1. Field of the Invention
The present invention relates to a secure program distribution system to which program electronic watermarking is applied.
2. Description of Related Art
With progress of computer techniques, it has become general to distribute the program code (hereinafter abbreviated as a program) via networks. Corresponding to such distribution, there arise problems that a downloaded program is analyzed so as to leak algorithms and ideas used in the program, and that a program itself is tampered and used to commit fraud.
Further, program theft has become a significant problem such that a whole or part of a program developed by some person is used without proper authorization or re-distributed without permission of the developer of the program.
In consideration of future enlarged distribution of programs via networks, schemes are necessary to protect programs against fraud.
For example, a case is considered that a user operates a terminal to download a program from a distributor. In this case, a creator first creates a program. Next, a terminal of the distributor registers the program. Then, when a terminal of a user requests the terminal of the distributor to distribute the program, the terminal of the distributor transmits the program to the terminal of the user, and the terminal of the user downloads the distributed program to store.
In these circumstances, following threats are assumed:    1. The user leaks and/or tampers with the program.    2. The distributor leaks and/or tampers with the program.    3. Another creator steals the program.
As a distribution system against the threats, there are systems using encryption, tamper resistant hardware and/or electronic watermarking.
Herein, the tamper resistant hardware means hardware provided with mechanisms for preventing unauthorized internal analysis, for example, such that LSI automatically detects analysis of a program when the program included in LSI starts being analyzed, and deletes the program.
As a system using encryption, for example, there is a system disclosed in JP 2000-324096.
In this method, a terminal of a user first generates a secret key in a public key cryptography using an ID (terminal ID) specific to the terminal, and then, transmits the terminal ID to a distributor when downloading the content. The distributor generates a public key using the ID, encrypts the content, and transmits the encrypted content to the user. The user decodes the content using a secret key that is generated in advance on the user side to use.
Further, the encrypted content is decoded and used in a tamper resistant hardware area in the terminal of the user.
By this means, the downloaded content is prevented from undergoing unauthorized leakage and tampering.
Another system against the threats as described above is disclosed in JP 2000-330873.
In the method, a creator inserts a unique ID to specify a user of content into the created content, as an electronic watermark. Further, the creator encrypts the content in distributing the content to the user.
When the content undergoes unauthorized use, an unauthorized use monitoring center to monitor the use of the content searches networks, and compares an ID extracted from the content undergoing unauthorized use with a use condition (ID) stored in the center to specify a user who commits unauthorized use of the content.
The unauthorized leakage and tampering of content is thus prevented.
However, when a program is distributed in conventional content distribution systems, there is a problem that it is not possible to prevent unauthorized leakage and tampering of the program by a distributor.
In the case that a program created by a creator is registered with a terminal of a distributor, and that a user operates a terminal to download the program registered with the terminal of the distributor, it is very effective to insert a unique ID to specify the user into the program as an electronic watermark, so as to prevent unauthorized leakage by a user. Further, it is also effective to use tamper-resistant hardware to prevent tampering by a user.
However, in the conventional methods, a program does not include information to specify a distributor. Therefore, if a distributor commits unauthorized leakage, it is not possible to specify the distributor that is a leak source. Accordingly, there are no effects to suppress unauthorized leakage by distributors.
Further, when inserting an ID to specify a user into a program, a distributor inserts the ID of the user into the program. In this case, the distributor needs to handle the program in plain text.
Therefore, the distributor is capable of not only inserting an ID of a user but also tampering with the program so that the program operates in a different way. In other words, there is a risk that the program is tampered in the distributor.
It is also considered that a creator inserts an ID of a user into a program, instead of using a distributor. However, there are a large number of cases that the creator cannot serve as a distributor.