JP4286707B2 - Group communication system, group communication system control method, information processing apparatus, and program - Google Patents

Description

  The present invention relates to a group communication system, a group communication system control method, an information processing apparatus, and a program.

2. Description of the Related Art There is known a technology related to an ad hoc network in which a network is configured by directly connecting terminals performing wireless communication and transferring data.
JP 2003-318896 A IETF RFC 3626: Optimized Link State Routing Protocol (OLSR)

  By the way, a plurality of terminals connected to a network such as the Internet form a group, and group communication is performed in which direct communication is performed between terminals belonging to the same group. Group communication is used, for example, in a system that conducts an electronic conference at multiple points and an application that exchanges messages and files among a plurality of people. In such group communication, there is a strong demand for ensuring security in communication. For this reason, authentication of terminals participating in the group and encryption of data exchanged between the members of the group have been performed. For example, Patent Document 1 discloses a technology in which one of terminals belonging to a group authenticates a terminal participating in the group.

  However, in group communication as described in Patent Document 1, consideration is not given to a case where communication of a terminal that performs authentication is disconnected, and communication is performed by movement of a terminal or the like as in an ad hoc network. When group communication is performed in an environment where there is a high possibility that disconnection will occur, communication of the terminal that is performing authentication may be disconnected, and thereafter, the terminal cannot participate in the group.

  The present invention has been made in view of such a problem, and provides a group communication system, a group communication method, an information processing apparatus, and a program capable of continuing group communication even in a situation where communication is disconnected. Main purpose.

One of the main inventions of the present invention for achieving the above object is:
A control method for a group communication system for performing communication between a plurality of information processing devices belonging to the same group,
Each of the information processing devices is connected to be communicable with each other,
Each of the information processing devices belonging to the group is
Storing identification information of the information processing apparatus belonging to the group;
Send and receive data to and from each of the information processing devices corresponding to the stored identification information,
The first information processing apparatus, which is the information processing apparatus belonging to the group,
Authenticate other information processing devices trying to join the group,
When the authentication is successful, the participation notification information including the identification information of the other information processing device is transmitted to each of the information processing devices belonging to the group,
The communication quality information that is information indicating the communication quality between the first information processing device and the information processing device belonging to the group other than the first information processing device is acquired, and the acquired The information processing device that is different from the first information processing device belonging to the group when it is determined whether or not its communication status has deteriorated based on the communication quality information and is determined to have deteriorated Is selected as the second information processing device,
A message indicating that the first information processing device leaves the group is sent to the selected second information processing device;
The second information processing apparatus
Detecting that the communication of the first information processing apparatus is disconnected by receiving the message ;
Acting the authentication when communication of the first information processing apparatus is disconnected,
When the proxy authentication is successful, the participation notification information is transmitted to each of the information processing devices belonging to the group,
Each of the information processing devices belonging to the group is
Receiving the participation notification information transmitted from the first information processing apparatus or the second information processing apparatus;
The identification information included in the received participation notification information is stored.

  According to the present invention, it is possible to provide a group communication system, a group communication system control method, an information processing apparatus, and a program capable of continuing group communication even in a situation where communication is disconnected.

Hereinafter, a group communication system that performs communication (hereinafter referred to as group communication) between a plurality of terminals belonging to the same group in an ad hoc network in which a plurality of terminals configure a network by ad hoc wireless communication will be described.
FIG. 1 is a diagram illustrating a configuration example of an ad hoc network according to the present embodiment.

  The terminal 1000 is an information processing apparatus that constitutes an ad hoc network, such as a personal computer (PC), a personal digital assistant (PDA), a mobile phone, or a car navigation system. A range 2000 indicated by a broken line is a range in which the terminal A (1000) can directly perform wireless communication.

  A message transmitted from the terminal A (1000) is transferred (routed) by a terminal C (1000), a terminal E (1000), or the like located within a range 2000 where wireless communication is possible. Thereby, the terminal A (1000) can communicate with the terminal 1000 located outside the range 2000. For example, a thick solid arrow indicates an example of a communication path when a message is communicated from the terminal A (1000) to the terminal B (1000). The message transmitted from the terminal A (1000) is transferred by the terminal E (1000) and the terminal F (1000) and reaches the terminal B (1000). The message transfer method in such an ad hoc network is detailed in, for example, RFC3626.

  The group communication system according to the present embodiment includes a terminal A (1000), a terminal B (1000), a terminal C (1000), and a terminal D (1000). Messages transmitted and received in group communication are encrypted with a key common to terminals 1000 belonging to the same group. Therefore, even when the terminal 1000 that does not belong to the group, for example, the terminal 1000 such as the terminals E and F (1000) transfers the message of group communication, the terminal 1000 can decode the message to be transferred. I can't do it.

  When a terminal 1000 such as terminal E or F (1000) that does not belong to the group joins the group, the terminal 1000 (hereinafter referred to as a participating terminal) trying to join the group is one of the members belonging to the group. Authentication is performed by the terminal 1000. If the authentication is successful, a common key for encryption is distributed from the authenticated terminal 1000 to the terminal 1000 that participates in the group. In the following description, the terminal 1000 that performs authentication of a participating terminal is referred to as an authentication terminal (authentication apparatus).

