JP2004206670A - Use right management system, method, and device with mechanism therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow use for a system controlling the use of various computing resources present on a network, especially, a local network configured by combining resources locally present in a business scene in a home, accommodations and an office, a conference room, a conference hall or the like, or amusement facilities such as a bookstore, a movie theater or a concert hall, and to integrally control and manage the local network. <P>SOLUTION: The use right management system includes: a user information storage mechanism having an individual user information management means managing user information, a user use right management means, and a user context management means managing user context information and a local context; a resource having a communication means, a resource information management means, a service information management means and a service execution means; and a local space management mechanism having a communication means, a local space management means, a belonging resource management means, a resource service management means, a local user management means, a context management means and a local use right management means. <P>COPYRIGHT: (C)2004,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention is used for a system that controls the use of various computing resources existing on a network. In particular, a local network consisting of homes, accommodations and business scenes such as offices, conference rooms, conference halls and recreational facilities such as bookstores, cinemas, concert halls, etc., by linking resources that exist locally. It is used to control and manage these local networks.
[0002]
[Prior art]
Various computing resources are connected to computer networks by network technologies such as IPv6 and wireless LAN (for example, Non-Patent Documents 1 and 2).
[0003]
Under these circumstances, it is possible for a user to use the computer simply by connecting a printer or the like, which is a computing resource such as plug and play technology, to a network (for example, Non-Patent Documents 3, 4, and 5). .
[0004]
For example, a method is generally used in which the right to use a computing resource or service that has become available on a network is fixedly set for each user (for example, Non-Patent Document 6 and Patent Document 2).
[0005]
Among them, there is a technique for authenticating between a client and a server and permitting communication only between a legitimate client and a legitimate server in order to ensure reliability between the client and the server (for example, Patent Document 1). .
[0006]
In such a technology, if a user has the authority to access a computing resource connected to a network, most of the services realized on the computing resource can be used. Further, a user group is set as in UNIX, and fixed access management of files and directories according to the user group is performed (for example, Non-Patent Document 7).
[0007]
Further, when a connection is made to a specific network using a method such as a VPN or a dial-up connection, all devices connected to the network can be accessed (for example, Non-Patent Document 8).
[0008]
In addition, by using a distributed computing system, it is possible to combine resources of a plurality of information processing devices, perform advanced information processing, and present appropriate information to a user according to a terminal type of the user. (For example, Patent Document 3).
[0009]
[Patent Document 1]
Japanese Patent No. 2590732
[Patent Document 2]
JP 2001-195368 A
[Patent Document 3]
JP-A-10-326233
[Non-patent document 1]
"Communication / Network Terminology Handbook 2002 IPv6", edited by Nikkei Communication, Nikkei BP, published March 25, 2002, p. 242
[Non-patent document 2]
"Communication / Network Glossary Handbook 2002 Edition Wireless LAN", Nikkei Communication Editing, Nikkei BP, issued March 25, 2002, p. 932
[Non-Patent Document 3]
"Communication / Network Terminology Handbook 2002 PnP", edited by Nikkei Communication, Nikkei BP, published March 25, 2002, p. 387
[Non-patent document 4]
"Communication and Networking Glossary Handbook 2002 UPnP", Nikkei Communication Editing, Nikkei BP, issued March 25, 2002, p. 476
[Non-Patent Document 5]
"Handbook of Communication and Networking Glossary 2002, Jini", edited by Nikkei Communication, Nikkei BP, published March 25, 2002, p. 272
[Non-Patent Document 6]
"Web server construction by Apache", Atmark IT, Inc., [online], [retrieved October 7, 2002], Internet <URL: http: // www. atmarkit. co. jp / linux / rensai / apache10 / apache10Oa. html>
[Non-Patent Document 7]
"IPlanet Directory Server Product Manual Administrator's Guide (Japanese) Chapter 6 Managing Access Control Use Cases of Access Control", Sun Microsystems, Inc. , [Online], [Retrieved October 7, 2002], Internet <URL: http: // www. iplanet. ne. jp / docs / directory / ids50splja / ja / slapd / ag / acl. htm # 1187588>
[Non-Patent Document 8]
"VPN (Virtual Private Network)", Time Intermedia Inc., [online], [searched on October 7, 2002], Internet <URL: http: // www. timedia. co. jp / technology / casestudy / vpn>
[0010]
[Problems to be solved by the invention]
According to the conventional technology, when a user uses resources and services existing on a network, the user is an individual, or the organization to which the user belongs, and the role and title of the user. Evaluate what it is and set usage rights.
[0011]
The method of mutual authentication between the client and the server performed in the client / server system also authenticates the user and the client, evaluates the validity of the usage right for the service realized on the server, and sets the usage right. are doing.
[0012]
However, it is considered that the right to use the computing resources and services connected to the network is not enough to evaluate only the information about individuals and the information about computing resources. That is, the following problems exist.
[0013]
(1) Due to the spread of terminal devices such as notebook PCs and PDAs and communication infrastructure such as wireless LAN, etc., when users bring terminal devices to any place and use computing resources and services connected to the network, The location where the user intends to use the service if the user does not evaluate the information on the location where the user uses the terminal or the network environment used by the user, in addition to the authentication of the user or the terminal device used by the user. Also, the secure implementation of the use of certain computing resources and services is not possible because the other devices and network environment connected to the location are not totally reliable.
[0014]
(2) Further, in the existing Web services, the setting of the usage right is mainly performed for each user, and the setting of the usage right is static. It is impossible to dynamically set the usage right, and there is a problem such as remarkable decrease in security due to lending an account.
[0015]
(3) Also, once a certain user connects to a specific network by VPN or dial-up connection, the computing resources existing in the specific network can be accessed, and a malicious third party can access the computing resources. Once connected to a network, computing resources and services connected to that network may be abused.
[0016]
(4) In addition, while a service such as “viewing a file” is being executed, even if a third party appears there, control of the service to avoid a situation in which a third party is peeped in is performed. This cannot be done by control.
[0017]
(5) In the conventional IP network technology, it is possible to use resources existing on the network by using an IP address or the like, but it is not possible to use resources or services in a specific place by a physical Could not be searched for a suitable place.
[0018]
In addition, by using a distributed computing system, it is possible to combine resources of a plurality of information processing devices, perform advanced information processing, and present appropriate information to a user according to a terminal type of the user. Although there is an example that makes it possible to combine a single service with computing resources at multiple locations via a network, resources at multiple locations can be created according to the requirements of individual users. It is impossible to compose resources and services required by the user in accordance with the usage status of the service options and prepare an environment that the user wants to use. That is, the following problems exist.
[0019]
(6) Since the use status of a plurality of resources and services to which the user makes a use request cannot be managed simultaneously, the user must give up the use of resources and services when a certain resource or service is unavailable. .
[0020]
(7) In the conventional distributed processing computing, it is possible to combine computing resources via a network and perform a single advanced information processing, but it is ad hoc according to the purpose of each user. Resources and services could not be combined.
[0021]
[Means for Solving the Problems]
The usage right management method of the present invention includes a user information storage mechanism held by each user, a resource and resource identification mechanism, a local space management mechanism, and a mediation mechanism. FIG. 1 is a diagram showing an example of the system configuration of the usage right management method of the present invention. The system configuration shown below is merely an example, and the present invention is not limited to the system configuration shown below. Hereinafter, each mechanism will be described.
[0022]
FIG. 2 illustrates the structure of the user information storage mechanism.
[0023]
The user information storage mechanism has a communication unit, an individual user information management unit, a user usage right management unit, and a user context management unit.
[0024]
The communication means of the user information storage mechanism communicates with the local space management mechanism and the mediation mechanism through the resources and the resource identification mechanism.
[0025]
The individual user information management means manages user information such as a user ID and a role of the user.
[0026]
The user information is a description content of a metadata group for expressing a user in the present invention, and is information on a user name, a user ID, an organization to which the user belongs, and the like. These pieces of information are used as information for user authentication and generation of resources and service usage rights after authentication. In the user information, endorsement information for acquiring a right to use a resource or a service that does not currently have a right of use from another user can be stored.
[0027]
It is required that such user information be described so as not to be falsified in a user information storage mechanism in the form of a device such as an IC card after an organization such as a company authenticates the user as a valid user. The endorsement information is also required to be described so that it cannot be falsified by a user who can properly issue the endorsement information.
[0028]
The user usage right management means manages usage rights for using resources and services.
[0029]
The user context management means is composed of a usage history of what resources and services the user has used, and user contexts mainly composed of user preferences required when the user uses resources and services personally. Manage information.
[0030]
The user context information is described based on a metadata group expressing a context when a user uses a resource or a service.
[0031]
FIG. 3 shows the structure of the resource or resource identification mechanism. (The resource identification mechanism will be described later.)
The resources include a communication unit, a resource information management unit, a service information management unit, and a service execution unit.
