JP2016149673A - Server, and method and program for communication connection management - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique to improve the safety of data transfer among terminals through short-range radio communication.SOLUTION: In a server connected to a plurality of terminals, including a first terminal and a second terminal, through a network, a receiver unit receives, from at least either one of the first terminal and the second terminal, a connection request for short-range radio communication between the first terminal and the second terminal. A generator unit generates synchronization information for use for the short-range radio communication. A transmitter unit transmits the synchronization information generated by the generator unit to the first terminal and the second terminal. The synchronization information generated by the generator unit includes: a communication ID for the short-range radio communication between the first terminal and the second terminal; and an encryption key for encrypting data which flows in the short-range radio communication.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a server, a communication connection management method, and a communication connection management program, and more particularly, to a short-distance wireless communication server, a communication connection management method, and a communication connection management program.

  In recent years, information communication technology has developed rapidly, and information such as text information, file information, video information, audio information, audio information, and multimedia information is communicated from a transmitting device to a receiving device via a network. Has been widely performed (see Patent Document 1). Further, near-field wireless communication is established between terminals located at a short distance by peer-to-peer, and data transfer is also being performed.

JP 2004-529533 A

  When attempting to establish peer-to-peer short-range wireless communication between two different terminals, it is normal to assume that the terminals before establishment do not recognize each other. For this reason, in order for two terminals to establish short-range wireless communication, pairing is required, which is complicated.

  The inventors of the present application have come to recognize the possibility that the pairing operation can be omitted by using related information between existing terminals when two terminals try to establish short-range wireless communication. .

  This invention is made | formed in view of such a subject, The objective is to provide the technique which reduces the complexity at the time of establishing near field communication.

  In order to solve the above-described problem, a server connected to a plurality of terminals including a first terminal and a second terminal via a network includes a first terminal and at least one of the first terminal and the second terminal. A reception unit that receives a connection request for short-range wireless communication between the first terminal and the second terminal, a generation unit that generates synchronization information used for short-range wireless communication, and synchronization information generated by the generation unit A transmission unit configured to transmit to the terminal and the second terminal; The synchronization information generated by the generation unit includes a communication ID for short-range wireless communication between the first terminal and the second terminal, an encryption key for encrypting data flowing in the short-range wireless communication, and including.

  You may further provide the determination part which determines whether the 1st terminal and the 2nd terminal are mutually linked | related.

  The generation unit may generate synchronization information when the determination unit determines that the first terminal and the second terminal are associated with each other.

  The receiving unit further receives the position information of the first terminal and the position information of the second terminal from each of the first terminal and the second terminal, and the determining unit further includes the position information received by the receiving unit. In addition, it may be specified to determine whether or not the distance between the first terminal and the second terminal is equal to or less than a predetermined distance.

  The generation unit includes first synchronization information used by the first terminal for short-range wireless communication with the second terminal, and second synchronization information used by the second terminal for short-range wireless communication with the first terminal. And may be generated.

  The generation unit generates information including a communication ID and a token for the first terminal to communicate with the second terminal as the first synchronization information, and the communication ID for the second terminal to communicate with the first terminal. And the information including the token and the encryption key may be generated as the second synchronization information.

  A data transfer unit that mediates data communication between the first terminal and the second terminal may be further provided when the first terminal and the second terminal start the short-range wireless communication connection.

  Another aspect of the present invention is a communication connection management method. This method is a communication connection management method executed by a server connected via a network to a plurality of terminals including a first terminal and a second terminal, and at least one of the first terminal and the second terminal The step of receiving a connection request for short-range wireless communication between the first terminal and the second terminal, the step of generating synchronization information used for short-range wireless communication, and the generated synchronization information Transmitting to the terminal and the second terminal. The synchronization information includes a communication ID for near field communication between the first terminal and the second terminal and an encryption key for encrypting data flowing in the near field communication.

  It should be noted that any combination of the above-described constituent elements and the expression of the present invention converted between a method, an apparatus, a system, a computer program, a data structure, a recording medium, and the like are also effective as an aspect of the present invention.

  ADVANTAGE OF THE INVENTION According to this invention, the technique which reduces the complexity at the time of establishing near field communication can be provided.

