JP2018181364A - Storage device and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information sharing system, an information apparatus, and a program that are capable of making sharing setting easy and simply sharing information.SOLUTION: An information apparatus communicates with a terminal that has accepted authentication information from a sharing source information apparatus holding sharing object information, receives the authentication information, uses the received authentication information to access the sharing source information apparatus, and sets the sharing object information in a state of being able to acquire it.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an information sharing system, an information device, and a program that share various information.

  Conventionally, a storage device such as a hard disk drive is provided, such as a so-called NAS (Network Attached Storage), etc., and information stored in the storage device or information stored in the storage device is networked according to an instruction received via the network. There is a device to send out via

  As a technique for sharing information stored in a plurality of NASs, for example, Patent Document 1 discloses the use of a so-called Gfarm wide area file system (Non-Patent Document 1).

JP, 2012-160024, A

Osamu Tatebe, Kohei Hiraga, Noriyuki Soda, "Gfarm Grid File System", New Generation Computing, Ohmsha, Ltd. and Springer, Vol. 28, No. 3, pp. 257-275, DOI: 10.1007 / s00354-009-0089 -5, 2010.

  Conventionally, there has been a method of sharing various information as in the above example, but the setting of sharing in the storage device is generally advanced and can not be easily set by the end user.

  The present invention has been made in view of the above situation, and one of its objects is to provide an information sharing system, an information device, and a program that can easily set sharing and easily share information. Do.

  The present invention for solving the problems of the conventional example is an information sharing system including a sharing source information device holding information to be shared, a first terminal, a second terminal, and a sharing destination information device. The first terminal communicates with the sharing source information device to receive authentication information, and the second terminal receives the authentication information from the first terminal, and the sharing destination information device The authentication information is received from the second terminal, and using the received authentication information, the sharing source information device is accessed, and information to be shared is set in a state where acquisition is possible.

  An information device according to an aspect of the present invention communicates with a terminal that accepts authentication information from a sharing source information device that holds information to be shared, and means for receiving the authentication information, and the terminal Means for accessing the sharing source information device using the authentication information received from the server, and setting the information to be shared to a state in which the information can be obtained.

  Furthermore, an information sharing system according to another aspect of the present invention communicates between a first terminal that accepts authentication information from a sharing source information device that holds information to be shared, and the first terminal, A second terminal comprising: means for receiving authentication information; and means for accessing the sharing source information device using the authentication information received from the first terminal and setting the information to be shared in an available state. And when the predetermined condition is satisfied, the first terminal accepts the authentication information and the information to be shared from the sharing source information device, and transmits the authentication information to the second terminal. The information to be shared is transmitted by the communication, and the second terminal accepts the information to be shared from the first terminal.

  Furthermore, a program according to another aspect of the present invention communicates a computer from a sharing source information device holding information to be shared with a terminal that has received the authentication information, and receives the authentication information. It is made to function as a means and means for accessing the sharing source information device using the authentication information received from the terminal and setting the information to be shared in a state where acquisition is possible.

  According to the present invention, setting of sharing becomes easy, and sharing of information can be performed easily.

It is a block diagram showing the example of composition of the information sharing system concerning an embodiment of the invention. It is a functional block diagram showing the example of the storage device concerning an embodiment of the invention. It is a functional block diagram showing the example of the terminal which concerns on embodiment of this invention. It is a flow chart showing an example of a part of operation of an information sharing system concerning an embodiment of the invention. It is a flowchart showing another example of operation of the information sharing system concerning an embodiment of the invention. It is a flowchart showing the other example of a part of operation | movement of the information sharing system which concerns on embodiment of this invention. It is a functional block diagram showing another example of the storage device concerning an embodiment of the invention. It is a functional block diagram showing another example of the terminal concerning an embodiment of the invention.

  Embodiments of the present invention will be described with reference to the drawings. The information sharing system according to the embodiment of the present invention, as illustrated in FIG. 1, is configured to include a plurality of storage devices 10a, 10b, and at least one terminal 20a, 20b.

  Each storage device 10 corresponds to the information device of the present invention, and includes a control unit 11, a storage unit 12, and a communication unit 13. Each terminal 20 is basically configured to include a control unit 21, a storage unit 22, an operation unit 23, a display unit 24, and a communication unit 25. Each storage device 10 is generally connected to different local area networks (LANs), and each LAN is connected to the Internet through a router R, respectively. That is, each storage device 10 can access a server on the Internet, and depending on the setting of the router R, the storage devices 10 can communicate with each other via the Internet. In the present embodiment, it is assumed that a dynamic DNS (Domain Name Service) server 50, a cloud server 60, and the like are connected on the Internet.

  The control unit 11 of the storage device 10 is a program control device such as a CPU, and operates according to a program stored in the storage unit 12. In the present embodiment, control unit 11 of storage device 10 stores information in storage unit 12 in accordance with an instruction input via communication unit 13, and reads out information stored in storage unit 12 for communication. It operates as a general NAS, such as sending it to an external device via the unit 13.

  Furthermore, in the present embodiment, unique identification information is set in advance in each storage device 10. Then, the control unit 11 repeatedly sends the identification information to the dynamic DNS server 50 at predetermined timings.

  Further, in an example of the present embodiment, when communication unit 13 performs short distance communication with terminal 20, control unit 11 issues authentication information, and for terminal 20 performing short distance communication. Transmit the issued authentication information. Further, when the control unit 11 receives authentication information issued by another storage device 10 from the terminal 20, the control unit 11 accesses the storage device 10 that has issued the authentication information using the received authentication information, and sets sharing. In an example of the present embodiment, the control unit 11 may operate as a VPN (Virtual Private Network) server or a VPN client. The contents of the detailed processing of the control unit 11 will be described later.

  The storage unit 12 includes a memory unit 12a that holds a program executed by the control unit 11, and a disk drive 12b that holds information stored or read according to an instruction from an external device. Here, the disk drive 12 b may be, for example, a hard disk drive or a disk device such as a solid state drive (SSD). The program stored in the memory unit 12 a is stored and provided in a computer-readable storage medium such as a DVD-ROM or the like, and holds information persistently, and is stored in the memory unit 12 a of the storage unit 12. May be Also, this program may be provided via communication means such as a network and may be stored in the memory unit 12a. Furthermore, in the present embodiment, the memory unit 12 a of the storage unit 12 also operates as a work memory of the control unit 11.

  The communication unit 13 according to an example of the present embodiment includes a first communication unit 131 such as a network interface, and a second communication unit 132 that performs near field communication such as NFC (Near Field Communication) or Bluetooth (registered trademark). It comprises. The communication unit 13 outputs an instruction and information received from an external device to the control unit 11. Further, the communication unit 13 outputs information related to the instruction to an external device via the first communication unit 131 or the second communication unit 132 in accordance with the instruction input from the control unit 11.

  The terminal 20 is, for example, a mobile phone or the like. The control unit 21 is configured by a program control device such as a CPU, and operates according to a program stored in the storage unit 22. In the present embodiment, the control unit 21 executes a process for realizing a general function as the terminal 20. For example, if the terminal 20 is a mobile phone, the control unit 21 executes calling of voice communication via an mobile communication network, processing of an incoming call, and the like. Further, in the present embodiment, the control unit 21 performs near field communication with the storage device 10 that should be the information sharing source to receive the authentication information. The control unit 21 also receives authentication information from another terminal 20 and causes the storage unit 22 to hold the received authentication information. Further, the control unit 21 sends out the held authentication information to the storage device 10 which is the information sharing destination. The detailed operation of the control unit 21 will be described later.

