JP2015049572A - Monitoring program and monitoring method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To suppress data leakage.SOLUTION: A first mobile terminal 103 receives electronic data 106 from a second mobile terminal 103 that is a transmission source that stores the electronic data 106 in a file server 102 or a shared network 107; stores the received electronic data 106 in a storage device of its own terminal; detects disconnection from another mobile terminal 103 in the shared network 107; and if the disconnection from the other mobile terminal 103 is detected, deletes the electronic data 106 stored in the storage device.

Description

  The present invention relates to a technique for securely sharing data among a plurality of mobile terminals and managing the data on the mobile terminals.

  In recent years, cases where mobile terminals such as smartphones and tablets are used in companies are increasing. For example, in a company having a sales department, a tablet terminal is used for presentation to a customer or presentation of materials, or a POS (Point of sale) terminal for product inventory management. Under such circumstances, an electronic conference system using a tablet terminal is currently attracting attention.

  In conventional conferences, conference electronic data (meeting materials) created on a PC is printed and paper is often distributed during the conference. However, by using a mobile terminal, the electronic data is directly used as the mobile terminal. It is possible to hold the conference in a terminal as an alternative to paper. As a result, the printing cost of paper can be reduced, and various solutions can be provided in conjunction with an application installed on a terminal or a business server installed in a company.

  However, when an electronic conference is performed using a mobile terminal, there is a new problem. For example, distribution of electronic data. With a conventional paper-based conference, although it costs printing, it was possible to print immediately before the conference and distribute the paper only to the participants when the conference was started.

  However, in the case of an electronic conferencing system, it is necessary to upload electronic data to the file server in advance, so that each participant in the conference can access the file server from each mobile terminal and download the file. is there. At this time, there arises a problem that a terminal user who has an access right to electronic data uploaded in advance but does not participate in the conference downloads electronic data unnecessarily. At present, various techniques are disclosed in order to solve these problems. For example, Patent Document 1 discloses a means by which materials necessary for a conference are stored in a shared information device in advance, and a group associated with the conference can acquire the shared information when the scheduled use time is reached.

JP 2006-31316 A

However, according to Patent Document 1, it is necessary to install a dedicated server for management, and in addition to newly generating operational costs, it takes time for the creator of electronic data to register and set time in advance on the server. . If there is no access right to the file server, it is necessary to set access right for server access. In addition, a mobile terminal is generally connected to a network using a wireless LAN. However, it is necessary to set a connection to a wireless LAN access point, and in some cases, an access password must be set. bad.

  Further, as a problem specific to electronic data, there is a security problem that electronic data is likely to leak due to easy copying and external transmission. In the case of paper, it is possible to prevent leakage by collecting the paper distributed after the meeting, but in the case of electronic data, there is a means to securely delete electronic data once downloaded to each mobile terminal. It becomes necessary. At that time, it is necessary to take measures against the omission of deletion of electronic data due to factors specific to mobile devices, such as disconnection of the network on the way, battery exhaustion, leaving the conference room while holding the terminal, etc. It is necessary to maintain the same security level as collecting information so that information is not leaked or spread.

  An object of the present invention is to suppress data leakage.

  A monitoring program and a monitoring method according to an aspect of the invention disclosed in the present application are stored in a memory of each of a plurality of terminals constituting a network capable of communication by short-range wireless communication, and stored in each processor of the plurality of terminals. A monitoring program and a monitoring method to be executed, comprising: a reception procedure for receiving data from a storage device for storing data or a transmission source terminal for storing the data in the network; and data received by the reception procedure The storage procedure for storing in the storage device of the terminal itself, the detection procedure for detecting that the connection with the other terminal in the network is disconnected, and the connection with the other terminal is disconnected by the detection procedure. A deletion procedure for deleting the data stored in the storage device by the storage procedure. The features.

  According to a typical embodiment of the present invention, data leakage can be suppressed. Problems, configurations, and effects other than those described above will become apparent from the description of the following embodiments.