  In the present embodiment, the authentication terminal not only authenticates the terminal 1000 that participates in the group, but also checks the communication status as to whether or not the communication of the terminal 1000 belonging to the group has been disconnected. Hereinafter, the authentication of the participating terminals and the confirmation of the communication status of the terminals 1000 belonging to the group are collectively referred to as group management processing. In addition, when communication of the authentication terminal (first information processing apparatus) is disconnected, another terminal (second information processing apparatus) belonging to the group performs authentication of the participating terminals and group management processing. . As a result, even in an environment where there is a high possibility of frequent disconnection of communication, such as an ad hoc network, group communication can be stably continued.

  FIG. 2 is a diagram illustrating an example of the configuration of the terminal 1000. A terminal 1000 includes a CPU (Central Processing Unit) 1001 that executes a program, a memory 1002 such as a RAM and a ROM that stores programs and data, a display unit 1003 such as a display, a keyboard and a mouse, a touch panel device, and a remote control signal receiver. The input unit 1004 includes a wireless I / F 1005 that is an interface for performing ad hoc wireless communication.

  FIG. 3 is a functional block diagram of the terminal 1000. The terminal 1000 includes a wireless routing unit 3001, an authentication processing unit 3002, a group generation unit 3003, an authentication terminal selection unit 3004, a group communication unit 3005, and a storage unit 3006.

  The wireless routing unit 3001 performs transfer (routing) of messages received from other terminals 1000. The routing performed by the wireless routing unit 3001 is performed according to the RFC3626 standard, for example. The authentication processing unit 3002 authenticates the participating terminals. The group generation unit 3003 sets a list of terminals 1000 (hereinafter also referred to as members) belonging to the new group in group information described later. The authentication terminal selection unit 3004 selects an authentication terminal from group members. The group communication unit 3005 encrypts the message and transmits / receives the encrypted message to / from the group members. The storage unit 3006 stores various data necessary for performing group communication.

  Data stored in the storage unit 3006 includes a terminal ID 3100, a certificate 3101, a secret key 3102, a CA public key 3103, a terminal list 3104, and group information 3105.

  The terminal ID 3100 is identification information of the terminal 1000. A certificate 3101 is an electronic certificate issued to the terminal 1000 from a certificate authority (CA). The CA public key 3103 is the public key of the certificate authority that issued the certificate 3101. The certificate 3101 can be validated using the CA public key 3103. The secret key 3102 is a secret key of the terminal 1000 used for public key encryption. The certificate 3101 includes the user's public key corresponding to the private key 3102.

The terminal list 3104 is a list of terminals 1000 that can communicate via an ad hoc network. In the terminal list 3104, terminal IDs and addresses are registered in association with each other. The terminal ID and address registered in the terminal list 3104 are broadcast on the ad hoc network, as will be described later. The terminal 1000 receives the broadcasted terminal ID and address and registers them in the terminal list 3104.
The group information 3105 is information regarding the group in which the terminal 1000 is participating. When the terminal 1000 participates in a plurality of groups, the storage unit 3006 stores group information 3105 for each group.

  FIG. 4 is a diagram showing information included in the group information 3105. The group information 3105 (encryption key storage unit) includes a group communication state 4000, a group ID 4001, a group policy 4002, an authentication terminal ID 4003, a group communication key 4004, and a member list 4100 (member storage unit).

  The group communication status 4000 is information indicating the current status of the group. In the group communication state 4000, for example, information indicating a state such as “group generation in progress” or “group communication start” is set. The group ID 4001 is group identification information. The group policy 4002 is set with information indicating processing when communication with the authentication terminal is disconnected, as will be described later. The authentication terminal ID 4003 is a terminal ID that identifies an authentication terminal that performs authentication of a participating terminal among the terminals 1000 belonging to the group. The group communication key 4004 is a common key (encryption key) for encrypting messages transmitted and received between group members.

  The member list 4100 is a list of terminals 1000 belonging to the group. In the member list 4100, member terminal IDs 4101, addresses 4102, and certificates 4103 are registered in association with each other. The address 4102 is position information on an ad hoc network such as an IP address, for example.

  FIG. 5 is a diagram showing a configuration of group information 3105 stored in the storage unit 3006 when the terminal 1000 is an authentication terminal. When the terminal 1000 is an authentication terminal, the group information 3105 includes the number of hops 4005 when selecting the authentication terminal in addition to the group information 3105 of FIG. Further, the number of response hops 4104 is added to the member information set in the member list 4100.

The number of hops 4105 at the time of selecting an authentication terminal is an evaluation value of the communication status when the terminal 1000 is selected as an authentication terminal from among the members of the group. In this embodiment, the evaluation value of the communication status of the terminal 1000 is an average value of the number of terminals 1000 (number of hops) that pass through the communication between the terminal 1000 and another terminal 1000.
The number of response hops 4104 in the member list 4100 is the number of hops between the authentication terminal and each terminal 1000.

FIG. 6 is a diagram illustrating a configuration example of the group policy 4002. The group policy 4002 includes a group description 6001, a participation permission method 6002, and a communication continuation policy 6003 (policy information).
In the group description 6001, information describing the contents of the group is set. In the information set in the group description 6001, for example, data expressing the purpose of generating a group such as “chat”, “conference”, and “file exchange” is set.
In the participation permission method 6002, information indicating a method for determining whether or not the terminal 1000 that is going to join the group is to join the group is set. In the participation permission method 6002, “user input” or “automatic” is set.

