcast date and time and the channel, the user is notified which program is to be inserted and broadcast. The resident agent 59 searches the database 56 for CM data in which program-related data corresponding to the target program is superimposed, and transmits the CM data to the broadcasting station 2. The database 56 is divided into two parts, a CM dedicated database storing only CMs and a program related data dedicated database storing only the program related data transmitted from the program related data creator 11. When a notification request of the CM broadcast date and time and channel is received from the resident agent 26, the resident agent 59 searches for program-related data related to the program to be inserted and broadcasted by the CM, and the resident agent 59 searches for the resident data and the resident data. The program related data searched by the agent 59 may be superimposed and transmitted to the broadcasting station 2. Next, the process proceeds to SE3, and a process of transmitting to the broadcasting station 2 a CM to be broadcast together with the program among the superimposed CMs is performed. That is, a CM inserted and broadcast between programs is transmitted to the broadcasting station by the SE3, and the broadcasting station 2 broadcasts the program and program-related data superimposed on the CM.

Next, proceeding to SE4, a newly produced CM
It is determined whether or not an input has been made to the database 56. If not, the process returns to SE1. On the other hand, if there is an input, the process proceeds to SE5 to record the new CM in the database 56, and then proceeds to SE6 to notify the resident agent 59 that the new CM has been produced. Is returned to SE1.

FIG. 12 is a view showing a screen on which a CM on which program-related data is superimposed by SE2 described above is received and the CM is broadcast by the CRT 52 or the TV 16 of the personal computer 14 of the user's house 17. In this FIG.
Is shown on the screen when a CM is broadcast on the CRT 52 of FIG. The case of FIG. 12 is a case of a CM of a suit inserted between suspense programs in which the main character called Inspector Colombo appears. Then, the user of the personal computer 14
The student will be a first-year student after graduating from university next year, and the information graduated next year is held as knowledge by the user agent 26 as user profile information.

Therefore, based on the knowledge of graduation next year, the user agent 26 sets the CM as shown in FIG.
Searched. Then, as a program-related data, an address of a home page for exchanging opinions of the program is displayed (see FIG. 12A). For example, a message "Please pay attention to the right hand of Inspector Colombo at the murder scene" is displayed (see FIG. 12B). Further, as shown in FIG. 12 (c), explanations of technical terms appearing in the program, for example, characters such as "subliminal effect: inserting a video for a moment when humans cannot be conscious and appealing to the subconscious" are displayed. Is also good. As described above, the superimposition by SE2 is the superimposition of the CM image and the character information as shown in FIG.

FIG. 13 is a block diagram showing a control circuit of the communication device 3 of the content provider 7 and the personal computer 14 of the user shown in FIG. The communication device 3 includes a variable-length data generation unit 31, a random number acquisition unit 32, an encryption processing unit 33, a logic circuit 34, a communication control unit 35, an authentication processing unit 36, and a master key encryption processing unit 37.

The variable-length data generation unit 31 sends a transmission command (SA38) of the selected content by the destination agent 27.
), And generates variable-length data of a size corresponding to the communication capacity of the content transmitted from the telescript engine 18. For example, variable-length data is generated for each image in the case of a still image and for each display screen in the case of a moving image. This variable length data is digital data consisting of an arbitrary bit string. The random number acquisition unit 32 acquires a natural random number from the random number generation device 4 every time the content is oscillated. The encryption processing unit 33 generates a variable length random number sequence based on the variable length data and the natural random numbers. S for encryption
XAL / MBAL (described later) is used.

The logic circuit determines the exclusive OR of the individual bits of the content transmitted from the telescript engine 18 and the variable-length random number sequence generated by the encryption processing unit 33. By doing so, the content is stream-encrypted. This stream-encrypted information is used as transmission information. The communication control unit 35 sets communication with the personal computer 14 of each user, transmits the transmission information and notification information described below, and receives information transmitted from the personal computer 14 of each user.

[0129] The authentication processing section 36 is a processing section for performing user authentication when controlling user access and the like.
The master key cryptographic processing unit 37 stores the variable-length data used in the cryptographic processing unit 33 and the natural random number (in a case where there are a plurality of data), when the authentication result by the authentication processing unit 36 and the management server 69 of the member management center 12 is authentic. (Including the use order information) as a transmission master key, which is encrypted based on a key unique to the user, and the information obtained by the encryption is transmitted as notification information from the communication control unit 35 to the personal computer 14 of the user. Is sent to SXAL / MBAL (described later) is used for encryption.

The member management center 12 stores a database 70 in which the IDs of the users who are members and various types of member information for user authentication are classified and stored for each user.
Is installed. The management server 69 accesses the database 70, searches the stored information, performs user authentication, and transmits the result to the authentication processing unit 36 via the communication control unit 30 via the Internet 13.

The user's personal computer 14 has a CPU 60 as a control center and a ROM 6 in which programs are stored.
1, RAM 6 as a working area for CPU 60
2. EEP that can electrically erase stored data
A ROM 63 is provided. Further, an input / output interface 64 for ensuring signal consistency with the outside is provided. Note that a clock generation circuit, an address decode circuit, a power-on reset circuit, and the like are not shown.

A card reader / writer 66 is connected to the input / output interface 64, and exchange of signals with the user's IC card 65 is performed by the card reader / writer 6.
6, between the CPU 60 and the input / output interface 64. A floppy disk reader / writer 67 is connected to the input / output interface 64.
It is possible to read and write information on the floppy disk.

A hard disk reader / writer 68 is connected to the input / output interface 64 so that information can be read from and written to the hard disk. A keyboard 53 is connected to the input / output interface 64. When the user operates the keyboard 53, the operation signal is transmitted to the input / output interface 64 via the input / output interface 64.
Input to PU60. The CRT 52 is connected to the input / output interface 64, and a CRT display control signal is supplied from the CPU 60 to the CRT 52 via the input / output interface 64. A CD-ROM reader 68a is connected to the input / output interface 64,
The recorded information on the CD-ROM 68b can be read. The user agent 26 described above is recorded on the CD-ROM 68b. The user agent 26 is sold to the user from an agent manufacturer while being recorded on the CD-ROM 68b. The sales of the user agent 26 may be distributed and sold by an agent manufacturer via the Internet 13 instead of selling the user agent 26 in a form recorded on the CD-ROM 68b.

FIG. 14 shows an IC card 6 owned by the user.
5 is a diagram illustrating a control circuit and storage data of No. 5. FIG. The IC card 65 includes a CPU 91 serving as a control center, a ROM 92 storing a control program, and a CPU 91.
A RAM 93 as a working area, an EEPROM 94 capable of electrically erasing stored data, and an I / O port 90 for inputting and outputting signals to and from the outside are provided. The ROM 92 stores an OS (operating system) for the IC card 65.
This OS is a de facto world standard such as MULT
It is desirable to use an IC card general-purpose OS such as an OS (multi-application IC card general-purpose operating system).

Then, for example, in the EEPROM 94,
Various kinds of application software 95 are stored as needed. As application software, for example,
Various software such as credit, debit (automatic deposit withdrawal), mondex, access control, and various data such as an electronic certificate, knowledge data for an agent, and an electronic medical record can be considered. These various types of application software are configured so that they can be rewritten to other types of application software as needed.

The agent knowledge data 96 includes:
It is classified and stored as publicly available information NSI that does not require confidentiality and secret information SI that requires confidentiality. The publishable information NSI is, for example, the user's occupation, hobby, address, music preference, movie preference,..., The user's public key PKU, and the like. As the secret information SI, for example, the user's annual income, telephone number, preference of the opposite sex, educational background, savings amount, property,... This secret information SI is stored in a state where it is encrypted by the user-specific secret key SK1.

The user can use his / her own user agent 26
Is used, the user agent recorded on the CD-ROM 68b is read by the CD-ROM reader 68a, and the IC card 65 owned by the user is inserted into the IC card insertion slot 50 of the personal computer 14. Then, the agent knowledge data 96 is read, and the user agent 26 is operated with the user agent 96 holding the agent knowledge data 96. The user's profile information 96 performs an operation of rewriting and updating the occupation, address, and the like when a job change, moving, or the like is performed. Also, the user agent 26 does work for the user and provides the user with the result, and observes the user's reaction (satisfaction or dissatisfaction, etc.) to the provided result, and needs to perform the operation. If so, the user agent 26 itself updates or supplements the user's profile information 96. as a result,
As the user utilizes the user agent 26, the profile information 96 of the user becomes more suitable for the user, and the more the user agent 26 is utilized, the more the user performs a satisfactory job.

