JP2017199159A - Information processing system, information processing device, and information processing program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve security in the case of adding a new user.SOLUTION: In an information processing device 10, a reception part 44A is configured to receive new user addition request information to a group from a first terminal device 21, and a transmission part 44B is configured to transmit an invitation code to the group to the first terminal device 21 as a transmission source of the new user addition request information, and a reception part 44A is configured to receive participation request information to the group including the invitation code and second terminal identification information (terminal ID) for identifying a second terminal device 22 from the second terminal device 22, and a display determination part 44E is configured to determine whether or not the invitation code is being displayed at the first terminal device 21, and a registration part 44G is configured to, when the participation request information to the group is received from the second terminal device 22, and the invitation code is being displayed at the first terminal device 21, register the user information of a user of the second terminal device 22 identified by a terminal ID included in the participation request information as a member of the group.SELECTED DRAWING: Figure 4

Description

  The present invention relates to an information processing system, an information processing apparatus, and an information processing program.

  A system is known in which shared data shared among users of a plurality of terminal devices connected via a network can be viewed only by users belonging to a specific group.

  For example, Patent Document 1 discloses that another user designated by the user is additionally registered in the group list.

  However, conventionally, other requested users are registered in the group list in response to a request for adding a new user. For this reason, conventionally, it is impossible to confirm whether the other user to be added is the same person as the user designated by the user who invited the other user to the group, and there was a security problem. .

  The present invention has been made in view of the above, and an object of the present invention is to provide an information processing system, an information processing apparatus, and an information processing program capable of improving security when a new user is added.

  In order to solve the above-described problem, an information processing system includes an information processing device, a first terminal device that communicates with the information processing device, and a second terminal device that communicates with the information processing device. In the processing system, the information processing apparatus includes: a first reception unit that receives new user addition request information for a group from the first terminal apparatus; and the first reception source of the new user addition request information. A first transmission unit that transmits the invitation code to the group to the terminal device, and second terminal identification information that identifies the invitation code and the second terminal device from the second terminal device A second receiving unit that receives the participation request information for the group, a first determining unit that determines whether the invitation code is being displayed on the first terminal device, and the second From the terminal device to the group When the invitation code is being displayed on the first terminal device when the participation request information is received, the second terminal identified by the second terminal identification information included in the participation request information A registration unit that registers user information of a user of the terminal device as a member of the group, wherein the first terminal device transmits a display unit and the new user addition request information to the information processing device. 2 transmission units, a third reception unit that receives the invitation code, and a display control unit that displays the invitation code on the display unit.

  According to the present invention, it is possible to improve security when a new user is added.

FIG. 1 is a schematic diagram illustrating an example of a configuration of an information processing system. FIG. 2 is a schematic diagram illustrating an example of a hardware configuration. FIG. 3 is a schematic diagram illustrating an example of a hardware configuration. FIG. 4 is a block diagram illustrating a functional configuration example of each device included in the information processing system. FIG. 5 is a schematic diagram illustrating an example of a data configuration of the user information DB and the company information DB. FIG. 6 is a schematic diagram illustrating an example of the data configuration of the company information DB, the user information DB, and the terminal information DB. FIG. 7 is a schematic diagram illustrating an example of a data configuration of a group management DB, a message management DB, a file management DB, and an invitation code management DB. FIG. 8 is a schematic diagram illustrating an example of a data configuration of the reply information management DB. FIG. 9 is a schematic diagram illustrating an example of the overall flow of processing executed by the information processing system according to the present embodiment. FIG. 10 is a sequence diagram illustrating an example of the flow of authentication / initialization processing. FIG. 11 is a sequence diagram illustrating an example of a procedure of user information display processing executed by the information processing system according to the present embodiment. FIG. 12 is a schematic diagram illustrating an example of a display screen. FIG. 13 is a sequence diagram illustrating an example of the procedure of the user addition process. FIG. 14 is a schematic diagram illustrating an example of a display screen. FIG. 15 is a sequence diagram illustrating an example of the procedure of the user addition process. FIG. 16 is a schematic diagram illustrating an example of a display screen.

  Hereinafter, embodiments of an information processing system, an information processing apparatus, and an information processing program according to the present embodiment will be described in detail with reference to the accompanying drawings. Note that in this specification, portions having the same configuration and function are denoted by the same reference numerals, and detailed description thereof may be omitted.

  FIG. 1 is a schematic diagram illustrating an example of a configuration of an information processing system 1000 according to the present embodiment.

  The information processing system 1000 according to the present embodiment includes an information processing apparatus 10, a terminal device 20, an authentication server 30, and an external notification server 32.

  The information processing device 10, the terminal device 20, the authentication server 30, and the external notification server 32 are connected to be communicable via a network 36. Note that at least one of the information processing device 10, the terminal device 20, the authentication server 30, and the external notification server 32 is connected to the network 36 by wireless or wired. When connecting wirelessly, for example, a 3G line, a wireless LAN, Bluetooth (registered trademark), or the like may be used.

  The network 36 may include a plurality of different networks. Specifically, the network 36 includes a local network 37 and a global network 38.

  The local network 37 and the global network 38 are connected via a firewall 34.

  The information processing system 1000 includes a plurality of terminal devices 20. In the present embodiment, a case where three terminal devices 20 are provided will be described as an example. In addition, the information processing system 1000 should just be the structure provided with the two or more terminal devices 20, and the number is not limited.

  In the present embodiment, the information processing apparatus 10 and one or more terminal apparatuses 20 are connected to the local network 37. The external notification server 32, the authentication server 30, and the one or more terminal devices 20 are connected to the global network 38. Note that the number of terminal devices 20 connected to each of the local network 37 and the global network 38 is not limited.

  The external notification server 32 functions as a relay server or a push notification server. The external notification server 32 relays between devices (the information processing device 10, the terminal device 20, and the authentication server 30) connected to different networks 36 (for example, the local network 37 and the global network 38). Specifically, the external notification server 32 receives a request for a device connected to another network 36 from each device connected to a different network 36 and provides the request to the device.

  For example, it is assumed that the information processing apparatus 10 connected to the network 36 communicates with the terminal apparatus 20 connected to the global network 38. In this case, the information processing device 10 and the terminal device 20 communicate via the external notification server 32.

  When functioning as a relay server, the external notification server 32 includes a storage area for each device (terminal device 20, authentication server 30, information processing device 10) connected to the network 36. When the external notification server 32 receives a request addressed to any one of these devices, the external notification server 32 stores the received request in a storage area corresponding to the destination device.

  Each device (terminal device 20, authentication server 30, information processing device 10) connected to the network 36 sends an inquiry signal as to whether or not a new request has been stored in a storage area corresponding to the own device every predetermined time. To the external notification server 32.

  When a new request is stored in the storage area corresponding to the inquiry signal transmission source device, the external notification server 32 transmits the request to the inquiry signal transmission source device.

  As a result, devices connected to different networks 36 can communicate with each other via the external notification server 32.

  When functioning as a push notification server, the external notification server 32 accepts a request addressed to any one of the devices (terminal device 20, authentication server 30, and information processing device 10) connected to the network 36. The request is transmitted to the destination device (push notification).

  The authentication server 30 manages user information of a user who uses the information processing system 1000 and information regarding a group to which the user belongs. The authentication server 30 performs user authentication (details will be described later).

  An organization is a collection of one or more users. The organization is, for example, a company, a union, a department to which the organization belongs, a circle, or the like. In the present embodiment, a case where the organization is a company will be described as an example. Note that the organization is not limited to a company as long as it is a collection of users having some common features.

  Note that the external notification server 32 and the authentication server 30 may be configured by a single device.

  The information processing device 10 is a server device for establishing communication between a plurality of terminal devices 20. The information processing apparatus 10 manages, for each of one or a plurality of shared data shared between a plurality of users, a group that can view the shared data. Specifically, for each group, the information processing apparatus 10 manages users belonging to the group, companies (organizations) to which the user belongs, shared data shared by the group, and the like. The information processing apparatus 10 adds a new user to the group (details will be described later).

  Shared data is data shared among a plurality of users. Specifically, the shared data is data obtained by digitizing a document, an image, or the like (hereinafter sometimes referred to as a shared file), a message exchanged between a plurality of users, or the like.

  A group is a group of users who can view shared data. When the shared data is a message, the group is determined for each group of users who are to communicate using the message. When the shared data is a shared file such as document data, it is determined for each group of users who can view the shared file. Creation of a group and designation of a user belonging to the group are performed by a request from the terminal device 20.

  When the shared data is a message, the group may be referred to as a group of users who participate in the chat, a group of users who participate in the chat room, or the like.

  The terminal device 20 is a device operated by a user. The terminal device 20 has a display function for displaying various images. The terminal device 20 is a device that can accept an operation instruction from a user. The terminal device 20 is a device having a communication function for communicating with other devices (terminal device 20, information processing device 10, external notification server 32, authentication server 30). The terminal device 20 may be any device that has at least a display function, a function of accepting an operation instruction, and a communication function. The terminal device 20 is, for example, a personal computer, a smartphone, a tablet terminal, a mobile phone, or the like.

  Next, an example of the hardware configuration of the information processing apparatus 10, the authentication server 30, and the external notification server 32 will be described. FIG. 2 is a schematic diagram illustrating an example of the hardware configuration of the information processing apparatus 10, the authentication server 30, and the external notification server 32.

  Each of the information processing apparatus 10, the authentication server 30, and the external notification server 32 includes a CPU (Central Processing Unit) 11, a ROM (Read Only Memory) 12, a RAM (Random Access Memory) 13, and a HDD (Hard Disk). (Drive) 14 and a communication I / F (interface) 15, which are connected to each other via a bus 16.

  The CPU 11 comprehensively controls operations of the information processing apparatus 10, the authentication server 30, and the external notification server 32. The CPU 11 uses the RAM 13 as a work area (working area) and executes a program stored in the ROM 12 or the HDD 14 to control the overall operation and realize various functional units described later.

  The HDD 14 stores various data. The communication I / F 15 is an interface for communicating with other devices via the network 36.

  Next, an example of the hardware configuration of the terminal device 20 will be described. FIG. 3 is a schematic diagram illustrating an example of a hardware configuration of the terminal device 20.

  The terminal device 20 includes an operation panel 29, an external I / F 23, a communication I / F 24, a CPU 25, a ROM 26, a RAM 27, and an SSD (Solid State Drive) 28. The operation panel 29, the external I / F 23, the communication I / F 24, the CPU 25, the ROM 26, the RAM 27, and the SSD 28 are connected to each other via the bus B.

  The CPU 25 comprehensively controls the operation of the terminal device 20. The CPU 25 uses the RAM 27 as a work area and executes a program stored in the ROM 26 or the SSD 28 to control the operation of the entire terminal device 20 and realize various functional units described later.

