WO2004061692A1 - Electronic data authentication method, mark image generation method, and storage medium issuing method - Google Patents

Abstract

It is possible to improve the user-friendliness of an authentication system for authenticating electronic data by using a mark image having a watermark. When a WWW server (5) is accessed by a WWW browser (7), it transmits a Web page and an archive file containing an authentication program a mark image having a watermark to the WWW browser (7). The WWW browser (7) accesses the WWW server (5), receives the Web page together with the archive file, and displays the received Web page. Next, it extracts the mark image having the watermark and the authentication program from the archive file received and executes the authentication program. The authentication program displays the mark image having the watermark on the Web page displayed by the WWW browser (7) and authenticates the displayed Web page by using the electronic watermark information embedded in the mark image having the watermark.

Description

 TECHNICAL FIELD The present invention relates to a technology for authenticating electronic data such as a web page, and more particularly to a technology for authenticating electronic data such as a web page by using a mark image attached to electronic data. It relates to technology for authenticating electronic data. Background art

As a technology for authenticating electronic data such as Web pages, a technology using a mark image pasted on electronic data has been proposed (for example, Japanese Patent Application Laid-Open Nos. 11-239129, 20-29). Japanese Patent Application Laid-Open No. 0-1874744 and Japanese Patent Application Laid-Open No. 2001-25661 87).

In these technologies, information for authenticating electronic data is embedded in a mark image as electronic watermark information. Then, a holding server such as a WWW server holds the electronic data to which the mark image is attached in a state in which a browser terminal such as a www browser can view the electronic data. The browser terminal that has accessed the holding server downloads the electronic data and the mark image and displays the electronic data with the mark image attached. At the same time, the digital watermark information embedded in the mark image is extracted, and the extracted information is used to authenticate the electronic data displayed together with the mark image. DISCLOSURE OF THE INVENTION In the authentication technique described above, a browser terminal extracts digital watermark information from a mark image displayed together with electronic data, and performs authentication of the electronic data using the extracted information. For this reason, a mechanism is required for the browser terminal to authenticate electronic data using the mark image.

 Conventionally, an authentication program for authenticating electronic data using a mark image is installed in a browser terminal in advance, and the authentication program is operated as a plug-in of the browser program to operate the browser. The terminal authenticates the electronic data using the mark image. Therefore, electronic data authentication using a mark image cannot be performed on a browser terminal on which an authentication program is not installed in advance. This has hindered the spread of electronic data authentication using mark images.

 In general, sales contracts for systems that issue mark images take the following forms. In other words, the annual usage fee of the system fluctuates according to the annual number of mark images issued by the system seller (mark image issuer). Traditionally, system distributors have determined annual usage fees based on self-reports from system distributors.

 The present invention has been made in view of the above circumstances, and an object of the present invention is to improve the usability of an authentication system for authenticating electronic data using a mark image pasted on electronic data as described above. It is in.

Specifically, authentication of electronic data using a mark image can be performed without installing an authentication program in the browser terminal in advance. Also, the system distributor for issuing the mark image can collect the system usage fee without having to self-declare the system distributor. To do.

 In order to solve the above problems, a first aspect of the present invention is configured such that a holding server that holds electronic data and a browser terminal that displays the electronic data are connected to each other via a network. In the network system, an authentication program and a mark image are transmitted together with the electronic data from the holding server to the browser terminal, and the browser terminal executes the authentication program. Here, information related to the electronic data is embedded in the mark image as electronic watermark information.

 That is, when the holding server is accessed by the browser terminal via the network, a transmission step of transmitting the electronic data to the browser terminal together with the mark image of the electronic data and the authentication program is performed. Let

 On the other hand, the browser terminal accesses the holding server via the network, and receives the electronic data from the holding server together with the mark image and the authentication program. Displaying the electronic image according to the authentication program received together with the electronic data, displaying the mark image received together with the electronic data on the electronic data being displayed, and being embedded in the mark image. An authentication step of authenticating the electronic data using the relevant information of the electronic data.

Here, the related information of the electronic data includes address information and expiration date information of the electronic data. Further, the authentication program must be able to execute the authentication program in association with the electronic data and the mark image downloaded together with the authentication program. As a form of such a certification program A Java avatar can be used for a browser terminal equipped with a Java (registered trademark) virtual machine.

 According to this aspect, the mark image and authentication program for authenticating the electronic data is downloaded to the browser terminal together with the electronic data. Therefore, even if the authentication program is not installed in advance, the authentication of the electronic data using the mark image can be performed by the browser terminal.

 Next, a second aspect of the present invention is to allow a mark issuing device capable of reading and writing data to a storage medium to confirm the right to issue a mark image using information stored in the storage medium, and generate a mark image. I try to make it. Here, the storage medium includes license key information indicating a right to issue the mark image, point information indicating the number of times the mark image can be issued or issued, and the point information indicating the number of times the mark image has been issued. In this case, the number of permitted issuance of the mark image and are stored.

That is, in the mark issuing device, the issuable number of the mark image indicated by the point information stored in the storage medium is 1 or more, or the issued number of the mark image indicated by the point information is The license key information and the mark stored in the storage medium are checked using the license key information and the mark. A storage medium authentication step of authenticating the storage medium, and the number of times the mark image indicated by the point information can be issued is 1 or more, or the number of issued mark images indicated by the point information is stored in the storage medium. Is confirmed to be less than or equal to the permitted number of issuances, and when the authentication of the storage medium is established, the electronic device is connected via the input device. A related information receiving step of receiving input of related information of the child data; and Embedding the relevant information into the image previously stored in the storage device of the mark issuing device to generate the mark image; and performing authentication stored in the storage device of the mark issuing device in advance. A mark image attaching step of attaching the mark image to a program, and reducing the number of times the mark image indicated by the point information can be issued by one from the point information stored in the storage medium, or the point information. And a storage medium updating step of updating so as to increase by one the number of issued mark images indicated by.

 In this aspect, valid license key information is registered, and the number of times the mark image can be issued is 1 or more, or the number of times the mark image is issued indicated by the point information is stored in the storage medium. Only the owner of the storage medium whose number is equal to or less than the permitted number of issuances can cause the mark issuing device to generate the mark image. Further, the mark issuing device can receive, from the user via the input device, information related to electronic data to be embedded as electronic watermark information in the mark image. Therefore, it is possible to customize each mark image issuer and quickly issue the mark image. By issuing a storage medium, the system seller can collect the system usage fee without having to self-declare the system seller. Next, a third aspect of the present invention provides a storage medium issuing device capable of reading and writing data on a storage medium, by using the point information (or already issued) indicating the number of permitted issuances described in the second aspect. The storage medium in which the point information indicating the number of times (the number of permitted issuances), the license key information, and the are registered is generated.

That is, an issuance information receiving step of receiving input of the destination information of the storage medium and the permitted number of times of issuing the mark image via the input device in the storage medium issuing apparatus; For information ahead The corresponding license key information is read from the storage device of the storage medium issuing device and written into the storage medium together with the input point information. A storage medium writing step for writing to the storage medium together with point information indicating the number of times the mark image can be issued, or point information indicating the number of times the mark image has been issued set to an initial value, and the number of permitted issuances. Storing the input issuance information and the point information of the storage medium in a storage device of the storage medium issuing device as a storage medium issuing device; and a storage device of the storage medium issuing device. And a step of outputting a storage medium issuing port stored in the server.

 By using the storage medium issuing device, the storage medium issuer (system distributor) can manage the issuance status of the storage medium to the mark image issuer. Therefore, the system seller can collect the usage fee of the system without relying on the self-report of the system seller. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of an electronic data authentication system to which an embodiment of the present invention is applied.

 FIG. 2 is a schematic configuration diagram of the IC card issuing device 1 shown in FIG.

 FIG. 3 is a diagram showing an example of registration contents of the license key information storage unit 142 shown in FIG.

 FIG. 4 is a diagram showing an example of registered contents of the issuing port storage unit 141 shown in FIG.

FIG. 5 is a diagram showing a hardware configuration example of the IC card issuing device 1 and the mark image issuing device 3 shown in FIG. FIG. 6 is a diagram for explaining the operation flow of the IC card issuing device 1 shown in FIG.