  When “user input” is set in the participation permission method 6002, the authentication terminal outputs information regarding the terminal 1000 trying to participate in the group and accepts input from the user. The authentication terminal determines whether to join the terminal 1000 to the group in response to an input from the user. On the other hand, when “automatic” is set in the participation permission method 6002, the authentication terminal determines whether or not the terminal 1000 is to join the group. In this case, the participation permission method 6002 is attached with conditions for items set in the certificate 4103 of the terminal 1000. For example, when the participation permission method 6002 is “automatic” and the information for specifying the name of a company or organization is attached to the participation permission method 6002, the authentication terminal sets “affiliation” set in the certificate 4103. Whether the terminal 1000 is permitted to participate in the group is determined according to whether the item matches the name of the company or organization attached to the participation permission method 6002.

In the communication continuation policy 6003, information indicating whether to continue the group communication when the communication of the authentication terminal is disconnected or when the authentication terminal leaves the group is set. In the communication continuation policy 6003, “end” or “continuation” is set.
When information indicating “end” is set in the communication continuation policy 6003, when communication of the authentication terminal is disconnected, group communication between other terminals 1000 other than the authentication terminal belonging to the group is also ended. Like that. On the other hand, when “continuation” is set in the communication continuation policy 6003, group communication between the other terminals 1000 is continued with one of the other terminals 1000 as a new authentication terminal. In this embodiment, it is assumed that “continuation” is set in the communication continuation policy 6003.

  FIG. 7 is a diagram showing a flow of processing in which the terminal 1000 creates a list of terminals 1000 on the ad hoc network (hereinafter referred to as a terminal list).

  The terminal A (1000) sends an address notification message including the terminal ID 3100 stored in the terminal A (1000) and the address on the ad hoc network assigned to the terminal A (1000) at regular intervals. Broadcast upward (S7001). The terminal 1000 on the ad hoc network receives the address notification message broadcast from the terminal A (1000). The terminal 1000 associates and registers the terminal ID of the terminal A (1000) included in the address communication message with the address in the terminal list 3104 (S7002).

  Terminals 1000 other than terminal A (1000) also broadcast an address notification message in the same manner as terminal A (1000). In this way, the terminal 1000 can obtain a list of terminals 1000 that can transmit an address notification message on the ad hoc network. In FIG. 7, only the terminal B (1000), the terminal C (1000), and the terminal D (1000) are shown for simplicity, but other terminals 1000 such as the terminal E (1000) are similarly addressed. Send and receive notification messages.

  Next, processing when terminal 1000 starts group communication will be described. FIG. 8 is a diagram illustrating a flow of processing in which terminal A (1000) generates a group and starts group communication. The terminal 1000 that starts group communication is called an initiator.

  In the terminal A (1000) that is an initiator, the group generation unit 3003 generates group information 3015. The group generation unit 3003 selects a terminal 1000 as a group member candidate from the terminals 1000 registered in the terminal list 3104 by member candidate selection processing described later. The group generation unit 3003 sets the selected terminal 1000 in the member list 4100 of the generated group information 3015 (S8001). The group generation unit 3003 accepts input of data related to the group policy 4002 from the user, and sets the accepted data as the group policy 4002 (S8002). In addition, the group generation unit 3003 sets various types of information in the group information 3015 (S8003). For example, the group generation unit 3003 sets a value indicating “group generation” in the group communication state 4000 and sets a unique value for the group ID. The group generation unit 3003 generates a group communication key 4004 that is a common key used for encryption of group communication (S8004).

  The terminal A (1000) transmits an invitation message (participation possible notification message) in which the certificate 3101 of the terminal A (1000), the group policy 4002, and the member list 4100 are set to the terminal 1000 registered in the member list 4100. (S8005). Terminal A (1000) starts a timer that sets a predetermined period for receiving a response message to the invitation message (S8006).

  Each of the terminals 1000 registered in the member list 4100 (hereinafter referred to as a candidate terminal) receives an invitation message from the terminal A (1000). The candidate terminal verifies the certificate 3101 of the terminal A (1000) set in the invitation message using the CA public key 3103 (S8007). The candidate terminal displays the verification result of the certificate 3101, the certificate 3101 and the group policy 4002 set in the invitation message, the terminal ID of the terminal 1000 registered in the member list 4100 that is a member candidate, and the like. It is displayed in 1003 (S8008). In response to the input from the user, the candidate terminal transmits a response message indicating whether or not to join the group to the terminal A (1000). A certificate 3101 of a candidate terminal is set in the response message.

  When terminal A (1000) receives an acceptance message, which is a response message indicating participation in the group, from the candidate terminal (S8009), group generation unit 3003 uses certificate 3101 set in the response message as an acceptance message. Is set in the certificate 4103 of the member list 4100 corresponding to the terminals B to D (1000) that are the transmission source of the message (S8010). Next, the authentication processing unit 3002 of the terminal A (1000) authenticates the terminals B to D (1000) that are the transmission source of the acceptance message (S8011). When the authentication processing unit 3002 of the terminal A (1000) succeeds in the authentication of the terminals B to D (1000), the group communication key 4004 is transmitted to the terminals B to D (1000). Details of the processing for transmitting the authentication and group communication key 4004 (hereinafter referred to as authentication / key distribution processing) will be described later. Note that the authentication processing unit 3002 of the terminal A (1000) deletes the terminal 1000 that has failed authentication from the member list 3015.