Further, the user agent 26 observes the reaction of the user who provided the result of the work (whether satisfied or dissatisfied, etc.), and obtained the user's profile information 96.
In addition, in the case where the so-called machine learning is applied to improve the program of the user agent 26 itself, the user agent 26 is referred to as EEPRO.
It must be stored in a rewritable storage medium such as M63.

In the profile information 96 of the user shown in FIG. 14, information such as which address information is stored at which address or in what data structure is unified worldwide. Format.

FIG. 15 is an explanatory diagram showing an outline of the SXAL / MBAL described above. In the illustrated example, 20-byte variable-length data, which is plaintext data, is encrypted using an 8-byte (64-bit) encryption key K to obtain a 20-byte variable-length encrypted sequence. In the figure, P, E, F, G, H, I, and C are data in each conversion process, and the subscript indicates the number of bytes. Fm is a cryptographic function.

Referring to FIG. 15, first, variable-length data P
The exclusive OR (exclusive OR) of the leftmost 8 bytes of the key and the expanded key KO is determined, and the result of the determination is converted by the function fm. Next, add 4 bytes at both ends and SX
Data is converted by AL, and the rest is left as it is. Subsequently, the order of the data is reversed, and after the data is converted by the encryption function fm, the order of the data is reversed. This is the cryptographic function f
The data is converted using m, the exclusive-OR (exclusive OR) of the leftmost 8 bytes of the converted data and the expanded key KI is determined, and the encrypted variable-length encryption string C is obtained.

In the present embodiment, since the encryption algorithm encrypts data or files of 16 bytes or more as one unit, it is possible to perform encryption in units of megabytes of large capacity. Decryption becomes extremely difficult because data is exchanged multiple times and encryption is performed, and it is impossible to correctly decode all information when encountering bit corruption or data tampering of about 1 bit in the information transmission form. Focusing on this point, this is used for ensuring security when transmitting large-capacity information at high speed. In particular, when bit corruption or data tampering of about 1 bit is encountered, the DES type encryption algorithm does not normally decrypt only the vicinity of the bit corruption or tampered portion or other portions at the time of decryption. Abnormality detection becomes extremely difficult. In contrast, SXAL
In / MBAL, since all parts are changed to abnormal information, it is extremely easy to detect the abnormal information. It is possible to respond quickly, such as requesting retransmission during communication and using a backup file stored in the case of a file. .

FIG. 16 is a flowchart showing the operation of transmitting apparatus 3 shown in FIG. In SF1, it is determined whether or not a content transmission command has been issued. If not, the process proceeds to SF14, and after performing user authentication processing, S1 is performed.
Return to F1. If there is a content transmission command from the telescript engine 18 during the circulation of the SF1 and SF14 loops as described above, the process proceeds to SF2, and the commanded content is already broadcasted. Is determined. In the case of the content that is already scheduled to be broadcast, since the broadcast date and time and the channel have been transmitted from the broadcast station 2 to the content provider 7, the broadcast date and time and the channel are transmitted to the user's personal computer 14 before the SF 1 Return to

On the other hand, if the content for which the transmission instruction has been received is a new content that is not yet scheduled to be broadcast, the process proceeds to SF4, and the transmission unit of the selected content, for example, variable length data corresponding to one frame Fs ('' 111... 1 ''). Next, the process proceeds to SF5, where the random number generator 4 outputs, for example, two natural random numbers (R
(1, R2) and performs an encryption process. Specifically, the variable-length data is encrypted by the above-described SXAL / MBAL using the first natural random number R1 as a key (encryption key) to generate an initial random number sequence kd0 (corresponding to the variable-length encrypted sequence C in the lower part of FIG. 15). . Next, the process proceeds to SF7, where the random number sequence KS (= kd1, k) is determined by exclusive OR (exclusive OR) determination of the corresponding byte of the initial random number sequence kd0 and the reference logical value 01h.
d2,... kdi) are generated.

Here, kd1 is the first byte of kd0 and 01
The result of the exclusive OR (exclusive OR) with h, kd2 is the result of the exclusive OR of the second byte of kd0 with 01h,. Further, the random number sequence KS is encrypted by SXAL / MBAL using the next natural random number R2 as a key (encryption key), and a new random number sequence RS (= rd1, rd2,.
rdn: variable-length encrypted sequence) (SF8). Here, rd1 is the encryption processing result of kd1, rd2 is the encryption processing result of kd2, rdn is the encryption result of data kdi whose data amount has been adjusted, and so on.

Then, the flow advances to SF9, where an exclusive OR condition between the random number sequence RS generated as described above and the transmission unit Fs is determined to generate transmission information RDn, and the flow advances to SF10.
The generated transmission information RDn is transmitted to the broadcasting station 2. The broadcasting station 2 receives the transmission information RDn, determines when and on which channel to broadcast the transmission information RDn, and returns the determined broadcasting date and time and the channel to the content provider 7. If there is a reply, a determination of YES is made by SF11, and the process proceeds to SF12, where the content NO. A process of storing the broadcast date and time and the channel by classifying each of them is performed. Next, the process proceeds to SF13, where the process of transmitting the broadcast date and channel to the user's personal computer 14 is performed, and then returns to SF1.

FIG. 17 is a flowchart showing a content reproduction processing operation by the user's personal computer 14, and is a specific flowchart of S20 shown in FIG. S
25, it is determined whether or not the variable length data and the random numbers (R1, R2) are stored. These two data are sent from the content provider 7 to the user's personal computer 14 as described later on condition that the user authentication is performed using the user's personal computer 14 and the appropriateness is determined. It is a thing. If these two data are not stored, the process proceeds to S26, and first, the user authentication process (FIG. 1)
After that, the process proceeds to S27.

In S27, the variable length data is encrypted by SXAL / MBAL using the first natural random number R1, and an initial random number sequence kd0 is generated. Next, the process proceeds to S28, and the random number sequence KS is determined by exclusive OR (exclusive OR) determination between the corresponding byte of the initial random number sequence kd0 and the reference logical value 01h.
(= Kd1, kd2,... Kdi). Next, S2
9, the random number sequence KS is converted to S by using the next natural random number R2 as a key.
A new random number sequence RS encrypted by XAL / MBAL
(= Rd1, rd2,..., Rdn). The initial random number sequence kd0 and the random number sequences ks and rs are the same as those described with reference to FIG.

The exclusive OR condition between the random number sequence RS thus generated and the received transmission information RDn is determined to generate a transmission unit Fs (S30), and the content is reproduced (S31).

FIG. 18 is a flowchart showing the user authentication process, and is a flowchart showing the specific operation of SFs 14 and S26 described above. This flowchart is a flowchart of each of the user's personal computer 14, the communication device 3 of the content provider 7, and the management server 69 of the member management center 12.

First, the user inserts his / her IC card 65 into the IC card insertion slot 50 of the personal computer 14. In this state, the user performs a card authentication by inputting a personal identification number or the like, and the process of S32 is performed on condition that the card authentication determines that the card is appropriate. In S32, the member ID stored in the IC card 65 is read, and the read member ID and the selected content N are read.
O. Is transmitted to the communication device 3 of the content provider 7. In the communication device 3, a process of relaying and transmitting the transmitted information to the management server 69 of the member management center 12 is performed by the SF 15. In the management server 69, the database 70
The member ID is transmitted with reference to the member management information stored in the server, and a random number is generated on condition that the validity is confirmed.
The process of transmitting as C is performed.

In the communication device 3 of the content provider 7,
The challenge code CC is relayed by the SF 16 and transmitted to the user's personal computer 14. User's PC 1
In S4, in S33, a process of calling the user's net key SK stored in the IC card 65, generating a response code RC using the key, and returning the same is performed. This process is a process of calculating RC = E _SK (CC) and returning the calculation result.

In the communication device 3 of the content provider 7,
The response code RC is relayed by the SF 17 and transmitted to the management server 69 of the member management center 12.

In the management server 69, the user is authenticated by the SH2 based on the transmitted response code RC to confirm the identity of the user. If the identity is confirmed to be appropriate, the communication device of the content provider 7 confirms the fact. 3 is returned. The processing of SH2 is specifically performed based on whether or not RC = D _SK (CC) holds. In addition, the net key SK is the member management center 1
2 and stored in the database 70 for each member ID, and the management server 69 stores the SK corresponding to the member ID.
And user authentication is performed using the search.

