KR20060098250A - An transaction method of digital data - Google Patents

Abstract

The digital data transaction method of the present invention, which includes a digital data seller client system, a digital data buyer client system, and a digital data transaction server, comprises: seller information, digital data information, and transaction from the digital data seller client system to the digital data transaction server. Inputting functional information and digital data; The digital data transaction server notifying the digital data information and transaction function information of the digital data online; Selecting, by the digital data purchaser client system, an authentication function from the transaction function information to use the digital data in the digital data transaction server; Encrypting, by the digital data transaction server, a list of the digital data and the authentication function and transmitting the encrypted data to the digital data purchaser client system; Transmitting, by the digital data transaction server, a decryption module for decrypting the encryption, a file identifier determination module for identifying the digital data, a hooking module for hooking the digital data execution command, and an authentication function module to the digital data buyer client system. ; Recognizing the encrypted digital data with the file identifier determination module, and decrypting the encrypted digital data in the main memory of the system and the decryption by the decryption module; Loading an execution program capable of executing the digital data on the main memory, analyzing the loaded execution program, identifying a required function module, and providing the authentication function module on the main memory; And changing, by the hooking module, a target address for calling the necessary function module from the execution program to an entry point address of the authentication function module, and the execution program executing the decrypted digital data. Arc module Executing the authentication function module in place of the necessary function module, decrypting the encrypted authentication function list into the decryption module and loading it into the main memory before executing the authentication function module; and calling the authentication function module. Determining whether the required function module belongs to the authentication function list and if the called necessary function module belongs to the authentication function list, the authentication function module calls and executes the required function module called by the application program. If it does not belong to the characterized in that it is configured to perform including the step of not executing the called necessary function module.

Description

Transaction method of digital data {AN TRANSACTION METHOD OF DIGITAL DATA}

1 illustrates a system of the present invention.

2 is a diagram illustrating steps in which the present invention operates for each trading entity.

3 is a schematic diagram showing the configuration of a transaction server.

4 is a flow chart showing a transaction step of the present invention.

5 is a schematic diagram showing the configuration of a shopper client system with DSE installed;

6 is a flowchart showing an execution step of digital data by the DSE of the present invention.

7 is a schematic diagram showing a hooking step of the present invention.

8 illustrates another embodiment of the present invention for preventing haze;

The present invention relates to a method of trading digital data, and more particularly, to illegally copy and illegally distribute digital data by blocking the unauthorized copying, printing, and transmission functions when decrypting and executing an encrypted digital data file. It is to provide a method that can be used to selectively block only the functions required for the execution of the digital data.

Recently, the act of generating and distributing valuable information as electronic documents or data has become an economically important issue. Especially, with the development of communication systems such as the Internet, such digital data has begun to be recognized as a commodity that can be traded online.

However, digital data such as music files, video files, and document files can be easily and illegally copied and transmitted. Therefore, in order to be subject to transactions, such illegal copying and transmission should be technically limited. It is true that technology has few ways to contain this inherently.

In addition, in order for digital data to be subject to normal transactions, users should pay a reasonable price and use the data without inconvenience to users who use it, and pay according to whether the digital data is simply viewed or duplicated or transmitted. Will help to support more active digital data distribution.

In the end, if you configure illegal digital data to be impossible to use and at the same time, users who use it for one digital data can purchase different rights and make digital data available within the limits of their rights, they will be flexible in terms of cost. It is possible to encourage more active digital data distribution because of possible transactions.

It is an object of the present invention to provide a method capable of preventing illegal use of digital data.

It is another object of the present invention to provide a safe distribution method of digital data.

Another object of the present invention is to promote a more active distribution of digital data by providing a method of operating only a function purchased or acquired by a user among functions necessary for executing digital data.

