JP2005284344A - Information processing system, information processing apparatus and method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable participants to easily share materials in an electronic conference system or the like. <P>SOLUTION: A user A being the distributer of the materials of a conference uses a personal information management device 222-1. The personal information management device 222-1 decides at least one set of materials constituted of one or more resources used for the conference, and decides which participant of the conference should the set of the materials be distributed to. Then, the personal information management device 222-1 transmits(distributes) the set of the materials through a network 215-2 to a personal information management device 222-2 of a user B and a personal information management device 222-3 of a user C. For example, this invention may be applied to an electronic conference system which performs a conference by using an equipment connected through the network. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus and method, and a program, and in particular, in an electronic conference system that performs a conference using an information processing apparatus connected via a network, for example, materials are easily shared between participants. The present invention relates to an information processing apparatus and method, and a program.

  Conventionally, when a conference is held at a company or the like, a presenter who makes a presentation at the conference supplements a document that explains the content to the participants who participate in the conference and listen to the content of the presentation so that it can be easily understood ( Documents) and data were prepared and distributed to each participant at the meeting, or displayed on a display such as a projector.

  In recent years, construction of intranets has rapidly spread due to lower prices of PCs (Personal Computers) and higher speeds of networks, and materials such as conferences remain as files and other data between presenters and participants. More and more are being exchanged. This makes it possible to save the presenter from having to distribute the materials to each participant.

  The presenter of the conference distributes (sends) the data as it is to the participant's PC that participates in the conference, or the participant presents the presenter's material at the conference location such as a conference room. The following various methods have been proposed for electronic conferencing systems that allow users to share documents using a PC, such as downloading to a local PC connected to the network for viewing. Here, the distributor who distributes the material may be an organizer who hosts the conference, a moderator who moderates the conference, or each presenter who makes a presentation at the conference.

  Patent Document 1 discloses an electronic conference system relating to a method for securely transmitting and receiving materials between conference participants and a method for sharing materials without being restricted by a specific terminal.

  Further, Patent Document 2 discloses an electronic file delivery system that delivers an electronic file (material) used in a meeting or the like using a wireless terminal.

  Patent Document 3 discloses an electronic distribution system that distributes materials by communicating between terminals that participants bring into a conference room.

  Further, Patent Document 4 discloses a virtual conference system that shares documents only between remote locations. The virtual conference system described in Patent Document 4 transfers an image displayed on a host computer to a local computer at each remote location, and from each local computer, operation information is transferred to the host computer. It is possible to operate.

  However, the electronic conference system of Patent Document 1 has the following problems, for example.

  (A) It requires a device such as a file sharing server and a user information server for sharing a document file, and a staff member such as a secretariat that supports these devices, which increases operational costs.

  (A) In order for a conference participant to start using the electronic conference system as a user, it is necessary to perform operations such as user registration and recording of a secret key.

  (C) A method for preventing spoofing of a file sharing server is difficult.

  (D) When the file sharing server is attacked, all the materials existing in the file sharing server may be viewable.

  Further, in the electronic file delivery system of Patent Document 2, for example, when the terminal brought into the conference room by the participant is not the terminal that the participant normally uses, the terminal that the participant usually uses (for example, After transferring materials to a desktop PC, etc., or transferring to a terminal that participants usually use, it is necessary to create a folder with the conference name as the directory name and organize the materials.

  In the electronic distribution system of Patent Document 3, there is a restriction that, for example, the same application that can open the same file must be installed in the terminal brought into the conference room by the participant.

  Further, in the virtual conference system of Patent Document 4, a presenter who presents at a conference needs to prepare materials used in the conference in a local computer, copy necessary materials to a predetermined recording medium, It takes time and effort to download from a place where materials are stored via a predetermined network.

  Generally, an electronic conference system has the following troublesome work (problem). In the following, the distribution of materials in the electronic conference system refers to distributing (transmitting) material data.

  1. You need to decide who will distribute the materials. The person who can be a distributor who distributes materials is, for example, each presenter or a moderator when a moderator (facilitator) collects and distributes materials from each presenter.

  2. Some materials may be distributed to only a part of the participants for reasons such as confidentiality obligations, and others may be distributed to all participants. In addition, when the same participant is held many times, in the first meeting, the participants exchange the business cards and grasp the names and departments of the participants. You may forget the participant's name or department, and the participant's name and face may not match, but you may not be able to ask the participant directly, and it may be difficult to determine which participant to distribute.

  3. During the meeting, the presenter may want to explain to the participants using something other than the planned materials. When the material suddenly needed in such a case is stored in a PC other than the conference room, for example, the material may not be used. In addition, if the screen of his / her PC is shown to all participants, there is a problem that information related to confidential business information is displayed on the screen and is seen by all participants.

  4). When a distributor distributes materials to participants using e-mail, it is necessary to collect the e-mail addresses of participants who are destinations. In addition, in the case of electronic mail, even if data compression or the like is performed due to limitations of a mailbox, the file size of the material may be too large to be distributed to participants.

  5). When a recording medium that can be transferred between a distributor and a participant (a person who receives materials) is used to record and distribute a file on the recording medium, it takes time to copy the file to the recording medium. In addition to the data of the material, there is a possibility that data that you do not want to be seen by other people may be recorded in the recording media, and that data cannot be erased or copied to other recording media or accessed. It may be necessary to work such as.

  6). When distributing a document using a file sharing server, it is necessary to perform operations (labor) such as uploading to the file sharing server and ensuring the security of the file sharing server. Also, it is difficult to understand the access status of participants. In addition, it is difficult to grasp the download status of whether or not the participant has downloaded the material. For example, it is difficult for the distributor to determine how long the material should be placed on the file sharing server. In addition, during a meeting, if an attempt is made to transfer a material file to a participant by placing it in a shared folder or the like, access between participants may overlap, and the material may not be copied well.

  7). There is a risk that the document may be eavesdropped because the document may be transmitted using an insecure communication path in the transmission / reception of the document. In addition, PKI is applied to all devices that send and receive data only to prevent misuse of systems and devices that participants cannot control, such as electronic conferencing systems and file sharing servers, and to only trust public keys between participants. Preparing a public key certificate using a third-party certification organization such as (Public Key Infrastructure) is not practical in terms of cost and time. In fact, there is a higher possibility that data will be stolen by impersonation of a user who uses it on a daily basis, rather than remodeling a device or system to be used.

JP 2002-41461 A JP-A-11-46191 JP 20027641 A JP-A-6-54323

  As described above, in the electronic conference system, the materials used for the conference are displayed on the display or distributed to the conference participants so that the conference participants can see the materials. In order to do so, it requires various efforts.

  The present invention has been made in view of such a situation, and in an electronic conference system or the like that conducts a conference using an information processing apparatus connected via a network, materials can be easily shared between participants. Is to be able to.

  In the information processing system according to the present invention, the first information processing apparatus includes a material storage unit that stores one or more materials, a material set setting unit that sets one or more material sets including one or more materials, and a second A distribution setting means for setting which material set of one or more types of material sets set by the material set setting means to a user having the information processing apparatus, and a document according to the setting by the distribution setting means Transmitting means for transmitting the set to the second information processing apparatus, and the second information processing apparatus includes receiving means for receiving the material set transmitted by the transmitting means.

  In the present invention, in the first information processing device, one or more materials are stored, one or more material sets including one or more materials are set, and set to a user having the second information processing device. Which material set is distributed among one or more types of material sets is set. Then, according to the setting, the material set is transmitted to the second information processing apparatus. Further, the second information processing apparatus receives the material set transmitted from the first information processing apparatus.

  An information processing apparatus according to the present invention provides a material storage means for storing one or more materials, a material set setting means for setting one or more material sets composed of one or more materials, and a material set for a user having another device. Distribution setting means for setting which material set is to be distributed among one or more types of material sets set by the setting means, and transmission means for transmitting the material set to another device according to the setting by the distribution setting means It is characterized by providing.

  This information processing apparatus can further be provided with authentication means for performing authentication with another apparatus.

  The information processing apparatus further includes receiving means for receiving materials of other users from other devices, and the transmitting means can transmit a material set including materials of other users to other devices. .

  The information processing apparatus may further include an acquisition status confirmation unit that confirms an acquisition status of the material set of a user of another device to which the transmission unit has transmitted the material set.

  An information processing method according to the present invention includes a storage step of storing one or more materials in a material storage means, a material set setting step of setting one or more material sets composed of one or more materials, and a user having another device. Among the one or more types of material sets set by the processing of the material set setting step, the distribution setting step for setting which material set is distributed, and the other material set according to the setting by the processing of the distribution setting step And a transmission step of transmitting to the apparatus.

  The program of the present invention includes a storage step for storing one or more materials in the material storage means, a material set setting step for setting one or more types of material sets made up of one or more materials, and a material for a user having another device. Of the one or more types of material sets set by the process of the set setting step, the distribution set step for setting which material set is to be distributed, and the material set to other devices according to the setting by the processing of the distribution setting step And a step of causing the computer to execute processing including a transmitting step of transmitting.

  In the present invention, one or more materials are stored, one or more material sets including one or more materials are set, and which of the one or more types of material sets is set for a user having another device. Whether to distribute the material set is set. Then, according to the setting, the material set is transmitted to another device.

  According to the present invention, it is possible to easily share materials among participants in an electronic conference system or the like that performs a conference using an information processing apparatus connected via a network.

  Embodiments of the present invention will be described below. Correspondences between constituent elements described in the claims and specific examples in the embodiments of the present invention are exemplified as follows. This description is to confirm that specific examples supporting the invention described in the claims are described in the embodiments of the invention. Therefore, even if there are specific examples that are described in the embodiment of the invention but are not described here as corresponding to the configuration requirements, the specific examples are not included in the configuration. It does not mean that it does not correspond to a requirement. On the contrary, even if a specific example is described here as corresponding to a configuration requirement, this means that the specific example does not correspond to a configuration requirement other than the configuration requirement. not.

  Further, this description does not mean that all the inventions corresponding to the specific examples described in the embodiments of the invention are described in the claims. In other words, this description is an invention corresponding to the specific example described in the embodiment of the invention, and the existence of an invention not described in the claims of this application, that is, in the future, a divisional application will be made. Nor does it deny the existence of an invention added by amendment.

The information processing system according to claim 1 comprises:
In an information processing system (for example, the electronic conference system of FIG. 27) including the first and second information processing apparatuses (for example, the personal information management devices 222-1 and 222-2 of FIG. 27),
The first information processing apparatus includes:
Material storage means for storing one or more materials (for example, storage unit 58 in FIG. 9);
A material set setting means (for example, a material distribution set creation screen window 401 in FIG. 48) for setting one or more material sets composed of one or more of the materials;
49. Distribution setting means for setting which material set of one or more kinds of material sets set by the material set setting means is distributed to a user having the second information processing apparatus (for example, FIG. 49). An association screen window 461);
Transmission means for transmitting the material set to the second information processing apparatus according to the setting by the distribution setting means (for example, the process of step S1904 in FIG. 51),
The second information processing apparatus
Receiving means (for example, the process of step S1924 in FIG. 51) for receiving the material set transmitted by the transmitting means.

The information processing apparatus according to claim 2
In an information processing device that communicates with other devices,
Material storage means for storing one or more materials (for example, storage unit 58 in FIG. 9);
A material set setting means (for example, a material distribution set creation screen window 401 in FIG. 48) for setting one or more material sets composed of one or more of the materials;
Distribution setting means for setting which material set of one or more kinds of material sets set by the material set setting means is distributed to the user having the other apparatus (for example, the association screen in FIG. 49) Window 461),
Transmitting means for transmitting the material set to the other apparatus according to the setting by the distribution setting means (for example, processing in step S1904 in FIG. 51).

An information processing apparatus according to claim 3 is provided.
An authentication unit for performing authentication with the other device (for example, processing in steps S1251 to S1256 in FIG. 39);
The transmission means transmits the material set to the other device when the authentication is successful.

The information processing apparatus according to claim 4 is:
Receiving means (for example, the process of step S2382 in FIG. 64) for receiving materials of other users from other devices,
The transmission means transmits the material set including the material of the other user to the other device.

The information processing apparatus according to claim 5 is:
The transmission means further comprises acquisition status confirmation means (for example, the association screen window 461 in FIG. 50) for confirming the acquisition status of the material set of the user of the other apparatus that has transmitted the material set. To do.

The information processing method according to claim 6 comprises:
In an information processing method of an information processing apparatus that communicates with another apparatus,
A storage step of storing one or more materials in the material storage means (for example, the processing of step S1408 in FIG. 40);
A material set setting step (for example, processing of a material distribution set creation screen window 401 in FIG. 48) for setting one or more types of material sets composed of one or more materials.
A distribution setting step (for example, corresponding to FIG. 49) for setting which material set of one or more types of material sets set by the processing of the material set setting step is distributed to the user having the other device. Processing of the attached screen window 461),
A transmission step of transmitting the material set to the other device according to the setting in the distribution setting step (for example, the process of step S1904 in FIG. 51).

The program according to claim 7 is:
In a program that is executed by a computer that communicates with another device,
A storage step of storing one or more materials in the material storage means (for example, the processing of step S1408 in FIG. 40);
A material set setting step (for example, processing of a material distribution set creation screen window 401 in FIG. 48) for setting one or more types of material sets composed of one or more materials.
A distribution setting step (for example, corresponding to FIG. 49) for setting which material set of one or more types of material sets set by the processing of the material set setting step is distributed to the user having the other device. Processing of the attached screen window 461),
According to the setting by the process of the distribution setting step, the computer is caused to execute a process including a transmitting step (for example, the process of step S1904 in FIG. 51) for transmitting the material set to the other apparatus.

  Next, an embodiment of the present invention will be described.

  In the embodiment of the present invention, for example, personal network communication and a PK (Personal Key) system can be used. First, personal network communication and a PK system will be described.

  Personal network communication is communication involving a human body, and is stable communication performed near the human body (human body proximity communication). In personal network communication involving a human body, there is communication controlled by the distance between the human body and an antenna. Such communication includes, for example, quasi-electrostatic field communication.

  The quasi-electrostatic field communication is a communication that forms a closed electrostatic information space that has a physical property (evanescent) that is established only in a closed region without being propagated remotely, in the vicinity of the human body. The human body becomes a weak static antenna and can communicate in a limited space of several centimeters or several meters around the human body.

  The principle of quasi-electrostatic field communication is as follows.

  That is, for example, when a current is passed through an electric dipole (dipole antenna), the electric field generated from the dipole antenna can be expressed by equation (1) according to the Maxwell equation.

・・・（１）

... (1)

In Expression (1), E _r represents an electric field component in the direction of the radius r, and E _θ represents an electric field component in the direction of the angle θ. Further, cos ωt represents charge vibration at the angular frequency ω, and t represents time. A is a coefficient representing the output (amplitude) (power) of the electric field defined by the charge amount of the two charges oscillating and the distance between the two charges. Furthermore, θ represents an angle around the center of the dipole antenna, and r represents a distance from the center of the dipole antenna (unit: [m]). Ε represents a dielectric constant, and k represents a wave number (unit: [1 / m]). Further, j represents that the subsequent value is an imaginary number.

Of each of the electric fields E _r and E _θ represented by the equation (1), the radiated electric fields E _1r and E _1θ which are components inversely proportional to the distance (radius) r are represented by the equation (2).

・・・（２）

... (2)

In addition, among the electric fields E _r and E _θ represented by the equation (1), the induction electromagnetic fields E _2r and E _2θ that are components inversely proportional to the square of the distance r are represented by the equation (3).

・・・（３）

... (3)

Furthermore, components E _3r and E _{3θ that} are inversely proportional to the cube of the distance r among the electric fields E _r and E _θ represented by the equation (1) are represented by the equation (4).

・・・（４）

... (4)

Components E _3r and E _3θ represented by the formula (4) are quasi-electrostatic fields.

Here, FIG. 1 shows electric field strengths and distances of radiated electric fields E _1r and E _1θ , induction electromagnetic fields E _2r and E _2θ , and quasi-electrostatic fields E _3r and E _3θ obtained by applying the Maxwell equation to a dipole antenna. The relationship with r is shown.

  In FIG. 1, the frequency f (= ω / (2π)) is 1 [MHz].

  In FIG. 1, there is an intensity boundary distance that is a distance at which the electric field strengths of the radiated electric field, the induction electromagnetic field, and the quasi-electrostatic field are equal, but the radiated electric field becomes dominant at a distance farther than the intensity boundary distance. Near the distance, the quasi-electrostatic field is dominant.

  According to the Maxwell equation, r satisfying equation (5) is the intensity boundary distance.

・・・（５）

... (5)

The wave number k in the equation (5) is expressed by the equation (6) when the speed of light is c (c = 3 × 10 ⁸ [m / s]) and the frequency is f (= ω / (2π)). The

・・・（６）

... (6)

  From Expression (5) and Expression (6), the intensity boundary distance r is expressed by Expression (7).

・・・（７）

... (7)

  FIG. 2 shows the relationship between the intensity boundary distance r expressed by the equation (7) and the frequency f.

  The intensity boundary distance r is uniquely obtained for the frequency f.

Accordingly, as shown in FIG. 3, when a plurality of N intensity boundary distances r ₁ , r ₂ ,... R _N are set from the transmitting terminal TX, the intensity boundary distances r ₁ , r ₂ ,. against · · r _N respectively, the frequency f _1, f ₂ satisfying the formula (7), · · ·, N number of quasi-electrostatic fields oscillating respectively f _N (portion is represented in the drawing broken line) A dominant space can be formed. However, <and that the _{r 2 <··· <r N,} f 1> f 2>···> r 1 is f _N.

Here, _depending on the relationship between the intensity boundary distance r _n and the frequency f _n satisfying the expression (7) with respect to the intensity boundary distance r _n (n = 1, 2,..., N), the quasi-electrostatic field The distance between the transmitting terminal TX and the receiving terminal RX that perform communication can be obtained.

  That is, for example, in the transmission terminal TX, two electric fields oscillating at two different frequencies can be formed with the same output (power), and the electric field strength of a predetermined level TH or higher can be received in the electric field. Assume that the receiving terminal RX moves. In this case, the receiving terminal RX can communicate with the transmitting terminal TX within a range (distance) within the electric field formed by the transmitting terminal TX in which the electric field strength of a predetermined level TH or higher can be received.

  FIG. 4 shows that the frequencies of two electric fields formed by the transmitting apparatus TX are, for example, 5 [MHz] and 50 [MHz], and the radiated electric field, induced electromagnetic field, and quasi-electrostatic field of each of the two electric fields are shown. The relationship between electric field strength and distance r is shown.

In Figure 4, 5 for the field frequencies [MHz], (in FIG. 4, 10 and has a ^-2) predetermined level TH capable receiving terminal RX to receive more than the distance that the electric field strength can be obtained (FIG. 4 is 10 [m]), the quasi-electrostatic field is dominant.

  On the other hand, with regard to the electric field having a frequency of 50 [MHz], the quasi-electrostatic field is dominant up to 1 [m] of the distance at which the electric field strength of the predetermined level TH or higher that can be received by the receiving terminal RX is obtained. However, if it exceeds 1 [m], the radiation electric field becomes dominant.

  Therefore, in the transmitting terminal TX, like the electric field having the frequency of 5 [MHz] in FIG. 4, the quasi-electrostatic field is generated only within the distance that the electric field strength of the predetermined level TH or higher that can be received by the receiving terminal RX is obtained. When the output of the electric field having a frequency of 50 [MHz] is adjusted so as to be dominant, the relationship between the electric field strength and the distance r shown in FIG. 4 becomes as shown in FIG.

  In the transmitting terminal TX, as described above, by adjusting the output of the electric field, an electric field of a predetermined level TH or higher that can be received by the receiving terminal RX at any frequency of 5 [MHz] and 50 [MHz]. Within a strong electric field, the quasi-electrostatic field is dominant.

Accordingly, the transmission terminal TX, at the location of the transmission terminal TX (antenna) from the intensity boundary r _n, the field strength of the electric field of frequency f _n to satisfy the equation (7) with respect to its intensity boundary distance r _n, By adjusting the output of the electric field of the frequency f _n so that the reception terminal RX can receive a predetermined level TH, it vibrates at the frequency f _n as a space where the transmission terminal TX and the reception terminal RX can communicate. It is possible to reliably form a space in which the quasi-electrostatic field is dominant.

  Furthermore, in this case, the distance between the transmission terminal TX and the reception terminal RX can be detected based on the frequency of the quasi-electrostatic field that can be received by the reception terminal RX.

Now, in the transmission terminal TX, the output adjustment coefficient _An is introduced as a coefficient for adjusting the output of the electric field of the frequency f _n as described above, and the coefficient A in the equations (1) to (4) is replaced by the output adjustment coefficient a _n. In this case, the electric field of frequency f _n, the absolute value E _n of the electric field intensity in the intensity boundary r _n is expressed by formula (8).

・・・（８）

... (8)

The output adjustment coefficient A _n in the formula (8), the absolute value E _n of the electric field strength may be set to a value which is a predetermined level TH in the intensity boundary r _n.

Field strength of the quasi-electrostatic field is inversely proportional to the cube of the distance r, the ratio in the range of the intensity boundary r _n, the space quasi-electrostatic field of a frequency f _n is dominant, the radiation field and the induction field And can be clearly formed.

Accordingly, the transmission terminal TX, depending on whether the electric field output of the frequency f _n, when adjusted by the output adjustment coefficient A _n, the receiving terminal RX is able to receive signals of a quasi-electrostatic field of a frequency f _n, The distance between the transmission terminal TX and the reception terminal RX can be detected with high accuracy.

That is, for example, as shown in FIG. 6, if the transmitting terminal TX outputs electric fields of _three frequencies f ₁ , f ₂ , and f ₃ whose outputs are adjusted as described above, the receiving terminal RX When all quasi-electrostatic fields of frequencies f _{1 to} f ₃ can be received, the distance r between the transmitting terminal TX and the receiving terminal RX is equal to or less than the intensity boundary distance r ₁ corresponding to the frequency f _1. Can be detected.

In addition, when the receiving terminal RX can receive only the quasi-electrostatic fields of both frequencies f ₂ and f ₃ , the distance r between the transmitting terminal TX and the receiving terminal RX is an intensity corresponding to the frequency f _1. It can be detected that the distance is larger than the boundary distance r _{1 and not} more than the intensity boundary distance r ₂ corresponding to the frequency f ₂ .

Furthermore, when the receiving terminal RX can receive only the quasi-electrostatic field of the frequency f ₃ , the distance r between the transmitting terminal TX and the receiving terminal RX is greater than the intensity boundary distance r ₂ corresponding to the frequency f _2. It can be detected that it is large and is equal to or less than the intensity boundary distance r ₃ corresponding to the frequency f ₃ .

When the receiving terminal RX cannot receive any quasi-electrostatic field of the frequencies f _{1 to} f ₃ , the distance r between the transmitting terminal TX and the receiving terminal RX is an intensity boundary corresponding to the frequency f _3. It can be detected that the distance is greater than r ₃ .

  In a space where the quasi-electrostatic field is dominant, communication performed by detecting a change in the electric field strength is quasi-electrostatic field communication.

Then, from the above, the space quasi-electrostatic field is dominant, the transmission terminal TX to output an electric field (antenna), clear the space within the intensity boundary r _n corresponding to the frequency f _n of the electric field Therefore, according to the quasi-electrostatic field communication, communication can be performed reliably and stably in a space where the quasi-electrostatic field is dominant.

  By the way, in order to generate a radiation electric field and an induction electromagnetic field in the human body, it is necessary to pass a current through the human body. However, since the impedance of the human body is high, it is difficult to efficiently pass a current through the human body.

  On the other hand, the human body is likely to be charged like experiencing static electricity in daily life. A quasi-electrostatic field is generated by charging of the human body surface. The human body is charged by a very small amount of charge movement, and the change in the charge is instantaneously transmitted to the periphery of the human body surface, and an equipotential surface of a quasi-electrostatic field is formed in substantially the same direction from the periphery. In the space where the quasi-electrostatic field is dominant, the influence of the radiated electric field and the induction electromagnetic field is small, so that the human body functions efficiently as an antenna.

  In this way, communication performed by detecting a change in electric field strength in a space formed on the surface of the human body where the quasi-electrostatic field is dominant is quasi-electrostatic field communication as human body vicinity communication.

  Therefore, for example, when the user carries the transmission terminal TX, on the surface of the user's human body, a space in which the quasi-electrostatic field out of the electric field output from the transmission terminal TX is dominant (hereinafter referred to as quasi-electrostatic field as appropriate). Space) is formed in the range of the intensity boundary distance corresponding to the frequency of the quasi-electrostatic field from the human body surface. And, between the receiving terminal RX and the transmitting terminal TX carried by the user, only when the antenna of the receiving terminal RX exists in the quasi-electrostatic field space formed on the human body surface, that is, Quasi-electrostatic field communication can be performed through the user's human body only when the antenna of the receiving terminal RX exists within the range of the intensity boundary distance from the human body surface.