1 is a diagram illustrating a schematic configuration of an information processing system according to an embodiment of the present invention. It is a figure which shows the internal structure of a mobile terminal. It is explanatory drawing which shows an example of a shared network. It is explanatory drawing which shows the example of a data structure of file management DB. It is explanatory drawing 1 which shows a DataSource screen. FIG. 3 is an explanatory diagram illustrating a DataSource screen. It is explanatory drawing which shows a LocalStorage screen. It is explanatory drawing which shows a ShareNetwork screen. It is explanatory drawing which shows a Shared Storage screen. It is a flowchart which shows the example of a process sequence in which the mobile terminal of the creator of electronic data downloads electronic data. It is a sequence diagram which shows the example of a construction processing procedure of the shared network by the mobile terminal between proximity. It is a sequence diagram which shows the example of a data sharing process sequence between mobile terminals. It is a flowchart which shows the example of a forced deletion processing procedure of the electronic data distributed to the mobile terminal.

  Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. However, it should be noted that this embodiment is merely an example for realizing the present invention, and does not limit the technical scope of the present invention. In each drawing, the same reference numerals are assigned to common components.

<Configuration of information processing system>
FIG. 1 is a diagram showing a schematic configuration of an information processing system according to an embodiment of the present invention. The information processing system 100 includes a PC (Personal Computer) 101, a file server 102, and a mobile terminal 103, and the PC 101 and the file server 102 are always connected via a network (LAN or WAN) 104. The mobile terminal 103 can be temporarily connected to the network 104 at an arbitrary timing by wireless LAN connection, and can access the PC 101 and the file server 102. The conference room 105 is a general conference room used in a company, and assumes a space where a plurality of users use the mobile terminals 103 owned by each user to conduct an electronic conference. In FIG. 1, there are three mobile terminals 103, but two or four or more may be used as long as there are a plurality of mobile terminals 103.

  The PC 101 is a notebook type or desktop type PC used in general companies, and has an OS and an application for document editing installed therein. Among the participants in the conference, a user who creates electronic data (hereinafter referred to as electronic data or simply a file) for a conference such as presentation materials and documents creates electronic data 106 using the PC 101.

  The file server 102 is a server used for storing the electronic data 106 created on the PC 101. In the file server 102, a login account and a password are set in advance in order to restrict access, and access from anyone other than the electronic data creator and related parties is prohibited. Therefore, even a conference participant who does not have the access right cannot download the electronic data 106 even if the file server 102 is directly accessed from the mobile terminal 103.

<Configuration of mobile terminal 103>
FIG. 2 is a diagram illustrating an internal configuration of the mobile terminal 103. In this embodiment, the mobile terminal 103 is a terminal that employs a touch panel for an input / output device generally called a smartphone or a tablet, for example. The mobile terminal 103 includes an OS 201, a secondary storage device 202, a wireless LAN device 203, a Bluetooth device 204 (Bluetooth is a registered trademark, below), in addition to devices provided in general mobile terminals such as a CPU and a main storage device. The application 205 is installed.

  The secondary storage device 202 is a non-volatile storage device built in a general mobile terminal, stores an execution file of an application 205 described later, and stores electronic data 106 downloaded from the PC 101 or the file server 102. Utilized for. Note that the execution file of the application 205 is expanded on the main storage device when the application is executed by the OS and executed as an application process.

  The application 205 includes a data source access module 206, an encryption / decryption module 207, a terminal automatic connection module 208, a network management module 209, a data transmission / reception module 210, a data deletion module 211, a document module 212, and a file management DB 213. ing.

  In recent years, an application that can be installed on a mobile terminal is managed by a vendor that provides the mobile terminal, and a mobile terminal that can prevent an unauthorized application from being installed is becoming popular. In addition, in such an OS on a mobile terminal, a mobile terminal having an OS environment in which each application running on the OS is sandboxed to prevent unauthorized dependence or processing between applications is becoming common.

  In the present embodiment, it may be assumed that the mobile terminal operates on such a secure mobile terminal. As a result, the application 205 can ensure file security from other applications installed in the mobile terminal 103, and electronic data stored in the mobile terminal 103 is stored in an unintended location of the application 205. -It can be guaranteed that there will be no leakage due to copying or forwarding.

  In addition, as a check mechanism against a case where an engineer with advanced skills illegally modifies the OS 201 of the mobile terminal 103 or a low-layer driver module by reverse engineering or the like and installs an unauthorized application, MDM (Mobile Device) Management) system exists. The MDM can prevent an unauthorized mobile terminal 103 from being used in a company. In the present embodiment, by cooperating with such MDM or the like, it is possible to ensure security from installation of an unauthorized application. As described above, this embodiment may be based on the use of a mobile terminal that has been proved that an unauthorized application is not installed.