  The SSD 28 stores programs and data. Note that the terminal device 20 may be configured to include an HDD instead of the SSD 28.

  The operation panel 29 accepts various operation inputs according to user operations, and displays various information and various images.

  In the present embodiment, the operation panel 29 integrates both an operation reception unit 29A that realizes a reception function that receives various operation inputs and a display unit 29B that realizes a display function that displays various information. A case where the touch panel is provided for will be described. However, the configuration of the operation panel 29 is not limited to such a configuration. For example, the operation panel 29 may be configured with the operation receiving unit 29A and the display unit 29B as separate bodies.

  The external I / F 23 is an interface for communicating with an external memory such as a recording medium. The communication I / F 24 is an interface for communicating with other apparatuses and devices via the network 36.

  Next, the functional configuration of each device (the information processing device 10, the terminal device 20, the authentication server 30, and the external notification server 32) included in the information processing system 1000 will be described. FIG. 4 is a block diagram illustrating a functional configuration example of each device (the information processing device 10, the terminal device 20, the authentication server 30, and the external notification server 32) included in the information processing system 1000.

  In the present embodiment, a case will be described in which a plurality of terminal devices 20 included in the information processing system 1000 includes a first terminal device 21 and a second terminal device 22.

  The first terminal device 21 is a terminal device 20 operated by a user belonging to a certain group, and is a terminal device 20 operated when inviting another user to the group.

  The second terminal device 22 is a terminal device 20 operated by another user who is invited to a group to which the other user belongs. The second terminal device 22 is also a terminal device 20 operated by a user invited to the group by another user.

  That is, each of the terminal devices 20 included in the information processing system 1000 can be selected according to the operation contents of the user who operates each terminal device 20 and the situation of the user (the side invited to the group or the side invited to the group (invitation And the first terminal device 21 or the second terminal device 22.

  First, the functional configuration of the external notification server 32 will be described. The external notification server 32 includes a control unit 52 and a storage unit 54. The control unit 52 and the storage unit 54 are connected so as to be able to exchange data and signals.

  The storage unit 54 stores various data. In the present embodiment, the storage unit 54 includes a storage area for each device connected to the network 36. The storage area is, for example, a folder. That is, the storage unit 54 is provided with a folder corresponding to identification information of each device connected to the network 36.

  The control unit 52 controls the entire external notification server 32. The control unit 52 is realized by the CPU 11, the ROM 12, and the RAM 13 (see FIG. 2). The control unit 52 may be realized by a circuit or the like.

  The control unit 52 includes a communication unit 52A and a communication control unit 52B. A part or all of the communication unit 52A and the communication control unit 52B may be realized by causing a processing device such as the CPU 11 to execute a program (that is, software), or may be realized by hardware such as an IC. Alternatively, it may be realized in combination.

  The communication unit 52A exchanges data with other devices via the network 36.

  In the present embodiment, the communication unit 52A receives a request or information from one device connected to the network 36 (for example, the local network 37) to a device connected to another network 36 (for example, the global network 38). Accept.

  Then, the communication control unit 52B stores the received request or information in a storage area (a corresponding folder in the storage unit 54) corresponding to the identification information of the destination device of the request or information.

  Further, the communication unit 52A determines whether a new request or information is stored in a storage area corresponding to the own device from a device connected to one device (for example, the global network 38) connected to the network 36. Accept inquiry signals. When a new request or information addressed to the device is stored in a storage area (corresponding folder in the storage unit 54) corresponding to the device, the communication control unit 52B transmits the inquiry signal to the device that transmitted the inquiry signal. Send requests and information.

  When the communication unit 52A receives a request or information addressed to a device connected to another network 36 (for example, the global network 38) from one device connected to the network 36 (for example, the local network 37), The request or information may be pushed to the destination device of the request or information.

  Next, a functional configuration of the authentication server 30 will be described. The authentication server 30 includes a control unit 48 and a storage unit 50. The control unit 48 and the storage unit 50 are connected so as to be able to exchange data and signals.

  The storage unit 50 stores various data. In the present embodiment, the storage unit 50 stores a user information DB 50A and a company information DB 50B.

  FIG. 5 is a schematic diagram showing an example of the data configuration of the user information DB 50A and the company information DB 50B.

  The user information DB 50A is a database for managing user information. The data format of the user information DB 50A is not limited and may be a table. FIG. 5A is a schematic diagram illustrating an example of a data configuration of the user information DB 50A. The user information DB 50A is a database for managing detailed information of users who use the information processing system 1000.

  The user information DB 50A associates a company ID, a user ID, a user name, a password, a terminal ID, user information, an accessing user, and a temporary authentication key.

  The user ID is user identification information. The user name is the name of the user identified by the corresponding user ID. The company ID is identification information of a company (that is, an organization) to which the user identified by the corresponding user ID belongs. The password is a password set by the user identified by the corresponding user ID. The terminal ID is identification information of the terminal device 20 used by the user identified by the corresponding user ID.

  The user information in the user information DB 50A is information regarding the user identified by the corresponding user ID. The user information includes secret information that should be managed as a secret and public information that can be disclosed. In the present embodiment, the secret information includes the user's e-mail address, the user's department, and the user's superior name. In the present embodiment, the public information includes the user name of the user and the company name to which the user belongs. Note that it is assumed that which of the plurality of pieces of information about the user is confidential information and which is public information is predetermined. Note that which of the plurality of pieces of information regarding the user is set as confidential information and which is set as public information may be appropriately changed by an operation instruction of the authentication server 30 by the user.

  The accessing user in the user information DB 50 </ b> A is information indicating a user who is accessing the information processing apparatus 10. In the present embodiment, a case will be described in which the user ID of the user who operates the terminal device 20 being accessed is used as the accessing user. The temporary authentication key is an authentication key temporarily given to the user identified by the corresponding user ID.

  Next, the company information DB 50B will be described. The company information DB 50B is a database for managing company information. In addition, the data format of company information DB50B is not limited, A table etc. may be sufficient.

  FIG. 5B is a schematic diagram illustrating an example of a data configuration of the company information DB 50B. The company information DB 50B associates company IDs with company information. The company ID is the same as described above. The company information in the company information DB 50B is information related to a company (organization) identified by the corresponding company ID. In the present embodiment, a case where the company information includes a company name will be described. The company information may be information about the company, and may be information other than the company name, or may include other information together with the company name.

  Returning to FIG. The control unit 48 of the authentication server 30 is realized by the CPU 11, the ROM 12, and the RAM 13 (see FIG. 2). Note that the control unit 48 may be realized by a circuit or the like.

  The control unit 48 includes a communication unit 48A, a communication control unit 48B, and an authentication unit 48C. Some or all of the communication unit 48A, the communication control unit 48B, and the authentication unit 48C may be realized by causing a processing device such as the CPU 11 to execute a program (that is, software), or hardware such as an IC. It may be realized by or may be realized in combination.

  The communication unit 48A exchanges data with other devices (the information processing device 10, the terminal device 20, and the external notification server 32) via the network 36. The communication control unit 48 </ b> B receives various information from the information processing apparatus 10 and the terminal device 20.

  The authentication unit 48C performs user authentication. In the present embodiment, the authentication unit 48C performs primary authentication and secondary authentication as user authentication.

  Specifically, the authentication unit 48C receives the user ID, password, and terminal ID of the terminal device 20 from the terminal device 20 via the communication unit 48A and the communication control unit 48B. , Get. Then, the authentication unit 48C performs primary authentication by confirming whether or not the acquired user ID and password are associated and registered in the user information DB 50A.

  When the acquired user ID and password are associated and registered in the user information DB 50A, the authentication unit 48C determines that the primary authentication is normal and issues a temporary authentication key. Then, the authentication unit 48C registers the issued authentication key in the user information DB 50A in association with the user ID used for the primary authentication. Further, the authentication unit 48C registers the acquired user ID as an accessing user in the user information DB 50A in association with the authentication key. Then, the authentication unit 48C transmits the issued temporary authentication key to the terminal device 20 that is the transmission source of the password via the communication unit 48A and the communication control unit 48B.

  If the acquired user ID and password are not registered in the user information DB 50A in association with each other, the authentication unit 48C determines that the primary authentication is abnormal. Then, the authentication unit 48C transmits information indicating the primary authentication abnormality to the terminal device 20 that is the transmission source of the password via the communication unit 48A and the communication control unit 48B.

  In addition, the authentication unit 48C accepts the use start information via the communication unit 48A and the communication control unit 48B. The usage start information includes a terminal ID of the terminal device 20 that is the transmission source of the usage start information, a user ID of a user who operates the terminal device 20, a temporary authentication key, and a usage start request. The authentication unit 48C determines the secondary authentication by determining whether or not the terminal ID, the user ID, and the temporary authentication key included in the use start information are registered in the user information DB 50A in association with each other. Do.

  The authentication unit 48C determines that the secondary authentication is normal when the terminal ID, the user ID, and the temporary authentication key included in the use start information are registered in the user information DB 50A in association with each other. Then, the authentication unit 48C includes user information corresponding to the terminal ID and user ID included in the use start information in the user information DB 50A, and company information corresponding to the company ID included in the use start information in the company information DB 50B. Read. Then, the authentication unit 48C transmits the read user information and company information to the information processing apparatus 10 via the communication unit 48A and the communication control unit 48B.

  For this reason, in the information processing apparatus 10, user information and company information corresponding to the user ID included in the use start information are registered. Note that a temporary authentication key or password is not registered in the information processing apparatus 10. That is, only some information is registered in the information processing apparatus 10 among the user information DB 50A and the company information DB 50B managed by the authentication server 30. In this way, the information processing apparatus 10 extracts and manages only the minimum necessary information used for information processing from the authentication server 30. Therefore, the information processing system 1000 can improve information security.

  Next, a functional configuration of the information processing apparatus 10 will be described. The information processing apparatus 10 includes a control unit 44 and a storage unit 46.

  The storage unit 46 stores various data. The storage unit 46 is realized by, for example, the HDD 14 (see FIG. 2). In the present embodiment, the storage unit 46 includes a company information DB 46A, a user information DB 46H, a terminal information DB 46B, a group management DB 46C, a message management DB 46D, a file management DB 46E, an invitation code management DB 46F, and reply information management. DB46G is stored.

  FIG. 6 is a schematic diagram illustrating an example of the data configuration of the company information DB 46A, the user information DB 46H, and the terminal information DB 46B.

  The company information DB 46A is a database for managing company information. The data format of the company information DB 46A is not limited and may be a table or the like. FIG. 6A is a schematic diagram illustrating an example of a data configuration of the company information DB 46A. The company information DB 46A associates company IDs with company information. Since the company ID and the company information have been described above, the description thereof is omitted here.