On the other hand, when the group generation unit 3003 of the terminal A (1000) receives a rejection message that is a response message indicating that the candidate terminal does not participate in the group (S8012), the terminal G (1000) that is the transmission source of the rejection message Is deleted from the member list 3015 (S8013).
Further, the group generation unit 3003 of the terminal A (1000) deletes from the member list 3015 the terminal H (1000) that has not received a response message before the timer set in (S8006) times out. (S8014).

  The group generation unit 3003 of the terminal A (1000) sets information indicating “start group communication” in the group communication state 4000 (S8015), and the terminals B to D (1000) registered in the member list 4100 The member list 4100 is transmitted (S8016). The terminals B to D (1000) receive the member list 4100 transmitted from the terminal A (1000), and store the received member list 4100 as the member list 4100 of the group information 3015 in the storage unit 3006 (S8018). Here, also in the terminals B to D (1000), information indicating “start group communication” is set in the group communication information 4000 (S8018).

  Through the above processing, the common group communication key 4004 generated by the terminal A (1000) is stored in each of the terminals A to D (1000), and the terminal 1000 belonging to the group is registered in the member list 4100. . Therefore, the group communication unit 3005 of the terminals A to D (1000) belonging to the group can perform encrypted communication by the common key method with each member of the group (S8019). Each terminal 1000 outputs information related to the terminal 1000 registered in the member list 4100 to the display unit 1003 (S8020), verifies the certificate 4103 of the terminal 1000 belonging to the group, Content display (S8021) can be performed.

  Next, the authentication terminal selection unit 3004 of the terminal A (1000) performs a process of selecting an authentication terminal from the terminals A to D (1000) belonging to the group (hereinafter referred to as an authentication terminal selection process) (S8022). . Further, the authentication terminal selection unit 3004 of the terminal A (1000) performs a process of setting any one of the selected terminals A to D (1000) as an authentication terminal (hereinafter referred to as an authentication terminal setting process) (S8023). Details of the authentication terminal selection process and the authentication terminal setting process will be described later.

  FIG. 9 is a diagram for explaining the flow of member candidate selection processing for selecting a terminal 1000 that is a candidate for a group member from the terminals 1000 registered in the terminal list 3104.

  The terminal A (1000) as the initiator displays information such as the terminal ID and address of the terminal 1000 registered in the terminal list 3104 on the display unit 1003 (S9001). The terminal A (1000) receives the input of the terminal 1000 selected from the user (S9002), and specifies the terminal B (1000) that is the terminal 1000 selected by the user. The terminal A (1000) transmits a certificate request, which is a command for obtaining the certificate 3101 of the terminal B (1000), to the address of the terminal B (1000) registered in the terminal list 3104 (S9003). . In response to the certificate request, the terminal B (1000) transmits the certificate 3101 to the terminal A (1000) (S9004). The terminal A (1000) verifies the acquired certificate 3101 of the terminal B (1000) using the CA public key 3103 stored in the storage unit 3006 of the terminal A (1000) (S9005).

  When the verification of the certificate 3101 of the terminal B (1000) fails, the terminal A (1000) deletes the terminal B (1000) from the member list 3104.

  When the verification of the certificate 3101 of the terminal B (1000) is successful, the terminal A (1000) displays the contents of the certificate 3101 of the terminal B (1000) and the verification result on the display unit 1003. Accepts input. If the terminal A (1000) receives an input indicating that the user selects the terminal B (1000) as a group member candidate, the certificate 4103 corresponding to the terminal B (1000) in the member list 4100 Then, the certificate 3101 of the terminal B (1000) received in (S9004) is set (S9007). When the terminal A (1000) receives an input indicating that the terminal B (1000) is not selected as a group member candidate, the terminal A (1000) deletes the terminal B (1000) from the member list 4100 (S9007). .

  The terminal A (1000) repeats the above process for the number of terminals 1000 registered in the member list 4100. In this way, the terminal 1000 registered in the member list 4100 of the terminal A (1000) becomes a group member candidate. Terminal A (1000) registers terminal A (1000) itself in member list 4100.

  FIG. 10 is a diagram for explaining the flow of the authentication / key distribution process. FIG. 10 shows a case where terminal A (1000) as an initiator authenticates terminal B (1000).

  The terminal A (1000) generates a random number A (S10001), and transmits the generated random number A to the terminal B (1000) (S10002). The terminal B (1000) receives the random number A and generates a signature A for the random number A using the secret key 3102 (S10003). The terminal B (1000) generates a random number B and transmits the random number B and the signature A to the terminal A (1000) (S10005). The terminal A (1000) receives the random number B and the signature A, acquires the public key from the certificate 4103 of the terminal B (1000) registered in the member list 4100, and verifies the signature A (S10006). When the verification of the signature A is successful, the terminal A (1000) generates a signature B for the random number B using the private key 3102 of the terminal A (1000) (S10007). The terminal A (1000) transmits the generated signature B to the terminal B (1000) (S10008). The terminal B (1000) extracts the public key from the certificate 3101 of the terminal A (1000) set in the invitation message described above, and verifies the signature B using the extracted public key (S10009).