  The data source access module 206 is a module that uses the wireless LAN device 203 to access the file server 102 via the network 104 and download the electronic data 106 into the mobile terminal 103. The data source access module 206 can also access the PC 101 connected to the network 104. On the PC 101, file and folder sharing settings such as CIFS (Common Internet File System) and NFS (Network File System) are provided. It is also possible to download electronic data directly from the PC 101 when performing the above.

  The data source access module 206 also has a GUI screen management function for inputting an account and password required from the file server when accessing the file server 102 on the mobile terminal. The GUI screen will be described later.

  The encryption / decryption module 207 is a module that performs encryption / decryption processing of the electronic data 106 downloaded by the data source access module 206 and generation / management of the key thereof.

  The automatic terminal connection module 208 searches and discovers other mobile terminals 103 that are close to each other, and identifies and authenticates devices that are used by conference participants among the detected nearby mobile terminals 103. It is a module having a function to perform. In general, the Bluetooth device 204 is provided with a protocol for searching for and discovering a device for which an arbitrary service is provided by using SDP (Service Discovery Protocol).

  The terminal automatic connection module 208 executes the service of the application 205 using the Bluetooth function, that is, searches for and finds the mobile terminal 103 in which the application 205 is installed. A Bluetooth connection is temporarily made with the discovered mobile terminal 103. Then, the terminal automatic connection module 208 authenticates the mobile terminal 103 using a conference passcode (hereinafter referred to as conference passcode) determined at the location for each conference as an access key. If the conference pass codes match, the shared network 107 for electronic data transfer is constructed.

  The conference passcode is a character string of about several characters that is used to connect between the mobile terminals 103 and is arbitrarily determined by the conference organizer at the start of the conference. The conference organizer arbitrarily determines a conference passcode, and teaches the conference passcode to surrounding users in the conference room, thereby serving as a connection authentication key between the mobile terminals 103.

  The network management module 209 is a module having a function of monitoring a session of the shared network 107 connected by the terminal automatic connection module 208 and notifying the data deletion module when the session is interrupted. The terminal automatic connection module 208 constructs a full mesh type shared network 107. From each mobile terminal 103, there are sessions to all other mobile terminals 103 other than its own device. The network management module 209 monitors the connectivity of these sessions by performing periodic polling or the like. . If there is no response from the connection destination for a certain time, the network management module 209 considers that the connection destination mobile terminal has left the shared network 107.

  The data transmission / reception module 210 uses the session on the shared network 107 configured by the terminal automatic connection module 208 to transfer the electronic data 106 downloaded from the file server 102 to the mobile terminal on all mobile terminals in the shared network 107. 103 is a module having a function of performing broadcast transfer to 103.

  The data deletion module 211 is a module having a function of deleting the electronic data 106 transferred to another mobile terminal 103 by the data transmission / reception module 210. The data deletion method includes a case where the user who has transmitted the electronic data 106 intentionally executes a data deletion command to delete the data, and a communication session in the shared network 107 monitored by the network management module 209 is disconnected. There are two cases where it is forcibly deleted. Since the mobile terminal 103 has the latter deletion means, it is possible to reliably prevent omission and unauthorized use of shared data autonomously and easily on each mobile terminal 103.

  The document module 212 is a viewer for displaying the electronic data 106 on the mobile terminal 103. The document module 212 can support various formats used in a company, such as document data and presentation data. The data transmission / reception module 210 allows the electronic data 106 transmitted to all the mobile terminals 103 in the shared network 107 to be displayed using the document module 212 for an electronic conference.

<Example of shared network 107>
FIG. 3 is an explanatory diagram illustrating an example of the shared network 107. The shared network 107 is a network composed of the mobile terminals 103 in the vicinity for transmitting and receiving electronic data. The shared network 107 constitutes a network in which each mobile terminal 103 performs a full mesh connection with another terminal. By making a full mesh network connection, monitoring the communication session on each mobile terminal, and deleting the electronic data shared at the moment when the session expires, autonomous and easy on each mobile terminal 103 In addition, it is possible to reliably prevent the omission and unauthorized use of shared data.

