JP2006268574A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To easily identify a user in a P2P system and to easily transfer information between peer devices. <P>SOLUTION: A peer device receives user information stored in a device with an ID (steps 300 to 304), recognizes a user corresponding to the received user information (step 306), and designates a work group that the recognized user belongs to and a workspace (on a common data repository) that the work group uses (step 312) to stores common information of the designated work group in the workspace on the common data repository 18F. The common information stored in the workspace on the common data repository 18F is ciphered, so a common key is deciphered with a secret key and the deciphered common key is used to decipher the common information (steps 316 and 318). Consequently, the common information can be accessed and environment of the work group can be structured by the device with the ID at an arbitrary peer in P2P environment. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information processing device, an information processing method, an information processing program, and a peer-to-peer system, and more specifically, an information processing device for exchanging information between a plurality of peer devices connected via a network, and information processing The present invention relates to a method, an information processing program, and a peer-to-peer system.

  2. Description of the Related Art Conventionally, there are a client / server (hereinafter referred to as C / S) system and a peer-to-peer (hereinafter referred to as P2P) system as forms of network systems in which devices such as computers are connected to each other via a network.

  The C / S system is a system in which a server executes various services for managing various information resources and providing various applications, which are used by clients, and is a system in which a master-slave relationship is fixed.

  On the other hand, in the P2P system, a dedicated server is basically not provided, and each peer (for example, a personal computer) connected to the network provides a predetermined service to another peer in some cases. The system operates like a server, and in some cases operates like a client using a service provided by another peer, and each peer is an equivalent system. Various techniques have been proposed for such P2P systems (see, for example, Patent Document 1 and Patent Document 2).

  One of the features of this P2P system is that it is relatively easy to maintain position independence. For example, a user can belong to one or more “workgroups”. That is, the work group is a group composed of one or a plurality of users. A user who belongs to the work group can use a work space, which is an area in which information is shared and stored in each group. Since information exchanged on this workspace is replicated by a plurality of peers, the workspace can be accessed from a peer device at a different location if it can be connected to any peer device.

  Accordingly, a P2P network that can exchange information between users belonging to a work group can be constructed by a P2P system based on a connection between peer devices of users belonging to the work group.

Here, when a user accesses a new peer device, it is necessary to identify the workgroup to which the user belongs. Conventionally, a method for identifying a user by inputting a user name, an e-mail address and a password has been used. This method is complicated, and there is a problem that it is difficult to use advanced protection such as PKI technology. In addition, since the identification information of the workspace to which the user belongs cannot be directly provided, an information management mechanism for that is required separately. As this personal authentication, a technique that enables personal authentication by a portable terminal computer holding a user ID has been proposed (see, for example, Patent Document 3).
JP 2002-335269 A JP 2003-256363 A JP 2002-117066 A

  However, regarding the personal authentication operation in the peer device on the P2P system, the workplace information is not centrally managed because of the property of directly exchanging information between the peer devices in the P2P system. It is difficult to quickly restore the personal environment on the peer device and reproduce the information distribution route between peers only with personal identification information having a small amount of information such as a simple user name.

  The present invention has been made in consideration of the above-mentioned facts, and is an information processing apparatus that can easily identify a user in a P2P system and can easily exchange information between peer apparatuses. It is an object to provide a method, an information processing program, and a peer-to-peer system.

  In order to achieve the above object, the invention according to claim 1 functions as a peer device that exchanges information in a peer-to-peer environment in which a plurality of devices connected to a network are recognized as peer devices and information is exchanged between peer devices. Storing information about a work group to which one or a plurality of users permitted as a target of information exchange in the peer-to-peer environment belongs, and information between peer devices of users belonging to the work group Storage means provided with a shared area as a work space for sharing, reading means for reading the user information from ID storage means for storing user information for identifying the user, and groups stored in the storage means Based on the information, the word to which the user of the user information read by the reading means belongs A specifying unit for specifying a group, a receiving unit for receiving shared information shared by the work group specified by the specifying unit from a peer device belonging to a work group including its own peer device, and a sharing received by the receiving unit Construction means for constructing a workspace by storing information in a corresponding shared area of the storage means.

  The information processing apparatus according to the present invention allows a peer device to recognize an ID storage unit that stores user information such as a device with an ID, so that the owner of the ID storage unit is a user on the P2P system (P2P network). Can be recognized.

  That is, the storage unit of the information processing apparatus functioning as a peer apparatus stores group information and provides a shared area as a work space. The group information stores group information representing a work group to which one or a plurality of users allowed as information exchange targets in a peer-to-peer environment belong. The shared area is a work space for sharing information between peer devices of users belonging to the work group. The reading unit reads user information from the ID storage unit. This ID storage means stores user information for identifying the user. Based on this user information and group information, the specifying means specifies the work group to which the user belongs. The receiving means receives shared information shared by the specified work group from peer devices belonging to the work group including the own peer device. In this case, it requests other peer devices to transmit shared information shared by the specified work group. The construction unit stores the shared information received by the reception unit in a corresponding shared area of the storage unit to construct a workspace. Thereby, the user can be recognized by the peer device only by storing the user information in the ID storage means, and the shared information for participating in the peer-to-peer network is transferred to the peer device that has read the user information from the ID storage means. You can store it and you can easily build a workspace.

  According to a second aspect of the present invention, the ID storage means further stores a user secret key of the stored user information, the reading means reads the user information and secret key from the ID storage means, and the construction The means is characterized in that the shared information encrypted with the public key of the user is decrypted with a secret key when the workspace is constructed.

  In the present invention, user authentication information (secret key) is held in addition to user information, thereby strongly protecting user information.

  That is, using the secret key read by the reading means from the ID storage means further storing the user's private key, the construction means secretly shares the shared information encrypted by the user's public key when constructing the workspace. Decrypt with key. In this way, the secret key only needs to be stored in the ID storage means, and there is no need to provide a centralized key management mechanism. In addition, when taking measures such as transferring via a peer device, it is not necessary to deal with various threats on the route, and user information can be strongly protected.

  According to a third aspect of the present invention, the ID storage means further comprises an authentication calculation means for executing the decryption process on the input data with the stored secret key and outputting the execution result. It further comprises a confirmation means for encrypting with the user's public key read by the reading means and outputting to the ID storage means, and confirming that the output data from the ID storage means matches the confirmation information. It is characterized by that.

  In the present invention, the reliability of user information is further improved by confirming user authentication information (secret key).