It is a figure which shows typically the structure of the data transfer system which concerns on embodiment. It is a figure which shows typically the function structure of the server which concerns on embodiment. It is a figure which shows typically the data structure of the registration database which the memory | storage part which concerns on embodiment stores. It is a flowchart explaining the flow of the synchronous mediation process in the short distance wireless communication between terminals which the server which concerns on embodiment performs. It is a sequence diagram explaining the flow of processing in the data transfer system according to the embodiment.

  An outline of a data transfer system including a server according to an embodiment of the present invention will be described with reference to FIG.

  FIG. 1 is a diagram schematically illustrating a configuration of a data transfer system 1 according to an embodiment. A data transfer system 1 illustrated in FIG. 1 includes a server 100, a first terminal 200a, a second terminal 200b, a third terminal 200c, a fourth terminal 200d, and a fifth terminal 200e. Hereinafter, unless specifically distinguished, the first terminal 200a, the second terminal 200b, the third terminal 200c, the fourth terminal 200d, and the fifth terminal 200e are collectively referred to as “terminal 200”.

  The terminal 200 is an information processing terminal including at least a processor, a memory, and a storage unit. As an example, the terminal 200 is a smartphone, a tablet, a fablet, a mobile phone, a PDA (Personal Digital Assistant), a notebook PC (Personal Computer), an electronic dictionary, a mobile TV, a mobile game machine, a mobile music player, a wristwatch. Or various wearable computers such as glasses and wristbands.

  FIG. 1 shows an example in which five terminals 200 are connected to the server 100. However, the number of terminals 200 included in the data transfer system 1 is not limited to five, and may be any number as long as the number is two or more.

  Each terminal 200 is communicably connected to the server 100 via a network 300 such as the Internet or a mobile phone communication network. Also, the terminals 200 can be connected to each other peer-to-peer via short-range wireless communication. Near field communication is realized by using near field communication technology such as NFC (Near Field Communication) as well as communication technology such as Wi-Fi Direct (trademark or registered trademark), Bluetooth (registered trademark), infrared communication, etc. it can. In the example shown in FIG. 1, the first terminal 200a and the second terminal 200b are short-distance wirelessly connected to each other, and the third terminal 200c and the fourth terminal 200d are also wirelessly connected to each other to exchange data. .

  As described above, each terminal 200 is also connected to the server 100 via the network 300. Therefore, two different terminals 200 can be connected to each other via the network 300 and the server 100 so as to communicate with each other. In the data transfer system 1 according to the embodiment, when a terminal 200 requests a short-range wireless communication connection to another terminal 200, the server 100 receives connection request information that is information indicating that the connection request has been made. Receive. When the server 100 receives the connection request information, the short-range wireless communication connection is not started between the two terminals 200.

  The connection request information received by the server 100 includes terminal identification information for identifying two different terminals 200. Here, the connection request information may include position information indicating the location of the terminal 200. When the connection request information does not include position information, the server 100 may receive the above-described position information from the terminal 200 separately from the connection request information. The terminal 200 may acquire position information by using, for example, a GPS (Global Positioning System) module (not shown).

  When the two terminals are within the communication range of the short-range wireless communication, the server 100 checks whether the two terminals 200 are associated with each other based on the terminal identification information. When the two terminals 200 are associated with each other, the server 100 generates synchronization information used for the two terminals 200 to connect to each other by short-range wireless communication, and transmits the synchronization information to each of the two terminals 200.

  The synchronization information generated by the server 100 includes not only information used for the two terminals 200 to establish a short-range wireless communication connection, but also an encryption key for encrypting and decrypting data. For this reason, the two terminals 200 can establish short-range wireless communication using the synchronization information received from the server 100. For this reason, the two terminals 200 can save the time and effort of pairing at the time of establishment of a near field communication connection. In addition, once the short-range wireless communication connection is established, the two terminals 200 can transfer the data by encrypting the data using the encryption key. As a result, the safety of data communication between the two terminals 200 can be improved.

  The encryption key is an encryption key of a so-called public key encryption method or an encryption key in shared key encryption. The former encryption key can be realized using a known public key encryption technique such as RSA. The latter encryption key can be realized by using a known common key encryption technique such as DES, FEAL, MISTY, or IDEA.