The digital data transaction method of the present invention includes a digital data seller client system, a digital data buyer client system, and a digital data transaction server to achieve the above object, from the digital data seller client system to the digital data transaction server. Inputting information, digital data information, transaction function information, and digital data; The digital data transaction server notifying the digital data information and transaction function information of the digital data online; Selecting, by the digital data purchaser client system, an authentication function from the transaction function information to use the digital data in the digital data transaction server; Encrypting, by the digital data transaction server, a list of the digital data and the authentication function and transmitting the encrypted data to the digital data purchaser client system; Transmitting, by the digital data transaction server, a decryption module for decrypting the encryption, a file identifier determination module for identifying the digital data, a hooking module for hooking the digital data execution command, and an authentication function module to the digital data buyer client system. ; Recognizing the encrypted digital data with the file identifier determination module, and decrypting the encrypted digital data in the main memory of the system and the decryption by the decryption module; Loading an execution program capable of executing digital data on the main memory, analyzing the loaded execution program, recognizing a necessary function module, and providing the authentication function module on the main memory; Changing the target address for calling the necessary function module from the execution program to an entry point address of the authentication function module with the hooking module and the execution program executing the decrypted digital data. Arc Executing the authentication function module in place of the necessary function module, decrypting the encrypted authentication function list into the decryption module and loading it into the main memory before executing the authentication function module; and calling the authentication function module. Determining whether the required function module belongs to the authentication function list and if the called necessary function module belongs to the authentication function list, the authentication function module calls and executes the required function module called by the application program. If it does not belong to the characterized in that it is configured to perform including the step of not executing the called necessary function module.

The present invention is also characterized in that it is a transaction method of digital data, wherein the digital data is traded online using each function of an execution program for executing the digital data.

In addition, prior to the step of decrypting the encrypted digital data on the main memory of the computer system, accessing a server system located at a remote location for user authentication, and if the user is authenticated as a legitimate user, decrypts the encrypted digital data. It further includes the step of receiving the decryption means to ensure that the digital data can be distributed more securely.

The executable program code may include an import address table (IAT) which lists the necessary function modules required for execution, and analyzing the loaded execution program to recognize the required function module requires the IAT. And analyzing and recognizing, wherein the IAT may additionally call the necessary function module required for execution, and the target address for calling the required function module in the execution program of the authentication function module. The step of changing the entry point address may be a step of changing the call target address of the IAT to an entry point address of the authentication function module.

The method may further include: accessing a server system located at a remote location and receiving user authentication prior to the step of loading the main memory on the main memory a list of required function modules certified to be usable for the decrypted digital data in the execution of the authentication function module; In addition, if the user is authenticated as a legitimate user, the method may further include receiving a list of the certified necessary function modules from the server system so that the digital data can be more safely distributed.

Further, before the step of loading the main memory into the main memory, the list of the required functional modules is an encrypted file, and the list of the required functional modules certified to be usable for the decrypted digital data in the execution of the authentication functional module is performed. Accessing a server system located at a remote location and receiving user authentication; and receiving a decryption means from the server system for decrypting the list of the authenticated necessary modules if the user is authenticated as a legitimate user. Ensure safe distribution of digital data.

The necessary function module referred to in the present invention means all the modules that the computer needs for executing a general program, for example, screen view, screen save, screen printing, file editing, file storage, file transfer, file printing, file It may be a module that performs at least one of program execution, such as an interpreter module required in encryption, file decoding, sound execution, video execution, JavaScript, and the like. The digital data referred to in the present invention may be executed program code, image data, The data may be at least one of text data, sound data, still picture data, or image data.

The present invention also provides decryption means for decrypting encrypted digital data on a main memory of a computer system; Analysis of the necessary function module for recognizing the required function module by analyzing the execution program loaded on the main memory. Authentication means for authenticating the operation of the required function module Among the execution codes of the execution program loaded on the main memory Address change means for changing the call target address of the code for calling the necessary function module to the entry point address of the authentication means List of necessary function modules certified to be usable for the decrypted digital data And a judging means for judging whether it belongs to the list of required function modules.

Hereinafter, with reference to the drawings will be described embodiments of the present invention;

1 is a diagram illustrating an embodiment of a system of the present invention required for digital data transactions.

In FIG. 1, the supply side and the demand side are divided into digital data seller client systems 11 for producing and selling digital data and digital data buyer client systems 12 for purchasing such digital data. There is a transaction server 13 which arranges a transaction in between, providing a transaction screen showing a list and a brief description of the digital data supplied by the seller client system and processing the transaction process for a transaction request from the buyer client system. do. In addition to the transaction server, a payment server 14, such as a bank or a card company, is connected thereto to authenticate the buyer and the transaction and to perform the actual payment from the buyer's account.

In FIG. 1, each client system 11 and 12 may be connected to a transaction server by wire or wirelessly. In addition, each client system can be any device with a hardware configuration that can upload or download digital data such as a computer, mobile phone, PDA, etc., and display contents or input and process transaction orders and conditions. Do. Since the hardware configuration of the present invention is very similar to the system used for online trading of tangible goods such as an internet shopping mall, detailed descriptions except for special cases will be omitted.