[0032]
The resource communication means communicates with a resource other than the resource, a local space management mechanism, a user information storage mechanism owned by the user, and the like.
[0033]
The resource information management means manages resource information.
[0034]
The resource information includes a resource ID, a resource name, a resource type, a resource use condition, and the like for each resource. The contents of these pieces of information can be changed by other local resources or the local space management mechanism or the mediation mechanism by an administrator of the local space management mechanism or the mediation mechanism.
[0035]
Further, the service information management means manages service information executed on the resources. The service information is information such as an ID, a service name, a service type, a service use condition, and user context information of a service executed on the resource. Here, the user context information is a parameter for a service used when the user executes the service.
[0036]
The service execution unit is a subject that executes a service.
[0037]
For resources that do not have the above means, a mechanism called a resource identification mechanism may accompany the resources to supplement the lacking means.
[0038]
FIG. 4 shows the structure of the local space management mechanism.
[0039]
The local space management mechanism exists in a local space to be managed, and includes communication means, local space management means, belonging resource management means, resource service management means, local user management means, context management means, and local space management means. Has usage right management means.
[0040]
The communication means of the local space management mechanism communicates with the user information storage mechanism, the resource, the resource identification mechanism associated with the resource, another local space management mechanism, and the mediation mechanism.
[0041]
In particular, build a local network by communicating with resources and resource identification mechanisms.
The construction of this local network is performed dynamically, and resources belonging to the local network can be managed in real time.
[0042]
The local space management unit manages space information including a space name (for example, office 001), a space ID (for example, Office 001), a space type (for example, Office), and the like regarding a local space managed by itself. The spatial information is set by the administrator of the local space management mechanism.
[0043]
The belonging resource management means acquires and manages resource information relating to a plurality of resources existing in the local space from a resource or a resource identification mechanism in association with a metadata group relating to the resource.
[0044]
Similarly, the resource service management means obtains service information on one or more services performed on the plurality of resources existing in the local space from the resources or the resource identification mechanism in association with the metadata group on the services. And manage.
[0045]
The resource information and the service information may be registered by an administrator of the local space management mechanism.
[0046]
The local user management means manages user information using resources and services managed by the local space management mechanism. The user information managed by the local space management mechanism is set by an administrator of the local space management mechanism in accordance with metadata specifying an individual such as a user ID, or a group of users such as an organization to which the user belongs. May be set based on the metadata specifying the attribute of the URL. In some cases, user information is set by communication between a user information storage mechanism owned by the user and a local space management mechanism. At this time, the local space management mechanism manages the user information in association with the metadata group regarding the user.
[0047]
The context management means includes the user context information managed by the user context management means in the user information storage mechanism owned by the user, and what resources and services currently exist in the local space and what network environment Used to manage two types of context information, local context information such as what user is present.
[0048]
Among them, the user context information is registered as a parameter using the service execution means in the resource when the resource information and the service information are registered in the local space management mechanism.
[0049]
On the other hand, the local context information is the context of the environment in the local space defined by the local space management mechanism dynamically managing the users and resources existing in the local space. The contents change dynamically by logging in to the local space management mechanism.
[0050]
The local use right management means includes information described in accordance with a group of metadata about the user existing in the user information storage mechanism held by the user possessed by the local space management mechanism. Information that is described along with the environment metadata group such as spatial information and resource information in the local space management mechanism, such as whether resources and services are going to be used from the local space, and the type of service that the user intends to use Usage right generation policy that evaluates information described in the metadata group related to services such as user information, user context information that the user is trying to use the service, and information described in the metadata group related to local context information. Engine, and the usage right generation policy engine The usage right to determine that stores the usage right in the user information storage means having the user if necessary.
[0051]
The local use right management means may collectively manage local use right information on individual resources existing in the local space, or the local space management mechanism generates a use right about resources. In some cases, the right of use is centralized and managed by an intermediary mechanism.
[0052]
In addition, since the local use right management means uses the user context information to generate the use right, the user can comfortably use the resources and services according to his / her own preference. Similarly, the local space management mechanism uses local context information to generate usage rights, so that users can safely use resources and services based on the situation in the local space where they are located. It becomes possible. In some cases, the user context information is not used for generating the usage right but acts on the local space management mechanism and resources, and is used only for using the resources and services used for the user's preference. Similarly, the local context information is not used to generate the usage right, but acts on the local space management mechanism and resources, and depending on the situation in the local space where the user is located, the resources being used and In some cases, they control services.
[0053]
Furthermore, it is possible to configure a secure virtual computer network in which only necessary resources and services can be used, as a service, to generate a right of use, and to allow a user to use the service.
[0054]
FIG. 5 shows the configuration of the mediation mechanism.
[0055]
The mediation mechanism includes a communication unit, a usage right information management unit, a local space search unit, a resource information search unit, a service information search unit, and a user information management unit. Communication means in the mediation mechanism communicates with a plurality of local space management mechanisms.
[0056]
The usage right information management means manages local usage rights managed by a plurality of local space management mechanisms connected to the mediation mechanism. It should be noted that the management of the usage right is not limited to being performed centrally by the mediation mechanism, but may be managed in a distributed manner by individual local space management mechanisms.
[0057]
The local space search means manages and retains spatial information collected from a plurality of local space management mechanisms and provides a user with a space search function.
[0058]
The resource information search means manages and holds resource information collected from a plurality of local space management mechanisms, and provides a user with a resource search function.
[0059]
The service information search means manages and holds service information collected from a plurality of local space management mechanisms, and provides a user with a service search function.
[0060]
The user information managing means manages user information corresponding to a metadata group based on the user information.
[0061]
In addition, devices that have the functions of a user information storage mechanism, a resource or resource identification mechanism, a local space management mechanism, and an intermediary mechanism cooperate with the communication means of each device and perform mutual authentication between the devices. In some cases, communication may be performed after realizing secure communication between devices in cooperation with a mutual authentication mechanism at the time of communication for performing secure communication between the devices.
[0062]
The realization of the present invention utilizes the above-described mechanisms.
(1) Registration of resource information and service information to the local space management mechanism
(2) Registration of information managed by the local space management mechanism to the mediation mechanism
(3) Registration of user information for using resources and services
(4) Management of usage rights and use of resources and services in local space
(5) Management of usage rights and use of resources and services between local spaces
(6) Resource / service context control
(7) Transfer of usage right by user
(8) Coordination and composition of resources and services
And the like. Each operation will be described.
[0063]
(1) Registration of resource information and service information to the local space management mechanism
FIG. 6 illustrates an example of a sequence of registering a resource with the local space management mechanism.
[0064]
The local space management mechanism uses its own communication means, communicates with the resources existing in the local space and the resource identification mechanism attached to the resources, and stores them in the resource information management means of the resources and the resource identification mechanism The obtained resource information and the service information in the service information management means are obtained, and the resource information in its own resource management means and the service information in the resource service management means are updated.
[0065]
At this time, the local space management mechanism always keeps the state of the resources and services in the local space up to date by polling for a certain period of time. Naturally, resources and services that are removed from the local space and cannot communicate with the local space management mechanism are removed from the management of the local space management mechanism, and are assigned to the resource management means or resource service management means. It is excluded from the managed resource information table and service information table.
[0066]
When a resource is connected to a network managed by the local space management mechanism, the resource may be actively notified of the resource information and service information to the local space management mechanism and registered.
[0067]
In addition, based on the resources and the contents of services executed on the resources, a group of metadata relating to user context information related to resource use and service execution is also registered in the context management means in the local space management mechanism. Form an interface that contains the context information.
[0068]
(2) Registration of information managed by the local space management mechanism to the mediation mechanism
FIG. 7 shows a sequence for registering information managed by the local space mechanism with respect to the mediation mechanism.
[0069]
The local space management mechanism provides the space information, resource information, and service information managed by its own local space management means to the mediation mechanism, and the mediation mechanism provides its own local space search means, resource information search means, Register in the service information search means.
[0070]
When the mediation mechanism centrally manages the use right, the local space management mechanism registers the user information in the local user management means in the mediation mechanism.
[0071]
(3) Registration of user information for using resources and services
By storing user information for specifying a user who uses a resource or a service in a user information storage mechanism held by the user, the user information is used as security for securely using a service in a local space or on a network.
[0072]
FIG. 8 shows a sequence for registering basic user information for a user to use resources and services in the local user management means in the local space management mechanism.
[0073]
As a precondition for using the resources, the user makes the user information storage mechanism communicate with the resources and the local space management mechanism, and registers his / her user information in the local user management means in the local space management mechanism.
[0074]
The user information is registered by causing the user information storage mechanism and the local space management mechanism to communicate with each other. In addition, an administrator of the local space management mechanism directly operates the local user management means in the local space management mechanism. There is also a case where the information is written and registered in the user information in the.