  The user information DB 46H is a database for managing user information. The data format of the user information DB 46H is not limited and may be a table or the like. FIG. 6B is a schematic diagram illustrating an example of a data configuration of the user information DB 46H. The user information DB 46H associates a user ID, a company ID, a user name, and user information. The user ID, company ID, user name, and user information are the same as those in the user information DB 50A described above.

  The terminal information DB 46B is a database for managing the terminal device 20 operated by the user. In addition, the data format of terminal information DB46B is not limited, A table etc. may be sufficient. FIG. 6C is a schematic diagram illustrating an example of a data configuration of the terminal information DB 46B. The terminal information DB 46B associates a terminal ID with a user ID. The terminal ID and user ID are the same as described above.

  FIG. 7 is a schematic diagram showing an example of the data configuration of the group management DB 46C, message management DB 46D, file management DB 46E, and invitation code management DB 46F.

  The group management DB 46C is a database for managing groups. The data format of the group management DB 46C is not limited and may be a table. FIG. 7A is a schematic diagram illustrating an example of a data configuration of the group management DB 46C. The group management DB 46C associates a group ID, a group name, a group manager, a belonging user ID, and detailed group information.

  The group ID is group identification information. The group name is the name of the group identified by the corresponding group ID. The group manager is a user ID of a user who manages a group identified by the corresponding group ID. The affiliation user ID is a user ID of a user who belongs to the group identified by the corresponding group ID. The detailed information of the group is detailed information of the group identified by the corresponding group ID.

  The message management DB 46D is a database for managing messages that are an example of shared data. The data format of the message management DB 46D is not limited and may be a table. FIG. 7B is a schematic diagram illustrating an example of a data configuration of the message management DB 46D. The message management DB 46D associates a group ID, a group name, and message information within the group.

  The group ID and group name are the same as above. The message information within a group is information regarding messages transmitted and received by users belonging to the group identified by the corresponding group ID. The message information within the group in the message management DB 46D includes a message ID, a transmission time, a transmission user ID, and a message.

  The message ID is identification information for identifying a message. The transmission time indicates the time when the message identified by the message ID is transmitted. The sending user ID is the user ID of the user who sent the message identified by the corresponding message ID. Note that the message management DB 46D may further manage the terminal ID of the terminal device 20 operated by the user who has transmitted the corresponding message instead of or together with the calling user ID. A message is a message identified by a corresponding message ID.

  The file management DB 46E is a database for managing a shared file that is an example of shared data. The data format of the file management DB 46E is not limited and may be a table.

  FIG. 17C is a schematic diagram illustrating an example of a data configuration of the file management DB 46E. The file management DB 46E associates a group ID, a group name, and shared file information within the group. The group ID and group name are the same as described above. Shared file information within a group is information relating to a shared file shared by users belonging to the group identified by the corresponding group ID. In the present embodiment, the shared file information in the group includes a file storage location, a file name, and a file creation date and time.

  The file name is the name of the shared file. In the present embodiment, a case where the file name is information that can identify the shared file will be described. The file storage location is information indicating the storage location of the shared file identified by the corresponding file name. The file creation date / time is information indicating the creation date / time of the shared file identified by the corresponding file name.

  The invitation code management DB 46F is a database for managing invitation codes. The invitation code is a key that is issued when a user who does not belong to a group and does not belong to the company to which the manager of the group belongs is invited to a group. The data format of the invitation code management DB 46F is not limited and may be a table.

  FIG. 17D is a schematic diagram illustrating an example of the data configuration of the invitation code management DB 46F. The invitation code management DB 46F associates a group ID, an invitation code, an invitation code issue date, and valid / invalid. The group ID is the same as above. The invitation code in the invitation code management DB 46F is an invitation code issued when a new user is added to the group identified by the corresponding group ID. The invitation code issue date and time is information indicating the date and time when the corresponding invitation code was issued. Valid / invalid is information indicating whether the corresponding invitation code is valid or invalid.

  FIG. 8 is a schematic diagram illustrating an example of a data configuration of the reply information management DB 46G. The reply information management DB 46G is a database that manages information to be returned from the information processing apparatus 10 to the terminal apparatus 20. The data format of the reply information management DB 46G is not limited and may be a table.

  The reply information management DB 46G associates a group ID, a user ID, a type, and user information. The group ID and user ID are the same as described above. The user information in the reply information management DB 46 </ b> G is user information identified by the corresponding user ID, and is user information to be transmitted to the terminal device 20. The type in the reply information management DB 46G is information indicating the type of corresponding user information.

  In the present embodiment, user information transmitted from the information processing apparatus 10 to the terminal apparatus 20 is classified into detailed user information and simple user information. Detailed user information is user information including secret information set as a secret. The simple user information is user information that does not include secret information. The information processing device 10 transmits detailed user information and simple user information to the terminal device 20 by information processing described later (details described later).

  Returning to FIG. Next, the control unit 44 of the information processing apparatus 10 will be described. The control unit 44 of the information processing apparatus 10 is realized by the CPU 11, the ROM 12, the RAM 13 (see FIG. 2), and the like. The control unit 44 may be realized by a circuit or the like.

  The control unit 44 includes a communication unit 44C and an execution unit 44D. The communication unit 44C includes a reception unit 44A and a transmission unit 44B. The execution unit 44D includes a display determination unit 44E, a group determination unit 44F, a registration unit 44G, an issue unit 44H, a setting unit 44I, and a shared data management unit 44J. Some or all of the communication unit 44C, the execution unit 44D, the reception unit 44A, the transmission unit 44B, the display determination unit 44E, the group determination unit 44F, the registration unit 44G, the issue unit 44H, the setting unit 44I, and the shared data management unit 44J For example, it may be realized by causing a processing device such as the CPU 11 to execute a program (that is, software), hardware such as an IC (Integrated Circuit), or a combination thereof. Good.

  The receiving unit 44A receives various types of information and requests from the authentication server 30, the external notification server 32, and the terminal device 20. The receiving unit 44A corresponds to a first receiving unit and a second receiving unit of the information processing apparatus.

  Specifically, the receiving unit 44 </ b> A (first receiving unit) receives new user addition request information to the group from the first terminal device 21. The new user addition request information is information for requesting that a new user be invited to the group (adding a new user). The new user addition request information includes, for example, the terminal ID of the first terminal device 21 that is the transmission source of the new user addition request information, the user ID of the user who operates the first terminal device 21, and the group to be added. Group ID and the user ID of the user to be added.

  The receiving unit 44 </ b> A (second receiving unit) receives group participation request information from the second terminal device 22. The group participation request information includes an invitation code and a terminal ID (second terminal identification information) for identifying the second terminal device 22. In the present embodiment, the participation request information for the group includes the terminal ID of the second terminal device 22 that is the transmission source of the participation request information for the group, and the user ID of the user who operates the second terminal device 22. And an invitation code.

  In addition, the reception unit 44A (second reception unit) receives user information acquisition request information from the first terminal device 21 or the second terminal device 22. In the present embodiment, the receiving unit 44A acquires user information acquisition request information from the first terminal device 21 or the second terminal device 22.

  The user information acquisition request information includes the terminal ID of the terminal device 20 that is the transmission source of the user information acquisition request information, the user ID of the user who operates the terminal device 20, the group ID of the group to which the acquired user belongs, Information acquisition request.

  The transmission unit 44B transmits various types of information and requests to the authentication server 30, the external notification server 32, and the terminal device 20. The transmission unit 44B corresponds to the first transmission unit of the information processing apparatus. Specifically, the transmission unit 44B transmits an invitation code to the group to the first terminal device 21 that is the transmission source of the new user addition request information (details will be described later). The transmitting unit 44B transmits the invitation code issued by the issuing unit 44H.

  The communication unit 44C (reception unit 44A, transmission unit 44B) causes the execution unit 44D to execute various processes according to information received from the terminal device 20, the external notification server 32, and the authentication server 30. For this reason, the communication unit 44C (the reception unit 44A and the transmission unit 44B) is realized by, for example, WebAPI.

  The organization determination unit 44F specifies a company (organization) to which the user identified by the user ID received from the terminal device 20 belongs, a group to which the user belongs, and the like. For example, the group determination unit 44F corresponds to a second determination unit of the information processing device. The organization determination unit 44F determines whether or not the user of the first terminal device 21 that is the transmission source of the new user addition request information to the group belongs to a company (organization) to which the manager of the group belongs. Do.

  The issuing unit 44H issues an invitation code. Specifically, the issuing unit 44H joins the group when the user of the first terminal device 21 that is the transmission source of the new user addition request information to the group belongs to the company to which the manager of the group belongs. Issue an invitation code to

  More specifically, the issuing unit 44H indicates that the user of the first terminal device 21 that is the transmission source of the new user addition request information to the group belongs to the company to which the manager of the group belongs, and adds a new user. When the user to be newly added indicated by the request information belongs to another company different from the company to which the user of the first terminal device 21 belongs, an invitation code for joining the group is issued.

  Then, the issuing unit 44H registers the issued invitation code and the issue date and time of the invitation code in the invitation code management DB 46F in association with the group ID of the group to be added.

  The display determination unit 44E determines whether or not the invitation code issued by the issuing unit 44H and transmitted by the communication unit 44C to the first terminal device 21 is being displayed on the first terminal device 21.

  The determination method by the display determination unit 44E is not limited. For example, the transmission unit 40 </ b> B (second transmission unit) (details will be described later) of the first terminal device 21 displays during the period during which the invitation code is displayed on the operation panel 41 of the first terminal device 21. The medium information is continuously transmitted to the information processing apparatus 10. In this case, the display determination unit 44E of the information processing apparatus 10 determines that the invitation code is being displayed on the first terminal device 21 while receiving the information being displayed from the first terminal device 21. To do.

  Also, when the display of the invitation code on the operation panel 41 of the first terminal device 21 is ended, the display end information indicating the display end is displayed. You may transmit to the information processing apparatus 10. In this case, the display determination unit 44E of the information processing device 10 transmits the invitation code to the first terminal device 21 until the reception end information is received from the first terminal device 21. It may be determined that the code is being displayed on the first terminal device 21.

  The display determination unit 44E of the information processing device 10 may determine that the invitation code is not being displayed when a predetermined time has elapsed since the invitation code was transmitted to the first terminal device 21. In this case, the display determination unit 44E has received a predetermined time from the transmission of the invitation code even in a period in which the display end information from the first terminal device 21 has not been received or a period in which display information is being received. It is preferable to determine that the invitation code is not being displayed.

  This predetermined time may be set in advance. In addition, the predetermined time may be appropriately changed according to an operation instruction of the information processing apparatus 10 by the user. Note that the display determination unit 44E determines whether or not a predetermined time has elapsed since the invitation code was transmitted to the first terminal device 21 by determining whether or not a predetermined time has elapsed since the date and time when the invitation code was issued. Good.