  That is, the ID storage means further includes an authentication calculation means for executing the decryption process on the input data with the stored secret key and outputting the execution result. The information processing means further includes a confirmation means, and the confirmation means encrypts it with the user's public key based on the user information read from the predetermined confirmation information and outputs it to the ID storage means, and output data from the ID storage means Confirm that the URL matches the verification information. This confirmation makes it possible to confirm the reliability of the secret key stored in the ID storage means.

  According to a fourth aspect of the present invention, the ID storage means further stores at least a part of shared information shared by the work group for storing in the shared area as the work space, and the reading means stores the ID storage. The shared information stored in the means is further read, and the construction means stores the shared information read by the reading means in a corresponding shared area of the storage means to construct a workspace.

  According to the present invention, by storing information related to a work group to which the possessed user belongs in the ID storage means, the corresponding work space can be quickly restored on the peer device.

  That is, the ID storage means further stores at least a part of the shared information shared by the work group for storing in the shared area as a work space. The reading means further reads the shared information stored in the ID storage means, and the construction means stores the shared information read by the reading means in a corresponding shared area of the storage means to construct a workspace. By doing so, it becomes unnecessary to store the shared information in the information processing apparatus, that is, in the peer apparatus, and the shared information is transferred between the ID storage unit and the information processing apparatus that reads the shared information. Therefore, the shared information can be quickly restored without waiting for the transfer from the information processing apparatus as another peer.

  The information processing apparatus includes functions according to the following information processing method.

  Specifically, the invention of claim 5 is an information processing method in a peer device that exchanges information in a peer-to-peer environment in which a plurality of devices connected to a network are recognized as peer devices and information is exchanged between peer devices. Storing group information representing a work group to which one or a plurality of users allowed as information exchange targets in the peer-to-peer environment belong, and sharing information between peer devices of users belonging to the work group Providing a shared area as a work space, reading the user information from ID storage means storing user information for identifying a user, and reading the user information based on the stored group information Identifying the workgroup to which the user belongs, and the identified workgroup Receiving shared information from a peer device belonging to a work group including its own peer device, and storing the shared information received by the receiving unit in a corresponding shared area of the storage unit to create a workspace. And a building step.

  In the invention of claim 6, the ID storage means further stores a user secret key of the stored user information, and the step of reading the user information reads the user information and the secret key from the ID storage means, The step of building the workspace is characterized in that the shared information encrypted with the public key of the user is decrypted with a secret key when building the workspace.

  According to a seventh aspect of the present invention, the ID storage means further comprises authentication calculation means for executing decryption processing with the stored secret key and outputting an execution result, and the predetermined confirmation information The method further comprises the step of encrypting with the user's public key based on the user information read by the reading means and outputting to the ID storage means and confirming that the output data from the ID storage means matches the confirmation information. It is characterized by.

  In the invention according to claim 8, the ID storage means further stores at least a part of shared information shared by the work group for storing in the shared area as the work space, and reading the user information includes the step of reading the user information. The step of further reading the shared information stored in the ID storage means and constructing the workspace includes constructing the workspace by storing the shared information read by the reading means in the corresponding shared area of the storage means. Features.

  The processing executed by the information processing apparatus includes a step executed by a computer by the following information processing program.

  Specifically, the invention according to claim 9 is directed to a computer in a peer device that exchanges information in a peer-to-peer environment in which a plurality of devices connected to a network are recognized as peer devices and information is exchanged between peer devices. An information processing program for executing processing, wherein the information processing stores group information representing a work group to which one or a plurality of users permitted as an object to exchange information in the peer-to-peer environment belongs, and the work group Providing a shared area as a work space for sharing information between peer devices of users belonging to the user, reading the user information from ID storage means storing user information for identifying the user, The user of the read user information based on the stored group information A step of identifying a work group to which the user belongs, a step of receiving shared information shared by the identified work group from a peer device belonging to a work group including its own peer device, and the shared information received by the receiving unit. And storing in a corresponding shared area of the storage means to construct a workspace.

  In the invention of claim 10, the ID storage means further stores a user secret key of the stored user information, and the step of reading the user information reads the user information and the secret key from the ID storage means, The step of building the workspace is characterized in that the shared information encrypted with the public key of the user is decrypted with a secret key when building the workspace.

  The invention according to claim 11 is further characterized in that the ID storage means further comprises an authentication calculation means for executing a decryption process with the stored secret key and outputting an execution result, and the predetermined confirmation information is provided as the confirmation information. The method further comprises the step of encrypting with the user's public key based on the user information read by the reading means and outputting to the ID storage means and confirming that the output data from the ID storage means matches the confirmation information. It is characterized by.

  According to a twelfth aspect of the present invention, the ID storage means further stores at least a part of shared information shared by the work group for storing in the shared area as the work space, and reading the user information includes the step of: The step of further reading the shared information stored in the ID storage means and constructing the workspace includes constructing the workspace by storing the shared information read by the reading means in the corresponding shared area of the storage means. Features.

  The information processing apparatus and method can be used in a peer-to-peer system that exchanges information in a peer-to-peer environment in which a plurality of apparatuses connected to a network are recognized as peer apparatuses and information is exchanged between peer apparatuses.

  Specifically, the invention of claim 13 is a peer-to-peer system for transferring information in a peer-to-peer environment in which a plurality of devices connected to a network are recognized as peer devices and information is transferred between peer devices. At least one of the devices stores group information representing a work group to which one or a plurality of users permitted to exchange information in the peer-to-peer environment belongs, and a peer device of a user belonging to the work group Storage means provided with a shared area as a work space for sharing information, reading means for reading the user information from ID storage means for storing user information for identifying the user, and storage in the storage means The user of the user information read by the reading means based on the group information Identifying means for identifying the work group to which it belongs, receiving means for receiving shared information shared by the work group identified by the identifying means from peer devices belonging to the work group including its own peer device, and receiving by the receiving means Construction means for constructing a workspace by storing the shared information in a corresponding shared area of the storage means.

  In the invention of claim 14, the ID storage means further stores a user secret key of the stored user information, the reading means reads the user information and the secret key from the ID storage means, and the construction means Is characterized in that the shared information encrypted with the public key of the user is decrypted with a secret key when the workspace is constructed.

  According to a fifteenth aspect of the present invention, the ID storage means further includes an authentication calculation means for executing decryption processing on the input data with the stored secret key and outputting an execution result, and the predetermined confirmation information The information processing apparatus further includes a confirmation unit configured to encrypt the user's public key based on the user information read by the reading unit and output the encrypted information to the ID storage unit, and to confirm that output data from the ID storage unit matches the confirmation information. It is characterized by that.

