JP2006209597A - Access controller and access control method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an access controller and an access control method capable of controlling various access to data. <P>SOLUTION: In this access controller, a portable terminal 100 is provided with a connection detection part 121 detecting connection to another portable terminal and release of the connection, a connection ID acquisition part 122 acquiring apparatus ID of all of the currently connected portable terminals and storing the acquired apparatus ID in a PAN current state list, and a condition setting part 123 setting a condition, by which it is determined whether another portable terminal of the apparatus ID in the PAN current state list is connected or not, as an access condition to a PAN history header for the data. The access controller is also provided with an access condition acquisition part 124 acquiring the access condition from the PAN history header for the data, an access propriety determination part 125 determining propriety of access to image data based on the PAN current state list 108 and the access condition, and an access control part 126 controlling access to the data based on the determination result by the access propriety determination part 125. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an access control device that controls access to data on a computer, and more particularly to access to data in a device that accesses data via a network.

  Conventionally, in an access control system for granting access authority to one or more users for a certain data, in order to improve the security of the data, the object to be granted access authority to view the data is created.・ Allows only users who participated in browsing.

  In such an access control system, as long as the user has access rights, whether or not other users are participating in the system (network) and whether or not other users are accessing data. Regardless, you can access and view your data at any time within the scope of your access rights.

Further, as a method for granting such access authority, a recording / reproducing system has been proposed in which information on conference participants is registered so that recorded data can be referred to only by the participants registered in the information. (For example, refer to Patent Document 1).
JP 2002-251393 A

  However, in the conventional access control system, data can be freely accessed at any time within the range of access conditions permitted by each user. However, when a user views the data, all the access authority holders can access the data. There are also data that are preferably accessed.

  For example, in the case of data that is jointly produced by a plurality of users, it is more efficient to change the data while consulting between the users than to change the data by each user without permission. In the case of such data, in the past, when a user who previously accessed the data browsed and edited the data first, and the user who accessed later challenged the edited result, the data change was temporarily performed. It needs to be restored and is inefficient.

  Accordingly, the present invention has been made in view of the above circumstances, and an object thereof is to provide an access control apparatus and an access control method capable of performing various access controls on data.

  In order to achieve the above object, an access control device according to the present invention is an access control device that controls access to data, and is currently connected to connection detection means for detecting connection and disconnection with another device. An access condition for acquiring an access condition to the data, including a connection identifier acquiring means for acquiring an identifier for identifying all the other apparatuses being connected, and a condition regarding whether or not the other apparatus is connected An access permission determination unit that determines whether to access the data based on an acquisition unit, all the identifiers acquired by the connection identifier acquisition unit, and the access condition acquired by the access condition acquisition unit; And an access control means for controlling access to the data based on the determination result of the access permission / inhibition determining means. And wherein the door.

  As a result, for example, if another device set in the access condition is currently connected, various access control to the data can be performed, such as permitting access to the data.

  The access control device further includes an access request accepting unit that accepts an access request to predetermined data. When the access request is accepted by the access request accepting unit, the connection identifier obtaining unit An identifier for identifying all the other connected devices is acquired, the access condition acquisition unit acquires an access condition for the predetermined data, and the access permission determination unit acquires the connection identifier. Whether to access the predetermined data may be determined based on all the identifiers acquired by the means and the access conditions acquired by the access condition acquisition means.

  As a result, when an access request to predetermined data is received, it is possible to determine whether access is possible and control access to the predetermined data.

  The access condition acquisition unit acquires, as an access condition to the data, that another device specified by a predetermined identifier is connected, and the access permission determination unit includes the connection identifier acquisition unit. Even if all the predetermined identifiers of the access conditions acquired by the access condition acquisition means are included in all of the acquired identifiers, it may be determined that access to the data is permitted Good.

  Thus, for example, in the case of data that has been jointly produced by a plurality of users, when a user tries to access the data, all other access right holders need to request access to the image data. is there. Therefore, when a user can access data, all the access right holders inevitably have access to the data. Therefore, the editing contents of a certain user can be immediately recognized by other users, and it can be expected that there will be no inefficient work such as temporarily restoring data editing later.

  The access control apparatus may further include an access condition setting unit that sets a condition regarding whether or not another apparatus specified by a predetermined identifier is connected as an access condition to the data.

  Further, the data is image data, and the access control device further includes a subject identifier acquisition unit that acquires a subject included in the image data and an identifier corresponding to the subject, and the access condition setting unit includes: All the identifiers acquired by the subject identifier acquisition means may be set as the predetermined identifier.

  As a result, it is possible to set an access condition such as permitting access if all of the subject devices included in the image data are currently connected, for example.

  The present invention can be realized not only as such an access control apparatus, but also as an access control method using characteristic means provided in such an access control apparatus as a step, or by performing these steps as a computer. It can also be realized as a program to be executed. Needless to say, such a program can be distributed via a recording medium such as a CD-ROM or a transmission medium such as the Internet.

  According to the access control device and the access control method according to the present invention, various access controls for data can be performed such as permitting access to data if, for example, another device set as an access condition is currently connected. It can be carried out.

  Hereinafter, embodiments according to the present invention will be described in detail with reference to the drawings. In the following embodiments, the present invention will be described with reference to the drawings, but the present invention is not intended to be limited to these.

(Embodiment 1)
FIG. 1 is a schematic diagram showing an example of how a mobile terminal that is an access control apparatus according to Embodiment 1 of the present invention is used.

  In the present embodiment, a case will be described as an example in which a plurality of portable terminals 100 having the same function are connected to a network and each of the plurality of portable terminals 100 exchanges or shares image data as shown in FIG. . In particular, a personal area network (PAN) that means a network within a short distance will be described here. Note that the number of mobile terminals connected to the network may be two or more.

  The definition of PAN is generally a network having an ad hoc connection form in wireless communication using electromagnetic waves. Wireless communication generally has a communicable area limited to a range where electromagnetic waves reach. In particular, IEEE802.11b, Bluetooth, and infrared communication, which are standards for wireless stations that do not require a radio license, limit the intensity of electromagnetic waves to be transmitted. Therefore, it is impossible to communicate with a partner who is many kilometers away from which electromagnetic waves do not reach. As a result, the parties that can communicate in the PAN are limited to those that are close in distance. In addition, a PAN generally has an ad hoc connection form in which nearby terminals temporarily establish communication paths rather than a fixed communication path typified by connection to the Internet.