In the communication device 3 of the content provider 7 that has received the user authentication confirmation information, the variable length data KH and random numbers (R1, R2) corresponding to the content desired by the user are transmitted by the SF 18 to the user's net key SK. A process of encrypting and transferring the encrypted data to the user's personal computer 14 is performed. In the user's personal computer 14, in S34, the transferred information is decrypted by the net key SK, and the variable length data K1 and the random numbers (R1, R2) are reproduced and stored. This K1 and a random number (R
1, R2) are used in the processing after S27 shown in FIG. 17 described above.

FIG. 19 shows a control circuit for preventing unauthorized copying, for example, in which a user who has purchased paid content duplicates and distributes the content to other users. This control circuit is, for example, a personal computer 14 of the user.
It is built in. The user's personal computer 14 receives the pay content provided by the content provider 7 or the pay program broadcast by the broadcast station 2 and records the content on the hard disk 81 or the like. As described above, in the case of pay content, since the data is generally transferred as encrypted data, the personal computer 14 records the transferred data on the hard disk 81 in an encrypted state. The information read from the hard disk 81 is, as described with reference to FIG.
And the content is reproduced.

The content after decryption is provided with a control signal CCS (Copy C
ontrol Signal) is embedded as watermark information. In general, the watermark information can be read out by performing decoding using the MPEG2. This decoding means 81a
Is input to the MPEG2 decoder 82 and the decoded information is input to the digital watermark detector 83, whereby the control signal CCS as watermark information can be detected. Then, the CCS detected by the digital watermark detector 83 is input to the APS 86. This APS is, for example, Macrovision Co.
This is the Analog Protection System developed by rp., which performs copy protection processing.

The digital watermark detector 83 supplies the graphics module 84 with content data including watermark information, and the graphics module 84 converts the content data into NTSC (National Tetevison System) data.
m Committee) The signal is supplied to the encoder 85 and converted into an NTSC signal. And the NTSC signal is
It is supplied to RT52, TV16, VTR15 and the like.

The CCS applied to the APS 86 is a copy control signal such as "copy prohibited" or "copy once". The APS 86 operates in accordance with this signal to perform the copy prohibition according to the data contents of the CCS. Perform control.

FIG. 20 is an explanatory diagram showing an example in which information is exchanged between the content provider 7 and the third-party organization 8 or between the broadcast station 2 and the program-related data creator 11 using a wireless medium. is there. FIG. 20 shows a system using a so-called wireless local network WLL (Wireless Local Loop). The content provider 7, the third-party organization 8, the broadcasting station 2, and the program-related data creator 11 are provided with wireless devices 71, 72, 74, and 75, respectively. Then, as described above, the transmission of the user agent 26, the pay content, the third-party agent 29, and the like between the third-party organization 8 and the content provider 7 are performed using the WLL. 76, 7 in the figure
7, 78, 79, and 80 are WLL antennas.

Also, the broadcasting station 2 and the program-related data creator 1
The transmission of program-related data to / from 1 is also performed using WLL. In addition, 1 is a satellite and 5 is a satellite antenna.

The exchange of information between the third party organization 8 and the content provider 7 is performed because a large number of user agents, a large number of third party agents, and a large number of contents are transmitted and received in a relatively large amount. In addition, there is an advantage that by transmitting and receiving such a large amount of data using the WLL, the data can be efficiently transmitted and received.

FIG. 21 is a control circuit diagram showing another example for preventing unauthorized copying. This control circuit is also built in the user's personal computer 14, for example. The encrypted content data received by the user's personal computer 14 is recorded on the hard disk 81 as described above. In the encrypted content data, the aforementioned variable length data K1, random number R1,
R2 is embedded as watermark information in a state where it is encrypted with the above-described user's net key SK.

The encrypted content data recorded on the hard disk 81 is stored in the MPEG2 decoder 8.
2, where it is decoded and converted to a state where watermark information can be detected, and the data is converted to a digital watermark detector 8.
3 and E _SK (K1, R1, R
2) is detected and the CRT 52 and the TV 16 of the personal computer 14
Is input to On the other hand, the encrypted content data from the digital watermark detector 83 is transmitted to the graphics module 84.
Is input to the NTSC encoder 85 via the
The signals are given to the CRT 52, the TV 16, and the VTR 15 as signals. Since the NTSC signal is the NTSC signal of the encrypted content data, even if the NTSC signal is broadcast on the CRT 52, the TV 16 or the like based on the NTSC signal, only the video according to the encrypted data is broadcast. The image cannot be recognized by the user at all.

For example, by inserting the user's IC card 65 into the IC card insertion slot 50 of the user's personal computer 14, the user's net key SK stored in the IC card 65 is read by the personal computer 14, E _SK (K1, R1, R
2) is encoded from the user's net key SK to obtain K1, R
1 and R2, and decodes the NTSC signal using the data to obtain the NTSC signal for the normal content data.
The signal is converted into a signal, and based on the signal, control is performed so that an image is displayed by the CRT 52.

An IC card insertion slot is also formed on the TV 16,
By inserting the IC card 65 therein, the TV 16 decodes the NTSC signal as described above, converts it into an NTSC signal for ordinary content data, and broadcasts it.

With this configuration, the pay contents cannot be reproduced and broadcast unless the IC card 65 of the user who has purchased the pay contents is inserted into the personal computer 14 or the TV 16. Note that V
Since the IC card insertion slot is not formed in the TR 15, the data recorded in the VTR 15 is an NTSC signal for the encrypted content. And this VTR
When the NTSC signal corresponding to the encrypted content recorded in 15 is reproduced by the CRT 52 or the TV 16, the IC card 60 is inserted and decrypted as described above for reproduction and browsing.

According to another embodiment shown in FIG. 21, T
When the content is reproduced in V16, the function of the content reproduction processing shown in FIG. 17 is built in the TV16. Further, when reproducing the content on the CRT 52, the IC card insertion slot 50 of the personal computer 14
The C card 65 is inserted and reproduced. As shown in FIG. 21, the NTSC signal supplied from the NTSC encoder 85 to the CRT 52 is decoded.
The NTSC signal is decoded in the personal computer 14 and the decoded NTSC signal is transmitted to, for example, a TV 16 or a VTR 15.
It is configured not to output to

In another embodiment shown in FIG. 21, after performing the user authentication process shown in FIG. 18 to authenticate that the user is a proper user, variable length data K1
And the random number (R1, R2) encrypted with the user's net key SK are incorporated into the encrypted content data as watermark information, and the information is transferred to the user's personal computer 14 via the broadcast station 2 or the like. To

FIGS. 22 to 24 are diagrams showing another example of the control operation shown in FIGS.

FIG. 22 is a flowchart showing the operation of the communication device 3 of the content provider 7, and corresponds to FIG. A determination is made by the SF 19 as to whether or not a content transmission command has been issued. If not, the process proceeds to the SF 19a, performs a user authentication process, and returns to the SF 19.

When a content transmission command is received from the telescript engine 81, the process proceeds to SF20, where it is determined whether or not the content is scheduled to be broadcast, and the content is scheduled to be broadcast. In this case, proceed to SF21 and change the broadcast date and
4 and return to SF19. On the other hand, if there is a transmission instruction for new content that is not yet scheduled to be broadcast, the process proceeds to SF22, and a process of generating a random number RN having the same number of bits as the user's secret key SKU is performed. Generally, the number of bits of a secret key used in a public key cryptosystem such as RSA is 1024 bits.
Is also likely to be 1024 bits.

Next, the flow advances to SF23, where the selected content is stored in the same number of bits as the user's secret key SKU (for example, 1).
024 bits) and divided content A (= A
, A2,... An). SKU
When the content is divided into the same number of bits, the content generally has a fraction. In that case, the last divided content An is data having a bit number smaller than the bit number of the SKU. Next, the process proceeds to SF24, where an exclusive OR (exclusive OR) of the divided content A and the random number RN generated by the SF22 is calculated. In FIGS. 22 to 24, a symbol in which + is drawn in a circle is used as an exclusive OR, but a symbol (+) is used in the specification. The specific calculation content of SF24 is divided content A
, An, and an exclusive OR of each of the random numbers RN. Next, the process proceeds to SF25, and processing for transmitting the calculation result A (+) RN by SF24 to the broadcasting station 2 is performed. Broadcasting station 2 that receives this, A
(+) Determine the date and time and channel for broadcasting the RN, and return the determined date and time and channel to the content provider 7. If there is a reply, YE by SF26
S is determined, the process proceeds to SF27, and the content NO.
The process of storing the broadcast date and time and the channel for each class is performed, and the process proceeds to SF28. After the process of transmitting the broadcast date and channel to the personal computer 14 is performed, the process returns to SF19.