  According to a sixteenth aspect of the present invention, the ID storage means further stores at least a part of shared information shared by the work group for storing in the shared area as the work space, and the reading means includes the ID storage means. The construction information is further read, and the construction means constructs a workspace by storing the shared information read by the reading means in a corresponding shared area of the storage means.

  As described above, according to the present invention, by causing the peer device to recognize the ID storage means storing user information such as a device with an ID, the P2P system (P2P network) with the owner of the ID storage means as the user It has the effect that it can be recognized as a user above.

  Hereinafter, embodiments of the present invention will be described. First, prior to describing the embodiment of the present invention, the concept of the P2P network constituting the P2P system will be described.

  FIG. 1 conceptually shows the network configuration of the P2P network 10. As shown in FIG. 1, the P2P network 10 has a configuration in which the peers 12A to 12G are virtually connected to each other. Actually, for example, the peers 12A to 12C are peers that are under access restriction by a firewall. The peers 12C to 12E are peers connected to the Internet, and the peers 12E to 12G are peers whose addresses are translated by NAT (Network Address Translation).

  There are various connection methods between peers, such as using TCP (Transmission Control Protocol) connection using IPv4 (Internet Protocol version 4) or IPv6 (Internet Protocol version 6) functions, or using HTTP (HyperText Transfer Protocol). Or SMTP (Simple Mail Transfer Protocol) can be used.

  Here, the term “peer” refers to, for example, a computer such as a personal computer, a PDA (Personal Digital Assistance), a mobile phone, a printer, a copier, a hardware such as a multi-function machine having a plurality of these functions, or these functions. Software. Also, each peer can participate in a P2P network regardless of whether it is of the same type or a different type.

  2 and 3 show an example of a physical form in the case of constructing a P2P network using a device such as a computer as a peer. FIG. 2 shows a form of pure P2P in which all of the peers 14A to 14K are in an equal relationship. FIG. 3 provides a server 14S, entrusting the provision of some services to the server 14S, and other services. In Fig. 5, the form of hybrid P2P realized by peers 14A to 14H in an equal relationship is shown. The present invention can be applied in any of these forms.

  As shown in FIG. 4, users or peers who log on to each peer participating in the P2P network can form a group according to the purpose. In FIG. 4, all of the peers 12A to 12G belong to the group 1, and the peers 12A, 12C, 12E, and 12F belong to the group 2, and the peers 12B, 12E, 12F, and 12G belong to the group 3. Each user or peer may belong to a single group or may belong to a plurality of groups. Also, a user or peer does not necessarily have to belong to a group.

  FIG. 5 shows the basic configuration of each peer participating in the P2P network 10. As illustrated in FIG. 5, the peer 12 includes a P2P infrastructure configuration unit 16, a P2P infrastructure management data storage unit 18, an application execution unit 20, and an application memory 22.

  The P2P infrastructure configuration unit 16 includes a message control unit 24, a data management unit 26, a transmission unit 28, and a reception unit 30.

  The transmission unit 28 transmits the message received from the message control unit 24 toward the network 32.

  The receiving unit 30 receives data necessary for its own peer among data transmitted and received in the P2P network 10. It is always in a reception standby state, receives various requests and data from other peers of the P2P network 10, and passes them to the message control unit 24. The transmitter 28 operates independently and in parallel.

  FIG. 6 shows a schematic configuration of the message control unit 24. As shown in FIG. 6, the message control unit 24 includes a service execution unit 34 and a message dispatch unit 36.

  The service execution unit 34 includes a peer search service unit 38, a notification information disclosure service unit 40, a notification information acquisition service unit 42, a group management service unit 44, a user management service unit 46, and a peer management service unit 48. Each service unit executes each service while exchanging information with each other.

  The peer search service unit 38 has a function of searching for a peer participating in the P2P network and a function of searching for a peer that can provide a service (function) required by the peer. The search range can be controlled by designating the name and attribute of the required service, the threshold value for the number of hops, and the like. Here, the number of hops is the number of peers through which a message is transmitted.

  The notification information disclosure service unit 40 has a function of publishing information such as services that can be provided by its own peer on the P2P network as notification information. Here, the services that can be provided include, for example, a group management service and a user management service, which will be described later, in addition to an application executed by the application execution unit 20. The announcement information may be disclosed, for example, when there is an inquiry from another peer, when the own peer is activated, or periodically.

  In this way, the announcement information is published on the P2P network by the announcement information disclosure service unit 40 of each peer, so what kind of service each peer participating in the P2P network can use on the P2P network can be determined. I can grasp it.

  The notification information acquisition service unit 42 acquires the notification information transmitted from the peer searched by the peer search service unit 38 or the notification information spontaneously transmitted from another peer, and passes it to the data management unit 26. The data management unit 26 stores the acquired notification information in the P2P infrastructure management data storage unit 18 as peer information. Thereby, the peer can grasp what service is provided by other peers participating in the P2P network.

  The group management service unit 44 has a function of managing participation in or withdrawal from a group composed of peers having the same purpose, creation of a new group, and the like based on group information. The group information is, for example, information representing a correspondence relationship between at least a group ID and a user ID, and is stored in the P2P infrastructure management data storage unit 18. By referring to this group information, it is possible to grasp which user belongs to which group.

  The user management service unit 46 has a function of managing user information. User information includes, for example, logon information indicating the correspondence between a peer ID and a user ID logged on to the peer, information about the user himself such as the user name and email address, and the group ID of the group to which the user belongs. Information is stored in the P2P infrastructure management data storage unit 18.

  The peer management service unit 48 has a function of managing peer information of peers participating in the P2P network.

  The message dispatch unit 36 analyzes a message from the application execution unit 20 and a message transmitted / received to / from another peer, and passes control to a service unit that should perform processing related to the analyzed message in the service execution unit 34.

  The P2P infrastructure management data storage unit 18 stores route information 18A, group information 18B, adjacent information 18C, peer information 18D, and user information 18E.

  The route information 18A includes information on a route in the P2P network, for example, information related to a spanning tree described later.

  As described above, the group information 18B is information representing a correspondence relationship between at least a group ID and a user ID, for example.

  The adjacency information 18C includes information on a peer adjacent to the own peer, for example, information such as a peer ID. Here, the adjacent peer can be, for example, a peer within a predetermined time that is a response time for a packet transmitted from the own peer. The adjacent information can be generated based on, for example, a response time obtained in a process of communicating with another peer, but may be set manually by an operator's operation or the like.

  The peer information 18D is information related to the peer searched by the peer search service unit 38, for example, information such as a peer ID, information related to a service provided by each peer on the P2P network acquired by the notification information acquisition service unit 42, etc. including. Here, for example, an IP address or a URI (Uniform Resource Identifier) can be used as the peer ID.