<File management DB>
FIG. 4 is an explanatory diagram showing an example of the data structure of the file management DB 213. The file management DB 213 is a DB having a schema structure, for example, and is a database that manages the electronic data 106 downloaded from the PC 101 or the file server 102 onto the mobile terminal 103. The file URL 401 stores the file name of electronic data stored locally. The sharing attribute 402 is set to “1” if the file is set to be shared, and “0” if the file is not set to be shared. The Owner attribute 403 stores an attribute in which the mobile terminal 103 from which the file was originally transferred, that is, the transmission source device name when electronic data is shared.

<Mobile terminal screen>
5 to 9 are explanatory diagrams illustrating GUI screens of the application 205 operating on the mobile terminal 103. FIG. In the application 205, there are a DataSource screen 500 (FIGS. 5 and 6), a Local Storage screen 700 (FIG. 7), a Network screen 800 (FIG. 8), and a Shared Storage screen 900 (FIG. 9). A button is located at the bottom of the screen.

  That is, as shown in FIG. 5, when the DataSource button 501 is pressed, a DataSource screen 500 is displayed. Further, as shown in FIG. 7, when the Local Storage button 502 is pressed, a Local Storage screen 700 is displayed. Also, as shown in FIG. 8, when the ShareNetwork button 503 is pressed, a ShareNetwork screen 800 is displayed. Also, as shown in FIG. 9, when the Shared Storage button 504 is pressed, a Shared Storage screen 900 is displayed.

<DataSource screen>
5 and 6 are explanatory diagrams showing a DataSource screen. The DataSource screen is a screen that provides the user with access to the shared folder of the file server 102 or the PC 101, and is linked to the data source access module 206. In the DataSource screen, a transition button to each screen is arranged at the bottom of the screen. Since these buttons are also displayed on other screens, description thereof will be omitted hereinafter.

  The file display unit 505 displays a list of folders and files that can be downloaded when the file server 102 is accessed. The server addition button 506 is a button for newly adding an access destination file server.

  When the server addition button 506 is pressed, a server information input dialog 600 is displayed as shown in FIG. The user sets the server name of the file server 102 in which the electronic data 106 is stored, or, if stored in the PC 101, the machine name of the PC 101 to 601, the shared folder name to 602, and the account with access rights to 603. When the password is input to 604 and the OK button 605 is pressed, the file server 102 or the PC 101 to be accessed is displayed on the file display unit 505. In FIG. 5, as a result of inputting “FileServer1” information in the server information input dialog 600 shown in FIG. 6 and pressing the OK button 605, electronic data “Dir1”, “Dir2”, “Dir2” on the file server of FileServer1 are displayed. It shows a state in which “Test1.txt”, “Test2.txt”, and “Test3.txt” are visible.

  Returning to FIG. 5, the download check box 507 is a check box used to select electronic data to be downloaded from the file server 102. By checking the download check box 507 and pressing the download button 508, the electronic data 106 is downloaded from the PC 101 or the file server 102 onto the mobile terminal 103. If the file displayed on the file display unit 505 is a directory and the download check box 507 is checked and the download button 508 is pressed, all files under the directory are downloaded.

  When the directory name portion of the file display unit 505 is tapped, the directory or file in the hierarchy immediately below the directory hierarchy is displayed. The return button 509 is a button for returning to the previous screen display. When the directory hierarchy is to be displayed in the directory one level higher, the file display unit 505 is switched to the directory display in the first level by pressing the return button 509.

<Local Storage screen>
FIG. 7 is an explanatory diagram showing a Local Storage screen 700. In the Local Storage screen 700, the electronic data or directory downloaded on the DataSource screen 500 is displayed on the local file display unit 701. In this screen, by tapping the electronic data displayed on the local file display unit 701, the document module 212 can open the electronic data and display it on the screen.

  Further, on the Local Storage screen 700, it is possible to perform sharing settings for electronic data, that is, settings for distributing electronic data to other mobile terminals 103 participating in the shared network 107. The share setting is completed by checking the Share check box 702 and pressing the Share button 703. A plurality of file sharing settings can be set simultaneously.