  The server 100 according to the embodiment can also mediate data transfer between the two terminals 200 via the network 300 when the short-range wireless communication is established between the two terminals 200. As a result, two data transfer paths are established between the two terminals 200, the path via the short-range wireless communication and the path via the network 300. By using these two data transfer paths as redundant paths, the reliability of data transfer can be improved. Alternatively, the data transfer speed can be improved by assigning the two data transfer paths to different data transfer bands.

  As described above, in the data transfer system 1 according to the embodiment, the server 100 manages the short-range wireless communication connection between two different terminals 200. Hereinafter, the server 100 according to the embodiment will be described in more detail.

  FIG. 2 is a diagram schematically illustrating a functional configuration of the server 100 according to the embodiment. The server 100 according to the embodiment includes a reception unit 10, a generation unit 20, a transmission unit 30, a determination unit 40, a data transfer unit 50, and a storage unit 60.

  FIG. 2 shows a functional configuration for the server 100 according to the embodiment to realize data transfer mediation, and other configurations are omitted. In FIG. 2, each element described as a functional block for performing various processes can be configured by a CPU (Central Processing Unit), a main memory, and other LSI (Large Scale Integration) in hardware. In terms of software, it is realized by a program loaded in the main memory. Note that this program may be stored in a computer-readable recording medium or downloaded from a network via a communication line. Therefore, it is understood by those skilled in the art that these functional blocks can be realized in various forms by hardware only, software only, or a combination thereof, and is not limited to any one.

  When the function units of the server 100 illustrated in FIG. 2 are realized by software, the server 100 or the terminal 200 is realized by executing instructions of a program that is software that realizes each function. As a recording medium for storing this program, a “non-temporary tangible medium”, for example, a tape, a disk, a card, a semiconductor memory, a programmable logic circuit, or the like can be used. The search program may be supplied to the computer via any transmission medium (such as a communication network or a broadcast wave) that can transmit the search program. The present invention can also be realized in the form of a data signal embedded in a carrier wave, in which the search program is embodied by electronic transmission.

  The search program uses, for example, a script language such as ActionScript or JavaScript (registered trademark), an object-oriented programming language such as C ++, Objective-C, Java (registered trademark), or Ruby, or a markup language such as HTML5. Can be implemented.

  Hereinafter, description will be made on the assumption that the first terminal 200a and the second terminal 200b illustrated in FIG. 1 start a short-range wireless communication connection. In addition, it is assumed that the user of the first terminal 200a and the user of the second terminal 200b are the first user and the second user, respectively. For convenience of explanation, the first user and the second user are different users, but they may be the same user.

  Now, a first user and a second user who are acquainted with each other meet and the first user wants to transmit the data stored in the first terminal 200a to the second terminal 200b possessed by the second user. And Since the first terminal 200a and the second terminal 200b are within the communication range of short-range wireless communication, the first user operates the first terminal 200a to instruct the second terminal 200b to start data transmission.

  In response to this instruction, the first terminal 200a transmits a short-range wireless communication connection request to the second terminal 200b. At this time, the first terminal 200a transmits a first terminal identifier that can identify the first terminal 200a to the second terminal 200b. The second terminal 200b transmits a second terminal identifier that can identify the second terminal 200b to the first terminal 200a. Thereby, the 1st terminal 200a and the 2nd terminal 200b can acquire the identifier for identifying a communicating party, respectively.

  Here, in order for the first user to instruct the first terminal 200a owned by the first user to start data transmission with the second terminal 200b via short-range wireless communication, for example, the first user 200a This is realized by tapping an icon shown on a touch panel (not shown). Instead of or in addition to the tap of the icon, the first user instructs the second terminal 200b to start data transmission by shaking or shaking the first terminal 200a at a predetermined frequency or higher. May be. In this case, the acceleration sensor (not shown) in the first terminal 200a can be realized by detecting the movement of the first terminal 200a.

  Similarly, the second user taps an icon or shakes the second terminal 200b in order to cause the second terminal 200b owned by the second user to respond to the connection request from the first terminal 200a. The terminal 200a may be instructed to respond.

