JP4750254B2 - Information distribution server system, application authentication method for the system, and recording medium - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an information distribution server system, an authentication method for an application in the system, and a recording medium.
[0002]
[Prior art]
Mobile phones are becoming increasingly sophisticated.
Recently, proposals have been made to introduce a more serious application operating environment to mobile phones. For example, there is a plan to mount a Java virtual machine, which is an environment for executing an application described in a Java (registered trademark) programming language, on a mobile phone. If this is realized, various applications can be operated on the mobile phone more than ever.
This kind of environmental change is due to the fact that mobile phones can install and use various applications that users need from terminals that have been used only for input and output. It means to transform into a terminal. That is, although the information processing ability and expression ability are still inferior, what can be processed only by a personal computer until now can be processed by a mobile phone.
[0003]
Such a Java (registered trademark) application for mobile phones is considered to have the following characteristics.
(1) A mobile phone is more portable than a personal computer, but has disadvantages such as a small memory capacity, a low data processing capability, a small communication bandwidth, and a slow communication speed. Due to these disadvantages, the code size of applications for mobile phones is much smaller than that for personal computers. For this reason, it is expected that processing is performed by making the best use of external functions such as a server rather than fulfilling the intended purpose only by the function of the application itself.
(2) Applications for personal computers are mainly downloaded from a server to a personal computer each time they are executed. On the other hand, when a mobile phone is used, considering the communication time and communication cost required for downloading, as well as the operational burden on the user, the application for the mobile phone is used after being stored in the non-volatile memory of the mobile phone. It is expected that there will be more cases.
(3) Considering that the user interface of the mobile phone is poor, users tend to acquire various applications through a specific application distribution site rather than using various application distribution sites. Accordingly, the application distribution site side is expected to handle a plurality of applications by many application providers.
(4) As represented by the sandbox model of Java (registered trademark) applet, it is expected that the security management policy of the application will be in the direction of communication with only the server of the download source.
[0004]
In view of the above, it is considered that authentication processing is required for mobile phone applications as follows.
[0005]
For example, when a plurality of applications from a plurality of application providers are distributed from a single server, a client-side application and a server-side process that manages a communication interface function with the application on the server side are a set. . The server side process authenticates the application by confirming whether the application that sent the request to the server side is an application that is surely set with itself.
For example, assuming an application that manages various data such as the user's schedule information and address book, when the application queries the server for the contents of the various data, the server-side process responds to the user's personal information. It is necessary to perform authentication and check whether the application is a set with itself.
[0006]
In addition, for example, when a plurality of applications are distributed from a single server by a plurality of application providers, a server-side functional interface process that can share the plurality of applications is required. As an example, if a user can register in the table on the server side by voting the number of points according to their practicality for the application he / she used, each application can share that table. This point registration function corresponds to a function interface process. In this case, the function interface process needs to recognize which application the voting request is from.
Alternatively, the sharing degree of the common interface process may be limited on an application-by-application basis, for example, a case where an application accesses data related to user personal information. In such a case, since a specific function is opened only for a specific application, the function interface process needs to recognize which application the request is from.
[0007]
[Problems to be solved by the invention]
Conventionally, the following method has been adopted for such a need for application authentication.
For example, an application on the client side notifies the server side of application identification information, whereby the server side identifies the application. In addition, when a user selects an application on the client side and notifies the server side of the application, application authentication on the server side is possible.
However, regardless of which method is used, the server side only has to trust the operation on the application side, and an unauthorized application impersonates another application, or a user intentionally or mistakenly specifies another application. In case the application could not be authenticated.
[0008]
There is also a technique for performing application authentication using encryption or digital authentication under the certification of a certificate authority.
In this case, it is necessary to cope with digital authentication in the mobile phone, but the burden for mounting the function on the mobile phone is large. There is also a problem of cost generation for the certificate authority.
[0009]
An object of the present invention is to provide an application distribution / execution environment with higher security by more reliably authenticating an application against the background described above.
[0010]
[Means for Solving the Problems]
In order to solve the above-described problem, an invention according to claim 1 is an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network. In response to a download request, an identifier issuing unit that issues a download identifier for identifying the request event, and the issued download identifier And an application identifier unique to the application that is the target of the request event indicated by the download identifier The identifier storage unit for storing, and the issued in the response signal transmitted to the wireless portable terminal in response to the download request download An identifier notifying unit that transmits including an identifier and downloaded to the wireless portable terminal Ta Download identifier from application And the application identifier When a request signal containing And the corresponding application identifier And an authentication unit that authenticates the application depending on whether or not it is stored in the identifier storage unit.
[0011]
The invention according to claim 2 is the information distribution server system according to claim 1,
The identifier notifying unit transmits the URL (Uniform Resource Locator) used by the wireless portable terminal to download the application including the download identifier.
[0012]
The invention according to claim 3 is the information delivery server system according to claim 1,
The identifier notifying unit transmits parameter data that can be referred to from the application of the wireless portable terminal together with the download identifier.
[0013]
According to a fourth aspect of the present invention, there is provided an information distribution server system for distributing an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network. An identifier that issues a download identifier for identifying an event, an identifier that stores the issued download identifier, and an application identifier unique to the application that is the target of the request event indicated by the download identifier, in association with each other A storage unit, an application distribution unit that distributes the data file of the application downloaded to the wireless portable terminal, including the issued download identifier, and the download from the application downloaded to the wireless portable terminal Upon receiving the Besshi and request signal including the application identifier, the download identifier When Applicable identifier When But Associated And an authentication unit that authenticates the application depending on whether or not it is stored in the identifier storage unit.
[0014]
The invention according to claim 5 is an information distribution server system for distributing an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network.
An identifier issuing unit for issuing a download identifier for identifying a download request event from the wireless portable terminal;
To request a download identifier corresponding to the download, including an application identifier for identifying the application and a user identifier for identifying the user of the wireless portable terminal, from the application downloaded to the wireless portable terminal When the request signal is received, an identifier notification unit that notifies the wireless portable terminal of a download identifier issued by the identifier issuing unit,
An authentication unit that authenticates the application depending on whether the requested download identifier is already notified by the identifier notification unit when the request signal is received;
It is characterized by having.
[0015]
The invention according to claim 6 is the information delivery server system according to claim 5,
The authentication unit further receives a request signal including the notified download identifier from the application downloaded to the wireless mobile terminal, depending on whether the download identifier is issued by the identifier issuing unit. The application is authenticated.
[0016]
The invention according to claim 7 is the information delivery server system according to claim 5,
The identifier notification unit notifies the download identifier only once to the application.
[0017]
The invention according to claim 8 is the information delivery server system according to claim 5,
When there are a plurality of download identifiers corresponding to a combination of the user identifier and the application identifier, the authentication unit sets a download identifier for the last downloaded application as a target of the authentication.
[0018]
According to a ninth aspect of the present invention, in an information distribution server system for distributing an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network, the date and time when the download request is made is counted as a server-side download date and time. A download timing unit, a user identifier for identifying the user of the wireless portable terminal that has transmitted the download request, an application identifier for identifying the application that is the target of the download request, and the download request An identifier storage unit that stores the time-scheduled server-side download date and time, and a terminal side that is stored as the date and time when the download was performed by the wireless portable terminal from an application downloaded to the wireless portable terminal Da And unload time, and the application identifier, when receiving a request signal containing said user identifier, said terminal ~ side Downlaw De day An authentication unit that authenticates the application depending on whether or not time is included in a predetermined time range with respect to the server-side download date and time.
[0019]
The invention according to claim 10 is an application authentication method for an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network, in response to a download request from the wireless portable terminal. And issuing a download identifier for identifying the request event, associating the issued download identifier with an application identifier specific to the application that is the target of the request event indicated by the download identifier. In identifier storage Storing, including transmitting the issued download identifier in a response signal transmitted to the wireless mobile terminal in response to the download request, from the application downloaded to the wireless mobile terminal When receiving a request signal including a download identifier and the application identifier, the step of authenticating the application depending on whether or not the download identifier and the application identifier are associated with each other and stored in the identifier storage unit. It is characterized by having.
[0020]
The invention according to claim 11 is an application authentication method for an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network, in response to a download request from the wireless portable terminal. And issuing a download identifier for identifying the request event, associating the issued download identifier with an application identifier specific to the application that is the target of the request event indicated by the download identifier. In identifier storage Storing, including distributing the issued download identifier in the data file of the application downloaded to the wireless portable terminal, the download identifier and the application identifier from the application downloaded to the wireless portable terminal And receiving the request signal including the step of authenticating the application depending on whether or not the download identifier and the application identifier are associated with each other and stored in the identifier storage unit. .
[0021]
The invention according to claim 12 is an application authentication method for an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network.
Issuing a download identifier for identifying a download request event from the wireless portable terminal;
A request for requesting a download identifier corresponding to the download, including an application identifier for identifying the application and a user identifier for identifying the user of the wireless portable terminal, from the application downloaded to the wireless portable terminal When receiving a signal, notifying the wireless portable terminal of the issued download identifier;
Authenticating the application according to whether or not the requested download identifier has already been notified to the wireless portable terminal when the request signal is received;
It is characterized by having.
[0022]
The invention according to claim 13 is the application authentication method of the information distribution server system according to claim 12, further receiving a request signal including the notified download identifier from the application downloaded to the wireless portable terminal. Then, the download identifier is The information distribution server system Authenticating the application depending on whether it is issued by The It is characterized by having.
[0023]
The invention according to claim 14 is an application authentication method of an information distribution server system for distributing an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network. A time counting as a download date, a user identifier for identifying a user of the wireless portable terminal that has transmitted the download request, an application identifier for identifying an application that is a target of the download request, and the download The server-side download date and time counted for the request are stored in association with each other, and the date and time when the download was made by the wireless portable terminal from the application downloaded to the wireless portable terminal is stored. A terminal side download date have, with the application identifier when receiving a request signal containing said user identifier, said terminal ~ side Downlaw Day And authenticating the application according to whether or not the time is included in a predetermined time range with respect to the server side download date and time.
[0024]
A fifteenth aspect of the invention provides a computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system according to the tenth aspect.
[0025]
The invention described in claim 16 provides a computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system described in claim 11.
[0026]
The invention described in claim 17 provides a computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system described in claim 12.
[0027]
According to an eighteenth aspect of the present invention, there is provided a computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system according to the thirteenth aspect.
[0028]
A nineteenth aspect of the present invention provides a computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system according to the fourteenth aspect.
[0029]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention will be described below with reference to the drawings. However, the present invention is not limited to such an embodiment, and various modifications can be made within the scope of the technical idea.
A: Configuration
(1) Overall network configuration
FIG. 1 is a block diagram illustrating an overall configuration of a system according to the embodiment. As shown in the figure, this system is mainly composed of a user terminal group 1, a provider terminal group 2, a mobile packet communication network 3, the Internet 4 and a server group 5.
This system provides an environment that promotes the distribution of content as a whole. Specifically, various applications are uploaded from the provider terminal group 2 to the server group 5, and in response to requests from the user terminal group 1 The above application is downloaded.
In this embodiment, a computer program called an “applet” written in the Java (registered trademark) programming language will be described as an example of an “application”. Any possible data is included in the concept of this application.
[0030]
Hereinafter, each component of this system will be described in detail.
The user terminal group 1 is a terminal group operated by a user who purchases a right to download and use various applications registered in the server group 5 by paying a fixed usage fee every month. 10 and a personal computer 11.
The mobile phone 10 receives a call service of a mobile phone network (not shown) and performs wireless data communication with the base station 31 of the mobile packet communication network 3.
