In recent years, a system of adding programs to household electronic devices after shipment, and adding functions to devices by executing these programs has become widespread.
Typical technologies for program execution systems that run programs on household electronic devices include JAVA™ and .NET™.
These technologies include virtual machine systems, and are hoped to become common platforms for the implementation of services due to their ability to run programs without depending on hardware such as a CPU of a network appliance.
A program to be added to a device is often accompanied by permission information that indicates operations the program is permitted to perform. Appropriately setting the permission information prevents the danger of the added program performing arbitrary actions such as tampering with or destroying a user's personal information in the device, or leaking information from the device via a network without permission. In JAVA™ for example, mechanisms such as security managers and accesses controllers are provided to appropriately control the access rights of programs. These mechanisms are disclosed in non-patent document 1.
A typical method of distributing a program to be added to a device involves the use of a network. For example, services that distribute programs by wireless communication for the mobile device to execute are already being implemented in mobile devices such as mobile phones.
Recently, focus has been placed on additional methods that entail distributing programs via portable recording (or storage) media (hereinafter, called simply “portable media”). Here, portable media includes optical discs, silicon devices, memory cards, and other various media that are portable and can record data.
In this case, the household electronic devices have a structure that enables the insertion/removal of the portable medium. There are various embodiments of such insertion/removal depending on the type of the portable medium. In the following description, a state in which the portable medium has been mounted in the device, and the device can read data recorded on the portable medium is referred to as the portable medium having being “inserted” into the device, or the portable medium being “inserted”. An otherwise state is referred to as the portable medium having been “removed” from the device, or the portable medium being “removed”.
Household electronic devices can execute a program by selecting a method such as directly reading and executing the program from the inserted portable medium, or executing the program after having temporarily copied the program on the portable medium to an independent storage apparatus included in the device.
Among devices with a mechanism for the insertion/removal of a portable medium, there are devices that associate operation of a program with the inserted/removed state of the portable medium in some way. One conventional example is shown in patent document 1.
Also, a technique of performing some sort of processing other than simply copying data when the device copies data of the program from the portable medium is disclosed in, for example, patent document 2.
There are two possible types of embodiments for executing a program recorded on a portable medium in devices with a mechanism for the insertion/removal of portable media.
The first type is a method in which the program execution system of the device directly reads and executes the program recorded on the portable medium. In this case, it is a necessary for the portable medium to be inserted in the device.
The other type is a method in which the program recorded on the portable medium is temporarily copied (installed) to a storage apparatus such as a hard disk in the device, after which the program execution system of the device reads and executes the copied data. In this case, it is not necessary for the actual portable medium to be in an inserted state in the device while the program is being executed.
There is a greatly increased level of freedom for the device user in the latter method since it is not required for the portable medium to be inserted when operating the program.
On the other hand, the latter method is a method that allows a user who has a portable medium and temporarily copies a program thereon to a storage apparatus in the device to freely redistribute (e.g., transfer or sell to another user) the portable medium. As such, it is often not preferable from the viewpoint of the developer or provider of the portable medium to allow a program to be executed by this method.
Patent document 1 discloses a method that allows execution of a program copied to a storage apparatus only if the portable medium on which the program is copied is inserted in the device, and otherwise prohibits execution of the program. In this case, it is necessary for the portable medium to be inserted in the device at all times to operate the program, thereby making it possible to prevent the user from redistributing the portable medium etc., which the developer or provider of the portable medium did not intend.
However, a method that requires the portable medium to be inserted at all times when operating the program causes new problems such as the following.
(1) It is impossible to operate the program if the portable medium is damaged etc.
(2) A user with two or more devices cannot operate the program simultaneously on more than one device.
(3) Even in the case of a user who is executing a program in accordance with an authorized use other than redistribution of the portable medium, it is necessary for the user to insert the portable medium in order to prove that the user has the portable medium in his possession whenever executing the program. This makes the program less user-friendly.
Note that although there are exemplary methods that improve the speed of the program by applying optimization etc. when the device copies the program from the portable medium, in conventional technology, permission information associated with the program (also called an Appli) does not change according to where the program to be executed is recorded, but rather is specified as being substantially unified with the program, and this is not considered to be modified (patent document 2).
Patent document 1: Japanese Patent Application Publication No. 2004-46801
Patent document 2: Published Japanese Translation of PCT Application No. 2002-511615
Non-patent document 1: “JAVA™ Security” by Scott Oaks, pub. O'Reilly, May 2001, ISBN 0-596-00157-6