<ShareNetwork screen>
FIG. 8 is an explanatory diagram showing a ShareNetwork screen 800. The Share Network screen 800 is a screen for starting connection of the shared network 107. In this patent, the ShareNetwork screen 800 includes a conference passcode input unit 801, an Own device display unit 802, a peripheral device display unit 803, and a connection button 804. When it is desired to transfer electronic data to another mobile terminal 103 for sharing, the pass code is input to the conference pass code input unit 801 on this screen, and the connection button 804 is pressed. As a result, the terminal automatic connection module 208 detects another nearby mobile terminal 103 and automatically joins the shared network 107, and then the electronic data set to be shared by the data transmission / reception module 210 is transferred to the other mobile terminal 103. The

<Shared Storage screen>
FIG. 9 is an explanatory diagram showing a Shared Storage screen 900. The Shared Storage screen 900 is a screen that displays the electronic data 106 shared between the mobile terminals of the users participating in the conference. The Shared Storage screen 900 includes an Own shared file display unit 901, an all delete button 902, a delete button 903, and a Peripheral shared file display unit 904. The Own shared file display unit 901 displays a list of electronic data 106 transferred and shared to other mobile terminals 103 among electronic data set to be shared on its own mobile terminal 103 (hereinafter referred to as its own mobile terminal 103). It is a part to do.

  The delete all button 902 is electronic data that is set to be shared on its own mobile terminal 103 and is shared by broadcasting a command to delete all the electronic data 106 that has already been transferred to the other mobile terminal 103 and shared. This is a button for deleting the electronic data 106 from the other mobile terminal 103. The delete button 903 is a button for transmitting a delete command for each electronic data 106 one by one.

  The Peripheral shared file display unit 904 transmits electronic data transferred to the mobile terminal 103 among files set to be shared on the other mobile terminals 103 participating in the network configured between the mobile terminals 103. It is displayed as a set with the original device name. Note that the shared electronic data can be deleted only by the mobile terminal of the transmission source that broadcasts the electronic data, so there is no delete button in the Peripheral shared file display unit 904.

<Data download flow>
FIG. 10 is a flowchart illustrating an example of a processing procedure in which the mobile terminal 103 of the creator of the electronic data 106 downloads the electronic data 106. It is assumed that the electronic data 106 is uploaded to the file server 102 to which an appropriate access right is set after the electronic data 106 is created on the PC 101 in advance.

  First, the mobile terminal 103 detects that the DataSource button 501 on the arbitrary screen of the application 205 is pressed (Step S1001), and displays the DataSource screen 500 (Step S1002). Next, the mobile terminal 103 detects pressing of the server addition button 506 (step S1003), and displays the server information input dialog 600 (step S1004).

  The mobile terminal 103 detects the input of the server name, shared folder name, access account, and password of the file server 102 by the user (step S1005), and detects that the OK button is pressed (step S1006: OK). On the other hand, when pressing of the Cancel button is detected by user input (step S1006: Cancel), the screen can return to the DataSource screen (step S1002).

  If the pressing of the OK button is detected (step S1006: OK), the mobile terminal 103 accesses the file server by the data source access module and displays the user's electronic data on the file display unit 505 of the DataSource screen (step S1006: OK). S1007). The mobile terminal 103 detects a check input to the download check box 507 of the electronic data 106 that the user wants to share in the conference (step 1008) and detects that the download button 508 is pressed (step S1009).

  The data source access module 206 of the mobile terminal 103 downloads the target electronic data 106 from the file server 102 (step S1010). The encryption / decryption module 207 of the mobile terminal 103 encrypts the downloaded electronic data 106 and stores the encrypted electronic data 106 in the secondary storage device 202 (step S1011). Thereafter, the mobile terminal 103 stores the file name in the file URL 401 of the file management DB 213, “0” in the shared attribute 402, and its mobile terminal name in the Owner attribute 403 (step S1012). Thereby, the download process is terminated.

<Proximity terminal network construction flow>
FIG. 11 is a sequence diagram illustrating an example of a processing procedure for constructing the shared network 107 by the inter-proximity mobile terminal 103. As a premise for building the shared network 107 by the inter-proximity mobile terminal 103, first, the user of the mobile terminal 103 serving as the conference organizer determines the conference passcode, and then conferences the surrounding users participating in the conference. It is assumed that a passcode is transmitted. FIG. 11 shows a construction example of the shared network 107 between three mobile terminals (the same applies to FIG. 12).