In addition, the digital data as used in the present invention includes any form that can be transmitted, for example, text data created by code of an execution program that is itself executable as a game or useful application program, Hunminjeongeum or Acrobat, etc. It is a concept that includes all digital data that can be transmitted and distributed online with economic value such as image data such as sound file, music file, still image and moving image file in MP3 format or other format and mixed multimedia data.

FIG. 2 is a flowchart for dividing the steps occurring in the digital data transaction process according to each trading entity, and FIG. 3 is a diagram for describing modules constituting a transaction server.

The seller client system, which is a supplier of digital data, requests to provide a transaction screen by accessing the transaction server of the present invention, and the transaction server transmits it. The transaction screen serves as a cyber transaction marketplace for trading digital data. It may be provided in the form of a web page that is wired or a WAP page that is wireless.

The seller client accessing the transaction screen first inputs the seller's information (S21). Here, the seller's information corresponds to the seller ID or the IP address of the seller's client system, the unique device information of the seller's client system, etc., in order to check the seller's account information to be deposited in the future.

For reference, the unique device information of the system refers to smart card information that will be provided in the form of a product production number or memory stick of a computer operating system, CPU, etc., and refers to a transaction subject based only on a computer system that executes digital data regardless of a user. To distinguish. Thus, for example, according to the transaction policy of the seller side 11 or the transaction server 13, the same user ID, the same IP, the same computer system or the same smart card anyone can use the same digital data more active Induce trade and use. This situation also applies to the buyer client system side 12, hereinafter, the information on such a trading entity is simply referred to as seller information and buyer information.

The seller client system inputting the seller information inputs the digital data information about the digital data to be traded on the transaction screen (S22). The digital data information input here is general information about the transaction object such as title, brief description, category classification of the digital data to be traded, and keyword input to be used in the search, and is used to help the buyer to fully recognize the digital data before the transaction. Information.

The seller also enters the tradable function together with the terms of sale attached thereto. Hereinafter, the tradeable function and its selling condition are collectively referred to as transaction function information.

In the present invention, the transaction function information may include, for example, an execution function of simply viewing or listening to the digital data to be traded, a storage function of storing digital data provided in a stream system, etc., a printing function of printing and outputting to paper; It refers to the sales conditions such as the transmission function transmitted to others and the price set by the seller for each function. In general, these functions have been allowed for one digital content.

In the present invention, by dividing each of these functions into a transaction target, the right to perform different functions according to the buyer even for the same digital data, and to prevent the functions more than the authority granted to the user to maximize the merchandise of the digital data To provide a way.

After inputting such transaction function information, the seller uploads digital data which is a transaction object (S23).

Input to the above-described upload and transaction information may be performed in a reversed order.

The transaction server 13 receiving the inputted information distinguishes sellers of the digital data based on the information input in the seller information input step S13 and recognizes account information to be settled (S24). In addition, on the basis of the information input in the digital data information input step (S22) to identify the information on the digital data (S25), and also to identify the transaction function information in conjunction with this. In this case, the identification refers to the recognition necessary for the transaction server to handle the digital data, which is an object in order to perform the operations necessary for digital data distribution, such as receiving and storing the inputted information, interworking, storing and posting the data later.

Next, the transaction server performs an encryption operation using an encryption / decryption module to prevent illegal copying and illegal distribution of the digital data and stores it in a storage module linked to the transaction server (S26). Post to the transaction screen provided by wired or wireless Internet or private network (S28). In addition, when the digital data is encrypted and stored, the digital data is distinguished from other documents in the future by assigning an identifier for recognizing that the digital data is encrypted and sold by the transaction server (S27).

Referring to the operation of the buyer client system 12, first, the buyer client system accesses the transaction server 13 to view transaction information of the tradable digital data and selects the digital data to be transacted. In addition, before and after this selection, the buyer information and payment information are provided to satisfy the basic requirements of the transaction (S29).

After selecting the digital data to be traded as a download item (S30), and then go through the authentication function selection step of determining what function to perform the digital data (S31), and approves the payment on the basis of the transaction information (S32). When the payment is completed, the buyer client system downloads the selected digital data and is ready to use (S33).

One specific example of the configuration module of the above-described transaction server is shown in FIG. 3.