  If the verification of the signature A is successful, the terminal B (1000) sends the verification result to the terminal A (1000) (S10010). If the verification result received from terminal B (1000) indicates success, terminal A (1000) encrypts group communication key 4004 using the public key extracted from certificate 4103 of terminal B (1000). (S10011), it transmits to terminal B (1000) (S10012). The terminal B (1000) receives the encrypted group communication key, decrypts the group communication key using the secret key 3102 of the terminal B (1000) (S10013), and stores it in the group communication key 4004 of the group information 3015. Set.

In the present embodiment, the same key is used for the signature process and the encryption process. However, it is preferable to use different keys. In this case, the terminal A (1000) and the terminal B (1000) have two secret keys and two certificates, and use different keys.
In the authentication / key distribution process, other known authentication methods and key exchange methods such as a mutual authentication method defined in ISO 9798 can be used.

  FIG. 11 is a diagram for explaining the flow of the authentication terminal selection process. FIG. 11 illustrates a process in which the terminal A (1000) as an initiator selects an authentication terminal from the terminals A to D (1000) belonging to the same group. In the authentication terminal selection process in the present embodiment, the terminal 1000 with the best communication status is set as the authentication terminal. The number of hops is used as a value (communication quality information) representing the communication quality between the terminal 1000 and other members. Further, the average value of the number of hops with other members is used for evaluating the communication status of the terminal 1000.

  The terminal A (1000) as an initiator is a message instructing each of the terminals B to D (1000) registered in the member list 4100 to notify the evaluation value of the communication status of the terminal 1000. A communication status notification request is transmitted (S11001). The terminal A (1000) starts a timer (S11002) and accepts responses from the terminals B to D (1000) (S11003).

  The terminal A (1000) measures the communication status of the terminal A (1000) itself while waiting for a response from the terminals B to D (1000). As will be described later, the terminal A (1000) transmits a hop number acquisition message for acquiring the hop number to each of the terminals B to C (1000) belonging to the group, and responds to the transmitted hop number acquisition message. The response is received, and the number of hops between each of the terminals B to C (1000) is acquired (S11003) (communication quality acquisition unit). Terminal A (1000) calculates the average value of the acquired hop count (hereinafter referred to as the average hop count) (S11004) (evaluation value calculation section). Also, the terminal A (1000) acquires the number of terminals 1000 that could not receive a response to the hop count acquisition message (hereinafter referred to as the number of non-responses) (S11004). Terminal A (1000) transmits the average number of hops and the number of unanswered terminals to each of terminals B to D (1000) (S11005) (evaluation value transmission unit).

  On the other hand, in the terminals B to D (1000), as in the case of the terminal A (1000), the number of hops between the members of the group is acquired (S11006), and the average number of hops and the number of unanswered are obtained. It is acquired (S11007), and the average hop count and unanswered count are notified to the member (S11008).

  The authentication terminal selection unit 3004 of the terminal A (1000) receives a notification of the average number of hops and the number of non-responses from all members of the group (evaluation value reception unit), or the timer set in the above (S11002) times out In some cases, the terminal 1000 having the smallest average number of hops is selected as the authentication terminal (S11009). Note that the authentication terminal selection unit 3004 of the terminal A (1000) may select the terminal 1000 having the smallest number of unacknowledged as an authentication terminal. Moreover, you may make it the authentication terminal selection part 3004 of the terminal A (1000) select an authentication terminal according to the total value of the number of average hops and the number of unanswered.

  FIG. 12 is a diagram illustrating the flow of hop number acquisition processing in which the terminal 1000 acquires the number of hops with another terminal 1000. FIG. 12 shows the flow of processing for obtaining the number of hops between the terminal A (1000) and the terminal B (1000). Further, in FIG. 12, the terminal A (1000) and the terminal B (1000) are located far enough so that direct wireless communication cannot be performed, and the data transmitted from the terminal A (1000) (1000) and terminal F (1000) are transferred (routed) to reach terminal B (1000).

  The terminal A (1000) transmits a hop number acquisition message, which is a message for acquiring the hop number, to the terminal E (1000) located in a range where wireless communication is possible, with the transmission destination being the terminal B (1000). (S12001).

  The radio routing unit 3001 of the terminal E (1000) determines the terminal F (1000) to be a transfer destination of the hop count acquisition message received from the terminal A (1000) by, for example, the method specified in RFC 3626, and the message Is incremented, and the message is transferred to the destination terminal F (1000) (S12002). Also in the terminal F (1000), the same processing as that of the terminal E (1000) is performed, and the hop count acquisition message reaches the terminal B (1000).

  When terminal B (1000) receives the hop count acquisition message (S12003), terminal B (1000) reads the hop count included in the header portion of the hop count acquisition message. Terminal B (1000) generates a hop number response message that is a response to the received hop number acquisition message (S12004). Terminal B (1000) sets the hop number read from the header part of the hop number acquisition message as data in the generated hop number response message. The terminal B (1000) transmits a hop number response message to the terminal A (1000) that is the transmission source of the hop number acquisition message (S12005).

  The hop count response message transmitted from the terminal B (1000) is processed in the same manner as described above by the terminal F (1000) and the terminal E (1000), and the hop count included in the header part of the hop count response message. Is incremented (S12006).

