In recent years, there have been an increased number of improper activities relating to contents. By performing such improper activities, a malicious third party (hereinafter “attacker”) tampers with a software module that operates in a client terminal device so as to cause the software module to perform improper operations. In this way, the attacker fraudulently receives services by bypassing restrictions imposed on contents transmitted by a server. Also, by performing such improper activities, the attacker fraudulently saves or copies contents which are not permitted to be saved or copied.
To address such problems, a technique has been proposed by a TCG (Trusted Computing Group), etc., in which a server verifies the integrity of a platform in a client terminal device. In this technique, the server transmits contents to the client terminal device only when the integrity of the platform in the client terminal device is verified, thus preventing fraudulent saving or copying of the contents. The following describes the technique for verifying the integrity of the platform, by taking an example of a system in which a service provision server 2910 provides information service for a personal computer 2900, with reference to FIG. 29. The personal computer 2900 has a tamper-resistant module called a TPM (Trusted Platform Module) 2902 implemented therein. The TPM 2902 includes a PCR (Platform Configuration Register) 2904, which is a special register. A CPU 2901 of the personal computer 2900 executes codes of software modules including a BIOS 2905, an OS 2906, and an application 2907. In executing the codes, the CPU 2901 calculates hashes of the codes, and transmits the hashes to the TPM 2902. Upon receiving the hashes, the TPM 2902 concatenates the hashes with a hash already stored in the PCR 2904. Then, the TPM 2902 performs a hash operation on the concatenated value, and stores a result of the hash operation in the PCR 2904. The value of the PCR 2904 is a value obtained by cumulating the digest values of software modules executed by the CPU 2901, and indicates which software modules are executed in the personal computer 2900. At the time of requesting for provision of information service, the personal computer 2900 transmits the value (i.e., PCR value) of the PCR 2904 to the service provision server 2910, using a challenge-and-response method or the like. The service provision server 2910 includes a comparison value DB 2912. The comparison value DB 2912 stores PCR values (i.e., PCR comparison values), which are values in a case where valid software modules are being executed in the personal computer 2900. Upon receiving a PCR value, the service provision server 2910 compares the PCR value with a corresponding one of the PCR comparison values, thereby judging whether valid software modules are being executed in the personal computer 2900. The service provision server 2910 provides information service to the personal computer 2900, only when judging that valid software modules are being executed (see Patent Literature 1 and Non-Patent Literatures 1 to 4).