  The storage unit 22 holds a program executed by the control unit 12. This program may be stored and provided in a computer-readable storage medium such as a DVD-ROM and persistently hold information, and may be stored in the storage unit 22. Also, this program may be provided via communication means such as a network and may be stored in the storage unit 22. Furthermore, in the present embodiment, the storage unit 22 also operates as a work memory of the control unit 21.

  The operation unit 23 is a numeric keypad, a touch panel, or the like, receives an operation of the user, and outputs information representing the content of the operation to the control unit 21. The display unit 24 is, for example, a display, and displays and outputs information in accordance with an instruction input from the control unit 21.

  The communication unit 25 includes a first communication unit 251, which is a network interface (for example, a wireless LAN interface), and a second communication unit 252, which performs near field communication such as NFC or Bluetooth. If the terminal 20 is a mobile phone, the communication unit 25 may further include a module for performing communication with a base station on the mobile phone network.

  When the dynamic DNS server 50 receives the identification information from the storage device 10 via the Internet, it refers to the network address of the reception source (generally, the address on the WAN (Wide Area Network) side of the router R), and the identification information And the network address obtained by the reference in association with each other.

  Here, the operation of the control unit 11 of the storage device 10 will be described. The control unit 11 functionally includes an information sharing module 30 as illustrated in FIG. 2A. The information sharing module 30 includes an authentication information providing unit 31, an authentication information receiving unit 32, an authentication unit 33, a sharing setting unit 34, and an information sharing unit 35. In an example of the present embodiment, the storage devices 10 share information using a VPN.

  When the terminal 20 issues a request for issuing authentication information, the authentication information provider 31 issues authentication information in response to the request. Further, the authentication information providing unit 31 sends the issued authentication information to the request source terminal 20 by near field communication. Further, the authentication information providing unit 31 stores and holds the issued authentication information in the storage unit 12. As a specific example, the authentication information issued by the authentication information provider 31 may be a random number.

  In addition, when the storage devices 10 share information using the VPN, the authentication information provider 31 authenticates authentication information (account information (user name and password) for VPN connection, and if necessary, in advance. Hereinafter, VPN authentication information (such as a shared key) will be read out from the contents of settings made in advance and sent out. Specifically, the authentication information providing unit 31 sends out the VPN authentication information and the identification information of the storage device 10 (the dynamic DNS server 50 together with the issued authentication information to the terminal 20 by short distance communication. And the same.

  The authentication information receiving unit 32 performs near field communication with the terminal 20 which receives and holds authentication information from another storage device 10, and receives information including the authentication information. Specifically, the authentication information acceptance unit 32 accepts the authentication information received from the terminal 20 by near field communication, the VPN authentication information, and the identification information of another storage device 10. Also, the authentication information acceptance unit 32 accepts authentication information received from another storage device 10 via a network (VPN in this example). The authentication information acceptance unit 32 outputs the authentication information received from the terminal 20 by short distance communication to the sharing setting unit 34 together with the VPN authentication information and the identification information. Further, the authentication information acceptance unit 32 outputs the authentication information received from another storage device 10 (or the terminal 20) via the network to the authentication unit 33.

  The authentication unit 33 checks whether the authentication information accepted by the authentication information acceptance unit 32 is stored in the storage unit 12 as the authentication information issued by itself. Then, if the same authentication information as the accepted authentication information is stored in the storage unit 12 as the authentication information issued by the user in the past, the other source that has sent the authentication information to the sharing setting unit 34 It instructs to set sharing with the storage device 10. At this time, the authentication information stored in the storage unit 12 may be set to be unusable, for example, by discarding the authentication information. If the same authentication information as the accepted authentication information is not stored in the storage unit 12 as the authentication information issued by the user in the past, the process ends without setting sharing.

  The sharing setting unit 34 uses the authentication information received from the terminal 20 to access another storage device 10 that is the sharing source information device, and sets the information to be shared in a state where acquisition is possible. Specifically, when the sharing setting unit 34 receives the authentication information, the VPN authentication information, and the identification information of another storage device 10 from the authentication information receiving unit 32, the network address stored in association with the identification information. Request the dynamic DNS server 50 on the Internet to provide the

  In response to this request, the sharing setting unit 34 receives the network address transmitted by the dynamic DNS server 50 and tries to connect to the network address by VPN. At this time, authentication using the input VPN authentication information is performed. When the connection by the VPN is successful, the sharing setting unit 34 sends authentication information to the other storage device 10 (the storage device serving as the sharing source) that is the connection destination. Although here, the storage device 10 attempting to make a connection by VPN receives all the information necessary for VPN connection as the VPN authentication information via the terminal 20, but the present embodiment is not limited to this, for example, A widely known method using Universal Plug and Play (UPnP) technology may be employed. In this case, the VPN authentication information may be part of the information necessary for the VPN connection, and in some cases, the VPN authentication information may be absent. Additionally, other widely known techniques such as UDP hole punching may be used to enable communication between storage devices 10.

  Further, when the sharing setting unit 34 accepts information from the other storage device 10 (the storage device serving as the sharing source) to which the authentication is successful, the sharing setting unit 34 performs at least a part of the other storage device 10 Mount as part of a managed file system. In this process, widely known techniques such as FUSE (Filesystem in Userspace) can be used. In addition, when the sharing setting unit 34 (of the control unit 11 on the sharing source side) receives an instruction to set a request from the authentication unit 33, the other storage device 10 (the storage device of the sharing destination) connected by VPN Sends information indicating that the authentication has been completed.

  The information sharing unit 35 accepts an instruction such as reading or writing of information via the network. In the present embodiment, upon receiving an instruction to provide a list of information stored in the disk drive 12b, the information sharing unit 35 lists the information stored in the disk drive 12b of its own storage unit 12. At the same time, a list of information stored in the disk drive 12b of the storage unit 12 of another mounted storage device 10 is output. Also, upon receiving an instruction to read out the information stored in the storage unit 12 of the other mounted storage device 10, the information sharing unit 35 stores the information in the storage unit 12 of the other mounted storage device 10 according to the instruction. Obtain and output information via the network.

  Here, a VPN is used to connect to the storage device 10 holding the information to be shared using the VPN, and while maintaining the connection thereafter, the user is given a list of the information to be shared as needed. It was decided to obtain and provide information to be provided to the This method is suitable, for example, when information to be shared is a file stored in a predetermined directory, and files in the directory are appropriately changed. However, the present embodiment is not limited to this.

  That is, in an example according to the present embodiment, the information sharing unit 35 of the storage device 10 connected to the storage device 10 holding the information to be shared (that is, the sharing destination) connected by the VPN is The target information may be acquired regardless of the user's instruction and stored in its own disk drive 12b. In this case, the information to be shared is copied to the storage device 10 of the sharing destination. In this example, the VPN connection may be disconnected after the copying process is completed.

  Next, the operation of the control unit 21 of the terminal 20 will be described. In the present embodiment, the terminal 20 operates as a control unit of a general mobile phone and operates as follows. The control unit 21 according to the present embodiment functionally includes an authentication information request unit 41, an authentication information exchange unit 42, and an authentication information provision unit 43, as illustrated in FIG.

  The authentication information request unit 41 performs near field communication with the storage device 10 according to the operation of the user, and requests authentication information. Further, upon receiving the information including the authentication information from the storage device 10 in response to the request, the authentication information request unit 41 stores and holds the received information in the storage unit 22.