The mobile packet communication network 3 includes base stations 31 distributed in a communication service area, switching stations 32 that perform packet switching services, and communication lines that connect them. The mobile packet communication network 3 is connected to the Internet 4 via a gateway 33, and bidirectional data communication is possible between the two different networks. The mobile phone 10 can download each application from the server group 5 via the mobile packet communication network 3 and the Internet 4.
The personal computer 11 is a computer that can be communicably connected to the Internet 4 via an Internet connection provider (provider) (not shown). A user can operate the computer 11 to access the server group 5 and receive an application search service.
[0031]
The provider terminal group 2 is a terminal group operated by a provider of various applications and includes a personal computer 20.
Similar to the personal computer 11 described above, the personal computer 12 is a computer that can be connected to the Internet 4 via an Internet connection provider (provider) (not shown). Here, the provider refers to a person who holds a license for each application, and has a right to receive a part of the usage fee paid by the user as a consideration for the application (hereinafter referred to as a license amount).
There are actually more mobile phones 10, personal computers 11, and personal computers 20, and this system can provide services to more users and providers. Hereinafter, the personal computer is abbreviated as PC.
[0032]
The server group 5 is connected to the Internet 4 via the router 6 and includes various servers for operating and managing a dedicated site for distributing the application uploaded from the provider terminal group 2 to the mobile phone 10. .
As shown in FIG. 1, the server group 5 includes a WWW (World Wide Web) server 50 for a mobile phone, a WWW server 51 for a personal computer, a DNS (Domain Name System) server 52, an SMTP (Simple Mail Transfer Protocol) server 53. , A database server 54, an aggregation server 55, an administrator console 56, a firewall server 57, and a high-speed digital line 58 for interconnecting them.
[0033]
The mobile phone WWW server 50 is a server that provides the mobile phone 10 with a WWW page dedicated to the mobile phone and distributes applications.
The PC WWW server 51 is a server that provides a PC-specific WWW page to the PC 11 and the PC 21.
The DNS server 52 is a well-known server that maintains a host name assigned to each node on the Internet 4 and an IP (Internet Protocol) address in association with each other, and provides a service for converting them.
The SMTP server 53 is a well-known mail server that supports SMTP.
The database server 54 is a server provided with a mass storage device for storing various uploaded applications and various tables as will be described later.
The aggregation server 55 is a server that uses the various tables stored in the database server 54 to calculate the usage status of the content and the license amount according to the usage status.
The administrator console 56 is a computer operated by an administrator of the server group 5, and thereby maintenance of various servers constituting the server group 5 is performed.
The firewall server 57 is a well-known server that manages the function of eliminating unauthorized access from an external network.
[0034]
(2) Configuration of mobile phone 10
Next, the configuration of the mobile phone 10 will be described.
First, the hardware configuration of the mobile phone 10 will be described with reference to FIG. As shown in the figure, a mobile phone 10 includes a CPU (Central Processing Unit) 100, a ROM (Read Only Memory) 101, a RAM (Random Access Memory) 102, an SRAM (Static Random Access Memory) 103, and a data input / output unit 104. , A wireless processing unit 105, an audio processing unit 106, a speaker 107, a microphone 108, a keypad 109, and an LCD (Liquid Crystal Display) 110 are connected.
Various control programs and the like are stored in the ROM 101, and the CPU 100 reads this control program and executes various control processes. At that time, the RAM 102 is used as a work area of the CPU 100 or the like. The control program in the ROM 101 includes a browser and various applications to be described later in addition to firmware that supports the basic operation of the mobile phone 10. The SRAM 103 caches a page provided from the mobile phone WWW server 50 and stores an application downloaded from the server 50.
The wireless processing unit 105 includes a frequency synthesizer, an amplifier, a modulation / demodulation circuit, etc. (not shown), and performs frame synchronization / separation, error detection / correction processing, etc., on a signal transmitted / received via the antenna 105-1. Processing corresponding to each of signals transmitted by circuit switching and signals transmitted by packet switching is performed. Data processed by the wireless processing unit 105 is input / output to / from the CPU 100 via the data input / output unit 104.
The audio processing unit 106 is connected to the speaker 107 and the microphone 108 and performs predetermined processing on the audio signal.
The keypad 109 is an input interface for the user to perform various operations, and the LCD 110 is a display interface for displaying various information.
[0035]
Next, the process configuration of the mobile phone 10 will be described with reference to FIG. As shown in the figure, the lowest layer of the process configuration includes a key interface unit KI related to hardware control of the mobile phone 10, a screen interface unit DI, a data communication driver DD, a speaker / microphone control unit SM, and a memory interface MI. The
The upper layer is constituted by firmware FW, and the basic processing of the mobile phone 10 is supported by this firmware.
Further, the upper layer includes a Java virtual machine JVM, a browser BS, a telephone function unit TS, and a setting unit SS, and a Java applet AAP is configured above the Java virtual machine JVM.
The Java applet APP is an application written in Java (registered trademark), downloaded from the mobile phone WWW server 50 to the mobile phone 10 and executed on the Java virtual machine JVM.
[0036]
(3) Configuration of WWW server for mobile phones
Next, the configuration of the mobile phone WWW server 50 will be described.
The mobile phone WWW server 50 has a hardware configuration similar to that of a known server machine, and includes a CPU, a ROM, a RAM, a hard disk device, a communication interface, and the like (not shown) connected via a bus.
FIG. 4 is a schematic diagram showing a process configuration of the mobile phone WWW server 50. As shown in the figure, an OS (Operating System), a WWW server, and a Web application program are configured in order from various interfaces at the lowest layer to the upper layer.
[0037]
(4) Database server configuration
As described above, the database server 54 holds various pieces of information in a table format, and these pieces of information are used for operation and management by this system.
The contents registered in the various tables in the database server 54 will be described in detail below.
[0038]
FIG. 5 is a diagram illustrating an example of registered contents of the provider master table LMT (provider information table).
As shown in the figure, in the table LMT, various types of provider information such as a provider name, a provider ID, a registration date, and a bank account are registered in association with each other. The provider name is a name notified to the server group 5 by the provider. The provider ID is an ID for identifying each provider. The registration date means the year, month and day when the provider registers the provider information in the server group 5. A bank account is a bank account opened by a provider, and this is a transfer destination account of a license amount to be received by the provider.
This provider master table LMT is mainly used when performing processing (to be described later) for searching for a license amount or application usage status (described later) or transferring a license amount in response to a request from the provider.
[0039]
FIG. 6 is a diagram illustrating an example of registration contents of the application registration master table AST.
As shown in the figure, various information such as application ID, provider ID, application name, server name, directory, download file name, DB access password, description, help file, and capture file are registered in this table AST. ing.
The application ID is an ID assigned to identify each application. The provider ID is as described above. The application name is the name of the application. The server name is the host name of the server where the application is stored, the directory is the directory name within the server where the application is stored, and the download file name is the name within the server where the application is stored. File name. When the mobile phone 10 application is downloaded from the server group 5, the server name, directory, and download file name are designated.
Next, the DB access password is a password used when the provider searches the database server 54 for information regarding each application. The explanatory text is a text for explaining the contents of the application to the user, and is displayed on the PC 11 or the mobile phone 10 when the user searches for an application or downloads the application, for example.
A help file is a file name that stores help information provided to users when searching for or downloading such applications. A capture file visually displays the contents of an application. This is the name of a file in which image information is stored.
The application registration master table AST is mainly used when searching for an application by a user or when downloading, and when searching for a license amount or usage status by a provider.
[0040]
FIG. 7 is a diagram illustrating an example of registered contents of the application access management table AAT (limitation unit, shared process interface).
As shown in the figure, an application ID and a table name are registered in this table AAT. This table name means the name of a table that can be accessed by the application when the application is executed. For example, the application (game software) indicated by the application ID “56789” can access a high score table (not shown) for registering a high score, that is, the application indicated by the application ID “56789” is high. This means that score registration is possible.
As described above, an accessible table is defined for each application, thereby preventing an unauthorized application from accessing.
[0041]
FIG. 8 is a diagram illustrating an example of registered contents of the application statistics table ATT.
As shown in the figure, in this table ATT, application ID, target year / month, number of downloads, number of activations, execution time, number of voting points, license amount and license amount payment flag are registered.
This table is for grasping the usage status of each application, and the target year means the period for which the usage status is to be grasped.
The number of downloads means the number of times the application has been downloaded to the mobile phone 10 during the period indicated by the target year and month.
The number of activations means the number of times that the application is activated on the mobile phone 10 during the period indicated by the target year and month.
The execution time means the time when the application is executed on the mobile phone 10 during the period indicated by the target year and month.
Each user can vote for the application he / she used according to its practicality and interest, and the number of voting points means the number of points voted. Yes.
The license amount is an amount that the provider should receive as a consideration for the application, and is calculated based on a calculation formula described later according to the usage status of the application.
The license amount payment flag is flag information indicating whether or not the calculated license amount has already been paid to the provider.
[0042]
FIG. 9 is a diagram illustrating an example of registered contents of the user master table UMT.
As shown in the figure, in this table UMT, user information such as a user name, a user ID, a password, a credit card number, an entry date, a withdrawal date, a telephone number, a mobile phone mail address, and a PC mail address are registered. Has been.
The user name is the name of the user, and the user ID is an ID assigned to identify each user. The password is necessary for the user to log in to the server group 5 and the like, and user authentication is performed by the above-described user ID and this password.
The credit card number is a contract number of a credit card used by the user, and the usage fee is collected using the credit contract indicated by the credit card number.
The enrollment date is the year, month and date when the user has joined this service, and the withdrawal date is the year, month and date when the user has withdrawn from this service.
The telephone number is a user's telephone number, and the mobile phone mail address is a mail address possessed by the user and assigned to the mobile phone 10 for downloading various applications. The PC mail address is a mail address assigned to the PC 11 used by the user.
This table UMT is used, for example, when the user logs in or when mail is sent to the user.
[0043]
FIG. 10 is a diagram illustrating an example of registered contents of the last activation date and time storage table LRT.
As shown in the figure, a user ID, an application ID, and the last activation date / time are registered in this table LRT. When the application is started on the mobile phone 10, the start notification is transmitted from the mobile phone 10 to the mobile phone WWW server 50, and the last start date is registered in the last start date storage table LRT accordingly. It has come to be.
The point voting described above is limited to applications that the user has downloaded or started in the past certain period, and this table LRT is used when the user can extract applications that can be point-voted.
[0044]
FIG. 11 is a diagram showing an example of registered contents of the user access storage table UAT.
As shown in the figure, in this table UAT, a user ID, an application ID, a target year, a number of downloads, a number of activations, an execution period, and the number of voting points are registered.
The number of downloads means the number of times the corresponding user has downloaded the corresponding application to the mobile phone 10 during the period indicated by the target year and month.
The number of activations means the number of times that the corresponding user has activated the corresponding application on the mobile phone 10 during the period indicated by the target year and month.
The execution time means the time when the corresponding user executes the corresponding application on the mobile phone 10 during the period indicated by the target year and month.
The number of voting points means the number of points that the corresponding user has voted for the corresponding application during the period indicated by the target date.
That is, this table UAT is used for grasping the usage status of the application. Based on the information registered in this table UAT, the usage status of the application is grasped, and as a result, the license amount to be paid to the provider is determined. It has become fixed.
[0045]
FIG. 12 is a diagram showing an example of registered contents of the user deposit management table UPT.
As shown in the figure, a user ID, a target date and a deposit flag are registered in this table UMT. The deposit flag is flag information indicating whether or not the usage fee has been paid by the user.
The server group 5 manages the payment of the usage fee by the user using the user deposit table UPT.
[0046]
FIG. 13 is a diagram showing an example of registered contents of the download ID management table DIT.
As shown in the figure, a user ID, a download date, an application ID, and a download ID are registered in this table DIT.