  When terminal A (1000) receives the hop count response message transferred from terminal E (1000), it is included in the hop count response message data and the hop count response message header. An average value with the number of hops that are present is calculated and obtained as the number of hops between terminal A (1000) and terminal B (1000) (S12007).

  In FIG. 12, for the sake of simplicity, a route through which the hop number acquisition message is transferred from the terminal A (1000) to the terminal B (1000) and a hop number response message are transferred from the terminal B (1000) to the terminal A (1000). Although the case where the route is the same is shown, these routes may be different.

  FIG. 13 is a diagram for explaining the flow of an authentication terminal setting process for setting one of the terminals 1000 belonging to the group as an authentication terminal. In FIG. 13, it is assumed that terminal A (1000) selects terminal B (1000) as an authentication terminal by the above-described authentication terminal selection process.

  The terminal A (1000), which is the initiator, generates an authentication terminal appointment message that is a message indicating that it has been selected as the authentication terminal (S13001). Terminal A (1000) sets the member list (4100) in the authentication terminal appointment message. The terminal A (1000) uses the private key 3102 to generate a signature for the authentication terminal appointment message (S13002). The terminal A (1000) transmits the generated authentication terminal appointment message with the signature attached to the terminal B (1000) selected as the authentication terminal (S13003).

  Upon receiving the authentication terminal appointment message transmitted from the terminal A (1000), the terminal B (1000) receives the public key of the terminal A (1000) from the certificate 4103 of the terminal A (1000) registered in the member list 4100. Take out. The terminal B (1000) verifies the signature attached to the received authentication terminal appointment message using the extracted public key (S13004). If the signature is valid, the terminal B (1000) sets the member list 4100 set in the authentication terminal appointment message in the group information 3015. In addition, terminal B (1000) sets the average hop count of terminal B (1000) acquired in the above-described authentication terminal selection process as authentication terminal selection hop count 4005. The terminal B (1000) transmits a response message to the terminal A (1000) (S13006).

  Upon receiving the response message from the terminal B (1000), the terminal A (1000) generates an authentication terminal notification message that is a message for notifying the terminal 1000 that has become the authentication terminal (S13007). Terminal A (1000) sets the terminal ID of terminal B (1000) in the authentication terminal notification message. The terminal A (1000) uses the secret key 3102 to generate a signature for the authentication terminal notification message (S13008). The terminal A (1000) attaches the generated signature to the authentication terminal notification message and transmits it to the group member (S13009).

Upon receiving the authentication terminal notification message from the terminal A (1000), the terminals B to D (1000) obtain the public key of the terminal A (1000) from the certificate 4103 of the terminal A (1000) registered in the member list 4100. Take out. The terminals B to D (1000) verify the signature attached to the authentication terminal notification message using the extracted public key (S13010). When the signature is valid, the terminals B to D (1000) set the terminal ID set in the authentication terminal notification message as the authentication terminal ID 4003 of the group information 3015 (S13011).
After the above processing, the terminal B (1000) starts the group management processing (S13012).

  FIG. 14 is a diagram for explaining the flow of member addition processing for adding the terminal 1000 participating in the group as a member to the member list 4100, which is one of the group management processing performed by the authentication terminal.

The participating terminal transmits a participation request message, which is a message requesting participation in the group, to the terminal B (1000) that is the authentication terminal (S14001).
When the terminal B (1000) receives the participation request from the participating terminal, the terminal B (1000) authenticates the participating terminal. The process related to this authentication is almost the same as the above-described authentication / key distribution process. However, before the authentication by the terminal B (1000) is successful and the group communication key is distributed to the participating terminals, the terminal B (1000) notifies the participation notification message (participation) that a new member participates. Notification information) is transmitted to the members of the group (S14002) (participation notification information transmission unit). The participation notification message includes the terminal ID, address, and certificate of the participating terminal. When the terminal 1000 that is a member of the group receives the participation notification message (participation notification information receiving unit), the terminal ID, address, and certificate of the participating terminal included in the participation notification message are registered in the member list 4100. (S14003).
Through the above member addition process, the group communication key 4004 is distributed to the participating terminals, and the participating terminals can participate in the group communication.

  Next, an existence confirmation process for detecting whether or not a member's communication has been disconnected, which is one of the group management processes performed by the authentication terminal, will be described. FIG. 15 is a diagram for explaining the flow of the existence confirmation process. Terminal B (1000), which is the authentication terminal, sets timer 1 and executes the presence check process described below at regular intervals.

  Terminal B (1000) sets a period for receiving a response to the following presence confirmation message from each member in timer 2 (S15001). The terminal B (1000) transmits a presence confirmation message for inquiring whether or not the communication is disconnected to the terminal 1000 registered in the member list 4100 (S15002).

  Each of the terminals A, C, and D (1000) that are members of the group receives the existence confirmation message transmitted from the terminal B (1000), and acquires the number of hops included in the header portion of the existence confirmation message. Then, a response message in which the acquired hop count is set as data is generated. Each member transmits the generated response message to the terminal B (1000) (S15003). At this time, each member sets a period in which the member list 4100 transmitted from the terminal B (1000) described later is received in the timer 3 (S15004).