  First, each user's mobile terminal 103 detects pressing of the ShareNetwork button 503 on an arbitrary screen of each mobile terminal 103, and displays the ShareNetwork screen 800 (step S1101).

  Next, the mobile terminal 103 of each user detects the input of the conference passcode to the conference passcode input unit 801 and the pressing of the connection button 804 (step S1102). Thereby, the mobile terminal 103 of each user searches for a nearby terminal by the network management module 209 (step S1103). When the mobile terminal 103 is found, the mobile terminal 103 of each user performs pairing for the amount of the found mobile terminal 103 (step S1104).

  In this case, since a proximity terminal is searched using a Bluetooth device, only the terminal in which the application 205 is installed is found. The discovered mobile terminal 103 is temporarily connected by pairing (step S1104), and the conference pass codes set in both mobile terminals 103 are compared using a Bluetooth connection session. If the conference passcode matches, the connection continues. As a result, the mobile terminal 103 has joined the shared network 107. If the conference passcodes do not match, the connection is released and the mobile end cannot join the conference.

<Data sharing flow>
FIG. 12 is a sequence diagram illustrating an example of a data sharing process procedure between the mobile terminals 103. This sequence is based on the assumption that the electronic data 106 has been downloaded from the file server 102 to the mobile terminal 103A in the download processing procedure shown in FIG. The downloaded electronic data 106 is displayed on the LocalStorage screen 700.

  When it is desired to share the electronic data 106 between the neighboring mobile terminals 103, first, the mobile terminal 103A that holds the electronic data 106 detects that the user has pressed the Local Storage button 502 (Step S1201), and displays the Local Storage screen 700 (Step S1201). S1202). Next, the mobile terminal 103A detects a check input to the Share check box 702 at the right end of the local file display unit 701 and a press of the Share button (step S1203).

  A plurality of checks can be input to the Share check box 702. When the pressing of the Share button 703 is detected, the mobile terminal 103A sets the shared attribute 402 of the file record that is the target of the file management DB 213 to “1” (step S1204). Thereafter, the mobile terminal 103A determines whether or not the connection to the shared network 107 has been completed (step S1205). If completed (step S1205: completed), the mobile terminal 103A decrypts the encrypted electronic data 106 with the shared attribute 402 set to “1” by the encryption / decryption module 207. Then, the mobile terminal 103A calls the data transmission / reception module 210 and transmits the decrypted electronic data 106 to the mobile terminals 103 participating in the shared network 107 (103B and 103C as an example in FIG. 12) (step S1206). .

  The destination mobile terminals 103B and 103C receive the transferred electronic data 106 by the data transmission / reception module 210 (step S1207), and then encrypt the received electronic data 106 by the encryption / decryption module 207. The encrypted electronic data 106 is stored in the secondary storage device 202 (step S1208). When the storage is completed, the mobile terminals 103B and 103C newly generate a record of the stored electronic data 106 in the file management DB 213, store the shared attribute 402 as “1”, and store the source mobile terminal name in the Owner attribute 403. (Step S1209).

  In the mobile terminals 103B and 103C, the user can check the received electronic data 106 from the Shared Storage screen 900. In addition, when the user taps each electronic data on the Shared Storage screen 900, the file can be opened.

  Further, when the Shared Storage screen 900 is opened on each of the mobile terminals 103A to 103C, among the electronic data 106 stored in the file management DB 213, the sharing flag is “1” and the Owner attribute is “OWN”. The electronic data 106 is displayed on the Own shared file display unit 901. The electronic data 106 in which the sharing flag is “1” and the device name is stored in the Owner attribute is displayed under each mobile terminal name in the Peripheral shared file display unit 904.

  In this example, in the mobile terminal 103A, for the transmitted electronic data 106, the sharing flag is “1” and the Owner attribute is “OWN”. Further, in the mobile terminals 103B and 103C, with respect to the received electronic data 106, the sharing flag is “1” and the device name of the mobile terminal 103A is stored in the Owner attribute.