The last An (+) RN of SF24
If the divided content data An is a divided content having a smaller number of bits than the SKU due to a fraction,
Data of the number of bits of the divided content An is extracted from the head of the random number RN, and exclusive OR of the data and An is calculated.

FIG. 23 shows SF19a and S3 described later.
19 is a flowchart showing a specific operation of the user authentication process shown in FIG. 6, and corresponds to FIG.

First, the user inserts his / her own IC card 65 into the IC card insertion slot 50 of the personal computer 14 and performs card authentication in the same manner as described above. The user ID stored in the inserted IC card 65 is read, and the member ID and the selected content number are read. Is transmitted to the communication device 3 of the content provider 7. In the communication device 3, the transmitted information is relayed by the SF 19 and transmitted to the management server 69 of the member management center 12.
In the management server 69, the database 7 is
0, the member ID transmitted to the communication device 3 is determined by determining whether or not the member ID is appropriate. After confirming that the member ID is appropriate, a random number is generated and the challenge code CC is transmitted.
Send to

In the communication device 3, the transmitted challenge code CC is relayed by the SF 20 and transmitted to the user's personal computer 14. On the user's personal computer 14, S
39, the net key SK in the IC card is read,
A process of generating and returning a response code RC using the SK as a key is performed. That is, RC = E _SK (CC) is calculated and returned. The communication device 3 performs a process of relaying the returned RC by the SF 21 and transmitting the RC to the management server 69. In the management server 69, SH
According to 4, when the user is authenticated based on the transmitted response code RC and it is confirmed that the user is properly authenticated, a process of returning the fact is performed. That is, in SH4, CC = D _SK (R
It is determined whether or not C) is established, and the user is authenticated.

When the communication device 3 receives the confirmation information of the user authentication, the selected content is divided in the same manner as in SF23, and the divided content A (= A1, A2,...
Is transmitted to the management server 69. In the management server 69, by SH5, SKU (+) {I1 (+) (A1 (+) RN)} = A1 SKU (+) {I2 (+) (A2 (+) RN)} = A2 · SKU (+) ) {I (= I1, I2,... In) satisfying {In (+) (An (+) RN)} = An, and calculating E _SK
A process of transmitting (I) to the communication device 3 is performed.

Here, I1, I2,... In are data having the same bit number (for example, 1024 bits) as the bit number of the divided content of A1, A2,. If An has a smaller number of bits than usual due to a fraction, In also has a smaller number of bits corresponding to An. .. In can be calculated relatively easily. For example, when the most significant bits of SKU, A1, and RN are both "1", 1 (+) {most significant bit of I1 (+) (1 (+) 1)}
= 1, and the most significant bit of I1 naturally becomes “0”. If the bit next to the most significant bit of SKU is 0 and both the bits next to the most significant bit of A1 and RN are 1, then 0 (+) ｛the next bit of the most significant bit of I1 Bit (+) (1
(+) 1)｝ = 1, and the bit next to the most significant bit of I1 naturally becomes “1”.

In the communication device 3, upon receiving E _SK (I), SF
23, a process of relaying the data to the user's personal computer 14 is performed. In the user's personal computer 14, in S40, a process of decrypting the received information with the key SK, that is, a process of calculating T _SK {E _SK (I)} to reproduce and store I is performed. In this embodiment, the member ID is stored in the database 70 of the member management center 12.
The secret key SKU of the member (user) is stored for each category. The secret key SKU is stored in the database 70 in a state where confidentiality can be maintained, and is configured so that only a limited operator of the member management center 12 can access the SKU by the management server 69.

FIG. 24 is a flowchart showing the operation of the user's personal computer 14, and corresponds to the flowchart shown in FIG. First, at S35, I (=
I1, I2,... In) are determined. At the stage where the user authentication shown in FIG. 23 is completed, since I is stored in the user's personal computer 14 (see S40), a determination of YES is made in S35 and the process proceeds to S37, but I is not stored yet. S in case
Proceeding to S36, after performing the user authentication process shown in FIG. 23, proceeding to S37. In S37, A = SKU (+) ｛I1 (+) (A1 (+) RN｝ + SKU (+) ｛I2 (+ ) (A2 (+) RN} + SKU (+) {I3 (+) (A3 (+) RN}: + SKU (+) {IN (+) (AN (+) RN} Processing is performed.

In this alternative embodiment, as shown in S37, to reproduce the content A, an SKU, which is the user's secret key, is required. That is, the process of decrypting the encrypted content using the user's secret key SKU is an essential process for reproducing the content A.
As a result, in order for a user other than the user who has purchased the encrypted content to decrypt the encrypted content and play back the content A, the encrypted content is encrypted using the secret key SKU of the authorized user who purchased the encrypted content. The encrypted content has to be decrypted, and the content A cannot be obtained unless the IC card 65 is obtained from an authorized user. Therefore, security is improved.

The other embodiment of FIGS. 22 to 24 will be briefly described in another expression as follows.

The content created by the content provider 7 is assumed to be A, and the content provider 7 encrypts the pay content A with a key RN including a random number or the like to obtain E.
_RN (A) is calculated and broadcast from the broadcast station 2. The content provider _{7, D SKU [D I {E} RN
(A) Generates a key I that satisfies｝] = A, encrypts it with the key SK, and sends it to the user's personal computer 14 via the Internet 13 or the like.

[0186] The user receives the E
_RN (A) is received from the content provider 7 and decrypted with the reproduced key I, which is further decrypted with its own secret key SKU. As a result, the content A can be obtained.

If an algorithm for encrypting and decrypting using such keys as RN, I, and SKU is used as an RSA public key cryptosystem or an algorithm of so-called elliptic curve cryptography, D _I ｛E _RN ( A)｝ = E _PKU (A) holds. Therefore, I that satisfies this equation is assigned to the content provider 7
Is calculated and transmitted to the user's personal computer 14, it suffices to generate I.
KU is sufficient and the user's private key SKU is not required.

Next, modifications and features of the above-described embodiment will be enumerated below. (1) In the above-described embodiment, the CM produced by the CM producer 10 is superimposed with the program-related data produced by the program-related data producer 11 and broadcasted. Discloses an invention of a CM cut browsing prevention system for preventing inconvenience of browsing and viewing only a program portion.

The present invention relates to an advertising system (advertising method) in which a commercial message is inserted between contents for allowing a user to view the content and the advertisement is inserted, to which the invention belongs.

[0189] A publicly known advertising system (advertising method) is generally known in the art. A commercial message (CM) is inserted between television programs and the like and broadcasted from a broadcasting station. In some cases, the advertisement is broadcasted on (television) and the commercial is viewed to advertise the sponsor of the commercial or the product of the sponsor.

On the other hand, in recent years, VTRs (video tape recorders) have become widespread in the homes of users, and programs including commercials broadcast by broadcasting stations are temporarily recorded on the VTRs and the like, and are reproduced at a later date to reproduce TV or TV. The number of recording / reproducing browsing of browsing on a personal computer or the like has increased.

As a result, C inserted between programs
Since M is a portion corresponding to extravagance to the user, CM cut browsing in which only the CM portion is cut and only the program portion is reproduced and viewed is expected to increase.

[0192] If the number of browsing the CM cuts increases, there is a possibility that the sponsor of the commercial broadcast program cannot expect the profit from the commercial broadcast, and the commercial broadcast formed by the sponsor becomes collapsed.

That is, the conventional advertising system (advertising method)
However, since the user cuts only the commercial message inserted between the contents for allowing the user to view the content and browses only the content, there is a disadvantage that the profit by inserting the commercial message cannot be expected.

The invention of this advertising system has been conceived in view of such circumstances, and its purpose is to prevent a user from viewing the aforementioned CM cut as much as possible.

As a means for achieving this object, the invention of this advertisement system is an advertisement system in which a commercial message is inserted between contents for allowing a user to view the advertisement and the advertisement is carried out. And a simultaneous broadcasting means for simultaneously broadcasting the commercial message with content related information created by a creator who creates content related information related to the content into which the content is to be inserted.

As a result of employing such a means, content related information relating to the content into which the commercial message is inserted is broadcast simultaneously with the commercial message. Since a user who is interested in the content desires to browse the content-related information as well, browsing the content-related information results in simultaneously browsing a commercial message. Therefore, it is possible to prevent browsing only the content by cutting the commercial message as much as possible.

[0197] The simultaneous broadcasting means includes content-related information (a homepage for exchanging opinions of a program or a message for calling attention to an important point of a program) related to the content (program) into which the commercial message is to be inserted. Superimposing means (SE1, SE2) for superimposing the content-related information produced by the producer (program-related data producer 11) producing the program (explanation of technical terms appearing in the program) with the commercial message; And broadcasting means (SE3, SD3 to DS9, broadcasting station 2, personal computer 14, or TV 16) for broadcasting a commercial message in which the content related information is superimposed by the content.