[0075]
In order to guarantee the legitimacy of the user, the certification authority issues an electronic certificate to the organization to which the user who issues the user information belongs. The institution to which the user belongs describes the user information to the individual user information management means of the user information holding mechanism based on the digital certificate after preventing the falsification of the user information.
[0076]
When the administrator of the local space management mechanism describes the user information to the local user management means in the local space management mechanism, the user information may be described after falsification is prevented.
[0077]
(4) Management of usage rights and use of resources and services in local space
FIG. 9 shows a sequence for using a resource / service in a local space by a user having a user information storage mechanism that has entered a local space.
[0078]
The user information storage mechanism held by the user communicates with the local space management mechanism via resources or directly,
A) user information described based on a metadata group for a user held by the individual user information management means in the user information storage mechanism and the local use right management means of the local space management mechanism;
B) spatial information described based on a metadata group for the space in the local space management means of the local space management mechanism;
C) resource information described based on a group of metadata for resources in the resource management means belonging to the local space management mechanism;
D) service information described based on a group of metadata for services in the resource service management means of the local space management mechanism;
E) Local context information to represent a situation in the current local space
F) User context information described based on a metadata group for the user context used as a parameter when the user in the context management means uses the service
The local use right management means in the local space management mechanism evaluates the information necessary to generate the use right among the users, confirms that the user can safely use resources and services, Generate usage rights for resources and services.
[0079]
If the information necessary for generating the usage right cannot be obtained, the local space management mechanism may request the user for necessary information. If the user is still unable to respond to the request for the required information from the local space management mechanism, the user will only generate a usage right that can execute only a partial implementation of the service requested by the user. In some cases, implementation is prohibited.
[0080]
The usage right acquired in this way can be held in the user information storage mechanism owned by the user, can be held in each local space management mechanism, or held in the mediation mechanism. Is also possible. The user can use resources and services based on the usage right generated and held as described above.
[0081]
In addition, the local space management mechanism is based on user information and resources owned by the user, resources and services that the user intends to use, and usage rights provided in accordance with local context information on the user using the resources and services. Thus, a secure virtual computer network in which only necessary resources and services can be used can be regarded as a service, and a user can use the service after generating a usage right.
[0082]
If necessary, it is possible to transmit the user context information at the same time as the use command is transmitted, and to tune the environment so that the user can use it easily.
[0083]
(5) Management of usage rights and use of resources and services between local spaces
FIG. 10 shows a sequence regarding the use of resources and services in a local space other than the local space by a user having a user information storage mechanism entering an arbitrary local space.
[0084]
The user information storage mechanism (B-1) possessed by the user B-1 stores the held information in the resource A-1 used by the user B-1, the local space management mechanism A, the mediation mechanism, and other specific local Request to the local space management mechanism B that manages the space by specifying the resource B-1 managed by the local space management mechanism B and the service B-1 executable on the resource B-1 I do.
[0085]
The mediation mechanism uses a local space search unit, a resource information search unit, and a service information search unit to search for a resource or service that can be used, based on the user information in the user information storage mechanism of the user B-1. Search.
[0086]
The local space management mechanism B managing the resource B-1 and the service B-1 that the user B-1 requests to use,
(A) user information described based on a group of metadata about the user in the user information storage mechanism of the user B-1;
(B) spatial information described based on the metadata group for the local space A in which the user B-1 currently exists,
(C) resource information described based on a metadata group for the resource A-1 currently used by the user B-1 in the local space A;
(D) service information described based on a metadata group for the service B-1 that the user B-1 intends to use from the local space A;
(E) Local context information described based on the metadata group for the local spatial context where the user is located at that time
(F) User context information described based on a metadata group for the user context used as a parameter when the user B-1 uses the service in the context management means
To confirm that the user B-1 can safely use the resource B-1 and the service B-1 via the resource A-1, the local space management mechanism A, and the mediation mechanism. Then, a usage right for resources and services for the user is generated.
[0087]
The usage right acquired in this way can be stored in the user information storage mechanism of the user B-1, can be stored in each local space management mechanism, and can be stored in the mediation mechanism. It is also possible to hold. The user B-1 can use the resource A-1, the resource B-1, and the service B-1 based on the usage right generated and held as described above.
[0088]
In addition, the local space management mechanism is based on user information and resources owned by the user, resources and services that the user intends to use, and usage rights provided according to the local context in which the user uses the resources and services. It is also possible to configure a virtual computer network in which only necessary resources and services can be used, as a service, generate a usage right, and allow the user to use it.
[0089]
If necessary, it is possible to transmit the user context information at the same time as the use command is transmitted, and to tune the environment so that the user can use it easily.
[0090]
(6) Resource / service context control
FIG. 11 shows a sequence for tuning resources and services according to personal preferences and usage environments.
[0091]
The user presents user context information, such as personal preferences and usage history of resources and services, stored in the user context management means in the user information storage mechanism to the local space management mechanism and resources when using resources and services. Then, the resources and services are tuned according to the user. Information necessary for tuning such an environment is stored in a context management mechanism in a local space management mechanism, and may be used for personalizing resources and services even in the use of resources and services in a remote place.
[0092]
FIG. 12 shows a sequence for controlling the use of resources and services with respect to local context information that a plurality of users are present in a certain local space.
[0093]
While the user A-1 and the user A-2 who belong to the group A are using the service A-1 on the local space A, the user B-1 who belongs to the group B who has entered the local space A is locally located. The policy is detected by the local space management mechanism A that manages the inside of the space A, and as a result, the service used by the users A-1 and A-2 is a service that cannot be used simultaneously with members of other groups. Is set in the local space management mechanism A, the local space management mechanism A stops the service A-1 for the user A-1 and the user A-2.
[0094]
(7) Transfer of usage right by user
FIG. 13 illustrates the realization of the transfer of the right of use from one user to another by intentionally writing information by another user into the user information storage mechanism of the user.
[0095]
From the user information storage mechanism owned by the user A-1 to the individual user information management means in the user information storage mechanism owned by the user B-1, the original user B-1 managed by the local space management mechanism A Provides endorsement information for generating a usage right for the service A-1 that does not own the usage right. The user information storage mechanism of the user B-1 transmits endorsement information for generating a usage right from the user A-1 to the local space management mechanism A, and the local space management mechanism A , And the user B-1 can use the service A-1 under the responsibility of the user A-1.
[0096]
The endorsement information may be stored in the individual user information management means in the user information storage mechanism, or may be separately prepared and stored in the user information storage means.
[0097]
(8) Coordination and composition of resources and services
The user B-1 uses the resource B-1 from the local space A and uses the resource A-2 and the service A-2 which can be executed on the resource A-2, which exist in the local space A. However, when the user B-1 is in a local context in which the right to use the resource A-2 or the service A-2 cannot be obtained, or the resource A-2 or the service A-2 can be preferentially used by another person. There is a case where it is impossible for the user B-1 to use it immediately, or that another person is using it. At this time, the local space management mechanism A informs the user B-1 that the resource A-2 and the service A-2 cannot be used. The user uses the resource B-1 from the local space A to request the local space management mechanism A to use the alternative resource. The local space management mechanism A evaluates the alternative resource requested by the user B-1, and requests the mediation mechanism to search for the alternative resource. The mediation mechanism substitutes the resource A-2 and the service A-2 for a local space management mechanism that manages resources and services in a local space relatively close to the local space A in distance. Search for resources. As a result, it has been found that the local space management mechanism C manages the resource C-1 and the service C-1 similar to the resource A-2 and the service A-2 existing in the local space A. The local space management mechanism C evaluates the use condition of the resource C-1 and the service C-1, and presents the use condition to the user B-1. When the user B-1 agrees with the use condition, the user B-1 requests the local space management mechanism C for the right to use the resource C-1 and the service C-1. The local space management mechanism C evaluates the usage right request of the user B-1, and if the request matches, stores the usage right in the user information storage mechanism B-1 of the user B-1 and acquires the usage right to the user B-1. Notify that it was done.
[0098]
FIG. 14 shows an example of a sequence for adjusting the resources and services. In this description, the user B-1 actively requests the substitute right, but the local space management mechanism A automatically requests the substitute right instead of the user B-1. In some cases.
[0099]
Further, the user B-1 uses the resource B-1 and the service B-1 and the resource B-2 and the service B-2 in the local space management mechanism B as an ideal work environment and user information of the user B-1. The user information is described in the user context information management mechanism in the storage mechanism B-1, and the user information storage mechanism is carried to the local space A. The user B-1 acquires the resource A-1 managed by the local space management mechanism A and the use right of the service on the resource A-1 by receiving the transfer of the use right from the user A-1 or the like. -1 is used to communicate with the local space management mechanism A. Next, a request is made to use the resource B-1, which constitutes the ideal work space of the user B-1, the service B-1 on the resource B-1, and the service B-2 on the resource B-2. The local space management mechanism A evaluates resources and services that constitute the ideal work space of the user B-1, and can be used by the user B based on the attributes of the user B-1 via the mediation mechanism. It inquires of other local space management mechanisms whether there is a candidate for a resource or a service. As a result of the inquiry, the mediation mechanism determines, in addition to the local space management mechanism A, the resource B-1, the service B-1, and the resource B-1 requested by the user B-1 to use the local space management mechanism B and local space management mechanism C. The user B-1 is notified via the local space management mechanism A and the resource A-1 that the service B-2 itself or the service B-2 itself exists.