  The first terminal 200a sends connection request information indicating a request for a short-range wireless communication connection to the second terminal 200b to the receiving unit 10 of the server 100 without receiving an explicit instruction from the first user. Send. The connection request information transmitted from the first terminal 200a to the server 100 includes a first terminal identifier and a second terminal identifier.

  In addition, when the capacity of data that the first user intends to start transmission from the first terminal 200a to the second terminal is greater than or equal to a predetermined capacity, the first terminal 200a does not receive an explicit instruction from the first user. The connection request information may be transmitted to the receiving unit 10 of the server 100. Here, the “predetermined capacity” is an “automatic transmission reference capacity” that is referred to by the terminal 200 to determine whether or not to automatically transmit connection request information to the server 100. The value of the automatic transmission reference capacity may be determined by experiment in consideration of the data capacity assumed by the data transfer system 1, and is, for example, a data capacity that a general moving image may have. Although not limited, as an example, the value of the automatic transmission reference capacity is 10 MB.

  The receiving unit 10 of the server 100 receives connection request information for short-range wireless communication between the first terminal 200a and the second terminal 200b from the first terminal 200a. The determination unit 40 determines whether the first terminal 200a and the second terminal 200b are associated with each other based on the first terminal identifier and the second terminal identifier included in the connection request information received by the reception unit 10. Determine. Thereby, it is possible to suppress communication connection with an unknown user terminal 200 due to a user operation error. The determination unit 40 also determines whether or not the first terminal and the second terminal are close to each other based on the position information received from the first terminal 200a and the second terminal 200b. Thereby, when the 1st terminal 200a and the 2nd terminal 200b are mutually separated, it can suppress trying to establish near field communication connection.

  The determination unit 40 determines that the difference between the time when the first terminal 200a transmits the connection request information to the server 100 and the time when the second terminal 200b transmits the connection request information to the server 100 is within a predetermined time. May determine that the first terminal 200a and the second terminal 200b are close to each other.

  Here, “the two different terminals 200 are associated with each other” means that, for example, the users of the respective terminals 200 are associated with each other. Specifically, the determination unit 40 allows the first user who is the owner of the first terminal 200a and the second user who is the owner of the second terminal 200b to register friends in some SNS (Social Network Service). If it is determined that the first terminal 200a and the second terminal 200b are associated with each other. The determination unit 40 refers to the registration database stored in the storage unit 60 and determines the association between the first terminal 200a and the second terminal 200b.

  Alternatively, even if the users of the respective terminals 200 are not directly friends with each other, they may be associated even when there are common friends, that is, when both are friends of friends. In addition, the case where the user of one terminal 200 is so-called “following” the SNS of the user of another terminal 200, the case where the user belongs to the same group, or the like may be associated.

  FIG. 3 is a diagram schematically illustrating a data structure of the registration database 62 stored in the storage unit 60 according to the embodiment. As shown in FIG. 3, in the registration database 62, a terminal identifier that can uniquely identify the terminal 200 and a user identifier that can uniquely identify the owner of the terminal 200 are associated with each terminal identifier. Stored. Further, the registration database 62 also stores a friend identifier for identifying other users who are registered as friends by the user specified by the user identifier.

  The registration database 62 shown in FIG. 3 indicates that the user identifier of the user of the terminal 200 whose terminal identifier is DIDAAAA is UID00001. The user specified by UID00001 has registered a plurality of other users as friends, and the user identifiers of these users are UID00002, UID00003, UID00004, and the like.

  Note that the case has been described above where the first terminal 200a transmits connection request information indicating that the second terminal 200b requests a short-range wireless communication connection to the receiving unit 10 of the server 100. Instead of this, or in addition to this, the second terminal 200b transmits connection request information indicating that the first terminal 200a requests connection of short-range wireless communication to the receiving unit 10 of the server 100. May be. That is, the receiving unit 10 of the server 100 receives a connection request for short-range wireless communication between the first terminal 200a and the second terminal 200b from at least one of the first terminal 200a and the second terminal 200b. That's fine.