  As described above, the user information 18E includes user logon information, information about the user himself, and the like.

  The application execution unit 20 executes various applications, and transmits and receives messages to and from other peers via the message control unit 24. The application memory 22 is a memory for storing various types of information related to the execution of the application execution unit 20.

  Next, a specific example in the case where the target service is searched and executed in the P2P network will be described.

  First, in a P2P network comprising a peer with a transfer function that has a function of transferring a message to another peer and an end peer that does not have a transfer function and that transmits and receives messages to and from another peer via the peer with a transfer function Processing executed by the peer peer and end peer P2P infrastructure configuration unit 16 will be described. In addition, the peer with a transfer function has a configuration in which the service execution unit 34 includes a transfer function service unit (not shown).

  FIG. 7 shows a flowchart of processing executed by the end peer, and FIG. 8 shows a flowchart of processing executed by the peer with transfer function.

  As shown in FIG. 7, in step 100, the end peer sends a search request for a peer with a forwarding function to, for example, another peer with a forwarding function set in the setting information stored in the peer in advance, It transmits to the peer-to-peer network to other peers with a transfer function by broadcasting. This is executed by the peer search service unit 38.

  In step 102, it is determined whether or not there is a peer with transfer function. If there is a peer with transfer function, the process proceeds to step 104. If there is no peer with transfer function, the process proceeds to step 100. Return, for example, search for a peer with a transfer function again after a predetermined time.

  In step 104, a request is made to the peer with transfer function to acquire notification information of the other peer logged on by the user logged on to the peer or another user belonging to the group to which the peer belongs. This is executed by the notification information acquisition service unit 42.

  In step 106, it is determined whether or not the notification information has been received from the peer with transfer function. If not received, the process proceeds to step 110. If received, the received notification information is changed to step 108 in step 108. It is stored as peer information 18D in the P2P infrastructure management data storage unit 18.

  In step 110, it is determined whether a service request has occurred. For example, when an application is executed by the application execution unit 20 by an operation of a user logged on to the peer and a service request is generated, the service request is notified from the application execution unit 20 to the message control unit 24. In this case, the process proceeds to step 112. If a service request has not occurred, the process proceeds to step 116.

  In step 112, a message corresponding to the generated service request is created and transmitted to the peer with transfer function. For example, when the service request from the application execution unit 20 is a request to acquire a desired file, a file search including information for specifying the desired file such as a file name notified from the application execution unit 20 Send a request message to a peer with forwarding capability.

  In step 114, response processing for the transmitted message is performed. That is, a response message for the transmitted message is received, and processing corresponding to the content of the received response message is performed. For example, if the service request is a request to acquire a predetermined file, if there is a peer that owns the file, the peer information is received as a response message, and this is sent to the application execution unit 20. Notice. In this case, the application execution unit 20 requests the message control unit 24 to transmit a file transmission request to the peer that owns the desired file based on the received peer information. Thereby, a desired file can be acquired.

  In step 116, it is determined whether or not a request message for requesting some service provision or information provision from another peer is received from the peer with transfer function. If the request message has been received, the process proceeds to step 118. If the request message has not been received, the process returns to step 106 and the same processing as described above is repeated.

  In step 118, processing for the request is executed. In step 120, a message corresponding to the processing result is transmitted to the peer with transfer function. For example, when a file search request message is received from another peer, the request message is passed to the application execution unit 20 that executes file search. As a result, the file search is executed in the application execution unit 20 and the search result is notified to the message control unit 24. The message control unit 24 creates a response message based on the search result notified from the application execution unit 20, and transmits the response message to the transmission source peer of the file search request message. For example, if the file can be searched, a response message including information such as the peer ID of the own peer is created and transmitted to the peer that is the transmission source of the file search request message. Thus, the transmission source peer can confirm whether or not a desired file has been searched.

  Next, processing executed by the peer with a transfer function will be described.

  As shown in FIG. 8, in step 200, the peer with a forwarding function, for example, another forwarding function with respect to another peer with a forwarding function set in the setting information stored in advance in its own peer, or by multicast or broadcast. The attached peer is requested to transmit various information such as group information and user information, and the information is acquired. The acquired information is stored in the P2P infrastructure management data storage unit 18. Thereby, it is possible to obtain information on the peers constituting the P2P network and information on logged-on users.

  In step 202, the adjacent information 18C stored in the P2P infrastructure management data storage unit 18 is notified to all peers with a transfer function adjacent to the peer. The adjacency information 18C includes at least information on a peer with a transfer function next to its own peer, and further includes adjacency information if adjacent information possessed by another peer has already been acquired. .

  In step 204, the neighboring peer with transfer function is requested to acquire the neighbor information and is acquired. In this way, neighbor information is exchanged with a peer with a transfer function next to the peer.

  In step 206, configuration information of the spanning tree is generated based on the exchanged adjacent information, and is stored as route information in the P2P infrastructure management data storage unit 18. Here, the spanning tree represents a route in which a message transfer route has a tree structure without a loop.

FIG. 9 shows an example of the spanning tree. For example, as shown in FIG. 9A, the P2P network has a transfer function that belongs only to group 1, a transfer function peer 50 ₁ that belongs only to group 2, a transfer function peer 50 ₂ that belongs only to group 2, and a transfer function that belongs to any of groups 1 and ₂ . It is assumed that the attached peer 50 ₁₂ , the peer 50n with a transfer function that does not belong to any group, and end peers (not shown in FIG. 9) existing behind these peers with the transfer function. In this case, the spanning tree is a tree-structured path without a loop as shown in FIG.

  In the next step 208, it is determined whether or not a message transmission request from the end peer has been received. If received, the process proceeds to step 210. If not received, the process proceeds to step 212.

  In step 210, the message is transferred based on the path information as the configuration information of the spanning tree. For example, in the case where a network as shown in FIG. 9A is constructed, a case where the end peer belongs to, for example, group 1 and a request message for group 1 is transmitted to the peer with transfer function will be described. In this case, the forwarding peer includes all the forwarding peers responsible for forwarding messages to end peers belonging to group 1, and a spanning tree in which messages are forwarded to all the forwarding peers, for example, A spanning tree as shown in FIG. 9C is calculated based on the path information. Then, the forwarding function peer forwards the request message from the end peer to all the neighboring forwarding function peers based on the calculated spanning tree. As a result, the message is transferred to peers with a transfer function on the spanning tree shown in FIG. 9C, and the message is transferred to all end peers of group 1. When a message transmission request for group 2 is transmitted to a peer with a transfer function, a spanning tree as shown in FIG. 9D is calculated.