In FIG. 3, the transaction server 13 encrypts the digital data itself, which is a transaction target, and the digital data display module 31, which provides the client 37 with the information 37 on the transaction object as part of the transaction screen, and encrypts the digital data itself. An encryption / decryption module 32 for storing and providing a decryption means thereof, from a transaction DB module 33 for storing digital data and seller and / or buyer information linked thereto, and transaction condition information, and a seller client system 11 Upload the data and the transaction conditions, connect the payment server 14 to the buyer's transaction request and perform the payment, and then the corresponding digital data, its decryption means, the function list certified to the buyer, and the application form provided by the present invention. Transactions that perform common functions related to transactions, such as sending security engines, etc., to the buyer client system 12. It is composed of a performance module 34 and a control unit 30 for controlling both, and consists of an interface module 35 for communicating with each client system, storage module, payment server and the like. Here, the storage module 36 and the payment server 14 may be included in the form of a module in the transaction server according to the configuration.

In addition, an example of the object information screen 37 of the transaction screen is shown in FIG. 3, and the seller displays the transaction conditions of the name, brief description, and tradeable functions of the digital data uploaded through the screen 37. It can be inputted and presented, and the buyer can set the necessary objects and conditions while viewing this screen 37 and transmit payment information such as a purchase request and a payment amount to the transaction server 13.

In the example shown, the purchase amount for each function such as screen execution, storage, transmission, etc. is shown. If you pay the amount of each item and purchase certain functions, this function becomes the authentication function for the corresponding digital data of the corresponding buyer, Stored. In other words, the authentication function list means a function that only a purchaser can perform on the digital data, regardless of whether the corresponding digital data is purchased. This list of authentication functions is especially useful for digital infringement that can be infringed if the purchaser performs such a function in advance by copying or transmitting a function that may infringe the copyright of the copyright holder. The copyright of the data is configured in advance to justify the compensation.

Hereinafter, the concept of distinguishing the authentication function and the unauthenticated function and combining the two functions is called a necessary function. The tradable necessary functions may be additional conditions for each function in addition to those shown, such as the period of use.

On the other hand, Figure 3 shows an example of how the data stored in the transaction DB module 33 is configured, for example, by storing the specific digital data and the ID and password of the buyer who purchased it in conjunction with, the buyer If the digital data is requested, it is configured to authenticate whether or not the user has the authority to download and decrypt the digital data. It is also configured to store a list of authentication functions for which function the buyer can perform only on the digital data, so that the purchaser can refer to the authentication function of the authentication function module described below. As shown, for example, a buyer with an ID of A943 purchased only D (screen display) and S (save) functions for digital data called D.exe, so only this function is authorized as a list of authentication functions. If, in the future, the user attempts to perform a function different from this authenticated function for D.exe, such as a printing function P, this function is not performed by the security engine of the present invention or is treated as an error.

4 is a flowchart showing in more detail the purchase process (S29 ~ S33) in the above-described buyer client system 12. First, the buyer is connected to the transaction server using a personal computer, mobile phone, PDA, etc. connected to the Internet as a buyer client system, and then enters the buyer information (S29) to authenticate the buyer. In addition, before and after this authentication, a transaction screen is provided from a transaction server to search a list of digital data subject to a transaction.

The search target and the necessary functions required by the buyer for this search, that is, the authentication function list is selected (S30 and S31), and in order to download it, a payment process (S32) is required. Payment can be made at various costs, such as watching paid advertisements according to the policies of cyber money or other transaction servers. If payment is made using money used in real life, the user may use previously stored payment information or input new payment information for each transaction (S32-1).

Before and after the payment step, the terminal to download the selected digital data, that is, the target terminal may be selected (S33-1). It is common for the connected client system to become a target terminal, but in the case of presenting a specific music file to a friend, for example, it is possible to select a third party client system as the target terminal. In the following description, it is assumed that the purchaser client system that purchased the data and the target terminal are the same unless otherwise noted.

After the payment and the target terminal selection are completed, the actual download phase is entered. When requesting a download (S33-2), it may appear as if only the digital data is downloaded to the buyer, but in reality the security engine necessary for the transaction function of the present invention and the above-mentioned authentication function list are encrypted and Downloaded together (S33-3, S33-4, S33-5)

Hereinafter, the security engine is called a docushell engine, or DSE for short, which is a unique name named by the present inventor, which is a newly developed security engine for the transaction method of the present invention. This DSE is configured to be automatically installed on the client system at the end of the download (S33-6), and is also registered in the computer system's registry so that it is always loaded and processed in main memory at system startup. It is configured to assist and monitor users' use of digital data.

In FIG. 4, the authentication function list download may not be performed in advance, but may be downloaded after authentication for the user when the user wants to use the corresponding authentication function. In addition, the DSE has a built-in decryption means for decrypting the encrypted digital data is configured so that it is impossible to decrypt and use the digital data at all unless the DSE is downloaded and installed.