  From this, it can be said that the quasi-electrostatic field communication as human body proximity communication is communication that is controlled (whether or not communication is possible) according to the distance between the user's human body and the antenna of the receiving terminal RX.

  According to the quasi-electrostatic field communication as the human body proximity communication as described above, by appropriately setting the output (power) and frequency of the electric field by the transmission terminal TX, the human body of the user carrying the transmission terminal TX and , Only when the receiving terminal RX (the antenna) is located in the vicinity, for example, when close to within a few centimeters to several tens of centimeters, or close enough to contact, or contact Only when can quasi-electrostatic field communication be performed.

  Therefore, even if the user carrying the transmission terminal TX does not hold the transmission terminal TX over the reception terminal RX as in communication between an IC card and a reader / writer, for example, the transmission terminal TX and the reception terminal Communication with RX is possible.

  That is, when a user carries an IC card in a pocket of clothes, etc., in order to perform communication between the IC card and the reader / writer, the user takes out the IC card from the pocket. It is necessary to perform an explicit action for causing communication between the IC card and the reader / writer, such as approaching the reader / writer.

  On the other hand, according to the quasi-electrostatic field communication, when the user carrying the transmission terminal TX comes close to the reception terminal RX (the antenna thereof), communication is performed between the transmission terminal TX and the reception terminal RX. It is possible to perform communication between the transmitting terminal TX and the receiving terminal RX without performing an explicit action for the transmission.

  Note that even when the transmitting terminal TX and the receiving terminal RX are exchanged, that is, when the user carries the receiving terminal RX, the same is true as described above.

  Next, a PK system used in the embodiment of the present invention will be described.

  FIG. 7 is a block diagram illustrating a configuration example of the PK system.

  The network 21 is, for example, the Internet, a LAN (Local Area Network) or other wired or wireless network. In FIG. 7, the pBase 23 and the service system 24 (in FIG. 7, four service systems 24-1, 24-2, 24-3, and 24-4) are connected to the network 21.

  The PK (Personal Key) 22 is composed of a small portable computer or the like that stores personal related information that is information related to the user who is the owner. In FIG. 7, the user carries the PK 22 by putting it in a pocket of clothes, for example.

  Here, the personal information includes not only information for identifying the user such as name and address but also preference information, authentication information, point information, information received from other people, etc. It means various related information. In the following, personal information is also referred to as PMD (Personal Meta Data).

  The PK 22 communicates with the service system 24 in the area R around the service system 24. Further, the PK 22 can communicate with a nearby information device (not shown).

  In addition, between PK22 and the service system 24 grade | etc., Radio | wireless communications, such as RF (Radio Frequency) communication, quasi-electrostatic field communication, optical communication, or wired communication can be performed, but here, for example, the above-mentioned It is assumed that quasi-electrostatic field communication as human body proximity communication is performed. Therefore, both the PK 22 and the service system 24 have the same communication function as the transmission terminal TX and the reception terminal RX described with reference to FIGS. In this case, the area R in FIG. 7 is a range in the vicinity from the human body surface of the user.

  The PK 22 has an encryption function for encrypting information based on the encryption key. When communicating with the service system 24 or the like, the PK 22 is further connected to the pBase 23 or the like via the service system 24 as described later. When communicating, information is encrypted and transmitted. The same applies to the pBase 23 and the service system 24 that are communication partners of the PK 22.

  The pBase 23 is configured by a computer and stores the PMD (Personal Meta Data) of the user of the PK 22. The pBase 23 is connected to the network 21 and can communicate with the PK 22 via the service system 24 and the service system 24.

  In addition, pBase23 can be comprised by the home server (not shown) etc. of the user's house of the user of PK22, for example. In addition, the pBase 23 can be configured by, for example, a server on the Internet. In this case, the pBase 23 can also store PMDs of users other than the user of the PK 22.

  The service system 24 is configured by a computer or the like, and can communicate with the pBase 23 via the network 21. The service system 24 includes an antenna 25 for quasi-electrostatic field communication, and performs quasi-electrostatic field communication with the PK 22 via the antenna 25 and the user's human body. The service system 24 provides the user with services such as information provision and payment for shopping by performing quasi-electrostatic field communication with the PK 22. The service system 24 relays communication between the PK 22 and the pBase 23 via the network 21 by performing quasi-electrostatic field communication with the PK 22. That is, in this case, the service system 24 functions as an access point for communication between the PK 22 and the pBase 23.

  The antenna 25 can be installed near the service system 24, or can be installed at a position away from the service system 24.

  Here, the service system 24 provides services as, for example, a content server that provides web pages and music information, a credit card processing server that performs payment by credit card, a communication server that controls communication such as chat, and the like. It can be.

  In FIG. 7, four service systems 24-1 to 24-4 are illustrated as the service system 24, but the service system 24 is not limited to four.

  Furthermore, the service system 24 is not limited to a server, and may be a personal computer, a console terminal, various consumer electronics devices (CE devices), or the like.

  Further, the service system 24 may not be connected to the network 21.

  Further, the service system 24-i (i = 1, 2, 3, 4 in FIG. 7) is replaced with another service system 24-j (j = 1, 2, 3, 4 in FIG. ) Performs quasi-electrostatic field communication with the PK 22, it can communicate with other service systems 24-j via the network 21 to provide services to the users of the PK 22.

  Next, FIG. 8 is a block diagram showing a hardware configuration example of the PK 22 in FIG.

  A CPU (Central Processing Unit) 31 executes various processes according to a program stored in a ROM (Read Only Memory) 32 or a program loaded from a storage unit 38 to a RAM (Random Access Memory) 33. The RAM 33 also appropriately stores data necessary for the CPU 31 to execute various processes.

  The CPU 31, ROM 32, and RAM 33 are connected to each other via a bus 34. An input / output interface 35 is also connected to the bus 34.

  The input / output interface 35 includes an input unit 36 including a switch, a button, a touch panel, a microphone (microphone), and the like, and a dot matrix display, a speaker, a vibration motor, and the like. An output unit 37 for outputting information to be connected is connected. Further, the input / output interface 35 includes a storage unit 38 constituted by a hard disk or EEPROM (Electrically Erasable and Programmable Read Only Memory), a function of performing at least quasi-electrostatic field communication (the transmission terminal TX in FIGS. 3 and 6). A communication unit 39 having a function of the receiving terminal RX) is connected. In addition, the communication unit 39 may have a function of performing RF communication (electromagnetic wave communication), optical communication, communication via the network 21, and the like.

  A drive 40 is connected to the input / output interface 35 as necessary. For example, a removable medium 41 is mounted on the drive 40 as a recording medium on which a program for causing the CPU 31 to execute various processes described below is recorded. The program recorded on the removable medium 41 is read as necessary and installed in the storage unit 38.

  Next, FIG. 9 is a block diagram showing a hardware configuration example of the pBase 23 of FIG.

  The pBase 23 is configured in the same manner as the PK 22 shown in FIG. That is, the CPU 51 to the removable medium 61 in FIG. 9 correspond to the CPU 31 to the removable medium 41 in FIG. The function of each part is the same as in the case of FIG. 8, and detailed description thereof is omitted. However, the communication unit 59 has at least a function of performing communication via the network 21 instead of quasi-electrostatic field communication.

  The service system 24 has the same configuration as that shown in FIG. However, the communication unit 59 of the service system 24 has at least a function of performing quasi-electrostatic field communication and communication via the network 21.

  Next, FIG. 10 shows storage contents of the storage unit 38 of the PK 22.

  The storage unit 38 of the PK 22 stores at least a module group 71 as a program and a PMDB 72.

  The module group 71 includes a communication module 81 that is a program (module) executed by the CPU 31 of the PK 22 to receive a service provided from the service system 24, a user control permission input module 82, a permission item confirmation module 83, and an impersonation prevention module. 84, a PMD change module 85, and a DB access module 86.

  The communication module 81 performs communication by controlling the communication unit 39 of FIG. The user control permission input module 82 accepts designation of a user who is permitted to access the PMD. The permission item confirmation module 83 determines whether or not the PMD requested to be accessed from the service system 24 is accessible. The spoofing prevention module 83 prevents so-called spoofing of the service system 24. The PMD change module 85 that performs processing (spoofing prevention processing) controls PMD change. The DB access module 86 accesses the PMDB 72 based on commands (requests) from the user control permission input module 82 to the PMD change module 85, and reads or changes the PMD.

  The PMDB 72 is a database configured by PMD. In the PMDB 72, a directory corresponding to a service ID that is an ID (Identification) unique to the service system 24 (or a service provided by the service system 24) is configured, and a PMD is stored in each directory.

  In FIG. 10, a directory corresponding to service ID1, a directory corresponding to service ID2, and so on are configured.

  The directory corresponding to the service ID 1 stores access permission information, metadata A-1, metadata A-2, metadata A-3,... As PMD.

  The access permission information is information indicating whether or not the service system 24 can access the information stored in the directory, and is set by the user. The metadata A-1, metadata A-2, metadata A-3,... Are metadata used in the service system 24 corresponding to the service ID1, for example, a service system corresponding to the service ID1. Is a content server that provides content such as a movie or a TV program, the metadata A-1, metadata A-2, metadata A-3,... And metadata representing the program.

  In addition, the PMD includes a user ID for the service system 24 to identify the PK 22 (user), authentication information such as a secret word or encryption key required in the anti-spoofing process to be described later, and user preference information based on the viewed program Etc. are memorized.

  Similarly to the directory corresponding to service ID1, PMDs such as access permission information, metadata B-1, metadata B-2, metadata B-3,... Are also stored in the directory corresponding to service ID2. ing.

  Here, when the PK 22 uses the new service system 24, a directory corresponding to the service ID of the new service system 24 is generated in the PMDB 72, and necessary PMDs are stored in the directory.

  FIG. 11 shows the processing performed by the PK 22 and the service system 24 when the directory corresponding to the service ID of the new service system 24 is generated in the PMDB 72 of the PK 22, that is, the PK 22 corresponds to the new service system 24. It is an arrow chart (flowchart) which shows the process performed when registering service ID (initial registration).

  As described above, quasi-electrostatic field communication is performed between the PK 22 and the service system 24. Therefore, the communication between the PK 22 and the service system 24 is formed when the user carrying the PK 22 is close to the service system 24, that is, on the human body surface of the user carrying the PK 22. When the antenna 25 (FIG. 7) of the service system 24 is present in a space where the quasi-electrostatic field is dominant, conversely, the quasi-electrostatic field formed on the surface of the antenna 25 of the service system 24 dominates. This is performed when at least a part of the user's human body exists in the target space.

  First, in step S1, the service system 24 transmits a registration request, a service ID, and information representing metadata to be read and changed in the service system 24 to the PK 22, and in step S21, the service system 24 This is received by the communication module 81.

  Here, the metadata to be read and changed by the service system 24 (read-change target metadata) includes both metadata that the service system 24 only performs reference and metadata that changes the contents.

  Thereafter, in step S22, the communication module 81 of PK22 transfers the information received from the service system 24 to the permission item confirmation module 83, and the permission item confirmation module 83 receives information from the communication module 81 of PK22 in step S41. And proceeds to step S42.

  In step S42, the permission item confirmation module 83 presents the read change target metadata to the user based on the information received from the communication module 81. That is, for example, the content of the read change target metadata is displayed as characters or graphics on a dot matrix display or the like, or is read out by voice through a speaker.

  In step S43, the permission item confirmation module 83 outputs a confirmation request to the user control permission input module 82, and the user control permission input module 82 receives this in step S61. Then, in step S62, the user control permission input module 82 determines whether or not the user has denied access to the read change target metadata presented to the user in step S42. The signal is output to the communication module 81. In this case, the communication module 81 receives the rejection signal from the user control permission input module 82 in step S23, proceeds to step S24, and transmits the rejection signal to the service system 24.

  In step S2, the service system 24 receives the rejection signal from the communication module 81, and then the PK 22 and the service system 24 end the processing. In this case, the service ID corresponding to the service system 24 is not registered in the PK 22.

  On the other hand, if it is determined in step S62 that the user has not denied access to the read change target metadata presented in step S42, the process proceeds to step S63, where the user control permission input module 82 For each piece of data, for example, information such as “permit read and change” and “permit read only” is set. These pieces of information are stored in the PMDB 72 as access permission information (FIG. 10).

  Note that information such as “permit read and change” and “permit read only” for the read change target metadata is set based on user designation.

  In step S64, the user control permission input module 82 notifies the permission item confirmation module 83 that the access permission information has been set, and the permission item confirmation module 83 receives this notification in step S44. Then, the process proceeds to step S45. In step S45, the permission item confirmation module 83 transmits a confirmation code generation request to the spoofing prevention module 84, and the spoofing prevention module 84 receives the generation request in step S81.

  Upon receipt of the confirmation code generation request, the spoofing prevention module 84 proceeds from step S81 to S82, and generates a confirmation code.

  Here, the confirmation code is a code representing a spoofing prevention method when the PK 22 and the service system 24 perform the next communication. That is, a method for mutually confirming whether an unauthorized user or a third party who eavesdropped on communication is impersonating the PK 22 or the service system 24 by misrepresenting the user ID or the service ID. Is a confirmation code.

  As impersonation prevention methods, for example, authentication by secret words (password method), authentication by information encrypted by public key (public key method), authentication by information encrypted by common key (common key method), etc. are adopted. can do. The PK 22, the service system 24, or the user of the PK 22, for example, how much safety is required in the communication between the PK 22 and the service system 24, and how often to check for prevention of spoofing. In consideration of the security and simplicity of the encryption key management method, the amount of computation in encryption and decryption, etc., an optimal anti-spoofing method can be selected, and the anti-spoofing module 84 prevents the selected anti-spoofing Generate a verification code corresponding to the method. The spoofing prevention process will be described later with reference to FIGS.

  In step S82, when the spoofing prevention module 84 generates a confirmation code, the confirmation code is output to the communication module 81. The communication module 81 receives the confirmation code in step S25, and then proceeds to step S26. move on. In step S26, the communication module 81 transmits the confirmation code received in step S25 to the service system 24. In step S3, the service system 24 receives and stores the confirmation code from the communication module 81, and performs processing. finish.

  In addition to the confirmation code, the communication module 81 of the PK 22 also transmits to the service system 24 a user ID for the service system 24 to identify the PK 22 (user). The service system 24 stores the confirmation code from the communication module 81 in association with the user ID from the communication module 81.

  Here, the user ID may be in any format as long as the service system 24 can identify the PK 22 (user). Further, the user ID of the PK 22 may be different for each service system, and may be different for each service when a certain service system provides a plurality of services.

  On the other hand, the permission item confirmation module 83 transmits a confirmation code generation request to the spoofing prevention module 84 in step S45, and then proceeds to step S46 to send a service ID registration request to the DB access module 86 in step S41. Is output together with the service ID from the service system 24 received. In step S101, the DB access module 86 receives the service ID registration request and the service ID from the permission item confirmation module 83, proceeds to step S102, and executes a service ID registration process to be described later with reference to FIG. Exit.

  When the DB access module 86 executes the service ID registration process, the service ID from the service system 24 is registered in the PMDB 72 (FIG. 10), that is, a directory corresponding to the service ID is generated.

  As described above, when the service ID corresponding to the service system 24 is registered in the PK 22, the read change target metadata that is the PMD that the service system 24 requests to read or change is presented to the user, and the user's Based on the designation, metadata for “permit read and change” and metadata for “permit read only” are set, so that the user refers to the PMD (service system 24 refers to the service system 24). PMD) and the PMD that can be changed by the service system 24 can be limited.

  Therefore, for example, it is possible to prevent the PMD that the user does not want to be disclosed to the service system 24 without the user's knowledge, and the user can receive the service with peace of mind.

  Next, as described with reference to FIG. 11, when first communicating with the service system 24, the PK 22 registers the service ID of the service system 24 and generates a confirmation code. The service system 24 also stores the confirmation code generated by the PK 22 and the user ID of the PK 22 in association with each other when communicating with the PK 22 for the first time.

  After the service ID of the service system 24 is registered in the PK 22, when communicating with the service system 24 in order to receive provision of the service from the service system 24, based on the confirmation code generated when the service ID is registered. The spoofing prevention process can be performed.

  Similarly, in the service system 24, when the user ID of the PK 22 and the confirmation code are stored in association with each other and then communicated with the PK 22 in order to provide the service to the user of the PK 22, the correspondence with the user ID of the PK 22 A spoofing prevention process can be performed based on the attached confirmation code.

  Therefore, with reference to the arrow charts of FIG. 12 and FIG. 13, a spoofing prevention process performed when the PK 22 and the service system 24 communicate with each other will be described.

  FIG. 12 is an arrow chart for explaining the processing of the PK 22 and the service system 24 including the spoofing prevention processing using authentication by secret words.

  In the spoofing prevention process of FIG. 12, it is confirmed in PK22 that the service system 24 is not impersonated, and thereafter, in the service system 24, it is confirmed that the PK22 is not impersonated. Then, after the PK 22 and the service system 24 can confirm that they are not impersonating, the PMD is read or changed.

  Here, the secret word used in the authentication of FIG. 12 is, for example, a predetermined code. When the service ID of the service system 24 is registered, the PK 22 uses a password (service password) for authenticating the service system 24 and a password (PK password) for authenticating the PK 22 as passwords corresponding to the service ID. It is generated and stored in the PMDB 72. Further, the PK 22 transmits the service password and the PK password stored in the PMDB 72 to the service system 24 when registering the service ID. The service system 24 stores the service password from the PK 22 and the PK password in association with the user ID of the PK 22.

  First, in step S121, the service system 24 transmits the service ID stored in association with its service ID and the user ID of the PK 22 to the PK 22, and the communication module 81 of the PK 22 The service ID and service password from the service system 24 are received.

  Here, in step S121, the service system 24 has already received the user ID from the PK 22, and transmits the service password stored in association with the user ID to the PK 22.

  In step S142, the communication module 81 of the PK 22 transfers the service ID and service secret from the service system 24 received in step S141 to the spoofing prevention module 84, and the spoofing prevention module 84 receives this in step S171. The process proceeds to step S172.

  In step S172, the spoofing prevention module 84 executes a service ID matching process to be described later with reference to FIG. 15, and proceeds to step S173 to associate the DB access module 86 with the service ID from the service system 24. The service password and PK password stored in the PMDB 72 and the request for the user ID are notified. In step S191, the DB access module 86 receives the request from the spoofing prevention module 84, and proceeds to step S192.

  In step S 192, the DB access module 86 reads the service password and the PK password requested from the spoofing prevention module 84 and the user ID from the PMDB 72, and outputs them to the spoofing prevention module 84.

  In step S174, the spoofing prevention module 84 receives the service password and the PK password and the user ID from the DB access module 86, and proceeds to step S175. In step S175, the spoofing prevention module 84 compares the service password from the service system 24 with the service password stored in the PMDB 72 (the service password received in step S174) and determines whether they match.

  If it is determined in step S175 that the service password from the service system 24 does not match the service password stored in the PMDB 72, the spoofing prevention module 84 determines that the service system 24 may be impersonated. The communication module 81 outputs a rejection signal indicating communication rejection.

  In step S143, the communication module 81 receives the rejection signal from the spoofing prevention module 84, proceeds to step S144, and transmits the rejection signal to the service system 24. Then, the service system 24 receives the rejection signal from the communication module 81 in step S122.

  As described above, the PK 22 rejects the access from the service system 24 after transmitting the rejection signal to the service system 24. That is, the PK 22 refuses communication with the service system 24.

  On the other hand, if it is determined in step S175 that the service passwords match, the process proceeds to step S176, and the spoofing prevention module 84 determines that the service system 24 is not impersonated and corresponds to the user ID and the service ID of the service system 24 in the PMDB 72. The stored PK secret (PK secret received in step S174) is output to the communication module 81.

  In step S145, the communication module 81 receives the user ID and PK password from the spoofing prevention module 84, proceeds to step S146, and transmits the user ID and PK password to the service system 24.

  In step S123, the service system 24 receives the user ID and the PK secret from the PK 22 (the communication module 81), and proceeds to step S124. In step S124, the service system 24 compares the PK password stored in association with the user ID from the PK 22 with the PK password from the PK 22 (the PK password received in step S123), and whether or not they match. Determine.

  If it is determined in step S124 that the PK secret words do not match, the service system 24 transmits to the PK 22 a rejection signal indicating the rejection of communication, assuming that the PK 22 may be spoofed. In PK 22, the spoofing prevention module 84 receives a rejection signal from the service system 24 via the communication module 81 in step S 177.

  As described above, after transmitting the rejection signal to the PK 22, the service system 24 rejects the access from the PK 22. That is, the service system 24 refuses communication with the PK 22.

  On the other hand, if it is determined in step S124 that the PK secret words match, the service system 24 determines that the PK 22 is not impersonated and proceeds to step S125 to transmit a PMD read request to the PK 22. To do.

  The communication module 81 of the PK 22 receives the read request from the service system 24 in step S147, proceeds to step S148, and outputs the read request to the DB access module 86.

  In step S193, the DB access module 86 receives the read request from the communication module 81, and proceeds to step S194. The PMD requested by the read request corresponds to the service ID of the service system 24 of the PMDB 72. Read from directory.

  Here, in step S194, the DB access module 86 indicates whether or not the PMD requested by the read request is permitted to be read by referring to the access permission information (FIG. 10) of the directory corresponding to the service ID of the service system 24. Only PMDs that are permitted to be read out of the PMDs requested by the read request are read out from the PMDB 72.

  Thereafter, the process proceeds to step S195, and the DB access module 86 outputs the PMD read from the PMDB 72 to the communication module 81. The communication module 81 receives the PMD in step S149, and proceeds to step S150.

  In step S150, the communication module 81 transmits the PMD received in step S149 to the service system 24. The service system 24 receives the PMD in step S126, and proceeds to step S127.

  In step S127, the service system 24 executes various processes (service corresponding processes) based on the PMD received from the PK 22 in step S126. If it is necessary to change the PMD from the PK 22 as a result of the service corresponding process in step S127, the service system 24 proceeds to step S128, changes the PMD from the PK 22, and transmits the PMD to the PK 22.

  The communication module 81 of the PK 22 receives the PMD from the service system 24 in step S151, proceeds to step S152, and outputs the PMD to the DB access module 86.

  In step S196, the DB access module 86 receives the PMD from the communication module 81, that is, the PMD changed by the service system 24, proceeds to step S197, and determines whether or not the PMD change is permitted. The access permission information of the directory corresponding to the service ID of the service system 24 in FIG. Further, in step S197, the DB access module 86 changes the PMD of the PMDB 72 corresponding to the PMD changed by the service system 24, which is allowed to be changed, according to the PMD changed by the service system 24. (PMD is updated) and the process is terminated.

  As described above, the PK 22 confirms the impersonation of the service system 24 based on the consistency of the service password, and the service system 24 confirms the spoofing of the PK 22 based on the consistency of the PK password. It can be performed.

  In the above case, the consistency of the service password is confirmed in PK22, and then the consistency of the PK password is confirmed in the service system 24. First, in the service system 24, the PK password is confirmed. It is also possible to confirm the coincidence of service secret words at PK22.

  Next, FIG. 13 is an arrow chart for explaining processing of the PK 22 and the service system 24 including spoofing prevention processing using authentication based on information encrypted with a public key.

  In the spoofing prevention process of FIG. 13, it is confirmed that the service system 24 is not impersonated in the PK 22, and thereafter, the service system 24 confirms that the PK 22 is not impersonated. Then, after the PK 22 and the service system 24 can confirm that they are not impersonating, the PMD is read or changed.

  It is assumed that the PK 22 and the service system 24 have a function of performing information encryption or decryption processing using a public key encryption algorithm such as RSA (Rivest, Shamir, Adeleman), for example.

  When the service ID of the service system 24 is registered in the PK 22, the public key of the service system 24 is acquired from the service system 24, for example, in the PK 22, and is associated with the service ID of the service system 24. It is assumed that it is stored in Similarly, in the service system 24, it is assumed that the public key of the PK 22 is acquired from the PK 22 and stored in association with the user ID of the PK 22.

  Further, it is assumed that each of the PK 22 and the service system 24 stores its own secret key.

  First, in step S211, the service system 24 transmits its own service ID to the PK 22. In step S241, the communication module 81 of the PK 22 receives the service ID from the service system 24, proceeds to step S242, and transfers the service ID to the spoofing prevention module 84.

  In step S281, the spoofing prevention module 84 receives the service ID from the service system 24 transferred from the communication module 81, proceeds to step S282, and executes a service ID matching process to be described later with reference to FIG. Then, the process proceeds to step S283.