  The authentication information exchange unit 42 transmits information (received from the storage device 10) including the authentication information stored in the storage unit 22 to the other terminal 20 by near field communication according to the instruction operation of the user. Do. When the authentication information exchange unit 42 accepts information including authentication information (issued by the storage device 10) from another terminal 20 by near field communication, the authentication information exchange unit 42 stores and holds the information in the storage unit 22. .

  The authentication information providing unit 43 communicates with the storage device 10 according to the user's instruction operation, and stores information stored in the storage unit 22 including authentication information (issued by another storage device 10). Send out In one example of the present embodiment, the authentication information providing unit 43 performs near field communication with the storage device 10 according to the user's instruction operation, and sends out the information stored in the storage unit 22 including the authentication information. However, the present embodiment is not limited to this, and the authentication information providing unit 43 may use a communication method other than near field communication, for example, various communication methods such as a method performed via a wireless LAN, and the like. May be sent out. Below, the case where near field communication is performed is demonstrated as an example.

  The information sharing system according to an example of the present embodiment has the above configuration and operates as follows. The following example shows an example in which information is shared between a pair of storage devices 10a and 10b. The storage device 10a is connected to the LANa, and the storage device 10b is connected to the LANb. Each LAN is provided with routers Ra and Rb, respectively, and is connected to the Internet.

  Furthermore, each storage device 10a, b periodically and repeatedly sends its own identification information to the dynamic DNS server 50 on the Internet via the router Ra or Rb. As a result, the dynamic DNS server 50 obtains the WAN side network address of the router Ra or Rb (that is, the transmission destination at the time of transmitting information to each storage device 10a, b), and for each identification information The obtained network address is associated and stored.

  The owner of the terminal 20a approaches the storage device 10a and brings the terminal 20a close to the storage device 10a to such an extent that the second communication unit 132 of the storage device 10a and the terminal 20a can perform near field communication. . Then, the terminal 20a and the storage device 10a operate as illustrated in FIG. That is, the terminal 20a checks whether the authentication information is held in the storage unit 22. If the terminal 20a does not hold the authentication information, the terminal 20a requests the storage device 10a for the authentication information (S1). Also, the user may explicitly instruct the storage device 10a to request authentication information. In this case, the terminal 20a requests the storage device 10a for authentication information when instructed by the user.

  The storage device 10a issues authentication information in response to a request from the terminal 20a (S2), and issues the authentication information issued to the request source terminal 20a by near field communication, VPN authentication information, Information including the identification information of the storage device 10a (the same as that sent to the dynamic DNS server 50) is sent out (S3). Further, the storage device 10a stores and holds the issued authentication information in the storage unit 12 (S4). The terminal 20a stores the information received from the storage device 10a (S5).

  Next, the holder of the terminal 20a approaches the holder of the terminal 20b (a person who can approach the storage device 10b, specifically, a holder of the storage device 10b), and sends out the authentication information to the terminal 20a. To direct. In addition, the owner of the terminal 20b is made to operate the terminal 20b to receive the authentication information. And the owner of each terminal 20 brings the terminal 20a and the terminal 20b close to each other to such an extent that short distance communication is possible.

  Then, the terminal 20a sends out information (received from the storage device 10a) including the authentication information stored in the storage unit 22 to the other terminal 20b by near field communication. Then, the terminal 20b accepts information including authentication information (issued by the storage device 10a) from the other terminal 20a by short distance communication, and stores the information. Here, passing of the authentication information between the terminals 20a and 20b is short distance communication, but the present embodiment is not limited to this, and communication of other methods, for example, via a wireless LAN, etc. The authentication information may be delivered by communication or a method of displaying a code image (bar code or the like) representing the authentication information on the terminal 20a side, photographing it on the terminal 20b and decoding it, or the like. Absent. Below, the case where near field communication is performed is demonstrated as an example.

  Next, the terminal 20b is moved to the storage device 10b to such an extent that the owner of the terminal 20b approaches the storage device 10b and the second communication unit 132 of the storage device 10b and the terminal 20b can perform short distance communication. Close to Then, the terminal 20b, the storage device 10b, and the storage device 10a operate as illustrated in FIG. Here, although communication between the terminal 20b and the storage device 10b is based on near field communication, the present embodiment is not limited to this, and communication of other systems, for example, wireless LAN etc. Other communication methods such as communication via media may be used. In the case of no short distance communication, the terminal 20b need not necessarily be in proximity to the storage device 10b. When a wireless LAN is used as an example, the storage device 10b may operate as a web server and communicate with the terminal 20b using HTTP (Hyper Text Transfer Protocol) to acquire information. Below, the case where near field communication is performed is demonstrated as an example.

  That is, the terminal 20b checks whether or not the storage unit 22 of its own holds authentication information. Here, since the authentication information is held, the authentication information is sent to the storage device 10b (S11). Here, the user may explicitly instruct to send the authentication information to the storage device 10b. In this case, the terminal 20b sends authentication information to the storage device 10b when instructed by the user.

  In an example of the present embodiment, the storage device 10b performs near field communication with the terminal 20b that has received the authentication information issued by another storage device 10a that is the sharing source information device that holds the information to be shared. And accept the information including the authentication information. Here, the storage device 10b receives, from the terminal 20b, the authentication information issued by the storage device 10a, the VPN authentication information for performing the VPN connection with the storage device 10a, and the identification information of the storage device 10a.

  The storage device 10b requests the dynamic DNS server 50 on the Internet to provide the stored network address in association with the identification information received from the terminal 20b, and the storage device 10b responds to the request. Then, the network address transmitted by the dynamic DNS server 50 is acquired (S12). Then, the storage device 10b attempts connection to the network address (storage device 10a) by VPN (S13). At this time, authentication using the input VPN authentication information is performed. When the connection by the VPN is successful, the storage device 10b sends the authentication information accepted from the terminal 20b to the other party (S14).

  The storage device 10a receives the authentication information from the storage device 10b via the connected VPN, and determines whether the received authentication information is stored in the storage unit 12 as the authentication information issued by itself in the past. Examine (S15). Here, if it is not stored in the storage unit 12 as the authentication information issued by the user in the past (if it is No), the process is ended without setting the sharing.

  If the same authentication information as the accepted authentication information is stored in the storage unit 12 as the authentication information issued by the user in the past (if Yes), information indicating that the authentication is successful is sent to the storage device 10b. To do (S16).

  The storage device 10b receives information from the connected storage device 10a (the storage device serving as the sharing source) indicating that authentication has succeeded, and manages at least a part of the disk drive 12b of the storage device 10a. Mount as part of the file system (S17).

  The storage device 10b outputs a list including not only the information in its own disk drive 12b but also the information in the disk drive 12b of the mounted storage device 10a in response to the request for the list of information. Further, in response to an instruction to read information in the disk drive 12b of the storage device 10a, the information is read from the disk drive 12b of the storage device 10a and output.

  If the UPnP failure response is received in process S13, or if the information transmission from the storage device 10a of the sharing source fails after the port is opened by UPnP, or if the VPN session failure response is received, During the processing, when there is no response for a predetermined time or more (in the case of a so-called timeout) or the like, the storage device 10b ends the processing as having failed in the VPN connection. At this time, VPN connection may be tried again later. As described above, when the VPN connection fails, the storage device 10b may notify that effect to the possessor of the terminal 20b, and may instruct the terminal 20b to transmit authentication information and the like again. When the owner of the terminal 20b operates the terminal 20b again to perform communication with the storage device 10b and sends out authentication information etc., the storage device 10b uses the received information to execute the processing of the process S12 and the subsequent steps. Run again. In this case, the storage device 10b may receive authentication information and the like from the terminal 20b by communication of a method different from that of the previous communication. For example, if the previous communication uses HTTP, when the authentication information etc. is accepted again after VPN connection failure, the acceptance by HTTP is not performed, for example, the authentication information is accepted only by other communication method such as proximity communication. May be

  At this time, the storage device 10a may also mount at least a part of the disk drive 12b of the storage device 10b to which it is connected as a part of its own file system.