  As a method of limiting the connection partner to terminals within a close range, in addition to the above-mentioned method of limiting by electromagnetic wave arrival distance, the positional relationship between the connection partner and oneself can be determined using GPS (Global Positioning System). There is also a way to grasp and limit. In addition to GPS, the method of grasping the positional relationship is a method of determining a close range when the terminals come into contact with each other, or a method of determining whether the range is close by exchanging a limited range such as voice There is also. It is also possible to limit the connection partner to a nearby location by limiting the physical communication path to a specific object such as a human body.

  FIG. 2 is a block diagram showing a hardware configuration of the mobile terminal that is the access control apparatus according to Embodiment 1 of the present invention.

  The portable terminal 100 is a device that controls access to data such as image data, and includes a memory 101 such as a heart disk drive (HDD) or a flash ROM that stores image data, setting information, and operation programs, and an image. IEEE802, which is a network interface for connecting to other devices and transmitting / receiving data such as image data, etc., a liquid crystal display (LCD) 102 for displaying an image, a touch panel 103 for a user to input an instruction to a portable terminal, and other devices Software that manages the wireless LAN module 104 based on standards such as .11b and each component of the mobile terminal 100, sets access conditions for the data, checks various data, and determines whether access is possible And a CPU 105 that actually performs processing and an ID unique to this machine And that device ID 107, and a current the camera and detects whether there are other mobile terminals which are stretched PAN, acquires information of another mobile terminal which has detected connection destination detection module 106..

  Note that the memory 101 may separately secure an area for sharing image data and an area used for other purposes.

  FIG. 3 is a block diagram showing a functional configuration of the mobile terminal which is the access control apparatus according to Embodiment 1 of the present invention.

  As shown in FIG. 3, the mobile terminal 100 includes a connection detection unit 121, a connection ID acquisition unit 122, a condition setting unit 123, an access condition acquisition unit 124, an access permission determination unit 125, an access control unit 126, a data storage unit 127, a display Unit 128 and an input receiving unit 129.

  The connection detection unit 121 detects connection and disconnection with another mobile terminal. Specifically, it is realized by the wireless LAN module 104, the connection partner detection module 106, or the like. The connection ID acquisition unit 122 acquires device IDs (identifiers) of all currently connected mobile terminals, and records the acquired device IDs of all mobile terminals in the PAN current list 108 in the memory 101. Specifically, this is realized by the connection partner detection module 106, the memory 101, and the like. As shown in FIG. 4, the PAN current list includes a column 110 in which a list of device IDs of mobile terminals that currently form a PAN is described, and a column 109 in which the date and time when the PAN is formed are described. , A list held in the portable terminal 100 as a set. In the present embodiment, it is assumed that the PAN current list 108 is in the memory 101, but it may be anywhere in the mobile terminal 100.

  The condition setting unit 123 sets a PAN history header as described later as an access condition when an operation for sharing image data is performed. Specifically, it is realized by the CPU 105 or the like. The access condition acquisition unit 124 acquires an access condition from the PAN history header of the target image data. Specifically, it is realized by the CPU 105 or the like.

  The access permission determination unit 125 determines whether or not access to the image data is possible based on all the device IDs described in the PAN current status list 108 and the access conditions acquired by the access condition acquisition unit 124. Specifically, it is realized by the CPU 105 or the like.

  The access control unit 126 controls access to data based on the determination result of the access permission determination unit 125. Specifically, it is realized by the CPU 105 or the like.

  The data storage unit 127 stores image data, and is specifically realized by the memory 101. The display unit 128 displays image data on the LCD 102. Specifically, it is realized by the LCD 102, the CPU 105, or the like. The input receiving unit 129 receives an operation from the user. Specifically, it is realized by the touch panel 103, the CPU 105, or the like.

  Note that since the portable terminal described in this embodiment is a device whose purpose is to share and browse image data, participation in the PAN is equivalent to an access request to the shared image data. However, the PAN participation and the data access request may be separate procedures. For example, assume that a chat user participates in a network service called chat and issues an access request to certain data in the service. It is assumed that all other chat participants to this service are requesting access to the data as an access condition for the data. In that case, participation in the network service and data access requests are separated.

  Next, image data exchanged with the mobile terminal 100 will be described. FIG. 5 is a diagram showing a file format of image data.

  The file format of the image data 200 has a PAN history header 201 in the header portion in addition to the bitmap data 203 to be displayed on the LCD 102 and the conventional header information 202 such as the shooting date / time and the number of pixels of the image data. ing. The PAN history header 201 includes a PAN date / time column 204 in which the date and time when the image data 200 is exchanged through the PAN is described, and an owner ID list 205 in which the device ID of the owner of the image data is described. , The PAN-ID list 206 in which the device IDs of the mobile terminals that exchanged the image data are described, the group set flag 207, the owner monitoring flag 208, and the current limit flag 209 It is an aggregate. Each flag is assigned a value of “None”, “ON”, or “OFF”, one for each row.

  The device ID may be a user ID assigned to each user of the mobile terminal. In addition, the device ID and the user name may be combined, and display and operation may be performed using the user name when displaying on the screen of the mobile terminal. Further, it may be a MAC address, an e-mail address, or an IP address as long as it is unique worldwide.

  Further, the PAN history header does not have to be described in the header of the image data, and the PAN history header may be placed on a server or a portable terminal and managed in association with the corresponding image data. There may be a plurality of owners described in the owner ID column.

  Next, a procedure for connecting a plurality of portable terminals 100 via a network will be described. Hereinafter, a case where there are two mobile terminals 100 (mobile terminal A and mobile terminal B) will be described as an example. Here, connecting the portable terminal A and the portable terminal B with a network is called “panning” or “building PAN”.