The download ID is an ID that is uniquely issued for each download request from the mobile phone 10, and all issued download IDs are stored in this table DIT. As will be described later, this download ID is used to eliminate unauthorized applications.
[0047]
FIG. 14 is a diagram illustrating an example of registered contents of the final download management table LDT.
As shown in the figure, the user ID, the application ID, and the last download date / time are registered in this table LDT. Similarly to the table LRT, this table LDT is also used when a user can extract an application that allows point voting.
[0048]
B: Operation
Next, the operation of the embodiment configured as described above will be described.
In the following, “applet” is processed as an application, and (1) applet search, (2) applet download, (3) applet execution, (4) applet point voting, (5) calculation of license amount, (6) The operation will be described in the order of various searches by the provider.
[0049]
(1) Search for applets
The user can access the server group 5 by operating the PC 11 and search for a desired applet.
15 to 16 are sequence diagrams showing operations of the PC 11 and the PC WWW server 51 when searching for applets. FIG. 17 is a diagram showing an example of a screen displayed on the PC 11 at that time.
In FIG. 15, the user first operates the PC 11 to start the browser, and the URL of the top page held by the PC WWW server 51 (here, “http://www-p.techfirm.co.jp/ Enter "index.html"). The PC 11 accepts this operation (step Sa1). At this time, it goes without saying that the jump is not limited to the input of the URL, but from an anchor on another page.
[0050]
Next, the PC 11 sends a request for accessing the top page to the Internet 4 (step Sa2). This request includes a character string consisting of “http://www-p.techfirm.co.jp/index.html” specified by the GET method, as shown in FIG.
[0051]
When receiving the request signal via the Internet 4, the PC WWW server 51 reads the top page specified by the request URI (Uniform Resource Identifier) from the hard disk (step Sa3), and transmits this to the PC 11 ( Step Sa4).
[0052]
When receiving the top page, the PC 11 interprets it and displays it on the display unit (step Sa5). The page displayed here is a page for logging in to the PC WWW server 51. For example, as shown in FIG. 17A, a message prompting for input of a user ID and password is displayed in a predetermined field. Yes.
[0053]
When the user inputs the user ID and password and performs an operation for instructing login, the PC 11 transmits a request for login to the PC WWW server 51 (step Sa6). For example, when the user ID “10000” and the password “9999” are input, this request includes “http://www-p.techfirm.co.jp/cgi-bin/login” specified by the GET method. .cgi? id = 10000 & pw = 9999 "is included.
[0054]
The PC WWW server 51 activates a CGI (Common Gateway Interface) corresponding to login.cgi in response to the request, refers to the user master table UMT in the database server 54, and receives the received user ID “10000”. And it is determined whether or not the set of the password “9999” is a correct set (step Sa7).
[0055]
If the result of this determination is that the set is correct, the PC WWW server 51 forms the next entrance page and sends it back to the PC 11 (step Sa8). On the other hand, as a result of this determination, if the set is not correct, a predetermined error screen is formed and returned to the PC 11.
Thereafter, in order to manage each session executed between the PC 11 and the PC WWW server 51 on the PC WWW server 51 side, the data transmitted from the PC 11 to the PC WWW server 51 is a character string indicating a user ID. “Id = 10000” is embedded.
[0056]
Now, when receiving the entrance page, the PC 11 interprets it and displays it on the display unit (step Sa9). On the page displayed here, as shown in FIG. 17B, an outline description of the site and various menus are listed.
[0057]
In order for a user to perform an applet search, a “library” button shown in FIG. 5B may be clicked. In response to this click operation, the PC 11 sends a request for requesting a library service to a PC WWW server. 51 (step Sa10). This request includes a character string consisting of “http://www-p.techfirm.co.jp/cgi-bin/lib.cgi?id=10000” specified by the GET method.
[0058]
In response to the request, the PC WWW server 51 activates lib.cgi to form a library page (step Sa11), and returns this to the PC 11 (step Sa12).
[0059]
When receiving the library page, the PC 11 interprets it and displays it on the display unit (step Sa13). The library page displayed here is a page for selecting applets to be searched by category as shown in FIG. Here, for example, it is assumed that the user clicks the “game” button shown in FIG.
[0060]
In response to the click operation, the PC 11 transmits a request for requesting the list page of the game applet to the PC WWW server 51 (step Sa14). This request includes a character string consisting of “http://www-p.techfirm.co.jp/cgi-bin/lib-game.cgi?id=10000&page1” specified by the GET method.
[0061]
In response to the request, the PC WWW server 51 activates lib-game.cgi to configure the first page of the game list page (step Sa15), and transmits this to the PC 11 (step Sa16).
[0062]
When the PC 11 receives the first page of the game list page, it interprets it and displays it on the display unit (step Sa17). The page displayed here lists the title names of various games as shown in FIG. Here, it is assumed that the user clicks and selects the title name “drops” shown in FIG. It should be noted that the game list page is not necessarily composed of only one page, but may naturally be composed of a plurality of pages. In this case, when the user clicks “Next” shown in Figure (d), “http://www-p.techfirm.co.jp/cgi-bin/lib-game.cgi? A request including the character string “id = 10000 & page2” is transmitted from the PC 11 to the PC WWW server 51, and the second page of the game list is provided. Thus, the Nth page of the game list is provided by indicating “pageN” at the end of the request URI.
[0063]
In response to the click operation, the PC 11 transmits a request for requesting a game description of “drops” to the PC WWW server 51 (step Sa18). This request includes a character string consisting of “http://www-p.techfirm.co.jp/cgi-bin/expl.cgi?id=10000&app=56789” specified by the GET method. Here, “app = 56789” means an application ID assigned to “drops”.
[0064]
In response to the request, the PC WWW server 51 activates expl.cgi to construct a description page for the “drops” game (step Sa19), and transmits this to the PC 11 (step Sa20). At this time, the PC WWW server 51 refers to the application registration master table AST in the database server 54 and refers to an explanatory note, a capture file, etc. corresponding to the designated applet, and configures an explanation page.
[0065]
When receiving the explanation page, the PC 11 interprets it and displays it on the display unit (step Sa21). The page displayed here includes an explanatory text explaining the contents of “drops” as shown in FIG. 17E, and a capture that visually represents how the game is being played. ing.
[0066]
The user refers to these explanations, and clicks the “URL mail” button shown in FIG. 5E if there is an intention to download the game to his / her mobile phone 10.
In response to this click operation, the PC 11 transmits a request for requesting the mobile phone 10 to transmit an access URL for downloading “drops” to the mobile phone 10 to the PC WWW server 51 ( Step Sa22). This request includes a character string consisting of “http://www-p.techfirm.co.jp/cgi-bin/urlmail.cgi?id=10000&app=56789” specified by the GET method.
[0067]
The PC WWW server 51 activates urlmail.cgi in response to the request and uses the mail address assigned to the mobile phone 10 as the destination, and an access URL (http to the game software “drops” specified by the request. : //www-c.techfirm.co.jp/cgi-bin/expl.cgi? id = 10000 & app = 56789) is generated and transmitted (step Sa23). At this time, the mail address of the destination mobile phone 10 can be grasped by referring to the user master table UMT.
[0068]
When this mail transmission is completed, the PC WWW server 51 generates a completion notification page and transmits it to the PC 11 (step Sa24).
When the PC 11 receives the completion notification page, it interprets it and displays it on the display unit (step Sa25), and the process shown in FIG.
[0069]
The mobile phone 10 that has received the e-mail in which the access URL is written can jump directly to the site indicated by the URL when the access URL on the mail is selected on its mail browser. This eliminates the need for the user to input a URL that is cumbersome to input on the mobile phone 10. Further, it is not necessary to perform a complicated search operation on the mobile phone 10, which is very convenient for the user.
[0070]
(2) Applet download
Next, applet download processing will be described.
18 to 20 are sequence diagrams showing operations of the mobile phone 10 and the mobile phone WWW server 50 when downloading the applet. FIG. 21 shows an example of a screen displayed on the LCD 111 of the mobile phone 10 at this time. FIG.
In FIG. 18, first, the user operates the mobile phone 10 to start the browser, and the URL of the top page held by the mobile phone WWW server 50 (here, “http://www-c.techfirm.co”). .jp / index.html ”). In response to this, the cellular phone 10 receives the input operation (step Sb1). At this time, it goes without saying that the jump is not limited to the input of the URL, but from an anchor on another page.
[0071]
Next, the mobile phone 10 sends a request for accessing the top page to the Internet 4 (step Sb2). This request includes a character string consisting of “http://www-c.techfirm.co.jp/index.html” specified by the GET method, as shown in FIG.
[0072]
When the mobile phone WWW server 50 receives the request via the Internet 4, it reads the page specified by the request URI from the hard disk (step Sb3) and returns it to the mobile phone 10 (step Sb4).
[0073]
When the mobile phone 10 receives the page, it interprets it and displays it on the LCD 111 (step Sb5). The top page displayed here is a page for joining or logging in to the service provided by the mobile phone WWW server 50, and has a configuration as shown in FIG.
[0074]
When the user selects and operates “Login” shown in FIG. 5A, the cellular phone 10 transmits a request for login to the cellular phone WWW server 50 (step Sb6). This request includes a character string consisting of “http://www-c.techfirm.co.jp/login.html” specified by the GET method, as shown in FIG.
[0075]
When the mobile phone WWW server 50 receives the request, it reads the login page specified by the request URI from the hard disk (step Sb7) and returns it to the mobile phone 10 (step Sb8).
[0076]
When the mobile phone 10 receives the login page, it interprets it and displays it on the LCD 111 (step Sb9). The login page displayed here has a configuration as shown in FIG. 21B, for example, and a message prompting the user to input a user ID and password is displayed in a predetermined field.
[0077]
When the user inputs the user ID and password and performs an operation to instruct login, the cellular phone 10 transmits a request for login to the cellular phone WWW server 50 (step Sb10). For example, when the user ID “10000” and the password “9999” are input, “http://www-c.techfirm.co.jp/cgi-bin/start. A character string consisting of “cgi? id = 10000 & pw = 9999” is included.
[0078]
The mobile phone WWW server 50 starts start.cgi in response to the above request, refers to the user master table UMT in the database server 54, and sets the received user ID “10000” and password “9999”. It is determined whether the set is correct (step Sb11).
[0079]
As a result of this determination, if the set is correct, the mobile phone WWW server 50 configures the next menu page and sends it back to the mobile phone 10 (step Sb12).
On the other hand, as a result of this determination, if the set is not correct, a predetermined error screen is formed and returned to the mobile phone 10.
Hereinafter, in order to manage each session executed between the mobile phone 10 and the mobile phone WWW server 50 on the mobile phone WWW server 50 side, the data transmitted from the mobile phone 10 to the mobile phone WWW server 50 includes “Id = 10000” indicating the user ID is embedded.
[0080]
Now, when receiving the menu page, the cellular phone 10 interprets it and displays it on the LCD 111 (step Sb13). In the page displayed here, various menus are listed as shown in FIG.
[0081]
In order for the user to download the applet, the “library” button shown in FIG. 5C may be selected. In response to this selection operation, the cellular phone 10 sends a request for requesting the library page to the cellular phone. It transmits to the WWW server 50 for use (step Sb14). This request includes a character string consisting of “http://www-c.techfirm.co.jp/cgi-bin/libtop.cgi?id=10000” designated by the GET method.
[0082]
In response to the request, the mobile phone WWW server 50 activates libtop.cgi to form a library page (step Sb15), and returns this to the mobile phone 10 (step Sb16).