 FIG. 7 is a schematic configuration diagram of the mark image issuing device 3 shown in FIG.

 FIG. 8 is a diagram showing an example of registered contents of the entity fixed item storage unit 381 shown in FIG.

 FIG. 9 is a diagram showing an example of registered contents of the entity variable item storage section 382 shown in FIG.

 FIG. 10 is a diagram for explaining the operation flow of the mark image issuing device 3 shown in FIG.

 FIG. 11 is a diagram illustrating an example of an entity fixed item setting reception screen.

 FIG. 12 is a diagram showing an example of a mark image change confirmation screen.

 FIG. 13 shows an example of a screen for accepting the setting of an entity variable item. FIG. 14 is a diagram for explaining the operation flow of the e-certificate program activated by the WWW browser 7 shown in FIG.

 FIG. 15 is a diagram showing an example of a digital watermarked mark image 701 on which a message 702 indicating that verification is being performed is superimposed.

 FIG. 16 is a diagram showing an example of a digital watermarked mark image 701 on which messages 703a to 703c indicating that verification of the pasting condition item is not satisfied are superimposed.

 Figure 17 shows the menu image 704 displayed when the watermarked mark image 701 is selected, and the titles 705 a-b, 70 0 displayed in the menu image 704. FIG. 6 is a diagram for explaining an event performed by selecting 6 a to b.

FIG. 18 is a diagram for describing a modified example of the operation flow of the mark image issuing device 3. FIG. 19 is a diagram for explaining a modification of the electronic watermark information embedded in the mark image by the mark image issuing device 3.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described.

 FIG. 1 is a schematic diagram of an electronic data authentication system to which an embodiment of the present invention is applied.

 As shown in the figure, the electronic data authentication system of the present embodiment includes an IC card issuing device 1 as an IC card issuer device, a mark image issuing device 3 as a mark image issuer device, and a web page. It has a WWW server 5 that is a device of the creator and a WWW browser 7 that is a device of a web page viewer.

 The WWW server 5 and the WWW browser 7 are connected to each other via a network 6 such as the Internet. The WWW server 5 does not need to be the device of the web page creator itself, and may be, for example, a device of a server operator that lends the WWW server 5 to the web page creator.

 The IC card issuing device 1 is configured so that the IC card 2 can be removed. I. In accordance with the instruction from the card issuer, write the license key information of the IC force issue destination and the point information indicating the number of times the mark image can be issued to the inserted IC card 2. The IC card 2 on which the license key information and the point information have been written in this way is sent to the mark image issuer to which the IC card is issued by mail or other means (S 1). FIG. 2 is a schematic configuration diagram of the IC card issuing device 1.

As shown in the figure, the IC card issuing device 1 has a GUI (Graphical user Interface) section 100, an IC card reader / writer section 120, an operation section 130, and a storage section 140.

 The GUI section 100 accepts information input from the operator (IC card issuer) and presents information to the operator via input devices such as a mouse and keyboard and output devices such as a mouse. Or

 The IC card 'reader / writer 120 reads and writes information from and to the IC card 2 mounted on the IC card issuing device 1.

 The arithmetic unit 130 includes an instruction receiving unit 131, an IC card issuing unit 132, and a report output unit 133.

 The instruction receiving unit 1331 receives an instruction to issue an IC card and a report output instruction from the operator via the GUI unit 100.

 The IC card issuing unit 132 controls the IC card reader / writer 120 to write the license key information and the point information to the IC card 2 mounted on the IC card issuing device 1.

 The report output unit 133 reads out the issuance log of the IC card stored in the storage unit 140 and presents it to the operator via the GUI unit 100. The storage unit 140 includes an issuance port storage unit 141 and a license key information storage unit 142.

The license key information storage section 142 stores license key information required for using the mark image issuing device 3 for each mark image issuing device 3. FIG. 3 is a diagram showing an example of registered contents of the license key information storage unit 142. As shown in the figure, each record registered in the license key information storage unit 142 includes a field 1442 1 for registering a device ID, which is identification information of the mark image issuing device 3, and a mark image A field 1 4 2 2 for registering the issuer information including information such as the name and address of the mark image issuer who owns the device 3 and a mark image issuer And a field for registering license key information necessary for using the device 3.

 Each time the IC card issuing unit 132 writes the license key information and the point information to the IC card 2, the issuing unit of the IC card 2 is registered in the issuing unit storage unit 141. FIG. 4 is a diagram showing an example of registered contents of the issuing port storage unit 141. As shown in the figure, each record registered in the issue log storage unit 141 has a field 1441 1 for registering an issue ID (for example, a serial number) as identification information of the issue log, and an IC. Field 1 4 1 2 for registering the device ID of mark image issuing device 3 owned by the destination of card 2 and Field 1 for registering the number of issue points written on IC card 2 4 13, the FINO red 14 for registering the issue date of the IC card 2, and the FINO red 14 1 to 14 14 of the same record, or information of the information Fields 1415 for registering an electronic signature for the SageDigital are provided. The electronic signature registered in field 1415 is for checking the falsification of the issue log registered in the same record.

 The IC card issuing apparatus 1 having the above configuration includes, for example, a CPU 901, a memory 902, an external storage device 903 such as an HDD, and an IC card reader / writer 90 as shown in FIG. 4, an input device 906 such as a keyboard / mouse, an output device 907 such as a monitor, a communication device 908 for communicating with a partner device via a network, and each of these devices. In a general computer system having a bus 909 and a bus 909, the CPU 901 can be realized by executing a program (IC card issuing program) loaded on the memory 902.

This IC card issuance program is transmitted from a storage medium such as a CDROM or a DVDROM via a reader (not shown) or a communication device. The data may be downloaded from the network via the network 908 to the external storage device 903, and then loaded on the memory 902 and executed by the CPU 901. Alternatively, the data may be directly loaded onto the memory 902 without going through the external storage device 903, and may be executed by the CPU 901. In this case, the storage unit 120 uses a memory 902 or an external storage device 903.

 FIG. 6 is a diagram for explaining the operation flow of the IC card issuing device 1.

 First, the instruction receiving unit 1331 displays an initial menu screen on the display device via the GUI unit 100, and displays an initial menu screen. (IC card issuer) instructions. If the received operator's instruction is an IC card issuance instruction (Ye s in S101), an instruction to issue an IC card is issued to the IC card issuing unit 1332.

 In response to this, the IC card issuing unit 132 sends the device ID of the mark image issuing device 3 owned by the mark image issuer to which the IC card is issued to the display device via the GUI unit 100, The device ID and point information are obtained from the input device via the GUI unit 100 by displaying an input screen for point information indicating the number of times the mark image is issued to the mark image issuer (S 1 0 2).

Next, the IC card issuing unit 132 reads from the license key information storage unit 142 a record in which the device ID obtained in S1002 is registered in the field 14421. Then, via the IC card reader / writer 120, the read record is registered in the IC card 2 attached to the IC card issuing device 1, and is registered in the fields 144 2 2 and 1 4 2 3 of the read record. Destination information and license key information, and the point obtained in S1002. Write the information (S1003).

 Then, the IC card issuing unit 13 2 adds a new record to the issuance log storage unit 14 1, and assigns a unique issuance ID to the fino red 1 4 1 1 of this record, and S 1 to the field 1 4 1 2. Register the device ID obtained in 02, the point information obtained in S1002 in field 1413, and the issue date (with today's S) in field 1414. In addition, using the IC card issuer's signature key registered in advance, the information registered in the newly added record 141 1 to 14 14 or the message digest of the information Then, an electronic signature is generated, and the signature is registered in the field 1415 of the record (S1004).

 On the other hand, if the operator's instruction received from the input device via the GUI unit 100 is a report output instruction (Yes in S1005), the report output unit 133 Directs report output.

 In response to this, the report output unit 133 displays the input screen of the report output conditions (period, device ID, etc.) on the display device via the GUI unit 100, and the like. The report output condition is obtained from the input device via the I section 100 (S1006).

 Next, the report output unit 133 searches the issue log storage unit 141 for a record that satisfies the report output condition obtained in S106 (S1007). For example, when the report output condition is the device ID, all records in which the device ID is registered in the fields 1412 are read from the issue log storage unit 141. If the report output condition is a period, all records whose issuances registered in the fields 14 and 14 are included in this period are read from the issuance log storage unit 141.