  In advance, the connection ID acquisition unit 122 of the mobile terminals A and B describes the device ID 107 of the mobile terminal in each PAN current list 108. First, the mobile terminals A and B are brought close to a range where radio waves of the wireless LAN can reach. When a radio wave arrives at the wireless LAN module 104, the connection partner detection module 106 searches for the existence of the partner device and performs authentication after discovery. That is, the connection detection unit 121 detects a connection with the partner mobile terminal. Then, the connection ID acquisition unit 122 describes the device ID of the partner portable terminal and the date and time of authentication (date and time when the PAN is assembled) in the PAN status list 108 of the own portable terminal.

  In addition, as described above, in addition to bringing the mobile terminals close to the range where the wireless LAN radio wave can reach, another means for notifying that the terminals are within the close range, for example, a position grasping method using GPS Alternatively, physical means such as contact or connection may be used. Further, without using the connection partner detection module 106, the device ID and date / time of the partner mobile terminal may be input to the PAN current list 108 by the user input.

Next, an operation when the mobile terminals A and B leave the PAN will be described.
When an instruction to leave the PAN is issued using the touch panel 103 which is an input / output unit of a certain mobile terminal 100, or when the mobile terminal 100 is moved out of the radio wave service area of the wireless LAN module 104, the mobile terminal 100 forming the PAN Network configuration changes. At that time, the connection partner detection module 106 detects that the mobile terminal 100 has left the PAN. After the detection, the connection partner detection module 106 rewrites the PAN current list 108 of the own mobile terminal so that only the device IDs of the partner mobile terminals participating in the current PAN are described.

  Next, sharing of image data will be described. FIG. 6 is a diagram illustrating an example of the LCD display screen of the mobile terminal 100.

  The LCD display screen of the mobile terminal 100 is divided into an upper part and a lower part as shown in FIG. 6, the lower screen is a private area 302 for browsing image data in the mobile terminal alone, and the upper screen is image data shared by a group. Is a shared area 301 for browsing. Each operation button is displayed between the upper and lower screens. For example, as shown in FIG. 7, when image data being displayed is dragged to the private area 302, passed over the operation button and dropped in the shared area 301, a copy of the image data is copied to each mobile terminal that currently constitutes the PAN. Distribute and share image data. In addition, the function assigned to the operation button acts on the shared image data.

The functions assigned to each operation button are as follows.
The “when ready” button 303 sets an access condition in which the shared image data can be displayed only when the PAN is extended by the same participant as the PAN participant who shared the image data. Specifically, the condition setting unit 123 sets the value of the all-members gathering flag 207 in the PAN history header 201 to “ON”. When any of the current PAN participants leaves the PAN, the shared image data cannot be viewed. In order to be able to browse, it is necessary to set up a PAN again with the same member.

  Note that the access condition may be set so that only a part of the PAN participants when sharing the image data can view the image data only when the PAN is formed again.

  The “only before me” button 304 sets an access condition in which image data can be viewed only when the image data provider is participating in the PAN-attached participants. . Specifically, the condition setting unit 123 sets the value of the owner monitoring flag 208 of the PAN history header 201 to “ON”. The person who has received this image data can view this image data when there is an image data provider in the PAN status list of his / her portable terminal, but cannot view this image data when there is no image data provider.

  The “only here” button 305 sets an access condition in which the shared image data can be displayed only when the same PAN participant as the PAN participant when the image data is shared and the PAN is set. Specifically, the condition setting unit 123 sets the value of the current limit flag 209 in the PAN history header 201 to “ON”. Like the “If you have” button, the PAN participant when sharing the image data can view the image data only when the PAN is re-assembled, but the participation was not when the image data was shared within the PAN. If there is a person, this image data cannot be viewed.

  The “raise” button 306 passes the image data to the other mobile terminal without adding any access conditions. Specifically, the condition setting unit 123 does not set the value “ON” to each flag of the PAN history header 201 (all members gathering flag 207, owner monitoring flag 208, current limitation flag 209).

  Also, when image data being displayed is dragged to the shared area 301 and dropped in the private area 302, the shared image data is saved as personal data in the own portable terminal. At that time, the image data may be saved by drag and drop, or may be dragged through the operation button. The types of operation buttons are “Save button” that saves one dragged and dropped image data in your mobile device, and all the image data shared on the shared screen when you drag and drop it in your mobile device. “Batch save button” to save is considered.

  Note that it is also possible to make a setting in the device settings of the mobile terminal that “all items that come out in the shared area are copied and saved in the mobile terminal”.

  Further, when the various access conditions described above are attached to the image data to be stored, the access conditions have priority over the storage instruction.

  In addition, although browsing of image data is described here, it is not limited to image data. In addition to browsing, image data modification or device control using data may be used, and can be applied to data access in general.

The following shows how the functions assigned to each operation button are realized.
1) “Completed” button The case where image data is dropped in the shared area through the “Completed” button on the mobile terminal A will be described.

  First, the operation of the portable terminal on the image data distribution side when the image data sharing function using the “when ready” button function is used will be described. FIG. 8 is a flowchart showing the flow of this operation.

  First, the connection detection unit 121 detects that the mobile terminals A and B have assembled a PAN (S101). When the connection detection unit 121 detects that the PAN is assembled, the connection ID acquisition unit 122 describes the device ID of the partner portable terminal and the date and time of authentication in the PAN current list 108 of the own portable terminal (S102).

  In the mobile terminal A, for example, the user drags and drops an image from the private area to the shared area as shown in FIG. In the portable terminal 100, the input receiving unit 129 detects that an image sharing operation has been performed (S103). Further, the input receiving unit 129 senses that the “when it is ready” button has passed (S104). Next, the condition setting unit 123 describes necessary information in the first line among the vacant lines in the PAN history header 201 of the image data. This is an operation for setting an access condition to the image data. Specifically, the condition setting unit 123 describes “A”, which is the device ID of the own mobile terminal, in the owner ID list field 205. The described date “2004/1/1, 1:00” is also described in the PAN date column 204 of the same row. In addition, the condition setting unit 123 extracts “B”, which is a device ID other than its own device ID, from the PAN current list 108. The extracted device ID “B” and the device ID “A” of the portable terminal are entered in the PAN-ID list field 206 (S105). Then, the condition setting unit 123 sets the value of the collective flag to ON (S106). The above is the contents described in the PAN history header 201. It should be noted that the minimum access condition for the image data is set by the combination of the value of all members flag = ON and the PAN-ID list field 206. Note that the data for setting the access condition is not limited to only this image data to be shared, and may be other data.