  The access right of the information is settable on the mounted storage device 10 according to the mounted account information. By the setting of the access right, setting can be made as a target of sharing only for a part of the disk drive 12 b of each storage device 10. Such setting can be realized by a widely known technology, such as, for example, the storage device 10 provides a setting web page and accepts the setting on the web page. In addition, about such a web page, you may go from the inside of a facility (home, a company, etc.) which distributed the storage device 10 via a wireless or wired network, or it is possible to do from outside of the house. Such techniques are also widely known, so the detailed description is omitted here.

  Furthermore, in another operation example of the present embodiment, the owner of the terminal 20a may bring the terminal 20a close to the storage device 10b, and the terminal 20a may transmit authentication information to the storage device 10b. In this example, the terminal 20b is not necessarily required.

  Further, in the above-described operation example of the present embodiment, information in the storage device 10a is shared via the storage device 10b, but the present embodiment is not limited to this example. That is, the terminal 20b that has received the authentication information from the terminal 20a may directly access the storage device 10a. In this case, the terminal 20b requests the dynamic DNS server 50 on the Internet to provide the network address stored in association with the identification information received from the terminal 20a. Then, in response to this request, the terminal 20b receives the network address transmitted by the dynamic DNS server 50, and tries to connect to the network address (storage device 10a) by VPN. At this time, authentication using the input VPN authentication information is performed. When the connection by the VPN is successful, the terminal 20b sends out the authentication information accepted from the terminal 20a to the other party.

  The storage device 10a receives the authentication information from the terminal 20b via the connected VPN, and checks whether the received authentication information is stored in the storage unit 12 as the authentication information issued by itself in the past. . Here, if it is not stored in the storage unit 12 as the authentication information issued by the user in the past, the process ends without setting the sharing.

  Further, if the same authentication information as the accepted authentication information is stored in the storage unit 12 as the authentication information issued by the user in the past, the information indicating that the authentication is successful is sent to the terminal 20b.

  When the terminal 20b accepts the information indicating that the authentication is successful from the storage device 10a (the storage device serving as the sharing source) which is the connection destination, the terminal 20b then provides the information list to the storage device 10a according to the instruction of the user. It performs an operation to request and an operation to request reading of specified information.

  The storage device 10 a outputs a list of information in its own disk drive 12 b (in the case where the target of sharing is limited, the list of the limited information may be sufficient) in response to the request for the list of information. Further, in response to the request for reading information in the disk drive 12b from the terminal 20b, the storage device 10a reads the information instructed from the disk drive 12b and outputs it to the request source terminal 20b.

  Furthermore, in the above-described example, the terminal 20b also obtains information including authentication information (which may further include VPN authentication information and the like for connection of VPN) from the storage device 10b by near field communication, and stores from the terminal 20a When the authentication information or the like of the device 10a is received, information including the authentication information received from the storage device 10b may be transmitted to the terminal 20a.

  In this case, the storage device 10a can also receive the authentication information of the storage device 10b from the terminal 20a. That is, when the owner of the terminal 20a brings the terminal 20a close to the storage device 10a, if there is authentication information etc. received from the terminal 20b by the terminal 20a, the terminal 20a sends the authentication information etc. to the storage device 10a. Is sent by short distance communication. In this example, the storage device 10a attempts to make a VPN connection to the storage device 10b.

  Generally, even if the connection from one side to the other side can not be made, the connection from the other side to the one side may be possible in general. The possibility of success in setting is improved.

Further, when attempting to make a VPN connection from both sides in this way, the authentication information held by each of the storage devices 10 connected by VPN is transmitted to the other party. When the authentication information received from another storage device 10 is stored in the storage unit 12 as the authentication information issued by the storage device 10, the storage device 10 may be made unusable by deleting the authentication information.
At the same time, if there is a conflict by trying VPN connection from both sides, check whether the storage device 10 attempting VPN connection receives packets from other storage devices 10 trying VPN connection. The VPN connection attempt may be initiated when not receiving. In addition, when both sides start trial of VPN connection all at once, when competition occurs, the trial of VPN connection is interrupted at both sides, and only the random time generated in each storage device 10 according to a predetermined method After waiting, the VPN connection attempt may be started again.

[Example using cloud server]
In another example of the embodiment of the present invention, a cloud server 60 located on the Internet may be used. The operation of the control unit 11 of the storage device 10 when using the cloud server 60 will be described. The control unit 11 in this example functionally includes an information sharing module 30 'as illustrated in FIG. 2 (b). The information sharing module 30 'includes an authentication information providing unit 31, an authentication information receiving unit 32, a sharing setting unit 34', and an information sharing unit 35 '. The same components as those described above are denoted by the same reference numerals, and the description thereof will not be repeated.

  In the present embodiment, it is assumed that an account corresponding to the storage device 10 is set in advance in the cloud server 60, and the information received (uploaded) from a certain storage device 10 is an account corresponding to the storage device 10. Associate with and hold. As the cloud server 60, widely known services such as Drop Box (registered trademark) and Evernote (registered trademark) can be used.

  In this example, sharing of information using the VPN is not essential, and therefore the authentication information provider 31 of the storage device 10a that is the sharing source does not necessarily need to send out the VPN authentication information or the identification information of the storage device 10a itself. . On the other hand, in this example, account information of the cloud server 60 (hereinafter referred to as account information) may be required to access the information uploaded from the storage device 10a that holds the sharing source information. In this case, the account information may be preset and stored at the information sharing destination.

  When VPN authentication information or identification information is not sent to the terminal 20, the authentication information acceptance unit 32 of the storage device 10b of the sharing destination accepts the authentication information from the terminal 20, but the VPN authentication information or identification information is It will not be accepted.

  On the other hand, in the storage device 10a of the sharing source, when the authentication information providing unit 31 issues the authentication information, the sharing setting unit 34 'encrypts the information specified as the sharing target using the authentication information as a key. In this example, the same authentication information is used for encryption in a method that allows decryption. The sharing setting unit 34 ′ of the sharing source storage device 10 a then uploads the encrypted information to the cloud server 60.

  The authentication information acceptance unit 32 of the storage device 10b of the sharing destination of this example outputs the authentication information received from the terminal 20 by near field communication to the sharing setting unit 34 '. Further, when receiving the authentication information from the terminal 20, the sharing setting unit 34 'of the storage device 10b of the sharing destination stores the authentication information in the storage unit 12 and holds it.

  The information sharing unit 35 'of the storage device 10b of the sharing destination uses the authentication information accepted by the authentication information accepting unit 32 and held by the sharing setting unit 34' in the storage unit 12, and account information set in advance. The cloud server 60 specified in advance is accessed. Specifically, the information sharing unit 35 'of the storage device 10b of the sharing destination accepts an instruction such as reading or writing of information via the network. In this example of the present embodiment, the information sharing unit 35 'of the storage device 10b of the sharing destination receives an instruction to provide a list of information stored in the disk drive 12b. Along with the list of information stored in the disk drive 12 b, the list of information uploaded to the cloud server 60 by the other storage device 10 a that is the sharing source information device is output.