Then, the report output unit 133 creates the list of issue ports read out in S107 and displays it on the display device via the GUI unit 100. Ah Alternatively, the image is output to an output device such as a printer (S1008). At this time, the report output unit 133 uses the pre-registered signature key of the IC card issuer to execute a message digest of all records or all records included in the issuance log list. Generates an electronic signature for and outputs it with a list of issue ports. This electronic signature is used to check for falsification of the issuance log list, such as deleting records from the issuance log list.

 Returning to FIG. 1, the explanation will be continued.

 The mark image issuing device 3 is configured such that the IC card 2 can be removed. Using the attached IC card 2, it is verified whether or not the mark image issuer has the right to issue the mark image. Then, only when the verification is successful, a mark image is generated in which the relevant information of the web page creator of the web page is embedded as digital watermark information. This mark image is stored in a storage medium 4 such as an FD or a CD-ROM, and is sent by mail or other means to the website owner of the mark image issuance destination (S2). If the mark image issuing device 2 is connected to the network terminal of the web page creator via the network, the mark image is sent to the web page creator via the network 1. You can do it. FIG. 7 is a schematic configuration diagram of the mark image issuing device 3.

 As shown in the figure, the mark image issuing device 3 includes a GUI unit 300, an IC card reader / writer unit 320, a storage medium writing unit 340, an arithmetic unit 360, and a storage unit 3 And 80.

 The GUI unit 300 accepts input of information from the operator (mark image issuer) and presents information to the operator via input devices such as a mouse and keyboard, and output devices such as a monitor. Or

IC card reader '' writer 320 is attached to mark image issuing device 3 Reads and writes information from IC card 2

 The storage medium writing device 340 writes information to a writable storage medium such as an FD or a CD-R attached to the mark image issuing device 3.

 The operation unit 360 includes an IC card authentication unit 361, an entity setting unit 362, a mark image generation unit 3663, and an R / C archive generation unit 365.

 I. The card authenticating section 361 authenticates the IC card 2 attached to the mark image issuing device 3.

 The entity setting unit 362 receives information (called entity information) to be embedded as electronic watermark information in the mark image from the operator via the GUI unit 100. The entity information includes an entity variable item whose content changes for each mark image and an entity fixed item whose content is constant regardless of the mark image. Entity variable items include information unique to the mark image issuer, that is, information related to the web page of the web page creator (the conditions used for web page authentication such as URL, IP address, and expiration date). Including various information). Examples of the fixed items of the entity include information on a mark image issuer and a message used in a verification operation using the mark image.

 The mark image generation unit 363 embeds the entity information in the mark image as electronic watermarking information.

The archive creation unit 365 creates an archive file including a mark image in which digital watermark information is embedded and an authentication program. Here, the authentication program is a program for causing the WWW browser 7 to authenticate a Web page displayed together with the mark image by using the mark image that is elaborated with the authentication program. For example, if the Java virtual machine is installed in the WWW browser 7, the Java applet can be used as an authentication program. In addition, the Jar format can be used as a key file. The archive creation unit 164 that creates a Jar format archive file can be realized by using a Java Development Kit (JDK) provided by Sun Microsystems.

 The storage unit 380 includes an entity fixed item storage unit 381, an entity variable item storage unit 382, a template mark image storage unit 383, an authentication program storage unit 384, and a license. It has a key information storage section 385, an archive file storage section 386, and a watermarked mark image storage section 389.

 In the entity fixed item storage unit 381, the entity fixed items received by the entity setting unit 362 from the operator are registered. FIG. 8 is a diagram showing an example of registered contents of the entity fixed item storage section 38 1. As shown in the figure, in the present embodiment, as the entity fixed items, “character under verification” item 3811, “pasting condition / illegal display” item 3812, and “dialog display” item 3 8 13 and “Link destination display” item 3 8 1 4 are provided.

“Verification character” Item 3 8 1 1 is used to specify the message to be displayed on the WWW browser 7 during the authentication of the Web page by the authentication program, and the display character, character size, and character color are registered. Is done. Item 3 8 1 2 specifies the conditions used for Web page authentication by the authentication program and the message to be displayed on the WWW browser 7 if the authentication is not successful. The condition name, display characters, character size, and character color are registered for each condition. "Dialog display"'Item 3 8 1 3 is the menu associated with the mark image. This is an item for specifying the contents of the message to be displayed in the dialog from the title in the user. The title name and the display character when the title name. Is selected are registered for each title. “Link destination display” item 3 8 1 4 is an item for specifying the link destination to be set in the title in the menu associated with the mark image, and the title is set for each title. The name and the URL of the link destination when the title name is selected are registered.

 Note that, as entity fixed items stored in the entity fixed item storage unit 381, items other than the items that the entity setting unit 3652 receives from the operator may be included. For example, the issuer information (information of the purchaser of the IC card) 1442 2 stored in the IC card 2 may be stored in the entity fixed item storage unit 381 as an entity fixed item. The issuer information 1442 2 can be used, for example, by the IC card issuer to confirm the transition route of the mark image (who generated the mark image).

 In the entity variable item storage unit 382, the entity variable items received from the operator by the entity setting unit 362 are registered. FIG. 9 is a diagram showing an example of registered contents of the entity variable item storage section 3822.

As shown in the figure, in the present embodiment, an "entry destination name" item 3821 and an "attachment condition" item 3822 are provided as entity variable items. “Delivery name” Item 3 8 2 1 is an item for specifying the web page creator to whom the mark image is issued, and the name of the web page creator is registered. “Attachment conditions” Item 3 8 2 2 is an item to specify the conditions used for authentication of Web pages by the authentication program. Entity fixed item storage section 3 8 1 “Paste condition ■ Incorrect display” For each condition registered in item 3 8 1 2, the contents (URL value, IP address value, period) Is registered.

 In the template mark image storage section 383, a mark image of a template to which digital watermark information is to be embedded is registered.

 An authentication program is registered in the authentication program storage section 384. In the license key information storage unit 385, license key information assigned to the mark image issuing device 3 is registered.

 In the watermarked mark image storage unit 388, a mark image in which digital watermark information is embedded (referred to as a watermarked mark image) is registered. An archive file including a watermarked mark image and an authentication program is registered in the archive file storage unit 3886.

 The mark image issuing device 3 having the above configuration is, for example, a computer system shown in FIG. 5 in which a writing device to a writable storage medium such as an FD or a CD-R is added to a computer system. Can be realized by executing programs (IC card authentication program, entity setting program, mark image generation program, and archive creation program) loaded on the memory 902.

 These programs are stored in an external storage device 903 from a storage medium such as a CD-ROM or DVD-ROM via a reader (not shown), or from a network via a communication device 908. It may be downloaded and then loaded onto memory 902 for execution by CPU 901. Alternatively, it may be loaded directly on the memory 902 without going through the external storage device 903, and be executed by the CPU 901. In this case, a memory 902 and an external storage device 903 are used as the storage unit 380.

FIG. 10 is a diagram for explaining the operation flow of the mark image issuing device 3. First, when the IC card authentication unit 361 receives an instruction to generate a mark image from an operator (mark image issuer) from the input device via the GUI unit 300, the IC card reader / writer unit 320 Authentication of the inserted IC card 2 is performed (S201). More specifically, the license key information is read from the IC card 2 and the license key information is read from the license key information storage unit 385. Then, it is checked whether or not they match. Also, the point information is read from the IC card 2, and it is confirmed whether or not the number of times the mark image can be issued indicated by the point information is 1 or more. The license key information stored in the IC card 2 and the license key information storage unit 385 match, and the number of times that the mark image indicated by the point information stored in the IC card 2 can be issued is 1 or more. In this case, it is determined that the authentication of IC card 2 is established. Otherwise, it is determined that the authentication of IC card 2 has failed. In addition, an expiration date (for example, one year from the date of issuance of the IC card) may be set for the IC card 2, and the expiration date may be checked when the IC card 2 is authenticated.

 When the IC card authentication section 361 determines that the authentication of the IC card 2 has failed (No in S2002), the IC card authentication section 361 displays an error message on the display device via the GUI section 300 ( S210-18). If it is determined that the authentication of the IC card 2 is not successful, the process may proceed to S222 in FIG. 18 and execute the flow in FIG.