  The registration unit 44G registers various data in the database stored in the storage unit 46. Specifically, the registration unit 44G registers user information and company information received from the authentication server 30 via the communication unit 44C in the company information DB 46A and the user information DB 46H in the storage unit 46. In addition, the registration unit 44G registers the user information of the newly added user in the belonging user ID field in association with the group ID of the group to which the user is added in the group management DB 46C.

  In addition, when the registration unit 44G receives the participation request information to the group from the second terminal device 22 and the invitation code is being displayed on the first terminal device 21, the terminal included in the participation request information User information of the user of the second terminal device 22 identified by the ID (second terminal identification information) is registered as a member of the group.

  Specifically, the display determination unit 44E “validates” the validity / invalidity corresponding to the invitation code in the invitation code management DB 46F during the period when it is determined that the invitation code is being displayed on the first terminal device 21. And If the display determination unit 44E determines that the invitation code is not displayed on the first terminal device 21, the display determination unit 44E sets the validity / invalidity corresponding to the invitation code in the invitation code management DB 46F to “invalid”.

  The registration unit 44G assumes that the validity / invalidity corresponding to the invitation code included in the group participation request information received from the first terminal device 21 in the invitation code management DB 46F indicates “valid”. In this case, the registration unit 44G uses the user ID of the user of the second terminal device 22 identified by the terminal ID (second terminal identification information) included in the participation request information as the group ID corresponding to the invitation code. Register as a member of the group identified by. That is, the registration unit 44G associates with the group ID corresponding to the invitation code in the group management DB 46C, and identifies the second terminal identified by the terminal ID (second terminal identification information) included in the participation request information. The user ID of the user of the device 22 is registered in the column of the belonging user ID. Thereby, the registration unit 44G registers the user information of the new user as a member of the addition target group.

  The setting unit 44I registers with the user of the second terminal device 22 that has transmitted the invitation code before the date and time of issuing the invitation code received from the second terminal device 22 among the shared data shared by the group. Set prohibition of viewing shared data. For this reason, the user of the second terminal device 22 is before the issue date and time of the invitation code transmitted by the second terminal device 22 to the information processing device 10 among the shared data shared by the newly added group. The registered shared data cannot be viewed.

  When the user of the second terminal device 22 belongs to the same company as the administrator of the group to which the user is newly added, the setting unit 44I stores all of the shared data shared by the group. It may be viewable to the user. When the user of the second terminal device 22 belongs to another company different from the manager of the group to which the user is newly added, the setting unit 44I includes the shared data shared by the group, The shared data registered before the issuance date and time of the invitation code used at the time of new addition may be set to be unviewable.

  Note that the shared data registered before the date and time when the invitation code is issued is a message corresponding to the outgoing time before the date and time when the invitation code is issued, and the file corresponding to the file creation date and time before the date and time when the invitation code is issued. It is a file.

  The shared data management unit 44J manages shared data. Specifically, the shared data management unit 44J sequentially registers messages exchanged between the plurality of terminal devices 20 in the message management DB 46D. Specifically, the shared data management unit 44J transmits a message exchanged between the plurality of terminal devices 20 to a group ID, a group name, a message ID, and a transmission time of the group to which the message belongs. The message is registered in the message management DB 46D in association with the calling user ID.

  Further, the shared data management unit 44J sequentially registers the shared file received from the terminal device 20 in the file management DB 46E. Specifically, the shared data management unit 44J stores the shared file in the storage unit 46. Then, the shared data management unit 44J associates the file storage location of the shared file, the file name, the file creation date and time, and the group ID and group name of the group sharing the shared file with the file management DB 46E. sign up.

  Next, the first terminal device 21 will be described. The first terminal device 21 includes a control unit 40 and an operation panel 41. The control unit 40 and the operation panel 41 are connected so as to be able to exchange data and signals. The operation panel 41 includes an operation receiving unit 41A and a display unit 41B. The operation panel 41, the operation reception unit 41A, and the display unit 41B are realized by the operation panel 29, the operation reception unit 29A, and the display unit 29B (see FIG. 3).

  The control unit 40 is realized by the CPU 25, the ROM 26, the RAM 27 (see FIG. 3), and the like. The control unit 40 may be realized by a circuit or the like.

  The control unit 40 includes a communication unit 40E, a display control unit 40C, and a reception unit 40D. The communication unit 40E includes a reception unit 40A and a transmission unit 40B. A part or all of the communication unit 40E, the reception unit 40A, the transmission unit 40B, the display control unit 40C, and the reception unit 40D are realized by causing a processing device such as the CPU 25 to execute a program (that is, software). Alternatively, it may be realized by hardware such as an IC, or may be realized in combination.

  The receiving unit 40A receives various types of information and requests from the external notification server 32, the authentication server 30, the other terminal device 20, and the information processing device 10. The transmission unit 40B transmits various types of information and requests to the external notification server 32, the authentication server 30, the other terminal device 20, and the information processing device 10.

  The transmission unit 40B corresponds to a second transmission unit. The transmission unit 40B transmits new user addition request information to the information processing apparatus 10. The receiving unit 40A corresponds to a third receiving unit. The receiving unit 40A receives an invitation code from the information processing apparatus 10.

  The display control unit 40C performs control to display various images and a display screen described later on the operation panel 41 (display unit 41B, display unit 29B). In the present embodiment, when receiving unit 40A receives the invitation code, display control unit 40C displays the invitation code on display unit 41B (display unit 29B).

  The accepting unit 40D accepts an operation instruction of the operation panel 41 by the user from the operation accepting unit 41A.

  Next, the second terminal device 22 will be described. The second terminal device 22 includes a control unit 42 and an operation panel 43. The control unit 42 and the operation panel 43 are connected so as to be able to exchange data and signals. Operation panel 43 includes an operation accepting unit 43A and a display unit 43B. The operation panel 43, the operation reception unit 43A, and the display unit 43B are realized by the operation panel 29, the operation reception unit 29A, and the display unit 29B (see FIG. 3).

  The control unit 42 is realized by the CPU 25, the ROM 26, the RAM 27 (see FIG. 3), and the like. The control unit 42 may be realized by a circuit or the like.

  The control unit 42 includes a communication unit 42E, a display control unit 42C, and a reception unit 42D. The communication unit 42E includes a reception unit 42A and a transmission unit 42B. Some or all of the communication unit 42E, the reception unit 42A, the transmission unit 42B, the display control unit 42C, and the reception unit 42D are realized by causing a processing device such as the CPU 25 to execute a program (that is, software). Alternatively, it may be realized by hardware such as an IC, or may be realized in combination.

  The receiving unit 42 </ b> A receives various information and requests from the external notification server 32, the authentication server 30, another terminal device 20, and the information processing device 10. The transmission unit 42B transmits various information and requests to the external notification server 32, the authentication server 30, the other terminal device 20, and the information processing device 10.

  The display control unit 42C performs control to display various images and a display screen described later on the operation panel 43 (display unit 43B, display unit 29B).

  The receiving unit 42D receives an operation instruction from the user on the operation panel 43 from the operation receiving unit 43A. In the present embodiment, the accepting unit 42D of the second terminal device 22 accepts the input of the invitation code displayed on the first terminal device 21 according to an operation instruction on the operation panel 43 by the user. That is, the user who operates the second terminal device 22 looks at the invitation code displayed on the display unit 41B (display unit 29B) of the first terminal device 21, and uses the visually checked invitation code as the second terminal device 22. The operation panel 43 is used for input. Then, the accepting unit 42D accepts the invitation code from the operation panel 43.

  In this case, the transmission unit 42B receives the invitation code received by the reception unit 42D, the terminal ID of the second terminal device 22, and the user ID of the user who operates the second terminal device 22. 10 to send.

  Next, an example of the overall flow of processing performed in the information processing system 1000 according to the present embodiment will be described. FIG. 9 is a schematic diagram illustrating an example of the overall flow of processing executed by the information processing system 1000 according to the present embodiment.

  First, in the information processing system 1000, authentication / initialization processing is executed (step S100). In the authentication / initialization processing, user authentication of the user who operates the first terminal device 21 and part of the user information DB 50A and the company information DB 50B managed by the authentication server 30 are stored in the storage unit 46 of the information processing device 10. It is a process to register. Details of the authentication / initialization process will be described later.

  Next, the information processing system 1000 executes user information display processing (step S102). The user information display process is a process for displaying user information or the like managed by the information processing apparatus 10 on the terminal device 20. Details of the user information display process will be described later.

  Next, the information processing system 1000 executes user addition processing (step S104). Then, this routine ends. The user addition process is a process for creating a new group or adding a new user to the created group.

  First, the authentication / initialization process (step S100 in FIG. 9) will be described. FIG. 10 is a sequence diagram showing an example of the flow of authentication / initialization processing.

  First, the receiving unit 40D of the first terminal device 21 receives the user ID and password from the operation panel 41 (SEQ200). The user of the first terminal device 21 inputs the user ID and password of the user by operating the operation panel 41 of the first terminal device 21.

  The transmission unit 40B of the first terminal device 21 transmits the received user ID and password and the terminal ID of the first terminal device 21 to the authentication server 30 (SEQ202). The authentication unit 48C of the authentication server 30 receives the user ID, password, and terminal ID of the terminal device 20 from the terminal device 20 via the communication unit 48A and the communication control unit 48B. (SEQ204, SEQ206). Then, the authentication unit 48C performs primary authentication by confirming whether or not the acquired user ID and password are associated and registered in the user information DB 50A (SEQ208, SEQ210). Here, the description is continued assuming that the primary authentication is normal.

  If the authentication unit 48C determines that the primary authentication is normal, it issues a temporary authentication key (SEQ212). Then, the authentication unit 48C registers the issued authentication key in the user information DB 50A in association with the user ID used for the primary authentication (SEQ214). Further, the authentication unit 48C registers the acquired user ID as an accessing user in the user information DB 50A in association with the authentication key (SEQ214).

  Then, the authentication unit 48C transmits the issued temporary authentication key to the first terminal device 21 of the transmission source such as the user ID of SEQ202 via the communication unit 48A and the communication control unit 48B (SEQ216, SEQ218). , SEQ220).

  The receiving unit 40A of the first terminal device 21 receives a temporary authentication key from the authentication server 30. Then, the receiving unit 40D of the first terminal device 21 receives a use start instruction from the operation panel 41 (SEQ222). For example, the display control unit 40C of the first terminal device 21 displays a display screen for accepting a use start instruction on the operation panel 41 when the receiving unit 40A receives a temporary authentication key. The user may input a use start instruction by operating the operation panel 41 while viewing the display screen. As a result, the accepting unit 40D accepts a use start instruction from the operation panel 41.