5 shows an example of the configuration of the target terminal or purchaser client system 12 in which the above-described download process is completed and the DSE is installed.

The downloaded digital data 55 and the authentication function list 56 linked thereto are stored in an auxiliary memory 57 such as a hard disk in an encrypted state. In addition, the DSE (50) is installed, the DSE is the file identifier determination module 51, the encryption / decryption module 52, the hooking module (hooking module 53) for performing the hooking and authentication for the necessary functions The authentication function module 54 is comprised.

Briefly describing the modules of the DSE, the file identifier determination module 51 is a module for distinguishing digital data to be influenced by the operation of the DSE, and whether the same PowerPoint data is traded data according to the present invention. It is to judge whether or not. In detail, the file identifier determination module recognizes and identifies the file identifier given when the encryption / decryption module 32 of the transaction server encrypts the corresponding digital data. The encryption / decryption module decrypts the encrypted digital data 55 and the authentication function list 56 downloaded to the purchaser's system, and afterwards, when the user issues an authorized storage command to save the data after working with the digital data, It encrypts and saves necessary data among the data recorded in main memory. The hooking module 53 is a module that performs address remapping, which will be described later, after the execution program 50 and the necessary function module 58 for executing the digital data 55 are loaded into the main memory by the loader of the operating system. The authentication function module 54 is a module for checking whether the requested necessary function is an authenticated function included in the authentication function list. The hooking module 53 is an essential module for the authentication function module 54 of the present invention to operate.

In addition, Fig. 5 also shows an example of an execution program 57 capable of executing the digital data and the necessary function modules 58 required by the execution program, which is pre-installed in the client system.

For example, if the downloaded digital data is A.ppt, the executable program is a PowerPoint program (powerpoint.exe), a program of Microsoft Corporation, and the required function module is required for this executable program. It may be various DLL files (dynamic loading library files).

Such a necessary module can exist as program code inside an executable program or as a separate module such as a DLL file. Execution code that performs this required function in any form returns to the beginning of the entry point and ends and returns execution. In most cases, the execution code in the form of a block is called a necessary function module.

Since the necessary function modules perform independent auxiliary functions such as storage, transmission, and screen display, the execution program and the necessary function modules are combined with each other through address mapping process in main memory when they are processed for actual execution. For example, by analyzing the import address table (IAT) of the executing program, each required function (Ft1, Ft2) is recognized, and the address (Adrs1, Adrs2) of the required function module called by them is Read and store in IAT. This is generally well known and is described later in detail again.

A flowchart of operating digital data downloaded from the client system in which the DSE and various modules are installed is shown in FIG. 6.

In FIG. 6, an executable program is exemplified as A.exe, digital data to be executed as DD.aaa, and encrypted DD.aaa as DD.aaa.ms. Of course, these examples do not limit the invention to any particular form.

Since the DSE of the present invention is generally configured in the registry to be installed together when the shell module is installed after the client system is booted, the DSE is always processed before execution of the execution program and the digital data (S61). However, if necessary, when receiving a request for execution of a specific execution program (S62) or an identifier assigned by the transaction server of the present invention, that is, in FIG. 6, when requesting execution of digital data having ms as an encryption identifier (S65), DSE. May be configured to be loaded into main memory and processed.

In addition, the purchaser of the user of the digital data DD.aaa or the like first requests the execution of the executable program A.exe, and then requests the execution of the DD.aaa, or the DD.aaa first, and then automatically Since A.exe can be executed, in FIG. 6, the execution program execution request and subsequent steps S62 to S64 and the digital data execution request and subsequent steps S65 to S67 are arranged side by side. There is no ranking.

Therefore, in conclusion, the process step (S61) of the DSE, the execution request step (S62) of the execution program and the execution request step (S65) of the digital data, there is no difference in the execution of the present invention, whichever comes first, but only execution The DSE needs to be processed (S61) before the program is loaded onto the main memory (S63) and before the digital data is executed (S67).

In Fig. 6, when the execution program execution request is first requested (S62), the execution program is loaded into the main memory of the client system (S63), and after the required function module call of the execution program is analyzed by the DSE, the address remapping is performed. Through address remapping, an authentication function module goes through a hooking step (S64) in which the authentication function module operates instead of the required function module.

Before and after the steps S62 to S64, the buyer requests execution of the digital data to be executed (S65). In response to the request, the DSE encrypts the digital data DD.aaa encrypted by the decryption module 52 which is its internal module. Decode .ms and load it into main memory as DD.aaa (S67).