  Returning to the description of FIG. The determination unit 40 acquires the first terminal identifier and the second terminal identifier included in the connection request information acquired by the reception unit 10. The determination unit accesses the registration database stored in the storage unit 60 and acquires a first user identifier that is a user identifier of the first terminal identifier and a second user identifier that is a user identifier of the second terminal identifier. . The determination unit further checks whether or not the second user identifier is present in the friend identifier associated with the user specified by the first user identifier. When the second user identifier is present in the friend identifier associated with the user specified by the first user identifier, the determination unit 40 associates the first terminal 200a and the second terminal 200b with each other. Is determined. When the second user identifier does not exist among the friend identifiers associated with the user specified by the first user identifier, the determination unit 40 does not associate the first terminal 200a and the second terminal 200b with each other. Is determined.

  If the determination unit 40 determines that the first terminal 200a and the second terminal 200b are associated with each other, the generation unit 20 generates synchronization information. Thereby, it is possible to suppress the first user from performing short-range wireless communication with an unrelated user by mistake.

  Here, the “synchronization information” is information used for short-range wireless communication between the first terminal 200a and the second terminal 200b. More specifically, the synchronization information includes a communication ID for short-range wireless communication between the first terminal 200a and the second terminal 200b, and an encryption for encrypting data flowing in the short-range wireless communication. Information including a key (a secret key and a public key) and a communication token. The transmission unit 30 transmits the synchronization information generated by the generation unit 20 to the first terminal 200a and the second terminal 200b via the network 300. More specifically, the transmission unit 30 transmits the communication ID and token to the first terminal 200a, and transmits the communication ID, token, and encryption key to the second terminal 200b. Note that the generation unit 20 may randomly generate this communication token.

  The communication ID included in the synchronization information is a so-called session ID used when the first terminal 200a and the second terminal 200b communicate with each other only. As shown in FIG. 1, the data transfer system 1 includes a plurality of terminals 200. For this reason, there may be another terminal 200 (for example, the third terminal 200c) in the communication area of the short-range wireless communication between the first terminal 200a and the second terminal 200b. In such a case, it is possible to guarantee that the first terminal 200a and the second terminal 200b communicate between the first terminal 200a and the second terminal 200b by using the communication ID received from the server 100.

  Of course, if the first terminal 200a and the third terminal 200c are within the communication range of the short-range wireless communication, the first terminal 200a can establish short-range wireless communication with the third terminal 200c. However, the communication ID for communication between the first terminal 200a and the third terminal 200c is different from the communication ID between the first terminal 200a and the second terminal 200b. Since the terminal 200 can identify the communication partner terminal 200 by referring to the communication ID, erroneous transmission of data can be suppressed.

  Thus, the first terminal 200a and the second terminal 200b each receive the synchronization signal transmitted from the transmission unit 30. Receiving the synchronization signal, the second terminal 200b attempts to connect near field communication with the first terminal 200a using the communication ID. At the same time, the second terminal 200b transmits the public key among the encryption keys received from the server 100 to the first terminal 200a.

  The first terminal 200a encrypts the token received from the server 100 using the public key received from the second terminal 200b. The first terminal 200a transmits the encrypted token to the second terminal 200b. The second terminal 200b receives the encrypted token from the first terminal 200a and decrypts it using the secret key. The second terminal 200b confirms whether or not the decrypted token matches the token transmitted to the first terminal 200a. If they match, the second terminal 200b considers the first terminal 200a to be appropriate as a partner for short-range wireless communication. Thereby, the 1st terminal 200a and the 2nd terminal 200b can establish near field communication. In addition, since the first terminal 200a and the second terminal 200b have a common encryption key, data can be encrypted and transmitted / received.

  Note that if the decrypted token is different from the token transmitted to the first terminal 200a, the second terminal 200b may determine that the first terminal is not suitable as a short-range wireless communication partner and may not establish communication. As described above, after receiving the synchronization information transmitted from the transmission unit 30, the second terminal 200b can verify whether or not communication with the first terminal 200a is correctly established based on the synchronization information.

  Verification of whether the first terminal 200a and the second terminal 200b have successfully established communication is not limited to the method described above. This verification can also be realized as follows, for example.