  The image data that has undergone the above processing is copied, and the copied image data is sent to the portable terminal B through the wireless LAN module 104 (S107).

  Next, the operation of the portable terminal B when receiving image data whose all-group flag value is ON will be described. FIG. 9 is a flowchart showing the flow of this operation.

  The portable terminal B receives image data from the portable terminal A (S201). The access condition acquisition unit 124 of the portable terminal B acquires information of the PAN history header 201 of the received image data. Next, the accessibility determination unit 125 compares “A”, which is the owner ID of the PAN history header 201 of this image data, with “B”, which is the device ID of the own portable terminal, to determine whether the owner is himself / herself. Is checked (S202). If the user is the owner (Yes in S202), the access control unit 126 permits display of image data. On the other hand, when it is not the owner (No in S202), the access permission determination unit 125 sets the row to be referenced as the row in which the latest time is described (S203). Then, the accessibility determination unit 125 checks whether or not “B” that is the device ID of the mobile terminal is included in the PAN-ID list 206 of the row (S204). Here, if “B” is included, the access condition to this image data is checked. That is, the accessibility determination unit 125 checks the value of the all-group flag in the PAN history header 201 (S205). As a result, if the value is ON (Yes in S205), the access permission determination unit 125 includes a set of device IDs (here, A and B) described in the PAN-ID list 206 of the row, A set of device IDs (here, A and B), which are the contents of the PAN current list 108 of the own portable terminal, is acquired (S206), and both are compared (S207). Here, if all the device IDs listed in the PAN-ID list are included in the device IDs listed in the PAN current list (Yes in S207), that is, PAN participation when sharing the PAN. When all the persons are gathered, the access control unit 126 permits access to the image data and displays the image data in the shared area 301 on the LCD 102 (S208).

  In order to indicate to the user of the mobile terminal that the image data is the collective flag = ON, an icon indicating that may be displayed when the image data is shared. The display timing is not limited to sharing, but may be when displaying the image data as a search result on the portable terminal. Further, instead of directly displaying the image data, a signal (such as an icon display or a buzzer sound) that informs the user that image data that can be displayed has been received may be substituted.

  On the other hand, if the value of the all-group flag is checked (S205) and the value of the all-group flag is OFF (No in S205), the image data is displayed in the shared area 301 on the LCD 102 (S208).

  In addition, in the comparison between the PAN-ID list 206 and the PAN current list 108 of the portable terminal (S207), among the device IDs listed in the PAN-ID list, the device IDs not listed in the PAN current list are If there is (No in S207), that is, if not all the PAN participants when the image data is shared, the accessibility determination unit 125 determines whether the row is the oldest row. (S211). If it is not the oldest line (No in S211), the accessibility determination unit 125 changes the line referenced from the PAN history header to the oldest line (S210). On the other hand, if it is the oldest line (Yes in S211), the access control unit 126 does not permit access to this image data. That is, the image data is not displayed on the LCD 102, but instead, a warning such as “cannot display an image because all of them are not yet participating in the PAN” is displayed on the LCD 102 (S212).

  If it is checked whether or not the device ID of the portable terminal is included in the PAN-ID list 206 (S204), if "B" that is the device ID of the portable terminal is not found, error processing is performed (S209). ). The content of error handling varies depending on the product implementation. It is conceivable to display an error message on the LCD, or interpret that the control applied to the image data does not work on the portable terminal B and display the image data on the LCD.

  In the comparison of the PAN-ID list 206 of the flowchart shown in FIG. 9 and the PAN current list 108 of the portable terminal (S207), the device IDs listed in the PAN-ID list are listed in the PAN current list. If there is a device ID that has not been changed (No in S207), whether the row is the oldest is determined (S211) and the row referenced from the PAN history header is changed to the oldest row The process (S210) may not be performed.

Next, an operation when there is a change in the PAN state will be described.
When the mobile terminal B leaves the PAN, or when a participating member of the PAN changes, the connection detection unit 121 of the mobile terminal B detects this. At that time, the portable terminal B checks whether the owner of the flowchart shown in FIG. 9 is the owner of the image data currently displayed on the LCD 102 in the private area 302 and the shared area 301 (S202). Alternatively, the processing is performed again from the processing (S203) in which the row to be referenced is the row in which the latest time is described.

Next, the operation when viewing image data later will be described.
As described above, FIG. 9 shows a case where the image data that is personally saved by dragging and dropping from the shared area 301 to the private area 302 at the time of distribution is searched and displayed later. The processing is again performed from the processing (S202) or processing (S203) of the flowchart shown.

  In addition, when searching and displaying certain data, there is also a method of displaying with the name attached to the data, that is, the file name. However, in the case of image data, the attached file name and the image content must not match. There are many. This is because a device that generates image data such as a digital camera automatically assigns a file name. Therefore, when displaying the search result, the image data is often expressed using thumbnails which are reduced data of the image data. However, it is not preferable to display a bitmap of image data for image data in which the value of the all-group flag shown in this embodiment is ON even for thumbnails that are reduced data. Therefore, for example, as shown in FIG. 10, instead of thumbnails, alternative image data (“S” in the example of FIG. 10) indicating that the value of the collective flag is ON may be displayed. In addition, the image data may be processed so that the content of the image data is not known, such as displaying an icon in the center of the image data. When touching the substitute image data, it is also useful to display an access condition for displaying the main body of the image data on the screen.

  Also, setting of access conditions at the time of distribution is not necessarily required, and may be set in advance. In this case, the access condition set in advance may be the access condition described above. For example, it is conceivable that a game company presets the participation status of network participants as access conditions for game images.

  For the image data that has arrived at the process (S212) in which access to the image data in the flowchart shown in FIG. 9 is not permitted, the image data is not displayed in the private area 302, and “all viewing-permitted users are still in the PAN. “Not participating” is displayed.

  In addition, regarding image data that reaches the processing (S212) that does not permit access to the image data in the flowchart shown in FIG. Processing such as not displaying as a result can be added.

  By doing as described above, the image data can be browsed only when all the participants who formed the PAN when sharing the image data are participating in the PAN.