  In step S283, the spoofing prevention module 84 notifies the DB access module 86 of a request for a public key corresponding to the user ID, the private key of the PK 22, and the service ID of the service system 24. The DB access module 86 In step S311, the request is received.

  Then, the DB access module 86 proceeds to step S312, and reads the user ID requested from the spoofing prevention module 84, the private key of the PK 22, and the public key corresponding to the service ID of the service system 24 from the PMDB 72 to prevent spoofing. Supply to module 84.

  In step S284, the spoofing prevention module 84 receives the user ID from the DB access module 86, the private key of the PK 22, and the public key corresponding to the service ID of the service system 24 (public key of the service system 24), and step S285. Proceed to

  In step S285, the spoofing prevention module 84 generates a so-called challenge code for authenticating the service system 24. Further, in step S285, the spoofing prevention module 84 encrypts the challenge code with the public key of the service system 24, and outputs the resulting encrypted challenge code together with the user ID to the communication module 81.

  In step S243, the communication module 81 receives the encryption challenge code and the user ID from the spoofing prevention module 84, proceeds to step S244, and transmits the encryption challenge code and the user ID to the service system 24.

  In step S212, the service system 24 receives the encryption challenge code and the user ID from the PK 22 (the communication module 81 thereof), and proceeds to step S213.

  In step S213, the service system 24 decrypts the encrypted challenge code from the PK 22 into the challenge code using its own secret key. In step S213, the service system 24 uses the challenge code as a so-called response code, and stores the response code in association with the user ID received from the PK 22 in step S212 (the public key of the PK 22). ) And the encrypted response code obtained as a result is transmitted to the PK 22.

  The communication module 81 of the PK 22 receives the encrypted response code from the service system 24 in step S245, proceeds to step S246, and outputs the encrypted response code to the spoofing prevention module 84.

  In step S286, the spoofing prevention module 84 receives the encrypted response code from the communication module 81, decrypts the encrypted response code into a response code using its own secret key, and proceeds to step S287.

  In step S287, the spoofing prevention module 84 compares the response code with the challenge code generated in step S285, and determines whether the challenge code and the response code match.

  If it is determined in step S287 that the challenge code and the response code do not match, the spoofing prevention module 84 indicates to the communication module 81 that the service system 24 is impersonating, and indicates that the communication module 81 is denied communication. Notify the rejection signal.

  In step S247, the communication module 81 receives the rejection signal from the spoofing prevention module 84, proceeds to step S248, and transmits the rejection signal to the service system 24. Then, the service system 24 receives the rejection signal from the communication module 81 in step S214.

  As described above, the PK 22 rejects the access from the service system 24 after transmitting the rejection signal to the service system 24. That is, the PK 22 refuses communication with the service system 24.

  On the other hand, if it is determined in step S287 that the challenge code and the response code match, the process proceeds to step S288, and the spoofing prevention module 84 displays an OK code indicating that the service system 24 has not been spoofed, as a communication module. The data is transmitted to the service system 24 via 81.

  In step S215, the service system 24 receives the OK code from the PK 22, proceeds to step S216, and generates a challenge code for authenticating the PK 22. Further, in step S216, the service system 24 encrypts the challenge code with the public key (PK22 public key) stored in association with the user ID of PK22, and the encrypted challenge code obtained as a result is Transmit to PK22.

  In step S249, the communication module 81 of the PK 22 receives the encryption challenge code from the service system 24, proceeds to step S250, and outputs the encryption challenge code to the spoofing prevention module 84.

  In step S289, the spoofing prevention module 84 receives the encryption challenge code from the communication module 81, and proceeds to step S290. In step S290, the spoofing prevention module 84 decrypts the encrypted challenge code received in step S289 into a challenge code using the PK22 private key obtained in step S284. Further, in step S290, the spoofing prevention module 84 uses the challenge code obtained as a result of decryption by the private key of the PK 22 as a response code, and stores the response code in association with the service ID of the service system 24. Encryption is performed with the key (the public key of the service system 24 obtained in step S284), and the encrypted response code obtained as a result is output to the communication module 81.

  In step S251, the communication module 81 receives the encrypted response code from the spoofing prevention module 84, proceeds to step S252, and transmits the encrypted response code to the service system 24.

  In step S217, the service system 24 receives the encrypted response code from the PK 22 (the communication module 81), decrypts the encrypted response code with the own secret key, and proceeds to step S218. .

  In step S218, the service system 24 compares the response code decrypted in step S217 with the challenge code generated in step S216, and determines whether or not they match.

  If it is determined in step S218 that the challenge code and the response code do not match, the service system 24 transmits a rejection signal indicating communication rejection to the PK 22, assuming that the PK 22 may be impersonated. To do.

  In step S253, the communication module 81 of PK22 of PK22 receives the rejection signal from the service system 24, proceeds to step S254, and transmits the rejection signal to the spoofing prevention module 84. In step S291, the spoofing prevention module 84 receives a rejection signal from the communication module 81 and ends the process.

  As described above, after transmitting the rejection signal to the PK 22, the service system 24 rejects the access from the PK 22. That is, the service system 24 refuses communication with the PK 22.

  On the other hand, if it is determined in step S218 that the challenge code and the response code match, that is, if mutual authentication is successful between the PK 22 and the service system 24, the service system 24 may confirm that the PK 22 is not impersonated. If so, the process proceeds to step S219, and a PMD read request is transmitted to the PK22.

  The communication module 81 of the PK 22 receives the read request from the service system 24 in step S255, proceeds to step S256, and outputs the read request to the DB access module 86.

  In step S313, the DB access module 86 receives the read request from the communication module 81, and proceeds to step S314. The PMD requested by the read request corresponds to the service ID of the service system 24 of the PMDB 72. Read from directory.

  Here, in step S314, as in the case of step S194 in FIG. 12, the DB access module 86 corresponds to the service ID of the service system 24 whether or not the PMD requested by the read request is permitted. The access permission information (FIG. 10) of the directory to be checked is confirmed, and only PMDs that are permitted to be read out of the PMDs requested by the read request are read from the PMDB 72.

  Thereafter, the process proceeds to step S315, and the DB access module 86 outputs the PMD read from the PMDB 72 to the communication module 81. The communication module 81 receives the PMD in step S257, and proceeds to step S258.

  In step S258, the communication module 81 transmits the PMD received in step S257 to the service system 24. The service system 24 receives the PMD in step S220, and proceeds to step S221.

  In step S221, the service system 24 executes various processes as service corresponding processes based on the PMD received from the PK 22 in step S220. If it is necessary to change the PMD from the PK 22 as a result of the service handling process in step S221, the service system 24 proceeds to step S222, changes the PMD from the PK 22, and transmits the PMD to the PK 22.

  The communication module 81 of the PK 22 receives the PMD from the service system 24 in step S259, proceeds to step S260, and outputs the PMD to the DB access module 86.

  In step S316, the DB access module 86 receives the PMD from the communication module 81, that is, the PMD changed by the service system 24. Then, the DB access module 86 proceeds to step S317 and determines whether or not the PMD change is permitted. The access permission information of the directory corresponding to the service ID of the service system 24 in FIG. Further, in step S317, the DB access module 86 changes the PMD of the PMDB 72 corresponding to the PMD changed by the service system 24, which is allowed to be changed, according to the PMD changed by the service system 24. (PMD is updated) and the process is terminated.

  As described above, the PK 22 and the service system 24 can provide a safe service even when authentication is performed using a so-called challenge and response method.

  In the above case, the PK 22 first authenticates the service system 24, and then the service system 24 authenticates the PK 22, but the service system 24 first authenticates the PK 22. After that, it is possible to authenticate the service system 24 at the PK 22.

  In the above case, the challenge code and response code are encrypted / decrypted using the public key method, but the challenge code and response code can also be encrypted / decrypted using the common key method. It is.

  Furthermore, in FIG. 12 or FIG. 13, in communication between the PK 22 and the service system 24 after successful mutual authentication, information is encrypted and exchanged using, for example, a public key method. That is, in the communications in steps S126 and S150 in FIG. 12, the communications in steps S128 and S151, the communications in steps S220 and S258 in FIG. 13, and the communications in steps S222 and S259, information is encrypted and exchanged. .

  Next, details of the service ID registration process in step S102 of FIG. 11 will be described with reference to FIG.

  Here, in the following, it is assumed that, for example, URI (Uniform Resource Identifiers) is adopted as the service ID of the service system 24.

  First, in step S331, the DB access module 86 determines whether mask information is set.

  Here, the mask information is information for masking a part of the URI, and can be set in advance by the user, for example.

  The URI is composed of, for example, a scheme name, a host name, a port number, and a path name. In the URI, the port number can be omitted.

  The URI with the port number omitted is described as “http: //aaa.bbb.ccc/ddd”, for example. In this URI “http: //aaa.bbb.ccc/ddd”, http is the scheme name, aaa.bbb.ccc is the host name, and ddd is the path name.

  For example, when a certain service provider operates a plurality of service systems 24, when permitting reading or changing the same PMD for any of the plurality of service systems 24, the plurality of the service systems 24 is used in the PK 22. It is troublesome to register the service ID of each service system 24 separately. Furthermore, in this case, it is not necessary to distinguish each of the plurality of service systems 24 in the PK 22.

  On the other hand, when the URI is adopted as the service ID of the service system 24, the scheme name and host name (for example, “http: //aaa.bbb”) among the URIs of the plurality of service systems 24 operated by the same service provider. .ccc "), or a part of the scheme name and host name (for example," http: //aaa.bbb ") is generally the same.

  In this case, a plurality of service systems 24 operated by the same service provider can be specified by a scheme name and a host name or a part of the scheme name and the host name in the URI.

  The mask information masks a part of the URI excluding the scheme name and host name, or a part of the scheme name and host name, which can be specified without distinguishing a plurality of service systems 24 operated by the same service provider. Set to do.

  If it is determined in step S331 that the mask information is set, the process proceeds to step S332, and the DB access module 86 determines a part of the URI as the service ID received in step S101 of FIG. 11 according to the mask information. The URI masked by the mask information is registered in the PMDB 72 as a service ID, and the process proceeds to step S334. That is, the DB access module 86 generates a directory whose directory name is the URI masked by the mask information in the PMDB 72, for example.

  If it is determined in step S331 that the mask information is not set, the process proceeds to step S333, and the DB access module 86 registers the URI as the service ID received in step S101 of FIG. 11 in the PMDB 72 as it is. Then, the process proceeds to step S334. That is, the DB access module 86 generates, for example, a directory in the PMDB 72 with the URI as the service ID received in step S101 of FIG. 11 as the directory name.

  In step S334, the DB access module 86 stores the PMD, which is the read change target metadata represented by the information transmitted by the service system 24 in step S1 of FIG. 11, in the directory generated in step S332 or S333, End the service ID registration process.

  Next, details of the service ID matching process performed by the spoofing prevention module 84 in step S172 of FIG. 12 or step S282 of FIG. 13 will be described with reference to FIG.

  In step S351, the spoofing prevention module 84 uses the first service ID registered in the PMDB 72 (FIG. 10) as the attention service ID, the attention service ID, and the service received in S171 of FIG. 12 or S281 of FIG. The URI that is the service ID from the system 24 (URI of the service system 24) is compared from the first character, and the process proceeds to step S352.

  Here, the spoofing prevention module 84 acquires the service ID registered in the PMDB 72 (FIG. 10) via the DB access module 86.

  In step S352, the spoofing prevention module 84 compares the URI of the service system 24 with the service ID of interest from the first character, and as a result, whether the URI has a portion that matches the service ID of interest from the first character. Determine if.

  If it is determined in step S352 that the URI of the service system 24 has a portion that matches the service ID of interest, the process proceeds to step S353, and the spoofing prevention module 84 sets the service ID of interest as a service ID that identifies the service system 24. Recognize and end the service ID matching process.

  If it is determined in step S352 that the URI of the service system 24 does not have a portion that matches the service ID of interest, the process proceeds to step S354, where the spoofing prevention module 84 stores all service IDs registered in the PMDB 72. It is determined whether the service ID is compared with the URI of the service system 24 as the service ID of interest.

  If it is determined in step S354 that all the service IDs registered in the PMDB 72 have not yet been set as the service IDs of interest, the process proceeds to step S355, where the spoofing prevention module 84 includes the service IDs registered in the PMDB 72. One of the service IDs that have not yet been set as the service ID of interest is set as a new service ID of interest, and compared with the URI of the service system 24 as in step S351. Then, the process proceeds to step S352, and the same processing is repeated thereafter.

  On the other hand, if it is determined in step S354 that all service IDs registered in the PMDB 72 are the service IDs of interest, that is, if a service ID that matches the URI of the service system 24 is not registered in the PMDB 72, In step S356, the spoofing prevention module 84 notifies the service system 24 of rejection of service provision via the communication module 81, and ends the service ID matching process.

  As described above, in step S356, the service system 24 is notified of service refusal, and the service ID matching process in step S172 in FIG. 12 or step S282 in FIG. In FIG. 12 or FIG. 13, the subsequent processing is not performed.

  Next, referring to FIG. 16, the exchange of PMDs by the PK 22, the pBase 23, and the service system 24 will be described.

  As described above, the PK 22 can communicate with the pBase 23 via the network 21 using the service point 24 as an access point.

  As shown at the top of FIG. 16, by performing communication between PK22 and pBase23, the PMD stored in PK22 is compared with the PMD stored in pBase23, and PMD synchronization is performed. be able to. According to this PMD synchronization, for example, when the contents of the PMD of the PK 22 are updated, the PMD of the pBase 23 is also updated in the same manner. Details of PMD synchronization will be described later.

  For example, the pBase 23 can store PMDs that cannot be stored in the PK 22. In this case, as shown second from the top in FIG. 16, the service system 24 can provide a service to the user of the PK 22 with reference to the PMD of the pBase 23.

  Furthermore, as shown at the bottom of FIG. 16, by performing communication between the pBase 23 and the service system 24 via the network 21, the PMD is provided from the pBase 23 to the service system 24. A service corresponding to the PMD can be received from the service system 24.

  Next, the flow of processing between the pBase 23 and the service system 24 shown at the bottom of FIG. 16 will be described with reference to FIGS.

  In FIG. 17, it is assumed that the same PMDB 72 stored in the PK 22 (the user) is stored in the pBase 23. Further, as the spoofing prevention process performed with the service system 24, FIG. The process using the authentication by the secret password explained in the above is adopted.

  In FIG. 17, it is assumed that the pBase 23 stores the PK secret, the service system secret, the user ID of the PK 22, and the service ID of the service system 24 in the same manner as the PK 22 described in FIG. 12.

  First, in step S371, the service system 24 transmits the service ID stored in association with its service ID and the user ID of the PK 22 to the pBase 23. The pBase 23 receives the service password from the service system 24 in step S391. Receive the service ID and service secret.

  Here, in step S371, the service system 24 has already received the user ID of PK22 from PK22 or pBase23, and transmits the service password stored in association with the user ID to pBase23.

  In step S392, the pBase 23 executes the service ID matching process described with reference to FIG. 15 using the service ID from the service system 24 received in step S391, and proceeds to step S393.

  In step S393, the pBase 23 recognizes the service password and the PK password stored in association with the service ID from the service system 24, and receives the service password from the service system 24 and the service password stored by itself. By comparing, it is determined whether they match.

  If it is determined in step S393 that the service password from the service system 24 and the service password stored by itself (the service password stored in association with the service ID from the service system 24) do not match, The pBase 23 determines that there is a possibility that the service system 24 is impersonating, and outputs a rejection signal indicating rejection of communication to the service system 24.

  In step S372, the service system 24 receives the rejection signal from the pBase 23.

  As described above, the pBase 23 rejects the access from the service system 24 after transmitting the reject signal to the service system 24. That is, the pBase 23 refuses communication with the service system 24.

  On the other hand, if it is determined in step S393 that the service passwords match, the process proceeds to step S394, and the pBase 23 stores the service system 24 in association with the user ID of the PK 22 and the service ID of the service system 24, assuming that the service system 24 is not impersonated. The PK password being sent is transmitted to the service system 24.

  In step S373, the service system 24 receives the user ID and PK secret from the pBase 23, and proceeds to step S374. In step S374, the service system 24 compares the PK password stored in association with the user ID from the pBase 23 and the PK password from the pBase 23 (PK password received in step S373), and determines whether or not they match. Determine.

  If it is determined in step S374 that the PK secret words do not match, the service system 24 transmits to the pBase 23 a rejection signal indicating that communication is rejected because there is a possibility that the pBase 23 is impersonating. In step S395, the pBase 23 receives a rejection signal from the service system 24.

  As described above, the service system 24 rejects access from the pBase 23 after transmitting the reject signal to the pBase 23. That is, the service system 24 refuses communication with the pBase 23.

  On the other hand, if it is determined in step S374 that the PK secret words match, the service system 24 proceeds to step S375 and transmits a PMD read request to pBase 23, assuming that pBase 23 is not impersonated. To do.

  In step S396, the pBase 23 receives the read request from the service system 24, proceeds to step S397, and reads the PMD requested by the read request.

  Here, in step S397, the pBase 23 confirms whether or not the PMD requested by the read request is permitted to be read as in step S194 of FIG. 12, and the PMD requested by the read request is confirmed. Only PMDs that are allowed to be read are read.

  Thereafter, the process proceeds to step S398, and the pBase 23 transmits the PMD read from itself to the service system 24. In step S376, the service system 24 receives the PMD and proceeds to step S377.

  In step S377, the service system 24 executes various processes (service corresponding processes) based on the PMD received from the pBase 23 in step S376. If it is necessary to change the PMD from the pBase 23 as a result of the service corresponding process in Step S377, the service system 24 proceeds to Step S378, changes the PMD from the pBase 23, and transmits the PMD to the pBase 23.

  In step S399, the pBase 23 receives the PMD from the service system 24, proceeds to step S400, and indicates whether or not the change of the PMD is permitted, the access permission information of the directory corresponding to the service ID of the service system 24 ( Confirm by referring to FIG. Furthermore, in step S400, the pBase 23 changes the PMD that is permitted to be changed by the service system 24 among the PMDs stored in the pBase 23 that correspond to the PMD changed by the service system 24. Change according to the PMD (update the PMD) and end the process.

  As described above, in pBase23, while checking the spoofing of the service system 24 based on the consistency of the service password, and in the service system 24, checking the spoofing of the pBase23 based on the consistency of the PK password, it is possible to provide a safe service It can be performed.

  In the above case, the consistency of the service password is confirmed in the pBase 23, and then the consistency of the PK password is confirmed in the service system 24. First, the PK password is confirmed in the service system 24. It is also possible to confirm the coincidence of the service password in the pBase 23.

  Next, another example of the flow of processing between the pBase 23 and the service system 24 at the bottom of FIG. 16 will be described with reference to FIG.

  Also in FIG. 18, it is assumed that the same PMDB 72 stored in the PK 22 is stored in the pBase 23 as in the case of FIG. 17.

  Also, in FIG. 18, it is assumed that authentication by information encrypted with a public key is adopted as the spoofing prevention process performed with the service system 24 as in the case of FIG.

  Furthermore, in FIG. 18, it is assumed that the pBase 23 and the service system 24 have a function of executing information encryption or decryption processing using, for example, a public key encryption algorithm. It is assumed that the secret key for the key is stored, and the service system 24 stores the secret key for its own public key. In pBase 23, the public key of the service system 24 is stored in association with the service ID of the service system 24. In the service system 24, the public key of PK 22 is stored in association with the user ID of PK 22. It shall be.

  First, in step S <b> 421, the service system 24 transmits its service ID to the pBase 23. In step S451, the pBase 23 receives the service ID from the service system 24, proceeds to step S452, executes the service ID matching process described with reference to FIG. 15 using the service ID, and proceeds to step S453. move on.

  In step S453, the pBase 23 recognizes the user ID and secret key of the PK 22 and the public key corresponding to the service ID of the service system 24, and generates a challenge code for authenticating the service system 24. Furthermore, in step S453, the pBase 23 encrypts the challenge code with the public key of the service system 24, and transmits the encrypted challenge code obtained as a result to the service system 24 together with the user ID.

  In step S422, the service system 24 receives the encryption challenge code and the user ID from the pBase 23, and proceeds to step S423.

  In step S423, the service system 24 decrypts the encrypted challenge code from the pBase 23 into the challenge code using its own secret key. In step S423, the service system 24 uses the challenge code as a response code, and stores the response code in association with the user ID received from the pBase 23 in step S422 (public key of PK22). And the encrypted response code obtained as a result is transmitted to pBase23.

  In step S454, the pBase 23 receives the encrypted response code from the service system 24, proceeds to step S455, and decrypts the encrypted response code into the response code using the secret key of the PK22. In step S455, the pBase 23 compares the response code with the challenge code generated in step S453, and determines whether the challenge code and the response code match.

  If it is determined in step S455 that the challenge code and the response code do not match, the pBase 23 transmits to the service system 24 a refusal signal indicating refusal of communication, assuming that the service system 24 may be impersonating. . In step S424, the service system 24 receives a rejection signal from the pBase 23.

  As described above, the pBase 23 rejects the access from the service system 24 after transmitting the reject signal to the service system 24. That is, the pBase 23 refuses communication with the service system 24.

  On the other hand, if it is determined in step S455 that the challenge code and the response code match, the process proceeds to step S456, and the pBase 23 transmits an OK code indicating that the service system 24 has not been impersonated to the service system 24. To do.

  In step S425, the service system 24 receives the OK code from the pBase 23, proceeds to step S426, and generates a challenge code for authenticating the pBase 23. Further, in step S426, the service system 24 encrypts the challenge code with the public key (PK22 public key) stored in association with the user ID of PK22, and the encrypted challenge code obtained as a result is Send to pBase23.

  In step S457, the pBase 23 receives the encrypted challenge code from the service system 24, proceeds to step S458, and decrypts the encrypted challenge code into the challenge code with the secret key of the PK22. Further, in step S458, the pBase 23 uses the challenge code obtained as a result of decryption with the private key of the PK 22 as a response code, and stores the response code in association with the service ID of the service system 24 (service The encrypted response code obtained as a result of the encryption is transmitted to the service system 24.

  In step S427, the service system 24 receives the encrypted response code from the pBase 23, decrypts the encrypted response code into the response code using its own private key, and proceeds to step S428.

  In step S428, the service system 24 compares the response code decrypted in step S427 with the challenge code generated in step S426, and determines whether or not they match.

  If it is determined in step S428 that the challenge code and the response code do not match, the service system 24 transmits a rejection signal indicating communication rejection to the pBase 23, assuming that the pBase 23 may be impersonated. To do.

  In step S459, the pBase 23 receives the rejection signal from the service system 24 and ends the process.

  As described above, the service system 24 rejects access from the pBase 23 after transmitting the reject signal to the pBase 23. That is, the service system 24 refuses communication with the pBase 23.

  On the other hand, if it is determined in step S428 that the challenge code and the response code match, that is, if mutual authentication is successful between the pBase 23 and the service system 24, the service system 24 may confirm that the pBase 23 is not impersonated. As a result, the process proceeds to step S429, and a PMD read request is transmitted to pBase23.

  In step S460, the pBase 23 receives the read request from the service system 24, proceeds to step S461, and reads the PMD requested by the read request.

  Here, in step S461, the pBase 23 checks whether or not the PMD requested by the read request is permitted, as in step S194 of FIG. 12, and checks the PMD requested by the read request. Only PMDs that are allowed to be read are read.

  Thereafter, the process proceeds to step S462, and the pBase 23 transmits the PMD read from itself to the service system 24. In step S430, the service system 24 receives the PMD, and proceeds to step S431.

  In step S431, the service system 24 executes various processes as service corresponding processes based on the PMD received from the pBase 23 in step S430. If it is necessary to change the PMD from the pBase 23 as a result of the service corresponding process in Step S431, the service system 24 proceeds to Step S432, changes the PMD from the pBase 23, and transmits the PMD to the pBase 23.

  In step S463, the pBase 23 receives the PMD from the service system 24, proceeds to step S464, and indicates whether or not the change of the PMD is permitted, the access permission information (in the directory corresponding to the service ID of the service system 24) ( Confirm by referring to FIG. Furthermore, in step S464, the pBase 23 changes the PMD that is permitted to be changed by the service system 24 among the PMDs stored in the pBase 23 that correspond to the PMD changed by the service system 24. Change according to the PMD (update the PMD) and end the process.

  As described above, the pBase 23 and the service system 24 can provide a safe service even when authentication is performed by a so-called challenge and response method.

  In the above-described case, the service system 24 is authenticated first in the pBase 23, and then the authentication of the pBase 23 is performed in the service system 24. However, in the service system 24, the authentication of the pBase 23 is performed first. After that, the service system 24 can be authenticated in the pBase 23.