[0083]
When the mobile phone 10 receives the library page, it interprets it and displays it on the LCD 111 (step Sb17). The library page displayed here is a page for selecting applets stored in the database server 54 by category as shown in FIG. Here, for example, it is assumed that the user selects the “game” shown in FIG.
[0084]
In response to this selection operation, the cellular phone 10 transmits a request for requesting a game list page to the cellular phone WWW server 50 (step Sb18). This request includes a character string consisting of “http://www-c.techfirm.co.jp/cgi-bin/lib-game.cgi?id=10000&page1” specified by the GET method.
[0085]
In response to the request, the mobile phone WWW server 50 activates lib-game.cgi to configure the first page of the game list page (step Sb19), and transmits this to the mobile phone 10 (step Sb20).
[0086]
When the mobile phone 10 receives the first page of the game list page, it interprets it and displays it on the LCD 111 (step Sb21). In the page displayed here, title names of various games are listed as shown in FIG. Here, it is assumed that the user selects the title name “drops” shown in FIG. It should be noted that the game list page is not necessarily composed of only one page, but may naturally be composed of a plurality of pages. In this case, when the user selects “Next” shown in FIG. 21E, “http://www-c.techfirm.co.jp/cgi-bin/lib-game.cgi” is displayed. A request including the character string “? id = 10000 & page2” is transmitted from the mobile phone 10 to the mobile phone WWW server 50, and the second page of the game list is provided. Thus, the Nth page of the game list is provided by indicating “pageN” at the end of the request URI.
[0087]
In response to the selection operation, the cellular phone 10 transmits a request for requesting a game description of “drops” to the cellular phone WWW server 50 (step Sb22). This request includes a character string consisting of “http://www-p.techfirm.co.jp/cgi-bin/expl.cgi?id=10000&app=56789” specified by the GET method. Here, “app = 56789” means an application ID assigned to “drops”.
[0088]
In response to the request, the mobile phone WWW server 50 activates expl.cgi to form a description page for the “drops” game (step Sb23), and transmits this to the mobile phone 10 (step Sb24). At this time, the mobile phone WWW server 50 refers to the application registration master table AST in the database server 54 and refers to the explanatory text, the capture file, etc. corresponding to the designated applet, and configures an explanatory page.
[0089]
When the mobile phone 10 receives the explanation page, it interprets it and displays it on the LCD 111 (step Sb25). In the page displayed here, buttons for selecting various operations such as download, usage, and screen capture are displayed in addition to the explanatory text explaining the contents of “drops” as shown in FIG. Has been.
[0090]
The user refers to these explanations, and selects “download” shown in FIG. 21F if there is an intention to download this game to his / her mobile phone 10. In response to this selection operation, the cellular phone 10 transmits a request for downloading “drops” to the cellular phone 10 to the cellular phone WWW server 50 (step Sb26). This request includes a character string consisting of “http://www-c.techfirm.co.jp/56789/dl.cgi?id=10000” specified by the GET method.
[0091]
The mobile phone WWW server 50 starts dl.cgi in response to the request, configures download HTML data prepared corresponding to “drops” (step Sb27), and transmits this to the mobile phone 10. (Step Sb28). The HTML data for download has a configuration as shown in FIG.
In FIG. 22, among the parameters designated by the “param” tag, the parameter “ID” is used to identify the user when communicating with the mobile phone WWW server 50. The parameter “DLID” is uniquely issued every time data for download is created. As will be described later, when the mobile phone WWW server 50 communicates with an application on the mobile phone 10 side, the application Used to confirm the legitimacy of
[0092]
When the mobile phone 10 detects the “applet” tag from the received HTML data (step Sb29), the mobile phone 10 transmits a request for acquiring the JAR file specified by the “ARCHIVE” tag to the mobile phone WWW server 50. (Step Sb30). This request includes a character string consisting of “http://www-c.techfirm.co.jp/56789/drops.jar” specified by the GET method.
[0093]
In response to the request, the mobile phone WWW server 50 reads the JAR file indicated by the file name “drops.Jar” from the database server 54 (step Sb31), and transmits it to the mobile phone 10 (step Sb32).
[0094]
The mobile phone 10 receives the JAR file and writes it in the SRAM 104 (step Sb33).
When the acquisition of the JAR file is completed, the mobile phone 10 transmits a request indicating the completion of the download to the URL specified by “COMPLETE” in the HTML data described above (step Sb34). This request includes a character string consisting of “http://www-c.techfirm.co.jp/cgibin/dlfinish.cgi?id=10000&app=56789&DLID=99887766” specified by the GET method.
At the same time, when acquisition of the JAR file is completed, the mobile phone 10 is designated in the predetermined storage area in the SRAM 124 by the “CODE” tag in FIG. The parameter specified by the “param” tag and the host name “game.techfirm.co.jp” of the acquisition source are saved as the reference can be made. The downloaded applet can communicate only with the server from which it was acquired (host name “game.techfirm.co.jp”) due to limitations of the Java virtual machine JVM.
[0095]
The cellular phone WWW server 50 accesses the database server 54 by activating dlfinish.cgi in response to the request, and on the user access storage table UAT, the user ID “10000” and the application ID “56789”. In addition to incrementing the download count value by one count, the download date and time are written on the download ID management table DIT and the final download management table LDT (step Sb35). That is, the mobile phone WWW server 50 stores the download ID, application ID, and user ID as a set on the download ID management table DIT described above.
[0096]
When the mobile phone WWW server 50 receives data from the application of the mobile phone 10 and receives the three data as a set from the mobile phone 10, the mobile phone WWW server 50 compares the data with the data on the download management table. Thus, it is possible to recognize that the transmission source of the data is a legitimate application downloaded by the WWW server 50 to the mobile phone 10 itself. With this mechanism, it can be said that it is possible to prevent data falsification and spoofing from another terminal or by an unauthorized application.
[0097]
Then, the mobile phone WWW server 50 generates an OK message indicating that the download process has been completed, and transmits this to the mobile phone 10 (step Sb36).
When the mobile phone 10 receives the message, it interprets it and displays it on the LCD 111 (step Sb37), and the process shown in FIG.
[0098]
(3) Execution of applet
Next, applet execution processing will be described.
23 to 24 are sequence diagrams showing operations of the mobile phone 10 and the mobile phone WWW server 50 when the applet is executed. FIG. 25 is a diagram showing an example of a screen displayed on the LCD 111 of the mobile phone 10 at this time. It is.
In FIG. 23, first, the user operates the mobile phone 10 to read a list of downloaded applets from the SRAM 124 and display it on the LCD 111 (step Sc1). The list of applets displayed here has a structure as shown in FIG. 25A, for example, and lists downloaded applet names.
[0099]
Here, for example, when the user selects “drops” shown in FIG. 25A, the display on the LCD 111 transitions to a screen as shown in FIG. 25B, and uses whether or not the selected applet is activated. A message for inquiring the person is displayed (step Sc2).
[0100]
When the user selects “OK” in FIG. 25B, the mobile phone 10 activates the Java virtual machine JVM and designates “drops.class”, which is a class to be called first (step Sc3).
[0101]
Then, the cellular phone 10 transmits a request for notifying activation of the applet to the cellular phone WWW server 50 (step Sc4). This request includes a character string consisting of “http://game.techfirm.co.jp/start.cgi?id=10000&app=56789&DLID=99887766” specified by the GET method, as shown in FIG. Here, as described above, in order to confirm the validity of communication between the mobile phone WWW server 50 and the mobile phone 10 side application, the request includes “DLID = 99887766” indicating the download ID, application ID “App = 56789” indicating the user ID and “id = 10000” indicating the user ID are included.
[0102]
When the mobile phone WWW server 50 receives the request, it starts start.cgi, refers to the download ID table DIT in the database server 54, and sets the download ID, application ID, and user ID described above. It is determined whether or not the pair is correct.
Next, the mobile phone WWW server 50 increments the activation count corresponding to the received user ID “id = 10000” and application ID “app = 56789” on the user access storage table UAT by one count, On the last activation date storage table LRT, the last activation date corresponding to the user ID “id = 10000” and the application ID “app = 56789” is written (step Sc5).
[0103]
Then, the mobile phone WWW server 50 generates an OK message indicating that the activation has been approved, and sends it back to the mobile phone 10 (step Sc6).
[0104]
In response to this notification, the mobile phone 10 executes the applet of the “drops” game (step Sc7). A display example of the LCD 111 of the mobile phone 10 at this time is shown in FIG.
[0105]
Now, when the game that the user has played is finished and the game score becomes the highest in the past, the high score can be registered. This registration process is started when the user selects a high score button (not shown) on the game end screen (step Sc8).
[0106]
First, the cellular phone 10 transmits a request for requesting high score registration to the cellular phone WWW server 50 (step Sc9). This request includes a character string consisting of “http://game.techfirm.co.jp/56789/highsc.cgi?id=10000&sc=12256000” specified by the GET method, as shown in the figure. Here, “sc = 12256000” means that the score is 12256000 points.
[0107]
The mobile phone WWW server 50 activates highsc.cgi in response to the request and registers the specified score in a high score table (not shown) in the database server 54. When the high score registration process is completed, the mobile phone WWW server 50 generates an OK message indicating that the high score process is completed, and obtains the user name “Tech” (step and Sc10). Details of these processes will be described later using the flow shown in FIG.
[0108]
Then, the cellular phone WWW server 50 transmits the OK message and the user to the cellular phone 10 (step Sc11).
[0109]
When the cellular phone 10 receives the OK message and the user name, it interprets it and displays a screen as shown in FIG. 25 (d) (step Sc12). When “OK” is selected by the user on this screen, the original game screen is displayed on the LCD 111.
[0110]
When the user performs an operation for ending the game, the mobile phone 10 accepts this (step Sc13), and transmits a request for requesting the end of the applet to the mobile phone WWW server 50 (step Sc14). This request includes a character string consisting of “http://game.techfirm.co.jp/56789/exit.cgi?id=10000&app56789&DLID99887766” specified by the GET method, as shown in FIG.
[0111]
The mobile phone WWW server 50 starts exit.cgi, and similarly to the above, “DLID = 99887766” indicating the download ID, “app = 56789” indicating the application ID, and “id = 10000” indicating the user ID. ”After confirming the validity of the set, the difference between the time when the user ID“ 10000 ”starts the application ID“ 56789 ”and the time when the applet termination request is received is referred to the last startup date / time table LRT, That is, the applet execution time is obtained and registered in association with the user ID “10000” and the application ID “56789” on the user access storage table UAT (step Sc15).
[0112]
Then, the mobile phone WWW server 50 generates an OK message indicating that all the processes are completed, and transmits this to the mobile phone 10 (step Sc16).
[0113]
When the mobile phone 10 receives the message, it returns to its local menu display state (step Sc17), and the processing shown in FIG.
[0114]
(4) High score registration process
Hereinafter, the above-described high score registration process will be described using the flow shown in FIG.
As described above, when highsc.cgi is activated, the mobile phone WWW server 50 sets parameters for performing an open process for opening the high score table (step Sm1). Specifically, various parameters such as an application ID, an application password, and a table name are set. Here, the application password is a password issued in advance to the provider, and is defined in the code of highsc.cgi. The table name is a table name to be opened, and is “highscore” here.
[0115]
Next, the open process of the specified table is called, and the process proceeds to step Sn1. In step Sn1, an application ID and an application password are extracted from the set parameters, and it is determined whether or not these are a valid set (step Sn1).
[0116]
If it is determined that the set is valid (step Sn1; Yes), the application access management table AAT is referred to and it is determined whether or not the application indicated by the application ID can access the high score table (step Sn2). ).
[0117]
If the access is possible, the high score table is opened (step Sn3). If this is successful (step Sn4; Yes), the fact that the high score table has been successfully opened is returned (step Sn5).