[0100]
The user B-1 who has received the notification is a resource C managed by the local space management mechanism C which manages resources and services in the local space C which is physically close to the local space management mechanism A. -1 or service C-1 and a request for the right to use the resource B-1 or service B-1 for managing the local space management mechanism B for managing the local space B normally used by the user B-1. I do. The resource B-2 and the service B-2 registered as the ideal use environment of the user are similar to the resource C-1 and the service C-1 searched by the user, and can be substituted for each. It was. Further, the resource B-1 and the service B-1 usually used by the user are the only ones among the resources and services managed by all the local space management mechanisms. As a result of the search, if the user desires to combine the services, the local space management mechanisms A, B, and C generate and collate the usage right in each of the local space management mechanisms, and the user can exercise the usage right. For example, the resource B-1 and the service B-1 in the local space B are considered as services ideal for the user, and the resource C-1 and the service in the local space C are approximated to the service ideal for the user. C-1 is provided to user B-1 through resource A-1 in the local space, and user B-1 utilizes it. An example of a sequence of combining resources is shown in FIG. 15. In FIG. 15, the issuance of the right to use the resource / service B-1 and the resource / service C-1 is sequentially performed. is there.
[0101]
When the user B-1 goes to the local space A, the ideal context of the user B-1 is previously stored in the user context information management mechanism in the user information storage mechanism B-1 of the user B-1. Even when the work environment is not described, there are cases where a resource or service desired to be used is searched and used according to the intention of the user B-1. In this case, the local space management mechanism A, the local space management mechanism B, the local space management mechanism C, and the mediation mechanism change the resource A- 1. Present the service A-1, the resource B-1, the service B-1, the resource C-1, and the service C-1 as candidates for resources and services, and generate and check the usage right of the user. It can be provided to the user B-1.
[0102]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, specific examples of the present invention will be described. The following embodiments are merely examples, and the present invention is not limited to the following embodiments. The prerequisites necessary for explaining the present invention are shown below.
・ Company A and Company B are in a business alliance.
・ Internet Cafe C is not affiliated with Company B.
-Office service room D is located in the same building as the conference room of company A, and has a business alliance with company B.
[0103]
■ Local space management mechanism A that manages the conference room of Company A
・ Spatial information:
"Space name: Company A conference room"
"Space ID: A01",
"Space type: meeting room",
"Address: Shinjuku-ku, Tokyo, Shinjuku X-chome OO Building 4F Room 401"
・ User information:
"Affiliation organization: A company affiliate company employee and A company partner company employee (B company employee)"
・ Resource information 1:
"Resource Name: Company A Conference Room Color Printer"
"Resource ID: A-CP001"
・ Service information 1
"Service name 1: Color print"
"Service name 2: Black and white print"
"Service ID 1: A-CP001-1"
"Service ID 2: A-CP001-2"
-Context management information 1:
"User context information: print format: A4 size, duplex printing"
"Local context information: managed resources, service control by user"
・ Resource information 2:
"Resource name: Company A conference room PC"
"Resource ID: A-PC001"
・ Service information 2
"Service name 1: General PC use"
・ Context management information:
"User context information: nothing special"
"Local context information: managed resources, service control by user"
■ Printer A-CP001 installed in the conference room of Company A
・ Resource information:
"Resource name: Company A conference room color printer"
"Resource ID: A-CP001",
"Resource type: color printer",
"Resource use conditions: Company A employee and Company A partner company employee (Company B employee)"
・ Service information 1-1:
"Service type 1: color print, black and white print",
"Service name: color print",
・ Service information 1-2
"Service ID 1: A-CP001-1",
"Service Type 2: Black and White Print"
"Service ID 2: A-CP001-2"
"Service usage conditions: color print = Company A employee, black and white print = Company A employee and partner company employee (Company B employee)"
User context information (common to service 1 and service 2):
"Print format = front and back printing"
■ PC installed in the conference room of Company A A-PC001
・ Resource information 2:
"Resource name: Company A conference room PC",
"Resource ID: A-PC001",
"Resource type: PC",
"Resource use conditions: Company A employee and Company A partner company employee (Company B employee)"
・ Service information 2:
"Service type 1: General use of PC",
"Service name: general use of PC",
■ Employee A of Company A
・ User information
"User ID: A-1"
"User Role: Manager"
・ User context information
"User preference: prefer front and back printing"
■ Employee A-2 of Company A
・ User information
"User ID: A-2"
"User Role: General Position"
"User preferences: prefer single-sided printing"
■ Employee A-3 of Company A
・ User information
"User ID: A-3"
"User Role: General Position"
"User preference: prefer front and back printing"
■ Local space management mechanism B that manages company B's office
・ Spatial information:
"Space name: Company B office",
"Space ID: B01",
"Space type: office",
"Address: Yan-chome XX Building, Shibuya-ku, Tokyo 3F"
・ User information:
"Company B employee"
・ Resource information 1:
"Resource name: Company B office PC"
"Resource ID: B-PC001"
・ Service information 1
"Service name 1: General use of PC"
"Service ID 1: B-PC001-1"
-Context management information 1:
None
・ Resource information 2:
"Resource name: Company B office file server"
"Resource ID: B-FS001"
・ Service information 2-1
"Service name 2-1: File service (full access)"
"Service ID 2-1: B-FS001-1"
・ Service information 2-2
"Service name 2-2: File service (Limited access 1)"
"Service ID 2-2: B-FS001-2"
・ Service information 2-3
"Service name 2-3: File service (Limited access 2)"
"Service ID 2-2: B-FS001-3"
・ Context management information:
"User context information: nothing special"
"Local context information: managed resources, service control by user"
■ PC installed in the office of Company B
・ Resource information:
"Resource name: Company B office PC",
"Resource ID: B-PC001",
"Resource type: PC",
"Resource usage conditions: Company B employee"
・ Service information:
"Service type 1-1: general PC use",
"Service name 1-1: General use of PC",
"Service ID 1-1: PC001-1",
"Service type 1-2: Use of application 1"
"Service name 1-2: Use of application 1"
"Service ID 1-2: B-PC001-2"
"Service type 1-3: Use of special character font B-1"
"Service name 1-3: Use of special character font B-1"
"Service ID 1-3: B-PC001-3"
■ File server installed in the office of Company B
"Resource name: Company B office file server"
"Resource ID: B-FS001"
・ Service information 2-1
"Service name 2-1: File service (full access)"
"Service ID 2-1: B-FS001-1"
・ Service information 2-2
"Service name 2-2: File service (Limited access 1)"
"Service ID 2-2: B-FS001-2"
・ Service information 2-3
"Service name 2-3: File service (Limited access 2)"
"Service ID 2-2: B-FS001-3"
■ PDA managed by Company B
"Resource name: Company B PDA"
"Resource ID: B-PDA001"
"Resource type: PDA",
"Resource usage conditions: Company B employee"
・ Service information:
"Service type: general PDA use",
"Service name: General use of PDA",
"Service ID 1: PDA001-1",
■ Employee B-1 of Company B
・ User information
"User ID: B-1"
"User Role: General Position"
"User preference: prefer front and back printing"
■ Local space management mechanism C that manages Internet cafe C
・ Spatial information:
"Space Name: Internet Cafe C",
"Space ID: C01",
"Space type: Internet cafe",
"Address: 1F, Otemachi Z-Chome Building, Chiyoda-ku, Tokyo"
・ User information:
"Visitors"
・ Resource information 1:
"Resource name: Internet Cafe C Printer"
"Resource ID: C-CP001"
・ Service information 1
"Service name 1: Color print"
"Service name 2: Black and white print"
"Service ID1: C-CP001-1"
"Service ID 2: C-CP001-2"
-Context management information 1:
"User context information: print format: A4 size, duplex printing"
"Local context information: managed resources, service control by user"
・ Resource information 2:
"Resource name: Internet Cafe C PC"
"Resource ID: C-PC001"
・ Service information 2
"Service name 1: General PC use"
-Context management information: "User context information: especially nothing"
"Local context information: managed resources, service control by user"
■ Local space management mechanism D that manages the office service room D
・ Spatial information:
"Space name: Office service room D",
"Space ID: D01",
"Space type: Office service room",
“Address: Room 402, 4F, Shinjuku X-chome 00 Building, Shinjuku-ku, Tokyo”
・ User information:
"Affiliation organization: A company affiliate company employee and A company partner company employee (B company employee)"
・ Resource information 1:
"Resource name: Office service room D color printer"
"Resource ID: D-CP001"
・ Service information 1
"Service name 1: Color print"
"Service name 2: Black and white print"
"Service ID 1: D-CP001-1"
"Service ID 2: D-CP001-2"
-Context management information 1:
"User context information: print format: A4 size, duplex printing"
"Local context information: managed resources, service control by user"
Resource information 2:
"Resource name: Office service room D PC"
"Resource ID: D-PC001"
"Service name 1-1: General use of PC"
"Service name 1-2: Use of application 1"
"Service ID 1-2: D-PC001-2"
■ Information managed by the mediation mechanism
・ Spatial information
"Company A conference room"
"Company B office"
"Internet Cafe C"
"Office Service Room D"
etc
・ Resource information
Resource information managed by the above space
・ Service information
Service information managed by the above space
・ User information
User information managed by the above space
(1) Example of registration of resource information and service information in local space management mechanism
The color printer A-CP001 of Company A having the above-mentioned resource information, service information and user context information communicates with the local space management mechanism A via communication means such as a wired LAN, a wireless LAN, Bluetooth, and infrared communication, The local space management mechanism A registers resource information and service information of the color printer A-CP001.