  In the above case, the challenge code and response code are encrypted / decrypted using the public key method, but the challenge code and response code can also be encrypted / decrypted using the common key method. It is.

  Furthermore, in FIG. 17 or FIG. 18, in communication between the pBase 23 and the service system 24 after successful mutual authentication, information is encrypted and exchanged using, for example, a public key method. That is, in the communication in steps S376 and S398 in FIG. 17, the communication in steps S378 and S399, the communication in steps S430 and S462 in FIG. 18, and the communication in steps S432 and S463, information is encrypted and exchanged. .

  Next, FIG. 19 to FIG. 21 show examples of the contents of the PMD.

  The PMD is a set of metadata associated with a service ID, and includes a property (attribute) that is identification information of the metadata and a content (attribute value) of the property.

  In FIG. 19, “name”, “spoofing prevention method”, “service public key”, “PK private key”, “action”, and “program preference information” are provided as metadata attributes.

  For example, when the PMD (metadata) in FIG. 19 is associated with service ID1, the attribute “name” indicates the user ID provided to the service system 24 corresponding to service ID1, and in FIG. The attribute value is “foo”.

  In FIG. 19, an attribute “spoofing prevention method” indicates a method of anti-spoofing processing performed with the service system 24 corresponding to the service ID 1, and the attribute value is “public key method”.

  Here, when the process of FIG. 11 is performed between the PK 22 and, for example, the service system 24 corresponding to the service ID 1, and a code representing “public key method” is generated as a confirmation code in step S82. As shown in FIG. 19, the attribute value of the attribute “spoofing prevention method” is “public key method”.

  In FIG. 19, since the attribute value of the attribute “spoofing prevention method” is “public key method”, an attribute “service public key” indicating a key used for encryption / decryption of the public key method and “PK private key” is provided in PMD.

  That is, the attribute “service public key” indicates the public key of the service system 24 corresponding to the service ID 1, and in FIG. 19, the public key data of the service system 24 is described as the attribute value.

  The attribute “PK private key” indicates the private key of PK 22, and in FIG. 19, the data of the private key of PK 22 is described as the attribute value.

  The attribute “action” indicates a program that is executed when a service from the service system 24 corresponding to the service ID 1 is received. As the attribute value, for example, an executable file (name) of the program is described.

  The attribute “program preference information” indicates user preference information used when receiving a service from the service system 24 corresponding to the service ID 1. In FIG. 19, the attribute value is “sport 10, variety 7, music”. 5, other 3 "are described.

  The access permission information is information for controlling access to the attribute value of each attribute, and a control code configured with a predetermined number of bits is set as the access permission information for each attribute.

  When attention is paid to a certain attribute, in the control code for the attribute of interest (target attribute), for example, according to the first bit, the service system 24 corresponding to service ID 1 reads the attribute value of the target attribute. Whether to allow or not is set. Further, according to the second bit, whether or not the attribute value of the attribute of interest can be changed by the service system 24 corresponding to the service ID 1 is set. Further, according to the third bit, whether or not the attribute value of the attribute of interest can be read by other than the service system 24 corresponding to the service ID 1 is set, and according to the fourth bit, the service corresponding to the service ID 1 is set. Whether or not the attribute value of the attribute of interest can be changed by other than the system 24 is set.

  In addition, the control code can be provided with a bit for setting whether to execute the program.

  Next, in FIG. 20, “name”, “spoofing prevention method”, “common key”, “action”, and “program preference information” are provided as metadata attributes. In FIG. 21, “name”, “spoofing prevention method”, “service secret”, “PK secret”, “action”, and “program preference information” are provided as metadata attributes.

  20 and 21, the same attribute values as those in FIG. 19 are described for the attributes “name”, “action”, and “program preference information”. 20 and 21, the access permission information (control code) is the same as that in FIG.

  In FIG. 20, the attribute value of the attribute “spoofing prevention method” is “common key method”. When the process of FIG. 11 is performed between the PK 22 and, for example, the service system 24 corresponding to the service ID 1, and a code representing the “common key method” is generated as a confirmation code in step S82, FIG. As shown in the above, the attribute value of the attribute “spoofing prevention method” is “common key method”.

  In FIG. 20, since the attribute value of the attribute “spoofing prevention method” is “common key method”, the attribute “common key” representing the key used for encryption / decryption of the common key method is PMD. Is provided.

  That is, the attribute “common key” indicates a common key (secret key) used in common key encryption / decryption. In FIG. 20, the data of the common key is described as the attribute value.

  On the other hand, in FIG. 21, the attribute value of the attribute “spoofing prevention method” is “password method”. When the process of FIG. 11 is performed between the PK 22 and the service system 24 corresponding to, for example, the service ID 1, and in step S82, a code representing the “password method” is generated as a confirmation code, FIG. As shown, the attribute value of the attribute “spoofing prevention method” is “password method”.

  In FIG. 21, since the attribute value of the attribute “spoofing prevention method” is “password method”, the attributes “service password” and “PK password” representing the password used for authentication in the password method are displayed. It is provided in PMD.

  In FIG. 21, the service password data described above is described as the attribute value of the attribute “service password”, and the PK password data described above is described as the attribute value of the attribute “PK password”.

  Next, a PMD update process for updating the PMD will be described with reference to FIG.

  For example, when the content viewing service is provided by the service system 24, the PMD update process of FIG. 22 is executed by the service system 24 as one of the service corresponding processes of step S127 of FIG. 12 or step S221 of FIG. Is done.

  Here, for example, a PMD including “program preference information” as shown in FIGS. 19 to 21 is stored in the PK 22 of the user who received the content viewing service from the service system 24. It is assumed that “preference information” (attribute value thereof) is already provided from the PK 22 to the service system 24.

  In step S481, the service system 24 (the CPU 51 (FIG. 9) thereof) acquires the metadata of the program (content) that the user has viewed (provided to the user), and proceeds to step S482. In step S482, the service system 24 analyzes the genre of the program viewed by the user from the metadata acquired in step S481, and proceeds to step S483.

  In step S483, the service system 24 determines whether or not the genre obtained by the analysis in step S482 is a sport. If it is determined in step S483 that the genre is sports, the process proceeds to step S484, and the service system 24 sets the sports points in the attribute value of the attribute “program preference information” (FIGS. 19 to 21) in the PMD. Up and finish the process. For example, in FIG. 19 to FIG. 21, “sport 10, variety 7, music 5, other 3” is referred to as “sport 11, variety 7, music 5, other 3”.

  If it is determined in step S483 that the genre obtained by the analysis in step S482 is not a sport, the service system 24 proceeds to step S485 and determines whether the genre is variety.

  If it is determined in step S485 that the genre is variety, the process proceeds to step S486, where the service system 24 increases the variety point in the attribute value of the attribute “program preference information” in the PMD, and ends the process. . For example, in FIG. 19 to FIG. 21, “sport 10, variety 7, music 5, other 3” is referred to as “sport 10, variety 8, music 5, other 3”.

  On the other hand, if it is determined in step S485 that the genre obtained by the analysis in step S482 is not a variety, the service system 24 proceeds to step S487 and determines whether the genre is music.

  If it is determined in step S487 that the genre is music, the process proceeds to step S488, where the service system 24 increases the music point in the attribute value of the attribute “program preference information” in the PMD, and ends the process. . For example, in FIG. 19 to FIG. 21, “Sport 10, Variety 7, Music 5, Other 3” is “Sport 10, Variety 7, Music 6, Other 3”.

  If it is determined in step S487 that the genre obtained by the analysis in step S482 is not music, the service system 24 proceeds to step S489, and other attributes in the attribute “program preference information” attribute value in the PMD are displayed. Increase points and finish the process. For example, in FIG. 19 to FIG. 21, “Sport 10, Variety 7, Music 5, Other 3” is “Sport 10, Variety 7, Music 5, Other 4”.

  In this way, the PMD is updated in the service system 24. The updated PMD is transmitted to the PK 22, and the PMD of the PK 22 is updated.

  Next, according to PK22, it is possible to cause the information device to perform processing according to the user of PK22 using PMD. In this way, when the information device performs processing according to the individual user of the PK 22, it can be said that the information device is personalized for the user.

  FIG. 23 shows a configuration example of a PK system that personalizes a PC (Personal Computer) as an information device. In the figure, portions corresponding to those in FIG. 7 are denoted by the same reference numerals.

  In FIG. 23, a public PC 101 is a PC installed in, for example, a so-called Internet cafe, a public place such as a library, a conference room of a company, etc., and is connected to the network 21. The public PC 101 is also the service system 24 of FIG. 7 and can perform quasi-electrostatic field communication.

  In FIG. 23, a user PC 102 is, for example, a PC dedicated to the user (PC owned by the user) in the home or office of the user of PK 22, and is connected to the network 21 like the public PC 101. .

  Here, for example, with respect to the user PC 102 used at home, the user generally sets the environment so that the user PC 102 is easy to use. On the other hand, the environment setting different from that of the user PC 102 is generally performed on the public PC 101 that is not owned by the user. Therefore, conventionally, the user cannot use the public PC 101 installed on the go or the like in the same environment as that of the user PC 102 (for example, the display state of the desktop or the directory configuration).

  Therefore, in the PK system of FIG. 23, the user can use the public PC 101 installed in a place where he / she is away in the same environment as the environment of the user PC 102.

  That is, when the user of the PK 22 uses the public PC 101, the public PC 101 that is a service system performs personalization processing for personalizing the public PC 101 for the user of the PK 22.

  FIG. 24 is a flowchart illustrating an example of personalization processing performed by the public PC 101 which is a service system.

  The personalization process in FIG. 24 is performed, for example, when a user carrying the PK 22 tries to use the public PC 101.

  That is, the PK 22 and the public PC 101 can perform quasi-electrostatic field communication as described above. In addition, an antenna for the public PC 101 to perform quasi-electrostatic field communication is provided at a position close to the public PC 101 (for example, a table on which the public PC 101 is placed, a floor portion directly below, a housing of the public PC 101, etc.). Therefore, when the user tries to use the public PC 101 and approaches the public PC 101 and touches or approaches the antenna, the PK 22 carried by the user and the public PC 101 are Then, quasi-electrostatic field communication becomes possible via the human body of the user carrying the PK 22 and the antenna of the public PC 101.

  When the public PC 101 becomes capable of quasi-electrostatic field communication with the PK 22, the public PC 101 acquires the PMD from the PK 22 in step S501. That is, the public PC 101 requests PMD from the PK 22 by quasi-electrostatic field communication, and the PK 22 transmits PMD according to the request from the public PC 101 to the public PC 101 by quasi-electrostatic field communication. Thereby, the public PC 101 acquires the PMD from the PK 22.

  Here, the PK 22 stores environment data representing the environment of the user PC 102 as a PMD. In step S501, the public PC 101 acquires the PMD that is the environment data.

  In step S501, the public PC 101 acquires PMD, which is environment data, from the PK 22, and then proceeds to step S502 to set its own environment according to the environment data. In other words, the public PC 101 is personalized for the user of the PK 22, and the user of the PK 22 can use the public PC 101 in the same environment as the environment of the user PC 102 owned by the public PC 101.

  Thereafter, when the user of PK 22 operates the public PC 101 and requests to open (open) a data file or the like created by an application such as a word processor stored in the user PC 102, the public PC 101 In step S503, the data file requested to be opened is acquired from the user PC.

  That is, in step S503, the public PC 101 accesses the user PC via the network 21 and downloads the data file requested to be opened. The public PC 101 opens the data file and displays it.

  After that, when the user of PK22 operates public PC 101 to edit and update the data file acquired in step S503 and requests that the updated data file be closed (closed), public PC 101 returns to step S504. Then, the updated data file is transferred (uploaded) to the user PC 102 via the network 21 and stored.

  When the user of the PK 22 operates the public PC 101 and requests logoff, the process proceeds to step S505, and the public PC 101 transmits environmental data representing the current environment to the PK 22 by quasi-electrostatic field communication.

  Here, when the user of PK22 starts to use the public PC 101, as described in step S502, the public PC 101 is in the same environment as the environment in the user PC 102. Thereafter, the user uses the public PC 101. By doing so, the environment may be different from that at the start of use. In this case, since the environment in the public PC 101 is different from the environment set according to the environment data stored in the PK 22, in step S505, the public PC 101 updates the environment data stored in the PK 22. The environmental data representing the current environment is transmitted to the PK 22 by quasi-electrostatic field communication.

  In this case, the PK 22 receives the environmental data from the public PC 101, and updates the environmental data as the PMD stored therein by the environmental data.

  After transmitting the environmental data to the PK 22 in step S505, the public PC 101 proceeds to step S506, and deletes the environmental data, the environmental data acquired in step S501, the data file downloaded from the user PC 102, etc. FIG. In this state, the personalization process is started, and the process proceeds to step S507.

  In step S507, the public PC 101 performs a logoff process necessary for logoff, and ends the personalization process.

  As described above, according to the personalization process of FIG. 24, the public PC 101 is personalized in the same environment as the environment in the user PC 102. Can be used.

  Further, in order to personalize the public PC 101, it is necessary to communicate between the PK 22 and the public PC 101. However, a user carrying the PK 22 consciously acts to make the PK 22 communicate with the public PC 101, that is, For example, it is not necessary to take an action of taking the PK 22 out of a pocket or the like and holding it over the antenna of the public PC 101.

  That is, as described above, the quasi-electrostatic field communication between the PK 22 and the public PC 101 is performed when the user carrying the PK 22 touches the antenna of the public PC 101 or comes close to the user's human body. And it becomes possible to carry out via the antenna of the public PC 101.

  Accordingly, the user carrying the PK 22 simply acts to use the public PC 101, for example, sits in front of the public PC 101 or operates the keyboard or mouse of the public PC 101. It is only necessary to perform an original action that a person performs to use the public PC 101, such as touching the PC, whereby communication is performed between the PK 22 and the public PC 101, and the public PC 101 is personalized.

  Note that the communication between the PK 22 and the public PC 101 as a service system and the communication between the public PC 101 and the user PC 102 via the network 21 both use, for example, SSL (Secure Sockets Layer). Done securely.

  Next, in the PK system of FIG. 23, for example, even if the same PMD is stored in the user's PK22 and pBase23, if the personalization process of FIG. When the PMD stored in the PK 22 is updated by the PMD that is the environment data transmitted to the PMD, the PMD stored in the PK 22 and the pBase 23 is different.

  Therefore, the PMD synchronization outlined in FIG. 16 is performed between the PK 22 and the pBase 23 in order to make the PMD stored in the pBase 23 coincide with the PMD stored in the PK 22.

  FIG. 25 is an arrow chart for explaining the PMD synchronization process performed between the PK 22 and the pBase 23.

  This PMD synchronization processing is performed when the PK 22 can communicate with the pBase 23 via the service system such as the public PC 101 and the network 21.

  Here, it is assumed that the PK 22 is in a state where quasi-electrostatic field communication is possible with the public PC 101 which is a service system.

  In step S521, the PK 22 transmits the PMD stored therein to the public PC 101, and the public PC 101 receives the PMD from the PK 22 in step S541.

  In step S542, the public PC 101 transmits the PMD received in step S541 to the pBase 23 via the network 21, and the pBase 23 receives the PMD from the public PC 101 in step S561, and then proceeds to step S562. move on.

  In step S562, the pBase 23 executes PMD synchronization processing described later with reference to FIG. Thereby, the PMD stored in the pBase 23 is updated, and synchronous data for updating the PMD of the PK 22 is generated.

  Then, the pBase 23 proceeds to Step S563, and transmits the synchronization data generated by the PMD synchronization process of Step S562 to the public PC 101 via the network 21, and the public PC 101 receives the synchronization data from the pBase 23 in Step S543. Then, the process proceeds to step S544.

  In step S544, the public PC 101 transmits the synchronization data received in step S543 to the PK 22, and the PK 22 receives the synchronization data from the public PC 101 in step S522, and proceeds to step S523.

  In step S523, the PK 22 updates its own PMD based on the synchronization data received in step S522, and ends the process. Thereby, each PMD is updated so that the PMD of PK22 and the PMD of pBase23 match.

  Next, the details of the PMD synchronization processing in step S562 in FIG. 25 will be described with reference to FIG.

  In step S581, the pBase 23 compares the PMD from the PK 22 received in step S561 in FIG. 25 with the PMD stored in the pBase 23. In other words, in step S581, the pBase 23 sets the attribute value of each attribute of the PMD from the PK 22 that has not yet been set as the target attribute value. Further, in step S581, the pBase 23 reads the attribute value corresponding to the attention attribute value from the PMD stored in itself, and update date / time information indicating the date and time when the attribute value was last updated, and the attention attribute. Compare the value update date and time information.

  Here, it is assumed that the PMD includes update date information.

  Then, the process proceeds from step S581 to S582, and the pBase 23 updates the attribute value corresponding to the target attribute value stored in the pBase 23 on the basis of the comparison result in step S581 (hereinafter, the corresponding value is appropriately handled). It is determined whether it is newer than the update date / time of the attribute value.

  If it is determined in step S582 that the update date / time of the attribute value of interest is newer than the update date / time of the corresponding attribute value stored in the pBase 23, the process proceeds to step S583, and the pBase 23 stores the corresponding attribute value stored in itself. , The attention attribute value is updated, and the process proceeds to step S585.

  In Step S582, when it is determined that the update date / time of the attribute value of interest is not newer than the update date / time of the corresponding attribute value stored in the pBase 23, the process proceeds to Step S584, and the pBase 23 stores the correspondence stored by itself. The attribute value is set as synchronous data, and the process proceeds to step S585.

  Here, the synchronization data is transmitted to the PK 22 via the public PC 101 in step S563 of FIG. 25 described above after the PMD synchronization processing of FIG. In PK22, in step S523 of FIG. 25, the PMD stored therein is updated according to the synchronization data.

  Here, in addition to the corresponding attribute value that is an update date and time that is newer than the update date and time of the target attribute value, the corresponding attribute value that has the same update date and time as the target attribute value is also used as the synchronization data. However, only the corresponding attribute value with an update date and time that is newer than the update date and time of the attribute value of interest may be used as the synchronization data.

  In step S585, the pBase 23 determines whether or not the update date / time has been checked with all the attribute values of the PMD from the PK 22 as the attribute values of interest.

  If it is determined in step S585 that all the PMD attribute values from PK22 have not yet been set as the attribute values of interest, the process returns to step S581, and the same processing is repeated thereafter.

  If it is determined in step S585 that all the PMD attribute values from PK22 are the attribute values of interest, the PMD synchronization process is terminated.

Next, FIG. 27 shows a configuration example of an embodiment of an electronic conference system using the PK system shown in FIG. 7 or FIG.

  The electronic conference system shown in FIG. 27 is installed in a company, for example. In addition, it is assumed that there are at least three users A, B, and C as the number of participants (for example, employees) who participate in the conference by the electronic conference system. Users A and B are users (presenters) who make presentations to participants at the conference, and user C is a user (just a participant) who listens to the announcements at the conference. In addition, it is assumed that users A to C carry PKs 221-1 to 221-3 in which their personal related information is stored.

  The conference room management device 201 is connected to the material browsing devices 211-1 to 211-3 and the user terminal devices 241-1 to 241-3 via a wired or wireless network 215-1 such as an in-house LAN. In addition, the conference room management apparatus 201 is connected to personal information management apparatuses 222-1 to 222-3 via a wired or wireless network 215-2 such as the Internet. Also, the networks 215-1 and 215-2 are connected to each other. Hereinafter, the networks 215-1 and 215-2 are referred to as the network 215 when it is not necessary to distinguish between them. The networks 215-1 and 215-2 are secure communication paths in which information to be communicated is encrypted by SSL (Secure Socket Layer) or the like.

  The conference room management device 201 is a server installed in a conference room or the like where a conference is held, and a document image (data) used by the presenter for explanation is transmitted via the network 215 to the document browsing device 211-1. To 211-3 or the personal information management devices 222-1 to 222-3 and supplied to at least one of the projector 212, the main display 213, and the sub-display 214.

  In addition, the conference room management apparatus 201 can perform the above-described quasi-electrostatic field communication with the PK 221-4 of the conference moderator (facilitator), the PKs 221-1 to 221-3 of the users A to C, and the like. It is like that. Therefore, the conference room management apparatus 201 can be configured using the service system 24 described above.

  The projector 212, the main display 213, and the sub-display 214 (hereinafter also referred to as displays 212 to 214) are installed so that all or some of the participants in the conference room can see the materials prepared by the presenter. , An image display means for receiving the material image supplied from the conference room management apparatus 201 and displaying it on the screen. Thereby, the participants of the conference can see the material (material image) displayed on the screen of the projector 212, the main display 213, or the sub display 214.

  Each of the document browsing devices 211-1 to 211-3 is a terminal such as a notebook PC that is installed in advance in the seats of the participants in the conference room. Therefore, each of the material browsing devices 211-1 to 211-3 is used by an unspecified user. In the present embodiment, it is assumed that user A uses material browsing device 211-1, user B uses material browsing device 211-2, and user C uses material browsing device 211-3.

  When the user A is seated (approached), the document browsing device 211-1 is personalized exclusively for the user A by quasi-electrostatic field communication with the PK 221-1 carried by the user A. Similarly, when the user B is seated, the material browsing device 211-2 is personalized exclusively for the user B. The material browsing device 211-3 is also personalized exclusively for the user C when the user C is seated. Accordingly, the material browsing devices 211-1 to 21103 can also be configured using the service system 24.

  The user A operates the material browsing device 211-1 (211-2 or 211-3), thereby obtaining the material necessary for the conference via the network 215-1, the personal information management device 222-1 or the user terminal It is possible to download the material image from the device 241-1 and supply the material image for explaining to the participant to the conference room management device 201.

  The personal information management device 222-1 is a PC that the user A usually uses at home, for example. Therefore, in the personal information management apparatus 222-1, the environment is set so that the user A can easily use it. Also, the personal information management device 222-1 stores (stores) materials created by the user A before the meeting. If necessary, the personal information management device 222-1 can transmit the material to the conference room management device 201, the material browsing device 211-1, or the like via the network 215-2.

  The personal information management device 222-2 is a PC that is normally used by the user B, and has the same functions as the personal information management device 222-1. The personal information management device 222-2 may transmit the material to the conference room management device 201 or the material browsing device 211-2 via the network 215-2, like the personal information management device 222-1. it can.

  The personal information management device 222-3 is a PC that is normally used by the user C, and has the same functions as the personal information management device 222-1. The personal information management device 222-3 can transmit the material to the conference room management device 201 or the material browsing device 211-3 via the network 215-2.

  Note that the material browsing devices 211-1 to 211-3 can be configured using the above-described pBase 23.

  The user terminal device 241-1 is a PC that the user A usually uses at his / her seat in the company. Therefore, as shown in FIG. 27, the user terminal device 241-1 is normally connected to an in-house network 215-1. Further, the user A can also use the user terminal device 241-1 at a fulcrum or a place where he / she goes out (including home). In this case, the user terminal device 241-1 is connected to the network 215-2. The user terminal device 241-1 transmits data such as materials to the conference room management device 201, the material browsing device 211-1, or the personal information management device 222-1 via the network 215-1 or 215-2. Send and receive.

  The user terminal device 241-2 is a PC that the user B usually uses in the company. Similarly to the user terminal device 241-1, the user terminal device 241-2 transfers data such as documents to the conference room management device via the network 215. 201, the material browsing device 211-1, or the personal information management device 222-1, etc.

  Further, the user terminal device 241-3 is a PC that is normally used by the user C in the company. Similarly to the user terminal device 241-1, the user terminal device 241-3 receives data such as documents via the network 215. It transmits / receives with the management apparatus 201, the material browsing apparatus 211-1, or the personal information management apparatus 222-1.

  In the electronic conferencing system configured as described above, for example, the user A who is the presenter of the conference uses the network 215 to create the material used for the presentation, which is created and stored by the personal information management device 222-1. The information can be transmitted to the conference room management apparatus 201 and displayed on the displays 212 to 214 to be presented to the participants of the conference or the material can be distributed via the network 215.

  Note that when there is no need to particularly distinguish the material browsing devices 211-1 to 211-3, the material browsing devices 211-1 to 211-3 are also simply referred to as the material browsing device 211 below. Similarly, the personal information management devices 222-1 to 222-3 are also referred to as personal information management device 222, and the user terminal devices 241-1 to 241-3 are also referred to as user terminal devices 241. Further, the material browsing device 211, the personal information management device 222, and the user terminal device 241 are not limited to three.

  In the following, in order to make the explanation easy to understand, the material created by the user A is presented (displayed on the screen) to the users B and C at the conference and distributed to the users B and C as an example. Will be explained.