  First, the first terminal 200a transmits the plain text generated by an arbitrary method on the second terminal via a path (hereinafter, also referred to as “wireless communication path”) via short-range wireless communication established using the synchronization information. To 200b. The first terminal 200a also transmits the same plaintext to the second terminal 200b via a route through the network 300 and the server 100 (hereinafter also referred to as “server route”). The second terminal 200b collates whether the plaintext acquired via the wireless communication path matches the plaintext acquired via the server path, and transmits the result to the first terminal 200a.

  The first terminal 200a verifies whether or not the short-range wireless communication has been correctly established with the second terminal 200b based on the collation result transmitted from the second terminal 200b. That is, when the result indicating that the plaintext matches is obtained from the second terminal 200b, the first terminal 200a determines that the short-range wireless communication has been correctly established with the second terminal 200b. When the result indicating that the plaintext is different is acquired from the second terminal 200b, or when the collation result is not transmitted from the second terminal 200b even after a predetermined time has elapsed, the first terminal 200a communicates with the second terminal 200b. It is determined that the short-range wireless communication connection has failed.

  The first terminal 200a transmits a ciphertext obtained by encrypting the plaintext using the encryption key received from the second terminal 200b, instead of the generated plaintext, using two routes, a wireless communication route and a server route. May be. In this case, the second terminal 200b may verify whether or not they match after decrypting the ciphertext using the public key possessed by the user. Alternatively, the second terminal 200b may verify whether or not the ciphertexts obtained from the two paths are matched by binary comparison as they are.

  Alternatively, when the first terminal 200a and the second terminal 200b employ the secret key method encryption, the first terminal 200a uses a secret key included in the synchronization information instead of the plaintext to determine a predetermined value. The hash value generated by the method may be transmitted to the second terminal 200b using one of the wireless communication path and the server path. In this case, the second terminal 200b generates a hash value from the encryption key owned by itself, and verifies whether or not it matches the acquired hash value.

  In this way, the first terminal 200a verifies whether the short-range wireless communication connection established using the synchronization information acquired from the server 100 is correctly communicating with the second terminal 200b. Thereby, the safety | security of near field communication connection can be improved.

  Returning to the description of FIG. The data transfer unit 50 mediates data communication between the first terminal 200a and the second terminal 200b when the first terminal 200a and the second terminal 200b start a short-range wireless communication connection. As a result, two data transfer paths, that is, a wireless communication path and a server path, are established between the first terminal 200a and the second terminal 200b. By using these two data transfer paths as redundant paths, the reliability of data transfer can be improved. Alternatively, the data transfer speed can be improved by assigning the two data transfer paths to different data transfer bands.

  FIG. 4 is a flowchart for explaining the flow of the synchronization arbitration process in the short-range wireless communication between the terminals 200 executed by the server 100 according to the embodiment. The processing in this flowchart starts when the server 100 is activated, for example.

  The receiving unit 10 receives a connection request for short-range wireless communication between the first terminal 200a and the second terminal 200b (S2). Based on the location information included in the received connection request, the determination unit 40 determines whether the distance between the first terminal 200a and the second terminal 200b is a predetermined distance (the communication range of short-range wireless communication). Determine (S4). When the distance between the first terminal 200a and the second terminal 200b is equal to or less than the predetermined distance (Yes in S6), the determination unit 40 stores the information in the storage unit 60 based on the terminal identifier included in the received connection request. With reference to the registered database 62, the association between the first terminal 200a and the second terminal 200b is confirmed (S8).

  When the determination unit 40 determines that the first terminal 200a and the second terminal 200b are associated with each other (Yes in S10), the generation unit 20 indicates that the first terminal 200a and the second terminal 200b are short-range wireless. Synchronization information used for communication is generated (S12). The transmission unit 30 transmits the synchronization information generated by the generation unit 20 to the first terminal 200a and the second terminal 200b (S14).

  The data transfer unit 50 waits until the short distance wireless communication between the first terminal 200a and the second terminal 200b starts (No in S16). When the short-range wireless communication between the first terminal 200a and the second terminal 200b is started (Yes in S16), the data transfer unit 50 transfers the data between the first terminal 200a and the second terminal 200b. Mediate (S18).