  Note that the check process (S202) for checking whether or not the owner of the flowchart shown in FIG. 9 is self may be omitted, but in this case, even if the owner of the image data is the owner of the group, If the PAN is not assembled, the image data is not displayed. Whether or not to omit this check process (S202) may be switched. The switching trigger at that time may be a device setting, an instruction from the outside, or may be described in the image data. For example, a game may be considered in which it is detected that all members have participated in the PAN and an image data appears to appear.

  Further, even if not all PAN participants at the time of image sharing are available, it is possible to set an access condition that allows viewing of image data if some PAN participants form a PAN again. In this case, in the flowchart of FIG. 9, the determination formula of the process (S207) is “if all the device IDs described in the PAN-ID list 206 are included in the device IDs described in the PAN current list 108”. Is changed to “if at least one of the device IDs described in the PAN-ID list 206 is included in the device ID described in the PAN current list 108”. If both judgment formulas are implemented in one device, it is necessary to add a partial set flag to the PAN history header 201 in distinction from the full set flag. It is also possible to set an access condition specifying the number of PAN participants who can view image data.

2) Detailed Description of “Only In Front of Me” Button A description will be given of a case where image data is dropped in the common area through the “only in front of me” button on the mobile terminal A.

  First, the operation of the mobile terminal on the image data distribution side when using the image data sharing function using the “only in front of me” button function will be described. FIG. 11 is a flowchart showing the flow of this operation. In addition, about the operation | movement same as FIG. 8, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  In the mobile terminal A, the user drags and drops the image from the private area to the shared area, and then drags the image through the “only in front of me” button 304 area. In the portable terminal 100, the input receiving unit 129 detects that an image sharing operation has been performed (S103). In addition, the input receiving unit 129 detects that the “only in front of me” button has been passed (S301). Next, the condition setting unit 123 describes necessary information in the first line among the vacant lines in the PAN history header 201 of the image data. This is an operation for setting an access condition to the image data. Specifically, the condition setting unit 123 describes “A”, which is the device ID of the own mobile terminal, in the owner ID list field 205. The described date “2004/1/1, 1:00” is also described in the PAN date column 204 of the same row. Then, the condition setting unit 123 sets the value of the owner monitoring flag to ON (S302). The above is the contents described in the PAN history header 201. Note that the minimum access condition for the image data is set by the combination of the owner monitoring flag value = ON and the owner ID list field 205. Note that the data for setting the access condition is not limited to the image data to be shared, and may be other data.

  Next, the operation of the mobile terminal B when receiving image data whose owner monitoring flag value is ON will be described. FIG. 12 is a flowchart showing the flow of this operation. In addition, about the operation | movement same as FIG. 9, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  The portable terminal B checks the access conditions for this image data. That is, the accessibility determination unit 125 checks the value of the owner monitoring flag in the PAN history header 201 (S401). As a result, if the value is ON (Yes in S401), the access permission determination unit 125 determines that the set of device IDs (A in this case) described in the owner ID list 205 of the row and the own mobile terminal A set of device IDs (here, A and B) which are the contents of the current PAN status list 108 are acquired (S402), and both are compared (S403). Here, if all the device IDs described in the owner ID list 205 are included in the device IDs described in the PAN current list 108 (Yes in S403), that is, the owner of the image data becomes PAN. If the user is participating, the access control unit 126 permits access to the image data and displays the image data in the shared area 301 on the LCD 102 (S208).

  In order to indicate to the user of the mobile terminal that the image data is the owner monitoring flag = ON, an icon indicating that may be displayed when the image data is shared. The display timing is not limited to sharing, but may be when displaying the image data as a search result on the portable terminal. Further, instead of directly displaying the image data, a signal (such as an icon display or a buzzer sound) that informs the user that image data that can be displayed has been received may be substituted.

  If the value of the owner monitoring flag is checked (S401) and the value of the owner monitoring flag is OFF (S401: No), the image data is displayed in the shared area 301 on the LCD 102 (S208).

  Further, in the comparison between the owner ID list 205 and the PAN current list 108 of the portable terminal (S403), there is a device ID that is not listed in the PAN current list among the device IDs listed in the owner ID list 205. (No in S403), that is, when all the owners who share the image data have not participated in the PAN, the accessibility determination unit 125 determines whether or not the row is the oldest row. (S211). If it is not the oldest line (No in S211), the accessibility determination unit 125 changes the line referenced from the PAN history header to the oldest line (S210). On the other hand, if it is the oldest line (Yes in S211), the access control unit 126 does not permit access to this image data. That is, the image data is not displayed on the LCD 102, but instead, a warning such as “cannot display an image because all of them are not yet participating in the PAN” is displayed on the LCD 102 (S212).

Next, an operation when there is a change in the PAN state will be described.
When the mobile terminal B leaves the PAN, or when a participating member of the PAN changes, the connection detection unit 121 of the mobile terminal B detects this. At that time, the portable terminal B checks whether the owner of the flowchart shown in FIG. 9 is the owner of the image data currently displayed on the LCD 102 in the private area 302 and the shared area 301 (S202). Alternatively, the processing is performed again from the processing (S203) in which the row to be referenced is the row in which the latest time is described.

Next, the operation when viewing image data later will be described.
As described above, the flowchart shown in FIG. 12 is also used when the image data that is personally saved by dragging and dropping from the shared area 301 to the private area 302 is searched and displayed later. The process is performed again from the process (S202) or the process (S203).

  Further, for the image data that has reached the process of not permitting access to the image data in the flowchart shown in FIG. 12 (S212), the image data is hidden in the private area 302 and the image data owner is still in the PAN. “Not participating” is displayed.

  In addition, regarding image data that has reached the processing (S212) that does not permit access to the image data in the flowchart shown in FIG. 12, when searching for image data, it is excluded from the search target display in advance. Processing such as not displaying as a result can be added.

  As described above, the image data can be browsed only when the owner of the image data participates in the PAN.

3) Detailed Description of “Only Here” Button A case will be described in which the mobile terminal A passes the “only here” button 305 and drops image data in the shared area.