  FIG. 28 shows a configuration of a device related to user A among the devices of the electronic conference system of FIG. Therefore, the conference room management device 201, the material browsing device 211-1, the network 215-1, the network 215-2, the PK 221-1, the personal information management device 222-1, and the user terminal device 241-1 shown in FIG. Is the same as that described with reference to FIG.

  28, personal related information stored in each of the personal information management device 222-1 and PK 221-1 will be described.

  The PK 221-1 stores personal related information that is information related to the user A who is the owner of the PK 221-1. That is, the PK 221-1 includes a user ID (Identification) for recognizing the user A and a URI (Uniform Resource Identifiers) of the personal information management device 222-1 which is information (access information) indicating the location of the personal information management device 222-1. ), The mail address (Mail Address) of the user A, the public key of the personal information management apparatus 222-1, and the like are stored. Further, the PK 221-1 may store the ID of the PK 221-1 that identifies the PK 221-1 in addition to the above-described individual related information.

  On the other hand, the personal information management apparatus 222-1 includes, for example, a user A's user name (name) (NAME), company affiliation (department name) (ORG), company position (STATUS), and others. Stores files that can be published (SHARED FILES) and user interface setting information (UI CUSTOMIZATION STRUCTURE), which is information related to user preferences such as the character size and font of characters displayed on the screen. Yes. The personal information management apparatus 222-1 also stores the URI of the location where the material is stored (hereinafter also referred to as the material storage URI), its own secret key, IP address, and the like.

  As will be described later with reference to FIGS. 52 and 53, the above-described information stored in the PK 221-1 and the personal information management device 222-1 is stored in both the personal information management device 222-1 and the PK 221-1. It is also possible to store them, or to store everything only in the PK 221-1.

  As for the user B or C, the PK 221-2 or PK 221-3 and the personal information management device 222-2 or 222-3 respectively store the same information as the user A described above.

  FIG. 29 is a diagram for explaining processing when the user A browses the conference material stored in the personal information management device 222-1 with the document browsing device 211-1 in the conference room.

  The PK 221-1 has the same hardware configuration as the PK 22 described in FIG. When the user A carrying the PK 221-1 approaches the material browsing device 211-1, the PK 221-1 transmits the above-described user interface setting information by performing quasi-electrostatic field communication with the material browsing device 211-1. . Thereby, the material browsing device 211-1 is personalized.

  The material browsing device 211-1 has the same hardware configuration as that of the service system 24 described with reference to FIG. Therefore, the material browsing device 211-1 has at least a function of performing quasi-electrostatic field communication and communication via the network 215.

  The material browsing device 211-1 receives user interface setting information from the PK 221-1 and performs personalization dedicated to the user A. That is, in the material browsing device 211-1 that has been personalized, the user interface is rendered based on the user interface setting information. For example, the character size, font, and parts displayed on the screen (for example, a clock) are reset for user A only.

  In addition, the material browsing device 211-1 sends a material transmission request for transmitting the material stored in the personal information managing device 222-1 in accordance with the operation of the user A via the network 215-1. It transmits to the management apparatus 201. Furthermore, the material browsing device 211-1 receives and displays the material (data) transmitted from the conference room management device 201 via the network 215-1 in response to the material transmission request. Thereby, the user A can browse the material of the meeting memorize | stored in the personal information management apparatus 222-1, for example in the material browsing apparatus 211-1.

  The conference room management apparatus 201 has the same hardware configuration as that of the service system 24 described with reference to FIG. Therefore, the conference room management apparatus 201 has at least a function of performing quasi-electrostatic field communication and communication via the network 215. In addition, when the meeting room management apparatus 201 receives a material transmission request from the material browsing apparatus 211-1 via the network 215-1, the conference room management apparatus 201 responds accordingly to the personal information management apparatus 222-1 via the network 215-2. Send a document transmission request. Further, the conference room management apparatus 201 receives the material transmitted from the personal information management apparatus 222-1 in response to the material transmission request, and transmits it to the material browsing apparatus 211-1 via the network 215-1.

  Note that, between the PK 221-1 and the material browsing device 211-1, between the material browsing device 211-1 and the conference room management device 201, and between the conference room management device 201 and the personal information management device 222-1. First, after performing the authentication process (spoofing prevention process) described in FIG. 12, FIG. 13, FIG. 17, or FIG. 18, the above-described transmission / reception is performed.

  Next, a flow of processing when the PK 221-1 carried by the user A personalizes the material browsing device 211-1 will be described with reference to the arrow chart of FIG.

  First, in step S701, the PK 221-1 transmits the user ID of the user A and the URI of the personal information management device 222-1 to the material browsing device 211-1. In step S741, the document browsing apparatus 211-1 receives the user ID from the PK 221-1 and the URI of the personal information management apparatus 222-1 and proceeds to step S742, where the user ID and personal information management apparatus 222-1 are received. Is sent to the conference room management apparatus 201.

  In step S721, the conference room management apparatus 201 receives the user ID from the material browsing apparatus 211-1 and the URI of the personal information management apparatus 222-1 and proceeds to step S722, where the personal information management apparatus 222-1 Based on the URI, a personal information request for requesting setting information of the user interface of the user A is transmitted to the personal information managing apparatus 222-1.

  In step S761, the personal information management apparatus 222-1 receives the personal information request, proceeds to step S762, and transmits user interface setting information to the conference room management apparatus 201.

  In step S723, the conference room management apparatus 201 receives the user interface setting information from the personal information management apparatus 222-1 and proceeds to step S724. In step S724, the conference room management apparatus 201 stores the user ID received in step S721 and the user interface setting information received in step S723 in association with the document browsing apparatus 211-1, and then the personalization completion notification. At the same time, the setting information of the user interface from the personal information management device 222-1 is transmitted to the material browsing device 211-1.

  In step S743, the document browsing apparatus 211-1 receives the personalization completion notification and the user interface setting information (user environment information) from the conference room management apparatus 201, and proceeds to step S744.

  In step S744, the material browsing device 211-1 performs personalization (user environment setting) based on the user interface setting information received from the conference room management device 201, and ends the process.

  As described above, the conference room management device 201 stores the user ID of the user A and the user interface setting information and the material browsing device 211-1 in association with each other. Whether the device 211 is used can be managed.

  Next, mutual authentication processing between the devices in the electronic conference system of FIG. 27 will be described. First, a mutual authentication process between the conference room management apparatus 201 and the material browsing apparatus 211-1 will be described with reference to FIGS. 31 and 32.

  The conference room management device 201 and the material browsing device 211-1 exchange public keys when the first communication is performed between the conference room management device 201 and the material browsing device 211-1 (for example, when the device is installed). Thus, information leakage due to a spoofing attack during the second and subsequent communications is prevented.

  First, with reference to the arrow chart of FIG. 31, a spoofing prevention process when communication is performed for the first time between the conference room management apparatus 201 and the material browsing apparatus 211-1 will be described.

  First, the material browsing device 211-1 generates a pair of its own public key and private key in step S821. In step S821, the material browsing device 211-1 transmits the generated public key and its service ID to the conference room management device 201.

  In step S801, the conference room management apparatus 201 receives and stores the public key and service ID of the material browsing device 211-1 transmitted from the material browsing device 211-1, and proceeds to step S802.

In step S802, the conference room management apparatus 201 generates its own public / private key pair and a challenge word _W201 (similar to the above-described challenge code). In step S802, the conference room management apparatus 201 encrypts the generated public key, the challenge word _W201 , and its own service ID with the public key of the material browsing apparatus 211-1 received in step S801. It transmits to the material browsing apparatus 211-1.

In step S822, the document browsing apparatus 211-1 decrypts the public key, the challenge word W ₂₀₁ , and the service ID of the conference room management apparatus 201 transmitted from the conference room management apparatus 201 with its own private key, and the conference The public key and service ID of the room management apparatus 201 are stored, and the process proceeds to step S823.

Article browsing device 211-1, in step S823, generates a challenge word W ₂₁₁ itself, and its (their) challenge word W _211, and a challenge word W ₂₀₁ Room management device 201, meeting room management device The data is encrypted with the public key 201 and transmitted to the conference room management apparatus 201.

Conference room management unit 201, in step S803, receives the challenge word W ₂₁₁ and its own challenge word W ₂₀₁ article browsing device 211-1 that has been transmitted from the document browsing device 211-1, with the private key of its own Decode and go to step S804.

In step S804, the conference room management apparatus 201 determines whether or not the challenge word W ₂₀₁ obtained by decryption is the same as the challenge word W ₂₀₁ generated by itself in step S802.

If it is determined in step S804 that the challenge word W ₂₀₁ obtained by decryption is not the same as the challenge word W ₂₀₁ generated by itself in step S802, the conference room management apparatus 201 determines that the document browsing apparatus 211-1 is It is determined that there is a possibility of impersonation, and a rejection signal indicating rejection of communication is transmitted to the material browsing device 211-1.

  In step S824, the document browsing apparatus 211-1 receives the rejection signal from the conference room management apparatus 201.

  As described above, after transmitting the rejection signal to the material browsing device 211-1, the conference room management device 201 rejects the access from the material browsing device 211-1. In other words, the conference room management apparatus 201 refuses communication with the material browsing apparatus 211-1.

On the other hand, when it is determined in step S804 that the challenge word W ₂₀₁ obtained by decryption is the same as the challenge word W ₂₀₁ generated by itself in step S802, the process proceeds to step S805, and the conference room management apparatus 201 The material browsing device 211-1 is approved as not being impersonated, and the approval notification and the challenge word W ₂₁₁ of the material browsing device 211-1 received in step S 803 are encrypted with the public key of the material browsing device 211-1. It transmits to the browsing apparatus 211-1.

Documentation browsing device 211-1, in step S825, receiving the approval has been transmitted from the conference room management unit 201 notification and the challenge word W _211, and decoded by the secret key of its own, the process proceeds to step S826.

In step S826, the document browsing device 211-1 determines whether the challenge word W ₂₁₁ obtained by decoding is the same as the challenge word W ₂₁₁ itself generated in step S823.

In step S826, if the challenge word W ₂₁₁ obtained by decoding is determined not to be identical to the challenge word W ₂₁₁ itself generated in step S823, document viewing apparatus 211-1, the conference room management unit 201 It is determined that there is a possibility of impersonation, and a rejection signal indicating rejection of communication is transmitted to the conference room management apparatus 201.

  In step S806, the conference room management apparatus 201 receives a rejection signal from the material browsing apparatus 211-1.

  As described above, the document browsing apparatus 211-1 rejects access from the conference room management apparatus 201 after transmitting the rejection signal to the conference room management apparatus 201. That is, the material browsing device 211-1 refuses communication with the conference room management device 201.

On the other hand, in step S826, if the challenge word W ₂₁₁ obtained by decoding is determined to be identical to the challenge word W ₂₁₁ generated by itself in step S823, the process proceeds to step S827, document viewing apparatus 211-1 The conference room management apparatus 201 is approved as not being impersonated, and an approval notification is transmitted to the conference room management apparatus 201.

  In step S807, the conference room management apparatus 201 receives an approval notification from the material browsing apparatus 211-1, and ends the process.

  When the above-described processing is performed, it is assumed that an administrator who manages the electronic conference system can handle both the conference room management device 201 and the material browsing device 211-1 at the same time. . When the conference room management device 201 and the material browsing device 211-1 are physically separated from each other, and the manager cannot handle both the conference room management device 201 and the material browsing device 211-1 at the same time. For example, the administrator may handle one of the conference room management apparatus 201 and the material browsing apparatus 211-1, and another person may handle the other apparatus. However, in this case, it is assumed that the administrator can communicate with the person who handles the other device using video or audio.

Then, after the processing of FIG. 31 is completed, the administrator displays the challenge word W ₂₁₁ (W ₂₀₁ ) generated by himself and the received challenge word W on the respective screens of the conference room management apparatus 201 and the material browsing apparatus 211-1. ₂₀₁ ( _W211 ) is displayed.

For example, the following characters are output (displayed) on the screen.
Conference room management device 201: Generated challenge word: 45-9f2!
Received challenge word: cr-4dc
Document browsing device 211-1: Received challenge word: 45-9f2!
Generated challenge word: cr-4dc

The administrator compares the challenge words displayed on the screens of the conference room management device 201 and the material browsing device 211-1 and displays them on the screens of the conference room management device 201 and the material browsing device 211-1. If it is determined that the challenge word W ₂₀₁ and the challenge word W ₂₁₁ are the same, it can be determined that there was no mediator attack in the communication between the conference room management apparatus 201 and the material browsing apparatus 211-1. . Thereby, the first spoofing between the conference room management apparatus 201 and the material browsing apparatus 211-1 can be prevented.

  Next, with reference to the arrow chart of FIG. 32, the spoofing prevention process when performing communication between the conference room management apparatus 201 and the material browsing apparatus 211-1 for the second time and thereafter will be described.

First, the article browsing device 211-1, in step S861, generates a challenge word W _211, to encrypt a service ID of the challenge word W ₂₁₁ and its own with the public key of the conference room management unit 201, conference room It transmits to the management apparatus 201.

Meeting management apparatus 201 in step S841, receives the challenge word W ₂₁₁ and the service ID of the article browsing device 211-1 transmitted from the article viewing apparatus 211-1 decrypts the secret key of its own, The process proceeds to step S842.

In step S842, the conference room management unit 201 generates a challenge word W _201, Challenge word W ₂₁₁ of the challenge word W ₂₀₁ and its own service ID, and decoding-obtained article browsing device 211-1, It encrypts with the public key (public key of the material browsing device 211-1) memorize | stored with the service ID of the material browsing device 211-1 by the first spoofing prevention process of FIG. 31, and transmits to the material browsing device 211-1.

In step S862, the document browsing device 211-1 receives the challenge word _W211 , the challenge word W201 of the conference room management device ₂₀₁ , and the service ID transmitted from the conference room management device ₂₀₁ , and receives its own private key. The process proceeds to step S863.

In step S863, document browsing device 211-1 determines whether the challenge word W ₂₁₁ obtained by decoding is the same as the challenge word W ₂₁₁ itself generated in step S861.

In step S863, if the challenge word W ₂₁₁ obtained by decoding is determined not to be identical to the challenge word W ₂₁₁ itself generated in step S861, document viewing apparatus 211-1, the conference room management unit 201 It is determined that there is a possibility of impersonation, and a rejection signal indicating rejection of communication is transmitted to the conference room management apparatus 201.

  In step S843, the conference room management apparatus 201 receives a rejection signal from the material browsing apparatus 211-1.

  As described above, the document browsing apparatus 211-1 rejects access from the conference room management apparatus 201 after transmitting the rejection signal to the conference room management apparatus 201. That is, the material browsing device 211-1 refuses communication with the conference room management device 201.

On the other hand, in step S863, if the challenge word W ₂₁₁ obtained by decoding is determined to be identical to the challenge word W ₂₁₁ generated by itself in step S861, the process proceeds to step S864, document viewing apparatus 211-1 The conference room management apparatus 201 is approved as not being impersonated, and the approval notification and the challenge word W _{201 of} the conference room management apparatus 201 obtained by decoding are used as the conference room management apparatus 201 in the first anti-spoofing process of FIG. Is encrypted with the public key stored together with the service ID (public key of the conference room management apparatus 201) and transmitted to the conference room management apparatus 201.

In step S844, the conference room management apparatus 201 receives the approval notification and the challenge word W ₂₀₁ from the material browsing apparatus 211-1, decrypts it with its own private key, and proceeds to step S845.

In step S845, the conference room management apparatus 201 determines whether the challenge word W ₂₀₁ obtained by decryption is the same as the challenge word W ₂₀₁ generated by itself in step S842.

If it is determined in step S845 that the challenge word W ₂₀₁ obtained by decryption is not the same as the challenge word W ₂₀₁ generated by itself in step S842, the conference room management apparatus 201 determines that the document browsing apparatus 211-1 is It is determined that there is a possibility of impersonation, and a rejection signal indicating rejection of communication is transmitted to the material browsing device 211-1.

  In step S865, the document browsing device 211-1 receives the rejection signal from the conference room management device 201.

  As described above, after transmitting the rejection signal to the material browsing device 211-1, the conference room management device 201 rejects the access from the material browsing device 211-1. In other words, the conference room management apparatus 201 refuses communication with the material browsing apparatus 211-1.

On the other hand, when it is determined in step S845 that the challenge word W ₂₀₁ obtained by decryption is the same as the challenge word W ₂₀₁ generated by itself in step S842, the process proceeds to step S846, and the conference room management apparatus 201 The material browsing device 211-1 is approved as not being impersonated, and an approval notification is transmitted to the material browsing device 211-1.

  In step S866, the document browsing apparatus 211-1 receives the approval notification from the conference room management apparatus 201, and ends the process.

  As described above, in the spoofing prevention process after the second time, the conference room management apparatus 201 stores the public key of the material browsing apparatus 211-1, and the material browsing apparatus 211-1 uses the public key of the conference room management apparatus 201. Since it is stored, mutual authentication can be performed simply by sending and receiving a challenge word.

  Next, mutual authentication processing between the conference room management apparatus 201 and the personal information management apparatus 222-1 will be described with reference to FIGS. 33 to 39.

  The conference room management device 201 and the personal information management device 222-1 are similar to the above-described mutual authentication processing between the conference room management device 201 and the material browsing device 211-1. The public key is exchanged when communicating with -1 for the first time, and information leakage due to a spoofing attack when performing the second and subsequent communications is prevented.

  With reference to FIG. 33, an outline of spoofing prevention processing (authentication processing) when communication is performed for the first time between the conference room management device 201 and the personal information management device 222-1 will be described.

  First, in step S901, the PK 221-1 obtains the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 as the material browsing device 211-. 1 to send.

  In step S902, the document browsing device 211-1 receives the public key of the personal information management device 222-1 of the user A from the PK 221-1, the mail address and name of the user A, and the URI of the personal information management device 222-1. Receive and transmit to conference room management apparatus 201.

  In step S903, the conference room management apparatus 201 sets the public key of the personal information management apparatus 222-1 of the user A, the mail address and name of the user A, and the personal information management apparatus 222-1 in step S903. The URI is stored (registered) in a user DB (Data Base) 281 inside the conference room management apparatus 201.

  In step S903, the conference room management apparatus 201 encrypts its own service ID and public key with the received public key of the personal information management apparatus 222-1 of the user A, and stores it in the personal information management apparatus 222-1. Send.

  In step S904, the personal information management apparatus 222-1 decrypts the service ID and public key of the conference room management apparatus 201 transmitted from the conference room management apparatus 201 with its own private key, and the personal information management apparatus 222- 1 (stored) in the internal service DB 282. In step S904, the personal information management apparatus 222-1 transmits a registration completion notification informing the registration completion to the conference room management apparatus 201.

  In step S905, the conference room management apparatus 201 notifies the document browsing apparatus 211-1 of a registration completion notification informing that the registration is completed between the conference room management apparatus 201 and the personal information management apparatus 222-1 and its public key. Send.

  In step S906, the document browsing apparatus 211-1 notifies the user A that registration is completed by the conference room management apparatus 201 and the personal information management apparatus 222-1, for example, by displaying on a screen, and also PK221. The public key of the conference room management apparatus 201 is transmitted to -1.

  According to this process, the public key of the personal information management device 222-1 of the user A is stored in advance in the PK 221-1 that is a device that can perform personal authentication (when the public key is acquired by communication). Compared to the above, it is possible to improve the reliability of public keys and prevent spoofing of participants.

  FIG. 34 shows an example of data stored in the user DB 281 stored in the conference room management apparatus 201.

  As shown in FIG. 34, the user DB 281 records (registers) a set of a public key, an e-mail address, a name, and a URI of the personal information management device 222 of one user for one user.

  That is, in the user DB 281, the user's name (participant name), mail address, public key of the material browsing device 211, and URI of the personal information management device 222 are registered in one record in that order. Specifically, Nakamura, user1@xxx.com, 7845jfsgf4kdsk, User1.pbase.test are registered in the first record from the top. Yamada, user2@xxx.org, mnlf49kfd240r, User2.pbase.test are registered in the second record from the top. In the third record from the top, Saito, user3@xxx.com, sgf4kdmnlf4, User3.pbase.test are registered.

  Since information on all the participants in the conference is stored in the user DB 281, when the conference participant performs an operation for requesting information on all the participants in the conference in the material browsing device 211, conference management is performed. For example, the device 201 can extract the part of the participant name from the user DB 281 and transmit it to the material browsing device 211 that has requested the participant information.

  Thereby, when a participant forgets the name of the other participant of a meeting, the name can be confirmed.

  Furthermore, not only the name of the participant but also the profile that the person has permitted to transmit can be transmitted to the material browsing device 211 that has requested the participant's information. In this way, participants (presenters) who have seen the information decide what discussion points to proceed by referring to the organization (department) of other participants, etc. Smooth meetings (presentations) can be held.

  FIG. 35 shows an example of data in the service DB 282 stored in the personal information management apparatus 222-1.

  As shown in FIG. 35, in the service DB 282, a service ID (service name) and public key pair of each service system is stored as one record.

  In FIG. 35, the service DB 282 stores (registers) a pair of “Conference1” that is the service ID of the conference room management apparatus 201 and “Ckv5-0-0dfv34” that is the public key of the conference room management apparatus 201.

  Next, the initial spoofing prevention process between the conference room management apparatus 201 and the personal information management apparatus 222-1 described with reference to FIG. 33 will be described in detail with reference to the arrow chart of FIG. 36.

  First, in step S921, the PK 221-1 obtains the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 as the material browsing device 211-. 1 to send.

  In step S941, the material browsing device 211-1 receives the public key of the personal information management device 222-1 of the user A from the PK 221-1, the mail address and name of the user A, and the URI of the personal information management device 222-1. In step S942, the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 are transmitted to the conference room management device 201. .

  In step S961, the conference room management apparatus 201 sets the public key of the personal information management apparatus 222-1 of the user A, the mail address and name of the user A, and the personal information management apparatus 222-1 in step S961. Receive URI.

  In step S962, the conference room management apparatus 201 receives the public key of the personal information management apparatus 222-1 of the user A, the mail address and name of the user A, and the personal information management apparatus received from the material browsing apparatus 211-1. It is determined whether or not a set of URI 222-1 is already registered in the user DB 281.

  In step S962, the set of the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 received from the material browsing device 211-1 has already been used by the user. If it is determined that it is registered in the DB 281, the process skips step S963 and proceeds to step S964.

  On the other hand, in step S962, the set of the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 received from the material browsing device 211-1. If it is determined that it is not yet registered in the user DB 281, the process proceeds to step S 963, where the conference room management apparatus 201 receives the public key of the personal information management apparatus 222-1 of the user A received from the material browsing apparatus 211-1, the user The mail address and name of A and the URI set of the personal information management apparatus 222-1 are registered (recorded) in the user DB 281, and the process proceeds to step S <b> 964.

  In step S964, the conference room management apparatus 201 encrypts its service ID and public key with the public key of the personal information management apparatus 222-1 of the user A received from the material browsing apparatus 211-1, and manages personal information. Send to device 222-1

  In step S981, the personal information management apparatus 222-1 receives the service ID and public key from the conference room management apparatus 201, decrypts them with its own private key, and proceeds to step S982.

  In step S982, the personal information management apparatus 222-1 registers (stores) the service ID and public key of the conference room management apparatus 201 obtained by decryption in the service DB 282, and proceeds to step S983.

  In step S983, the personal information management apparatus 222-1 transmits a registration completion notification informing the registration completion to the conference room management apparatus 201.

  In step S965, the conference room management apparatus 201 receives the registration completion notification from the personal information management apparatus 222-1, and proceeds to step S966.

  In step S966, the conference room management apparatus 201 sends a registration completion notification informing that registration is completed between the conference room management apparatus 201 and the personal information management apparatus 222-1 and its own public key to the material browsing apparatus 211. -1.

  In step S943, the document browsing apparatus 211-1 receives the registration completion notification from the conference room management apparatus 201 and the public key of the conference room management apparatus 201, and proceeds to step S944.

  In step S944, the document browsing apparatus 211-1 notifies the user A by displaying on the screen or the like that registration has been completed between the conference room management apparatus 201 and the personal information management apparatus 222-1. The public key of the conference room management apparatus 201 is transmitted to -1.

  In step S922, the PK 221-1 receives the public key of the conference room management apparatus 201 and ends the process.

  Incidentally, in the spoofing prevention process described with reference to FIG. 36 (FIG. 33), when a secret key is stolen and spoofing is performed using the secret key, it is difficult to prevent the spoofing.

  Therefore, a process is considered in which by impersonating the secret key by making an e-mail transmitted to the user terminal device 241-1 that is normally used by the user A, it is possible to improve the accuracy of spoofing prevention.

  With reference to FIG. 37, the outline of the spoofing prevention process using electronic mail corresponding to FIG. 33 will be described.