[0104]
The information indicates that a printer having an ID of A-CP001 has a color print or black-and-white print function and can be operated by employees of Company A and employees of affiliated companies (Employees of Company B). After the user A-1 performs printing using this printer, automatic printing is performed based on the user context information in the user context management means in the user information storage mechanism in the form of an IC card or the like possessed by the user A-1. This means that front and back printing is performed.
[0105]
(2) Example of registration of information managed by the local space management mechanism to the mediation mechanism
The local space management mechanism A notifies the mediation mechanism of the spatial information, the resource information and the service information by using a communication means in order to notify the mediation mechanism of its existence.
[0106]
The mediation mechanism registers the information managed by the local space management mechanism A in its own local space management means, resource information search means and service information search means, and notifies the local space management mechanism A of the registration. I do.
[0107]
When the mediation mechanism manages the usage right, the local space management mechanism transmits information in its local usage right management means to the mediation mechanism and manages the information.
[0108]
(3) Example of registration of user information for using resources and services
Generally, it is desirable that the user information storage mechanism owned by the user be a portable memory device having an anti-tamper characteristic such as an IC card, and the user information described in the user information storage mechanism includes a country, a company, an ISP ( It is desirable that an organization such as an Internet service provider) write with a valid authority and not be tampered with by others.
[0109]
The description of the user information in the individual user information management means of the user information storage mechanism is written by the organization such as the country, company, ISP, etc., which obtained the digital certificate issued by a certain certification authority, By doing so, the content of the user information is guaranteed.
[0110]
By registering such information such as a user ID and a user attribute in at least one local space management mechanism, the user can participate in the usage right management method. Such user information is directly stored in the local space management mechanism as local user management means in the local space management mechanism in addition to the case where the user information storage mechanism is communicated with the local space management mechanism and registered. There are also cases where the administrator of the management mechanism writes. Even when the administrator of the local space management mechanism writes user information directly into the local user management means in the local space management mechanism, with an electronic signature based on an electronic certificate issued by a certificate authority, May be done.
[0111]
For example, as in the present embodiment, the company A and the company B are in a business tie-up relationship, and the user information in the local user management means in the local space management mechanism A includes a description “employee of the company B”. Does not exist, when the employee B-1 of the company B enters the local space A managed by the local space management mechanism A, the local space management mechanism A 1 and registers the user information of the user B-1 in its own local user management means.
[0112]
Further, as in the present embodiment, the company A and the company B are in a business tie-up relationship, and the user information in the local user management means in the local space management mechanism A includes a description “employee of the company B”. Does not exist, the manager of the local space management mechanism A may register user information on the user B-1.
[0113]
At this time, the user information described in the local user management means of the local space management mechanism A may indicate a specific personal name or an organization to which the user belongs.
[0114]
(4) Management of usage rights and use of resources and services in local space
A user information storage mechanism owned by a user, such as an IC card, triggers a user to use resources and services in a certain local space.
[0115]
Company A's local space management mechanism A, which manages company A's conference room, manages resources such as A-PC001 and printer A-CP001 existing in the conference room and services realized on the resources. These resources and services are described and managed by the local space management mechanism A based on the metadata of the resources and services.
[0116]
The user B-1 who is an employee of the company B affiliated with the company A communicates the IC card, which is a user information storage mechanism owned by the user B-1 with the B-PDA001 owned by the user B-1 in the conference room of the company A. Let it. B-PDA001 is registered as a resource with local space management mechanism A. The user B-1 communicates his / her own IC card with the local space management mechanism A via the B-PDA001, and uses the resources and services managed by the local space management mechanism A. The user information is transmitted to the local space management mechanism A.
[0117]
Upon receiving the user information of the user B-1, the local space management mechanism A receives the user information of the user B-1 described based on the metadata group representing the user transmitted from the IC card of the user B-1. Receives the resource information of the B-PDA001 used by the user B-1 described based on the metadata group expressing the resource, evaluates the user information and the resource information in the local space management mechanism A, and B determines available resources and services.
[0118]
The following types are assumed for examples of service determination.
[0119]
Regarding the use of the color printer A-CP001 installed in the conference room A of the company A, when the user A-1 who is an employee of the company A uses the PC A-PC001 installed in the conference room A, Then, the local space management mechanism A determines that "user A-1" uses "A-CP001" via "A-PC001", and generates a right to use the color print service and the monochrome print service. Based on the usage right, the user A-1 uses either the color print service of the color printer or the monochrome print service.
[0120]
On the other hand, regarding the use of the color printer installed in the conference room A of the company A, when the user B-1 who is an employee of the company B uses the B-PDA001 owned by the user, the local space management is performed. Mechanism A determines that “user B-1” uses “A-CP001” via “B-PDA001”, and generates only the right to use the black-and-white print service. Based on the usage right, the user B-1 uses the monochrome printing service of the color printer.
[0121]
Further, regarding the use of the color printer installed in the conference room A of the company A, when the user B-1 who is an employee of the company B uses the PC A-PC001 existing in the conference room of the company A, The local space management mechanism A determines that “user B-1” uses “A-CP001” via “A-PC001”, and generates a right to use the color print service and the monochrome print service. Based on the usage right, the user B-1 uses either the color print service of the color printer or the monochrome print service.
[0122]
As described above, it is possible to change the usage right for the service used by the user based on the information about the user and the environment such as resources used by the user.
[0123]
In this example, it is assumed that the usage right is stored in the user information storage mechanism in the form of an IC card possessed by the user B-1, but the usage right is stored in the local space management mechanism A or the mediation mechanism. In some cases, it is saved and the usage right is inquired every time the user uses it.
[0124]
In this example, in order to realize only the request that the user B-1 prints a file in his / her PDA by using the printer A-CP001, the user B-1 may use “B-PDA001” and a color printer “A-CP001”. Constructing a virtual LAN that connects only the resources necessary to execute two services is also treated as a service. By configuring the virtual LAN, the company A managing the resources and services managed by the local space management mechanism A protects the resources and services other than the color printer for the user B-1. It is possible to safely provide a print service.
[0125]
Further, the file B-PDA-F01 in the B-PDA001 of the user B-1 and the printer A-CP001, which are resources and services available to the user B-1, are displayed on a GUI screen on the B-PDA001. By combining the two by drag and drop, it is also possible to use the trigger as a trigger for configuring a virtual LAN.
[0126]
(5) Management of usage rights and use of resources and services between local spaces
In this example, the user B-1 uses the file server B-FS001 in the office of the company B to acquire a file from the conference room of the company A, and prints the file on the printer A-CP001 in the conference room of the company A. An example is shown below.
[0127]
The user B-1 causes an IC card, which is a user information storage mechanism of the user B-1, to communicate with the B-PDA001 owned by the user B-1. B-PDA001 is registered as a resource with local space management mechanism A. The user B-1 causes his / her IC card to communicate with the local space management mechanism A via the B-PDA001, and transmits his / her user information to the local space management mechanism A.
[0128]
The user B-1 further instructs the intermediary mechanism from the B-PDA001 via the local space management mechanism A to search for his office. The mediation mechanism informs the local space management mechanism B via the local space management mechanism A and the mediation mechanism that there is an application for use of the file server B-FS001 according to the command of the user B-1. The local use right management means of the local space management mechanism B includes information that "user B-1" uses "B-FS001" from "local space A" using "B-PDA001". Is evaluated, and the use right of the file server B-FS001 is generated for the IC card communicating with the B-PDA001 of the user B-1 under the above conditions. The usage right of the file server B-FS001 under the above conditions is a usage right that allows all files in the file server B-FS001 to be referred to. The basis for setting the usage right that all files can be referred to is that the local space management mechanism B uses the resources managed by the company B by the employees of the company B from the conference room of the company A in which the company is affiliated. , B to use the file server of Company B.