As another method for the decryption module, after receiving the execution request of the digital data (S65), the transaction server connected to the client system authenticates the user again and transmits the decryption module which is a module of the DSE until the decryption step. It may be rough (S79). This is a procedure for confirming whether the party user is a legitimate use again. Therefore, in this embodiment, the decryption module of the DSE is downloaded separately from the DSE.

In addition, before and after this time, the user deciphers and installs a list of authenticated authentication functions in the main memory. The reason for the authentication function list being encrypted is to prevent hacking of this list. Although the present invention will be described based on the embodiment of the authentication function list downloaded in advance and stored in the client system in an encrypted state, it is natural that an embodiment in which the authentication function list is downloaded and installed after user authentication (S79) is possible. Therefore, the authentication function list acquisition step (S66) is included in both cases.

In the above-described process of FIG. 6, if the user first requests the execution of digital data (S65), the execution program processing steps S62 to S64 may be performed after the digital data processing steps S65 to S67.

After the initial process is executed, the executing program starts the actual processing on the decoded digital data DD.aaa (S68), in which the executing program displays the necessary data on the screen or plays a sound module. In addition to this, in addition to the user's command to call the necessary function modules for editing, storage, transmission, etc. (S69).

When the specific necessary function module shown as necessary function n is called by the execution program (S69), it is hooked up by the DSE in advance (S64), and thus the authentication function module 54 is called instead of the required function module. The authentication function module goes through an authentication process (S70) of checking whether the required function module n called with reference to the already decrypted authentication function list 56 is an authenticated function.

When it is determined that the required function n is authenticated, the authentication function module calls the required function module n to execute normal operation (S71). On the contrary, if the called function module does not exist in the authentication function list, the authentication function module does not respond to the call or generates an error message (S72), and then returns to the executing program (S73). Unnecessary functions should not be performed. In addition, the necessary function call can be repeatedly performed several times, and the execution of the above-described authentication function module is repeated each time (S69 to S72).

When all subsequent operations are executed (S73), execution of the DD.aaa. Of the executing program is terminated (S74), and if necessary, the DSE encrypts the data recorded in the main memory and stores it in the file system (S75) or It is completely erased from the memory (S76) to prevent hacking on the decrypted digital data.

FIG. 7A illustrates the operation sequence of a conventional execution program, and FIG. 7B illustrates the operation sequence of the present invention. In particular, the above-described hooking step S64 and authentication steps S70 to S72 of the present invention will be described in detail. It is for the drawing.

First, referring to FIG. 7A, the execution program 57 is divided into a file header 70 that describes this, and an execution code area 71 that is an actual code to be executed, and is also called by the execution code 71. That is, the present invention is configured to include an IAT (Import Address Table) 73 listing the call addresses for the code block called the necessary function module.

The necessary function module 58 is composed of a file header 74, an executable code area 75 that actually functions, and an EAT (Export Address Table) 76 that records an entry point address of the executable code area.

In operation, first, after all the code of the executable program 57 is loaded into the main memory, the operating system of the system parses the executable code area 71 or directly analyzes the IAT 73. The address of the necessary function module required by the executing program is mapped. For example, in the illustrated embodiment, a required function module called PLAY is called at address 350, and a required function module called PRINT is called at address 480. In order to execute this, a required function module is called, for example, DLL files PLAY.dll and PRINT.dll. Is stored in the main memory, and the absolute addresses, for example, 1200 and 1800, are recorded in the IAT 73 of the execution program by referring to each export address table (EAT).

DLL file is a functional module that can be used by various types of executable programs in common. It is a method developed to reduce the size of an executable program and execute it efficiently, and is a functional module generally used under the current Windows operating system. In the present invention, the DLL file is taken as an example of the required function module, but any form of the function code block configured to return to the main program after being called in the same manner to perform a specific function may be required function module of the present invention. have.

After this IAT recording, the execution code of the executing program is actually executed on the CPU and calls the PLAY function module at address 350 (step ①), which does not actually call the function name, but rather the corresponding code line of the IAT 73, namely, In the illustrated embodiment, address 100 is called.

Since the code of IAT with address 100 is mapped to address 1200 in advance so that PLAY.dll can be called, when address 100 is executed by jumping in step ①, code 1200 is called again (step ②), and address 1200 After the PLAY.dll is actually executed in the code with the return code, the program returns to the executing program code (step ③).

After that, if the execution program code continues to execute and executes the address 480 code and encounters a PRINT.dll function module call, the process goes from step ④ to step ⑥ in the above-described manner.