  Then, the transmission unit 40B of the first terminal device 21 transmits use start information to the information processing device 10 (SEQ224). As described above, the usage start information includes the terminal ID of the first terminal device 21, the user ID of the user operating the first terminal device 21, the temporary authentication key received in SEQ 220, and the usage start request. And including.

  The registration unit 44G of the information processing device 10 receives the use start information from the first terminal device 21 via the communication unit 44C (SEQ226), and sends the received use start information to the authentication server 30 via the communication unit 44C. Transmit (SEQ228).

  The authentication unit 48C of the authentication server 30 receives use start information from the information processing apparatus 10 via the communication unit 48A and the communication control unit 48B (SEQ230, SEQ232). The authentication unit 48C determines whether or not the terminal ID, the user ID, and the temporary authentication key included in the use start information are registered in the user information DB 50A in association with each other, thereby performing the secondary authentication. (SEQ234, SEQ236). Here, the description is continued assuming that the secondary authentication is normal.

  When the authentication unit 48C determines that the secondary authentication is normal, the user information corresponding to the terminal ID and the user ID included in the use start information in the user information DB 50A, the company ID corresponding to the user ID, and the company information DB 50B The company information corresponding to the company ID is read (SEQ238, SEQ240). Then, the authentication unit 48C transmits the read user information, company ID, and company information to the information processing apparatus 10 via the communication unit 48A and the communication control unit 48B (SEQ242, SEQ244, SEQ246).

  The registration unit 44G registers the user information and company ID received from the authentication server 30 in the user information DB 46H in association with the user ID received in SEQ226 (SEQ248, SEQ250, SEQ252). If the user name is further received in SEQ 226 or SEQ 246, the registration unit 44G registers the user name in the user information DB 46H in association with the user ID (SEQ 250, SEQ 252). The registration unit 44G registers the company information received from the authentication server 30 in the company information DB 46A in association with the company ID received from the authentication server 30 (SEQ250, SEQ252). Then, this sequence ends.

  Next, user information display processing (see step S102 in FIG. 9) executed by the information processing system 1000 will be described. FIG. 11 is a sequence diagram illustrating an example of a procedure of user information display processing executed by the information processing system 1000 according to the present embodiment.

  First, the control part 40 of the 1st terminal device 21 starts the application for performing the information processing of this Embodiment (SEQ300). For example, the activation of the application is instructed by an operation instruction on the operation panel 41 by the user. Then, the control part 40 starts the application for performing this information processing.

  Then, the transmission unit 40B of the first terminal device 21 receives information on the terminal ID of the first terminal device 21, the user ID of the user who operates the first terminal device 21, and the group information acquisition request. It transmits to the processing apparatus 10 (SEQ302). The organization determination unit 44F of the information processing device 10 receives a user ID, terminal ID, and group information acquisition request from the first terminal device 21 via the communication unit 44C (SEQ304).

  The organization determination unit 44F specifies the group to which the user identified by the user ID accepted in SEQ304 belongs (SEQ306, SEQ308). The organization determination unit 44F specifies a group ID and a group name corresponding to the user ID received in SEQ304 from the group management DB 46C. Thereby, group discriminating part 44F specifies a group.

  The group determination unit 44F transmits group list information including the specified group name and group ID to the first terminal device 21 via the communication unit 44C (SEQ310, SEQ312).

  The first terminal device 21 displays a list of group names received in SEQ 312 on the display unit 41B (display unit 29B) (SEQ 314).

  FIG. 12 is a schematic diagram illustrating an example of the display screen 70 displayed on the operation panel 29 of the terminal device 20. FIG. 12A is a schematic diagram illustrating an example of a display screen 70A displayed by the first terminal device 21 in the processing of SEQ 314 (see FIG. 11). The display control unit 40C of the first terminal device 21 displays, for example, a display screen 70A including a list of received group names on the operation panel 41 (operation panel 29).

  The user selects any group by operating the operation panel 41 while referring to the operation panel 41 (operation panel 29). Returning to FIG. 11, the reception unit 40D of the first terminal device 21 receives the selection of the group (SEQ316).

  The transmission unit 40B of the first terminal device 21 transmits user information acquisition request information to the information processing device 10 (SEQ318). The user information acquisition request information includes the user ID of the user who operates the first terminal device 21, the terminal ID of the first terminal device 21, the group ID of the group that received the selection in SEQ 316, and the user information acquisition request And including.

  The organization determination unit 44F of the information processing device 10 receives user information acquisition request information from the first terminal device 21 via the communication unit 44C (SEQ320). The organization determination unit 44F registers the group ID received in SEQ320 in the reply information management DB 46G. The group determination unit 44F newly creates a reply information management DB 46G each time new user information acquisition request information is received from the terminal device 20.

  The organization determination unit 44F specifies the users belonging to the group identified by the group ID received in SEQ320 (SEQ322, SEQ324). In SEQ324, the organization determination unit 44F specifies a user by reading a list of user IDs registered as belonging user IDs corresponding to the group ID accepted in SEQ320 in the group management DB 46C.

  Then, the organization determination unit 44F executes the processing of SEQ326 for each of the users specified in SEQ322. The processing of SEQ 326 includes the processing of SEQ 328 to SEQ 334.

  The organization determination unit 44F first determines whether or not the user identified by the user ID specified in SEQ322 belongs to the same company (organization) to which the user identified by the user ID received in SEQ320 belongs. (SEQ328). When belonging to a different company (SEQ328: No), the process proceeds to SEQ332.

  On the other hand, when belonging to the same company (SEQ328: Yes), the organization determination unit 44F creates detailed user information corresponding to the specified user ID (SEQ330). In SEQ330, the organization determination unit 44F reads the secret information and the public information in the user information corresponding to the specified user ID from the user information DB 46H. Then, the group determination unit 44F creates the read secret information and public information as detailed user information.

  Then, the organization determination unit 44F registers the read detailed user information, the user ID of the user of the detailed user information, and the type in the reply information management DB 46G in association with the group ID received in SEQ320.

  On the other hand, the group identification unit 44F belongs to another company (group) in which the user identified by the user ID specified in SEQ322 belongs to a company (group) to which the user identified by the user ID received in SEQ320 belongs. It is judged whether or not (SEQ332). When belonging to the same company (SEQ332: No), the processing of SEQ326 for the user ID to be processed is terminated.

  On the other hand, when belonging to another different company (SEQ332: Yes), the organization determination unit 44F creates simple user information corresponding to the identified user ID (SEQ334). In SEQ334, the organization determination unit 44F reads user information corresponding to the identified user ID from the user information DB 46H that does not include secret information (that is, includes company name and user name that are public information). Then, the group determination unit 44F creates the read user information that does not include secret information as simple user information.

  The group determination unit 44F registers the read simple user information, the user ID of the user of the simple user information, and the type in the reply information management DB 46G in association with the group ID received in SEQ320.

  Next, the organization determination unit 44F creates the reply information management DB 46G (see FIG. 8) generated by the processing of SEQ326 as reply information, and rearranges them using a predetermined item (for example, user ID) as a key (SEQ336). . Then, the group determination unit 44F transmits user information belonging to the group identified by the group ID received in SEQ320 to the first terminal device 21 via the communication unit 44C (SEQ338, SEQ340).

  Specifically, the group determination unit 44F sets the user ID and all corresponding user information (detailed user information or simple user information) registered in the reply information management DB 46G in SEQ326 as user information belonging to the group. Transmit to the first terminal device 21. The group determination unit 44F clears (deletes) information registered in the reply information management DB 46G after the processing of SEQ338.

  The receiving unit 40A of the first terminal device 21 receives user information belonging to a group. Then, the display control unit 40C of the first terminal device 21 displays the detailed user information and the simple user information included in the user information belonging to the group received in SEQ340 on the operation panel 41 as a user list (SEQ342). . Then, this sequence ends.

  FIG. 12B is a schematic diagram showing an example of a display screen 70B displayed on the terminal device 20 of the first terminal device 21 in SEQ342 (see FIG. 11). As shown in FIG. 12B, the operation panel 41 (operation panel 29) of the first terminal device 21 includes the group name of the group selected by the first terminal device 21 and the users belonging to the group. A display screen 70B including a list of user information is displayed.

  Of the users belonging to the group selected by the first terminal device 21, detailed user information is displayed for users belonging to the same company as the company to which the user operating the first terminal device 21 belongs. The Further, among users belonging to the group selected by the first terminal device 21, simplified user information is stored for users belonging to other companies different from the company to which the user operating the first terminal device 21 belongs. Is displayed.

  In the sequence of FIG. 11, the second terminal device 22 may execute the process shown in FIG. 11 instead of the first terminal device 21. In this case, as shown in FIG. 12B, the operation panel 43 (operation panel 29) of the second terminal device 22 includes the group name of the group selected by the second terminal device 22 and the group. A display screen 70B including a list of user information of the user to which the user belongs is displayed.

  Of the users belonging to the group selected by the second terminal device 22, detailed user information is displayed for users belonging to the same company as the company to which the user operating the second terminal device 22 belongs. The Further, among users belonging to the group selected by the second terminal device 22, simplified user information is stored for users belonging to other companies different from the company to which the user operating the second terminal device 22 belongs. Is displayed.

  Next, a user addition process (see step S104 in FIG. 9) executed in the information processing system 1000 will be described. FIG. 13 and FIG. 15 described later are sequence diagrams illustrating an example of the procedure of the user addition process executed by the information processing system 1000 according to the present embodiment.

  First, the receiving unit 40D of the first terminal device 21 receives a group creation processing start instruction from the operation panel 41 (SEQ400). The user inputs a group creation processing start instruction by operating the operation panel 41 of the first terminal device 21 when creating a new group. Thereby, the reception unit 40D of the first terminal device 21 receives the group creation processing start instruction.

  Then, the display control unit 40C of the first terminal device 21 displays a group creation screen on the operation panel 41 of the first terminal device 21 (SEQ402).

  FIG. 14 is a schematic diagram illustrating an example of the display screen 70 displayed on the first terminal device 21. FIG. 14A is a schematic diagram showing an example of a display screen 70C (group creation screen) displayed on the operation panel 41 by the process of SEQ402 (see FIG. 13).

  The user of the first terminal device 21 inputs the group name of the newly created group in the group name column on the display screen 70C, and operates the completion button and the like. Returning to FIG. 13, the receiving unit 40 </ b> D of the first terminal device 21 receives an input of a group name from the operation panel 41 (SEQ <b> 404).

  Then, the transmission unit 40B of the first terminal device 21 creates the group name accepted in SEQ404, the terminal ID of the first terminal device 21, the user ID of the user who operates the first terminal device 21, and a new creation. The request is transmitted to the information processing apparatus 10 (SEQ406).