The superimposing means may be a conventional well-known superimposing means such as a character creating device for displaying, as character information, an extraordinary news message indicating that an earthquake or the like has occurred during the broadcast of a television program. In the present embodiment, the superimposing means is provided at the CM creator 10, but may be provided at the broadcasting station 2 instead. In this case, the program-related data produced by the program-related data
And broadcasts the broadcast message by superimposing the program-related data on the commercial message broadcast at the broadcast station 2.

Further, the invention which achieves the object of preventing the commercial message cut browsing described above may have the following means.

[0200] An advertising method in which a commercial message is inserted between content items that the user wishes to view, and the advertisement is performed, wherein content-related information related to the content item into which the commercial message is to be inserted is generated. Content-related information generating step, a superposition step of superimposing the content-related information and the commercial message generated by the content-related information generating step, and the commercial message in which the content-related information is superimposed by the superimposing step. A broadcasting step of broadcasting between contents.

The program-related data creator 11 described above uses FIG.
The content-related information generating step is constituted by an explanation part for producing program-related data as shown in FIG. The polymerization step is constituted by SE2. SE3, SD3 to SD9, broadcasting station 2, S1
The broadcast step is constituted by 3 to S16.

(2) In the above-described embodiment, the invention is disclosed in which a commercial message that is considered to be preferred by a user is searched and the user is broadcasted and viewed. The technical field of the present invention relates to an advertising system (advertising method) for advertising to a user by a commercial message.

[0203] In this type of advertising system (advertising method), for example, a CM creator produces a commercial message for a sponsor of a commercial broadcast program, which is generally known. The message is provided to the broadcasting station and is broadcast in a state inserted between programs. The user receives a desired broadcast from a broadcast program, browses the broadcast on a TV or a personal computer, and broadcasts a commercial message inserted during the browsing, thereby advertising the sponsor to the user. I was

However, in this type of conventional advertising system (advertising method), the CM creator unilaterally sponsors the CM.
Has been created, and a CM unilaterally produced is broadcast from a broadcast station regardless of whether the user likes it or not. As a result, for the user, the user browses a commercial of a product that is completely uninteresting or a commercial that is almost unrelated to the user. For example, advertising a beer to a user who does not accept alcohol is not only useless for the user but also has no effect on the sponsor.
Will be. As described above, the conventional advertising system (advertising method) has a disadvantage that both the user side and the sponsor side have little waste and little profit.

The present invention has been made in view of such circumstances, and an object of the present invention is to minimize waste on both the advertiser side and the user side.

[0206] As means for achieving this object, the present invention is an advertising system for advertising to users by means of commercial messages, which classifies users into a plurality of types of attributes and, for each category, a user belonging to the category. A commercial message storing means for storing a commercial message produced only for a target, and a commercial message stored in the commercial message storing means for a user agent holding the profile information of the user as knowledge and working for the user. And a commercial message providing means for providing a commercial message retrieved by the searching means to a user who owns the user agent.

As a result of adopting such means, a commercial message is produced for each of the users classified into a plurality of types of attributes, targeting only the users belonging to the classification, and the user agent generates a commercial message of such a plurality of commercial messages. Commercial messages that the user may like from among them are searched for, selected, and provided to the user. As a result, a detailed commercial message suitable for the user can be provided for each user, and waste of unnecessary commercial messages provided to the user can be prevented as much as possible.

The database 56 constitutes a commercial message storage means for classifying users into a plurality of types of attributes and storing commercial messages produced only for the users belonging to the classification for each classification. . The telescript engine 5
7 constitutes a search means which holds the profile information of the user as knowledge and causes the user agent 26 working for the user to search for the commercial message stored in the commercial message storage means. SA76 to SA80, SA89 to SA9
3, Internet 13, broadcasting station 2, S2, S11-S
The commercial message providing means 16 provides the commercial message retrieved by the retrieval means to the user who is the owner of the user agent.

As a specific example of classifying the user into a plurality of types of attributes, for example, the user is classified into age, gender, learning level, occupation, user consumption trend, user's various tastes, and the like. Classification is conceivable. The broadcast time of a commercial message inserted between contents such as programs is, for example, 20 seconds, 40 seconds, 6 seconds.
A plurality of types of broadcast time, such as 0 seconds, 80 seconds, and 100 seconds, are standardized in advance, and a plurality of commercial messages stored in the commercial message storage unit are also formed by combining one message or a plurality of messages. By being broadcast, it is made to have a length that just fits in the standardized time.

On the other hand, when a program including a commercial message is broadcast from the broadcasting station 2, data for specifying the broadcast time of the commercial message is broadcast immediately before switching from the program broadcast to the commercial broadcast. On the user side, the personal computer 14 or the like receives information specifying the broadcast time of the commercial message, and switches to the commercial message searched by the user agent for the commercial message broadcast time specified based on the information, and broadcasts it.

[0211] On the other hand, the user may view a program other than the program selected and reserved by the user agent in advance, and in order to cope with such a case, a commercial message for all sponsors of the program to be broadcasted on the day is prepared in advance by the user agent. Finds the user's personal computer 14
May be stored in a hard disk or the like.

It is desirable that a plurality of types of commercial messages are searched for and stored for one sponsor, and that the plurality of types of commercial messages are alternately broadcasted so that the user is not bored.

On the other hand, a commercial message that the user does not need at all, for example, a commercial message such as beer or whiskey for a user who does not accept alcohol at all, is not searched by the user agent. As a result, an unfair situation arises for such a user, in that the sponsor is sponsoring the program that the user is watching, but the commercial message of the sponsor is not broadcasted to the user at all. Therefore, it is desirable to provide an adjusting means for adjusting the number of broadcasts of commercial messages between sponsors to be equal, for example, within a certain area.

As a method of broadcasting commercial messages using the satellite broadcast shown in FIG. 1, for example, a satellite broadcast that broadcasts only commercial messages one after another is established over one channel or many channels.
The user agent accesses the commercial message storage means and transmits to the user's personal computer data identifying the date and time and the channel on which the commercial message searched and selected is broadcast by satellite broadcasting. The user's personal computer 14 tunes to the transmitted channel when the transmitted date and time comes, catches the broadcast radio wave, and stores a commercial message as the broadcast content on a hard disk or the like.

At the stage where the user agent retrieves the commercial message for almost all sponsors and stores it on the hard disk or the like of the user's personal computer 14, thereafter, only when a new commercial message is produced for a given sponsor, When the user agent searches for a new commercial message and determines that it is necessary, the commercial message is stored in the hard disk of the personal computer 14 of the user. Also, a commercial message deleted for an old sponsor is deleted from the hard disk of the personal computer 14 if the commercial message is stored in the hard disk.

In this case, each time a newly created and newly stored commercial message or an old and deleted commercial message occurs in the commercial message storage means, the commercial message is stored in the user's personal computer 14 using, for example, a push technique. To that effect. The user's personal computer 14 updates the storage contents of the hard disk based on the transmitted information.

Further, when the user agent 26 wants to obtain more detailed data on the commercial message searched, the WWW of the commercial message is accessed so that the user can access a predetermined WWW server via the interface 13 and obtain it. It is desirable to transmit the server address to the user's personal computer 14. The address data of the WWW server is transmitted, for example, by using satellite data distribution / broadcasting or by data multiplex broadcasting using terrestrial waves for television broadcasting.

(3) In this embodiment described above, FIG.
As shown in FIGS. 2 to 24, a system (or method) for ensuring the security of information such as pay contents is disclosed.

The present invention relates to a security system (or a method for ensuring security) for information provided by an information provider to an information requester in the technical field to which the invention pertains.

As techniques for securing this kind of security, those generally known in the art include, for example,
When a pay content is purchased by a certain user, the pay content is encrypted and, for example, a broadcast station broadcasts the encrypted content. The user who purchased the encrypted content is notified of the broadcast date and time and the channel of the encrypted content in advance, and the user receives the broadcast of the encrypted content and transmits the encrypted content to a VTR or the like. Record. Then, a pay content provider distributes a key for decrypting and playing back the encrypted content to an authorized user who has purchased the pay content. The authorized user decrypts the encrypted content recorded on the VTR or the like using the distributed key, and reproduces and browses the content.