[0118]
When it is received that the opening has been successful (step Sm2), the score and the date and time are registered on the high score table corresponding to the user ID (step Sm3).
[0119]
Then, the high score table is closed (step Sm6), then the user name acquisition process is called, and the user name is acquired accordingly (step Sm5). This user name acquisition process is performed in the same manner as the above-described high score table open process.
When the user name is acquired in this way, the OK message and the user name are returned from the mobile phone WWW server 50 to the mobile phone 10 as described above.
[0120]
Normally, applets can only communicate with the server from which they are downloaded, so multiple applets share a single server, and access management among applications becomes a problem. By controlling the area to be accessed exclusively, its safety can be ensured. In addition, for data that is used by various applications, such as data related to users, and for which privacy protection is important, the server provides a common application interface for the access, thereby eliminating data waste. And can improve security on privacy data.
[0121]
(5) Point voting
Next, the point voting process will be described.
FIG. 27 is a sequence diagram showing operations of the mobile phone 10 and the mobile phone WWW server 50 during point voting. FIG. 28 is a diagram showing an example of a screen displayed on the LCD 111 of the mobile phone 10 at this time.
In FIG. 27, first, the user operates the mobile phone 10 to start the browser and completes authentication using a password or the like from the mobile phone WWW server 50, as in the applet download process described above. Is displayed and displayed (step Sd1). In the page displayed here, various menus are listed as shown in FIG.
[0122]
In order to receive the point voting service, the “voting” button shown in FIG. 5C may be selected. In response to this selection operation, the mobile phone 10 sends a request for requesting a voting list page to the mobile phone. It transmits to the WWW server 50 (step Sd2). This request includes a character string consisting of “http://www-c.techfirm.co.jp/cgi-bin/votelist.cgi?id=10000&page=1” specified by the GET method.
[0123]
The mobile phone WWW server 50 activates votelist.cgi in response to the request, and configures a vote list page (step Sd3). That is, by accessing the database server 54 and referring to the last activation date / time storage table LRT, the final download management table LDT, and the user access storage table UAT, the user indicated by the user ID “10000” last downloaded the month, Or the number of voting points that the user can vote at the present time, extracting all the application IDs of applets whose last started month, last executed month, or last voted month is within 3 months And configure a list page to display them. At this time, in order to display all the data, the data may be divided into a plurality of pages.
Here, there is an upper limit on the number of points that one user can vote in a predetermined period, and here, it is assumed that 70 points can be voted monthly per person. Under this assumption, referring to the user access management table UAT shown in FIG. 11, the user ID “10000” has already voted a total of 40 points this month (June 2000). The remaining points that can be voted during the period will be 30 points.
[0124]
Now, the mobile phone WWW server 50 transmits the list page configured as described above to the mobile phone 10 (step Sd4).
[0125]
When the mobile phone 10 receives the list page, it interprets it and displays it on the LCD 111 (step Sd5). In the list page displayed here, as shown in FIG. 28A, the number of voting points and a list of applets that can be voted are displayed. Here, for example, the user selects the “drops” button shown in FIG.
[0126]
In response to this selection operation, the cellular phone 10 transmits a request for requesting a voting page to the cellular phone WWW server 50 (step Sd6). This request includes a character string consisting of “http://www-c.techfirm.co.jp/cgi-bin/voteinput.cgi?id=10000&app56789” specified by the GET method. The mobile phone WWW server 50 activates voteinput.cgi in response to the request, and configures a voting page (step Sd7). That is, by referring to the user access management table UAT, an input field for acquiring the number of points already voted this month for the application “56789” designated by the user ID “10000” and inputting the points is included. Configure the page.
[0127]
Then, the mobile phone WWW server 50 transmits the configured voting page to the mobile phone 10 (step Sd8).
[0128]
When the mobile phone 10 receives the vote page, it interprets it and displays it on the LCD 111 (step Sd9). As shown in FIG. 28B, the page displayed here is the number of points that can be voted for this month “30 points”, the number of points that have already voted for “drops” this month “10 points”, and point input The field to perform is displayed. Here, it is assumed that the user inputs “20” points in the input field shown in FIG. If the “Cancel” button is selected, the operation so far is canceled and the menu page is restored.
[0129]
In response to the selection operation, the cellular phone 10 transmits a request for requesting a point vote for “drops” to the cellular phone WWW server 50 (step Sd10). This request includes a character string consisting of “http://www-c.techfirm.co.jp/cgi-bin/vote.cgi?id=10000&app=56789&point=20” designated by the GET method. Here, “point = 20” means that the number of points voted this time is 20 points.
[0130]
The mobile phone WWW server 50 activates vote.cgi in response to the request, and registers the voted points in the database server 54 (step Sd11). That is, by accessing the user access storage table UAT of the database server 54, the point “20 points” input this time is added to the number of points “10 points” of this month of the application ID “56789” designated by the user ID “10000”. Is added and stored as “30 points”. Before storing, it is confirmed whether or not the upper limit of voting points for this month is exceeded by the points input by the user.
[0131]
Next, the mobile phone WWW server 50 generates a completion notification page indicating that all the processes have been completed, and transmits this to the mobile phone 10 (step Sd12). If the upper limit is exceeded, a page for displaying an error screen is formed and transmitted to the mobile phone 10.
[0132]
When the cellular phone 10 receives the completion notification page, it interprets this and displays a screen as shown in FIG. 28C on the LCD 111 (step Sd13), and the processing shown in FIG. 27 ends.
[0133]
In this way, there is a limit on the number of points that a user can vote for in a certain period, and because the user only performs point voting on applications that have been recently used, the user can It is possible to eliminate fraudulent activities such as arbitrarily voting points.
[0134]
(6) Calculation of license amount
Next, calculation of the license amount for each provider by the aggregation server 55 will be described. There are roughly two methods for calculating the license amount, which will be described in order below.
[0135]
FIG. 29 is a flowchart showing an operation in which the aggregation server 55 calculates the license amount according to the first method.
This calculation of the license amount is executed in units of a predetermined calculation period such as every month or every six months. Here, one month is the calculation period, and the calculation date is the last day of every month.
[0136]
The counting server 55 refers to a timer (not shown) and determines whether or not this calculation date has arrived (step Se1).
The process of step Se1 is repeated until the calculation date arrives (step Se1; No). When the calculation date arrives (step Se1; Yes), the process proceeds to step Se2.
[0137]
The aggregation server 55 refers to the user payment management table UPT in the database server 54 and calculates the total amount of usage fees received from all users within the target calculation period (step Se2).
[0138]
A part of the total amount of the usage fee is paid as a license amount to the provider, and the remaining amount is profited by the manager of the server group 5. What percentage of the total usage fee is paid to the provider is determined in advance, and is assumed here to be 30%. Therefore, the aggregation server 55 calculates an amount license-total applicable to the license amount by multiplying the total usage fee calculated in step Se1 by 30% (step Se3). For example, if the total amount of usage fees calculated in step Se1 is 1 million yen, the license-total that can be used for the license amount is 300,000 yen.
[0139]
Next, the aggregation server 55 refers to the user access storage table UAT of the database server 54, extracts the number of downloads of all the applications downloaded in the calculation target period, and calculates these as the total value, total-dl Is calculated (step Se4). For example, in the case of the user access storage table UAT shown in FIG. 11, if the month to be calculated is “June”, “2”, “3”, “2” are extracted as the corresponding download numbers, and these total values total-dl is “7”.
[0140]
Subsequently, the aggregation server 55 refers to the user access storage table UAT, extracts the number of activations of all applications in the calculation target period, and calculates total-launch that is the total value thereof (step Se5). . For example, in the case of the user access storage table UAT shown in FIG. 11, if the month to be calculated is “June”, “5”, “8”, “9” are extracted as the corresponding activation times, and the total of these is calculated. The value total-launch is “22”.
[0141]
Next, the aggregation server 55 refers to the user access storage table UAT, extracts the execution times of all applications in the period to be calculated, and calculates total-run that is the total value thereof (step Se6). . For example, in the case of the user access storage table UAT shown in FIG. 11, if the month to be calculated is “June”, the corresponding activation times are “23 (minutes)”, “40 (minutes)”, “38 (minutes). ) ”Is extracted, and the total value total-run thereof is“ 101 (minutes) ”.
[0142]
Next, the aggregation server 55 refers to the user access storage table UAT, extracts the number of points of all applications in the calculation target period, and calculates the total value of these values (step Se7). . For example, in the case of the user access storage table UAT shown in FIG. 11, if the month to be calculated is “June”, “30”, “60”, “0” are extracted as the corresponding points, and the total of these points is extracted. The value total-point is “90”.
[0143]
In the following calculation process, the license amount is calculated in order for each application. Therefore, it is determined whether or not the calculation has been completed for all the applications (step Se8), and if not (step Se8; No), the process proceeds to step Se9.
[0144]
In step Se <b> 9, the aggregation server 55 calculates a license amount license-fee to be paid to the provider of the application for a specific application (for example, application ID “56789”).
This calculation is performed according to the calculation formula shown in Formula 1.
License amount license-fee
= {(Number of downloads of a specific application in the target month / total-dl) x Rd
+ (Number of launches of a specific application in the target month / total-launch) x Rl
+ (Specific application execution time in the target month / total-run) x Rr
+ (Points of specific application in the target month / total-point) x Rp}
× License available amount total-license ・ ・ ・ Formula 1
[0145]
Here, Rd, Rl, Rr, and Rp are weighting parameters assigned to the number of downloads, the number of activations, the execution time, and the number of points in calculating the license amount, and Rd ≧ 0, Rl ≧ 0, Rr ≥0, Rp≥0, Rd + Rl + Rr + Rp = 1.
[0146]
For example, a calculation example in the case where Rd = 0.2, Rl = 0.3, Rr = 0.35, and Rp = 0.15 is set will be described.
As described above, total-license = 300,000 yen, total-dl = 7, total-launch = 22, total-run = 101, total-point = 90. Further, referring to the user access storage table UAT, “the number of downloads of the specific application in the target month (application ID 56789, the same applies hereinafter)” is “4”, “the number of times the specific application is started in the target month” is “14”, “ “Execution time of specific application in the target month” is “61 (minutes)”, and “Point number of specific application in the target month” is “30”. It can be calculated as 16.7 million yen.
Such calculation is executed for each application, and when the execution is completed for all the applications (step Se8; Yes), the processing shown in FIG.
[0147]
Next, FIG. 30 is a flowchart showing an operation in which the aggregation server 55 calculates the license amount according to the second method.
The calculation of the license amount according to the second method is not performed for each application as in the first method described above, but is performed for each user.
[0148]
First, the aggregation server 55 refers to a timer (not shown) and determines whether or not a calculation date has arrived (step Sf1).
The process of step Sf1 is repeated until the calculation date arrives (step Sf1; No), and when the calculation date arrives (step Se1; Yes), the process proceeds to step Sf2.
[0149]
In the following, since the license amount is calculated for each user, it is determined whether or not the processing has been completed for all users. If it is determined that the processing has not been completed (step Sf2; No), the process proceeds to step Sf3. .
[0150]
In step Sf3, the tabulation server 55 targets a specific user (for example, user ID “10000”), refers to the user deposit management table UPT, and the usage fee for the target month of the user is deposited. It is judged whether it is done.
If it is determined that no deposit has been made (step Sf3; No), the process returns to step Sf2, and the same process is performed by changing the user to be processed.
[0151]
On the other hand, if it is determined that the money has been deposited (step Sf3; Yes), the process proceeds to step Sf4.