  The organization determination unit 44F of the information processing device 10 receives the user ID, terminal ID, group name, and new creation request from the first terminal device 21 via the communication unit 44C (SEQ408).

  The organization determination unit 44F searches the group management DB 46C of the storage unit 46 for the group name accepted in SEQ408, thereby determining whether or not the group name has already been registered (SEQ412). When the group name accepted in SEQ408 is not registered in the group management DB 46C, the organization determination unit 44F assigns a group ID to the group name accepted in SEQ408. Then, the organization determination unit 44F associates the assigned group ID with the group name received in SEQ408 and registers it in the group management DB 46C (SEQ414, SEQ416). Further, the organization determination unit 44F registers the user ID received in SEQ408 in the group management DB 46C as the group manager of the group (SEQ414, SEQ416). By registration in the group management DB 46C, the group determination unit 44F creates a group.

  The group determination unit 44F transmits the group name of the created group and the group ID assigned to the group to the first terminal device 21 via the communication unit 44C (SEQ418, SEQ420).

  The first terminal device 21 displays the group name received in SEQ420 on the operation panel 41 (SEQ422). FIG. 14B is a schematic diagram illustrating an example of a display screen 70D displayed on the operation panel 41 of the first terminal device 21 in SEQ422 (see FIG. 13). As described above, the display screen 70 </ b> D includes the group name of the new group input by the user who operates the first terminal device 21.

  The display screen 70 </ b> D includes selection buttons such as “select user to invite” and “invite users from other companies”.

  The selection button “select user to invite” is operated when a new user who belongs to the same company as the user who operates the first terminal device 21 is newly added to the group having the displayed group name. This is a button image.

  The selection button “Invite a user of another company” newly adds another user belonging to another company different from the user who operates the first terminal device 21 to the group having the displayed group name. Sometimes it is a button image to be operated.

  Returning to FIG. For example, it is assumed that the selection button “select user to invite” (see FIG. 14B) on the display screen 70D displayed on the first terminal device 21 is instructed by the user. In this case, the first terminal device 21 receives an acquisition request instruction for user information belonging to the same company as the user who operates the first terminal device 21 (SEQ424). The transmission unit 40B of the first terminal device 21 transmits the user ID of the first terminal device 21, the terminal ID of the first terminal device 21, and the user information acquisition request of the same company to the information processing device 10. (SEQ426).

  The organization determination unit 44F of the information processing device 10 receives the user ID, the terminal ID, and the user information acquisition request of the same company from the first terminal device 21 via the communication unit 44C (SEQ428). The organization determination unit 44F of the information processing apparatus 10 reads all other user IDs and user information corresponding to the company ID corresponding to the user ID received in SEQ428 in the user information DB 46H (SEQ430, SEQ432).

  Then, the organization determination unit 44F reads the secret information and public information in the user information read in SEQ430 and SEQ432 as detailed user information, and creates a detailed user information list (SEQ434). The detailed user information list includes detailed user information and the user ID of the user of the detailed user information. Then, the group determination unit 44F transmits the created detailed user information list to the first terminal device 21 via the communication unit 44C (SEQ436, SEQ438).

  In SEQ 434, the group determination unit 44F may read the public information in the user information read in SEQ 430 and SEQ 432, and create a simple user information list. In this case, in SEQ436 and SEQ438, the organization determination unit 44F may transmit the created simple user information list to the first terminal device 21 via the communication unit 44C. The simple user information list includes simple user information and the user ID of the user of the simple user information.

  The first terminal device 21 displays the received list of detailed user information on the operation panel 41 (SEQ440). Note that when the simple user information is received, the first terminal device 21 may display a list of the received simple user information on the operation panel 41.

  On the other hand, it is assumed that the selection button “Invite a user of another company” (see FIG. 14B) on the display screen 70D displayed on the first terminal device 21 is instructed by the user. In this case, the first terminal device 21 accepts an acquisition request instruction for user information belonging to another company different from the user who operates the first terminal device 21 (SEQ442). The transmission unit 40B of the first terminal device 21 transmits the user ID of the first terminal device 21, the terminal ID of the first terminal device 21, and a user information acquisition request of another company to the information processing device 10. (SEQ444).

  The group determination unit 44F of the information processing device 10 receives the user ID, the terminal ID, and the user information acquisition request of another company from the first terminal device 21 via the communication unit 44C (SEQ446). The organization determination unit 44F of the information processing device 10 reads all other user IDs and user information corresponding to the company ID other than the company ID corresponding to the user ID received in SEQ446 in the user information DB 46H (SEQ448, SEQ450).

  Then, the organization determination unit 44F reads the public information in the user information read in SEQ448 and SEQ450 as simple user information and creates a simple user information list (SEQ452). Then, the group determination unit 44F transmits the created simple user information list to the first terminal device 21 via the communication unit 44C (SEQ454, SEQ456).

  The first terminal device 21 displays the received list of simple user information on the operation panel 41 (SEQ458).

  In the sequence diagram illustrated in FIG. 13, the information processing system 1000 is described as performing either one of the processes of SEQ424 to SEQ440 or the processes of SEQ442 to SEQ458.

  The user of the first terminal device 21 newly adds to the group having the group name transmitted in SEQ 406 from the users of the user information displayed on the operation panel 41 by the processing of SEQ 440 or SEQ 458 (that is, invites the user). ) Select user information of the target user. Thereby, the reception unit 40D of the first terminal device 21 receives a new user addition request from the operation panel 41 (SEQ460). In addition, when the new user addition request is accepted, the display control unit 40C of the first terminal device 21 preferably displays the user information of the user to be newly added on the operation panel 41.

  FIG. 14C is a schematic diagram illustrating an example of the display screen 70 (display screen 70E) displayed on the operation panel 41 of the first terminal device 21 after the processing of SEQ460. The display screen 70E displays a list of newly added users selected by the user of the first terminal device 21 among the group name and the user name of the user received from the information processing apparatus 10 (in FIG. 14C). , User A, user B).

  Returning to FIG. Upon receiving the new user addition request, the first terminal device 21 transmits new user addition request information to the information processing apparatus 10 (SEQ462). The organization determination unit 44F of the information processing apparatus 10 receives the new user addition request information from the first terminal device 21 via the communication unit 44C (SEQ464).

  The new user addition request information includes the terminal ID of the first terminal device 21 that is the transmission source of the new user addition request information, the user ID of the user who operates the first terminal device 21, and the group ID received in SEQ418. And a user ID of a user newly added to the group identified by the group ID.

  The group determination unit 44F of the information processing device 10 allows the user of the first terminal device 21 that is the transmission source of the new user addition request information in SEQ464 to be the group manager corresponding to the group ID included in the new user addition request information. It is determined whether the user belongs to the company to which the user belongs (SEQ466).

  When the user of the first terminal device 21 does not belong to the company to which the group manager corresponding to the group ID included in the new user addition request information belongs (SEQ466: No), the process proceeds to SEQ484 described later.

  On the other hand, when the user of the first terminal device 21 belongs to the company to which the group manager corresponding to the group ID included in the new user addition request information belongs (SEQ466: Yes), the process proceeds to SEQ468.

  In SEQ468, the group identification unit 44F adds a user ID included in the new user addition request information of SEQ464 different from the company to which the user of the first terminal device 21 that is the transmission source of the new user addition request information belongs. It is determined whether the user belongs to the company (SEQ468).

  When the user ID to be added included in the new user addition request information does not belong to a company different from the company to which the user of the first terminal device 21 that is the transmission source of the new user addition request information belongs (SEQ468: No) Then, the process proceeds to SEQ 484 described later.

  On the other hand, when the user ID to be added included in the new user addition request information belongs to a company different from the company to which the user of the first terminal device 21 that is the transmission source of the new user addition request information belongs (SEQ468: Yes), go to SEQ 470.

  In SEQ 470, the organization determination unit 44F outputs the group ID included in the new user addition request information and the invitation code issue request to the issue unit 44H (SEQ 470).

  The issuing unit 44H issues an invitation code (SEQ472, SEQ474). Specifically, the issuing unit 44H is for joining the group when the user of the first terminal device 21 that is the transmission source of the new user addition request information belongs to the company to which the manager of the group belongs. Issue an invitation code.

  More specifically, the issuing unit 44H indicates that the user of the first terminal device 21 that is the transmission source of the new user addition request information to the group belongs to the company to which the manager of the group belongs, and adds a new user. When the user to be newly added indicated by the request information belongs to another company different from the company to which the user of the first terminal device 21 belongs, an invitation code for joining the group is issued (SEQ472) ).

  Then, the issuing unit 44H registers the issued invitation code and the issuance date / time of the invitation code in the invitation code management DB 46F in association with the group ID included in the new user addition request information (SEQ474). In addition, the issuing unit 44H sets invalid / invalid items corresponding to the invitation code in the invitation code management DB 46F (SEQ474).

  Then, the issuing unit 44H transmits the invitation code issued in SEQ472 to the first terminal device 21 via the communication unit 44C (SEQ476, SEQ478).

  When the receiving unit 40A of the first terminal device 21 receives the invitation code from the information processing device 10, the display control unit 40C of the first terminal device 21 operates the operation panel 41 (display unit 29B) of the first terminal device 21. ) Displays the received invitation code (SEQ480).

  FIG. 14D is a schematic diagram illustrating an example of the display screen 70 </ b> G of the first terminal device 21. Through the processing of SEQ480, the display screen 70G including the invitation code (“123456” in FIG. 14D) is displayed on the operation panel 41 (operation panel 29) of the first terminal device 21.

  The user of the first terminal device 21 is a user who belongs to a company different from the company to which the user of the first terminal device 21 belongs, and shows the invitation code to the user newly added to the group (SEQ482). . A user newly added to the group, that is, a user newly invited to the group recognizes the invitation code by visually recognizing the invitation code displayed on the first terminal device 21. Then, the user newly invited to the group inputs the invitation code by operating the second terminal device 22 (details will be described later).

  On the other hand, if a negative determination is made in SEQ466 and SEQ468 (SEQ466: No, SEQ468: No), the flow proceeds to SEQ484.

  In SEQ484, the group determination unit 44F has the same user as the user of the first terminal device 21 that has transmitted the new user addition request information as the user identified by the user ID to be added included in the new user addition request information of SEQ464. It is determined that the user belongs to the company (SEQ484). In other words, the organization determination unit 44F determines that this is a user addition request for a user belonging to the same company as the transmission source user of the new user addition request information.

  That is, in this case, the user identified by the user ID to be added included in the new user addition request information received in SEQ 464 is the same company as the user of the first terminal device 21 that is the transmission source of the new user addition request information. Is a user belonging to.

  Therefore, in this case, the organization determination unit 44F outputs the new user addition request information received in SEQ464 to the registration unit 44G (SEQ486).