In the case of such a conventional technique, since the encrypted content is broadcast over a wide area by radio wave media (wireless media), many other users besides the regular users who paid for the paid content are used. Can receive encrypted pay contents. When many other users other than such authorized users receive and record the above-described encrypted pay content, the key for decrypting the encrypted content delivered from the content provider is thereafter used. By simply obtaining the decryption key (hereinafter simply referred to as a decryption key) by any method, the encrypted content can be decrypted and reproduced for viewing. As a result, there is an inconvenience that a large number of users who do not pay the fee for the pay content can reproduce and view the pay content.

Then, the decryption key FK is encrypted with the public key PKU of the legitimate user who has paid the fee, and
It is conceivable that the information is distributed to the authorized user via the Internet or the like in the form of a _PKU (FK). In that way, even if many other users intercept this E _PKU (FK), the secret key SK of the legitimate user who paid the fee
Unless it has U, it cannot be decrypted to reproduce the decryption key FK, and security seems to be maintained for the time being.

However, all members of a group receive the broadcast of the encrypted content data, and one of the members pays a fee as a representative and receives E _PKU (FK).
_Decrypted with the secret key of the representative and D _SKU ｛E _PKU (F
K) When the FK is reproduced by calculating｝ and the FK is distributed to all the other members of the group, a large number of people browse the encrypted content data despite paying only a charge for one person. It is possible to do.

The present invention has been conceived in view of the above circumstances, and has as its object to prevent unauthorized use of information by unauthorized persons having authority to use information such as pay contents. It is to be.

In order to achieve such an object, the present invention employs the following means.

A method for ensuring security of information provided by an information provider to an information requester, wherein the information provider converts the information in accordance with an algorithm using a first key, A conversion information providing step of providing the conversion information converted by the conversion step to the information requester side; a second key generation step of generating a second key on the information provider side; The second key generated by the key generation step
And a second key providing step of providing the key to the information requester side, wherein the second key generation step complies with an algorithm using the second key for the conversion information. The second process, which is defined so that the information can be reproduced on condition that a conversion process and a conversion process according to an algorithm using a secret key of the information requester are performed.
A method for ensuring security of information, characterized by generating a key for the information.

As another means for achieving the above-mentioned object, the present invention may employ the following constitution.

A security system for information provided by an information provider to an information requester, wherein the information provider converts the information in accordance with an algorithm using a first key, and the conversion means Conversion information providing means for providing the conversion information converted by the above to the information requester side, second key generation means for generating a second key on the information provider side, and the second key generation means And a second key providing means for providing the second key generated by the second key to the information requester side, wherein the second key generating means uses the second key for the conversion information. A second algorithm defined to be able to reproduce the information on condition that a conversion process according to a certain algorithm and a conversion process according to a certain algorithm using a secret key of the information requester are performed. And generating the key, the security system for the information.

As a result of the present invention employing such means,
When decrypting and reproducing the encrypted information, it is necessary for the information provider to perform a conversion process using a secret key of a legitimate information requester, which is a partner to provide the information. As a result, in order to decrypt and reproduce the encrypted information, the secret key of the legitimate information requester must be obtained. However, a secret key is a property that must be kept confidential, and it is unlikely that a private key will be lent out and used without permission. Therefore, it is generally unlikely that a person other than the legitimate information requester obtains the secret key from the legitimate information requester, and a person other than the legitimate information requester decrypts the encrypted information. Can be prevented as much as possible.

[0230] The second key generation step (second key generation means) performs the information request after the conversion information is subjected to a conversion process according to an algorithm using the second key. It is desirable to generate the second key defined so that the information can be reproduced on condition that a conversion process is performed according to a certain algorithm using a secret key of the party.

According to the SF22 to SF24, the information provider (contents provider 7) uses a first key (random number RN) to convert the information in accordance with an algorithm (exclusive or) using a first key (random number RN). Means). SF25 to SF2
8, broadcasting station 2, S7, S23, S8, S24, S2, S
The conversion information providing step (conversion information providing means) for providing the conversion information (A (+) RN) converted by the conversion step (conversion means) to the information requester (user) side is constituted by 11 to S16. ing.

By the SH5, the information provider side generates a second key (second key generation step) for generating a second key.
Key generating means). SH5, SF23, the second key generation step (second key generation means)
A second key providing step (second key providing means) for providing the second key generated by the above to the information requester side.

The second key generation step (second key generation means) uses the second key (I1, I2,... In) for the conversion information (A (+) RN). The condition is that a conversion process according to a certain algorithm (exclusive or) and a conversion process according to a certain algorithm (exclusive or) using the secret key (SKU) of the information requester are performed. The second key (I1, I2,
.. In).

(4) In this embodiment described above, FIG.
As described based on No. 1, an invention for preventing unauthorized copying of information is disclosed.

The present invention aims at preventing unauthorized copying, and employs the following means to achieve the purpose.

Key information for decrypting the encrypted information is embedded in the encrypted encrypted information, and key reading means (MPEG2, decoder 82, digital watermark detection Device 83) and decryption means (IC card 65, TV 16, personal computer 14) for decrypting the encrypted information using the key read from the key read means and reproducing the information, and the decryption means comprises And an output device (TV16, C16) that outputs the reproduced information so that the user can recognize it.
It is built in the personal computer 14) having the RT 52.

(5) The IC card 65 may store not only the agent knowledge data but also the program of the user agent 26 itself. In such a configuration, the knowledge data for the agent and the program of the user agent itself are always carried by the user.
Since the agent knowledge data is recorded on the card, the possibility that the agent knowledge data is peeped by another person is reduced, and the inconvenience of using the user agent by another person can be prevented as much as possible. In addition, when the user wants to utilize his or her own user agent using a personal computer installed in the office or the like at work, it becomes possible by inserting the IC card 65 carried by the user into the personal computer. There is no need to have the personal computer 14 at home send a user agent program and agent knowledge data. IC card 6
The EEPROM 94 of No. 5 constitutes agent knowledge data storage means for storing agent knowledge data. The EEPROM 94 of the IC card 65 constitutes an agent program storing means for storing an agent program. The agent program stored in the agent program storage means is an agent that works for the owner of the IC card.

In place of SXAL / MBAL shown in FIG. 15, RSA public key cryptosystem or elliptic curve cryptosystem may be used.

Radio devices 71 and 72, antennas 76 and 77
Thus, a wireless media-based information communication means for exchanging information between a content provider and a third party using a wireless media is configured.

According to S22, S22a and S22b,
A third party to authenticate that the person who has accessed is a third party established to handle a specific task that requires neutrality that is unsuitable for one or both parties Institution authentication means is configured. Said S
15 constitutes a commercial message editing means for editing by replacing a commercial message inserted and broadcast between programs with a commercial message searched by a user agent. S16 constitutes a switching broadcasting means for switching and broadcasting a commercial message inserted and broadcast between programs to a commercial message searched by the user agent.

The SA10 constitutes a destination schedule registration means for registering a destination schedule of the user agent. The SA45 constitutes a dispatch request processing means for performing a process for making a dispatch request to a third party agent. SA49 constitutes a third party moving means for moving the user agent to the third party.

SA68 to SA72 constitute purchase procedure means for performing a purchase procedure by the user agent. The purchase procedure means includes digital signature means (SA70, SA71, SA72) for digitally signing a user for the purchase procedure. This digital signature means has a function of double-signing order information that can specify a purchase target and a payment instruction that can specify a payment method. SB20 to SB27, SB4 to SB31
Constitutes a digital signature generating means for generating the digital signature of the user. This digital signature generation means has a function of generating the double signature.

The SA 73 and SA 74 constitute a destination selection moving means for moving the user agent by searching for a place where a clone of the user agent is not already resident and searching for a place where the clone is not resident. SA
81 to SA83 and SA88 to SA92 constitute a user agent resident evaluation means for evaluating a commercial message when a new commercial message is produced by resident a user agent.

When a user agent or the like moves to a foreign site or the like, the site may need to check which country's agent has moved. Just as a human would need a visa (entry permit) to go abroad, an agent would check the equivalent of a visa (entry permit) and enter the agent It is desirable to determine whether or not to permit.

Therefore, the agent has nationality proof data for checking in which country the user or agent works for the agent who has accessed. The nationality certificate data is issued to the agent who intends to go abroad by the nationality certificate issuing organization including the third party described above. The public key of the agent and the private key as necessary are registered with the nationality certificate issuing organization, and the nationality certificate issuing organization uses the public key or the private key to confirm the identity of the agent. After that, a nationality certificate is issued to the agent. Then, when the agent accesses a foreign site and attempts to move to the site, the site uses the public key or secret key of the agent to confirm the identity of the agent, The agent checks the nationality certificate held by the agent to determine whether to permit access.