  First, the operation of the portable terminal on the image data distribution side when the image data sharing function using the function of the “only here” button 305 is used will be described. FIG. 13 is a flowchart showing the flow of this operation. In addition, about the operation | movement same as FIG. 8, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  In the mobile terminal A, the user drags and drops an image from the private area to the shared area, and then drags the image through the area of the “only here” button 305. In the portable terminal 100, the input receiving unit 129 detects that an image sharing operation has been performed (S103). Further, the input receiving unit 129 detects that the “only here” button 305 has been passed (S501). Next, the condition setting unit 123 describes necessary information in the first line among the vacant lines in the PAN history header 201 of the image data. This is an operation for setting an access condition to the image data. Specifically, the condition setting unit 123 describes “A”, which is the device ID of the own mobile terminal, in the owner ID list field 205. The described date “2004/1/1, 1:00” is also described in the PAN date column 204 of the same row. In addition, the condition setting unit 123 extracts “B”, which is a device ID other than its own device ID, from the PAN current list 108. The extracted device ID “B” and the device ID “A” of the portable terminal are entered in the PAN-ID list field 206 (S105). Then, the condition setting unit 123 sets the current limit flag value to ON (S502). The above is the contents described in the PAN history header 201. Note that the minimum access condition for the image data is set by the combination of the current limit flag value = ON and the PAN-ID list field 206.

  Next, the operation of the mobile terminal B when receiving image data whose current limit flag value is ON will be described. FIG. 14 is a flowchart showing the flow of this operation. In addition, about the operation | movement same as FIG. 9, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  The portable terminal B checks the access conditions for this image data. That is, the accessibility determination unit 125 checks the value of the current limit flag in the PAN history header 201 (S601). As a result, if the value is ON (Yes in S601), the access permission determination unit 125 includes a set of device IDs (here, A and B) described in the PAN-ID list 206 of the row, A set of device IDs (here, tentatively A, B, and C), which are the contents of the PAN current list 108 of the own mobile terminal, is acquired (S206), and the two are compared (S602). If a device ID other than that described in the PAN-ID list 206 is included in the device ID described in the PAN current list 108 (Yes in S602), that is, when the PAN is shared. If there is a person other than the current PAN participant, the accessibility determination unit 125 determines whether the row is the oldest row (S211). If it is not the oldest line (No in S211), the accessibility determination unit 125 changes the line referenced from the PAN history header to the oldest line (S210). On the other hand, if it is the oldest line (Yes in S211), the access control unit 126 does not permit access to this image data. That is, the image data is not displayed on the LCD 102, but instead a warning such as “An outsider is participating in the PAN and the image cannot be displayed” is displayed on the LCD 102 (S212).

  In order to indicate to the user of the portable terminal that the image data is currently limited flag = ON, an icon indicating that may be displayed when the image data is shared. The display timing is not limited to sharing, but may be when displaying the image data as a search result on the portable terminal. Further, instead of directly displaying the image data, a signal (such as an icon display or a buzzer sound) that informs the user that image data that can be displayed has been received may be substituted.

  If the current limit flag value is OFF in the current limit flag value check (S601) (No in S601), the image data is displayed in the shared area 301 on the LCD 102 (S208).

  Further, in the comparison between the PAN-ID list 206 and the PAN current list 108 of the portable terminal (S602), the device ID described in the PAN current list is the device ID described in the PAN-ID list. If not (No in S602), that is, if the person other than the PAN participant who shared the image data is not the current PAN participant, the access control unit 126 permits access to the image data. The image data is displayed in the shared area 301 on the LCD 102 (S208).

Next, an operation when there is a change in the PAN state will be described.
When the mobile terminal B leaves the PAN, or when a participating member of the PAN changes, the connection detection unit 121 of the mobile terminal B detects this. At that time, the portable terminal B checks whether the owner of the flowchart shown in FIG. 9 is the owner of the image data currently displayed on the LCD 102 in the private area 302 and the shared area 301 (S202). Alternatively, the processing is performed again from the processing (S203) in which the row to be referenced is the row in which the latest time is described.

Next, the operation when viewing image data later will be described.
As described above, the flowchart shown in FIG. 9 is also used when the image data that is personally saved by dragging and dropping from the shared area 301 to the private area 302 is searched and displayed later. The process is performed again from the process (S202) or the process (S203).

  In addition, when searching and displaying certain data, there is also a method of displaying with the name attached to the data, that is, the file name. However, in the case of image data, the attached file name and the image content must not match. There are many. This is because a device that generates image data such as a digital camera automatically assigns a file name. Therefore, when displaying the search result, the image data is often expressed using thumbnails which are reduced data of the image data. However, it is not preferable to display a bitmap of image data for image data whose current limit flag value shown in the present embodiment is ON even for thumbnails that are reduced data. Therefore, for example, as shown in FIG. 10, instead of thumbnails, alternative image data similar to alternative image data (“S” in the example of FIG. 10) indicating that the value of the collective flag is ON is displayed. Also good. In addition, the image data may be processed so that the content of the image data is not known, such as displaying an icon in the center of the image data.

  In addition, regarding image data that reaches the processing (S212) that does not permit access to the image data in the flowchart shown in FIG. Processing such as not displaying as a result can be added.

  By doing as described above, the image data can be browsed only when the participant who has formed the PAN when sharing the image data is participating in the current PAN.

  By the way, it is desirable to encrypt the image data at the time of distribution in order to protect the image data from the “cracking act” of browsing the image data when there are no PAN participants. In the following, several encryption and decryption methods will be exemplified.

First, encryption / decryption by authentication of the participant portable terminal will be described.
At the time of distributing image data, each mobile terminal authenticates each other PAN participant. At that time, authentication data for authenticating each PAN participant is acquired at the time of later browsing. Then, at the time of browsing the image data, authentication work is performed on the PAN participant at that time, and when it is confirmed that all the participants at the time of distribution have been prepared, the image data is decoded. At the time of the authentication work at the time of browsing, each portable terminal transmits authentication private key data, but SSL (Secure Socket Layer) or the like is used for the transmission path to prevent eavesdropping. The secret key used for encrypting the image data may be generated using authentication data collected from each portable terminal as a seed.

  Next, an example will be described in which a secret key necessary for decrypting encrypted data is distributed to each participant.