[0129]
Further, the services available to the user also change according to the resources used by the user. An example will be described.
[0130]
Using the A-PC001 installed in the conference room A, the user B-1 instructs the mediation mechanism to search for the company B office via the local space management mechanism A. The mediation mechanism informs the local space management mechanism B via the local space management mechanism A and the mediation mechanism that there is an application for use of the file server B-FS001 according to the command of the user B-1. The local use right management means of the local space management mechanism B includes information that "user B-1" uses "B-FS001" from "local space A" using "A-PC001". Is evaluated, and a use right of the file server B-FS001 is generated for the IC card that is communicating with the A-PC001 used by the user B-1 under the above conditions. The usage right of the file server B-FS001 at this time is a usage right that allows reference to two files such as B-F01 and B-F02. The basis for setting the right of use that only two files can be referred to is that the local space management mechanism B allows the employees of Company B to use the resources managed by Company A from the conference room of Company A in a partnership. This is because the user owns a policy that defines the usage right based on the parameter of using the file server of Company B. Although there is a tie-up relationship, since the access is through resources managed by Company A, the access right is limited to the types of files that can be referred to.
[0131]
Further, the services available to the user also change depending on the location where the user exists. An example will be described.
[0132]
Using the C-PC001 installed in the Internet cafe C, the user B-1 instructs the mediation mechanism to search for his or her office via the local space management mechanism C. The mediation mechanism informs the local space management mechanism B via the local space management mechanism C and the mediation mechanism that there is an application for use of the file server B-FS001 according to the command of the user B-1. The local use right management means of the local space management mechanism B includes information that "user B-1" uses "B-FS001" from "local space C" using "C-PC001". Is evaluated, and an attempt is made to generate a right to use the file server B-FS001 under the above conditions for the IC card that is communicating with the C-PC001 used by the user B-1. However, the right to use the file server B-FS001 at this time is not generated. The reason that the usage right is not generated is that the local space management mechanism B uses the file server of the company B by using the resources managed by the Internet cafe C from the Internet cafe C with no affiliated company. Is based on such a parameter that the usage right is not generated. Since the access is from an Internet cafe C that has no affiliated relationship via a resource managed by the Internet cafe C, the possibility of leaking confidential information from the C-PC001 installed by the Internet cafe C cannot be excluded. The right to use the file server cannot be created in accordance with the policy of not allowing access to limited files.
[0133]
Also, the services available to the user change according to the combination of the location where the user exists and the resources used by the user. An example will be described.
[0134]
The user B-1 uses the B-PDA001 owned by the user at the Internet cafe C to instruct the mediation mechanism to search his / her office via the local space management mechanism C. The mediation mechanism informs the local space management mechanism B via the local space management mechanism C and the mediation mechanism that there is an application for use of the file server B-FS001 according to the command of the user B-1. The local use right management means of the local space management mechanism B includes information that “user B-1” uses “B-FS001” from “local space C” using “B-PDA001”. Is evaluated, and the use right of the file server B-FS001 is generated for the IC card communicating with the B-PDA001 of the user B-1 under the above conditions.
[0135]
At this time, the use right of the file server B-FS001 is a use right that can refer to two files such as B-F03 and B-F04. The basis for setting the usage right that only two files can be referred to is that the local space management mechanism is based on the resources managed by company B while employees of company B are in Internet cafe C, which has no affiliation. This is because, using a certain B-PDA001, the user has a policy that defines the usage right based on the parameter of using the file server of Company B. Although there is no tie-up relationship, since the access is through resources managed by the company B, a usage right that enables the use of the file server B-FS001 while limiting the file type is generated.
[0136]
In this example, the usage right is stored in the IC card of the user B-1, but the usage right is stored in the local space management mechanism B or the mediation mechanism, and the usage right is stored every time the user uses it. There are also ways to make an inquiry.
[0137]
In this example, in order to realize only the request that the user B-1 refers to the file in the file server B-FS001 in his office, the PC or PDA used by the user B-1 and the file server B-FS001 are used. A virtual LAN connecting these two resources is constructed.
[0138]
That is, by configuring a virtual LAN between a PC or PDA under the management of the local space management mechanisms A and C and the file server B-FS001 under the management of the local space management mechanism B, Company A, which manages the resources and services managed by the local space management mechanism A, hides its own resources and services unnecessary for the user B-1 from the user B-1. The service can be safely realized after eliminating the risk of eavesdropping on information from resources existing in the Internet cafe C.
[0139]
(6) Control of resources and services by local context
In a conference room of Company A managed by the local space management mechanism A, three employees A-1, User A-2, and User A-3, employees of Company A, share files on the plasma display and the file sharing server. We were discussing using A. File A contains a confidential matter for Company A, and the local space management mechanism A uses a usage policy that is permitted to refer only to the local context information in which an IC card indicating an employee of Company A is detected. It is assumed that you have At this time, when the IC card of the employee B-1 of the company B is detected with respect to the local space management mechanism A, the display of the file on the plasma display is stopped by the context management means of the local space management mechanism A. You.
[0140]
(7) Transfer of usage right by user
It is also possible to realize transfer of the usage right from user to user by writing information for another user to intentionally generate the usage right in the IC card held by the user.
[0141]
From the IC card owned by the user A-1 to the IC card owned by the user B-1, the use right of the print service which is not originally owned by the user B-1 and managed by the local space management mechanism A is changed. The endorsement information to be generated is given to the individual user information management means or the user usage right management means of the IC card of the user B-1.
[0142]
The IC card of the user B-1 transmits endorsement information for generating a usage right from the user A-1 to the local space management mechanism A, and the local space management mechanism A prints the user B-1. A service use right is generated, and the user B-1 can use the print service at the responsibility of the user A-1.
[0143]
Note that the endorsement information can be invalidated by the endorsement information issuer by setting the number of effective uses, the effective period, and the like.
[0144]
(8) Coordination and composition of resources and services
When the user B-1 exists in the local space A, the user B-1 acquires the right to use the printer A-CP001 as shown in (4) and tries to use it. It was determined from the service information of the local space management mechanism A that CP001 was being used by the user A-3, an employee of the company A, and was in a state where it took 10 minutes to complete the printing. The user B-1 communicates with the local space management mechanism D that manages resources and services in the local space D via the local space management mechanism A and the mediation mechanism by using the B-PDA001 that is its own PDA. . The user B-1 uses the screen of the PDA B-PDA001 owned by the user B-1 to manage the printer D-CP001, which is a resource, and the monochrome print service D-CP001, which is a service executed on the printer, managed by the local space management mechanism D. Request usage right to use -1. The local space management mechanism D confirms the conditions of the IC card owned by the user B-1, the PDA owned by the user B, and the local space management mechanism A that manages the local space A that the user B-1 intends to use. Then, the user B-1 determines that the printer D-CP001 and the monochrome print service D-CP001-1 can be used under these conditions, and permits the use to the user B-1.
[0145]
In addition, in the user context information of the user information storage mechanism in the form of an IC card or the like, the following are described as resources and services that the user always uses as an ideal work environment for the user.
Resource 1: PC CPU clock 1G Hertz Memory 512MB Hard disk 20G bytes 101 keyboard
Resource 2: 17-inch color display
Resource 3: Color printer
Resource 4: File server CPU clock 1G Hertz Memory 512MB Hard disk 120G bytes
Service 1-1: Use service of application 1
Service 1-2: Use of Special Character Font B-1
Service 2-1: Display use service
Service 3-1: Print service
Service 4-1: File sharing service
A user B-1 enters an office service room D which is a local space D, and through his / her own PDA B-PDA001, a local space management mechanism D and an IC card B-1 which is a user information storage mechanism of the user B. To communicate. The local space management mechanism D reads the resources and services described in the ideal work environment of the user B-1 described above inside the IC card B-1, and synthesizes the resources.
[0146]
Since the CPU clock of the PDA B-001 of the user B-1 is only 200 MHz and the memory is 16 MB, the CPU clock corresponding to the “resource A” and the 512 MB of memory, the 20 GB hard disk, The use right of D-PC001 managed by the local space management mechanism D having a 101 keyboard is acquired. In addition, in order to use the 17-inch display, the right to use the D-DSP001 of the 17-inch display, which is a resource managed by the local space management mechanism D, and the display service D-DSP001-1, which is a display service, is acquired. I do.