  When another storage device 10a, which is the sharing source information device, accepts from the user an instruction to read out the information uploaded to the cloud server 60, the information sharing unit 35 'of the storage device 10b of the sharing destination follows the instruction. 60 to obtain the information held in association with the account information stored in the storage unit 12, decrypt the information with the authentication information stored in the storage unit 12, and output it. In the above description, when the information to be shared includes a plurality of files, in the storage device 10 of the sharing source, the plurality of files are archived in a so-called ZIP or the like, and then encrypted by the authentication information. You may In this case, the storage device 10 of the sharing destination decrypts the authentication information and takes out the archive, and takes out each file from the archive to obtain the information targeted for sharing.

  The system of this example of this embodiment operates as follows. That is, the owner of the terminal 20a approaches the storage device 10a, and the terminal 20a approaches the storage device 10a, and the second communication unit 132 of the storage device 10a and the terminal 20a can be close proximity to each other. Let Then, the terminal 20a and the storage device 10a operate as illustrated in FIG. That is, when the terminal 20a requests authentication information from the storage device 10a (S21), the storage device 10a responds to the request from the terminal 20a and issues authentication information (S22).

  Then, the storage device 10a transmits the information including the issued authentication information and the account information of the cloud server 60 to the request source terminal 20a by near field communication (S23). Further, the storage device 10a encrypts the information to be shared stored in the storage unit 12 using the issued authentication information and uploads it to the cloud server 60 (S24). The terminal 20a stores the information received from the storage device 10a (S25).

  Next, the holder of the terminal 20a approaches the holder of the terminal 20b (a person who can approach the storage device 10b, specifically, a holder of the storage device 10b), and sends out the authentication information to the terminal 20a. To direct. In addition, the owner of the terminal 20b is made to operate the terminal 20b to receive the authentication information. And the owner of each terminal 20 brings the terminal 20a and the terminal 20b close to each other to such an extent that short distance communication is possible.

  Then, the terminal 20a sends out information (received from the storage device 10a) including the authentication information stored in the storage unit 22 to the other terminal 20b by near field communication. Then, the terminal 20b accepts information including authentication information (issued by the storage device 10a) from the other terminal 20a by near field communication, and stores the information in its own storage unit 22.

  Next, the terminal 20b is moved to the storage device 10b to such an extent that the owner of the terminal 20b approaches the storage device 10b and the second communication unit 132 of the storage device 10b and the terminal 20b can perform short distance communication. Close to Then, the terminal 20b, the storage device 10b, and the storage device 10a operate as follows.

  That is, the terminal 20b sends the authentication information held in the storage unit 22 to the storage device 10b. The storage device 10b performs near field communication with the terminal 20b that has received the authentication information issued by another storage device 10a that is the sharing source information device that holds the information to be shared, and the authentication information and account information And stores the information in the storage unit 12.

  Thereafter, when the storage device 10b accepts a request for a list of information from the terminal 20b or the like via the network, the storage device 10b accesses the cloud server 60 and associates the list of information held in association with the account information stored in the storage unit 12 read out. Then, together with the list of information in the own disk drive 12b, the read list is output to the request source of the list.

  The storage device 10b accesses the cloud server 60 when it receives an instruction from the terminal 20b or the like to the cloud server 60 to read out the information stored in association with the account information of the storage device 10a via the network. The information stored in association with the account information stored in the storage unit 12 is acquired, the acquired information is decrypted by the authentication information stored in the storage unit 12, and the information to be shared that is the result of the decryption is , And output to the terminal 20b or the like that has given the instruction.

  Furthermore, also in this example of the present embodiment, the terminal 20b that has received the authentication information from the terminal 20a may directly access the cloud server 60. In this case, the terminal 20b accesses the cloud server 60 according to the instruction of the user, reads out the list of information held in association with the account information received from the terminal 20a, and displays and outputs the list.

  Further, this terminal 20b receives an instruction from the user to the cloud server 60 to acquire the information uploaded from the sharing source, accesses the cloud server 60, and associates it with the account information accepted from the terminal 20a. The stored information is acquired, the acquired information is decoded by the authentication information received from the terminal 20a, and the information to be shared, which is the result of the decoding, is subjected to a predetermined process such as display output.

  When the terminal 20b for accessing the information to be shared and the storage device 10b access the cloud server 60, account information (information for signing in to the cloud server 60) is set in advance. ) May be used.

[Example of selective operation]
Furthermore, in the present embodiment, the control unit 11 sets the processing as the information sharing module 30 shown in FIG. 2A and the processing as the information sharing module 30 ′ shown in FIG. It may be switched based on and executed. As one example, the switching condition may be based on the size of information to be shared. For example, when the size of the information to be shared exceeds a predetermined threshold value, the processing as the information sharing module 30 shown in FIG. 2A is executed, otherwise it is shown in FIG. 2B The processing as the information sharing module 30 'may be executed.

[Example of sending sharing target directly]
Further, in the present embodiment, the storage device 10 holding the information to be shared (the storage device 10 at the sharing source) is the information to be shared by the terminal 20 which is close enough to enable near field communication. It may be sent out.

  The control unit 11 of the storage device 10 according to this example functionally includes an information sharing module 30 ′ ′ as illustrated in FIG. 7. The information sharing module 30 ′ ′ includes an authentication information providing unit 31 ′, The authentication information receiving unit 32, the authentication unit 33, the sharing setting unit 34 ′ ′, the information sharing unit 35 ′ ′, and the determination unit 36 are configured. The same reference numerals are given to components having the same configuration as that described above, and the detailed description will be omitted.

  The determination unit 36 of the storage device 10 at the sharing source is specified in advance as information to be shared (from among information stored in the disk drive 12b, in accordance with the determination instruction input from the authentication information providing unit 31 '. It is determined whether or not it satisfies the predetermined conditions. For example, the determination unit 36 checks whether the size of the information to be shared falls below a predetermined threshold value. If the determination unit 36 of the storage device 10 at the sharing source determines that this condition (for example, the condition that the size of the information to be shared falls below a predetermined threshold) is satisfied, The above information is output to the authentication information providing unit 31 ′ and sent to the terminal 20.

  In addition, when the determination unit 36 of the storage device 10 of the sharing source determines that the information to be shared does not satisfy the predetermined condition, the determination unit 36 shares the authentication information providing unit 31 ′. It is instructed to output authentication information without outputting the target information itself. When the target of sharing is not all the information stored in the disk drive 12b, the determining unit 36 of the storage device 10 of the sharing source identifies target information for specifying the information designated as the target of sharing (path The name etc. may be output together with the authentication information.

  When issuance of authentication information is requested from the terminal 20, the authentication information provider 31 'of the storage device 10 of the sharing source outputs an instruction of judgment to the judgment unit 36. Further, when the determination unit 36 outputs the information to be shared, the authentication information provider 31 ′ of the storage device 10 of the sharing source issues the authentication information, and issues the authentication information to the request source terminal 20. The authentication information and the information to be shared output from the determination unit 36 are transmitted by near field communication or the like. Further, the authentication information provider 31 ′ of the storage device 10 of the sharing source stores and holds the issued authentication information in the storage unit 12. Furthermore, when the storage devices 10 share information using the VPN, the authentication information providing unit 31 'of the storage device 10 of the sharing source stores the VPN authentication information for VPN connection and the storage device 10 of the sharing source itself. The identification information (the same as that sent to the dynamic DNS server 50) is read out from the contents of the setting made in advance, and sent out to the terminal 20 by near field communication or the like.