<Shared file deletion flow>
FIG. 13 is a flowchart illustrating an example of a procedure for forcibly deleting electronic data 106 distributed to the mobile terminal 103. Note that, as shown in the sequence of constructing the shared network 107 of neighboring mobile terminals in FIG. 11, each mobile terminal 103 has established a full mesh P2P connection that can perform Bluetooth or communication between neighboring mobile terminals. And Further, the network management module 209 of each mobile terminal 103 monitors a shared session established from the mobile terminal 103 to another mobile terminal 103. That is, the network management module 209 performs monitoring by performing periodic polling. If there is no response from the connection destination for a certain period of time, the mobile terminal is regarded as having disconnected / disconnected from the shared network 107.

  When the network management module 209 of a certain mobile terminal 103 detects disconnection of a shared session with a certain mobile terminal 103 in the shared network 107 (step S1301), the target mobile terminal name of the disconnected session is acquired (step S1302). ). The target mobile terminal name is acquired from the session information of the shared session.

  For example, when the shared network 107 is constructed by the mobile terminals 103A to 103C in the conference room, when the owner of the mobile terminal 103C has the mobile terminal 103C and leaves the conference room, the mobile terminal 103C , 103B. Therefore, the mobile terminal 103C acquires the mobile terminal names of the mobile terminals 103A and 103B.

  On the other hand, the mobile terminals 103A and 103B are disconnected from the mobile terminal 103C, respectively, but the connection is maintained between the mobile terminals 103A and 103B. Therefore, each of the mobile terminals 103A and 103B acquires the mobile terminal name of the mobile terminal 103C.

  The mobile terminal 103 acquires all the file URLs 401 in which the mobile terminal name acquired in step S1302 is set in the Owner attribute 403 of the file management DB 213 (step S1303). Thereafter, the mobile terminal 103 deletes all the electronic data 106 specified by the file URL 401 acquired in step 1303 from the secondary storage device 202 (step S1304). Finally, the mobile terminal 103 completes the deletion process by deleting all the records of the electronic data 106 deleted in step S1304 from the file management DB 213 (step S1305).

  For example, in the example of the mobile terminals 103A to 103C described above, the electronic data 106 from the mobile terminals 103A and 103B is deleted in the mobile terminal 103C. Similarly, in the mobile terminals 103A and 103B, the electronic data 106 from the mobile terminal 103C is deleted.

  In the mobile terminal 103C, the electronic data 106 downloaded from the file server 102 by the mobile terminal 103C may be stored without being deleted. This is because it is not specified whether the terminal 103 has left the shared network 107 or whether the mobile terminal 103 to be disconnected has left the shared network 107. For this reason, in the mobile terminal 103A, the electronic data 106 downloaded from the file server 102 by the mobile terminal 103A and the electronic data 106 from the mobile terminal 103B are not deleted. Therefore, the mobile terminals 103A and 103B remaining in the shared network 107 can continue to display the electronic data 106 (excluding the electronic data 106 of the mobile terminal 103C).

  Thus, by not specifying which mobile terminal 103 has left the shared network 107, it is possible to speed up the deletion of the electronic data 106 by simplifying the processing, and to prevent leakage.

  When the DeleteAll button 902 or the Delete button 903 on the Shared Storage screen 900 is pressed, the mobile terminal 103 broadcasts a deletion command for deleting the electronic data 106 to be deleted to each mobile terminal 103 by the data deletion module 211.

  In each mobile terminal 103 that has received the deletion command, the data deletion module 211 can also delete the target electronic data 106 stored in the secondary storage device 202. Then, the data deletion module 211 deletes the deletion target record stored in the file management DB 213, thereby completing the deletion.

  In the above-described embodiment, the full mesh type shared network 107 has been described as an example, but is not limited to the full mesh type. For example, it is only necessary that a certain mobile terminal 103 is a master and another mobile terminal 103 is a slave, and the master and the slave are connected. In this case, the download of the electronic data 106 and the distribution of the downloaded electronic data 106 are executed only by the master, and the deletion of the electronic data is executed between the master and the slave.

  In this case, when a certain slave leaves the shared network 107, the electronic data 106 distributed from the master is deleted in the slave by the processing shown in FIG. On the other hand, even when the master leaves the shared network 107, the slave deletes the electronic data 106 distributed from the master by the processing shown in FIG. Note that the detached master may retain or delete the electronic data 106 downloaded from the file server 102 by the master.