  The registration unit 44G associates the user ID to be added included in the new user addition request information received from the group determination unit 44F with the group ID included in the new user addition request information, and performs group management as the belonging user ID. It registers in DB46C (SEQ488, SEQ490).

  Then, the registration unit 44G transmits addition completion information indicating that the user addition has been completed to the first terminal device 21 via the communication unit 44C (SEQ492, SEQ494).

  Next, the processing after the invitation code is displayed on the first terminal device 21 (SEQ480) in FIG. 13 will be described. FIG. 15 is a sequence diagram illustrating an example of a process procedure after the invitation code is displayed on the first terminal device 21 (SEQ480) in the user addition process.

  As described with reference to SEQ 480 in FIG. 13, when the receiving unit 40A of the first terminal device 21 receives the invitation code from the information processing device 10, the display control unit 40C of the first terminal device 21 performs the first operation. The received invitation code is displayed on the operation panel 41 (display unit 29B) of the terminal device 21 (SEQ508).

  For this reason, as shown in FIG. 14D, the operation panel 41 (operation panel 29) of the first terminal device 21 has a display screen 70G including the invitation code (“123456” in FIG. 14D). Is displayed.

  As described with reference to SEQ 482 in FIG. 13, the user of the first terminal device 21 is a user who belongs to a company different from the company to which the user of the first terminal device 21 belongs, and is newly added to the group. Show the invitation code to the user to be added to (SEQ510). A user newly added to the group, that is, a user newly invited to the group recognizes the invitation code by visually recognizing the invitation code displayed on the first terminal device 21. Then, a user newly invited to the group inputs an invitation code by operating the second terminal device 22. As a result, the accepting unit 42D of the second terminal device 22 accepts the input of the invitation code from the operation panel 43 (SEQ512).

  For this reason, the user invited to the group visually recognizes the invitation code displayed on the first terminal device 21 operated by the inviting user, and inputs the invitation code using the second terminal device 22.

  The transmission unit 42B of the second terminal device 22 includes the invitation code accepted in SEQ512, the user ID of the user of the second terminal device 22, and the terminal ID of the second terminal device 22. The participation request information is transmitted to the information processing apparatus 10 (SEQ514).

  The display determination unit 44E of the information processing apparatus 10 receives group participation request information from the second terminal device 22 via the communication unit 44C (SEQ516).

  The display determination unit 44E of the information processing apparatus 10 determines whether or not the invitation code is being displayed on the first terminal device 21 that has transmitted the invitation code included in the participation request information received in SEQ516 (SEQ518). ). Since the method for determining whether the display is being performed by the display determination unit 44E has been described above, the description is omitted here.

  When the invitation code is being displayed on the first terminal device 21 (SEQ518: Yes), the display determination unit 44E determines whether the invitation code corresponding to the invitation code included in the participation request information received in SEQ516 in the invitation code management DB 46F. Invalid is set to valid (SEQ520).

  Then, the display determination unit 44E outputs a registration instruction to the group determination unit 44F and the registration unit 44G (SEQ522, SEQ524). The registration instruction includes a user ID, a terminal ID, and an invitation code included in the participation request information received at SEQ516.

  The registration unit 44G associates the user ID received in SEQ524 with the group ID corresponding to the received invitation code, and registers it in the group management DB 46C as a belonging user ID (SEQ526, SEQ528). The group ID corresponding to the received invitation code may be confirmed from the invitation code management DB 46F.

  Then, the registration unit 44G transmits addition completion information indicating that the addition of the user has been completed to the first terminal device 21 displaying the invitation code and the second terminal device 22 that is the transmission source of the participation request information. (SEQ530, SEQ532, SEQ533).

  On the other hand, the registration unit 44G outputs registration completion information to the setting unit 44I (SEQ534). The registration completion information includes the user ID of the newly registered user, the terminal ID of the second terminal device 22 used by the user, the group ID of the added group, and the invitation code. The registration unit 44G may obtain the group ID corresponding to the invitation code included in the registration instruction received in SEQ524 as the group ID from the invitation code management DB 46F. The registration unit 44G may use the invitation code included in the registration instruction received in SEQ524 as the invitation code included in the registration completion information.

  The setting unit 44I prohibits the user of the second terminal device 22 identified by the terminal ID included in the received registration completion information from browsing the shared data before the date and time when the invitation code included in the registration completion information is issued. Is set (SEQ536, SEQ538). In other words, the setting unit 44I sets prohibition of viewing shared data registered before the date and time when the invitation code is issued for the user identified by the user ID included in the received registration completion information.

  Here, it is assumed that the receiving unit 42D of the second terminal device 22 has received a shared data acquisition request from the operation panel 43 (SEQ540). The second terminal device 22 transmits a shared data acquisition request to the information processing device 10 (SEQ542). The shared data acquisition request includes a group ID of a group to which the user of the second terminal device 22 belongs, a user ID of the user of the second terminal device 22, a terminal ID of the second terminal device 22, including.

  The shared data management unit 44J receives the shared data acquisition request from the second terminal device 22 via the communication unit 44C (SEQ546). The shared data management unit 44J can share the user identified by the user ID included in the shared data acquisition request among the shared data (shared file or message) corresponding to the group ID included in the shared data acquisition request. Data is retrieved from the storage unit 46 (SEQ548, SEQ550).

  The shared data that can be browsed by the user is a shared data that is stored in the storage unit 46 and that is not set to prohibit browsing for the user identified by the user ID among the shared data corresponding to the group ID. It is data.

  The shared data management unit 44J transmits the searched shared data that can be browsed to the second terminal device 22 that has transmitted the shared data acquisition request via the communication unit 44C (SEQ552, SEQ554).

  The second terminal device 22 displays the received shared data on the operation panel 43 (SEQ556). The first terminal device 21 may also transmit a shared data acquisition request to the information processing device 10, similarly to the second terminal device 22. In this case, the first terminal device 21 displays the shared data received from the information processing device 10 on the operation panel 41.

  FIG. 16 is a schematic diagram illustrating an example of the display screen 70 displayed on the terminal device 20 (the first terminal device 21 or the second terminal device 22) that is the transmission source of the shared data acquisition request. FIG. 16A is a schematic diagram showing an example of a display screen 70H displayed on the first terminal device 21 of a user belonging to the same company as the group manager of the group being displayed (group A in FIG. 16). is there. As shown in FIG. 16A, all of the shared data (message in FIG. 16) shared by the group is displayed on the display screen 70H.

  FIG. 16B is a schematic diagram illustrating an example of a display screen 70I displayed on the second terminal device 22 of a user belonging to another company different from the group manager of the group being displayed (group A in FIG. 16). FIG. It is assumed that the shared data shared by the group does not include shared data registered after the date and time of issuing the invitation code received from the second terminal device 22 by the information processing apparatus 10. In this case, since there is no shared data registered before the issuance date and time of the invitation code, as shown in FIG. 16B, the shared data shared by the group is not displayed on the display screen 70I.

  Returning to FIG. When a negative determination is made in the determination of SEQ518 (SEQ518: No), the process proceeds to SEQ558. In SEQ558, the display determination unit 44E sets invalid / invalid corresponding to the invitation code included in the participation request information received in SEQ516 in the invitation code management DB 46F (SEQ558). Then, this sequence ends.

  As described above, the information processing system 1000 according to the present embodiment includes the information processing device 10, the first terminal device 21 that communicates with the information processing device 10, and the second terminal device that communicates with the information processing device 10. 22. The information processing apparatus 10 includes a receiving unit 44A (first receiving unit), a transmitting unit 44B (first transmitting unit), a receiving unit 44A (second receiving unit), and a display determining unit 44E (first receiving unit). A determination unit) and a registration unit 44G.

  The receiving unit 44A receives the new user addition request information to the group from the first terminal device 21. The transmission unit 44B transmits the invitation code to the group to the first terminal device 21 that is the transmission source of the new user addition request information. The receiving unit 44A receives from the second terminal device 22 group participation request information including an invitation code and second terminal identification information (terminal ID) for identifying the second terminal device 22. The display determination unit 44E determines whether or not the invitation code is being displayed on the first terminal device 21. When the registration unit 44G receives the participation request information to the group from the second terminal device 22 and the invitation code is being displayed on the first terminal device 21, the registration ID 44G includes the terminal ID ( User information of the user of the second terminal device 22 identified by the second terminal identification information) is registered as a member of the group.

  The first terminal device 21 includes a display unit 41B (display unit 29B), a transmission unit 40B (second transmission unit), a reception unit 40A (third reception unit), and a display control unit 40C. . The transmission unit 40B transmits new user addition request information to the information processing apparatus 10. The receiving unit 40A receives the invitation code. The display control unit 40C displays the invitation code on the display unit 41B (display unit 29B).

  As described above, in the information processing system 1000 according to the present embodiment, when the information processing apparatus 10 receives the participation request information including the invitation code from the second terminal apparatus 22, the request for adding a new user to the group is performed. When the invitation code is being displayed on the first terminal device 21 that is the information transmission source, the user information of the user of the second terminal device 22 is registered as a member of the group.

  For this reason, in the information processing system 1000 according to the present embodiment, when another user is added to the group, the terminal device 20 (second terminal device 22) that is the transmission source of the invitation code for inviting the other user. When the other user who operates is in a state where the first terminal device 21 operated by the user who invites the other user is present at a position where it can be visually recognized, the other user is registered in the group. Therefore, the user who invites other users is guaranteed to be the other user himself / herself to be invited, and the unauthorized registration of other users is suppressed.

  Therefore, in the information processing system 1000 according to the present embodiment, it is possible to improve security when a new user is added.

  In addition, the transmission unit 40B (second transmission unit) of the first terminal device 21 displays display information indicating that the invitation code is being displayed during the period in which the invitation code is displayed on the display unit 41B (display unit 29B). 10 to send. The display determination unit 44E (first determination unit) of the information processing apparatus 10 receives the invitation code being displayed on the first terminal device 21 while receiving the information being displayed from the first terminal device 21. to decide.

  In addition, the second transmission unit 40B (second transmission unit) of the first terminal device 21 terminates the display when the display of the invitation code on the display unit 41B (display unit 29B) is terminated. Information is transmitted to the information processing apparatus 10. The display determination unit 44E (first determination unit) of the information processing device 10 receives the invitation code from the first terminal device 21 until the display end information is received after the invitation code is transmitted to the first terminal device 21. 21 is determined to be displayed.

  The display determination unit 44E (first determination unit) of the information processing apparatus 10 determines that the invitation code is not being displayed when a predetermined time has elapsed since the invitation code was transmitted. Thereby, in addition to the above effects, the information processing system 1000 according to the present embodiment can further improve security when a new user is added.