  On the other hand, when the determination unit 36 of the storage device 10 at the sharing source does not output the information to be shared itself but instructs to output the authentication information (and the target identification information), the authentication of the storage device 10 at the sharing source The information providing unit 31 'issues authentication information, and sends the issued authentication information to the request source terminal 20 by near field communication or the like. Further, the authentication information provider 31 'stores and holds the issued authentication information in the storage unit 12. Furthermore, when the storage devices 10 share information by using the VPN, the authentication information provider 31 ′ may use VPN authentication information for VPN connection and identification information of the storage device 10 of the sharing source itself (dynamic The same as the one to be sent to the DNS server 50 is read out from the contents of the setting made in advance, and is sent to the terminal 20 by near field communication or the like.

  In this example, when the authentication information acceptance unit 32 accepts the authentication information from the other storage device 10 (the storage device 10 at the sharing destination), the authentication unit 33 of the storage device 10 at the sharing source is an authentication issued by itself in the past. It is checked whether the same authentication information as the accepted authentication information is stored in its own storage unit 12 as information. Then, if the same authentication information as the accepted authentication information is stored in the storage unit 12 as the authentication information issued by the user in the past, the transmission source of the authentication information to the sharing setting unit 34 ′ ′ In addition, at this time, it may be set to be unusable, for example, to discard the authentication information stored in the storage unit 12. If the same authentication information as the received authentication information is not stored in the storage unit 12 as the authentication information issued by the user in the past, the authentication unit 33 of the storage device 10 of the sharing source performs processing without setting sharing. Finish.

  Further, in this example, the authentication information acceptance unit 32 of the storage device 10 of the sharing destination stores the authentication information received from the terminal 20 through near field communication etc. If it is received from the terminal 20, it will be output together.

  The operations of the sharing setting unit 34 ′ ′ and the information sharing unit 35 ′ ′ of the storage device 10 of the sharing destination are the same as the sharing setting unit 34 or sharing setting unit 34 ′ and the information sharing unit 35 or information sharing unit 35 ′ described above. It becomes.

  The control unit 21 of the terminal 20 includes an information request unit 46, an information exchange unit 47, an authentication information provision unit 43, and an information processing unit 48, as illustrated in FIG.

  The information request unit 46 performs communication (such as near field communication) with the storage device 10 according to the user's operation, and requests authentication information. When the information request unit 46 receives the information including the authentication information from the storage device 10 in response to the request, the information request unit 46 stores and holds the received information in the storage unit 22. The information held here may include the information itself to be shared.

  The information exchange unit 47 transmits information (received from the storage device 10) including the authentication information stored in the storage unit 22 to the other terminal 20 by near field communication or the like according to the instruction operation of the user. Further, when the information exchange unit 47 accepts the information including the authentication information (the one issued by the storage device 10) from another terminal 20 by near field communication or the like, the information exchange unit 47 stores and holds the information in the storage unit 22.

  The authentication information provider 43 performs communication (such as near field communication) with the storage device 10 according to the user's instruction operation, and the authentication information (issued by another storage device 10) stored in the storage unit 22 Send out information that contains the

  The information processing unit 48 displays and outputs the information according to the user's instruction if the information itself which is the target of sharing is included in the information received by the information exchange unit 47 from the other terminal 20. , Etc., subjected to predetermined processing.

  An information sharing system according to another example of the present embodiment has the above configuration and operates as follows. The following example basically shows an example of sharing information between a pair of storage devices 10a and 10b. This example has the same configuration as that described above, but as one of the information sharing methods, an operation is added in the case where the information set as the sharing target satisfies a predetermined condition. The point is different.

  The user sets in advance, in the storage device 10a storing the information to be shared, which information is the information to be shared among the information stored in the disk drive 12b. Specifically, from a PC or the like connected to the storage device 10a via a wired or wireless LAN, an operation to specify information to be shared for the storage device 10a is performed, and the storage device 10a is selected. Generates and holds target specifying information representing the specified information. In another example, an operation may be performed on the storage device 10a to specify information to be shared from the terminal 20 (for example, the terminal 20a) via the Internet. Also in this case, the storage device 10a generates and holds target specifying information representing the specified information. Here, the owner of the terminal 20a approaches, for example, the storage device 10a, and the terminal 20a can communicate with the storage device 10a, and the second communication unit 132 of the storage device 10a and the terminal 20a can perform short distance communication. Close to Then, it is checked whether the terminal 20a holds the authentication information in its own storage unit 22. If the terminal 20a does not hold the authentication information, the terminal 20a requests the storage device 10a for the authentication information. Also, the user may explicitly instruct the storage device 10a to request authentication information. In this case, the terminal 20a requests the storage device 10a for authentication information when instructed by the user.

  The storage device 10a issues authentication information in response to the request from the terminal 20a. At this time, the storage device 10a checks whether the information to be shared satisfies a predetermined condition. Specifically, as described above, this condition may be a condition in which the size of the information falls below a predetermined threshold.

  When the storage device 10a determines that the information to be shared satisfies the predetermined condition, the storage device 10a issues authentication information issued by short distance communication to the terminal 20a that is the request source of the authentication information, It sends out information including VPN authentication information for VPN connection, identification information of the storage device 10a (the same one as sent to the dynamic DNS server 50), and information itself to be shared.

  On the other hand, when the information to be shared does not satisfy the predetermined conditions, the storage device 10a issues authentication information issued by short-distance communication to the terminal 20a that is the request source of the authentication information. , Information including VPN authentication information for VPN connection and identification information of the storage device 10a (the same one as sent to the dynamic DNS server 50), but not including the information itself to be shared Send out. At this time, the storage device 10a may send, to the terminal 20a, target specifying information for specifying information to be shared. If the information to be shared is a still image, a moving image, or the like, the storage device 10a may perform the following processing. That is, if the size of the still image or moving image to be shared does not fall below a predetermined threshold, the storage device 10a resizes and reduces the still image if it is a still image, and the reduction process is performed. The result (specifically, a thumbnail image or the like) may be sent to the terminal 20a together with the authentication information or the like. In the case of a moving image, a representative frame (for example, the first I frame if the moving image is in the MPEG (Motion Picture Experts Group) format) is selectively extracted, and a still image of the extracted frame is extracted. , And the authentication information etc. may be sent to the terminal 20a.

  Furthermore, in any case, the storage device 10a stores and holds the issued authentication information in the storage unit 12.

  The terminal 20a stores the information received from the storage device 10a. Then, the holder of the terminal 20a is configured to receive the authentication information from the holder of the terminal 20b (a person who can approach the storage device 10b, specifically, a holder of the storage device 10b). Make the operation. Further, the holder of the terminal 20a instructs the terminal 20a to send out the authentication information. The owner of each terminal 20 sets the terminal 20a and the terminal 20b in a state in which they can communicate with each other. Specifically, when near field communication is performed, the holders of the terminals 20a and 20b bring the terminals 20a and 20b close to each other.

  Then, the terminal 20a transmits information (received from the storage device 10a) including the authentication information stored in the storage unit 22 of the terminal 20a to the other terminal 20b through communication (near distance communication, etc.) . Then, the terminal 20b accepts information including authentication information (issued by the storage device 10a) from the terminal 20a, which is another terminal, by near field communication or the like, and stores the information. The stored information may include target specifying information, a reduced image (thumbnail image) generated based on the information to be shared, and the like. The information generated on the basis of the information to be shared, such as the reduced image, is provided to a process (such as a process for displaying) which causes the possessor of the terminal 20b to preview the information to be shared. Ru.