  In the next step 212, it is determined whether or not a message has been received from the adjacent peer with transfer function. If received, the process proceeds to step 214. If not received, the process returns to step 208 to return to the above. Similar processing is repeated. Note that it is also possible to periodically return to step 200 and periodically calculate the spanning tree.

  In step 214, if the message needs to be forwarded based on the calculated spanning tree, that is, if there is a peer with forwarding function that does not forward the message among neighboring peers with forwarding function on the spanning tree, The message is transferred to the peer with the transfer function. If the received message is addressed to the same group as the end peer that is responsible for transferring the message, the received message is transferred to the end peer.

  Thus, each peer with a forwarding function calculates a spanning tree and forwards a message according to this spanning tree calculation, whereby it is possible to send and receive messages between end peers in the same group.

  The configuration of transferring a message by a peer with a transfer function as described above is suitable mainly when a P2P network is constructed with a relatively small network such as a LAN (Local Area Network). When configuring a P2P network, messages are transmitted and received between peers connected to different networks via a firewall, a gateway, or the like. Below, the form suitable when constructing a P2P network with such a comparatively large-scale network is demonstrated.

  A P2P network 11 illustrated in FIG. 10 includes a plurality of networks 52 to 58, and the network 52 is connected to the network 54 via routers 60 and 62 and is connected to the network 58 via a router 64. The network 56 is connected to the network 58 via the router 66.

  The network 52 is configured to include end peers 52A and 52B and a queuing function peer 52C, the network 54 is configured to include an end peer 54A, the network 56 is configured to include an end peer 56A, and the network 58 is a relay function peer. 58A is included. Note that the peer with waiting function has a configuration in which a service function unit (not shown) is provided in the service execution unit 34, and the peer 58A with relay function has a configuration in which the service execution unit 34 has a relay function service unit (not shown). .

  In the P2P network 11 configured as described above, the end peer executes substantially the same processing as that shown in the flowchart of FIG. That is, the process executed by the end peer in the P2P network 11 can be considered to execute the process in which the transfer function peer is replaced with the waiting function peer in the description of the flowchart of FIG.

  The peer with a relay function is basically a peer that operates as a so-called gateway. A peer with a relay function first has various information such as group information and user information for other peers set in advance in the setting information stored in its own peer, or for other peers by multicast or broadcast. Is requested to transmit the information. When a message is received from another peer, the message is transferred to the peer designated as the transmission destination.

  Next, processing executed by the peer with a waiting function will be described.

  FIG. 11 is a flowchart showing the flow of processing executed by the peer with a waiting function.

  First, in step 300, for example, for other peers with transfer function preset in the setting information stored in the own peer, or for various peers such as group information and user information for other peers by multicast or broadcast. Request to send information.

  In step 302, it is determined whether or not any information from other peers, for example, information such as group and user information requested in step 300, announcement information from other peers, etc. is received. If it has not been received, the process proceeds to step 306.

  In step 304, the information received from the other peer is stored in the P2P infrastructure management data storage unit 18. For example, if the received information is group information, it is stored in the P2P infrastructure management data storage unit 18 as group information 18B, and if the received information is user information, it is stored in the P2P infrastructure management data storage unit 18 as user information 18E.

  In Step 306, it is determined whether or not a request message for requesting some service provision or information provision has been received from the end peer. If received, the process proceeds to Step 308. If not received, Step 306 is performed. Returning to 302, the same processing as described above is repeated.

  In step 308, it is determined whether or not information corresponding to the request message is stored in the P2P infrastructure management data storage unit 18 of the own peer. If it is stored, the process proceeds to step 310 and is not stored. If so, the process proceeds to step 312.

  In step 310, information corresponding to the request message is read from the P2P infrastructure management data storage unit 18 and transmitted to the requesting peer.

  On the other hand, in step 312, the request message is transferred to the adjacent peer. As a result, the request message is propagated to other peers. As a result, a response message is transmitted from a peer capable of executing processing corresponding to the request message.

  In step 314, a response message transmitted from a peer capable of performing processing corresponding to the request message is received and transmitted to the requesting end peer.

  Here, a case where the peer 54A of the network 54 makes a search request for notification information will be described. In this case, the peer 54A searches for a peer with a waiting function, and transmits a search request message for notification information to the searched peer 52C with a waiting function. As a result, the peer 52C with the waiting function transmits the notification information of the other peer to the peer 54A if it is stored in its own peer, and if not, for example, notifies the adjacent peers 52A, 52B, etc. Request to send information. At this time, the peer 52A waits for the notification information of its own peer and the notification information of the other peer stored in its own peer, for example, when the notification information of the peer 56A is already stored. To the attached peer 52C. The same applies to the peer 52C. The queuing function-equipped peer 54C accumulates the notification information transmitted from other peers and transmits it to the peer 54A.

  As described above, a peer with a waiting function accumulates various information such as notification information transmitted from other peers in its own peer, and information corresponding to a request from an end peer is stored in its own peer. Sends the information to the end peer. Therefore, the efficiency of message transmission / reception in a large-scale network such as the P2P network 11 can be improved.

  Next, as a specific example of application execution, processing of the application execution unit 20 when the application is a file sharing service will be described.

  In this case, the application execution unit 20 notifies the message dispatch unit 36 of the message control unit 24 of a file search request including at least information for specifying a desired file such as a file name. The message dispatch unit 36 requests the peer search service unit 38 to search for a peer that owns this file. As a result, the peer search service unit 38 searches for a peer that owns the desired file and notifies the application execution unit 20 of it. Then, the application execution unit 20 requests the acquired peer to transmit a file and acquires it. If the information of the peer that owns the desired file has already been acquired and stored in its own peer, a file transmission request is sent directly to that peer without performing peer search. Just get the file.

  As described above, the application execution unit 20 transmits and receives messages to and from other peers via the message control unit 24 to provide services.

  Note that the above is an example of the construction of the P2P network. For example, the protocol described in Patent Document 1, the PX (Peer Discovery Protocol) of the JXTA protocol, the PRP (Peer Resolver Protocol), Known protocols such as PIP (Peer Information Protocol), PMP (Peer Membership Protocol), PBP (Peer Binding Protocol), PEP (Peer Endpoint Protocol) May be used to construct a P2P network.