  Whether the determination unit 40 determines that the distance between the first terminal 200a and the second terminal 200b is greater than a predetermined distance (No in S10), or whether the determination unit 40 is between the first terminal 200a and the second terminal 200b When it is determined that there is no association (No in S6), or when the data transfer between the first terminal 200a and the second terminal 200b ends, the processing in this flowchart ends.

  FIG. 5 is a sequence diagram illustrating the flow of processing in the data transfer system 1 according to the embodiment. Hereinafter, the operation of the data transfer system 1 according to the embodiment will be described with reference to FIG.

  The first terminal 200a attempts to transmit data to the second terminal 200b in the short-range wireless communication range (S30). At this time, the first terminal 200a transmits terminal identification information for identifying the first terminal 200a to the second terminal 200b. The second terminal 200b transmits terminal identification information to the first terminal 200a (S32).

  When terminal identification information is transmitted from the second terminal 200b, the first terminal 200a transmits the short-range wireless communication with the server 100 to and from the second terminal 200b regardless of whether there is an explicit instruction from the first user. A first connection request for requesting communication connection is transmitted (S34). The receiving unit 10 of the server 100 receives the first connection request from the first terminal 200a (S36).

  When the second terminal 200b transmits the terminal identification information to the first terminal 200a, the short-range wireless communication with the first terminal 200a is performed with respect to the server 100 regardless of the presence or absence of an explicit instruction from the second user. A second connection request for requesting connection is transmitted (S38). The receiving unit 10 of the server 100 receives the second connection request from the second terminal 200b (S40).

  Thus, the reliability that the first terminal 200a and the second terminal 200b start short-range wireless communication when the server 100 receives the connection request from the first terminal 200a and the second terminal 200b, respectively. Can be improved.

  The determination unit 40 of the server 100 verifies the association between the first terminal 200a and the second terminal 200b (S42). When there is no association between the first terminal 200a and the second terminal 200b (N in S44), the server 100 ends the process.

  When there is an association between the first terminal 200a and the second terminal 200b (Y in S44), the generation unit 20 generates synchronization information. More specifically, the generation unit 20 generates a communication ID and token for use in short-range wireless communication between the first terminal 200a and the second terminal 200b (S46). The generation unit 20 also generates an encryption key (public key and secret key) for encrypting data communication between the first terminal 200a and the second terminal 200b (S48).

  The transmission unit 30 transmits the synchronization information generated by the generation unit 20 to the first terminal 200a and the second terminal 200b (S50).

  The communication ID is information used for short-range wireless communication among the first terminal 200a, the second terminal 200b, and the second terminal 200b. Therefore, the first terminal 200a only needs to determine that the communication partner is the second terminal 200b, and the second terminal 200b only needs to determine that the communication partner is the first terminal 200a. For this reason, the communication ID included in the first synchronization information only needs to include, for example, the terminal identifier of the second terminal 200b as information for determining the communication partner, and does not include its own information. May be. Similarly, the communication ID included in the second synchronization information only needs to include the terminal identifier of the first terminal 200a. Thereby, the data amount of each information for a synchronization can be suppressed, and the cost of data communication can be reduced.

  Returning to the description of FIG. When the second terminal 200b acquires the first synchronization information from the server 100, the second terminal 200b transmits the public key of the encryption key to the first terminal 200a (S52). The first terminal 200a encrypts a communication token using the received public key (S54). The first terminal 200a transmits the encrypted token to the second terminal 200b (S56). The second terminal 200b decrypts the token encrypted by the first terminal 200a with the secret key (S58).

  When the decrypted token does not match the token transmitted to the first terminal 200a (No in S60), the second terminal 200b ends the process. When the verification result received from the second terminal 200b matches the token (Yes in S60), the second terminal 200b starts short-range wireless communication with the first terminal 200a (S62). The first terminal 200a transfers data to the second terminal 200b (S64). The data transfer unit 50 of the server 100 mediates data transfer between the first terminal 200a and the second terminal 200b (S66).

  As described above, according to the data transfer system 1 according to the embodiment, it is possible to provide a technique for improving the safety of data transfer between terminals via short-range wireless communication.