  First, in step S1101, the PK 221-1 is the same as step S901 in FIG. 33. The public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the personal information management device 222- In addition to the URI of 1, the public key used for PGP (Pretty Good Privacy), for example, is an application that encrypts an electronic mail transmitted and received by the user terminal device 241-1 and creates an electronic signature. (Hereinafter, referred to as an e-mail public key) is also transmitted to the material browsing apparatus 211-1.

  In step S1102, the document browsing device 211-1 receives the public key of the personal information management device 222-1 of the user A from the PK 221-1, the mail address and name of the user A, the URI of the personal information management device 222-1, and the electronic The mail public key is received and transmitted to the conference room management apparatus 201.

  In steps S1103 to S1106 in FIG. 37, processing similar to that in steps S903 to S906 in FIG. 33 is performed.

  In step S1106, when the registration completion notification and the public key of the conference room management apparatus 201 are received at PK 221-1, the user A moves to the user terminal apparatus 241-1. In step S1107, the PK 221-1 transmits the public key of the conference room management apparatus 201 received in step S1106 to the user terminal apparatus 241-1 by quasi-electrostatic field communication.

On the other hand, in step S1108, the conference room management apparatus 201 transmits its own public key and challenge word W ₂₀₁ to the user terminal apparatus 241-1 by e-mail. Here, the public key of the conference room management apparatus 201 and the challenge word W ₂₀₁ are encrypted with the public key of the email of user A and transmitted using PGP. In this way, if PGP is adopted for sending and receiving e-mail, the e-mail itself is encrypted, so there is a possibility of eavesdropping on the communication path even when the communication path is not encrypted. Is extremely low.

User terminal device 241-1, in step S1109, user A challenge word W ₂₀₁ from conference managing device 201 and the public key of the conference room management unit 201, corresponding to the electronic mail public key using PGP Whether or not the public key of the conference room management apparatus 201 obtained by decrypting with the private key of the e-mail matches the public key of the conference room management apparatus 201 transmitted from the PK 221-1 in step S1107. judge. The user terminal device 241-1 matches the public key of the conference room management apparatus 201 transmitted from the conference room management apparatus 201 with the public key of the conference room management apparatus 201 transmitted from the PK 221-1. In this case, the challenge word W ₂₀₁ from the conference room management apparatus 201 is encrypted with the public key of the conference room management apparatus 201 and transmitted to the conference room management apparatus 201 by e-mail.

In the conference room management apparatus 201, the challenge word W ₂₀₁ transmitted from the user terminal device 241-1 by e-mail matches the challenge word W ₂₀₁ transmitted by itself to the user terminal device 241-1 in step S1108. Determine whether or not. When it is determined that the challenge word W ₂₀₁ transmitted from the user terminal device 241-1 by e-mail matches the challenge word W ₂₀₁ transmitted to the user terminal device 241-1, the conference room management device 201. Determines that the user A is not impersonating and ends the process.

As described above, according to the anti-spoofing process using e-mail, the anti-spoofing safety can be improved for the following reasons. First, it is possible to perform double processing using the two devices of the personal information management device 222-1 and the user terminal device 241-1. Second, the personal information management device 222-1. And thirdly, it is difficult to steal the two secret keys of the user terminal device 241-1. Thirdly, an operation of transmitting / receiving the public key of the conference room management device 201 and the challenge word W ₂₀₁ by electronic mail (interactive (Operation) is included in the process, for example, user A can detect the problem by not receiving an e-mail.

  FIG. 38 describes the outline of the spoofing prevention process (authentication process) when communication is performed between the conference room management apparatus 201 and the personal information management apparatus 222-1 for the second time and thereafter.

  First, in step S1141, the PK 221-1 sets the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 as the material browsing device 211. -1.

  In step S1142, the material browsing device 211-1 receives the public key of the personal information management device 222-1 of the user A from the PK 221-1, the mail address and name of the user A, and the URI of the personal information management device 222-1. Receive and transmit to conference room management apparatus 201.

  In step S1143, the conference room management apparatus 201 uses the public key of the personal information management apparatus 222-1 of the user A, the mail address and name of the user A, and the personal information management apparatus 222-1 from the material browsing apparatus 211-1. Whether the set of URIs is registered (stored) in the user DB 281, that is, the public key of the personal information management device 222-1 of the user A from the material browsing device 211-1, the mail address and name of the user A, and The set of URIs of the personal information management device 222-1 is the public key of the personal information management device 222-1 of the user A in the user DB 281, the mail address and name of the user A, and the set of URIs of the personal information management device 222-1. Is determined (compared).

The set of the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 from the material browsing device 211-1 is the user of the user DB 281. If it is determined that the public key of the personal information management device 222-1 of A, the mail address and name of the user A, and the URI set of the personal information management device 222-1 match, in step S1143, the conference room management device 201 generates a challenge word W _201, the challenge word W _201, and encrypted with the public key of the personal information management apparatus 222-1 of the user a, and transmits to the personal information management device 222-1.

In step S1144, the personal information management device 222-1 decrypts the challenge word W ₂₀₁ from the conference room management device 201 and generates the challenge word W ₂₂₂ . In step S1144, the personal information managing apparatus 222-1, the challenge word W ₂₀₁ obtained by decoding, and a challenge word W ₂₂₂ that generated the public conference room managing apparatus 201 stored in the service DB282 It is encrypted with the key and transmitted to the conference room management apparatus 201.

In step S1145, the conference room management apparatus 201 receives and decodes the challenge word W ₂₀₁ and the challenge word W ₂₂₂ transmitted from the personal information management apparatus 222-1. In step S1145, the conference room management apparatus 201 determines whether the challenge word W ₂₀₁ obtained by decryption matches the challenge word W ₂₀₁ generated by itself in step S1143.

If it is determined that the challenge word W ₂₀₁ obtained by decryption matches the challenge word W ₂₀₁ generated by itself, in step S1145, the conference room management apparatus 201 obtains the acceptance notification and obtains the decryption. The challenge word W ₂₂₂ is encrypted with the public key of the personal information management device 222-1 and transmitted to the personal information management device 222-1.

Personal information management device 222-1, in step S1146, receives and decodes the receiving notice the challenge word W ₂₂₂ from conference managing device 201, the challenge word W ₂₂₂ obtained by decoding, in step S1144 It is determined whether or not it matches the challenge word W ₂₂₂ generated by itself.

If it is determined that the challenge word W ₂₂₂ obtained by decryption matches the challenge word W ₂₂₂ generated by itself, in step S1146, the personal information management device 222-1 sends an acceptance notification to the conference room management device. To 201.

  In step S1147, the conference room management apparatus 201 transmits an authentication completion notification indicating that the conference room management apparatus 201 and the personal information management apparatus 222-1 have been authenticated to the document browsing apparatus 211-1.

  In step S1148, the document browsing apparatus 211-1 transmits an authentication completion notification from the conference room management apparatus 201 to the PK 221-1, and that the conference room management apparatus 201 and the personal information management apparatus 222-1 have been authenticated. Is displayed on the screen to inform the user A of that fact, and the process is terminated.

  Next, details of spoofing prevention processing for the second and subsequent times between the conference room management apparatus 201 and the personal information management apparatus 222-1 described with reference to FIG. 38 will be described with reference to the arrow chart of FIG. 39.

  First, in step S1181, the PK 221-1 obtains the public key of the personal information management device 222-1 of the user A, the mail address of the user A, and the URI of the personal information management device 222-1 as the material browsing device 211-. 1 to send.

  In step S1201, the document browsing device 211-1 sets the public key of the personal information management device 222-1 of the user A, the mail address of the user A, and the URI of the personal information management device 222-1 from the PK 221-1. In step S1202, the public key of the personal information management device 222-1 of the user A, the mail address of the user A, and the URI of the personal information management device 222-1 are transmitted to the conference room management device 201. .

  In step S1221, the conference room management apparatus 201 uses the public key of the personal information management apparatus 222-1 of the user A, the mail address of the user A, and the URI of the personal information management apparatus 222-1 in step S1221. The set is received, and the process proceeds to step S1222.

  In step S1222, the conference room management apparatus 201 stores the public key of the personal information management apparatus 222-1 of the user A, the mail address of the user A, and the URI of the personal information management apparatus 222-1 in the user DB 281. Whether or not it is registered (stored), that is, the public key of the personal information management device 222-1 of the user A from the material browsing device 211-1, the mail address of the user A, and the URI of the personal information management device 222-1 It is determined (compared) whether the set matches the set of the public key of the personal information management device 222-1 of the user A, the mail address of the user A, and the URI of the personal information management device 222-1.

  In step S1222, the set of the public key of the personal information management device 222-1 of the user A, the mail address of the user A, and the URI of the personal information management device 222-1 is set as the personal information management device 222- of the user A in the user DB 281. If it is determined that the set of the public key of 1, the mail address of the user A, and the URI of the personal information management device 222-1 does not match, the conference room management device 201 may have impersonated the user A. It judges and transmits the rejection signal showing rejection of communication with respect to the material browsing apparatus 211-1.

  In step S1203, the document browsing apparatus 211-1 receives the rejection signal from the conference room management apparatus 201, proceeds to step S1204, and transmits the rejection signal to the PK 221-1.

  In step S1182, the PK 221-1 receives a rejection signal from the material browsing device 211-1.

  As described above, after transmitting the rejection signal to the material browsing device 211-1, the conference room management device 201 rejects the access from the material browsing device 211-1. That is, the conference room management apparatus 201 refuses communication with the material browsing apparatus 211-1 (user A who uses the document browsing apparatus 211-1).

On the other hand, in step S1222, the set of the public key of user A's personal information management device 222-1, the mail address of user A, and the URI of personal information management device 222-1 is the personal information management device of user A of user DB 281. 222-1 public key, the mail address of the user a, and the personal information management apparatus when it is determined that matches the set of URI of 222-1, the flow advances to step S1223, meeting room managing apparatus 201, the challenge word W ₂₀₁ The generated challenge word W ₂₀₁ is encrypted with the public key of the personal information management device 222-1 of the user A received in step S1221, and is transmitted to the personal information management device 222-1.

In step S1251, the personal information management device 222-1 receives the challenge word W ₂₀₁ from the conference room management device 201, decrypts it with its own private key, and proceeds to step S1252.

In step S1252, the personal information management device 222-1 generates a challenge word W _222, a challenge word W ₂₂₂ that the generated, the challenge word W ₂₀₁ obtained by decoding in step S1251, stores the service DB282 It is encrypted with the public key of the conference room management apparatus 201 that has been sent and transmitted to the conference room management apparatus 201.

In step S1224, the conference room management apparatus 201 receives the challenge word W ₂₀₁ and the challenge word W ₂₂₂ from the personal information management apparatus 222-1, decrypts them with its own private key, and proceeds to step S1125.

In step S1225, the conference room management apparatus 201 determines whether the challenge word W ₂₀₁ obtained by decryption matches the challenge word W ₂₀₁ generated by itself in step S1223.

When it is determined in step S1225 that the challenge word W ₂₀₁ obtained by decryption does not match the challenge word W ₂₀₁ generated by itself in step S1223, the conference room management apparatus 201 determines that the personal information management apparatus 222- 1 is determined to be impersonation, and a rejection signal indicating rejection of communication is transmitted to the personal information management apparatus 222-1.

  In step S1253, the personal information management device 222-1 receives the rejection signal from the conference room management device 201.

  As described above, after transmitting the rejection signal to the personal information management apparatus 222-1, the conference room management apparatus 201 rejects the access from the personal information management apparatus 222-1. In other words, the conference room management apparatus 201 refuses communication with the personal information management apparatus 222-1.

On the other hand, if it is determined in step S1225 that the challenge word W ₂₀₁ obtained by decryption matches the challenge word W ₂₀₁ generated by itself in step S1223, the process proceeds to step S1226, and the conference room management apparatus 201 The acceptance notification and the challenge word W ₂₂₂ obtained by decryption are encrypted with the public key of the personal information management device 222-1 and transmitted to the personal information management device 222-1.

Personal information management device 222-1, in step S1254, and receives the acceptance notification and Challenge word W ₂₂₂ from the conference room management device 201, decrypts the secret key of the own, the process proceeds to step S1255.

In step S1255, the personal information management apparatus 222-1 determines whether or not the challenge word W ₂₂₂ obtained by decryption matches the challenge word W ₂₂₂ generated by itself in step S 1252.

If it is determined in step S1255 that the challenge word W ₂₂₂ obtained by decryption does not match the challenge word W ₂₂₂ generated by itself in step S1252, the personal information management device 222-1 determines that the conference room management device 201 Is determined to be impersonation, and a rejection signal indicating rejection of communication is transmitted to the conference room management apparatus 201.

  In step S1227, the conference room management apparatus 201 receives the rejection signal from the personal information management apparatus 222-1.

  After transmitting the rejection signal to the conference room management apparatus 201 as described above, the personal information management apparatus 222-1 rejects access from the conference room management apparatus 201. That is, the personal information management device 222-1 refuses communication with the conference room management device 201.

On the other hand, in step S1255, the challenge word W ₂₂₂ obtained by decoding, if itself is determined to match the challenge word W ₂₂₂ generated in step S1252, the flow advances to step S1256, the personal information management device 222-1 The acceptance notification is transmitted to the conference room management apparatus 201.

  The conference room management apparatus 201 receives the acceptance notification from the personal information management apparatus 222-1 in step S1228, proceeds to step S1229, and the conference room management apparatus 201 and the personal information management apparatus 222-1 have completed authentication. An authentication completion notification indicating this is transmitted to the material browsing device 211-1.

  In step S1205, the document browsing apparatus 211-1 receives the authentication completion notification from the conference room management apparatus 201, proceeds to step S1206, and transmits the authentication completion notification to the PK 221-1. A message that the personal information management apparatus 222-1 has been authenticated is displayed on the screen, the user A is notified of this, and the process is terminated.

  As described above, the authentication process for preventing spoofing is performed between the conference room management apparatus 201 and the personal information management apparatus 222-1.

  Similar authentication processing (spoofing prevention processing) is performed between the PK 221-1 and the material browsing device 211-1, and between the conference room management device 201 and the user terminal device 241-1.

  As a result, the electronic conference system can have the same level of security strength without using PKI, reducing the burden on the system administrator, and allowing users to worry about security without worrying about security. The system can be used.

  Next, referring to the arrow chart of FIG. 40, the user A downloads the material necessary for the presentation from the personal information management device 222-1 to the material browsing device 211-1, and displays it on any of the displays 212 to 214. The download display process to be displayed will be described.

  User A performs an operation of requesting a list of materials stored in the personal information management device 222-1 for the material browsing device 211-1, in order to use the materials prepared for the conference by the presentation. Do. Then, in step S1431, the material browsing device 211-1 transmits its public key and a material list request for requesting a material list to the conference room management device 201.

  In step S1401, the conference room management apparatus 201 receives the public key and the material list request of the material browsing device 211-1 from the material browsing device 211-1, and proceeds to step S1402 to request the public key and the material list. Are transmitted to the personal information managing device 222-1. Note that the conference room management apparatus 201 may directly specify the location (material storage URI) where the material is stored and transmit the material list request to the personal information management device 222-1.

  In step S1461, the personal information management device 222-1 receives the public key and the material list request of the material browsing device 211-1 transmitted from the conference room management device 201, and proceeds to step S1462, where the material is stored. A material list is created by referring to the location (material storage URI), and the material list is encrypted with the public key of the material browsing device 211-1 and transmitted to the conference room management device 201.

  In step S1403, the conference room management apparatus 201 receives the (encrypted) material list from the personal information management apparatus 222-1, proceeds to step S1404, and transmits the material list to the material browsing apparatus 211-1. .

  In step S1432, the material browsing device 211-1 receives the material list from the conference room management device 201, decrypts it with its own private key, and displays it on the screen. User A searches and designates materials necessary for the conference from the material list displayed on the screen. In step S <b> 1433, the material browsing device 211-1 transmits a material transmission request for requesting the material (data) designated by the user A together with its own public key to the conference room management device 201.

  In step S1405, the conference room management apparatus 201 receives the public key and the material transmission request of the material browsing device 211-1 transmitted from the material browsing device 211-1, and proceeds to step S1406 to transmit the public key and the material. The request is transmitted to the personal information management device 222-1.

  In step S 1463, personal information management apparatus 222-1 receives the material transmission request from conference room management apparatus 201, and proceeds to step S 1464, where the material is stored according to the material transmission request (material storage The requested material stored in (URI) is transmitted to the conference room management apparatus 201.

  In step S1407, the conference room management apparatus 201 receives the material from the personal information management apparatus 222-1. In step S1408, the conference room management apparatus 201 stores (stores) the received material and the name of the user who requested the material. The process proceeds to step S1409.

  In step S1409, the conference room management apparatus 201 transmits the material transmitted from the personal information management apparatus 222-1 to the material browsing apparatus 211-1.

  In step S1434, the material browsing device 211-1 receives the material from the conference room management device 201.

  In step S1435, the document browsing apparatus 211-1 activates an application that can read and display the document, displays the document image (document image) on the screen, and displays the document image (image thereof). Data) is transmitted to the conference room management apparatus 201.

  In step S1410, the conference room management apparatus 201 receives the material image from the material browsing device 211-1, proceeds to step S1411, selects and displays one of the displays 212 to 214, and ends the process. Note that bitmap image data, vector data, metadata, and the like can be employed as the image data of the material image.

  FIG. 41 shows an example of a database in the conference room management apparatus 201 that stores the file name of the received material and the name of the user who requested the material in the download display process of FIG.

  In the database of FIG. 41, the user's mail address corresponding to the user name and the data file name of the material are stored in association with each other. Specifically, the file names of email address “user1@xxx.com” and “UI sample.ppt”, and email addresses “user2@xxx.org” and “progress report.ppt” are stored in the database. It shows that.

  As a method for the conference room management apparatus 201 to acquire the file name and user name of the material stored in the database of FIG. 41, the one transmitted from the personal information management apparatus 222-1 is acquired as described above. In addition to the method, the personal information management device 222-1 encrypts the material and the user name with the public key of the material browsing device 211-1, and sends it to the material browsing device 211-1 (via the conference room management device 201). Then, the conference room management apparatus 201 adopts a method in which the material browsing device 211-1 receives the material decrypted with its own private key and the user name by receiving from the material browsing device 211-1. Also good.

  In the download display process of FIG. 40, the conference room management apparatus 201 selects one of the displays 212 to 214 to display the document image. However, when the user A operates the document browsing apparatus 211-1, It is also possible to specify which of the displays 212 to 214 displays the material image.

  42, display designation processing for designating which of the displays 212 to 214 will display the material image will be described with reference to the arrow chart of FIG.

  First, the user A designates one of the displays 212 to 214 on which the material is to be displayed by operating the material browsing device 211-1. Then, in step S1521, the material browsing device 211-1 transmits designation information and a material image representing the display designated by the user A among the displays 212 to 214 to the conference room management device 201.

  In step S1501, the conference room management apparatus 201 receives the designation information and the document image transmitted from the material browsing apparatus 211-1, and proceeds to step S1502 to display any of the displays (displays 212 to 214) indicated by the designation information. ) Is sent a document image.

  In the display to which the document image is transmitted from the conference room management apparatus 201 (any one of the displays 212 to 214), the document image is received in step S1481, displayed on the screen in step S1482, and the process is terminated. .

  By the way, the user B or C may want to display the material on the material browsing device 211-2 or 211-3 at the hand (seat) of the user B or C so that the material is easy to see. In such a case, in the electronic conference system of FIG. 27, the material image displayed on the displays 212 to 214 can be shared with the material browsing device 211-2 or 211-3.

  A process of sharing the material image displayed on the displays 212 to 214 with the material browsing device 211-2 (or 211-3) will be described with reference to the arrow chart of FIG.

  First, when the user B desires to view the material on the material browsing device 211-2 and performs the operation, the material browsing device 211-2 requests the sharing of the display of the material in step S1561 (hereinafter, referred to as the material browsing device 211-2). (Referred to as a display sharing request) is transmitted to the conference room management apparatus 201.

  In step S1541, the conference room management apparatus 201 receives a display sharing request from the material browsing apparatus 211-2, proceeds to step S1542, and transmits the same material image as that currently displayed on the displays 212 to 214. Is transmitted to the material browsing device 211-2.

  In step S1562, the document browsing apparatus 211-2 receives the image data of the document image transmitted from the conference room management apparatus 201, proceeds to step S1563, displays the image data of the document image on the screen, and performs processing. finish.

  Next, referring to FIG. 44, the user A becomes a presenter to display the document image on any of the displays 212 to 214, and further, the document image is shared by the document browsing apparatuses 211-1 to 211-3. A flow (outline) of document image sharing processing will be described.

  First, when the user A performs an operation of acquiring a material for presentation in the material browsing device 211-1, the material browsing device 211-1 is required for the conference in step S1601 with its own public key. A material transmission request for requesting transmission of the material is transmitted to the conference room management apparatus 201.

  In step S1602, the conference room management apparatus 201 transmits the public key of the material browsing apparatus 211-1 and the material transmission request transmitted from the material browsing apparatus 211-1 to the personal information management apparatus 222-1.

  In step S1603, the personal information management device 222-1 acquires the material requested by the material transmission request from the location where the material is stored (material storage URI), and uses the public key of the material browsing device 211-1. It is encrypted and transmitted to the conference room management apparatus 201.

  The conference room management apparatus 201 receives the material from the personal information management apparatus 222-1, and transmits it to the material browsing apparatus 211-1 in step S1604.

  In step S <b> 1605, the document browsing apparatus 211-1 receives the document from the conference room management apparatus 201, decrypts it with its own secret key, and reads and displays the decrypted document. Start up and display the document image on the screen.

  In step S1606, the material browsing device 211-1 transmits the material image (image data thereof) to the conference room management device 201.

  In step S1607, the conference room management apparatus 201 receives the material image from the material browsing device 211-1 and selects and displays one of the displays 212 to 214.

  In step S1608, the conference room management apparatus 201 transmits the document image (image data) displayed on the display (any one of the displays 212 to 214) to the document browsing apparatuses 211-2 and 211-3. Then, the process ends.

  The material browsing devices 211-2 and 211-3 receive and display the image data of the material image from the conference room management device 201. Thereby, the material of the user A of the material browsing device 211-1 can be shared by all of the user A, the user B of the material browsing device 211-2, and the user C of the material browsing device 211-3.

  Note that the document image can be displayed on any one of the displays 212 to 214, or can be displayed in a plurality.

  Next, details of the document image sharing process of FIG. 44 will be described with reference to the arrow chart of FIG.

  First, when the user A performs an operation of acquiring material for presentation in the material browsing device 211-1, the material browsing device 211-1 is necessary for the conference in step S1641 with its own public key. A material transmission request for requesting transmission of the material is transmitted to the conference room management apparatus 201.

  In step S1661, the conference room management apparatus 201 receives the public key and the material transmission request of the material browsing device 211-1 transmitted from the material browsing device 211-1, and proceeds to step S1662.

  In step S1662, the conference room management apparatus 201 transmits the public key and the material transmission request to the personal information management apparatus 222-1. That is, the conference room management apparatus 201 transmits the public key and material of the conference room management apparatus 201 to the personal information management apparatus 222-1 based on the URI of the personal information management apparatus 222-1 represented by the personal related information of the user DB 281. Send a request.

  In step S1681, the personal information management device 222-1 receives the public key and the material transmission request of the material browsing device 211-1 transmitted from the conference room management device 201, proceeds to step S1682, and stores it in the material storage URI. The stored requested material is encrypted with the public key of the material browsing device 211-1 and transmitted to the conference room management device 201.

  In step S1663, the conference room management apparatus 201 receives the material transmitted from the personal information management apparatus 222-1 in response to the material transmission request in step S1662, and proceeds to step S1664, and the material browsing apparatus 211- 1 to send.

  In step S1642, the material browsing device 211-1 receives the material from the conference room management device 201 and decrypts it with its own secret key. In step S1643, the material browsing device 211-1 activates an application that can read and display the material obtained by decoding and opens the material, thereby generating a material image, and the material browsing device. The material image is displayed on the screen 211-1.

  In step S1644, the document browsing device 211-1 transmits the document image (image data) displayed on the screen of the document browsing device 211-1 to the conference room management device 201.

  In step S1665, the conference room management apparatus 201 receives the material image transmitted from the material browsing device 211-1, proceeds to step S1666, selects any of the displays 212 to 214, and displays the selected display. Send and display the document image.

  When the user B (or C) who is listening to the announcement of the user A desires to view the material of the user A with the material browsing device 211-2 (or 211-3) at hand, the user B In 211-2, an operation for requesting the material screen of the user A is performed. Then, the material browsing device 211-2 transmits a request to share the display of the material to the conference room management device 201 in step S1701.