 On the other hand, when the IC card authentication unit 361 determines that the authentication of the IC card 2 is established (Yes in S2002), the IC card authentication unit 361 stores the information in the display device via the GUI unit 300 and in the IC card 2. The number of times that the mark image indicated by the displayed point information can be issued is displayed (S203). Then, the entity setting unit 365 is instructed to set the entity.

In response to this, the entity setting section 3 6 2 It is checked whether or not an entity fixed item is registered in the storage unit 381 (S204). If the entity fixed item has not been registered, the flow shifts to S206, and the setting of the entity fixed item is accepted from the operator. On the other hand, if the entity fixed item is registered, a confirmation message as to whether or not to change the entity fixed item is displayed on the display device via the GUI unit 300. Then, when an operator's entity fixed item change instruction is received from the input device via the GUI unit 300 (Yes in S205), the process proceeds to S206 and the operator returns to S206. Accepts the setting of the fixed item.

 FIG. 11 shows an example of a screen for accepting the setting of an entity fixed item. As shown in the figure, the screen for accepting the setting of the entity fixed item includes an area 310 for accepting the registration contents for the "character under verification" item 3811 of the entity fixed item storage section 381, and a "paste" Conditions · Unauthorized display 'Item 3 8 1 2 Area for accepting the registered contents to item 3 8 1 2,' Dialog display 'Area 3 0 13 for accepting the registered contents to item 3 8 1 3 “Display” ”area 3 0 4 for accepting the registered contents to the item 3 8 1 4.

An area 301 is an input field 3101 for inputting a message (character) to be displayed on the WWW browser 7 during the authentication of a web page by the authentication program, and a field for selecting a character size of the message. It has a selection field 3102 and a selection field 3013 for selecting the character color of the message. The operator operates the cursor 307 using an input device such as a mouse connected to the GUI unit 300 and selects the input field 3011, thereby selecting the keypad connected to the GUI unit 300. Characters can be input in the input field 3101 using an input device such as. Also, the selection fields 301, 302 are in a pull-down menu format. The operator operates the cursor 307 You can select the selection fields 3 0 1 2 and 3 0 1 3 and select the desired font size and font color from the pull-down menu.

 Area 302 is a check box 3004 for setting the conditions (URL, IP address, expiration date) for each condition (URL, IP address, expiration date) used for web page authentication by the authentication program. There are an input box for inputting a message (character) to be displayed on the WWW browser 7 when authentication is not successful, and a selection box for selecting the character size of the message. It has a selection field 3 0 2 3 for selecting the character color of the message, and.

 As in the case of the input box 3 0 1 1 in the area 3 0 1, the operator operates the cursor 3 0 7 to select the input box 3 0 2 1, and the character is entered in the selected input box 3 0 2 1. Can be entered. In addition, as in the case of the selection fields 3 0 1 2 and 3 0 3 of the area 3 0 1, the selection fields 3 0 2 2 and 3 0 2 3 are in the form of a pull-down menu. Operate to select the selection fields 302, 302, and select the desired character size and character color from the pull-down menu.

 However, the character input to the input field 3 0 2 1 and the selection of the character size and the character color for the selection fields 3 0 2 2 and 3 0 2 3 are performed when the corresponding check boxes 3 0 2 4 are checked. In other words, it is made possible only when the corresponding condition is selected as a setting target.

 An area 303 is used for inputting a check box 3004 for setting the dialog display for each dialog display associated with the mark image and a title name (character) of the dialog display. It has an input field 3 0 3 1 and an input button 3 0 3 5.

As in the case of the input box 3 0 1 1 in the area 3 0 1, the operator operates the cursor 3 0 7 to select the input box 3 0 3 1, and the operator enters a text in the selected input box 3 0 3 1. You can enter characters. When the cursor 307 is operated and the input button 305 is selected, the input window 306 is opened. The operator can input characters in the input window 303 using an input device such as a keypad connected to the GUI unit 300. Then, by selecting OK button 307 on the cursor 307, the message of the dialogue display specified by the title name entered in the corresponding input field 3003 is set. can do.

 However, in the same way as in the area 302, the character input to the input field 3103 and the display of the input window 31036 by selecting the input button 31035 are checked in the corresponding check boxes 31034. , That is, it is enabled only when the corresponding dialog display is selected for display.

 In the area 304, for each link associated with the mark image, enter a check box 3044 for setting the link and a title name (character) of the link. Input box 3041 for inputting a URL of a link destination.

 As with the input field 3 0 1 1 in the area 3 0 1, the operator operates the force sol 3 0 7 and selects the input fields 3 0 4 1 and 3 0 8 to select the input field. Characters can be entered in 3041, 3408.

 However, as in the area 302, the character input in the input fields 3041 and 3048 is performed when the corresponding check box 30404 is checked, that is, in the corresponding link. This is enabled only when is selected as the display target.

In the setting reception screen of the entity fixed item shown in FIG. 11, the setting button 305 is a button for confirming the input / selected content through the setting reception screen of the entity fixed item. Rear Potan 3 0 Reference numeral 6 denotes a button for clearing the input / selected content. Now, the information required for setting the fixed entity items is input and selected via the screen for accepting the setting of fixed entity items as shown in Fig. 11, and the setting button 3 is operated by operating the cursor 307. When 0 5 is selected, the entity setting section 3 62 inputs via the entity fixed item setting reception screen and stores each entity fixed item specified by the selected information as an entity fixed item storage. Register and update in Part 3 81 (S2007).

 After the registration and update of the entity fixed item in S 2 0 7 has been completed, or in S 2 0 5, if the operator has received an indication that the entity fixed item will not be changed, the entity setting section 3 6 2 The mark image stored in the model mark image storage unit 383 is read. Then, this mark image is displayed on the display device via the GUI unit 300, and a confirmation message as to whether or not to change the mark image is displayed. Then, when an image mark change instruction of the operator is received from the input device via the GUI unit 300 (Yes in S 2008), the process proceeds to S 209 and the operator changes the image mark. Change of the mark image is accepted.

 FIG. 12 shows an example of a mark image change confirmation screen.

 As shown in the figure, the mark image change confirmation screen has a mark image display window 3831, a confirmation button 3832, and a change button 3833. In the mark image display window 3831, the mark image read out from the template mark image storage unit 383 is displayed. The confirmation button 3 8 3 2 is used when not changing the mark image stored in the template mark image storage section 3 8 3 3, and the change button 3 8 3 3 is used when changing Button.

When the operator operates the cursor 307 using an input device such as a mouse connected to the GUI unit 300 and selects the change button 3 8 3 3 (S 2 0 0 8, Yes), the entity setting unit 362 receives the storage location of the new mark image from the operator. Then, the mark image is read out from the storage destination, and the mark image in the template mark image storage section 3833 is updated to the read out mark image (S209). Then, the process proceeds to S210. On the other hand, when the confirmation button 38032 is selected by the operator (No in S208), the entity setting unit 362 immediately shifts to S210.

 Next, in S 210, the entity setting unit 365 accepts the setting of the entity variable item from the operator.

 FIG. 13 shows an example of a screen for accepting the setting of an entity variable item. As shown in the figure, the screen for accepting the setting of the entity variable item has an input field 3 06 for receiving the registered contents in the “destination name” item 3 8 2 1 of the entity variable item storage section 3 82, Pasting condition "Item 3 8 2 2 Registration field for inputting the contents of registration. Here, the input field 307 is for inputting a URL, the input field 308 is for inputting an IP address, and the input field 309 is for expiration date. Is for input.

The operator operates the cursor 307 by using an input device such as a mouse connected to the GUI unit 300 and selects an input field 306 to 309 to enter the GUI unit 300. Using an input device such as a connected keyboard, desired information can be input to the selected input field. However, the information input in the input fields 3 07 to 3 09 is based on the conditions (input fields 3 8 1 2) corresponding to the “Paste condition / Illegal display” item 3 8 1 2 of the entity fixed item storage unit 3 8 1. If 0 7 is the URL, input field 308 is the IP address, and input field 309 is the expiration date), it is only possible to register. In the entity variable item setting reception screen shown in Fig. 13, the setting button 2005 is a button for confirming the content input via the entity variable item setting reception screen. 06 is a button for clearing the input content.