  At this time, if the terminal 20a receives the information itself to be shared from the storage device 10a, the information itself to be shared is also sent to the terminal 20b. In this case, by operating the terminal 20b, the user can perform predetermined processing such as displaying and outputting the information to be shared.

  The owner of the terminal 20b instructs the terminal 20b to communicate with the storage device 10b. At this time, the terminal 20b and the storage device 10b perform the operation illustrated in FIG. As an example, the owner of the terminal 20b approaches the storage device 10b, and the terminal 20b is moved to the storage device 10b to such an extent that the second communication unit 132 of the storage device 10b and the terminal 20b can perform short distance communication. You may make it approach. At this time, the terminal 20b and the storage device 10b perform the operation illustrated in FIG. That is, the storage device 10b receives authentication information and the like from the terminal 20b, performs VPN connection with the storage device 10a using the authentication information and the like, and mounts the storage device 10a. After that, the storage device 10b outputs a list including not only the information in its own disk drive 12b but also the information in the disk drive 12b of the mounted storage device 10a in response to the request for the list of information. Further, in response to an instruction to read information in the disk drive 12b of the storage device 10a, the information is read from the disk drive 12b of the storage device 10a and output. For example, in this example of the present embodiment, the storage device 10b may accept target identification information as well as authentication information. In this case, the storage device 10b that has received the target specifying information acquires, from the disk drive 12b of the mounted storage device 10a, information (information set as a target of sharing) specified by the target specifying information, and the terminal 20b, etc. Output to

  Also in this example, the cloud server 60 may be used to share information without using a VPN connection. In addition, when the storage device 10a sends information to be shared to the terminal 20a, provision of authentication information is not necessarily required. Furthermore, although the above description assumes that the size of the information falls below a predetermined size as a condition for sending out information to be shared, the present embodiment is not limited to this, and, for example, The type may be different depending on the type of information (identified by extension or header information), such as a predetermined type. As another condition, even if the information to be shared is already uploaded to the cloud server 60 (whether or not the information on the storage device 10a can be acquired via the cloud service) Good. That is, when the information to be shared is already uploaded to the cloud server 60, control is performed so as not to send out the information itself to be shared.

  Furthermore, in this example as well, the terminal 20b does not necessarily need to acquire the information of the sharing target in the storage device 10a via the storage device 10b, and the terminal 20b directly targets the sharing in the storage device 10a via the network. You may obtain the information of In this case, the storage device 10b accepts authentication setting information such as a user name and a password from the terminal 20b. Then, the storage device 10b transmits the authentication information (the one issued by the storage device 10a) and the authentication setting information received from the terminal 20b to the storage device 10a, performs authentication processing, and permits access to the terminal 20b. Ask to set up. The storage device 10a refers to the authentication setting information from the terminal 20b and performs setting for permitting access to the information to be shared, and then the terminal 20b directly accesses the storage device 10a to obtain authentication setting information. By performing the used authentication, it becomes possible for the terminal 20b to obtain the information in the storage device 10a that has become the object of sharing.

  Further, in the description so far, the storage device 10a may perform conversion processing on the information to be shared based on a predetermined condition, and use the information after the conversion processing as a sharing target. Specifically, for example, when the owner of the terminal 20a performs an operation of specifying the information to be shared, the format of the information that can be processed by the terminal 20b of the sharing destination is also specified. As an example, if the information to be shared is moving image information, the owner of the terminal 20a inputs information representing a reproducible encoding scheme at the terminal 20b, and the terminal 20a stores the input information. It may be sent to the device 10a.

  In this case, the storage device 10a converts the information specified as the sharing target with reference to the information, stores the converted information in the disk drive 12a as information of the designated encoding method, and the converted information Is to be processed as a target of sharing.

  Here, the storage device 10a sends out the information to the terminal 10a by near field communication when the size of the information to be shared falls below a predetermined threshold value, but it is close. If both NFC and Bluetooth can be used even in distance communication, or if information can be sent to the terminal 10a via a wireless LAN or a cellular phone network, the storage device 10a operates as follows. May be

  That is, the storage device 10a of this example responds to the request for authentication information from the terminal 20a, issues authentication information, and determines whether the information to be shared satisfies a first predetermined condition or not Examine Specifically, the first condition may be a condition that the size of the information falls below a predetermined first threshold T1.

  If the storage device 10a determines that the information to be shared here satisfies the first predetermined condition, the storage device 10a performs near field communication (for example, NFC) to the terminal 20a that is the request source of the authentication information. Authentication information issued, VPN authentication information for VPN connection, identification information of the storage device 10a (the same as that sent to the dynamic DNS server 50), and information subject to sharing Send out information including

  On the other hand, when the information to be shared does not satisfy the first condition, the storage device 10a determines whether the information to be shared satisfies a second predetermined condition. Examine. Specifically, the second condition may be a condition that the size of the information falls below a predetermined second threshold value T2 (where T2> T1).

If the storage device 10a determines that the information to be shared here satisfies the predetermined second condition, the storage device 10a performs near field communication (for example, transmission from NFC to the terminal 20a that is the request source of the authentication information. Authentication information issued by communication via highly efficient Bluetooth, TransferJet (registered trademark), Wi-Fi Direct (registered trademark), wireless LAN or cellular phone network, and VPN authentication information for VPN connection , And sends out information including the identification information of the storage device 10a (the same as that sent to the dynamic DNS server 50) and the information to be shared.
When Bluetooth or the like is used, settings such as pairing or device registration are required prior to transmission and reception of information. Therefore, when performing transmission and reception of information according to this example, the necessary setting is performed in advance for each of the storage device 10a and the terminal 20a, and when the second condition is satisfied, communication by the adopted system is performed. The storage device 10a and the terminal 20a perform the procedure of starting the command.

  Furthermore, when the information to be shared does not satisfy either the first condition or the second condition, the storage device 10a performs near field communication with the terminal 20a that is the request source of the authentication information. The information that is the target of sharing, including the issued authentication information, VPN authentication information for VPN connection, and identification information of the storage device 10a (the same as that sent to the dynamic DNS server 50) Send out information not included.

  Furthermore, in any case, the storage device 10a stores and holds the issued authentication information in the storage unit 12.

  Here, when transmitting information by communication via a wireless LAN or a mobile telephone network, the storage device 10a provides the information to be transmitted by near field communication, and accesses the internal server. The reference information (URL) may be transmitted, and the information may be transmitted by causing the terminal 20a to access the URL.

Credential Timeout
In the above description, the storage device 10 that has issued the authentication information can be implemented by a clock (not shown) (a calendar chip, etc.) at a predetermined timing before storing the issued authentication information, such as when issuing the authentication information. Therefore, the date and time information at the time of processing may be read, and the read date and time information and the issued authentication information may be stored in association with each other.

  In this case, the storage device 10 reads the date and time information counted by the clock unit at predetermined timings, and reads the date and time information and the date and time information related to any authentication information from the clock unit. If the difference between the date and time information exceeds a predetermined threshold value, the authentication information associated with the date and time information may be set to be unusable, for example, deleted from the storage unit 12.

  In the above description, the storage device 10 sends authentication information to the terminal 20 using near field communication, but the terminal 20 communicates via a network such as a mobile phone such as SMS (Short Message Service). If it corresponds to the means, the authentication information may be sent out by SMS or the like.