  In step S1667, the conference room management apparatus 201 receives the display sharing request from the material browsing apparatus 211-2, proceeds to step S1668, and displays it on the displays 212 to 214 (one or several of them). The selected document image (image data thereof) is selected, and the document image is transmitted to the document browsing apparatus 211-2.

  The material browsing device 211-2 receives and displays the material image (image data) transmitted from the conference room management device 201, and ends the processing.

  As described above, according to the document image sharing process, the image of the material used by the presenter in the conference can be shared with the conference participants in a secure state.

  In the document image sharing process, the presenter sends the image data of the document image to the conference room management apparatus 201 and the document browsing apparatus 211, so that the presenter can display the same screen as that displayed on the displays 212 to 214. Participants who are listening to the presentation can view the movement of the presenter's cursor and the like with the nearby document browsing apparatus 211 as well. Further, the participant can see the easy-to-see one of the display of the materials on the displays 212 to 214 and the display of the materials on the material browsing device 211.

  Further, since the user can access the material stored in his / her personal information management device 222 from the material browsing device 211, even if the material is unexpectedly required during the meeting, It can be quickly acquired from the information management device 222 and used for a conference. Furthermore, if this electronic conference system is also applied to a terminal that can communicate with the PK 221 installed outside the conference room and is connected to the network 215, the user suddenly meets an acquaintance at a location other than the conference. When it is desired to show the material to the acquaintance, it is possible to immediately display the material to the acquaintance using the terminal near the user.

  In addition, the user can check the material acquired from his / her personal information management device 222 before transmitting it to the conference room management device 201 (before displaying it on the displays 212 to 214). As a result, the user can search for materials and confirm the contents with peace of mind.

  When each presenter makes a presentation in order while sharing the document image as described above, and all the presenters have finished presentation, one of the participants who is the facilitator of the meeting, or if there is a moderator The moderator announces the end of the meeting.

  When the conference is over, leaving the data of the materials used in the conference in the conference room management device 201 and the material browsing device 211-1 used by an unspecified number of people (employees) There is a problem in terms of.

  Therefore, the conference end process shown in FIG. 46 is performed. In the embodiment of FIG. 46, it is assumed that there is no moderator of the conference and the user A performs the conference facilitator.

  In FIG. 46, first, the user A performs an operation to end the conference in the material browsing device 211-1, that is, to end the use of the material browsing device 211-1 and the conference room management device 201. In step S1761, the material browsing device 211-1 conferences the use end notification corresponding to the operation for ending the use of the material browsing device 211-1 and the conference room management device 201, and the material used by the user A in the conference. It transmits to the room management apparatus 201. The transmission of this material is performed as a precaution in consideration of the case where the user A changes (edits) the material during the meeting.

  In step S1741, the conference room management apparatus 201 receives the use end notice and the material from the material browsing device 211-1 and proceeds to step S1742, where the material is stored in the same material stored in step S1408 of FIG. And is transmitted to the personal information management device 222-1 of the user A who is the presenter of the conference. Similarly, for user B who is another presenter, the material of user B is overwritten (stored) and then transmitted to material browsing device 211-2.

  In step S1781, the personal information management apparatus 222-1 receives the material transmitted from the conference room management apparatus 201.

  In step S1743, the conference room management apparatus 201 assigns the personal information management apparatus 222- of the presenter who plans to distribute the materials (in this embodiment, it corresponds to the users A and B, but will be described as an example of the user A). 1, the names, e-mail addresses, the public key of the material browsing device 211, and the URI set of the personal information management device 222 (hereinafter referred to as a participant list) of all the participants in the conference are transmitted.

  In step S1782, the personal information management apparatus 222-1 receives the participant list from the conference room management apparatus 201.

  In step S1744, the conference room management apparatus 201 sets a name, an e-mail address, a public key of the material browsing apparatus 211, and a URI of the personal information management apparatus 222 (hereinafter referred to as a distributor list) only for the person who distributes the material. ) Is transmitted to the personal information management device 222-3 on the side that receives the materials of user A (corresponding to users B and C, but in FIG. 46, user C).

  In step S1801, the personal information management apparatus 222-3 receives the distributor list from the conference room management apparatus 201.

  In step S1745, the conference room management apparatus 201 deletes the materials of the presenters stored in the conference that it has stored.

  In step S1746, the conference room management apparatus 201 transmits a conference end notification indicating the end of the conference to the material browsing device 211-1.

  In step S1762, the material browsing device 211-1 receives the conference end notification from the conference room management device 201, proceeds to step S1763, cancels personalization (personal environment) of the user A (the environment is returned to the original state). Return) to end the process.

  As described above, after the conference is finished, the personal information management device 222-1 and the material browsing device 211-1, etc. exchange materials with secure communication, and also use the materials used in the conference and conference participation. Since the personal environment of the participant does not remain on the device, the confidentiality of the participant's information (materials) is protected. Note that the processing of FIG. 46 is applicable not only to the end of the conference but also to participants who leave the conference halfway.

  In addition, the above-described processing is performed for all participants (presenters) who participated in the conference. Therefore, the user B who is the other presenter and the materials he / she used in the conference are also included. List of users is sent.

  Each presenter later distributes (distributes) materials to the conference participants based on the participant list. In the case where the participant or moderator who is the facilitator of the conference collects the materials of the presenter and distributes them to the participants collectively, the conference room management apparatus 201, in step S1742 described above, The presenter list is not transmitted to the personal information management device 222 of each presenter, but is transmitted to the personal information management device 222 of the participant or moderator who is the facilitator of the conference.

  Next, with reference to FIG. 47, an outline of a material distribution process in which each presenter distributes materials to the conference participants will be described. In FIG. 47, the presenter is assumed to be user A.

  The processing in step S1821 or S1822 in FIG. 47 is the same as the processing in step S901 or S902 in FIG. 33, respectively. The processing in step S1823 or S1824 in FIG. 47 is the same as the processing in step S1743 or S1744 in FIG. This is the same process that is performed before the end of the conference.

  That is, in step S1821, the PK 221-1 obtains the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 as the material browsing device 211-1. Send to.

  In step S1822, the material browsing device 211-1 receives the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 from the PK 221-1. Receive and transmit to conference room management apparatus 201.

  In step S1823, the conference room management apparatus 201 transmits a participant list to the personal information management apparatus 222-1.

  On the other hand, in step S1824, the conference room management apparatus 201 transmits a distributor list to the personal information management apparatus 222-2 (same for 222-3) on the user A's material receiving side.

  Then, after the conference ends, the personal information management apparatus 222-1 of the user A refers to the participant list received in step S1823, and determines a distribution set determination process for determining which material to distribute to (see FIG. 47 to FIG. 47). (Described later in FIG. 49).

  When the distribution determination process ends, the personal information management apparatus 222-1 receives a material distribution preparation completion notification indicating that preparation for distributing the material is completed in step S <b> 1825 by the personal information management apparatus 222 described in the participant list. The URI is referred to and transmitted to the personal information management device 222-2.

  In step S1826, mutual authentication processing is performed between the personal information management device 222-1 that is the distributor's terminal and the personal information management device 222-2 that is the user B's terminal that receives the material.

  After the authentication processing in step S1826, the personal information management device 222-1 transmits (distributes) the material to the personal information management device 222-2 in step S1827, and ends the processing.

  With reference to FIGS. 48 to 50, a user interface (processing) of a distribution set determination process for determining which material to be distributed to the conference participants will be described. In the following description, it is assumed that the distributor is user A.

  FIG. 48 is a display example of a material distribution set creation screen window 401 for creating (determining) a material set distributed to participants by user A (hereinafter referred to as a material distribution set). Using the creation screen window 401, the user A can create different sets of materials for one or more participants.

  In the title bar 401A of the creation screen window 401 of the material distribution set, a title “meeting material 2003.11.10” including the date when the conference of the material distribution set created in the creation screen window 401 is held is displayed. .

  As shown in FIG. 48, the document distribution set creation screen window 401 is composed of a title area 411 and a distribution set creation area 412.

  The title area 411 displayed on the upper side of the document distribution set creation screen window 401 displays conference-related information such as the conference location held and the name of the conference (agenda) regarding the conference of the material to be distributed. . In FIG. 48, “XX Meeting Room Agenda: Project Progress Report” is displayed.

  In the distribution set creation area 412 displayed on the lower side of the title area 411, a new set button 421, a set delete button 422, an OK button 423, and a cancel button 424 are arranged on the upper side, and these buttons 421 to 424 are displayed. The lower area is divided into left and right, and a standard distribution set creation area 425 for creating a standard distribution set is arranged on the left side, and a special distribution set creation area 426 for creating a special distribution set is arranged on the right side. Here, the standard distribution set means a set of standard materials to be distributed to a large number of participants, and the special distribution set adds specific materials in addition to the standard distribution set. It means a set created by a combination of materials obtained by deleting specific materials from the standard distribution set. Therefore, when the same material is distributed to all participants, it is not necessary to create a special distribution set.

  First, the user A creates a standard distribution set in the standard distribution set creation area 425.

  The standard distribution set creation area 425 has a title of “standard distribution set-material list”, and a distribution material column 431 for inputting a material to be distributed is arranged below the “material name”.

  In the distribution material column 431, when the user A presses the add button 434, a space in which one material can be input is displayed (added) in the distribution material column 431. Then, the user A inputs the file name of the material in the input space. In FIG. 48, four materials (file names) “UI sample.ppt”, “reference material.mht”, “progress report 1.doc”, and “progress report 2.doc” have already been registered.

  In addition, a delete button 432 is displayed on the right side of the file name of each material in the distribution material column 431, and the material that has been registered (added) is deleted (registration is canceled). Can be done.

  In the distribution material column 431, for example, all materials used by the user A in the conference are initially displayed as initial settings.

  To create a set other than the standard distribution set, the user A can create a material distribution set in the special distribution set creation area 426 by pressing a new set button 421. Also, by pressing the set deletion button 422, the special distribution set that is the material distribution set created in the special distribution set creation area 426 can be deleted.

  In the set title input field 442 next to the radio button 441, the title of the special distribution set to be created is input by the user A. In FIG. 48, the title “distribution set 1-progress only” is input.

  In the distribution material column 443, as with the distribution material column 431, the user can input the file name of the material to be distributed as a “distribution set 1-progress only” material distribution set. In the distribution material column 443, the file name of the same material as the standard distribution set is displayed by default. In addition, a check box 444 is displayed on the right side of the file name of each material so that the necessity of distribution of the material with the file name can be determined. In FIG. 48, the white display of the check box 444 indicates that distribution is selected, and the black display of the check box 444 indicates that distribution is not selected.

  Also, by pressing the add button 445, a new material can be added in the same manner as the standard distribution set add button 434.

  User A performs a necessary input in the special distribution set creation area 426 to determine a new material distribution set, and presses an OK button 423 to determine the new material distribution set. Also, by pressing the cancel button 424, the user A can cancel the input contents of the special distribution set creation area 426 and return to the default display state.

  As described above, in the material distribution set creation screen window 401 of FIG. 48, one or more types of material distribution sets including one or more materials can be set.

  FIG. 49 shows a display example of the association screen window 461 for determining the correspondence between the material distribution set created in FIG. 48 and the conference participants (hereinafter also referred to as distribution destinations) distributing the material distribution set. Yes.

  The title “Meeting Material 2003.11.10” similar to the creation screen window 401 is displayed in the title bar 461A of the association screen window 461.

  As shown in FIG. 49, the association screen window 461 includes a title area 481, a distribution destination title column 482, and a distribution set selection column 483.

  The title area 481 has the same display as the title area 411 in FIG.

  In the distribution destination title field 482, a title for explaining the display in the distribution set selection field 483 is displayed. In the distribution destination title field 482 of FIG. 48, “name” is displayed in the location (upper) corresponding to the display of “section manager”, “Nakamura”, “Yamada”, “Saito”, “Yamamoto” in the distribution set selection field 483. Yes.

  In the distribution destination title column 482, “distribution set” is displayed in a location (upper side) corresponding to the display of “standard distribution set-material list” or “distribution set 1-progress only” in the distribution set selection column 483. ing.

  Further, in the distribution destination title column 482, “situation” is displayed at a location (upper side) corresponding to the “unacquired” display displaying the acquisition status of the distribution set user in the distribution set selection column 483. .

  In a distribution set selection field 483, which material distribution set is distributed can be set for each user who is a distribution destination by using a pull-down menu. The distribution destination is automatically displayed in the participant list, and a pull-down menu from which a material distribution set can be selected is displayed in the pull-down menu for all the standard distribution sets and special distribution sets created in the material distribution set creation screen window 401 in FIG. The title is displayed.

  In the distribution set selection field 483 of FIG. 49, the “standard distribution set-material list” (material distribution set of the title) is given to the users “Manager Tanaka”, “Nakamura”, and “Yamada”, and the users “Saito” and “Yamamoto” are given. “Distribution set 1—Progress only” (material distribution set titled) is set to be distributed.

  In the distribution set selection field 483, the acquisition status of each user is also displayed on the right side of the display of the title of the material distribution set. However, since distribution has not started yet at this point, any user is “not acquired”.

  As described above, in the association screen window 461 in FIG. 49, one or more types of material distribution sets created (set) in the material distribution set creation screen window 401 in FIG. It is possible to set which material distribution set is to be distributed.

  When the user A determines (confirms) the correspondence between the distribution destination and the material distribution set in the association screen window 461 of FIG. 49, the user A starts the distribution of the material distribution set by pressing a distribution start button 491. be able to. When the distribution start button 491 is pressed by the user A, the personal information management apparatus 222-1 sends the material distribution preparation completion notification described in FIG. 47 to the personal information management apparatus 222-2 (222-3) of the participant. Send.

  FIG. 50 shows a display example of the association screen window 461 after the distribution of the material distribution set is started according to FIG.

  That is, when the user A presses the distribution start button 491 in FIG. 49, the display of the association screen window 461 is switched from the one shown in FIGS. 49 to 50.

  In addition, in the distribution set selection field 483 of FIG. 49, the acquisition status of each user's material distribution set that is all “not acquired” is shown in FIG. 50 as “not acquired” or “ "Acquired" is displayed.

  In FIG. 50, it is displayed that the user specified by “Nakamura”, “Yamada”, and “Yamamoto” is “acquired”.

  In the distribution set confirmation field 513, the user A (distributor) can pause the distribution of the material by pressing the material distribution pause button 521.

  Further, the user A can end (cancel) the distribution of the material by pressing the material distribution end button 522. Further, the user A can end (cancel) the distribution of the material by pressing the material distribution end & material deletion button 523, and delete the contents set in the material distribution set creation screen window 401 of FIG. it can.

  As described above, in the association screen window 461, the acquisition status of the material distribution set of the user of the personal information management apparatus 222 that has transmitted the material distribution set can be confirmed.

  Next, the details of the material distribution process described with reference to FIG. 47 will be described with reference to the arrow chart of FIG.

  First, in step S1841, the PK 221-1 obtains the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 as the material browsing device 211-. 1 to send.

  In step S1861, the material browsing device 211-1 receives the public key of the personal information management device 222-1 of the user A from the PK 221-1, the mail address and name of the user A, and the URI of the personal information management device 222-1. In step S1862, the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 are transmitted to the conference room management device 201. .

  In step S1881, the conference room management apparatus 201 transmits the public key of the personal information management apparatus 222-1 of the user A, the mail address and name of the user A, and the personal information management apparatus transmitted from the material browsing apparatus 211-1. The URI 222-1 is received, and the process proceeds to step S1882, where it is registered (stored) in the user DB 281.

  In step S1883, the conference room management apparatus 201 transmits a participant list to the personal information management apparatus 222-1.

  In step S1901, the personal information management device 222-1 receives the participant list from the conference room management device 201.

  In step S1884, the conference room management apparatus 201 transmits the distributor list to the personal information management apparatus 222-2 (same as 222-3).

  In step S1921, the personal information management apparatus 222-2 receives the distributor list from the conference room management apparatus 201.

  The personal information management apparatus 222-1 determines a distribution destination and a material distribution set in accordance with the input of the user A to the material distribution set creation screen window 401 in FIG. 48 and the association screen window 461 in FIG. Start distributing the set.

  In step S1902, the personal information management apparatus 222-1 transmits a material distribution preparation completion notification indicating that preparation for distributing the material is completed to the personal information management apparatus 222-2.

  In step S1922, the personal information management apparatus 222-2 receives the material distribution preparation completion notification from the personal information management apparatus 222-1. In step S1923, the personal information management apparatus 222-2 communicates with the personal information management apparatus 222-1. The authentication process (spoofing prevention process) described in (1) is performed.

  In response to a request from the personal information management device 222-2, the personal information management device 222-1 also performs authentication processing (spoofing prevention processing) in step S1903.

  When the authentication process in step S1903 is completed, the personal information management apparatus 222-1 proceeds to step S1904, and in accordance with the settings made on the screens of FIGS. Distribution set).

  In step S1924, the personal information management apparatus 222-2 receives the material transmitted from the personal information management apparatus 222-1 and ends the process.

  According to the material distribution process described above, the distributor who is the presenter is a participant who is inappropriate for the distribution of the material, depending on the level of confidentiality of the organization to which the participant belongs (eg, different departments or people outside the company). It becomes easy to determine.

  As described above, according to the electronic conference system, materials used in the conference and images displaying the materials can be securely supplied among the participants.

  In the above-described example, as described with reference to FIG. 28, each of the PK 221-1 and the personal information management device 222-1 stores different information.

  However, as shown in FIG. 52, the PK 221-1 can also store information stored in the personal information management device 222-1.

  That is, in FIG. 52, the PK 221-1 includes personal information in addition to the user ID, the URI of the personal information management device 222-1, the mail address of the user A, and the public key of the personal information management device 222-1 of the user A. User A's user name (NAME), company organization (ORG), company position (STATUS), file that can be disclosed to others (SHARED), the same as those stored in the management device 222-1. FILES), user interface setting information (UI CUSTOMIZATION STRUCTURE), URI of the location where the material in the personal information management device 222-1 is stored, the private key of the personal information management device 222-1, and the personal information management device 222 -1 IP address and the like are also stored.

  Further, when the storage capacity of the PK 221-1 is sufficient, as shown in FIG. 53, all information is stored in the PK 221-1 without using the personal information management device 222-1. You can also. In this case, the personal information management device 222-1 is not necessary.

  As shown in FIG. 52, when the PK 221-1 stores a pair of the public key and the private key of the personal information management device 222-1, or as shown in FIG. 53, the PK 221-1 itself When the personal information management device 222-1 is also used and the public key and the private key are stored, the PK 221-1 uses the public key of the personal information management device 222-1 to manage the user or the conference room. Processing (authentication processing) for preventing impersonation of the apparatus 201 can be quickly performed.

  Therefore, referring to FIGS. 54 and 55, as shown in FIG. 53, when PK 221-1 itself is also used as personal information management apparatus 222-1 and stores its public key and private key. The first authentication process and the second and subsequent authentication processes corresponding to FIGS. 33 and 38 will be described.

  In FIG. 54, first, in step S1981, the PK 221-1 obtains the public key of the user A (also the personal information management device 222-1) the public key of the user A, the mail address and the name of the user A, and the material browsing device. To 211-1.

  In step S1982, the document browsing apparatus 211-1 receives the public key of the user A's PK 221-1 from the PK 221-1, the mail address and the name of the user A, and transmits them to the conference room management apparatus 201.

  In step S1983, the conference room management apparatus 201 stores the public key of the user A's PK 221-1 from the material browsing apparatus 211-1 and the mail address and name of the user A in the user DB 281 inside the conference room management apparatus 201. Remember (register). Thereby, the user DB 281 excluding the URI information in the user DB 281 of FIG. 34 is generated.

  In step S1983, the conference room management apparatus 201 encrypts its own service ID and public key with the public key of the received user A's PK 221-1 and passes through the material browsing apparatus 211-1 to PK 221- 1 to finish the process. Thereby, in the PK 221-1, a service DB 282 that stores a pair of a service ID (service name) and a public key for each service system, similar to that of the personal information management apparatus 222-1 described in FIG. Is created.

  In FIG. 55, first, in step S2001, the PK 221-1 transmits the mail address of the user A to the material browsing device 211-1.

  In step S2002, the material browsing device 211-1 receives the mail address of the user A from the PK 221-1 and transmits it to the conference room management device 201.

  In step S2003, the conference room management apparatus 201 determines whether or not the mail address of the user A from the material browsing device 211-1 is registered (stored) in the user DB 281; that is, the user A from the material browsing device 211-1. It is determined (compared) whether the e-mail address matches the e-mail address of the user A in the user DB 281.

The email address of the user A, when it is determined that coincides with the mail address of the user A of the user DB281, in step S2003, the conference room management unit 201 generates a challenge word W _201, the challenge word W ₂₀₁ It is encrypted with the public key of PK 221-1 and transmitted to the personal information management device 222-1 via the material browsing device 211-1.

In step S2004, the PK 221-1 receives and decrypts the challenge word W ₂₀₁ from the conference room management apparatus 201, and generates the challenge word W ₂₂₁ . In step S2004, the PK 221-1 encrypts the challenge word W ₂₀₁ obtained by decryption and the generated challenge word W ₂₂₁ with the public key of the conference room management apparatus 201 stored in the service DB 282. Then, the information is transmitted to the conference room management apparatus 201 via the material browsing apparatus 211-1.

In step S2005, the conference room management apparatus 201 receives and decrypts the challenge word W ₂₀₁ and the challenge word W ₂₂₁ from the PK 221-1 and decrypts the challenge word W ₂₀₁ obtained by decrypting the challenge word W ₂₀₁ and the challenge word W ₂₀₁ in step S2003. It is determined whether or not the generated challenge word W ₂₀₁ matches.

Then, the challenge word W ₂₀₁ from PK221-1, if itself is determined to a challenge word W ₂₀₁ generated match, at step S2005, the conference room management unit 201, receiving the notification and, obtained by decoding The challenge word W ₂₂₁ is encrypted with the public key of the PK 221-1 and transmitted to the PK 221-1 via the material browsing device 211-1.

PK221-1 in step S2006, receives and decodes the receiving notice the challenge word W ₂₂₁ from conference managing device 201, the challenge word W ₂₂₁ obtained by decoding, itself generated in step S2004 It determines whether or not to match the challenge word W _221.

If it is determined that the challenge word W ₂₂₁ obtained by decryption matches the challenge word W ₂₂₁ generated by itself, in step S2006, the PK 221-1 sends an acceptance notification to the material browsing device 211-1. To the conference room management apparatus 201.

  In step S2007, the conference room management apparatus 201 transmits an authentication completion notification indicating that the conference room management apparatus 201 and the PK 221-1 have been authenticated to the material browsing apparatus 211-1.

  In step S2008, the document browsing apparatus 211-1 transmits an authentication completion notification from the conference room management apparatus 201 to the PK 221-1 and the conference room management apparatus 201 and the personal information management apparatus 222-1 have been authenticated. Is displayed on the screen to inform the user A of the fact and the processing is terminated.

  As described above, in the authentication process when the PK 221-1 itself also serves as the personal information management device 222-1 and stores its public key and private key, the authentication with the PK 221-1 is performed by the personal information management device. This also becomes the authentication of 222-1, and a quick and reliable authentication process can be performed.

  54 and 55 can be similarly applied to the spoofing prevention process using the electronic mail described with reference to FIG.

  Next, another embodiment of the document image sharing process in which the document image of the user A (presenter) described above with reference to FIG. 44 is shared by the participant's document browsing apparatuses 211-1 to 211-3 will be described. .

  In FIG. 44, the material image (image data) generated by activating an application that can read and display the material in the material browsing device 211-1 of the user A who is the presenter is displayed in the conference room management device 201. Then, the conference room management device 201 transmits the material image (image data) received from the material browsing device 211-1 to the other material browsing devices 211-2 and 211-3, so that the user A ( The presenter's material image was shared by the material browsing devices 211-2 and 211-3 of each participant.

  However, for example, the material browsing device 211 may not be able to generate a material image due to hardware restrictions such as an application that requires a large memory capacity for activation cannot be installed.

  Therefore, an application that can read and display the document is installed in the conference room management apparatus 201, the conference room management apparatus 201 opens the document of the user A, generates a document image, and an image of the generated document image It is conceivable to transmit data to each of the material browsing devices 211-1 to 211-3.

  FIG. 56 shows that each of the material browsing devices 211-1 is transmitted by transmitting the image data of the material image to the material browsing devices 211-1 to 211-3 so that the conference room management device 201 opens the material. The flow (outline) of the document image sharing process for sharing the document image is shown in FIGS.

  In FIG. 56, first, when the user A performs an operation of displaying a material for presentation on the material browsing device 211-1, the material browsing device 211-1 displays the material necessary for the conference in step S2021. A material display request for requesting display is transmitted to the conference room management apparatus 201.