 Now, information necessary for setting the entity variable item is input via the entity variable item setting reception screen as shown in FIG. 13, and the setting button 305 is selected by operating the cursor 307. Then, the entity setting unit 3632 registers each entity variable item specified by the information input via the entity variable item setting reception screen in the entity variable item storage unit 382 (S20) 1 1). Then, it instructs the mark image generation unit 365 to generate a mark image.

 In response to this, the mark image generation unit 365 reads the entity fixed item and the entity variable item from the entity fixed item storage unit 381 and the entity variable item storage unit 382 and authenticates them. It is converted into a code that can be interpreted by the gram (S201). For example, UTF-8 (8-bit UCS Transformation Format) is used to encode entity fixed items and entity variable items. Then, the mark image generator 363 calculates a hash value of the encoded entity fixed item and the entity variable item (S201).

Next, the mark image generation unit 363 generates electronic watermark information including the coded entity fixed item and the entity variable item, and the hash value thereof. Further, the mark image is read out from the template mark image storage section 383. Then, using the existing digital watermark technology, the generated digital watermark information is embedded in the read mark image (S210). Then, the mark image generation unit 365 stores the created watermarked mark image in the watermarked mark image storage unit 389. Next, the mark image generation unit 365 outputs the point information stored in the IC card 2 mounted on the IC card reader / writer unit 320 via the IC card / reader / writer unit 320. Then, the mark image indicated by the point information is updated so as to reduce the number of issuable times by one (S21015). Then, the archive creation unit 364 is instructed to create an archive file.

 In response to this, the archive creation unit 364 reads out the authentication program from the authentication program storage unit 384, and reads out the watermarked mark image from the watermarked mark image storage unit 389. Then, an archive file including the read authentication program and the mark image is created, and this is stored in the archive storage unit 3886 (S21016).

 Next, the archive creation unit 364 reads out the archive file from the archive storage unit 386 and writes it to the storage medium mounted on the storage medium writing device 340 (S 201). 7).

 Returning to FIG. 1, the explanation will be continued.

 The WWW server 5 holds the Web page created by the Web page creator so that the WWW browser 7 can browse it. Here, the web page is associated with the archive file received from the mark image publisher so as to be downloaded to the WWW browser 7 together with the web page. The web page is set so that the authentication program contained in this archive file is executed by the WWW browser 7 (specifically, the web page is stored in a document description language file that constitutes the web page). The startup of the authentication program contained in the file is specified). As the WWW server 5, an existing WWW server such as Apache HTTPserver can be used.

The WWW browser 7 accesses the WWW server 5 in accordance with the instructions of the operator (web page viewer) and shares the web page with the archive file. Download to (S3). Then, display the web page. Here, as described above, the document description language file composing the web page specifies that the authentication program included in the archive file downloaded together with the web page is started. Thus, when the WWW browser 7 downloads the archive file along with the Web page from five WWW servers, the WWW browser 7 extracts the watermarked mark image and the authentication program from the archive file. Then, the watermarked mark image is stored in a storage device such as a memory, and the authentication program is started. Such a mechanism can be realized, for example, by mounting a Java virtual machine on the WWW browser 7 when the archive file is in the Jar format and the authentication program is in the Java applet.

 When the authentication program is started by the WWW browser 7, it authenticates the Web page using the watermarked mark image included in the archive file. FIG. 14 is a diagram for explaining the operation flow of the authentication program started by the WWW browser 7.

 First, the authentication program reads a watermarked mark image (a watermarked mark image extracted from an archive file together with the authentication program) stored in a storage device such as a memory of the WWW browser 7. Then, the digital watermark information is extracted from the watermarked mark image by using the existing digital watermark technology (S3001). As described above, the digital watermark information includes coded entity information and a hash value of the entity information.

Next, the authentication program performs verification using a hash value included in the digital watermark information (S3002). Specifically, a hash value is calculated from the encoded entity information included in the digital watermark information. Then, the calculated value and the hash value included in the digital watermark information Are compared, and if they match, it is determined that the verification is established. On the other hand, if the two do not agree, there is a possibility that some kind of tampering has been performed, so it is determined that the verification has failed.

 When the authentication program determines that the verification is successful in S3002 (Yes in S3003), the authentication program displays the watermarked mark image on a predetermined position of the Web page displayed by the WWW browser 7. (S3005). On the other hand, if it is determined that the verification is not satisfied (No in S3003), a predetermined error process such as not performing the process of pasting and displaying the watermarked mark image on the web page is performed, and the process is performed. End (S304).

 Next, the authentication program decodes the coded entity information included in the digital watermark information, after performing the process of pasting and displaying the watermarked mark image on the web page in S305. (S306). Then, the authentication program verifies the verification mark on the displayed watermark image in accordance with the registered contents (character, size, and color) of “character under verification” item 3 8 1 1 included in the fixed entity of the entity information. The message indicating that the device is in the middle is superimposed and displayed (S3007). FIG. 15 shows an example of an electronic watermarked mark image 701 on which a message 702 indicating that verification is being performed is superimposed.

Next, the authentication program performs verification using the registered contents of the “pasting condition” item 3822 included in the entity variable item of the entity information (S3008). Specifically, if the URL is registered in the “pasting condition” item 3 822, this URL is compared with the URL of the Web page displayed by the WWW browser 7. If they match, it is determined that the verification has been established. On the other hand, if they do not match, the Web page being displayed may not be the target for pasting the watermarked mark image. Therefore, in this case, it is determined that verification has not been established. Also, the IP address is registered in “Paste condition” item 3 8 2 2 If so, this IP address is compared with the IP address of the Web page displayed by the WWW browser 7. If they match, it is determined that the verification has been established. On the other hand, if they do not match, the web page being displayed may not be the target for pasting the watermarked mark image. Therefore, in this case, it is determined that the verification has failed. Also, if the expiration date is registered in “Paste condition” item 3 8 2 2, the current S time is obtained from the built-in timer of the WWW browser 7 and it is determined whether the current time is within this expiration date. Find out. If it is within the validity period, it is determined that the verification is established. On the other hand, if it is not within the validity period, it is determined that verification has not been established.

 By the way, if the authentication program judges that the verification is not satisfied in S3008 (No in S309), the “pasting condition / illegal display” item 3 8 1 2 included in the entity fixed item of the entity information In accordance with the registered contents (characters, size, and color) of the improper display corresponding to the pasting condition item that was determined to be unsuccessful, the verification failed on the displayed watermark image with the watermark. Is superimposed and displayed (S31010). Fig. 16 (a) shows an example of a watermarked mark image 701 on which a message 703a indicating that the verification of the pasting condition item "UR L" is not satisfied is superimposed. Figure 16 (b) shows an example of a watermarked mark image 701 overlaid with a message 703b indicating that the verification of the pasting condition item "IP address" has failed. Figure 16 (c) shows an example of a watermarked mark image 701 overlaid with a message 703c indicating that verification of the pasting condition item "expiration date" has failed. Is shown.

In the case where verification is performed on a plurality of pasting condition items in S3008, verification is performed in accordance with the priorities assigned to the plurality of pasting condition items in advance. Remaining application conditions The process may proceed to S31010 without performing the item verification, and a message indicating that verification is not established may be superimposed and displayed on the electronic watermarked mark image being displayed.

 On the other hand, if the authentication program determines that the verification is successful in S3008 (Yes in S309), another program running on the WWW browser 7 (for example, It checks whether entity information is requested from the installed plug-in program) (S3011), and if so, outputs entity information to this separate program (S311). 0 1 2). If not, go to S301.

 In S301, the authentication program displays the web page together with the web page by an operation input to the input device of the WWW browser 7 (for example, an action of placing a cursor on a watermarked mark image and clicking the image). It is determined whether or not the watermarked mark image is selected. If it is selected, the title name of each die entry display registered in “Dialog display” item 3 8 1 3 of the entity fixed item of entity information and “Link destination display” item 3 8 1 4 Generate a menu image containing the title of each link registered in. Then, this menu image is displayed on the Web page on which the watermarked mark image is pasted and displayed (S301).