[First Embodiment]
The first embodiment of the present invention will be described based on the concept of the P2P network that constitutes the P2P system. In the present embodiment, a peer device included in a P2P group configured to be able to participate by a plurality of peers in a P2P environment makes a device on the P2P network a user having the device owner as a user by recognizing the device with the ID. The present invention is applied in the case of recognizing as

  FIG. 12 shows a basic configuration of the peer 12 according to the present embodiment. Since the peer 12 has the same configuration as that shown in FIG. 5, the same parts are denoted by the same reference numerals and detailed description thereof is omitted. A main point different from the configuration of FIG. 5 is that the peer 12 includes the proximity communication mechanism 70 and is connected to the ID-added device 80 via the proximity communication mechanism 70.

  The peer 12 according to the present embodiment includes a near field communication mechanism 70 connected to the message control unit 24. It is an apparatus that performs communication with an ID-added device 80 to be described later. Communication between the near field communication mechanism 70 and the ID-attached device 80 is performed by using infrared rays such as IrDA, using radio such as Bluetooth, WiFi, and a wireless tag, using contact terminals like an IC card, and printing. For example, there is a method of recognizing the recorded code with a photographing element. That is, the near field communication mechanism 70 is not limited as long as a small amount of data can be transferred from the ID-added device 80 to the peer 12.

  Further, the P2P infrastructure management data storage unit 18 includes a shared data repository 18F. This shared data repository 18F provides information (for each work group (group information) to which one or a plurality of users permitted as an object to exchange information in a peer-to-peer environment belong to peer devices of users belonging to the corresponding work group ( This is a storage unit having a shared area as a work space for sharing (shared information). That is, the shared data repository 18F is a work space for storing shared information, and the shared information stored therein is shared. Therefore, data shared between peers can be held through the shared data repository 18F. Note that data that is shared information stored in the shared data repository 18F is protected in a form that can be decrypted only by users belonging to the work group. In general, a shared key generated by a random number encrypted with the public key of a member belonging to a work group is held together with data. By providing protection, data on a work group in which the peer is not directly involved can be transferred while the protection remains valid.

  The proximity communication mechanism 70 and the ID-added device 80 that enables a small amount of data to be exchanged include a user information storage unit 82, an authentication calculation unit 84, a group information storage unit 86, and a proximity communication unit 88. it can. The minimum configuration in the present embodiment is a configuration including only the user information storage unit 82 (described later).

  The user information storage unit 82 is a storage area that holds information necessary for user identification. In order to prevent the device from being stolen or misused, a means for protecting access to the user information storage unit 82 may be provided separately. In the present embodiment, a simple user ID representing a user is stored.

  The authentication calculation unit 84 is a calculation processing unit that executes a calculation using a secret key, which is necessary for user identification, in the ID-added device 80, and is not particularly required in the present embodiment.

  The group information storage unit 86 is a storage area for storing an identifier for identifying a work group to which a user belongs, and is not particularly necessary in the present embodiment.

  The near field communication unit 88 is a communication device that performs communication with the peer 12 (the near field communication mechanism 70). Note that when the proximity communication mechanism 70 of the peer 12 uses a passive method in which the printed code is recognized by the imaging element, a special communication device such as the proximity communication unit 88 is provided on the ID-added device 80 side. The mechanism becomes unnecessary. In this case, the proximity communication unit 88 may be a printed code pasting region or a shape portion.

  FIG. 13 shows a schematic configuration of the message control unit 24 for the peer 12 in the P2P environment according to the present embodiment. The message control unit 24 differs from FIG. 6 in that the service execution unit 34 includes a transfer function service unit 72.

  The transfer function service unit 72 includes a service unit that provides a function of transferring a message to another peer as a service. For example, shared data is transferred between adjacent peers that can communicate directly. Since the data itself is basically protected, user information is not referred to here.

  In the present embodiment, the user management service unit 46 holds information necessary for identifying a user. For example, a user identifier (user ID) and a user's private key are included. The user's private key may be protected by an additional authentication mechanism (password). Each peer can exchange user information with each other and hold it cumulatively.

  The group management service unit 44 also holds information necessary for workgroup identification. It includes an identifier for identifying the work group and a public key (information) of each user who can access the work group. Information necessary for workgroup identification is also exchanged between peers and accumulated.

  Next, the operation of this embodiment will be described. In the present embodiment, a workspace is constructed by a work group to which a user possessing the ID-attached device 80 belongs to the ID-attached device 80 in an arbitrary peer 12 in a P2P environment.

  FIG. 14 is a flowchart showing the flow of processing executed by the peer 12. First, the user can present user information to the peer 12 from the ID-added device 80. For example, when the proximity communication mechanism 70 is a non-contact type communication device such as infrared communication such as IrDA or wireless communication such as Bluetooth, WiFi, or a wireless tag, the device 80 with ID is brought close to the proximity communication mechanism 70. Further, when the proximity communication mechanism 70 is a photographing device such as a camera, and the printed code is recognized by the photographing device, the ID-added device 80 is installed in an area portion to be the subject. Further, when the proximity communication mechanism 70 is a contact type communication device using a contact terminal like reading data from an IC card, the ID-attached device 80 is connected to the proximity communication mechanism 70.

  In step 300 of FIG. 14, the proximity communication mechanism 70 searches for the corresponding ID-added device 80, and the search process is repeated until it is found (until affirmative in step 302). When the ID-added device 80 is found, in step 304, user information stored in the ID-added device 80 is received by proximity communication. In step 306, the user corresponding to the user information received in step 304 is recognized. That is, the peer 12 recognizes a user having corresponding user information among user information managed by the user management service unit 46. Here, if necessary, additional authentication for protecting the user's private key can be performed (steps 308 and 310).

  In the next step 312, the work group to which the recognized user belongs is specified. That is, by using the service of the group management service unit 44, group information (work group) in which user information such as a user ID is registered is searched, the work group to which the corresponding user belongs is specified, and the work group uses it. To identify the workspace (on the shared data repository 18F).

  In the next step 314, the shared information of the work group specified in step 312 is stored in the work space on the shared data repository 18F. That is, as described above, a message is transmitted to an adjacent peer, data as shared information is received as a response, and shared information regarding the work group (work space) is stored.

  Since the shared information stored in the work space on the shared data repository 18F is encrypted, it needs to be decrypted. Therefore, in the next step 316, the shared key is decrypted with the secret key. In the next step 318, the shared information is decrypted using the decrypted shared key. As a result, the shared information can be accessed.

  For example, for content to be disclosed to an arbitrary work group, the content is encoded with a common key cipher using a random number generated each time as a common key, and the common key is encrypted with each public key of a user belonging to the group You can publish things. Users belonging to the work group can access the content by decrypting the common key using a secret key that is their user information.