The implementation of the present invention by hooking this function module call and redirecting the call to the authentication function module is shown in FIG. 7B.

In FIG. 7B, after the executable program code is loaded into the main memory, after the operating system of the system maps the address of the required function module of the IAT 73, immediately after or before the process step of the executable program, The hooking step is performed by the hooking module 53 (not shown) (S64).

The hooking module 53 modifies the call address of the IAT again, for example, to call address 1000 as the call destination of the address 100 code of the IAT which was determined by the operating system to call address 1200 to execute PLAY.dll as shown in FIG. 7A. In this case, the authentication function module 54 is disposed at the address 1000 instead of PLAY.dll.

By modifying the call addresses of the IAT so that the same process can be performed for the remaining necessary function calls, the hooking step S64 of the present invention is terminated, and the execution program waits for the user's command and task in a state capable of executing.

Then, when the execution program is actually executed, the call of PLAY.dll is executed at address 350, which is first jumped to the IAT of address 100 (step ①), and then the address 1000, which is the address manipulated by the operation of the hooking module, is executed. Will be called (step ②).

The code at address 1000 is not an entry point of PLAY.dll, but an entry point of MyPLAY.dll, which is an authentication function module of the present invention. Therefore, the authentication function module is executed first. Here, the authentication function module is the required function module called PLAY.dll called by the executing program. A step S70 of authenticating is performed.

Verification method, the authentication function module 54 calls the separate authentication function list 56 as shown, and the authentication function list retrieves its list and checks whether MyPLAY.dll is authenticated, and then the Based on the method (step ③) of transmitting the result value to the authentication function module 54 and the value recorded in the authentication function list 56, the result value is stored in advance in each authentication function module 54 and prepared for authentication. It is possible to do this. As described above, the method of storing the result value in the authentication function module is also performed by the DSE of the present invention.

Another verification method is that when the authentication function module 54 is executed, the purchaser client system 12 connects to the transaction server 13 and then requests the transaction server 13 for an authentication result value for the authentication function module. The result is notified. In this case, the authentication function list 54 is not transmitted to the purchaser client system 12 from the beginning but is stored only in the transaction DB module 33 of the transaction server 13 and responds to the call. That's the way.

When it is determined that the called function module is included in the authentication function list, the authentication function module 54 calls the address 1200 code, which is the address of PLAY.dll, to execute this function (step ④), and PLAY.dll After execution, the control right is passed back to the execution program via the authentication function module 54 (step ⑤).

If the processing of the required function PRINT.dll is executed while executing the code of address 480 during execution of the next executable program code, jumping to address 200 of IAT (step ⑥) again calls address 1100, which is the address manipulated by DSE. (Step ⑦) This PRINT function module goes through the authentication process. At this time, it goes through the same authentication process (step ⑧). If the result is negative, PRINT.dll located at address 1800 is not executed. Instead, it executes the next command of the executing program with an error value or no response. (Step ⑨).

Through this process, the DSE of the present invention prevents the purchaser from performing necessary functions that are not authenticated so that the transaction method of the present invention can be safely performed.

Figure 8 shows another embodiment of the present invention, which is a way to prepare for hacking to disable the above-described operation of the present invention.

Any hacker who understands the manner of operation of the present invention can make a hooking module similar to the hooking module of the DSE of the present invention. That is, the hacker module can disable the DSE of the present invention by modifying the IAT call address of the executing program as the DSE of the present invention does. For example, as shown in FIG. If you change 1200 "to" 100: PLAY: 1000 ", the hacker module will modify it back to the original" 100: PLAY: 1200 "so that it does not go through the authentication function module.

In response, the embodiment of FIG. 8 further includes a character encryption module 81 in the DSE. That is, the DSE of the present invention finds the text data of "PLAY" or "PRINT" recorded in the IAT and the DLL and corrects the address to be manipulated. Most of the hacker modules also find the names of these functional modules, Since the character encryption module will be modified, the text data which is the names of these necessary modules after the hooking step is deleted or changed to the wrong name so that the address modification position cannot be found.

For example, as shown in FIG. 8, the DSE of the present invention finds the text "PLAY" or "PRINT", which is a function module required by the IAT, modifies the call addresses to the address of the authentication function module, and then uses the character encryption module 81. An example would be to search for all parts of main memory where the names of these function modules were recorded and rename them with completely different names "Ft1", "Ft2", and so on.

Changing the address before the hacker module hooks to the DSE is useless since the address will be changed by the subsequent DSE, so it must be accessed after the DSE is running. Since the names of the modules cannot be found, the hack will eventually fail.