[0147]
In the local space D where the user B-1 exists, the color printer D-CP001 exists, but another user z uses the printer, and it may take 10 minutes for the user z to finish the service. Since the confirmation has been confirmed, the user B-1 mediates between the B-PDA001 and the local space management mechanism D with respect to the local space management mechanism A which manages resources and services existing in the nearby local space A. The user information in the IC card B-1 is transferred via the mechanism, and the right to use the color printer A-CP001, which is a resource, and the color print service A-CP001-2 executed on color printing is acquired. If the local space management mechanism A has a policy setting that cannot provide a color print service to a user outside the company (user B-1) connected from outside (local space D), B-1 may acquire the right to use the monochrome print service of A-CP001-1 and substitute it.
[0148]
Further, the file server used daily by the user B-1 is unique, and the resources and services existing in the local space D where the user exists and the local space A in the vicinity include the user B- 1. 1 does not satisfy the request, the user B-1 requests the B-FS001 and the local space management mechanism D for the local space management mechanism B where the file server B-FS001 requested by the user B exists. Then, the user information in the IC card B-1 is transferred via the intermediary mechanism and the file server B-FS001, which is a resource, and the right to use the file sharing service B-FS001-1 operating on the B-FS001 is acquired.
[0149]
The services used by the user on the PC D-PC001 include the use of the application 1 and the use of the special font B-1. However, since the application 1 exists on the D-PC001 and the usage right is generated without any problem. If so, the use right of the application 1 is acquired from the local space management mechanism D. If the special character font B does not exist in the D-PC001, the user B-1 sends the special character font B-1 to the local space management mechanism B in which the special character font B-1 requested by the user B exists. The user information in the IC card B-1 is transferred via the PDA001, the local space management mechanism D, and the mediation mechanism, and the special character font B- existing on the B-PC001 normally used by the user B-1. Acquire and use the right to use 1
[0150]
By realizing the coordination and synthesis of the resources and services as described above, for example, resources such as a file server existing in the user's office space and PCs that the user normally uses, and services available on the resources, Use right after obtaining the right to use while away from home, and at the same time, obtain the right to use the resources such as PCs, printers, displays, etc. that are on the go or nearby and the services available on those resources. By using, it is possible to combine resources and services existing in a plurality of local spaces and completely reproduce an ideal work space, or reproduce an approximate work space.
[0151]
As described above, the invention made by the inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and can be variously modified without departing from the gist of the invention. Of course.
[0152]
【The invention's effect】
By using the present invention
(1) When a user brings a terminal device to any place and uses resources and services connected to a network, the user, the device used by the user, the place where the device used by the user exists, and the user connect It is possible to safely execute resources and services based on the situation of the place where the device or service that is going to exist or the place where the user exists.
(2) Evaluate the attributes of each user, the environment to which the user belongs, and the usage environment of the resources and services to be used, determine the usage conditions, and if the usage conditions are not met, use other authorized users. By dynamically setting the usage right by obtaining endorsement information for issuing the usage right from, it is possible to prevent information leakage due to repeated use of accounts.
(3) It is possible to configure a virtual computer network with a minimum combination of resources according to the user's usage right generated as described above, and to control limited access to resources and services.
(4) It is possible to restrict the use of the service according to the dynamic change of the situation (context) of the local space where the user exists.
(5) As described above, since locations, resources, and services are logically described while maintaining consistency, it is possible to search for a physical location of an entity that executes resources and services.
(6) It is possible to combine the work environment that is ideal for the user even at the destination of the user.
[Brief description of the drawings]
FIG. 1 is a diagram showing an example of a system configuration of a usage right management method of the present invention.
FIG. 2 is a diagram illustrating an example of a structure of a user information storage mechanism.
FIG. 3 is a diagram illustrating an example of the structure of a resource or a resource identification mechanism.
FIG. 4 is a diagram showing an example of the structure of a local space management mechanism.
FIG. 5 is a diagram illustrating an example of the structure of the mediation mechanism.
FIG. 6 is a diagram showing an example of a sequence of resource / service registration.
FIG. 7 is a diagram showing an example of a registration sequence of the local space management mechanism.
FIG. 8 is a diagram showing an example of user information registration for using resources and services.
FIG. 9 is a diagram illustrating an example of using resources and services in a local space.
FIG. 10 is a diagram illustrating an example of use of resources and services between local spaces.
FIG. 11 is a diagram showing an example of personalization of resources and services.
FIG. 12 illustrates an example of service control by context.
FIG. 13 is a diagram illustrating an example of transfer of a usage right by a user.
FIG. 14 is a diagram illustrating an example of adjustment of resources and services.
FIG. 15 illustrates an example of combining resources and services.

Claims (28)

Communication means owned by each user, and individual user information management means for managing user information corresponding to a group of metadata based on attributes of each user such as a user ID and a user role while ensuring the validity. User right management means that manages usage rights while ensuring their legitimacy, user context information that is the user's preference information on the use of resources and services, and the situation when users use resources and services. A user information storage mechanism having user context management means for managing a user context that is information to be expressed;
A resource having communication means, resource information management means for managing the ID and type of the resource, service information management means for managing services performed on the resource, and service execution means for executing the service;
Communication means for communicating with resources, and local management for managing spatial information to which it belongs based on a group of metadata related to spatial information in order to manage resources in a local space and services executed on the resources. Service that manages its own use for the user based on the metadata group related to resource information, and service that manages the use for the user. Resource service management means for managing based on a group of metadata about information, local user management means for managing users who can use resources and services based on a group of metadata about users, and users using resources and services It is determined by combining the user context information, which is the context required above, with the user information, resource information, and service information. The context management means that manages the local context to be performed based on the metadata group of each information, and the information described along the metadata group managed by the plurality of management means is evaluated for the user. A use right management system comprising a local space management mechanism having local use right management means for generating use rights of resources and services. The usage right management system according to claim 1, wherein any of the communication means, the resource information management means, the service information management means, and the service execution means is shorter than the resources defined in claim 1, A use right management system, comprising: a resource identification mechanism that enables the resource to be managed by a local space management mechanism. Communication means that manages multiple resources and resource identification mechanisms, communicates with multiple local space management mechanisms, and manages spatial information corresponding to metadata groups based on spatial information, managed by multiple local space management mechanisms A local space search unit, a resource information search unit that manages resource information corresponding to a metadata group based on resource information, and a service information search unit that manages service information corresponding to a metadata group based on service information. 2. The system according to claim 1, further comprising: a user information management unit that manages user information corresponding to a metadata group based on the user information; and an intermediary mechanism having a usage right information management unit for resources and services in a local space. 2. The usage right management system according to 2. In a usage right management system that has a local space management mechanism that manages resources and resource identification mechanisms and a user information storage mechanism, users existing in the local space managed by the local space management mechanism can use the local space management mechanism. When using resources and services that exist in the local space managed by the user, the user information in the user information storage mechanism owned by the user and the space information, resource information, and services managed by the local space management mechanism A usage right management system that evaluates information, context information, and user information and generates usage rights. A usage right management system that manages a plurality of resources and a resource identification mechanism and has a plurality of local space management mechanisms, an intermediary mechanism, and a user information storage mechanism. The usage right management system exists in a local space A managed by the local space management mechanism A. When a user uses resources and services existing in the local space B managed by the local space management mechanism B existing in a remote place, the user information in the user information storage mechanism owned by the user and the local information Evaluate space information, resource information, service information, context information, and user information managed by the space management mechanism A and space information, resource information, service information, context information, and user information managed by the local space management mechanism B And a usage right management system that generates usage rights. The use right management system according to any one of claims 1 to 5, wherein the generated use right is stored in a user use right management unit in a user information storage mechanism owned by the user or a local space management. Stored in the local use right management means in the mechanism, the stored use right is evaluated by the local use right management means in the local space management mechanism, and the user manages the use right by the local management mechanism. When using resources and services, the use of resources and services is granted according to the usage right, the state of use is managed, and user information, resource information, and service information managed by the local space management mechanism are monitored in real time. A use right management system characterized by having a function of managing as local context information and stopping the use of resources and services according to the content of the local context information. In the usage right management system according to any one of claims 1 to 6, if the user A cannot use resources and services in the local space managed by the local space management mechanism, the user A When the space management mechanism evaluates the user information in the user information storage mechanism owned by the user A and the space information, resource information, service information, context information, and user information managed by the local space management mechanism. Under the management of the local space management mechanism, the user B registered in the local user management means of the local space management mechanism may, under certain conditions, change the user of the user information storage mechanism owned by the user A. The usage right is transferred to the usage right management means, and the history of the transfer of the usage right from the user B to the user A is managed by the local space management mechanism. Permits the use of resources and services, manages the state of use, monitors user information, resource information, and service information managed by the local space management mechanism in real time and manages it as local context information, and the content of local context information A use right management system characterized by having a function of stopping the use of resources and services according to the requirements. The use of resources and services within a local space management mechanism or between local space management mechanisms is adapted and realized according to a user context using user context information in a user information storage mechanism owned by a user. The use right management system according to any one of claims 1 to 7. Communication means owned by each user, and individual user information management means for managing user information corresponding to a group of metadata based on attributes of each user such as a user ID and a user role while ensuring the validity. User right management means that manages usage rights while ensuring their legitimacy, user context information that is the user's preference information on the use of resources and services, and the situation when users use resources and services. A user information storage mechanism having user context management means for managing a user context that is information to be expressed;