  The secret key used when the image data is encrypted is divided into the number of participants, and the divided secret key (= distributed key) is passed to the participants. Even the mobile terminal that generated the secret key holds only the distributed key. At the time of browsing, the distributed key is collected from each portable terminal, the secret key is restored, and the image data is decrypted.

  Note that with the simple secret key distribution described above, it is not possible to restore the secret key from the distributed key unless all the PAN participants at the time of distribution have all at the time of browsing. Therefore, it is not possible to set an access condition that “image data can be viewed if some of the PAN participants at the time of viewing are at the time of viewing”. In order to realize the setting of such an access condition, the secret key is distributed using the “Michaer threshold secret sharing method”. Details of this method are described in detail in the document "A. Shamir," How to Share a Secret ", Comm. Assoc. Comput. Mach., Vol.22, no.11, pp.612-613, 1979. is there. When this method is used, unlike a simple secret key distribution, if an arbitrary number of distributed keys among all the distributed keys are collected, a secret key can be obtained using them. An arbitrary number can be specified when the secret key is distributed. If distributed keys are distributed and distributed to participants by this method, secure distribution of image data can be realized even in a function of “viewing image data when more than all of them participate”.

  In addition, if there is a means to erase the private key used for encryption on the terminal that encrypted the image data, the owner of the image data must participate as well as other PAN participants. The image data cannot be browsed. If not deleted, the image owner will continue to have a complete secret key that is not distributed, so the image data can be decrypted at any time. Whether or not to delete a secret key that is not distributed is a matter of determination in the functional specification.

  Further, instead of distributing the secret key, the image data may be distributed. In this case, the image data is divided into the number of participants, and the divided pieces of image data (= distributed image data) are given to the participants. Even the portable terminal that generated the image data holds only the distributed image data. At the time of browsing, the distributed image data is collected from each portable terminal and the image data is decoded.

(Embodiment 2)
In the present embodiment, a case will be described in which an access condition for displaying image data is set only when a person shown as a subject in the captured image data forms a PAN.

  FIG. 15 is a block diagram showing a functional configuration of a mobile terminal which is an access control apparatus according to Embodiment 2 of the present invention. Note that the same reference numerals are given to the same components as those of the mobile terminal described in the first embodiment.

  The mobile terminal 150 according to the present embodiment includes a subject ID acquisition unit 151, a face image database (DB) 152, and a person-device ID database (DB) 153 in addition to the configuration described in the first embodiment. The subject ID acquisition unit 151 cuts out the face image data of the subject person from the image data, and acquires the device ID of the subject person shown in the image data. The face image DB 152 is a database that associates face image data with a specific person name. The person-device ID DB 153 is a database that associates the identified person name with the device ID of the device that the person has.

Next, the operation when setting access conditions will be described.
First, image data including a person is photographed to generate image data. Next, the subject ID acquisition unit 151 cuts out the face image data of the subject person from the captured image data. The subject ID acquisition unit 151 refers to the face image DB 152 and identifies the person name of the face image data. Furthermore, the subject ID acquisition unit 151 refers to the person-device ID DB 153 and associates the person name specified above with the device ID of the device held by the person. As a result, the subject person and the device ID are associated with each other. With the above operation, the device ID related to the subject person in the captured image data can be acquired. Then, when setting access conditions for the image data, the device ID obtained from the subject ID acquisition unit 151 is used as the device ID described in the PAN-ID list 206.

  Note that access control when browsing the image data is the same as that of the first embodiment, and thus description thereof is omitted.

  As a result, only a person who appears in the image data as a subject can view the image data by forming a PAN. By doing so, the image data can be browsed only when a person with a portrait right is involved as a subject, and it is possible to give a sense of security that the person with the portrait right is unlikely to misuse the image data.

  Note that the image data may be automatically transmitted to the device ID acquired by the subject ID acquisition unit 151.

  In addition, when the device ID of the image data owner is also added to the PAN-ID list 206 as the device ID described in the PAN-ID list 206, it is displayed only when both the subject person and the image data owner form a PAN. Access conditions can be established.

  Further, the data for setting the access condition is not limited to the image data in which the subject is captured, and may be other data.

  Each functional block in the block diagrams shown in FIGS. 3 and 15 is typically realized as an LSI which is an integrated circuit. This LSI may be made into one chip or a plurality of chips. (For example, the functional blocks other than the memory may be integrated into one chip.) Although the LSI is used here, it may be referred to as an IC, a system LSI, a super LSI, or an ultra LSI depending on the degree of integration.

  Further, the method of circuit integration is not limited to LSI's, and implementation using dedicated circuitry or general purpose processors is also possible. An FPGA (Field Programmable Gate Array) that can be programmed after manufacturing the LSI or a reconfigurable processor that can reconfigure the connection and setting of circuit cells inside the LSI may be used.

  Further, if integrated circuit technology comes out to replace LSI's as a result of the advancement of semiconductor technology or a derivative other technology, it is naturally also possible to carry out function block integration using this technology. Biotechnology can be applied.

  Further, among the functional blocks, only the means for storing the data to be accessed may be configured separately instead of being integrated into one chip.

  As described above, the access control device according to the present invention can perform various access controls on data, and is useful for use in devices such as mobile terminals, mobile phones, and personal computers that perform access control on data. It is.

It is the schematic which shows an example of how the portable terminal which is the access control apparatus which concerns on Embodiment 1 of this invention is used. It is a block diagram which shows the hardware constitutions of the portable terminal which is the access control apparatus which concerns on Embodiment 1 of this invention. It is a block diagram which shows the functional structure of the portable terminal which is the access control apparatus which concerns on Embodiment 1 of this invention. 6 is a diagram showing an example of a PAN current list in the first embodiment. FIG. FIG. 3 is a diagram illustrating a file format of image data in the first embodiment. 6 is a diagram showing an example of an LCD display screen in Embodiment 1. FIG. 6 is a diagram showing an example of an LCD display screen in Embodiment 1. FIG. 6 is a flowchart showing a flow of processing at the time of distribution of the “when it is ready” function in the first embodiment. 4 is a flowchart showing a flow of processing at the time of browsing of the “when it is ready” function in the first embodiment. 6 is a diagram showing an example of an LCD display screen in Embodiment 1. FIG. 4 is a flowchart showing a flow of processing at the time of distribution of the “just in front of me” function in the first embodiment. 4 is a flowchart showing a flow of processing at the time of browsing of the “only in front of me” function in the first embodiment. 6 is a flowchart showing a flow of processing at the time of distribution of the “only here” function in the first embodiment. 4 is a flowchart showing a flow of processing at the time of browsing of the “only here” function in the first embodiment. It is a block diagram which shows the functional structure of the portable terminal which is an access control apparatus which concerns on Embodiment 2 of this invention.