The present invention provides a method of trading digital data online, and the present invention enables trading of various digital data with various options.

In addition, the present invention is configured to prevent hacking, illegal copying, etc., which are the biggest problems in the distribution of digital data by promoting safe execution of digital data.

By using the present invention, it is possible to establish a healthy and diverse commerce order in online digital data transactions, thereby creating a social and technical atmosphere in which more advanced digital data can be produced.

Various modifications are possible within the scope of the present invention by those skilled in the art, for example, by setting one or more of the above authentication steps, and then authenticating whenever necessary. Therefore, the present invention is not limited to the above embodiments, and the scope of the claims is defined by the following claims.

Claims (9)

Claims [1] A method of trading digital data, comprising a digital data seller client system, a digital data buyer client system, and a digital data transaction server. Inputting seller information, digital data information, transaction function information, and digital data from the digital data seller client system to the digital data transaction server; The digital data transaction server notifying the digital data information and transaction function information of the digital data online; Selecting, by the digital data purchaser client system, an authentication function from the transaction function information to use the digital data in the digital data transaction server; Encrypting, by the digital data transaction server, a list of the digital data and the authentication function and transmitting the encrypted data to the digital data purchaser client system; Sending, by the digital data transaction server, means for decrypting the encryption to the digital data buyer client system; Digital data trading method comprising a. Claims [1] A method of trading digital data, comprising a digital data seller client system, a digital data buyer client system, and a digital data transaction server. Inputting seller information, digital data information, transaction function information, and digital data from the digital data seller client system to the digital data transaction server; The digital data transaction server notifying the digital data information and transaction function information of the digital data online; Selecting, by the digital data purchaser client system, an authentication function from the transaction function information to use the digital data in the digital data transaction server; Encrypting, by the digital data transaction server, a list of the digital data and the authentication function and transmitting the encrypted data to the digital data purchaser client system; Transmitting, by the digital data transaction server, a decryption module for decrypting the encryption, a file identifier determination module for identifying the digital data, a hooking module for hooking the digital data execution command, and an authentication function module to the digital data buyer client system. ; As containing, The digital data purchaser client system recognizing the encrypted digital data with the file identifier determination module; decrypting the encrypted digital data in the main memory of the system with the decryption module; and executing the decrypted digital data. Loading an executable program on the main memory, analyzing the loaded executable program, recognizing a necessary function module, and providing the authentication function module on the main memory; Changing a target address for calling the necessary function module from the execution program to an entry point address of the authentication function module; and when the execution program calls the required function module while executing the decrypted digital data. Above certification Executing the functional module instead of the necessary function module, decrypting the encrypted authentication function list into the decryption module and loading the encrypted function function into the main memory before executing the authentication function module; and the necessary function module called by the authentication function module Determining whether it belongs to the authentication function list and if it is determined that the called necessary function module belongs to the authentication function list, if it is determined that the authentication function module calls and executes the required function module called by the application program and does not belong to it. And executing the called necessary function module. In the transaction method of digital data, And trading the digital data on-line using each function of an execution program that executes the digital data as a trading target. The method of claim 2, Prior to decrypting the encrypted digital data on the main memory of the computer system, Accessing a server system located at a remote location and receiving user authentication; And, Receiving decryption means for decrypting the encrypted digital data when authenticated as a legitimate user; To And further comprising a digital data transaction method. The method of claim 2, The executable program code is configured to include an import address table (IAT) which lists the necessary function modules required for execution, Analyzing the loaded execution program and recognizing a necessary function module required; is a step of analyzing and recognizing the IAT. The method of claim 5, The executable program code is configured to include an import address table (IAT) that lists and calls necessary function modules required for execution. Changing a target address for calling the necessary function module into an entry point address of the authentication function module in the executing program; Changing the call target address of the IAT to an entry point address of the authentication function module. The method of claim 2, Loading into the main memory an authentication function list which is certified to be usable for the decrypted digital data in execution of the authentication function module; Before, Accessing a server system located at a remote location and receiving user authentication; And, Receiving the authenticated authentication function list from the server system when the user is authenticated as a legitimate user; Computer program execution method characterized in that it further comprises. The method of claim 2, The necessary function module is a module for performing at least one of screen viewing, screen saving, screen printing, file editing, file saving, file transfer, file printing, file encryption, file decoding, sound execution, video execution, and program execution. The transaction method of digital data, characterized in that. The method of claim 2, And the digital data includes at least one of execution program code, image data, text data, sound data, still picture data, and image data.

Images