  As described above, in the present embodiment, the work group environment can be reconstructed by the ID-added device 80 in any peer 12 under the P2P environment, and the position independence of the application operating in the P2P system is simplified. Can be used in simple operations.

  The P2P infrastructure management data storage unit 18 corresponds to the storage means of the present invention. In particular, the group information 18B corresponds to the group information of the present invention and the shared data repository 18F corresponds to the shared area of the present invention. The ID-added device 80 corresponds to the ID storage unit of the present invention, and the process of step 304 corresponds to the process of the reading unit of the present invention. Further, the process of step 312 corresponds to the process of the specifying unit of the present invention, and the process of step 314 includes the process of receiving from the peer device belonging to the work group in the receiving unit of the present invention. Further, the point that the shared information is stored in step 314 and the point that the stored shared information is decrypted and made available (steps 316 and 318) correspond to the processing of the construction means of the present invention.

[Second Embodiment]
Next, a second embodiment of the present invention will be described. In the present embodiment, the configuration of the ID-added device 80 is that the user's private key is stored in the user information storage unit 82. The configuration of the present embodiment is almost the same as that of the above-described embodiment, and thus the same parts are denoted by the same reference numerals and detailed description thereof is omitted.

  That is, in the present embodiment, the user's private key is held in the ID-added device 80 for stronger protection of user information.

  Hereinafter, the operation of the present embodiment will be described.

  First, in step 304, user information and a user secret key stored in the ID-added device 80 are received by proximity communication. The user corresponding to the user information is recognized (step 306), the work group to which the user belongs (work space on the shared data repository 18F) is specified, and the shared information is stored (steps 312 and 314). Then, the shared information stored in the workspace on the shared data repository 18F is decrypted using the secret key received in step 304, so that the shared information can be accessed.

  Thus, in this embodiment, it is not necessary to share the user's private key between peers. Nor does it need to be kept permanently on the peer. For this reason, the reliability of user information can be improved and the confidentiality can be improved.

[Third Embodiment]
Next, a third embodiment of the present invention will be described. The present embodiment is that the user information storage unit 82 and the authentication calculation unit 84 are configured as the ID-added device 80. The configuration of the present embodiment is almost the same as that of the above-described embodiment, and thus the same parts are denoted by the same reference numerals and detailed description thereof is omitted.

  In other words, in the present embodiment, the calculation based on the user's secret key is executed in the ID-added device 80 in order to further protect the user information.

  Hereinafter, the operation of the present embodiment will be described.

  First, user information stored in the ID-added device 80 is received by proximity communication (step 304). In step 306, in order to recognize the user, first, the user's public key corresponding to the user information is acquired, the random number (challenge) is encrypted using the public key, and the encrypted random number is assigned an ID. Output to the device 80. The ID-added device 80 returns data (response) obtained by decrypting the random number (challenge) encrypted using the authentication calculation unit 84 to the peer 12. The peer 12 confirms that the decrypted data (response) matches the random number (challenge) before output. If they match, it can be safely identified as a genuine user.

  Next, the work group to which the user belongs (work space on the shared data repository 18F) is specified and the shared information is stored (steps 312 and 314). Then, in order to decrypt the shared information stored in the workspace on the shared data repository 18F so that the shared information can be accessed, the ID-added device 80 is used to decrypt the shared key for accessing the shared data. Output the encrypted shared key to. The authentication calculation unit 84 in the ID-added device 80 restores the shared key using the secret key. The ID-added device 80 returns the restored shared key to the peer 12, and the peer 12 restores the shared information using the restored shared key.

  Thus, in this embodiment, since only the ID-added device 80 possesses the user's private key, there is no need to share between peers. Nor does it need to be kept permanently on the peer. For this reason, the reliability of user information can be improved and the confidentiality can be improved.

[Fourth Embodiment]
Next, a fourth embodiment of the present invention will be described. In the present embodiment, the user information storage unit 82 and the group information storage unit 86 are configured as the ID-added device 80. The above-described embodiment including the authentication calculation unit 84 can also be applied. In addition, since the configuration of the present embodiment is substantially the same as the above-described embodiment, the same portions are denoted by the same reference numerals and detailed description thereof is omitted.

  Hereinafter, the operation of the present embodiment will be described.

  First, in step 304, user information (and a user's private key) stored in the ID-added device 80 is received by proximity communication. The user corresponding to the user information is recognized (step 306), the work group to which the user belongs (work space on the shared data repository 18F) is specified, and the shared information is stored (steps 312 and 314).

  In this case, by storing the group information in the group information storage unit 86 in the ID-added device 80, the work group to which the user belongs (work space on the shared data repository 18F) can be specified. This can be achieved only by reading information. This eliminates the need to share or replicate the workgroup configuration between peer devices.

  Further, by storing at least a part of the shared information to be transferred to the work group to which it belongs (work space on the shared data repository 18F) in the group information storage unit 86 in the ID-added device 80, the ID-added device. Shared information can be stored in the shared data repository 18F only by reading from 80. This eliminates the need for transfers from other peers. For this reason, the time required for transfer can be reduced and the processing load can be reduced.

It is a network block diagram of a P2P network. It is a network block diagram of pure P2P. It is a network block diagram of hybrid P2P. It is a conceptual diagram for demonstrating the group of a P2P network. It is a block diagram of the basic composition of a peer. It is a block diagram of a message control part. It is a flowchart of the process performed by an end peer. It is a flowchart of the process performed by the peer with a transfer function. It is an image figure of a spanning tree. It is a network block diagram of the other form of a P2P network. It is a flowchart of the process performed by the peer with a waiting function. It is a block diagram which shows the basic composition of the peer 12 with which this invention is applicable. It is a block diagram which shows schematic structure of the message control part 24 about the peer 12 in the P2P environment concerning this Embodiment. It is a process flowchart which shows the flow of the process (process) performed in the peer 12 in the P2P environment concerning this Embodiment.