  For example, if the master is disconnected from one slave and the connection with another slave is maintained, it can be considered that the slave has left, so the master holds the electronic data 106 downloaded from the file server 102 by the master. Leave. On the other hand, when all the slaves are disconnected, it can be considered that either the master or all the slaves have left, so the master may delete the electronic data 106 downloaded from the file server 102 by the master.

  In the above-described embodiment, the example in which the full-mesh shared network 107 is constructed by Bluetooth has been described. However, the present invention is not limited to this example. For example, infrared communication, Wi-Fi direct, ad hoc network, and the like can be used. It is also possible to use near field communication.

  Note that the present invention is not limited to the embodiments as they are, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiments. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

  In addition, each configuration, function, processing unit, processing unit, and the like described in the embodiments may be realized in hardware by designing a part or all of them with, for example, an integrated circuit. Further, each of the above-described configurations, functions, etc. may be realized by software by the processor interpreting and executing a program that realizes each function. Information such as programs, tables, and files for realizing each function is stored in a recording or storage device such as a memory, a hard disk, an SSD (Solid State Drive), or a recording or storage medium such as an IC card, SD card, or DVD. be able to.

  Furthermore, in the above-described embodiment, control lines and information lines are those that are considered necessary for explanation, and not all control lines and information lines on the product are necessarily shown. All the components may be connected to each other.

  As described above, according to this embodiment, when a conference is performed using a mobile terminal, installation of a dedicated management server and complicated settings such as a network on each conference participant's terminal are eliminated, and immediately when intended. In addition, data can be distributed, shared and used only with the intended party and the intended location, and when the user leaves the intended location, the data can be deleted immediately and reliably. Therefore, it is possible to suppress data leakage.

100 Information processing system 102 File server 103 Mobile terminal 104 Network 105 Conference room 106 Electronic data 107 Shared network 205 Application 206 Data source access module 207 Encryption / decryption module 208 Terminal automatic connection module 209 Network management module 210 Data transmission / reception module 211 Data Delete module 212 Document module

Claims (6)

A monitoring program stored in the memory of each of a plurality of terminals constituting a network capable of communication by short-range wireless communication, and executed by each processor of the plurality of terminals,
A receiving procedure for receiving the data from a storage device for storing data or a transmission source terminal for storing the data in the network;
A storage procedure for storing data received by the reception procedure in a storage device of the terminal;
A detection procedure for detecting a disconnection with another terminal in the network;
When it is detected that the connection with the other terminal is disconnected by the detection procedure, a deletion procedure for deleting the data stored in the storage device by the storage procedure;
To the processor. A setting procedure for setting identification information indicating that the data is transmitted from the transmission source terminal when the data is received from the transmission source terminal by the reception procedure;
When the detection procedure detects that the connection with the other terminal is disconnected, the processor executes a specific procedure for specifying data corresponding to the identification information set by the setting procedure,
The monitoring program according to claim 1, wherein in the deletion procedure, the data specified by the specification procedure is deleted from the data stored in the storage device. In the setting procedure, when the data is received from the storage device by the reception procedure, identification information indicating that the data is received from the storage device is set,
The deletion procedure does not delete data corresponding to identification information that is specified by the specifying procedure and that indicates that the data has been received from the storage device among data stored in the storage device. Item 3. The monitoring program according to item 2.   The monitoring program according to claim 1, wherein when the data is received from the storage device by the reception procedure, the processor is caused to execute a transmission procedure for transmitting the data to each terminal in the network. For each of the other terminals among the plurality of terminals, causing the processor to execute a connection procedure for performing short-range wireless communication connection with the same password,
In the reception procedure,
The monitoring program according to claim 1, wherein the data is received from a source terminal that stores the data in the network constructed by the storage device or the connection procedure. Each of a plurality of terminals constituting a network capable of communication by short-range wireless communication
A receiving procedure for receiving the data from a storage device for storing data or a transmission source terminal for storing the data in the network;
A storage procedure for storing data received by the reception procedure in a storage device of the terminal;
A detection procedure for detecting a disconnection with another terminal in the network;
When it is detected that the connection with the other terminal is disconnected by the detection procedure, a deletion procedure for deleting the data stored in the storage device by the storage procedure;
The monitoring method characterized by performing.