[0152]
In step Sf4, the tabulation server 55 multiplies a certain amount of usage fee paid by the user in the target month by, for example, 30%, for example, a license amount u-license-total that can be applied from one usage fee. Calculate
[0153]
Next, the aggregation server 55 refers to the user access storage table UAT of the database server 54 and calculates the total number of times u-total-dl downloaded by the user with the user ID “10000” in the calculation target period. (Step Sf5).
[0154]
Subsequently, the aggregation server 55 refers to the user access storage table UAT, and calculates the total number of activations u-total-launch of the user with the user ID “10000” in the calculation target period (step Sf6). .
[0155]
Next, the aggregation server 55 refers to the user access storage table UAT and calculates the total execution time u-total-run of the execution of the application by the user with the user ID “10000” during the calculation target period. (Step Sf7).
[0156]
Next, the aggregation server 55 refers to the user access storage table UAT, and calculates the total number of points voted by the user with the user ID “10000” during the period to be calculated (step Sf8). .
[0157]
Then, the aggregation server 55 corresponds to the user with the user ID “10000” in the calculation target period, the number of downloads u-total-dl, the number of activations u-total-launch, the execution time u-total-run, It is determined whether all the number of points u-total-point has been calculated (step Sf9).
[0158]
Then, the aggregation server 55 calculates the license amount license-fee for each application corresponding to the user with the user ID “10000” in the period to be calculated (step Sf10).
This calculation is performed according to the calculation formula shown in Formula 2.
License amount u-license-fee
= {(Number of downloads of specific application of specific user in target month / u-total-dl) x Rd
+ (Number of launches of specific applications of specific users in the target month / u-total-launch) x Rl
+ (Execution time of specific application of specific user in target month / u-total-run) x Rr
+ (Number of specific application points for specific users in the target month / u-total-point) x Rp}
× License available amount u-total-license ... Formula 2
[0159]
Here, Rd, Rl, Rr, and Rp are parameters having the same meaning as the parameters described above. The license amount u-license-fee calculated by Equation 2 is how to distribute the usage amount paid by the user with the user ID “10000” to the provider of the application used by the user. It is a value indicating that.
Next, the aggregation server 55 adds and writes the calculated license amount u-license-fee to the application statistics table ATT (step Sf11), and then returns to step Sf9 to complete all calculations for this user. The above-described processing is repeated until the end.
When all the calculations for the user are completed (step Sf9; Yes), the process returns to step Sf2 to target the next user.
[0160]
In this way, the license amount calculation processing is performed for all users and all applications, and the processing shown in FIG.
The calculated license amount is deposited into a bank account registered in advance by the provider.
[0161]
(7) Various searches by providers
The provider who uploaded the application to the server group 5 can search for the license amount and usage status of his application by accessing the database server 54 using the PC 21.
Hereinafter, a search operation performed by the PC WWW server 51 in response to a request from the provider's PC 21 will be described.
[0162]
FIG. 31 is a flowchart showing a main routine of the PC WWW server 51 at the time of search.
The process shown in the figure is started in response to an access request from the PC 21.
First, the PC WWW server 51 reads the initial menu screen data from its own hard disk and transmits it to the PC 21 (step Sg1).
This processing menu screen is, for example, a screen as shown in FIG. 32, and includes a field for inputting a search target period, a provider ID, and an application ID, a provider search button, an application search button, and an end button. Yes. The provider search is a search for each provider designated by the provider ID, whereby the license amount paid to the provider and the unpaid amount can be grasped. The application search is a search for each application specified by the application ID, whereby the usage status of the application, the license amount corresponding to the application usage, and the like can be grasped.
[0163]
When the provider inputs the search target period and various IDs on this initial menu screen and clicks the corresponding search button, the PC WWW server 51 detects this (step Sg2; Yes) and sets the type of the input button. Identify (step Sg3).
[0164]
In accordance with the identified button type, a subroutine for provider search and application search as described later is executed. When it is detected that the button is an end button, the PC WWW server 51 performs a predetermined end process and ends the process shown in the figure (step Sg4).
[0165]
FIG. 33 and FIG. 34 are flowcharts showing processing operations when the PC WWW server 51 performs a provider search.
In FIG. 33, first, the PC WWW server 51 refers to the provider master table LMT in the database server 54, compares the stored provider ID with the provider ID input by the provider, and performs authentication. (Step Sh1).
[0166]
As a result of this authentication, if both provider IDs do not match (step Sh1; No), the PC WWW server 51 displays a predetermined error screen on the PC 21 (step Sh2), and the provider displays the figure on this screen. After waiting until an “OK button” (not shown) is selected (step Sh3), the process returns to step Sg1 of the main routine.
[0167]
On the other hand, if both the provider IDs match as a result of the authentication, the PC WWW server 51 searches the application registration master table AST using the provider ID as a key, and acquires all corresponding application IDs. (Step Sh4).
[0168]
If no corresponding application ID is found as a result of this search (step Sh5; Yes), the PC WWW server 51 displays a message to that effect on the PC 21 (step Sh6), and the provider displays the message on this screen. (Step Sh7), the process returns to step Sg1 of the main routine.
[0169]
On the other hand, when a corresponding application ID is found as a result of this search (step Sh5; No), the PC WWW server 51 pays attention to a specific application ID among the acquired application IDs, and sets the application ID. The application statistics table ATT is searched using the key, and the corresponding license amount is extracted. Further, the license amount is divided depending on whether the “payment flag” in the application statistics table is “completed” or “not yet” (step Sh9).
[0170]
After performing the processing of step Sh9 for all the extracted application IDs, the PC WWW server 51 adds the total of the extracted license amounts and the total of the license amounts corresponding to “unpaid” of the “payment flag”. Is calculated (step Sh10). As a result, the total license amount for a specific application and the total of the unpaid license amount are calculated.
[0171]
The processes in steps Sh9 and Sh10 are performed for all the application IDs extracted in step Sh4. When this is confirmed (step Sh8; Yes), the process proceeds to step Sh11 shown in FIG.
[0172]
In step Sh11, the PC WWW server 51 sums the license amount calculated for each application and the unpaid license amount over the entire search target period, and grasps the entire license amount for the provider. Next, the PC WWW server 51 pays attention to the total unpaid license amount and determines whether or not this amount is less than a predetermined amount (step Sh12). That is, when the license amount to be paid to the provider is too small, it may be assumed that the payment cost is higher than the license amount when the payment process is performed through a financial institution such as a bank. In preparation for such a case, the administrator of the server group 5 concludes with the provider that the license amount less than the predetermined amount is exempt from payment. Here, for example, 2000 yen is set as the lower limit of payable amount, and the license amount less than this is set as payment exemption.
[0173]
If the unpaid license amount is less than 2000 yen as a result of this determination, the PC WWW server 51 clears the unpaid license amount.
[0174]
On the other hand, when the unpaid license amount is 2000 yen or more, the PC WWW server 51 sets the unpaid license amount as an unpaid license amount to be presented to the provider (step Sh14), and a search result screen as shown in FIG. Is generated and displayed on the PC 21 (step Sh15).
In the figure, for the provider indicated by the provider ID “8898”, the license amount already received as of May 2000 is “2,423,500 yen” and should be received as of June 2000. The license amount is “1,901,250 yen”, the total of the license amount received so far and the license amount to be received from now on is “5,283,340 yen”, and the total unpaid license amount to be received from now on is “ 3,154,200 yen ". As for the total amount of unpaid licenses, “3,154,200 yen” also means the total amount of licenses that can be paid.
[0175]
Then, when the PC WWW server 51 detects the selection operation of the “return” button by the provider (step Sh16; Yes in FIG. 34), the PC WWW server 51 returns to step Sg1 of the main routine.
[0176]
FIG. 36 is a flowchart showing a processing operation when the PC WWW server 51 performs an application search.
First, the PC WWW server 51 refers to the application registration master table AST in the database server 54, compares the stored application ID with the application ID input by the provider, and performs authentication (step Sj1).
[0177]
If the application IDs do not match as a result of the authentication, the PC WWW server 51 displays an error screen on the PC 21 (step Sj2), and the provider selects an “OK button” (not shown) on this screen. (Step Sj3) and then returns to Step Sg1 of the main routine.
[0178]
On the other hand, if both the application IDs match as a result of the authentication, the PC WWW server 51 searches the application registration master table AST using the application ID and each month including the search target year and month as a key. The corresponding number of downloads, number of activations, execution time, number of voting points, and license amount are acquired (step Sj5).
[0179]
Further, the PC WWW server 51 also acquires only the license amount for which the payment flag is set to “not yet” (step Sj6).
Such processes of steps Sj5 and Sj6 are performed for all the designated search target periods, and when this is confirmed (step Sj4; Yes), the process proceeds to step Sj7.
[0180]
In step Sj7, the PC WWW server 51 generates a search result screen as shown in FIG.
In the figure, the number of downloads, the number of activations, the execution time, the number of voting points, the license amount and the unpaid license amount are displayed for each designated month and year. Then, when the selection operation of the “return” button by the provider is detected (step Sj8; Yes in FIG. 36), the PC WWW server 51 returns to step Sg1 of the main routine shown in FIG.
[0181]
Thus, according to the embodiment, since the application is authenticated on the mobile phone WWW server 50 side using the download ID issued in response to the download request, the mobile phone 10 side is more secure without imposing a burden. Highly authentic authentication can be performed.
In addition to the download ID, the user ID, application ID, and download date / time are used to further improve the certainty of authentication.
[0182]
C: Modification
As described above, the present invention is not limited to the above-described embodiment, and various modifications can be made.
(1) Parameters for license amount allocation
In the embodiment, the number of downloads or the like is disclosed as a parameter for allocating the license amount, but the type of parameter is not limited to this.
In the embodiment, the license amount is obtained by proportional distribution using various parameters. However, the present invention is not limited to this, and it can also be realized by adding another distribution method such as adding the basic service charge and distributing it. It is.
[0183]
(2) Management of payment status
In the embodiment, the payment status is managed for each user using the user deposit management table UPT. However, the present invention is not limited to this, and only the total amount of the usage fee received from the user may be managed as the payment status. For example, a collection service of usage charges from each user is requested to an external specific vendor, and the server group 5 stores only the total amount collected every month on the user deposit management table UPT. In this way, the calculation process in step Se2 described above can be omitted.
[0184]
(3) Types of usage charges
In the embodiment, the usage fee to be paid every month by all users is a fixed amount, but is not necessarily limited to such a mode.
For example, users may be classified into classes and the usage fee may be changed for each class. This class can be divided according to, for example, the classification according to the usage status such as the number of downloads, execution time, and the number of activations of each user, or the difference in resource occupancy such as the database that the server group 5 occupies for each user. The classification can be considered.
[0185]
(4) Application usage restrictions
In the embodiment, no restriction is imposed on the use of the application for each user. That is, the user can use the downloaded application without limitation. However, the present invention is not limited to this, and some usage restrictions can be provided. For example, an upper limit may be set for at least one of the number of downloads, the number of activations, and the execution time for a certain period for the user.
Hereinafter, an example of an embodiment in which such usage restrictions are provided will be described.
First, it is assumed that the upper limit of the number of downloads per month for each user is 20 times, the upper limit of the number of activations is 100 times, and the upper limit of execution time is 300 minutes.
A specific sequence for checking whether or not these upper limits are exceeded is as follows.
When the mobile phone WWW server 50 receives the download request signal from the user's mobile phone 10 (step Sb25 described above), the mobile phone WWW server 50 refers to the user access storage table UAT in the database server 54 and refers to the user's current month. Calculate the total number of downloads.
Then, if the calculated download count is 20 times or more, which is the upper limit of the download count described above, the mobile phone WWW server 50 transmits an error message to the mobile phone 10 indicating that the download is not possible. In this way, the upper limit of the number of downloads can be checked.