  Terminal B (1000) receives the response message from the member, and uses the average value of the hop count included in the header portion of the response message and the hop count set as data in the response message as the communication quality of the member. Is calculated as (S15005). Terminal B (1000) sets the calculated average number of hops to the number of response hops 4104 in member list 4100 (S15006).

  If there is a member that has not yet received a response message when the timer 2 times out, the terminal B (1000) deletes the member from the member list 4100 (S15006).

  The terminal B (1000) receives the response message from all of the terminals 1000 registered in the member list 4100, or after the timer 2 times out, the terminal B (1000) registers the member list 4100 in the member list 4100. (S15007). Each member of the group receives the member list 4100 from the terminal B (1000), and updates the member list 4100 of the member group information 3015 based on the received member list 4100 (S15008). Instead of the member list 4100, a list of only the terminal IDs of the terminals 1000 registered in the member list 4100 may be transmitted from the authentication terminal to the members. Thereby, the communication load and communication cost concerning transmission of the member list 4100 can be suppressed.

  As a result of the above processing, the authentication terminal deletes the disconnected member from the member list 4100, transmits the updated member list 4100 to each member of the group, and the group member updates the member list 4100. Therefore, the member list 4100 stored in each of the terminals 1000 belonging to the group is periodically updated to the latest state.

  On the other hand, when any of the terminals 1000 belonging to the group cannot receive the member list 4100 transmitted from the terminal B (1000) as the authentication terminal for a predetermined period, the terminal 1000 determines that the terminal B (1000) Authenticating terminal existence confirmation processing is performed to detect whether or not the communication is disconnected. FIG. 16 is a diagram for explaining the flow of the existence confirmation process when the communication of the terminal B (1000) as the authentication terminal is disconnected. FIG. 16 illustrates a case where communication of the authentication terminal is disconnected and the terminal 1000 belonging to the group cannot receive the member list 4100.

  Upon receiving the presence confirmation message (S15002) transmitted from the terminal B (1000), the terminal 1000 belonging to the group returns the above response message to the terminal B (1000) (S15003) and sets a timer ( S15004). Here, when the communication of the terminal B (1000) is disconnected (S16001), the terminal 1000 belonging to the group cannot receive the member list 4100 to be transmitted from the terminal B (1000). If the terminal 1000 belonging to the group does not receive the member list 4100 and the timer 3 set in (S15004) times out, the terminal 1000 determines that the communication of the terminal B (1000) is disconnected (disconnection detection unit), An authentication terminal absence confirmation process for confirming that the communication of the terminal B (1000) has been disconnected is performed (S16002).

  In the authentication terminal absence confirmation process, it is assumed that communication of the authentication terminal is disconnected when all of the terminals 1000 belonging to the group cannot receive the member list 4100 to be transmitted from the authentication terminal. In the present embodiment, in each of terminals 1000 other than the authentication terminal, if member list 4100 transmitted from the authentication terminal cannot be received before the above-described timer 3 times out, it should be transmitted from the authentication terminal. It is determined that the member list 4100 cannot be received. In the ad hoc network, since the message can be transferred by the wireless routing 3001 of each terminal 1000, any one of the terminals 1000 belonging to the group receives the member list 4100 from the authentication terminal in the authentication terminal absence confirmation process. In such a case, it is assumed that the communication of the authentication terminal is not disconnected, and the authentication terminal absence confirmation process ends.

  Further, when it is confirmed that the communication of the authentication terminal is disconnected, the authentication terminal is set again by the above-described authentication terminal selection process and authentication terminal setting process with any member of the group other than the authentication terminal as an initiator. The In the present embodiment, the terminal 1000 that has generated the largest random number is used as the initiator.

  FIG. 17 is a diagram for explaining the flow of the authentication terminal absence confirmation process described above. FIG. 17 illustrates a case where the random number D generated by the terminal D (1000) is the largest value.

  When the timer 3 times out at the terminal A (1000), the terminal A (1000) determines that the communication with the terminal B (1000), which is the authentication terminal, has been disconnected (S17001). The terminal A (1000) generates an authentication terminal absence detection message indicating that the communication with the authentication terminal has been disconnected. The terminal A (1000) generates a random number (S17002), and sends an authentication terminal absence detection message in which the generated random number is set to the terminals C (1000) and D (1000) which are the terminals 1000 registered in the member list 4100. ) Is transmitted to each of () (S17003). At this time, the terminal A (1000) sets a timer for receiving a response to the authentication terminal absence detection message (S17004).

  When the terminals C and D (1000) receive the authentication terminal absence detection message transmitted from the terminal A (1000), the terminals C and D (1000) generate a response message to the received authentication terminal absence detection message. Terminals C and D (1000) also generate random numbers in the same manner as terminal A (1000) (S17005). The terminals C and D (1000) determine whether or not the communication of the authentication terminal has been disconnected depending on whether or not the timer 3 has timed out. The terminals C and D (1000) set the status information indicating the determination result, the generated random number, and the terminal ID 3100 in the response message, and transmit the response message to the terminal A (1000) (S17006). .

  Terminal A (1000) is determined that communication of the authentication terminal has been disconnected by all members, and the random number generated by terminal A (1000) is the largest value among the random numbers generated by the members. A response confirmation process for confirming this is performed (S17007).