[Share by 3 or more]
Furthermore, in the above description, according to the example in which the connection by the VPN is mutually made when transmitting and receiving the information to be shared among the plurality of storage devices 10, the storage device 10 on the VPN server side It is also assumed that there are requests for VPN connection from the storage devices 10 exceeding the number of acceptable destination storage devices 10 of the VPN server depending on conditions such as processing capacity.

  In consideration of such an example, the storage device 10a operating as a VPN server sets the number N of acceptable destination storage devices 10 of the VPN server as N, and sets the N + 1th first storage device 10n (or terminal 20n). When there is a request for a VPN connection from, the cloud server 60 checks whether the cloud server 60 is available. Specifically, in this case, whether the cloud server 60 can be accessed or the information can be uploaded to the cloud server 60 (in some cases, the size of the uploadable information is limited) Check if the size exceeds that).

  Here, when the storage device 10a operating as the VPN server determines that uploading of information to the cloud server 60 is possible, it newly issues authentication information, and uses this issued authentication information to target sharing. The encrypted information is encrypted and uploaded to the cloud server 60. In addition, when there is a request for a list of information from the (N + 1) -th storage device 10 n (or terminal 20 n), information including newly issued authentication information as information of a predetermined format (cloud server 60 (Which may further include information for specifying) to the storage device 10 n or the terminal 20 n.

  Here, the predetermined format may be a predetermined specific file name or a file name having a specific extension. In this case, if the storage device 10 n or the terminal 20 n includes the information of the specific file name in the list, the storage device 10 n or the terminal 20 n extracts the authentication information (newly issued) included in the information. If the information specifying the cloud server 60 is further included, the information is read.

  Then, the storage device 10 n or the terminal 20 n accesses the cloud server 60 (or the cloud server 60 may be determined in advance) specified by the extracted information, and the encrypted sharing target is Get information. Then, the storage device 10 n or the terminal 20 n decrypts the information with the newly issued authentication information previously acquired from the storage device 10 a, obtains the information to be shared, and provides the information for predetermined processing.

  In addition, when the storage device 10a serving as the VPN server determines that uploading of information to the cloud server 60 is not possible, the storage device 10a selects one of the storage device 10 or the terminal 20 currently connected to the VPN, and The VPN connection with the selected storage device 10 or terminal 20 is disconnected. This selection may be randomly selected from the storage device 10 or terminal 20 other than the storage device 10 n-1 or terminal 20 n-1 last connected by VPN, or the connection time is longest. You may choose.

  If the selected party is the terminal 20, a warning dialog such as "Are you sure you want to disconnect?" Is displayed before disconnection, and if there is no response within a certain period of time, or if you disconnect using this alert dialog The VPN connection with the selected terminal 20 may be disconnected when an instruction to the effect is given. At this time, when it is instructed in the warning dialog that the disconnection is not made, the VPN connection with the terminal 20 is maintained, and the storage device 10 or the terminal 20 different from this is selected.

  Furthermore, even if the storage device 10a operating as the VPN server determines that uploading of information to the cloud server 60 is possible, one of the storage device 10 or the terminal 20 currently connected to the VPN is used. Alternatively, the VPN connection with the selected storage device 10 or terminal 20 may be disconnected. This selection may be randomly selected from other storage devices 10 or terminals 20 other than the last connected storage device 10 n or terminal 20 n, or the one with the longest connection time may be selected. .

  Then, the storage device 10a newly issues authentication information, encrypts the information to be shared using the issued authentication information, uploads the information to the cloud server 60, and issues the newly issued authentication information. The information to be included is sent to the selected storage device 10 or terminal 20.

  In this example, the storage device 10 or the terminal 20 operating as a VPN client receives predetermined information including authentication information newly issued from the storage device 10 side serving as a VPN server during VPN connection. Is received, the connection of the VPN is disconnected, and the cloud server 60 (may be determined in advance, or information identifying the cloud server 60 is transmitted together with the newly issued authentication information. May be accessed to obtain encrypted shared information. Then, the storage device 10 or the terminal 20 decrypts the acquired information with the newly issued authentication information previously acquired from the storage device 10, obtains the information targeted for sharing, and performs predetermined processing. Provide.

  In the case where the information to be shared in the storage device 10a is composed of a plurality of files, etc., the storage device 10a selects the storage device 10 or the terminal 20 selected from the information to be shared. The portion excluding the file acquired up to this point may be encrypted and uploaded to the cloud server 60.

  Furthermore, in the above description, when performing the near-field communication with the terminal 20, the storage device 10 may charge the terminal 20 that is the target of the near-field communication by non-contact power feeding. As such a technique, for example, widely known techniques such as Qi (registered trademark) and A4WP (registered trademark), detailed description thereof will be omitted.

  Furthermore, in the description so far, the storage device 10 holding the information of the sharing source and the storage device 10 to be the sharing destination are communicably connected to each other by VPN or the like, and the file of the storage device 10 to be the sharing destination The file system of the storage device 10 of the sharing source was to be mounted on the system. However, when the target of sharing is specified for each file, depending on the information to be shared, the file system is not mounted but the information to be shared is shared by FTP (File Transfer Protocol) or the like. The file may be transferred for each file from the original storage device 10 to the shared storage device 10. In this case, the storage device 10 of the sharing destination performs processing such as sending out the file obtained by the transfer to the terminal 20 which is the sharing destination.

DESCRIPTION OF SYMBOLS 10 storage device, 11, 21 control part, 12, 22 storage part, 12a memory part, 12b storage part, 13, 25 communication part, 20 terminal, 23 operation part, 24 display part, 30, 30 ', 30''information sharing Module, 31 authentication information provider, 32 authentication information receiver, 33 authentication unit, 34, 34 ', 34 "sharing setting unit, 35, 35', 35" information sharing unit, 41 authentication information request unit, 42 authentication information exchange Part, authentication information providing part 43, 46 Information request part, 47 Information exchange part, 48 Information processing part, 50 Dynamic DNS server, 60 Cloud server, 131, 251 1st communication part, 132, 252 2nd communication part.

Claims (4)

An information sharing system including a sharing source information device holding information to be shared, a first terminal, a second terminal, and a sharing destination information device,
The first terminal communicates with the sharing source information device to receive authentication information.
The second terminal receives the authentication information from the first terminal,
The sharing destination information device receives the authentication information from the second terminal, accesses the sharing source information device using the received authentication information, and sets the information to be shared so as to be obtainable. Information sharing system. Communication is performed with a terminal that receives authentication information from a sharing source information device that holds information to be shared, and means for receiving the authentication information, and using the authentication information received from the terminal, sharing source information A means for accessing the device and setting the information to be shared ready for acquisition;
Information equipment equipped with. A first terminal that accepts authentication information from a sharing source information device that holds information to be shared;
Communication is performed with the first terminal, and the sharing source information device is accessed using means for receiving the authentication information and the authentication information received from the first terminal, and information to be shared is acquired. A means for setting it as possible,
And a second terminal including
When the predetermined condition is satisfied, the first terminal accepts the information to be shared with the authentication information from the sharing source information device, and becomes the sharing target with the authentication information to the second terminal. Send information via the communication,
The information sharing system, wherein the second terminal accepts the information to be shared from the first terminal. Computer,
The sharing source information device holding the information to be shared communicates with the terminal that has received the authentication information, and using the means for receiving the authentication information, and using the authentication information received from the terminal, the sharing source A means for accessing the information device and setting the information to be shared ready for acquisition;
A program to function as

Images