  In step S2022, the conference room management device 201 converts the material display request transmitted from the material browsing device 211-1 into a material transmission request, and together with the public key of the conference room management device 201, the personal information management device 222-1. Send to.

  In step S2023, the personal information management device 222-1 acquires the material requested by the material transmission request from the location (material storage URI) where the material is stored, and encrypts it with the public key of the conference room management device 201. And transmitted to the conference room management apparatus 201.

  The conference room management apparatus 201 receives the material from the personal information management apparatus 222-1, decrypts it with its own private key, and can read and display the decrypted material in step S2024. The application is activated to display the material image on any of the displays 212 to 214.

  In step S2025, the conference room management apparatus 201 transmits the material image (image data thereof) to the material browsing devices 211-1 to 211-3. Thereby, the material browsing apparatus 211-1 to 211-3 can see the material image which the user A announces.

  Details of the document image sharing process of FIG. 56 will be described with reference to the arrow chart of FIG.

  First, when the user A performs an operation of displaying materials for presentation on the material browsing device 211-1, the material browsing device 211-1 requests display of materials necessary for the conference in step S2051. A document display request is transmitted to the conference room management apparatus 201.

  In step S2071, the conference room management apparatus 201 receives the material display request transmitted from the material browsing device 211-1, and proceeds to step S2072.

  In step S2072, the conference room management apparatus 201 converts the material display request into a material transmission request, and transmits it to the personal information management apparatus 222-1 together with the public key of the conference room management apparatus 201. That is, the conference room management apparatus 201 transmits a material transmission request together with the public key of the conference room management apparatus 201 to the URI of the personal information management apparatus 222-1 represented by the personal related information of the user DB 281.

  In step S2101, the personal information management apparatus 222-1 receives the public key and material transmission request of the conference room management apparatus 201 transmitted from the conference room management apparatus 201, proceeds to step S2102, and stores it in the material storage URI. The requested material is encrypted with the public key of the conference room management apparatus 201 and transmitted to the conference room management apparatus 201.

  In step S2073, the conference room management apparatus 201 receives the material transmitted from the personal information management apparatus 222-1, in response to the material transmission request in step S2072, and decrypts it with its own secret key.

  In step S2074, the conference room management apparatus 201 activates an application that can read and display the material obtained by decoding and opens the material, thereby displaying the image (image data) of the material. Generate.

  In step S2075, the conference room management apparatus 201 selects one of the displays 212 to 214, transmits (outputs) the document image to the selected display, and displays the image of the document opened by the application.

  In step S2076, the conference room management apparatus 201 transmits the same document image (image data) displayed on the selected displays 212 to 214 to the document browsing apparatus 211-1. In step S2052, the material browsing device 211-1 receives the material image (image data) from the conference room management device 201 and displays it on the screen.

  In step S2077, the conference room management apparatus 201 transmits the material image (image data thereof) to the material browsing device 211-2 (211-3). In step S2121, the material browsing device 211-2 receives the material image (image data) from the conference room management device 201, displays it on the screen, and ends the process.

  Note that the conference room management apparatus 201 may perform the processes of steps S2076 and S2077 described above (multicast the material image to the material browsing devices 211-1 to 211-3).

  In addition, as described with reference to FIG. 45, the conference room management apparatus 201 displays the material image only when a display sharing request is transmitted to the material browsing devices 211-2 or 211-3 other than the presenter (user A). It can also be transmitted.

  In the document image sharing process of FIG. 57, as in the document image sharing process of FIG. 45, the document image (image data thereof) is transferred from the document browsing apparatus 211-1 via the conference room management apparatus 201 to the document browsing apparatus 211-2. And the image data are transmitted directly from the conference room management device 201 to the material browsing devices 211-1 to 211-3, due to the delay of the material image transmission between the devices. Screen display delay is improved.

  Next, still another embodiment of the document image sharing process for sharing the document image will be described. In the following document image sharing process, when an application that can open a document does not exist in either the conference room management apparatus 201 or the document browsing apparatus 211, the document is displayed using the application installed in the user terminal 241 of the user. Open and share document images.

  FIG. 58 shows a flow of a document image sharing process in which a document image opened by an application in the user terminal device 241 of the user is shared by the conference room management device 201 and the document browsing devices 211-1 to 211-3 ( Overview).

  In FIG. 58, first, when the user A performs an operation of displaying a material for presentation on the material browsing device 211-1, the material browsing device 211-1 displays a material necessary for the conference in step S2151. A material display request for requesting display is transmitted to the conference room management apparatus 201.

  In step S2152, the conference room management apparatus 201 transmits the material display request transmitted from the material browsing device 211-1 to the user terminal device 241-1 of the user A.

  In step S2153, the user terminal device 241-1 converts the material display request transmitted from the conference room management device 201 into a material transmission request, and together with the public key of the user terminal device 241-1, the personal information management device. To 222-1.

  The personal information management device 222-1 acquires the material requested by the user terminal device 241-1 from the location (material storage URI) where the material is stored, and in step S 2154, the user terminal device 241- 1 is encrypted with the public key 1 and transmitted to the user terminal device 241-1.

  In step S2155, the user terminal device 241-1 receives the material from the personal information management device 222-1, decrypts it with its own private key, and reads and displays the material obtained by the decryption. Start an application that can be used and display it on your screen. Here, the same screen as the screen displayed by the user terminal device 241-1 is displayed (shared) on the screen of the material browsing device 211-1, which is another terminal different from the user terminal device 241-1. With the screen sharing (remote) function that allows the user to operate the user terminal device 241-1 on the browsing device 211-1, the user A can use the user terminal device 241-1 from the material browsing device 211-1. You can start the application installed on the computer and open the document.

  In step S2156, the user terminal device 241-1 transmits a material image (image data) of the material opened by the application to the conference room management device 201.

  The conference room management apparatus 201 receives the material image (image data) received from the user terminal device 241-1, and selects and displays one of the displays 212 to 214 in step S2157.

  In step S2158, the conference room management apparatus 201 transmits the material image (image data thereof) to the material browsing devices 211-1 to 211-3, and ends the process. Thereby, the material browsing apparatus 211-1 to 211-3 can see the material image which the user A announces.

  Details of the document image sharing process of FIG. 58 will be described with reference to the arrow chart of FIG.

  First, when the user A performs an operation of displaying materials for presentation on the material browsing device 211-1, the material browsing device 211-1 requests display of materials necessary for the conference in step S2181. A document display request is transmitted to the conference room management apparatus 201.

  In step S2201, the conference room management apparatus 201 receives the material display request transmitted from the material browsing device 211-1, proceeds to step S2202, and sends the material display request to the user terminal device 241-1 of the user A. Send.

  In step S2261, the user terminal apparatus 241-1 receives the material display request transmitted from the conference room management apparatus 201, and proceeds to step S2262.

  In step S2262, the user terminal device 241-1 converts the material display request into a material transmission request, and transmits the material transmission request to the personal information management device 222-1 together with the public key of the user terminal device 241-1. .

  In step S2221, the personal information managing device 222-1 receives the public key and the material transmission request of the user terminal device 241-1 transmitted from the user terminal device 241-1, and proceeds to step S2222. The requested material stored in the storage URI is encrypted with the public key of the user terminal device 241-1 and transmitted to the user terminal device 241-1.

  In step S2263, the user terminal apparatus 241-1 receives the material from the personal information management apparatus 222-1, and decrypts it with its own secret key.

  In step S2264, the user terminal device 241-1 activates an application that can read and display the material obtained by decryption, opens the material, and displays the material on its screen.

  Then, the process proceeds from step S2264 to step S2265, and the user terminal device 241-1 transmits a material image (image data) of the material opened by the application to the conference room management device 201.

  In step S2203, the conference room management apparatus 201 receives the material image (image data) from the user terminal device 241-1, proceeds to step S2204, selects one of the displays 212 to 214, and selects the selected image. The display 212 to 214 displays the material image received from the user terminal device 241-1.

  In step S2205, the conference room management apparatus 201 transmits the same document image (image data) displayed on the displays 212 to 214 to the document browsing apparatus 211-1. In step S2182, the document browsing apparatus 211-1 receives the document image (image data) from the conference room management apparatus 201 and displays it on the screen.

  In step S2206, the conference room management apparatus 201 transmits the same document image (image data) displayed on the displays 212 to 214 to the document browsing apparatus 211-2 (211-3). In step S2241, the material browsing device 211-2 receives the material image (image data) from the conference room management device 201, displays it on the screen, and ends the process.

  According to the above processing, as described above, an application that can open a material in the conference room management device 201 and the material browsing devices 211-1 to 211-3 is not necessary, and the conference room management is temporarily performed. It is possible to eliminate the necessity of storing the material (data) in the device 201 and the material browsing devices 211-1 to 211-3.

  Next, another embodiment of the material distribution process for distributing materials to all the participants in the conference will be described.

  In the material distribution process described with reference to FIG. 47, each presenter who distributes materials in a meeting distributes materials individually to participants. In the material distribution process described next, for example, Participants and presenters who are facilitators of the meeting collect the presenter's materials and distribute them to the participants. In the following, it is assumed that user A is a material collector and distributor.

  With reference to FIG. 60, an outline of a material distribution process in which user A collects materials of each presenter in a conference and distributes the materials to all participants will be described. In FIG. 60, the personal information management device 222 that receives (distributes) the conference material is the personal information management device 222-2 of the user B. However, the user B may be another presenter among the participants. is there.

  Steps S2301 to S2304 in FIG. 60 are the same as steps S1821 to S1824 in FIG.

  In step S2304, the user B's personal information management device 222-2 is notified of the distributor list (in this case, the name and email address of only the user A, the public key of the material browsing device 211, and the personal information management device 222- 1 URI set) is sent.

  The user B looks at the distributor list and performs an operation of transmitting his / her material to the personal information management device 222-1 of the user A who is a material organizer.

  In response to the operation, the personal information managing device 222-2 transmits the material (distributed material) of the user B to the personal information managing device 222-1 in step S2305.

  When the collection of the materials for each presenter is completed, the personal information management apparatus 222-1 sends a material distribution preparation completion notification indicating that preparation for distributing the materials is completed in step S2306 to the personal information described in the participant list. The URI of the management apparatus 222 is referred to and transmitted to the personal information management apparatus 222-2 of the user B.

  In step S2307, mutual authentication processing is performed between the personal information management device 222-1 that is the distributor's terminal and the personal information management device 222-2 that is the user B's terminal that receives the material.

  After the authentication process in step S2307, the personal information management apparatus 222-1 transmits (distributes) the material to the personal information management apparatus 222-2 in step S2308, and ends the process.

  Next, referring to FIGS. 61 to 63, in the material distribution process of FIG. 60, the distribution set determination process user interface (process) in which the distributor determines to whom of the meeting participants the distribution material is distributed. ) Will be described. 61 to 63, portions corresponding to those in FIGS. 48 to 50 are denoted by the same reference numerals, and description thereof is omitted as appropriate.

  FIG. 61 is a display example of a material distribution set creation screen window 401 for creating (determining) a material set (material distribution set) to be distributed by user A to participants.

  In FIG. 61, the OK button 423 and the cancel button 424 for the special distribution set are arranged in the special distribution set creation area 426 instead of right next to the set deletion button 422.

  In the distribution material column 431 of the standard distribution set creation area 425, the displayed material (the file name) is the material from which the material has been transmitted, that is, which presenter's material, The name of the presenter is displayed to the left of the file name of the material.

  The delete button 432 displayed on the right side of the file name of the material in the distribution material column 431 is displayed only for the material added by the user A (distributor) other than the material transmitted from each presenter. Thus, materials sent from other users for distribution cannot be deleted. According to FIG. 61, the name of the distributor (user A) is specified as Yamamoto.

  Similarly, in the special distribution set creation area 426, the displayed material is the material from which the displayed material is displayed on the left side of the file name of the material in the distribution material column 443, that is, the presenter's material. As you can see, the name of the presenter is displayed.

  FIG. 62 shows a display example of the association screen window 461 for determining the correspondence between the material distribution set created in FIG. 61 and the conference participants (distribution destinations) who distribute the material distribution set.

  In the association screen window 461 in FIG. 62, portions corresponding to those in the association screen window 461 described in FIG. 49 are denoted by the same reference numerals, and description thereof is omitted. That is, the association screen window 461 in FIG. 62 is the same screen window as the association screen window 461 described in FIG. 49, and the user interface is the same user interface as the user interface described in FIG.

  However, in FIG. 62, “no distribution” indicating that the material distribution set is not distributed is selected (designated) for “Nakamura”. Therefore, “No distribution” is also displayed for the acquisition status of the material distribution set for “Nakamura”.

  FIG. 63 shows a display example of the association screen window 461 after the distribution of the material distribution set is started according to FIG.

  In the association screen window 461 in FIG. 63, portions corresponding to those in the association screen window 461 described in FIG. 50 are denoted by the same reference numerals, and description thereof is omitted. That is, the association screen window 461 in FIG. 63 is the same screen window as the association screen window 461 described in FIG. 50, and the user interface is the same user interface as the user interface described in FIG.

  However, in FIG. 63, as in FIG. 62, “No distribution” indicating that the material distribution set is not distributed is selected (designated) for “Nakamura”. Therefore, “No distribution” is also displayed for the acquisition status of the material distribution set for “Nakamura”.

  Details of the material distribution process described with reference to FIG. 60 will be described with reference to the arrow chart of FIG.

  First, in step S2321, the PK 221-1 obtains the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 as the material browsing device 211-. 1 to send.

  In step S2341, the material browsing device 211-1 receives the public key of the personal information management device 222-1 of the user A from the PK 221-1, the mail address and name of the user A, and the URI of the personal information management device 222-1. In step S2342, the public key of the personal information management device 222-1 of the user A, the mail address and name of the user A, and the URI of the personal information management device 222-1 are transmitted to the conference room management device 201. To do.

  In step S2361, the conference room management apparatus 201 transmits the public key of the personal information management apparatus 222-1 of the user A, the mail address and name of the user A, and the personal information management apparatus transmitted from the material browsing apparatus 211-1. The URI 222-1 is received, the process proceeds to step S2362, and is registered (stored) in the user DB 281.

  In step S 2363, the conference room management apparatus 201 transmits a participant list to the personal information management apparatus 222-1.

  In step S2381, the personal information management apparatus 222-1 receives the participant list from the conference room management apparatus 201.

  In step S2364, the conference room management apparatus 201 transmits the distributor list to the personal information management apparatus 222-2 (same for 222-3).

  In step S2401, the personal information management device 222-2 receives the distributor list from the conference room management device 201.

  Since user B has received the distributor list in personal information management apparatus 222-2, user B performs an operation of transmitting his / her material to personal information management apparatus 222-1 of the distributor (user A).

  In response to the operation, personal information management apparatus 222-2 transmits user B's material to personal information management apparatus 222-1 in step S2402.

  In step S2382, the personal information management apparatus 222-1 receives the material from the personal information management apparatus 222-2. If there are other presenters, in step S2382, the personal information managing apparatus 222-1 receives the materials of all presenters.

  The personal information management apparatus 222-1 determines the distribution destination and the material distribution set in accordance with the input of the user A to the material distribution set creation screen window 401 in FIG. 61 and the association screen window 461 in FIG. 62, and material distribution Start distributing the set.

  In step S2383, the personal information management apparatus 222-1 transmits a material distribution preparation completion notification indicating that preparation for distributing the material is completed to the personal information management apparatus 222-2.

  In step S2403, the personal information management apparatus 222-2 receives the material distribution preparation completion notification from the personal information management apparatus 222-1 and proceeds to step S2404. The authentication process (spoofing prevention process) described in the above is performed.

  In response to a request from the personal information management device 222-2, the personal information management device 222-1 also performs authentication processing (spoofing prevention processing) in step S2384.

  When the authentication process in step S2384 ends, the personal information management apparatus 222-1 proceeds to step S2385, and in accordance with the settings made on the screens of FIG. 61 and FIG. Distribution set). Therefore, the material (set of distribution material) transmitted here is the material of all the presenters including the user A's material.

  In step S2405, the personal information management device 222-2 receives the material (a set of distribution materials) transmitted from the personal information management device 222-1 and ends the processing.

  According to the material distribution process described above, the distributor who collected the material is a participant who is inappropriate for the distribution of the material, depending on the level of confidentiality of the organization to which the participant belongs (for example, the difference in department or people outside the company). Can be managed in a centralized manner, and it is easy to decide whether or not to distribute.

  As described above, according to the electronic conference system of FIG. 27, materials used in the conference and images displaying the materials can be securely supplied between the participants.

  In addition, according to the electronic conference system of FIG. 27, the user does not need to carry the conference material simply by carrying the PK 221, and no document remains in the place where the conference is held. The confidentiality of the material is maintained.

  In the electronic conference system of FIG. 27, the conference room management device 201, the material browsing device 211, the personal information management device 222, and the user terminal device 241 are connected via the network 215. This is an electronic conference system in which users who are physically separated can also participate. Therefore, even if the participant is at a distant location, the presenter's material image can be viewed (shared) by the device at hand, and a sense of presence in the conference can be obtained.

  Furthermore, since the function required for the PK 221 in the electronic conference system of FIG. 27 is only required to be able to store personal-related information and to communicate, for example, the function of the PK 221 described above on an ID card of a company employee ID card or the like. Can be provided.

  In this specification, the steps described in the arrow chart are executed in parallel or individually even if they are not necessarily processed in time series, as well as processes performed in time series in the described order. It also includes the processing.

  Further, in this specification, the system represents the entire apparatus constituted by a plurality of apparatuses.

It is a figure which shows the relationship between distance and electric field strength. It is a figure which shows the relationship between a frequency and an intensity | strength boundary distance. It is a figure which shows the range in which a quasi-electrostatic field is formed. It is a figure which shows the relationship between distance and electric field strength. It is a figure which shows the relationship between distance and electric field strength. It is a figure for demonstrating the relationship between a receiving state and distance. It is a figure which shows the structural example of a PK system. It is a block diagram which shows the hardware structural example of PK22. 3 is a block diagram illustrating a hardware configuration example of pBase23. FIG. It is a figure which shows the memory content of the memory | storage part 38 of PK22. It is an arrow chart which shows the process performed when registering the service ID corresponding to the new service system 24 in PK22. It is an arrow chart explaining the spoofing prevention process using the authentication by secret words. It is an arrow chart explaining the spoofing prevention process using the authentication by a public key system. It is a flowchart explaining a service ID registration process. It is a flowchart explaining a service ID matching process. It is a figure explaining exchange of PMD by PK22, pBase23, and the service system 24. FIG. It is an arrow chart explaining the process performed between pBase23 and the service system 24. FIG. It is an arrow chart explaining the process performed between pBase23 and the service system 24. FIG. It is a figure which shows the example of the content of PMD. It is a figure which shows the example of the content of PMD. It is a figure which shows the example of the content of PMD. It is a flowchart explaining a PMD update process. It is a figure which shows the structural example of the PK system which personalizes information equipment. It is a flowchart explaining a personalization process. 10 is an arrow chart for explaining PMD synchronization processing performed between PK22 and pBase23. It is a flowchart explaining a PMD synchronous process. It is a figure which shows the structural example of one Embodiment of the electronic conference system to which this invention is applied. 2 is a diagram illustrating a configuration example of a device related to a user A. FIG. 10 is a diagram for explaining processing of the apparatus related to user A. It is an arrow chart explaining the process which PK2211-1 personalizes the material browsing apparatus 211-1. It is an arrow chart explaining the spoofing prevention process when communicating for the first time between the meeting room management apparatus 201 and the material browsing apparatus 211-1. It is the arrow chart explaining the spoofing prevention process when communicating between the conference room management apparatus 201 and the material browsing apparatus 211-1 after the 2nd time. It is a figure explaining the spoofing prevention process at the time of communicating for the first time between the meeting room management apparatus 201 and the personal information management apparatus 222-1. It is a figure which shows the example of data of user DB281 memorize | stored inside the conference room management apparatus 201. FIG. It is a figure which shows the example of data of service DB282 memorize | stored inside the personal information management apparatus 222-1. It is an arrow chart explaining the first spoofing prevention process between the meeting room management apparatus 201 and the personal information management apparatus 222-1. It is a figure explaining the spoofing prevention process using an email. It is a figure explaining the spoofing prevention process at the time of communicating after the 2nd time between the meeting room management apparatus 201 and the personal information management apparatus 222-1. It is the arrow chart explaining the spoofing prevention process after the 2nd time between the meeting room management apparatus 201 and the personal information management apparatus 222-1. It is an arrow chart explaining a download display process. It is a figure which shows the example of the database in the meeting room management apparatus 201 which memorize | stores the file name of a material, and the user who requested | required the material. It is an arrow chart explaining the display designation | designated process which designates which display displays a material image. It is an arrow chart explaining the process which shares a material image with the display 212 thru | or 214 and the material browsing apparatus 211-1. It is a figure explaining the outline | summary of the document image sharing process which shares a document image. 45 is an arrow chart for explaining details of the document image sharing process of FIG. 44. It is an arrow chart explaining the completion | finish process of a meeting. It is a figure explaining the outline | summary of the distribution process of a document. It is a figure which shows the example of a display of the creation screen window 401 of a document distribution set. It is a figure which shows the example of a display of the matching screen window 461. It is a figure which shows the example of a display of the matching screen window 461. 48 is an arrow chart for explaining the details of the material distribution process of FIG. 47; 2 is a diagram illustrating a configuration example of a device related to a user A. 2 is a diagram illustrating a configuration example of a device related to a user A. It is a figure explaining the spoofing prevention process at the time of communicating for the first time between the meeting room management apparatus 201 and PK221-1. It is a figure explaining the spoofing prevention process when communicating between the conference room management apparatus 201 and PK2211-1 after the 2nd time. It is a figure explaining the outline | summary of a document image sharing process. 57 is an arrow chart for explaining details of the document image sharing process of FIG. 56. It is a figure explaining the outline | summary of a document image sharing process. 59 is an arrow chart for explaining details of the document image sharing process of FIG. 58. It is a figure explaining the outline | summary of the distribution process of a document. It is a figure which shows the example of a display of the creation screen window 401 of a document distribution set. It is a figure which shows the example of a display of the matching screen window 461. It is a figure which shows the example of a display of the matching screen window 461. 61 is an arrow chart for explaining details of the material distribution process of FIG. 60.

Explanation of symbols

  21 network, 22 PK, 23 pBase, 24 service system, 201 conference room management device, 211-1 to 211-3 data browsing device, 212 projector, 213 main display, 214 sub-display, 215-1 network, 215-2 network , 211-1 to 211-3 material browsing device, 221-1 to 221-3 PK, 222-1 to 222-3 personal information management device, 241-1 to 241-3 user terminal device, 281 user DB, 282 Service DB

Claims (7)

In an information processing system including a first and a second information processing apparatus,
The first information processing apparatus includes:
Material storage means for storing one or more materials;
A material set setting means for setting one or more material sets composed of one or more of the materials;
Distribution setting means for setting which material set of one or more kinds of material sets set by the material set setting means is distributed to a user having the second information processing apparatus;
Transmission means for transmitting the material set to the second information processing apparatus according to the setting by the distribution setting means,
The second information processing apparatus
An information processing system comprising: a receiving unit that receives the material set transmitted by the transmitting unit. In an information processing device that communicates with other devices,
Material storage means for storing one or more materials;
A material set setting means for setting one or more material sets composed of one or more of the materials;
Distribution setting means for setting which material set of one or more types of material sets set by the material set setting means is distributed to a user having the other device;
An information processing apparatus comprising: a transmission unit that transmits the material set to the other device according to the setting by the distribution setting unit. An authentication unit for performing authentication with the other device;
The information processing apparatus according to claim 2, wherein the transmission unit transmits the material set to the other apparatus when the authentication is successful. Receiving means for receiving other users' materials from other devices;
The information processing apparatus according to claim 2, wherein the transmission unit transmits the material set including the material of the other user to the other device. The information processing apparatus according to claim 2, further comprising an acquisition state confirmation unit that confirms an acquisition state of the material set of a user of the other apparatus that has transmitted the material set by the transmission unit. In an information processing method of an information processing apparatus that communicates with another apparatus,
A storage step of storing one or more materials in the material storage means;
A material set setting step for setting one or more material sets composed of one or more of the materials;
A distribution setting step for setting which material set of one or more types of material sets set by the processing of the material set setting step to a user having the other device;
And a transmission step of transmitting the material set to the other device according to the setting by the processing of the distribution setting step. In a program that is executed by a computer that communicates with another device,
A storage step of storing one or more materials in the material storage means;
A material set setting step for setting one or more material sets composed of one or more of the materials;
A distribution setting step for setting which material set of one or more types of material sets set by the processing of the material set setting step to a user having the other device;
A program for causing a computer to execute a process including a transmitting step of transmitting the material set to the other device according to the setting by the process of the distribution setting step.

Images