The present invention relates to a method and system for authenticating a user and providing a service.
Along with recent popularization of the Internet, sales business which broadcasts digital contents using the network has come into the limelight. However, since copyrights of digital contents are generally not sufficiently protected, illicit use of contents without any compensation for them is posing a problem.
To solve this problem, a copyright protection technique using encryption/authentication, such as MagicGate (copyright protection mechanism) available from Sony Corporation, has been developed. However, it is essential for such a technique to use a special recording medium such as a memory stick having an encryption/authentication function. In addition, the technique cannot take advantage of copy broadcast of digital contents.
In conventional content sales, users pay the prices of contents themselves. This purchase system is inconvenient for the users because the fees to be paid are the same independently of the number of times of use of contents.
U.S. Pat. No. 5,629,980 to US Xerox Corporation and corresponding Japanese Patent Laid-Open No. 8-263438 propose a method of solving the above problems.
According to Japanese Patent Laid-Open No. 8-263438, an appropriate usage right and fee are attached to each digital work and stored in the first repository. The second repository starts a session by the first repository. The second repository requests access to a digital work. The first repository checks the usage right corresponding to the digital work and a permission for access to the digital work. When the access is denied, the first repository ends the session by an error message. When the access is granted, the first repository transfers the digital work to the second repository.
When the digital work is transferred to the second repository, each of the first and second repositories generates bill information to a credit server. In this way, illicit bill processing is prevented by issuing two bill notifications.
In these techniques, free broadcast with copyright protection of digital contents is impeded. U.S. Pat. No. 5,629,980 to US Xerox Corporation and corresponding Japanese Patent Laid-Open No. 8-263438 disclose a method of charging the user for use of a digital content in accordance the contents of use (the number of times of use) and simultaneously protecting the copyright.
In this prior art, however, a user who wants to use a digital content must input an encryption key unique to the user to a content execution device. For example, when a user is going to execute a content package by a content execution device, use qualification authentication processing is performed on the basis of the communication protocol between the content execution device and a usage right control server. Authentication data transmitted from the usage right control server to the content execution device is decrypted using an encryption key that is input by the user to the content execution device. The thus obtained decrypted data is transmitted to the usage right control server. It is determined whether decryption has properly been executed, thereby authenticating the use qualification. At this time, how to maintain the security of the encryption key input to the content execution device is a problem.
Especially, when the content execution device is a device commonly used by many unspecified persons, inputting a user""s encryption key to the device poses a problem of security.
Accordingly, an object of the present invention is to provide a service providing method with high security, information processing system, control program, and storage medium.
According to the present invention, the foregoing object is attained by providing a service providing method which uses
a user terminal which stores an encryption key,
a service providing apparatus which can communicate with the user terminal, and
an authentication apparatus which can communicate with the service providing apparatus, comprising:
an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key;
a transmission step of transmitting the encrypted authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
a decryption step of decrypting the encrypted authentication data in the user terminal using the encryption key stored in the user terminal;
a return step of returning the authentication data decrypted in the decryption step to the authentication apparatus through the service providing apparatus;
an authentication step of executing authentication in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal with the authentication data before encryption; and
a service providing step of causing the service providing apparatus to provide a service to the user in accordance with an authentication result in the authentication step.
Other features and advantages of the present invention will be apparent from the following description taken in conjunction with the accompanying drawings, in which like reference characters designate the same or similar parts throughout the figures there.