Further, when an application activation operation is performed in the cellular phone 10 and the cellular phone WWW server 50 receives an activation signal from the cellular phone 10 (step Sc4 described above), the user access storage table UAT in the database server 54 is referred to. Then, the total number of activations and execution times of the user in the month is calculated. Then, the mobile phone WWW server 50 determines whether the calculated number of activations or execution time is equal to or greater than 100, which is the upper limit of the number of activations described above or 300 minutes, which is the upper limit of the execution time. Send an error message that the application cannot be started / executed. The mobile phone 10 that has received this message does not activate or execute the application. In this way, the upper limit of the number of activations can be checked. It should be noted that, by exceeding the upper limit of the number of times of activation or execution time, the application may be prohibited from being downloaded instead of prohibited from being activated / executed.
[0186]
(4) Accessible table
As described in the above-described high score registration process, in the embodiment, a table that can be accessed in an application unit is defined, but the same effect can be obtained by defining a table that can be accessed in a provider unit of an application. Obtainable.
[0187]
(5) Session identification
In the embodiment, the URL is used to identify the session, or the ID is embedded in the HIDDEN parameter of the INPUT tag. However, this session management may use a cookie file by issuing a special session identifier, Basic authentication, which is a function of the WWW server, may be used for the authentication itself.
[0188]
(6) Application storage
In the embodiment, the application is explicitly saved, but it can also be realized by saving and caching in a temporary storage memory for operating the application on the browser of the mobile phone 10.
[0189]
(7) Page description format
In the embodiment, HTML data is used. However, the present invention is not limited to this. For example, another description language such as XML (Extensible Markup Language) may be used.
[0190]
(8) Variation of point voting process
In the embodiment, a list of application names for which points can be voted is displayed to the user. However, the list display is not limited to this. For example, an application ID or an application name is input from the user interface of HTML data transmitted by the mobile phone WWW server 50, and a vote page for the application is displayed. It can also be displayed. In this case, when the WWW server 50 receives an HTTP request with an application ID or application name, it checks whether the application ID or application name exists, and if not, displays an error message on the mobile phone 10. .
If the user who has logged in to the mobile phone WWW server 50 has not downloaded, started, executed, or voted points for the specified application within the past three months, a voting invalid message is displayed. You may do it.
Further, in the embodiment, the input interface for voting points is provided by the HTML form. However, an input interface is prepared on an application to be downloaded to the mobile phone 10, and voting data is directly input from the input interface on the application. You may make it transmit.
FIG. 38 shows a sequence representing operations of the mobile phone 10 and the mobile phone WWW server 50 in this case. In the figure, the mobile phone 10 displays an input interface for point input at the end of an applet such as a game over, for example (step Sp1), and accepts an input from the user (step Sp2). Then, the mobile phone 10 transmits a get request including “http://game.techfirm.co.jp/56789/vote.cgi?id=10000&app56789&DLID99887766&point30” to the WWW server 50 for mobile phone. On the other hand, the mobile phone WWW server 51 prepares a server application for receiving the voting data, and when a voting point is directly input and transmitted from the application on the mobile phone 10 side, the user applies the application. And accepts voting even if the data related to download, activation, and point voting stored in the database server 54 is older than three months. This makes it possible to accept voting points even in a server group in which activation of an application on the mobile phone 10 side cannot be detected.
[0191]
(9) Application authentication variations
Various variations can be considered for application authentication. For example, there are first to fourth variations as described below.
[0192]
(9-1) First variation
First, the first variation will be described.
In the embodiment, a download ID is uniquely issued for each download request event, embedded in a “param” tag in HTML data designating download, and the mobile phone 10 stores and uses this to store the application. Authentication was performed. However, if the mobile phone 10 has a function of storing a URL for acquiring HTML data designating download and the application on the mobile phone 10 side can acquire the URL, the following is performed. Also good.
[0193]
The mobile phone WWW server 50 adds a download ID to the URL for the mobile phone 10 to acquire the above-described HTML data.
The application on the mobile phone 10 side requests HTML data from the mobile phone WWW server 50 according to the URL. This request includes a user ID, an application ID, and a download ID. The cellular phone WWW server 50 associates these IDs and stores them in the download ID management table DIT.
When an application on the mobile phone 10 side requires a download ID, first, the stored URL is obtained from the application interface of the mobile phone 10 and the download ID or data including this is extracted from this URL. Then, it is transmitted to the mobile phone WWW server 50 together with the user ID and application ID. On the other hand, the mobile phone WWW server 50 refers to the download management table DIT and can confirm whether or not the combination of the received user ID, application ID, and download ID is a correct set.
[0194]
More specifically, in step Sb22 of FIG. 19, the mobile phone WWW server 50 issues a unique download ID (DLID = 99887766) when configuring the explanation page, and the menu shown in FIG. The URL of the hyperlink embedded in the item “download” is set as “http://game.techfirm.co.jp/56789/dl.cgi?id=10000&app=56789&DLID=99887766”. When “download” is selected by the user (step Sb25 in FIG. 20), the mobile phone 10 transmits a request including the URL embedded in “download” to the WWW server 50 for mobile phone. At this time, the mobile phone 10 stores the URL “http://game.techfirm.co.jp/56789/dl.cgi?id=10000&app=56789&DLID=99887766”. On the other hand, the mobile phone WWW server 50 that has received the request stores the user ID “10000”, the application ID “56789”, and the download ID “99887766” in association with each other in the download ID management table DIT.
Thereafter, when the application (app = 56789) of the mobile phone 10 accesses the mobile phone WWW server 50, the user ID, the application ID, and the download ID are extracted from the stored URL. , Request signals including these are transmitted to the server 50. On the other hand, the mobile phone WWW server 50 refers to the download management table DIT in response to the request, and authenticates the application by confirming the combination of the IDs.
It should be noted that the same effect can be obtained even if a URL that is in the form of a form and is assembled by a browser on the mobile phone 10 is transmitted in the above-described format.
[0195]
(9-2) Second variation
Next, a second variation of application authentication will be described.
If the mobile phone 10 has a function of storing the URL of an application designating download, and the application on the mobile phone 10 side can acquire the URL, the following may be performed.
[0196]
When creating the HTML data designating download (step Sb26 shown in FIG. 20), the mobile phone WWW server 50 issues a unique download ID and adds it to the URL of the application in the HTML data.
If there is an application download request using the above URL from the mobile phone 10, the mobile phone WWW server 50 stores the user ID, application ID, and download ID in the download ID management table DIT accordingly. To do.
When the application on the mobile phone 10 side requires a download ID, the stored URL is acquired from the application interface of the mobile phone 10, and the download ID or data including this is extracted from this URL. The information is transmitted to the mobile phone WWW server 50 together with the user ID and application ID. On the other hand, the mobile phone WWW server 50 refers to the download management table DIT and can confirm whether or not the combination of the received user ID, application ID, and download ID is a correct set.
[0197]
More specifically, in step Sb26 of FIG. 20, the mobile phone WWW server 50 generates a tag specifying an application as shown in FIG. 39, and transmits HTML data including this tag to the mobile phone 10. .
In addition, a server application “getjar.cgi” is arranged on the mobile phone WWW server 50 side, and when this server application is started, a user ID “10000”, an application ID “56789”, and a download ID “99887766” are downloaded. The request is stored in the ID management table DIT together with the date and time when the request is received, and the JAR file “drops.jar” of the designated application is transmitted to the mobile phone 10.
On the other hand, the mobile phone 10 stores a URL “http://game.techfirm.co.jp/getjar.cgi?id=10000&app=56789&DLID=99887766&file=drops.jar”.
Thereafter, when the application (app = 56789) of the mobile phone 10 accesses the mobile phone WWW server 50, the user ID, the application ID, and the download ID are extracted from the stored URL. The request signal including this is transmitted to the server 50.
On the other hand, the mobile phone WWW server 50 refers to the download management table DIT in response to the request, and authenticates the application by confirming the combination of the IDs.
[0198]
(9-3) Third variation
Next, a third variation of application authentication will be described.
If the mobile phone has a memory area in which data can be stored and referenced by an application, the mobile phone WWW server 50 does not assign a download ID in advance, but the application on the mobile phone 10 side assigns the download ID. You may acquire from the server 50 at the arbitrary timings before transmitting to the WWW server 50 for mobile phones.
[0199]
More specifically, in the embodiment, when downloading the applet shown in FIG. 20 (steps Sb26 to Sb35), the mobile phone WWW server 50 issues a download ID (DLID) and stores it. In the third variation, the download ID is not issued at this point. Therefore, at this time, the download ID field of the download management table DIT is blank.
Thereafter, when the mobile phone 10 starts the application for the first time as in step Sc4 in FIG. 23, the URL for transmitting the request to the server 50 is “http://game.techfirm.co.jp/start.cgi? id = 10000 & app = 56789 & DLID = ”. That is, the mobile phone 10 transmits “DLID” in the request as empty information.
In step Sc5, when the mobile phone WWW server 50 receives the request, it starts start.cgi, refers to the download ID table DIT in the database server 54, and has an application ID “56789” included in the URL. The record is searched using the user ID “10000” as a key, and the record with the latest download date is selected from the extracted records.
[0200]
If the download ID field of the selected record is blank, the mobile phone WWW server 50 issues a new unique download ID and stores it in the download ID management table DIT.
Thereafter, similarly to the above-described embodiment, the process of incrementing the number of activations on the user access storage table UAT and the update of the last activation date storage table LRT are performed. Then, the mobile phone WWW server 50 generates a message ("OK [DLID = 99887766]") in which the issued download ID is added as a parameter to the OK message indicating that the activation has been approved, and returns it to the mobile phone 10 To do.
[0201]
On the other hand, if the download ID field of the selected record is not blank, the mobile phone WWW server 50 considers that a new download ID has been requested even though the download ID has already been issued, and the above-mentioned. Without performing the increment process or the update process, an NG message (“NG”) indicating that the activation is not approved is generated and returned to the mobile phone 10.
[0202]
Note that if the “DLID” included in the request URI received from the mobile phone 10 is not empty information, that is, if any ID value is included, the processing of Step Sc5 and Step Sc6 described above is performed. That is, in addition to application authentication based on a combination of the download ID, application ID, and user ID included in the request URI, update processing of the user access storage table UAT and the last activation date storage table LRT, and transmission of a message to the mobile phone 10 Process.
As described above, in the third variation, the application is authenticated according to whether or not the download ID field is issued.
[0203]
(9-4) Fourth variation
Next, a fourth variation of application authentication will be described.
If the mobile phone 10 stores the date and time when the application is downloaded and can reference the download date and time by the application, the following may be performed.
[0204]
The mobile phone WWW server 50 stores in the final download management table LDT the date and time when the user specified by the user ID at the time of downloading the application last downloaded the application indicated by the application ID. On the other hand, the mobile phone 10 also stores the date and time when the application is downloaded.
When an application downloaded to the mobile phone 10 accesses the mobile phone WWW server 50 that requires authentication, the download date and time stored in the mobile phone 10 is acquired from the application interface of the mobile phone 10. Is transmitted to the mobile phone WWW server 50 together with the user ID and the application ID.
On the other hand, the mobile phone WWW server 50 scans the final download management table LDT and acquires the download date and time corresponding to the received user ID and application ID. Then, if the time difference between the acquired download date and time and the download date and time received from the mobile phone 10 is within an allowable range considering the download overhead time, for example, within 10 minutes before and after, it is determined that the application is valid.
[0205]
More specifically, the request transmitted from the mobile phone 10 in step Sd10 shown in FIG. 27 includes “http://game.techfirm.co.jp/vote.cgi?ID=10000&app=56789&dltime=200006031925&point=20 Is included. Here, “dltime = 200006031925” means that it was downloaded at 19:25 on June 3, 2000.