By the way, if the title of the link included in the displayed menu is selected by the operation input to the input device of the WWW browser 7, the authentication program (Yes in S301) ), The URL of the link corresponding to the selected title is obtained from the “link destination display” item 3 8 1 4 of the entity information. Then, it causes the WWW browser 7 to access this URL (S31016). On the other hand, if the title of the dialog display included in the displayed menu is selected (Yes in S301), the entry is entered. Obtain the message (character) of the dialog display corresponding to the selected title from “Dialog display” item 3 8 1 3 of the utility information. Then, a dialog box containing this message is displayed on the Web page (S301).

 Figure 17 shows the menu image 704 displayed when the watermarked mark image 701 is selected, and the titles 705 a-b, 70 0 displayed in the menu image 704. 6 is a diagram for explaining an event performed by selecting ab. As shown, a title is displayed on the menu image. Here, the titles 705 ab are titles of dialogue display. When selected, a dialog box 707 is displayed, in which a dialog display message corresponding to the selected title is displayed. The titles 706a and b are the titles of the links. When selected, it causes the WWW browser 7 to access the URL of the link corresponding to the selected title.

 Hereinabove, one embodiment of the present invention has been described.

 In the present embodiment, an authentication program and an archive file including a watermarked mark image are transmitted together with the web page from the WWW server 5 to the web browser 7, and the authentication program is extracted from the archive file to the WWW browser 7. To do this.

That is, when the WWW server 5 is accessed by the WWW browser 7, the WWW server 5 transmits a Web page and an archive file to the WWW browser 7. On the other hand, the WWW browser 7 accesses the WWW server 5, receives the web page together with the archive file, and displays the received web page. Then, the watermarked mark image and the authentication program are extracted from the received archive file, and the authentication program is executed. The authentication program prints a watermark on the web page displayed by the WWW browser 7. In addition to displaying the watermark image, the Web page being displayed is authenticated using the digital watermark information embedded in the watermark image.

 As described above, according to the present embodiment, the watermark mark image and the authentication program for authenticating the Web page are downloaded to the WWW browser 7 together with the Web page. Therefore, even if the authentication program is not installed as a plug-in to the WWW browser 7 in advance, the WWW browser 7 can authenticate the Web page using the watermarked mark image. .

 Further, in the present embodiment, the mark image issuing device 3 capable of reading and writing data to the IC card 2 is used to confirm the authority to issue the mark image using the information stored in the IC card 2, and the watermarked mark surface image is used. Is generated.

That is, the mark image issuing device 3 confirms that the number of times the mark image indicated by the point information stored in the IC card 2 can be issued is 1 or more, and that the license key information stored in the IC card 2 Then, the IC card 2 is authenticated using the license key information stored in the mark image issuing device 3 in advance. If the number of times the mark image indicated by the point information can be issued is 1 or more and the authentication of the IC card 2 is established, input of entity information including related information on the web page is accepted via the GUI. . Next, the input entity information is embedded as electronic watermarking information in a model mark image stored in advance in the mark image issuing device 3 to generate a watermarked mark image. Then, an archive file including the generated watermarked mark image and the authentication program stored in advance in the mark image issuing device 3 is created. Then, the point information stored in the IC card 2 is updated so that the number of times the mark image indicated by the point information can be issued is reduced by one. As described above, in the present embodiment, only the owner of the IC card 2 in which valid license key information is registered and the number of times that the mark image can be issued remains at least once, is watermarked into the mark image issuing device 3. A mark image can be generated. Further, the mark image issuing device 3 can receive entity information to be embedded as electronic watermark information in the mark image from the operator via the GUI. Therefore, the IC card issuer gives the IC card 2 to the mark image issuer, and the mark image issuer generates the watermarked mark image using the IC card 2 and the mark image issuing device 3. Thus, the mark image issuer can generate and issue the mark image by itself. Therefore, it is possible to customize each mark image issuer and quickly issue the mark image.

 Further, in the present embodiment, the IC force issuing device 1 capable of reading and writing data from and to the IC card 2 is configured to generate the IC card 2 in which the license key information and the point information are registered. .

That is, the IC card issuing device 1 receives input of the issue destination information and the point information of the IC card 2 via the GUI. Next, the license key information corresponding to the input issue destination information, IC card issuing apparatus is read from the first storage device, _n issue destination information therefrom is inputted writes with point information input to the IC card 2 And the point information are stored as an IC card issue log. In addition, it outputs the stored IC card issuance log according to the instructions from the operator.

Therefore, the IC card issuer can manage the issuance status of the IC card to the mark image issuer by using the IC card issuing device 1. For this reason, the system usage fee can be collected without the self-declaration of the mark image issuer. In addition, by including the code of the system sales agent in the information of the IC card, for example, You can also check the sales channel of the product.

 The present invention is not limited to the above embodiment, and various modifications can be made within the scope of the invention.

 For example, in the above embodiment, the case where the IC card 2 is used as a storage medium for storing license key information and point information has been described as an example. However, the present invention is not limited to this. As a storage medium for storing license key information and point information, a rewritable portable storage medium such as a flexible disk can be used. Further, in the above embodiment, the point information stored in the IC card 2 indicates the number of times a mark image can be issued, and the mark image issuing device 3 sends the mark image to the IC card 2 every time a mark image is issued. The issuable number indicated by the stored point information is reduced by one, and if the issuable number indicated by the point information becomes 0, the mark image is not issued. However, the present invention is not limited to this, as long as the number of mark images issued can be limited using the point information.

 For example, suppose that the point information stored in the IC card 2 indicates the number of times a mark image has been issued, and the mark image issuing device 3 stores the mark image in the C card 2 every time a mark image is issued. The issued number indicated by the stored point information is increased by one, and when the issued number indicated by the point information reaches the permitted number of issuances stored in the IC card 2, the mark image is issued. It may not be known. In this case, the IC card issuing device 1 stores the permitted number of issuances received from the operator as the permitted number of issuances in the IC card 2 and sets the number of times the mark image has been set to the initial value (0). May be stored in the IC card 2.

Also, in the above embodiment, the conditions used for web page authentication are as follows: Although the URL, IP address and expiration date are used, the present invention is not limited to this. Other information may be used as long as the information can be used for Web page authentication.

 In the above embodiment, the same dialog display and link (see Fig. 17) associated with the mark image are used irrespective of the authentication result of the mark image. The dialog display and the contents of the link may be changed according to the authentication result. This is because the contents of the dialog display (Title name and display characters) and the contents of the link (Title name) when the verification of the mark image is established on the screen for accepting the setting of the entity fixed item (see Fig. 11). , Address), and the contents of the dialogue display (eg, future measures) and the contents of the link (eg, URL of the organization that responds in the event of verification failure) when the verification of the mark image is unsuccessful. ) Can be accepted as entity fixed items, and this entity fixed item can be embedded in the mark image by digital watermarking technology.

 In the above embodiment, when the verification of the mark image is not established, a message indicating that the verification is not established is superimposed on the mark image (see FIG. 16). However, the present invention is not limited to this. If the verification of the mark image is not established, this mark image may be hidden.

In the above embodiment, the authentication program and the watermarked mark image are combined into an archive file and transmitted from the WWW server 5 to the Web browser 7 together with the Web page. However, the present invention is not limited to this. What is necessary is that the authentication program and the watermarked mark image can be downloaded together with the Web page when the Web browser 7 accesses the WWW server 5. In addition, in the above embodiment, by adding a function of generating a mark image (trial version mark image) with a limited expiration date to the mark image issuing device 3, even those who do not own the IC card 2 The mark image may be handled.

 FIG. 18 is a diagram for explaining a modification of the operation flow of the mark image issuing device 3.

 First, when the IC card authentication unit 361 receives an instruction to generate a mark image from an operator (mark image issuer) from the input device via the GUI unit 300, the IC card reader / writer unit 320 It is checked whether or not the IC card 2 is mounted (S2201). If the IC card 2 is installed, the flow shifts to S201 in FIG. 10 to execute the flow in FIG. On the other hand, if it is not installed, a message asking whether to create a trial mark image is displayed on the display device via the GUI unit 300, and the operator is prompted to create a trial mark image. The presence / absence is received (S222).

 If an instruction not to create a trial version mark image is received from the operator (No in S2202), the IC card authentication unit 3661 sends the IC to the display device via the GUI unit 3100. An error message indicating that card 2 is not installed is displayed (S2 211). On the other hand, if an instruction to create a trial version mark image is received (Yes in S2202), the flow shifts to S2203.