Explanation of symbols

100 mobile terminal 101 memory 102 LCD
103 Touch Panel 104 Wireless LAN Module 105 CPU
106 Connection partner detection module 107 Device ID
108 PAN Current List 121 Connection Detection Unit 122 Connection ID Acquisition Unit 123 Condition Setting Unit 124 Access Condition Acquisition Unit 125 Access Allowability Determination Unit 126 Access Control Unit 127 Data Storage Unit 128 Display Unit 129 Input Accepting Unit

Claims (14)

An access control device for controlling access to data,
Connection detecting means for detecting connection and disconnection with other devices;
Connection identifier acquisition means for acquiring an identifier for identifying all the other devices currently connected;
An access condition acquisition means for acquiring an access condition to the data, including a condition regarding whether or not the other device is connected;
An access permission determination unit that determines whether to access the data based on all the identifiers acquired by the connection identifier acquisition unit and the access conditions acquired by the access condition acquisition unit;
An access control device comprising: an access control unit that controls access to the data based on a determination result of the access permission determination unit. The access control device further includes:
Provided with an access request accepting means for accepting an access request to predetermined data;
When the access request is received by the access request receiving means,
The connection identifier acquisition means acquires an identifier for identifying all the other devices currently connected,
The access condition acquisition means acquires an access condition to the predetermined data,
The access permission determination unit determines whether to access the predetermined data based on all the identifiers acquired by the connection identifier acquisition unit and the access conditions acquired by the access condition acquisition unit. The access control apparatus according to claim 1. The access condition acquisition means acquires, as an access condition to the data, that another device specified by a predetermined identifier is connected,
The access permission determination unit may include at least all of the predetermined identifiers of the access conditions acquired by the access condition acquisition unit among all the identifiers acquired by the connection identifier acquisition unit. The access control apparatus according to claim 1, wherein access to the data is determined to be acceptable. The access control device further includes:
The access control apparatus according to claim 1, further comprising: an access condition setting unit configured to set, as an access condition to the data, a condition relating to whether or not another apparatus identified by a predetermined identifier is connected. The access control device further includes:
Comprising a condition accepting means for accepting a condition relating to whether or not another device identified by a predetermined identifier is connected;
The access control apparatus according to claim 4, wherein the access condition setting unit sets the condition received by the condition receiving unit as an access condition to the data. The condition accepting unit accepts, as the condition, that at least other devices specified by all the identifiers acquired by the connection identifier acquiring unit are connected,
The access condition setting means uses all the identifiers acquired by the connection identifier acquisition means at the time of setting access conditions as the predetermined identifier, and that at least another device specified by the identifier is connected, The access control device according to claim 5, wherein the access control device is set as a data access condition. The access control apparatus according to claim 4, wherein the access condition setting unit sets all the identifiers acquired by the connection identifier acquisition unit when the access condition is set as the predetermined identifier. The data is image data;
The access control device further includes:
Subject identifier acquisition means for acquiring a subject included in the image data and an identifier corresponding to the subject;
The access control apparatus according to claim 4, wherein the access condition setting unit sets all the identifiers acquired by the subject identifier acquisition unit as the predetermined identifier. The access control device further includes:
Comprising communication means for performing near field communication with the other device;
The access control device according to claim 1, wherein the connection detection unit detects connection and disconnection with the other device via the communication unit. The access control device further includes:
Comprising contact detection means for detecting contact with the other device;
The communication means starts short-range wireless communication with the other apparatus when contact with the other apparatus is detected by the contact detection means,
The access control device according to claim 9, wherein the connection detection unit detects that the communication device is connected to the other device when short-range wireless communication with the other device is started by the communication unit. . The access control device further includes:
Comprising position detecting means for detecting a positional relationship with the other device;
The communication means starts short-range wireless communication with the other apparatus when the distance to the other apparatus approaches a predetermined distance or less by the position detection means,
The access control device according to claim 9, wherein the connection detection unit detects that the communication unit is connected to the other device when near field communication with the other device is started by the communication unit. An access control method for controlling access to data,
A connection detection step for detecting connection and disconnection with other devices;
A connection identifier obtaining step for obtaining an identifier for identifying all the other devices currently connected;
An access condition acquisition step of acquiring an access condition to the data, including a condition regarding whether or not the other device is connected;
An access permission determination step of determining whether to access the data based on all the identifiers acquired in the connection identifier acquisition step and the access conditions acquired in the access condition acquisition step;
An access control step of controlling access to the data based on a determination result of the access permission determination step. A program for controlling access to data,
A connection detection step for detecting connection and disconnection with other devices;
A connection identifier obtaining step for obtaining an identifier for identifying all the other devices currently connected;
An access condition acquisition step of acquiring an access condition to the data, including a condition regarding whether or not the other device is connected;
An access permission determination step of determining whether to access the data based on all the identifiers acquired in the connection identifier acquisition step and the access conditions acquired in the access condition acquisition step;
A program for causing a computer to execute an access control step for controlling access to the data based on a determination result of the access permission determination step. An integrated circuit for controlling access to data,
Connection detecting means for detecting connection and disconnection with other devices;
Connection identifier acquisition means for acquiring an identifier for identifying all the other devices currently connected;
An access condition acquisition means for acquiring an access condition to the data, including a condition regarding whether or not the other device is connected;
An access permission determination unit that determines whether to access the data based on all the identifiers acquired by the connection identifier acquisition unit and the access conditions acquired by the access condition acquisition unit;
An integrated circuit comprising: an access control unit that controls access to the data based on a determination result of the access permission determination unit.

Images