  The information processing apparatus 10 includes a group determination unit 44F (second determination unit) and an issuing unit 44H. The organization determination unit 44F determines whether or not the user of the first terminal device 21 that is the transmission source of the new addition request information to the group belongs to the organization to which the manager of the group belongs. The issuing unit 44H, when the user of the first terminal device 21 that is the transmission source of the new addition request information to the group belongs to an organization to which the manager of the group belongs, an invitation code for participating in the group Issue. The transmission unit 44B (first transmission unit) transmits the issued invitation code.

  As described above, the information processing apparatus 10 can receive the user's new addition request information for the group from the first terminal device 21 operated by the user belonging to an organization other than the organization of the group manager. , Do not issue invitation codes. Therefore, in addition to the above effects, the information processing system 1000 according to the present embodiment can further improve security when a new user is added.

  The issuance unit 44H of the information processing apparatus 10 has the user of the first terminal device 21 that is the transmission source of the new addition request information to the group belonging to the organization to which the manager of the group belongs, and the new addition request information When the user to be newly added, indicated by, belongs to another organization different from the organization to which the user of the first terminal device 21 belongs, an invitation code for joining the group is issued.

  Thus, the information processing apparatus 10 belongs to a group other than the group of the manager of the group, and the user of the first terminal device 21 that is the transmission source of the new addition request information is the group of the manager. In the case of belonging, an invitation code is issued and transmitted to the first terminal device 21. Thereby, in addition to the above effects, the information processing system 1000 according to the present embodiment can further improve security when a new user is added.

  In addition, the information processing apparatus 10 includes a setting unit 44I. The setting unit 44I registers with the user of the second terminal device 22 that has transmitted the invitation code before the date and time of issuing the invitation code received from the second terminal device 22 among the shared data shared by the group. Set prohibition of viewing shared data.

  For this reason, the user newly added to the group cannot view the shared data registered before the issue date and time of the invitation code used to add the user. Therefore, in addition to the above effects, the information processing system 1000 according to the present embodiment can further improve security when a new user is added.

  In addition, the reception unit 44 </ b> A (second reception unit) of the information processing apparatus 10 receives a user information acquisition request from the first terminal device 21. When receiving a user information acquisition request from the first terminal device 21, the transmission unit 44 </ b> B (first transmission unit) of the information processing apparatus 10 is 1 or 2 belonging to the organization to which the user of the first terminal device 21 belongs. Detailed user information including secret information set as a secret of each of a plurality of users is transmitted to the first terminal device 21. Further, the transmission unit 44B (first transmission unit) is a simple user that does not include secret information of each of one or more users belonging to a group other than the group to which the user of the first terminal device 21 belongs. Information is transmitted to the first terminal device 21.

  Therefore, in addition to the above effects, the information processing system 1000 according to the present embodiment can further improve security when a new user is added.

  In addition, the reception unit 44A (second reception unit) of the information processing device 10 receives the user information acquisition request from the second terminal device 22, and transmits the transmission unit 44B (first transmission unit) of the information processing device 10. When the user information acquisition request is received from the second terminal device 22, the secret information set as the secret of each of one or more users belonging to the organization to which the user of the second terminal device 22 belongs is stored. The detailed user information is transmitted to the second terminal device 22, and the transmission unit 44 </ b> B (first transmission unit) 1 belongs to a group other than the group to which the user of the second terminal device 22 belongs. Alternatively, simple user information that does not include secret information of each of a plurality of users is transmitted to the second terminal device 22.

  Therefore, in addition to the above effects, the information processing system 1000 according to the present embodiment can further improve security when a new user is added.

  Further, the information processing program of the present embodiment receives the new user addition request information for the group from the first terminal device 21 and the first terminal device 21 that is the transmission source of the new user addition request information. Group invitation request information including a step of transmitting an invitation code to the group and a terminal ID (second terminal identification information) for identifying the invitation code and the second terminal device 22 from the second terminal device 22 The second terminal when the invitation code is being displayed on the first terminal device 21 and the step of determining whether the invitation code is being displayed on the first terminal device 21 When receiving the participation request information to the group from the device 22, the user information of the user of the second terminal device 22 identified by the terminal ID (second terminal identification information) included in the participation request information Is an information processing program for executing the steps of registering as a member of the group, to the computer.

  In the above-described embodiment, in the description of the processing flow (sequence diagram and the like), the mode in which data and requests are exchanged without using the external notification server 32 has been described. However, data and requests may be exchanged via the external notification server 32 according to the communication environment or communication status of the terminal device 20.

  In the above-described embodiment, the processing executed by each of the information processing device 10, the terminal device 20, the first terminal device 21, the second terminal device 22, the authentication server 30, and the external notification server 32 is performed. A program to be executed is a file in an installable or executable format, such as a CD-ROM, flexible disk (FD), CD-R, DVD (Digital Versatile Disk), USB (Universal Serial Bus) memory, etc. It may be configured to be provided by being recorded on a recording medium that can be read by the Internet, or may be configured to be provided or distributed via a network such as the Internet. Various programs may be provided by being incorporated in advance in a ROM or the like.

  In addition, although embodiment was described above, the said embodiment is shown as an example and is not intending limiting the range of invention. The above-described novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. The above-described embodiments and modifications are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

DESCRIPTION OF SYMBOLS 10 Information processing apparatus 20 Terminal apparatus 21 1st terminal apparatus 22 2nd terminal apparatus 29B Display part 40A Reception part 40B Transmission part 40C Display control part 41B Display part 44A Reception part 44B Transmission part 44E Display judgment part 44F Group discrimination | determination part 44G Registration unit 44H Issuing unit 44I Setting unit

JP 2013-101694 A

Claims (11)

An information processing system comprising: an information processing device; a first terminal device that communicates with the information processing device; and a second terminal device that communicates with the information processing device,
The information processing apparatus includes:
A first receiving unit for receiving new user addition request information to a group from the first terminal device;
A first transmission unit that transmits an invitation code to the group to the first terminal device that is a transmission source of the new user addition request information;
A second receiving unit for receiving participation request information to the group including the invitation code and second terminal identification information for identifying the second terminal device from the second terminal device;
A first determination unit that determines whether or not the invitation code is being displayed on the first terminal device;
If the invitation code is being displayed on the first terminal device when the participation request information to the group is received from the second terminal device, the second terminal included in the participation request information A registration unit for registering user information of the user of the second terminal device identified by the identification information as a member of the group;
With
The first terminal device in the previous term is
A display unit;
A second transmission unit for transmitting the new user addition request information to the information processing apparatus;
A third receiving unit for receiving the invitation code;
A display control unit for displaying the invitation code on the display unit;
Comprising
Information processing system. The second transmission unit of the first terminal device transmits display information indicating that the invitation code is being displayed to the information processing device for a period during which the invitation code is displayed on the display unit,
The first determination unit of the information processing apparatus determines that the invitation code is being displayed on the first terminal device while receiving the information being displayed from the first terminal device.
The information processing system according to claim 1. The second transmission unit of the first terminal device transmits display end information indicating display end to the information processing device when the display of the invitation code on the display unit is completed,
The first determination unit of the information processing apparatus receives the invitation code from the first terminal apparatus until the first terminal apparatus receives the display end information after the invitation code is transmitted to the first terminal apparatus. Judge that it is being displayed,
The information processing system according to claim 1.   The said 1st judgment part of the said information processing apparatus judges that the said invitation code is not being displayed, when predetermined time passes after transmitting the said invitation code. Information processing system according to item. The information processing apparatus includes:
A second determination unit that determines whether a user of the first terminal device that is a transmission source of the new user addition request information to the group belongs to an organization to which an administrator of the group belongs;
When the user of the first terminal device that is the transmission source of the new user addition request information to the group belongs to an organization to which the manager of the group belongs, the invitation code for participating in the group It has an issuer to issue
The first transmission unit of the information processing device transmits the issued invitation code to the first terminal device.
The information processing system according to any one of claims 1 to 4.   The issuing unit of the information processing apparatus is such that a user of the first terminal device that is a transmission source of the new user addition request information to the group belongs to an organization to which an administrator of the group belongs, and When the user to be newly added indicated by the new user addition request information belongs to another organization different from the organization to which the user of the first terminal device belongs, the invitation code for joining the group is issued The information processing system according to claim 5. The information processing apparatus includes:
For the user of the second terminal device that is the source of the invitation code, registered among the shared data shared by the group before the date and time of issue of the invitation code received from the second terminal device A setting unit configured to set the browsing prohibition of the shared data;
The information processing system according to claim 5 or 6. The second receiving unit of the information processing apparatus is
Receiving a user information acquisition request from the first terminal device;
When the first transmission unit of the information processing device receives the user information acquisition request from the first terminal device,
Detailed user information including secret information set as a secret of each of one or a plurality of users belonging to an organization to which the user of the first terminal device belongs is transmitted to the first terminal device,
Transmitting simple user information not including the secret information of each of one or a plurality of users belonging to an organization other than the organization to which the user of the first terminal device belongs to the first terminal device;
The information processing system according to any one of claims 1 to 7. The second receiving unit of the information processing apparatus is
Receiving a user information acquisition request from the second terminal device;
When the first transmission unit of the information processing device receives the user information acquisition request from the second terminal device,
Detailed user information including secret information set as a secret of each of one or a plurality of users belonging to an organization to which the user of the second terminal device belongs, is transmitted to the second terminal device;
Transmitting simple user information not including the secret information of each of one or a plurality of users belonging to an organization other than the organization to which the user of the second terminal device belongs to the second terminal device;
The information processing system according to any one of claims 1 to 7. A first receiving unit that receives new user addition request information to the group from the first terminal device;
A first transmission unit that transmits an invitation code to the group to the first terminal device that is a transmission source of the new user addition request information;
A second receiving unit for receiving participation request information for the group including second terminal identification information for identifying the invitation code and the second terminal device from a second terminal device;
A first determination unit that determines whether or not the invitation code is being displayed on the first terminal device;
When the invitation code is being displayed on the first terminal device, when the participation request information to the group is received from the second terminal device, the second terminal included in the participation request information A registration unit for registering user information of the user of the second terminal device identified by the identification information as a member of the group;
An information processing apparatus comprising: Receiving new user addition request information to the group from the first terminal device;
Transmitting an invitation code to the group to the first terminal device that is the transmission source of the new user addition request information;
Receiving, from a second terminal device, participation request information for the group, including the invitation code and second terminal identification information for identifying the second terminal device;
Determining whether the invitation code is being displayed on the first terminal device;
When the invitation code is being displayed on the first terminal device, when the participation request information to the group is received from the second terminal device, the second terminal included in the participation request information Registering user information of the user of the second terminal device identified by the identification information as a member of the group;
Processing program for causing a computer to execute.

Images