In step S223, the IC card authentication unit 361 instructs the entity setting unit 362 to set an entity. In response to this, the entity setting unit 365 receives the setting of the entity fixed item from the operator via the screen for receiving the setting of the entity fixed item as shown in FIG. Then, the entity setting unit 362 accepts the mark image from the operator via the mark image change confirmation screen as shown in FIG. 12 (S2204). Next, the entity setting unit 362 accepts the setting of the entity variable item from the operator via the entity variable item setting reception screen as shown in FIG. 13 (S2205). In the trial version mark image, figure

Unlike the normal mark image generated by the flow of 10, the operator is not allowed to freely set the expiration date. That is, in the setting reception screen of the entity variable item shown in FIG. 13, the expiration date is input in advance in the input field 309, and the expiration date is set to be unchangeable. In addition, the entity setting unit 365 sets the expiration date to a predetermined period (for example, one week after the current date).

 Next, the entity setting unit 365 instructs the mark image generation unit 365 to generate a trial version mark image. In response, the mark image generator 3 6

3 is the entity fixed item received from the operator in S 2 203 and S

The entity variable item received from the operator in step 205 is converted into a code that can be interpreted by the authentication program using, for example, UTF-8 (S2

306). Then, the mark image generation unit 3 6 3 calculates the hash value of the encoded entity fixed item and the entity variable item.

(S2207). -Next, the mark image generating unit 365 generates electronic watermarking information including the coded entity fixed item and the entity variable item, and the hash value thereof. In addition, an experimental mark image is generated by adding characters, symbols, patterns, and the like indicating that the mark image is a "trial version" to the mark image received in S224. Then, using the existing digital watermarking technology, the digital watermark information is embedded in the trial version mark image to generate a trial version mark image with a watermark (S2208).

Next, the mark image generation unit 365 instructs the archive generation unit 365 to create an archive file. In response, the archive creation department 3 6 4 Reads the authentication program from the authentication program storage section 384. Then, an archive file containing the read authentication program and the trial version mark image with the watermark created in S2208 is created, and this is stored in the archive storage unit 3886 (S220) ).

 Next, the archive creating section 364 reads the archive file from the archive storage section 386, and writes it to the storage medium mounted on the storage medium writing device 340 (S2210). .

 As described above, a trial mark image can be issued to an operator who does not own the IC card 2.

 Further, in the above embodiment, the mark image issuing device 3 may have an area that is not accessed by the authentication program in the digital watermark information embedded in the mark image. Then, the information of the mark image issuer may be stored in the area. For example, in S 210 in FIG. 10 and S 228 in FIG. 18, the mark image generation unit 365, as shown in FIG. Digital watermark information having an area 8 01 and a second area 8 02 not accessed by the authentication program is generated. Then, the coded fixed entity and variable entity and the hash value thereof are stored in the first area 8001, and the information of the mark image issuer is stored in the second area 802. In this way, a program different from the authentication program is required to check the information of the mark image issuer stored in the second area 802. Therefore, if the entity fixed items stored in the first area 8001 were altered, the alteration was performed using a program different from the authentication program. The issuer of the mark image can be specified.

In the above embodiment, the web page was described as an example of the electronic data to be authenticated. However, the present invention is not limited to this. No. INDUSTRIAL APPLICABILITY The present invention can be widely applied to electronic data held by a holding server and can be browsed by a browser terminal connected to the holding server via a network.

 As described above, according to the present invention, the usability of an authentication system for authenticating electronic data using a watermarked mark image can be improved.

 Specifically, it is possible to authenticate electronic data using a mark image without installing an authentication program in the browser terminal in advance. In addition, the system distributor that issues the mark image can collect the system usage fee without having to self-declare the system distributor.