On the other hand, instead of issuing a nationality certificate, an entry permit may be issued to the agent, which states that the agent may enter a foreign country to which the agent intends to move. In such a case, as described above, an immigration certificate issuing organization consisting of a third party, etc. performs identity verification of the agent using the registered public key and private key, and then Issue immigration certificate to agents.

As described above, the user agent 26
In this embodiment, the public key and the private key stored as knowledge are used as the public key and the secret key of the user of the user agent 26. Instead, the public key and the private key of the user are replaced with the public key and the private key of the user. Different public keys and secret keys may be stored in the user agent 26 or the like. By doing so, when the user agent 26 performs the digital signature or the like, the user agent 26 can later determine whether the user has performed the digital signature or the user agent has performed the digital signature. As described above, when the key between the user and the agent is made different, the key registration authority that registers the public key or the secret key is provided with the user's public key or secret key and the public key or the secret key of the agent. It is desirable to register them in association with each other.

In the above-described embodiment, the third-party agent monitors whether or not one or both of the parties is illegal in performing the requested work. Of the third party agent patrols on the network and patrols the user agent or the agent on the place visited by the third party agent for monitoring. Monitoring for illegality may be performed.

The agent's past work history data, such as which site the user agent visited in the past and what work was performed for whom, etc., may be stored in the agent. If you do that,
When distributing tasks using a so-called contract net, the manager can determine which contractor (agent) is suitable for executing the task based on the work history data, and the suitable contract Bid (direct)
ed-award). Note that the contract net is a model for dividing a problem through negotiation of a number of processing modes and assigning a sub-problem (this is called a task) to each mode.

[0250]

Specific Examples of Means for Solving the Problems The parties are constituted by the content provider 7 and the user, or the CM creator 10 and the user. SA44, SA47
Thus, a specific work determination unit that determines that a specific work requiring neutrality that is unsuitable for one or both of the parties has occurred has been configured. A third-party agent 29 and a third-party resident agent 28 constitute a third-party agent that is neutral to both parties. This third party agent is not limited to an agent operated and managed by the third party organization 8, for example, working on the same place in the telescript engine where the agent of said party works. This third party agent may be configured by another agent.

The above-mentioned SA45, SA64 or SA49-
SA53 or SA60 or SA69, SA70 constitutes a job requesting means for requesting the third party to have a neutral third party agent for the specific job according to the judgment result of the specific job judging means. The job requested by the job requesting means is executed by the third party agent on behalf of the third party agent (flow charts shown in FIGS. 7 and 8). The third party 8 constitutes a third party established to handle the specific job. Then, the third party agent (third party agency agent 29, third party agency resident agent 2)
8) is an agent operated and managed by the third party organization and developed to perform the specific job.

The user agent 26 and the destination agent 27 constitute party agents working for each of the parties. The specific work determination means is configured to, when the party agents are operating in cooperation with each other, perform selfish actions (for example, illegal take-out of pay contents or false pay contents) in which the party agents are advantageous to their own positions. Is evaluated, it is determined that the specific work has occurred.

The database 19 constitutes content storage means for storing paid content. The content provider 7 constitutes a content provider that provides the content stored in the content storage means. The user who resides in the user home 17 constitutes a user who wants to search whether or not there is content to be obtained in the content provided by the content provider. Then, the specific work determination unit determines that the user agent (user agent 26) of the party agents desires to search for the pay content stored in the content storage unit (YES determination is made by SA43). Is determined), it is determined that the specific work has occurred.

Further, the third party agent monitors the function (SC6, S6) for monitoring whether or not one or both of the parties is illegal through the execution of the requested work.
C18).

The above-mentioned SA43, SA44, SA67, SA
58 constitutes a specific task determination step for determining that a specific task requiring neutrality unsuitable for one or both of the parties has occurred. SA4
5, SB1, SB5, SB6, SA49, SA50, S
B7 to SB9 constitute a third-party agent procurement step of procuring a third-party agent having neutrality for both of the parties. SA45, SA
46, SA64, SA49 to SA53, SA69, SA
70, SA60, when the specific work determination step determines that the specific work has occurred,
A job requesting step of requesting the third-party agent procured in the third-party agent procurement step for the specific job. Then, the third party agent requested in the job requesting step executes the requested specific job (flow charts shown in FIGS. 7 and 8).

The telescript engine 22 and the database 23 constitute an agent providing device for providing a third-party agent. The database 23 constitutes an agent storage unit that stores a plurality of types of third-party agents. If a request is made by the telescript engine 22 to perform work on behalf of a third party agent on behalf of the third party agent, a third party of a type corresponding to the third party agent to be represented. An agent search providing unit configured to search and provide an agent from the third party agent stored in the agent storage unit is provided.

[0257] An agent working for the user side by the user agent 26, that is, a user side agent composed of a mobile agent that moves and operates on the network. The content provider 7 constitutes a service provider responding to the user's request. The transfer destination agent 27 constitutes a trader agent working for the service trader. The computer 22a having the place 25 of the third-party organization 8 functions as a working area for the user-side agent, and forms a working area for keeping secret that can prevent leakage of secret.

The user agent stores the secret data (secret information SI) to be kept secret as the knowledge in a form (encrypted form) in which the confidentiality can be maintained. When it is necessary to use the confidential data when performing work (when a determination of YES is made in SA44), the user-side agent moves to the confidential working area (SA49). Release the confidentiality of the secret data in the confidential working area (SA50,
SA51) to perform the task.

The user agent encrypts and holds the secret data (see FIG. 14). Then, after the user-side agent moves to the confidential working area, the encrypted secret data can be decrypted and reproduced (SA50, SA51).

Further, the user-side agent does not have the decryption key (SK1) used for decrypting the secret data, and after moving to the secret-keeping working area, the user-side agent stores the decryption key (SK1) in the secret-keeping working area. The decryption of the secret data using the obtained decryption key is enabled (SA50, SA51, SC2, SC11, SC1).
2).

The secret data includes a secret key (SKU) for authenticating the identity of the user (see FIG. 14).

The CD-ROM 68b or the IC card 65 records an agent program which is used in a multi-agent system in which agents having independent knowledge operate in cooperation with each other and which works for one of the parties. Recording medium.
The program recorded on this recording medium is transmitted to a computer by a first meeting with the other agent of the party.
Meeting means (SA32, SA45, SA55, SA6
0, SA62, SA68, SA72) and a third party agent (third party) that has neutrality with respect to both parties in the event that a specific task occurs that is unsuitable for both parties to perform. Agency resident agent 28,
Second meeting means for meeting with the third party agent 29) (SA50, SA51, SA64, SA70)
Required information notifying means (SA64, SA70, SA51) for notifying the third-party agent of information (user profile information 96, etc.) necessary for the third-party agent to execute the specific work on behalf of the third-party agent. ).

Another example of a specific task that requires unneeded neutrality for one or both parties to perform is arbitration in the event of a conflict where the agents of the parties are in conflict, or which agent is the correct Or a third party certifying that one or both of the party agents are indeed the correct party agent. In other words, this specific task covers all tasks that require neutrality that are difficult or impossible for the parties alone to solve.

[0264]

The effect of the concrete example of the means for solving the problems.
With respect to, while maintaining neutrality, a neutral third-party agent will perform certain tasks on behalf of one or both parties that require neutrality that is unsuitable for both parties. Performs specific tasks.

With respect to claim 2, in addition to the effect of claim 1, the third-party agent is managed by a third-party organization established to process the specific job, and Since the agent is developed to perform the following, a more neutral agent can be expected to be executed by a more neutral agent for the parties.

Regarding claim 3, in addition to the effect of claim 1 or claim 2, the specific job is generated when there is a possibility that the agent concerned may perform a selfish operation that is advantageous to his own position. Since the judgment is made that the third party agent performs the proxy execution, it is possible to minimize the inconvenience caused by the selfish operation of the third party agent.

Regarding claim 4, in addition to the effect of claim 3, when the user agent desires to search for the paid content stored in the content storage means, it is determined that a specific job has occurred, and Since the three-party agent substitutes for the specific job, it is possible to minimize the inconvenience that the user-side agent searches for the pay content and steals the pay content without paying the fee for the pay content.

Regarding claim 5, claims 1 to 4
In addition to the effect of any one of the above, the third party agent has a monitoring function to monitor whether one or both of said parties is illegal through the performance of the requested work, If there is illegality on both sides, it can be monitored.