  The present invention has been described based on the embodiments. The embodiments are exemplifications, and it will be understood by those skilled in the art that various modifications can be made to combinations of the respective constituent elements and processing processes, and such modifications are within the scope of the present invention. .

  The case where the server 100 includes each component has been described above. However, the server 100 does not necessarily need to be physically one. Each component of the server 100 may be connected to each other via the network 300 so as to be able to communicate with each other, and may be realized as so-called cloud computing. For example, the storage unit 60 may be provided in a server that manages an SNS registered by each user of the terminal 200.

  In the above description, when the first terminal 200a receives a response signal from the second terminal, the first terminal 200a transmits the connection request information to the server 100 without an explicit instruction from the user. Instead, the first terminal 200a may wait for an explicit instruction from the user before transmitting the connection request information to the server 100.

  In the above description, the case where the first terminal 200a and the second terminal 200b perform authentication using the encryption key has been described. Instead of this, or in addition to this, the server 100 may authenticate both terminals by issuing certificates to the first terminal 200a and the second terminal 200b, respectively. This can be realized, for example, when the server 100 executes a known electronic certification technique.

  1 data transfer system, 10 receiving unit, 20 generating unit, 30 transmitting unit, 40 determining unit, 50 data transferring unit, 60 storage unit, 62 registration database, 100 server, 200 terminal, 300 network.

Claims (9)

A server connected via a network to a plurality of terminals including a first terminal and a second terminal,
A receiving unit that receives a connection request for short-range wireless communication between the first terminal and the second terminal from at least one of the first terminal and the second terminal;
A generator for generating synchronization information used for the short-range wireless communication;
A transmission unit that transmits the synchronization information generated by the generation unit to the first terminal and the second terminal;
The synchronization information generated by the generation unit is for encrypting communication ID for short-range wireless communication between the first terminal and the second terminal and data flowing in the short-range wireless communication. A server comprising an encryption key.   The server according to claim 1, further comprising a determination unit that determines whether or not the first terminal and the second terminal are associated with each other.   The generation unit according to claim 2, wherein the generation unit generates the synchronization information when the determination unit determines that the first terminal and the second terminal are associated with each other. server. The receiving unit further receives position information of the first terminal and position information of the second terminal from each of the first terminal and the second terminal,
The determination unit further specifies to determine whether or not a distance between the first terminal and the second terminal is equal to or less than a predetermined distance based on the position information received by the reception unit. The server according to claim 2 or 3, characterized in that   The generating unit uses first synchronization information used by the first terminal for short-range wireless communication with the second terminal, and used by the second terminal for short-range wireless communication with the first terminal. The server according to any one of claims 1 to 4, wherein the second synchronization information is generated. The generator is
Generating information including a communication ID and a token for the first terminal to communicate with the second terminal as the first synchronization information;
6. The server according to claim 5, wherein the second terminal generates information including the communication ID, the token, and the encryption key for communication with the first terminal as the second synchronization information. .   A data transfer unit that mediates data communication between the first terminal and the second terminal, triggered by the first terminal and the second terminal starting a short-range wireless communication connection; The server according to any one of claims 1 to 6, characterized in that: A communication connection management method executed by a server connected via a network with a plurality of terminals including a first terminal and a second terminal,
A reception step of receiving a connection request for short-range wireless communication between the first terminal and the second terminal from at least one of the first terminal and the second terminal;
Generating step for generating information for synchronization used in the short-range wireless communication;
A transmission step of transmitting the generated synchronization information to the first terminal and the second terminal;
The synchronization information includes a communication ID for short-range wireless communication between the first terminal and the second terminal, and an encryption key for encrypting data flowing in the short-range wireless communication. A communication connection management method. A communication connection management program for a server connected via a network to a plurality of terminals including a first terminal and a second terminal,
A receiving function for receiving a short-distance wireless communication connection request between the first terminal and the second terminal from at least one of the first terminal and the second terminal;
A generation function for generating information for synchronization used in the short-range wireless communication;
Realizing the transmission function of transmitting the generated synchronization information to the first terminal and the second terminal;
The synchronization information includes a communication ID for short-range wireless communication between the first terminal and the second terminal, and an encryption key for encrypting data flowing in the short-range wireless communication. A communication connection management program.

Images