Claims

The scope of the claims 1. In a network system in which a holding server that holds electronic data and a browser terminal that displays the electronic data are connected to each other via a network, an electronic data authentication method for authenticating the electronic data. And  The holding server,  When the browser terminal is accessed via the network, the electronic data is stored in the browser terminal together with a mark image and an authentication program in which relevant information of the electronic data is embedded as electronic watermark information. Perform the sending step to send,  The browser terminal includes:  A receiving step of accessing the holding server via the network and receiving the electronic data from the holding server together with the mark image and the authentication program;  An electronic data display step of displaying the received electronic data; and displaying the mark image received together with the electronic data on the displayed electronic data in accordance with the authentication program received together with the electronic data. Performing an authentication step of authenticating the electronic data using related information of the electronic data embedded in an image.  An electronic data authentication method characterized in that: 2. The electronic data authentication method according to claim 1, wherein  In the mark image, As related information of the electronic data, address information of the electronic data is Embedded,  The authentication step includes:  If the address indicated by the address information embedded in the mark image does not match the source address of the electronic data received together with the mark image, it is determined that the authentication of the electronic data has failed, and the authentication has failed. Display that indicates  An electronic data authentication method characterized in that: 3. The electronic data authentication method according to claim 1, wherein  In the mark image,  Expiration date information is embedded as relevant information of the electronic data, and the authentication step includes:  If the expiration date indicated by the expiration date information embedded in the mark image has passed, it is determined that the authentication of the electronic data has failed, and a display indicating that the authentication has failed is performed.  An electronic data authentication method characterized in that: 4. The electronic data authentication method according to claim 1, wherein  The browser terminal further comprises:  When the mark image displayed on the electronic data is selected via the input device of the browser terminal according to the authentication program received together with the electronic data, the mark image is embedded in the mark image. Performing a menu display step of displaying a menu based on the related information of the electronic data. An electronic data authentication method characterized in that: 5. The electronic data authentication method according to claim 4, wherein  In the menu display step, display contents are changed according to an authentication result in the authentication step.  An electronic data authentication method characterized in that: + 6. An authentication program for authenticating the electronic data, the authentication program being downloaded and executed together with the electronic data to a browser terminal that displays the electronic data via a network,  The authentication program includes:  A mark image in which relevant information of the electronic data is embedded as digital watermark information is attached,  The authentication program, the browser terminal,  Displaying the mark image on the electronic data being displayed, and using the related information of the electronic data embedded in the mark image to authenticate the electronic data.  Authentication program characterized by the following. 7. A storage medium, and a mark image generation method for generating a mark image for authenticating electronic data using a mark issuing device capable of reading and writing data in the storage medium,  In the storage medium,  License key information indicating the right to issue the mark image, point information indicating the number of times the mark image can be issued or issued, and the number of times the mark image is allowed to be issued if the point information indicates the number of times the mark image has been issued. And are stored, The mark issuing device, The issuance permission in which the number of times that the mark image indicated by the point information stored in the storage medium can be issued is 1 or more, or the number of times that the mark image indicated by the point information has been issued is stored in the storage medium Storage medium that authenticates the storage medium using the license key information stored in the storage medium and the information stored in advance in the storage device of the mark issuing device. An authentication step;  It is confirmed that the number of issuable times of the mark image indicated by the point information is 1 or more, or that the issued number of times of the mark image indicated by the point information is equal to or less than the permitted number of issuances stored in the storage medium. And a related information receiving step of receiving the input of the related information of the electronic data via the input device of the mark issuing device when the authentication of the storage medium is established,  Embedding relevant information of the input electronic data as electronic watermark information in an image stored in advance in a storage device of the mark issuing device, and embedding relevant information to generate the mark image;  A mark image attaching step of attaching the mark image to an authentication program stored in advance in a storage device of the mark issuing device;  The point information stored in the storage medium is reduced by one from the number of times the mark image indicated by the point information can be issued, or the number of issued mark images indicated by the point information is reduced by one. Performing a storage medium update step of updating to increase the  The authentication program includes: By being downloaded and executed together with the electronic data to a browser terminal that displays the electronic data via a network, the browser terminal displays the mark image on the electronic data being displayed. Relevant information of the electronic data embedded in the mark image Authenticating the electronic data using  And a mark image generating method. 8. The method for generating a mark image according to claim 7, wherein  The mark issuing device,  Prior to the storage medium authentication step, a storage medium confirmation step for confirming whether or not the storage medium is attached to the mark issuing device is performed. In the storage medium confirmation step, the storage medium is transmitted to the mark issuing device. When it is confirmed that the storage medium is attached, the storage medium authentication step, the related information receiving step, the related information embedding step, the mark image attaching step, and the storage medium updating step are performed, and the storage medium check is performed. In the step, if it is not confirmed that the storage medium is attached to the mark issuing device, or if the storage medium is not authenticated in the storage medium authentication step, A trial version application that accepts input of related information of the electronic data via an input device of a mark issuing device. Receiving the continuous information, embedding the relevant information of the input electronic data as electronic watermark information in an image previously stored in the storage device of the mark issuing device, and generating the mark image for the trial version And performing a trial version mark image attaching step of attaching the trial version mark image to an authentication program stored in advance in a storage device of the mark issuing device. thing  And a mark image generating method. 9. The mark image generating method according to claim 7, wherein  The related information embedding step, The first area accessed by the authentication program is associated with the electronic data. Information is stored, and digital watermark information in which the mark image issuer information is stored in a second area not accessed by the authentication program is generated, and the digital watermark information is stored in a storage device of the mark issuing device in advance. Generating the mark image by embedding it in a stored image  And a mark image generating method. 10. The mark image generating method according to claim 7, wherein  The related information input step,  Accepting at least one input of an address of the electronic data on a network and an expiration date of the mark image as relevant information of the electronic data;  And a mark image generating method. 11. The mark image generating method according to claim 7, wherein  The mark issuing device,  A message accepting step of accepting, via the input device of the mark issuing device, an input of a message to be displayed when the authentication of the electronic data is successful or unsuccessful at the browser terminal, The related information embedding step includes:  Embedding the input message together with the relevant information of the electronic data as electronic watermarking information in an image stored in advance in a storage device of the mark issuing device to generate the mark image,  The authentication program includes: In the browser terminal, according to the authentication result of the electronic data, when authentication is established, a message when the authentication is established embedded in the mark image is displayed, and when authentication is not established, Embedded in the mark image To display the message at the time of authentication failure  And a mark image generating method. 12. A mark image generation program for generating a mark image for authenticating electronic data, which is executed by a computer system capable of reading and writing data on a storage medium,  In the storage medium,  License key information indicating the right to issue the mark image, point information indicating the number of times the mark image can be issued or issued, and, if the point information indicates the issued number, the permitted number of times the mark image can be issued. And are stored,  The mark image generation program includes:  When executed by the computer system,  The issuance permission in which the number of times that the mark image indicated by the point information stored in the storage medium can be issued is 1 or more, or the number of times that the mark image indicated by the point information has been issued is stored in the storage medium Storage medium that authenticates the storage medium using the license key information stored in the storage medium and the information stored in advance in the storage device of the mark issuing device. An authentication step;  It is confirmed that the number of issuable times of the mark image indicated by the point information is 1 or more, or that the issued number of times of the mark image indicated by the point information is equal to or less than the permitted number of issuances stored in the storage medium. And a related information receiving step of receiving input of related information of the electronic data via an input device of the computer system when the authentication of the storage medium is established, The related information of the input electronic data is referred to as digital watermark information. Embedded in an image stored in advance in a storage device of the mark issuing device, and embedding related information to generate the mark image;  A mark image attaching step of attaching the mark image to an authentication program stored in advance in a storage device of the mark issuing device;  In the point information stored in the storage medium, the number of issuable times of the mark image indicated by the point information is reduced by one, or the number of issued mark images indicated by the point information is increased by one. And a storage medium update step of updating to  The authentication program includes:  By being downloaded and executed together with the electronic data to a browser terminal that displays the electronic data via a network, the browser terminal displays the mark image on the electronic data being displayed. Using the related information of the electronic data embedded in the mark image to authenticate the electronic data  A mark image generation program characterized by the following. 1 3. A mark issuing device configured to read and write data on a storage medium and generate a mark image for authenticating electronic data,  In the storage medium,  License key information indicating the right to issue the mark image, point information indicating the number of times the mark image can be issued or issued, and if the point information indicates the number of times the mark image has been issued, the number of times the mark image can be issued. , Are stored,  The mark issuing device, The number of times that the mark image indicated by the point information stored in the storage medium can be issued is 1 or more, or the mark indicated by the point information is And confirm that the number of issued lock images is equal to or less than the permitted number of issuances stored in the storage medium, and store the license key information stored in the storage medium and the storage device of the mark issuance device in advance. Storage medium authentication means for authenticating the storage medium using  Confirm that the number of issuable times of the mark image indicated by the point information is 1 or more, or that the number of issued mark images indicated by the point information is not more than the permitted number of issuances stored in the storage medium. Related information receiving means for receiving input of related information of the electronic data via an input device of the computer system when the authentication of the storage medium is established, and  Related information embedding means for embedding the input related information of the electronic data as electronic watermark information in an image previously stored in the storage device of the mark issuing device, and generating the mark image;  Mark image attaching means for attaching the mark image to an authentication program stored in advance in a storage device of the mark issuing device;  In the point information stored in the storage medium, the number of times the mark image indicated by the point information can be issued is reduced by one, or the number of issued mark images indicated by the point information is reduced by one. Storage medium updating means for updating so that  The authentication program includes:  By being downloaded and executed together with the electronic data to a browser terminal for displaying the electronic data via a network, the mark image is displayed on the electronic data being displayed, and embedded in the mark image. Authentication of the electronic data using the relevant information of the electronic data, A mark issuing device characterized by the above-mentioned. 14. A storage medium issuing method for storing information necessary for generating a mark image for authenticating electronic data in the storage medium using a storage medium issuing device capable of reading and writing data in the storage medium,  The storage medium issuing device,  An issuance information receiving step of receiving, via an input device of the storage medium issuing device, information on an issuance destination of the storage medium and an allowed number of times of issuance of the mark image;  The license key information corresponding to the input issuance destination information of the storage medium is read out from the storage device of the storage medium issuing apparatus, and the number of issuable times of the mark image set to the input issuance permitted number is set. A storage medium writing step of writing into the storage medium together with point information or point information indicating the number of issued mark images set to an initial value and the number of permitted issuances,  A storage step of storing the input issue destination information and the point information of the storage medium in a storage device of the storage medium issuing device as a storage medium issue log;  A log output step of outputting a storage medium issuing port stored in a storage device of the storage medium issuing device.  A storage medium issuing method characterized by the above-mentioned. 15. A storage medium issuing program, which is executed by a computer system capable of reading and writing data in the storage medium, and stores information necessary for generating a mark image for authenticating electronic data in the storage medium. The storage medium issuing program comprises: When executed by the computer system, An issuance information receiving step of receiving, via an input device of the storage medium issuing device, information on an issuance destination of the storage medium and the number of times the mark image can be issued;  The license key information corresponding to the input issue destination information of the storage medium is read out from the storage device of the storage medium, and the point information indicating the number of times the mark image can be issued set to the input number of issuable times, Alternatively, a storage medium writing step of writing in the storage medium together with the point information indicating the number of times the mark image has been issued set to an initial value and the number of times of issuance of the mark image,  A storage step of storing the input issuance destination information and the point information of the storage medium in a storage device of the storage medium issuing apparatus as a storage medium issuing port;  A log output step of outputting a storage medium issue log stored in a storage device of the storage medium issuing device.  A storage medium issuing program characterized by the following. 16. A storage medium issuing device configured to read and write data in the storage medium and store information required for generating a mark image for authenticating electronic data in the storage medium,  Issue information receiving means for receiving, via an input device of the storage medium issuing device, information on an issue destination of the storage medium and the number of times the mark image is allowed to be issued, The license key information corresponding to the input issuance destination information of the storage medium is read out from the storage device of the storage medium issuing apparatus, and the number of issuable times of the mark image set to the input issuance permitted number is set. Information or the number of times the mark image has been issued set to the initial value. Storage medium writing means for writing in the storage medium, together with the point information and the number of permitted issuances,  A log storage unit that stores the input issuance destination information and the point information of the storage medium as a storage medium issuance log in a storage device of the storage medium issuance device;  Log output means for outputting a storage medium issuing port stored in a storage device of the storage medium issuing device.  A storage medium issuing device characterized by the above-mentioned.