With regard to claim 6, when there is a request to perform a job by a third-party agent on behalf of the party agent, a request of a type corresponding to the party agent to be delegated is made. In order for the three-party agent to be retrieved and provided, a suitable agent that is similar to the third-party agent can be appointed as the third-party agent to perform work on behalf of the third-party agent.

With respect to claim 7, when a specific task requiring neutrality unsuitable for one or both of the parties occurs, the third party agent having neutrality with respect to both of the parties is provided with the specific information. It is possible to provide a recording medium on which a program capable of performing a job on behalf of the computer is recorded.

With regard to claim 8, when a specific job which is unsuitable for one or both of the parties to perform is performed, a third-party agent having a neutrality for both parties is procured. The third party agent can perform the specific task on behalf of the third party agent.

According to the ninth aspect, when a user agent constituted by a mobile agent moves on a network and performs work, if the user agent needs to use secret data, The agent moves to the working area for confidentiality and releases the confidentiality of the confidential data, thereby enabling the execution of the work, and performing the work using the confidential data while preventing the leakage of the confidential data. Becomes

According to the tenth aspect, in addition to the effect of the ninth aspect, even if the user-side agent moves and operates on the network because the user-side agent has the secret data encrypted and held. Leakage of the secret data to others can be prevented as much as possible.

According to the eleventh aspect, in addition to the effect of the tenth aspect, since the user side agent does not have a decryption key used for decrypting the secret data,
Even if the encrypted secret data is known to another person when the user-side agent moves and operates on the net, it is possible to prevent a decryption key for decrypting the encrypted secret data from being known to another person. Thus, leakage of the secret data can be more reliably prevented.

According to the twelfth aspect, in addition to the effects of the ninth to eleventh aspects, the secret data held by the user agent includes a secret key for authenticating the identity of the user. By moving into the working area for maintaining confidentiality, it becomes possible to authenticate the user by using the secret key, and it is possible to allow the user agent to perform a more advanced user's proxy work. .

[Brief description of the drawings]

FIG. 1 is an explanatory diagram for explaining search and distribution of information.

FIG. 2 is an explanatory diagram for explaining operations of various agents.

FIG. 3 is a flowchart illustrating a control operation of the personal computer.

FIG. 4 is a flowchart illustrating an operation of a user agent.

FIG. 5 is a flowchart showing the operation of the user agent.

FIG. 6 is a flowchart showing the operation of the user agent.

FIG. 7 is a flowchart showing the operation of a resident agent of a third party organization.

FIG. 8 is a flowchart illustrating the operation of a third party agent.

FIG. 9 is an explanatory diagram for explaining an operation of an agent for performing a CM search.

FIG. 10 is a flowchart showing the operation of the user agent.

11A is a flowchart illustrating an operation of a CM place resident agent, and FIG. 11B is a flowchart illustrating a control operation of an information processing computer of a CM creator.

FIG. 12 is a display screen view of a commercial message displayed on a CRT of a user's personal computer.

FIG. 13 is a block diagram showing a control circuit for a communication device of a content provider and a personal computer of a user.

FIG. 14 is a block diagram showing a control circuit and recording information of an IC card of a user.

FIG. 15 is a schematic explanatory diagram of an encryption system SXAL / MBAL.

FIG. 16 is a flowchart showing a control operation of the communication device of the content provider.

FIG. 17 is a flowchart showing a control operation of the user's personal computer.

FIG. 18 is a flowchart illustrating a control operation of a user authentication process.

FIG. 19 is a block diagram showing a control circuit for preventing illegal copying of content.

FIG. 20 is an explanatory diagram showing another example of information search and distribution.

FIG. 21 is a block diagram showing another example for preventing illegal copying of content.

FIG. 22 is a flowchart illustrating another example of the control operation of the communication device.

FIG. 23 is a flowchart illustrating another example of the user authentication process.

FIG. 24 is a flowchart showing another example of the control operation of the personal computer of the user.

[Explanation of symbols]

 1 is a satellite 2 is a broadcasting station 10 is a CM creator 11 is a program-related data creator 7 is a content provider 8 is a third-party organization 14 is a personal computer 16 is a TV 15 is a VTR 13 is an Internet 26 is a user agent 27 is a destination Agent 28 is a third party resident agent 29 is a third party agent 19,23,56,70 is a database 52 is a CRT 50 is an IC card slot 18,22,57 is a telescript engine 24,25,58 is Place 3 is a communication device 59 is a resident agent 69 is a management server 68b is a CD-ROM 65 is an IC card 96 is profile information 82 is an MPEG2 decoder 83 is a digital watermark detector 86 is an APS

Continued on the front page (72) Inventor Mikio Fujii 5-35-35 Miyugaoka, Aoba-ku, Yokohama-shi, Kanagawa Prefecture Inside Laurel Intelligence Systems Co., Ltd. (72) Inventor Yutaka Tsukamoto 5-35 Miyugaoka, Aoba-ku, Yokohama-shi, Kanagawa Prefecture Address 2 Inside Laurel Intelligent Systems Co., Ltd.

Claims (12)

[Claims] 1. A multi-agent system in which agents having independent knowledge cooperate with each other, and a specific job requiring neutrality unsuitable for one or both of the parties to perform occurs. And a third-party agent having neutrality with respect to both of the parties when the specific work determining means determines that the specific work has occurred. A multi-agent system characterized by executing on behalf of a multi-agent system. 2. The third-party agent is an agent managed and operated by a third-party organization established to process the specific job, and developed to perform the specific job. The multi-agent system according to claim 1, wherein 3. The specific job determination means, wherein when the party agents working for each side of the party are operating in cooperation with each other, the party agent has a self-interest that is advantageous to its own position. 3. The multi-agent system according to claim 1, wherein a determination is made that the specific task has occurred when there is a risk of performing a specific operation. 4. 4. A content storage means for storing paid content, wherein one of the parties is a content provider that provides content stored in the content storage means, and the other of the parties is the content provider A user who wants to search whether or not there is content to be obtained in the content provided by the provider, wherein the specific work determination means is such that a user-side agent among the party agents is stored in the content storage means. 4. The multi-agent system according to claim 3, wherein when the search for the paid content is desired, it is determined that the specific work has occurred. 5. 5. The system according to claim 1, wherein the third-party agent has a monitoring function for monitoring whether or not one or both of the parties is illegal through the execution of the requested work. The multi-agent system according to claim 4. 6. An agent providing device for providing a third-party agent used in the multi-agent system according to claim 3, wherein: agent storage means for storing a plurality of types of third-party agents; When there is a request to perform work on behalf of a third party agent by a third party agent on behalf of the third party agent, the agent storage means stores a third party agent of a type corresponding to the third party agent to be delegated. Agent providing means for searching and providing the stored third-party agent from the third-party agent. 7. A recording medium used for a multi-agent system in which agents having independent knowledge operate in cooperation with each other, and recording a program of an agent working for one side of a party, A first meeting means for making a meeting with the other party's agent on the computer, and a neutrality for both parties when one or both of the parties has a specific task that is unsuitable for doing so. Second meeting means for making a meeting with a third-party agent having: a necessary information notification for notifying the third-party agent of information necessary for the third-party agent to perform the specific work on behalf of the third-party agent A computer-readable recording medium on which a program for causing the computer to function is recorded. 8. A multi-agent operation method in which agents having independent knowledge cooperate with each other, wherein a specific job requiring neutrality unsuitable for one or both of the parties to perform occurs. A specific work determination step of determining, a third party agent procurement step of procuring a third party agent having neutrality for both of the parties, and a determination that the specific work has occurred by the specific work determination step An execution step in which the third-party agent procured in the third-party agent procurement step executes the specific job when the multi-agent operation is performed. 9. A mobile agent system in which an agent moves and operates on a network, wherein a user-side agent working for the user side in a party consisting of a user and a service provider responding to the request of the user comprises: The user-side agent functions as a working area when moving up and operating and includes a confidential working area that can prevent the leakage of secrets. When the user agent moves and performs work, if it becomes necessary to use the secret data, the user agent moves to the confidential working area. Releasing the confidentiality of the secret data in the confidential working area. Characterized in that it allows the execution of the work, the mobile agent system. 10. The user-side agent may encrypt and hold the secret data, and enable decryption and reproduction of the encrypted secret data after moving to the working area for keeping secret. The mobile agent system according to claim 9, characterized in that it is characterized by: 11. The user agent does not have a decryption key used to decrypt the secret data,
11. The mobile agent system according to claim 10, wherein after moving to the confidentiality working area, the confidential data can be decrypted using the decryption key obtained in the confidentiality working area. . 12. The mobile agent system according to claim 9, wherein the secret data includes a secret key for authenticating the identity of the user.