Explanation of symbols

10, 11 P2P network 12 Peer 16 P2P infrastructure configuration section 18 P2P infrastructure management data storage section 18B ... Group information 18E ... User information 18F ... Shared data repository 20 Application execution section 22 Application memory 24 Message control section 26 Data management section 34 Service execution Unit 36 Message dispatch unit 38 Peer search service unit 40 Notification information acquisition service unit 42 Notification information acquisition service unit 44 Group management service unit 46 User management service unit 48 Peer management service unit 70 ... Proximity communication mechanism 72 ... Transfer function service unit 80 ... ID-added device 82 ... user information storage unit 84 ... authentication calculation unit 86 ... group information storage unit 88 ... proximity communication unit

Claims (16)

In an information processing device functioning as a peer device that exchanges information in a peer-to-peer environment in which a plurality of devices connected to a network are each recognized as a peer device and exchange information between peer devices,
Work for storing group information representing a work group to which one or a plurality of users allowed to be exchanged in the peer-to-peer environment belongs and sharing information between peer devices of users belonging to the work group Storage means provided with a shared area as a space;
Reading means for reading the user information from ID storage means storing user information for identifying the user;
Based on the group information stored in the storage means, specifying means for specifying the work group to which the user of the user information read by the reading means belongs;
Receiving means for receiving shared information shared by the work group specified by the specifying means from a peer device belonging to a work group including the own peer device;
Construction means for storing the shared information received by the receiving means in a corresponding shared area of the storage means to construct a workspace;
An information processing apparatus comprising: The ID storage means further stores a user private key of the stored user information;
The reading unit reads the user information and the secret key from the ID storage unit;
The information processing apparatus according to claim 1, wherein the construction unit decrypts the shared information encrypted with the public key of the user with a secret key when constructing the workspace. The ID storage means further comprises an authentication calculation means for executing a decryption process using the stored secret key and outputting an execution result.
The predetermined confirmation information is encrypted with the user's public key based on the user information read by the reading means and output to the ID storage means, and it is confirmed that the output data from the ID storage means matches the confirmation information The information processing apparatus according to claim 2, further comprising confirmation means for performing the operation. The ID storage means further stores at least a part of shared information shared by the work group for storing in the shared area as the work space,
The reading means further reads the shared information stored in the ID storage means,
The construction means stores the shared information read by the reading means in a corresponding shared area of the storage means, and constructs a workspace. Information processing device. An information processing method in a peer device that exchanges information in a peer-to-peer environment in which a plurality of devices connected to a network are each recognized as a peer device and exchange information between peer devices,
Work for storing group information representing a work group to which one or a plurality of users allowed to be exchanged in the peer-to-peer environment belongs and sharing information between peer devices of users belonging to the work group Providing a common area as a space;
Reading the user information from ID storage means storing user information for identifying the user;
Identifying a work group to which a user of the read user information belongs based on the stored group information;
Receiving shared information shared by the identified workgroup from a peer device belonging to a workgroup including the peer device;
Storing the shared information received by the receiving means in a corresponding shared area of the storage means to construct a workspace;
An information processing method comprising: The ID storage means further stores a user private key of the stored user information;
The step of reading the user information reads the user information and the secret key from the ID storage means,
6. The information processing method according to claim 5, wherein the step of constructing the workspace includes decrypting the shared information encrypted with the public key of the user with the secret key when constructing the workspace. . The ID storage means further comprises an authentication calculation means for executing a decryption process using the stored secret key and outputting an execution result.
The predetermined confirmation information is encrypted with the user's public key based on the user information read by the reading means and output to the ID storage means, and it is confirmed that the output data from the ID storage means matches the confirmation information The information processing method according to claim 6, further comprising a step of: The ID storage means further stores at least a part of shared information shared by the work group for storing in the shared area as the work space,
The step of reading the user information further reads the shared information stored in the ID storage means,
The step of constructing the workspace includes building the workspace by storing the shared information read by the reading unit in a corresponding shared area of the storage unit. The information processing method according to item 1. An information processing program for executing the following information processing by a computer in a peer device that exchanges information in a peer-to-peer environment in which a plurality of devices connected to a network are each recognized as a peer device and exchange information between peer devices,
The information processing
Work for storing group information representing a work group to which one or a plurality of users allowed to be exchanged in the peer-to-peer environment belongs and sharing information between peer devices of users belonging to the work group Providing a common area as a space;
Reading the user information from ID storage means storing user information for identifying the user;
Identifying a workgroup to which a user of the read user information belongs based on the stored group information;
Receiving shared information shared by the identified workgroup from a peer device belonging to a workgroup including the peer device;
Storing the shared information received by the receiving means in a corresponding shared area of the storage means to construct a workspace;
An information processing program comprising: The ID storage means further stores a user private key of the stored user information;
The step of reading the user information reads the user information and the secret key from the ID storage means,
The information processing program according to claim 9, wherein the step of constructing the workspace decrypts the shared information encrypted with the public key of the user with the secret key when constructing the workspace. . The ID storage means further comprises an authentication calculation means for executing a decryption process using the stored secret key and outputting an execution result.
The predetermined confirmation information is encrypted with the user's public key based on the user information read by the reading means and output to the ID storage means, and it is confirmed that the output data from the ID storage means matches the confirmation information The information processing program according to claim 10, further comprising: The ID storage means further stores at least a part of shared information shared by the work group for storing in the shared area as the work space,
The step of reading the user information further reads the shared information stored in the ID storage means,
The step of constructing the workspace includes building the workspace by storing the shared information read by the reading unit in a corresponding shared area of the storage unit. The information processing program according to item 1. In a peer-to-peer system for transferring information in a peer-to-peer environment in which a plurality of devices connected to a network are each recognized as a peer device and information is transferred between peer devices,
At least one of the plurality of peer devices is
Work for storing group information representing a work group to which one or a plurality of users allowed to be exchanged in the peer-to-peer environment belongs and sharing information between peer devices of users belonging to the work group Storage means provided with a shared area as a space;
Reading means for reading the user information from ID storage means storing user information for identifying the user;
Based on the group information stored in the storage means, specifying means for specifying the work group to which the user of the user information read by the reading means belongs;
Receiving means for receiving shared information shared by the work group specified by the specifying means from a peer device belonging to a work group including the own peer device;
Construction means for storing the shared information received by the receiving means in a corresponding shared area of the storage means to construct a workspace;
A peer-to-peer system characterized by comprising: The ID storage means further stores a user private key of the stored user information;
The reading unit reads the user information and the secret key from the ID storage unit;
The peer-to-peer system according to claim 13, wherein the construction unit decrypts the shared information encrypted with the public key of the user with the secret key when constructing the workspace. The ID storage means further comprises an authentication calculation means for executing a decryption process using the stored secret key and outputting an execution result.
The predetermined confirmation information is encrypted with the user's public key based on the user information read by the reading means and output to the ID storage means, and it is confirmed that the output data from the ID storage means matches the confirmation information The peer-to-peer system according to claim 14, further comprising confirmation means for performing. The ID storage means further stores at least a part of shared information shared by the work group for storing in the shared area as the work space,
The reading means further reads the shared information stored in the ID storage means,
The construction means stores the shared information read by the reading means in a corresponding shared area of the storage means, and constructs a workspace. Peer-to-peer system.

Images