A resource having communication means, resource information management means for managing the ID and type of the resource, service information management means for managing services performed on the resource, and service execution means for executing the service;
Communication means for communicating with resources, and local management for managing spatial information to which it belongs based on a group of metadata related to spatial information in order to manage resources in a local space and services executed on the resources. Service that manages its own use for the user based on the metadata group related to resource information, and service that manages the use for the user. Resource service management means for managing based on a group of metadata about information, local user management means for managing users who can use resources and services based on a group of metadata about users, and users using resources and services It is determined by combining the user context information, which is the context required above, with the user information, resource information, and service information. The context management means that manages the local context to be performed based on the metadata group of each information, and the information described along the metadata group managed by the plurality of management means is evaluated for the user. A use right management method comprising a local space management mechanism having a local use right management means for generating use rights of resources and services. In the usage right management method according to the ninth aspect, any one of the communication means, the resource information management means, the service information management means, and the service execution means is shorter than the resources defined in the ninth aspect, A use right management method, comprising: a resource identification mechanism that enables the resource to be managed by a local space management mechanism. Communication means that manages multiple resources and resource identification mechanisms, communicates with multiple local space management mechanisms, and manages spatial information corresponding to metadata groups based on spatial information, managed by multiple local space management mechanisms A local space search unit, a resource information search unit that manages resource information corresponding to a metadata group based on resource information, and a service information search unit that manages service information corresponding to a metadata group based on service information. 10. The system according to claim 9, further comprising: a user information managing unit that manages user information corresponding to a metadata group based on the user information; and an intermediary mechanism having a use right information managing unit for resources and services in a local space. 10. The usage right management method according to 10. In a usage right management system that has a local space management mechanism that manages resources and resource identification mechanisms and a user information storage mechanism, users existing in the local space managed by the local space management mechanism can use the local space management mechanism. When using resources and services that exist in the local space managed by the user, the user information in the user information storage mechanism owned by the user and the space information, resource information, and services managed by the local space management mechanism A usage right management method that evaluates information, context information, and user information and realizes usage right generation. A usage right management system that manages a plurality of resources and a resource identification mechanism and has a plurality of local space management mechanisms, an intermediary mechanism, and a user information storage mechanism. The usage right management system exists in a local space A managed by the local space management mechanism A. When a user uses resources and services existing in the local space B managed by the local space management mechanism B existing in a remote place, the user information in the user information storage mechanism owned by the user and the local information Evaluate space information, resource information, service information, context information, and user information managed by the space management mechanism A and space information, resource information, service information, context information, and user information managed by the local space management mechanism B Usage right management method that realizes usage right generation. A local use right management in a user information management means in a user information storage mechanism owned by a user, or a local use right management in a local space management mechanism, wherein the use right generated by the use right management method according to claim 12 or 13 is stored. The local usage right management means in the local space management mechanism evaluates the stored usage right in the local space management mechanism, and when the user uses the resources and services managed by the local management mechanism, , The use of resources and services is licensed according to the usage right, the state of use is managed, user information, resource information, and service information managed by the local space management mechanism are monitored in real time and managed as local context information, A use right management method characterized by having a function of stopping use of resources and services according to the content of local context information. In the usage right management method according to any one of claims 9 to 14, if the user A cannot use resources and services in the local space managed by the local space management mechanism, the user A When the space management mechanism evaluates the user information in the user information storage mechanism owned by the user A and the space information, resource information, service information, context information, and user information managed by the local space management mechanism, Under the management of the local space management mechanism, the user B registered in the local user management means of the local space management mechanism can use the user information storage mechanism of the user A under certain conditions. The use right is transferred to the right management means, the history of transfer of the use right from the user B to the user A is managed by the local space management mechanism, and the transfer to the user A is performed. Licensing of services and services, managing the state of use, monitoring the user information, resource information, and service information managed by the local space management mechanism in real time and managing them as local context information. A use right management method characterized by having a function of stopping the use of resources and services in response. The use of resources and services within a local space management mechanism or between local space management mechanisms is adapted and realized according to a user context using user context information in a user information storage mechanism owned by a user. The use right management method according to any one of claims 9 to 15. An apparatus in which various devices have resources having communication means for communicating with a local space management mechanism and a user information storage mechanism, resource information management means, service information management means, and service execution means. An apparatus provided with a resource identification mechanism having communication means, resource information management means, service information management means, and service execution means attached to a resource having no means defined in claim 17. Communication means for communicating with a plurality of resources and mediation mechanisms existing in a local space to be managed, local space management means, belonging resource management means, local user management means, resource service management means; An apparatus provided with a local space management mechanism having local use right management means and context management means. Intermediary having communication means for communicating with a plurality of local space management mechanisms, use right information management means, local space search means, resource information search means, service information search means, and user information management means A device with a mechanism. Communication means, individual user information management means, user owned by each user to use resources and services on a usage right management system having a resource and resource identification mechanism, a plurality of local space management mechanisms, and an intermediary mechanism An apparatus provided with a user information storage mechanism having usage right management means and user context management means. In the usage right management system according to any one of claims 1 to 8, the operating state and the usage right state of the resources and services managed by each local space management mechanism are managed, so that the user's right is managed. Depending on the action, one or more local space management mechanisms search for a plurality of resources and services managed by the local space management mechanism, and the local space management mechanism managing the resources and services presents the search results to the user. A right-of-use management system, wherein the right-of-use management system selects resources and services that can be used immediately, acquires a right of use, and can use the right. 9. The use right management system according to claim 1, wherein when a user enters the local space A managed by the local space management mechanism A, the local space management mechanism A The resources and services that the user intends to use, stored in the user context management means in the user information storage mechanism possessed by the user via the resources existing in the user, are matched with the metadata group corresponding to the resources and the services. By transmitting the described information to the local space management mechanism A and the search conditions for resources and services that the user intends to use performed by the user to the local space management mechanism A, The local space management mechanism A, which manages willing resources and services, and a plurality of other local space management mechanisms are linked via an intermediary mechanism to create physically different locations. Presents candidates for resources and services that the user, who is managed by a plurality of local space management mechanisms, has the intention to use, and selects the necessary resources and services by selecting the user from the candidates for resources and services. The usage right is generated from each local space management mechanism, and it is possible to completely reproduce the user's ideal resources and services, or to reproduce the user's ideal resources and services as much as possible. A use right management system characterized by the following. In the usage right management method according to any one of claims 9 to 16, by managing the operating status and usage right status of resources and services managed by each local space management mechanism, a user's right is managed. Depending on the action, one or more local space management mechanisms search for a plurality of resources and services managed by the local space management mechanism, and the local space management mechanism managing the resources and services presents the search results to the user. A resource or service that can be immediately used by the user, obtains a usage right, and uses the resource or service. The use right management method according to any one of claims 9 to 16, wherein when a user enters a local space A managed by the local space management mechanism A, the local space management mechanism A The resources and services that the user intends to use, stored in the user context management means in the user information storage mechanism possessed by the user via the resources existing in the user, are matched with the metadata group corresponding to the resources and the services. By transmitting the described information to the local space management mechanism A and the search conditions for resources and services that the user intends to use performed by the user to the local space management mechanism A, The local space management mechanism A, which manages willing resources and services, and a plurality of other local space management mechanisms are linked via an intermediary mechanism to create a physically different location. A resource managed by a plurality of local space management mechanisms is presented to the user with candidates for resources and services that the user intends to use, and the user selects the required resources and services from among the resources and services and uses them for the required resources and services. Rights should be generated from each local space management mechanism to either completely replicate the user's ideal resources or services, or to replicate the user's ideal resources or services as much as possible. Characteristic usage management method. When the devices described in claims 17 to 21 communicate with each other, they cooperate with the communication means of each mechanism, mutually authenticate the devices, and perform communication between the devices. A use right management system having a mutual authentication mechanism at the time of communication for performing secure communication. When the devices described in claims 17 to 21 communicate with each other, they cooperate with the communication means of each mechanism, mutually authenticate the devices, and perform communication between the devices. A use right management method characterized by having a communication mutual authentication mechanism for performing secure communication. In order to perform mutual authentication between the devices of claim 26 and claim 27, a communication means for communicating with a communication means of a device having the mechanism, an ID of a communication source device and an ID of a communication destination device, A mutual authentication mechanism for communication that holds the digital certificates of the communication source device and the communication destination device for performing mutual authentication, performs mutual authentication during communication between the relevant mechanisms, and secures a secure communication path. Equipment to be equipped.

Images