The mobile phone WWW server 50 that receives this request searches the final download management table DIT for the download date and time using the user ID “10000” and the application ID “56789” as keys, and the download date and time obtained above, The validity of the application is determined by comparing with “dltime = 200006031925” in the URL.
[0206]
(10) Uniqueness of download ID
In the embodiment, the download ID is a completely unique ID by itself, but may be determined as unique information in combination with other information. For example, it may be determined that the combination of the user ID and the download ID is unique throughout the system.
[0207]
【The invention's effect】
As described above, according to the present invention, since the application is authenticated on the server side using the download identifier issued in response to the download request event, more secure authentication can be performed without imposing a burden on the terminal side. It can be carried out.
In addition to the download identifier, use of a user identifier, an application identifier, and a download date / time further improves authentication reliability.
[Brief description of the drawings]
Brief Description of Drawings
FIG. 1 is a block diagram showing an overall configuration of a system according to an embodiment of the present invention.
FIG. 2 is a block diagram showing a hardware configuration of the mobile phone according to the embodiment.
FIG. 3 is a block diagram showing a process configuration of the mobile phone in the same embodiment;
FIG. 4 is a block diagram showing a process configuration of a WWW server in the embodiment.
FIG. 5 is a diagram showing an example of registered contents of a provider master table in the embodiment.
FIG. 6 is a diagram showing an example of registration contents of an application registration master table in the embodiment.
FIG. 7 is a diagram showing an example of registered contents of an application access management table in the same embodiment.
FIG. 8 is a diagram showing an example of registration contents of an application statistics table in the embodiment.
FIG. 9 is a diagram showing an example of registered contents of a user master table in the embodiment.
FIG. 10 is a diagram showing an example of registered contents of a last activation date storage table in the same embodiment.
FIG. 11 is a diagram showing an example of registered contents of a user access storage table in the same embodiment.
FIG. 12 is a diagram showing an example of registered contents of a user deposit management table in the embodiment.
FIG. 13 is a diagram showing an example of registered contents of a download ID management table in the embodiment.
FIG. 14 is a diagram showing an example of registered contents of a final download management table in the embodiment.
FIG. 15 is a sequence diagram showing a flow of applet search processing in the embodiment;
FIG. 16 is a sequence diagram showing a flow of applet search processing in the embodiment;
FIG. 17 is a schematic diagram showing an example of a screen displayed on the personal computer during applet search processing according to the embodiment;
FIG. 18 is a sequence diagram showing a flow of applet download processing in the embodiment;
FIG. 19 is a sequence diagram showing a flow of applet download processing in the embodiment;
FIG. 20 is a sequence diagram showing a flow of applet download processing in the embodiment;
FIG. 21 is a schematic diagram showing an example of a screen displayed on the mobile phone during the applet download process according to the embodiment;
FIG. 22 is a diagram showing an example of HTML data transmitted from the mobile phone WWW server to the mobile phone in the embodiment.
FIG. 23 is a sequence diagram showing the flow of applet execution processing in the embodiment;
FIG. 24 is a sequence diagram showing the flow of applet execution processing in the embodiment;
FIG. 25 is a schematic diagram illustrating an example of a screen displayed on the mobile phone during applet execution processing in the embodiment;
FIG. 26 is a flowchart showing a flow of high score registration processing in the embodiment;
FIG. 27 is a sequence diagram showing a flow of point voting processing in the embodiment.
FIG. 28 is a schematic diagram showing an example of a screen displayed on the mobile phone at the time of point voting in the embodiment.
FIG. 29 is a flowchart showing a flow of a license amount calculation process in the embodiment.
FIG. 30 is a flowchart showing a flow of a license amount calculation process in the embodiment.
FIG. 31 is a flowchart showing the flow of a provider search process in the embodiment.
FIG. 32 is a schematic diagram showing an example of a screen displayed on the mobile phone during a provider search process in the embodiment.
FIG. 33 is a flowchart showing a flow of a provider search process in the embodiment.
FIG. 34 is a flowchart showing a flow of a provider search process in the embodiment.
FIG. 35 is a schematic view showing a display example of a provider search processing result in the embodiment;
FIG. 36 is a flowchart showing a flow of application search processing in the embodiment;
FIG. 37 is a schematic diagram showing a display example of an application search processing result in the embodiment.
FIG. 38 is a sequence diagram showing a flow of processing during point voting in another embodiment.
FIG. 39 is a diagram showing an example of HTML data transmitted from a mobile phone WWW server to a mobile phone in another embodiment.
[Explanation of symbols]
1 ... user terminal group,
10: Mobile phone (mobile wireless terminal), KI: Key interface unit,
DI: Screen interface part, DD: Data communication driver,
SM: Speaker / microphone controller, MI: Memory interface,
FW ... Firmware, JVM ... Java Virtual Machine,
BS ... Browser, TS ... Telephone function part, SS ... Setting part,
APP ... Java applet,
11 ... Personal computer,
2 ... provider terminal group, 20 ... personal computer,
3 ... Mobile packet communication network (wireless communication network),
4 ... Internet, 5 ... Server group (information distribution server system),
50 ... WWW server for mobile phones (identifier issuing unit, identifier notifying unit, authentication unit, request receiving unit, application distribution unit, download timing unit),
51 ... WWW server for personal computer,
52 ... DNS server, 53 ... SMTP server,
54 ... database server, 55 ... aggregation server,
56 ... Administrator console, 57 ... Firewall server,
LMT: Provider master table,
AST: Application registration master table,
AAT: Application access management table,
ATT ... Application statistics table,
UMT ... User master table, LRT ... Last activation date and time storage table
UAT: User access storage table,
UPT ... User deposit management table,
DIT: Download ID management table (identifier storage unit),
LDT ... Last download management table

Claims (19)

In an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network,
An identifier issuing unit that issues a download identifier for identifying the request event in response to a download request from the wireless portable terminal;
An identifier storage unit that stores the issued download identifier in association with the application identifier unique to the application that is the target of the request event indicated by the download identifier;
An identifier notifying unit that transmits the response signal transmitted to the wireless portable terminal in response to the download request, including the issued download identifier,
When the download identifier and the request signal including the application identifier are received from the application downloaded to the wireless portable terminal, whether or not the download identifier and the application identifier are associated with each other and stored in the identifier storage unit An information distribution server system comprising: an authentication unit that authenticates the application. In the information delivery server system according to claim 1,
The identifier notification unit transmits the URL (Uniform Resorce Locator) used by the wireless portable terminal to download the application including the download identifier. In the information delivery server system according to claim 1,
The identifier notification unit transmits the parameter data that can be referred to from the application of the wireless portable terminal together with the download identifier. In an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network,
An identifier issuing unit that issues a download identifier for identifying the request event in response to a download request from the wireless portable terminal;
An identifier storage unit that stores the issued download identifier in association with the application identifier unique to the application that is the target of the request event indicated by the download identifier;
An application distribution unit that distributes including the issued download identifier in the data file of the application downloaded to the wireless portable terminal;
When the download identifier and the request signal including the application identifier are received from the application downloaded to the wireless portable terminal, whether or not the download identifier and the application identifier are associated with each other and stored in the identifier storage unit An information distribution server system comprising: an authentication unit that authenticates the application. In an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network,
An identifier issuing unit for issuing a download identifier for identifying a download request event from the wireless portable terminal;
To request a download identifier corresponding to the download, including an application identifier for identifying the application and a user identifier for identifying the user of the wireless portable terminal, from the application downloaded to the wireless portable terminal When the request signal is received, an identifier notification unit that notifies the wireless portable terminal of a download identifier issued by the identifier issuing unit,
And an authentication unit that authenticates the application depending on whether or not the requested download identifier has already been notified by the identifier notification unit when the request signal is received. system In the information delivery server system according to claim 5,
The authentication unit further receives a request signal including the notified download identifier from the application downloaded to the wireless mobile terminal, depending on whether the download identifier is issued by the identifier issuing unit. An information distribution server system that performs authentication for the application. In the information delivery server system according to claim 5,
The identifier notification unit notifies the download identifier only once to the application. In the information delivery server system according to claim 5,
The authentication unit, when there are a plurality of download identifiers corresponding to a combination of the user identifier and the application identifier, sets a download identifier for the application downloaded last as a target of the authentication. Server system. In an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network,
A download timing unit that counts the date and time when the download request was made as the server side download date and time,
A user identifier for identifying the user of the wireless portable terminal that has transmitted the download request, an application identifier for identifying the application that is the target of the download request, and the server side timed for the download request An identifier storage unit that stores the download date and time in association with each other;
A request signal including the terminal side download date and time, the application identifier, and the user identifier stored as the date and time when the download was made by the wireless portable terminal is received from the application downloaded to the wireless portable terminal. An authentication unit that authenticates the application depending on whether the terminal-side download date / time is included in a predetermined time range with respect to the server-side download date / time. . In an application authentication method of an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network,
Issuing a download identifier for identifying this request event in response to a download request from the wireless portable terminal;
Storing the issued download identifier and the application identifier specific to the application that is the target of the request event indicated by the download identifier in association with each other in an identifier storage unit ;
Including the issued download identifier in a response signal transmitted to the wireless portable terminal in response to the download request;
When the download identifier and the request signal including the application identifier are received from the application downloaded to the wireless portable terminal, whether or not the download identifier and the application identifier are associated with each other and stored in the identifier storage unit And an application authentication method for an information distribution server system, comprising the step of authenticating the application. In an application authentication method of an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network,
Issuing a download identifier for identifying this request event in response to a download request from the wireless portable terminal;
Storing the issued download identifier and the application identifier specific to the application that is the target of the request event indicated by the download identifier in association with each other in an identifier storage unit ;
Delivering the issued download identifier in the data file of the application downloaded to the wireless portable terminal; and
When the download identifier and the request signal including the application identifier are received from the application downloaded to the wireless portable terminal, whether or not the download identifier and the application identifier are associated with each other and stored in the identifier storage unit And an application authentication method for an information distribution server system, comprising the step of authenticating the application. In an application authentication method of an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network,
Issuing a download identifier for identifying a download request event from the wireless portable terminal;
A request for requesting a download identifier corresponding to the download, including an application identifier for identifying the application and a user identifier for identifying the user of the wireless portable terminal, from the application downloaded to the wireless portable terminal When receiving a signal, notifying the wireless portable terminal of the issued download identifier;
An information distribution server system comprising: a step of authenticating the application depending on whether or not the requested download identifier has already been notified to the wireless portable terminal when the request signal is received. Application authentication method. In the application authentication method of the information delivery server system according to claim 12,
Further, when a request signal including the notified download identifier is received from the application downloaded to the wireless portable terminal, the application depends on whether the download identifier is issued by the information distribution server system . application authentication method for the information distribution server system characterized by the step of performing authentication on. In an application authentication method of an information distribution server system that distributes an application in response to a download request from a wireless portable terminal accommodated in a wireless communication network,
Counting the date and time when the download request was made as the server side download date and time,
A user identifier for identifying the user of the wireless portable terminal that has transmitted the download request, an application identifier for identifying the application that is the target of the download request, and the server side timed for the download request Storing the download date and time in association with each other;
A request signal including the terminal side download date and time, the application identifier, and the user identifier stored as the date and time when the download was made by the wireless portable terminal is received from the application downloaded to the wireless portable terminal. The terminal-side download date / time is included in a predetermined time range with respect to the server-side download date / time to authenticate the application. Application authentication method.   A computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system according to claim 10.   A computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system according to claim 11.   A computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system according to claim 12.   A computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system according to claim 13.   A computer-readable recording medium storing a program for causing a computer to execute the application authentication method of the information distribution server system according to claim 14.

Images