  If any of the status information set in the response message is information indicating that the communication of the authentication terminal is not disconnected, the terminal A (1000) receives the authentication terminal absence detection message from all of the members. Or wait until the presence confirmation message transmitted from the authentication terminal is received (S17008). Note that the terminal A (1000) also stands by when any of the random numbers set in the response message is larger than the random number generated by the terminal A (1000).

When the timer 3 times out, the terminals C and D (1000) transmit an authentication terminal absence detection message to each of the group members (S17010).
Each of terminals A, C, and D (1000) confirms whether or not the authentication terminal absence detection message has been received from all members, and whether or not the generated random number is larger than the random numbers generated by other members. The response confirmation process is performed (S17011).
The terminal D (1000) that generated the largest random number is used as an initiator (S17013), and the above-described authentication terminal selection process (S17014) and authentication terminal setting process (S17015) are performed. Any one of terminals A, C, and D (1000) is set as an authentication terminal by the authentication terminal selection process and the authentication terminal setting process.

  When the communication of the authentication terminal is disconnected in this way, the other terminal 1000 is set as the authentication terminal. However, when the communication status of the authentication terminal deteriorates before the communication of the authentication terminal is disconnected. The other terminal 1000 is set as the authentication terminal. FIG. 18 is a diagram for explaining processing when the communication status of the authentication terminal deteriorates in the above-described presence confirmation processing.

  Terminal B (1000), which is the authentication terminal, obtains the response hop count 4104 of each member from the response message to the presence confirmation message (S15005), and then calculates the average value of the response hop count 4104 of each member. At this time, the number of response hops 4104 corresponding to the terminal 1000 for which the terminal B (1000) could not receive the response message is not used for calculating the average value.

  For terminal B (1000), the communication status of terminal B (1000) deteriorated depending on whether the average value of the calculated response hop count 4104 has increased by a predetermined number or more than the hop count 4005 at the time of authentication terminal selection. It is determined whether or not (S18001). Note that it may be determined whether the communication status of the terminal B (1000) has deteriorated according to whether the calculated average value of the response hop count 4104 exceeds a predetermined absolute value.

  If it is determined that the communication status of the terminal B (1000) has deteriorated, the above-described authentication terminal selection process (S18002) and authentication terminal setting process (S18003) are performed using the terminal B (1000) as an initiator. As a result, any one of the terminals 1000 belonging to the group is set as the authentication terminal.

  Thus, when the communication status of the authentication terminal deteriorates, by setting the other terminal 1000 as the authentication terminal in advance, the other terminal 1000 becomes the authentication terminal before the communication of the authentication terminal is disconnected. Group management processing can be performed. Therefore, when the communication of the terminal 1000 that was the authentication terminal is disconnected, the group communication can be continued without performing the process of setting the other terminal 1000 as the authentication terminal.

  Through the processing described above, it is detected and confirmed that the communication of the authentication terminal has been disconnected, and one of the members is set as a new authentication terminal. As a result, even when the communication of the authentication terminal is disconnected, it is possible to continue the authentication of the participating terminals and the update of the member list 4100 by the presence confirmation process.

  Next, processing in which the authentication terminal sets another terminal 1000 as an authentication terminal in accordance with an instruction from the user (hereinafter referred to as authentication terminal disconnection processing) will be described. FIG. 19 is a diagram for explaining the flow of authentication terminal disconnection processing.

  When terminal B (1000), which is an authentication terminal, leaves the group in accordance with an instruction from the user, terminal B (1000) has the smallest number of response hops 4104 among terminals 1000 registered in member list 4100. Terminal A (1000) is selected as terminal 1000 having the best communication status (S19001).

  The terminal B (1000) generates an authentication terminal appointment message (leave message) in which the member list 4100 is set (S19002), and generates a signature for the generated authentication terminal appointment message using the secret key 3102. The terminal B (1000) transmits the authentication terminal appointment message with a signature attached thereto to the selected terminal A (1000) (S19003) (leave message transmission unit).

  The terminal A (1000) receives the authentication terminal appointment message (leave message receiving unit), and verifies the signature of the received authentication terminal appointment message using the public key included in the certificate 4103 of the terminal B (1000). (S19004). If the signature is valid, the terminal A (1000) sets the member list 4100 set in the received authentication terminal appointment message in the group information 3015 stored in the storage unit 3006 (S19005). The terminal A (1000) returns a response to the authentication terminal appointment message (S19006).

The terminal B (1000) generates an authentication terminal notification message in which the terminal ID of the terminal A (1000) selected as the authentication terminal is set (S19007), and generates a signature for the authentication terminal notification message. Terminal B (1000) sends an authentication terminal notification message with a signature attached to each of terminals C and D (1000) registered in member list 4100 (S19008).
The terminals C and D (1000) verify the signature attached to the received authentication terminal notification message (S19009), and when the validity of the signature is confirmed, the terminal A (1000) set in the authentication terminal notification message Is set as the authentication terminal ID 4003 of the group information 3015 (S19010).
When terminal A (1000) is set as an authentication terminal, terminal B (1000) disconnects communication so that subsequent group communication is not performed (S19011).

In this way, since the authentication terminal disconnects communication after setting the next authentication terminal, the other terminals 1000 can continue group communication without performing the authentication terminal existence confirmation process as described above. Can do.
Further, when the authentication terminal leaves the group, the terminal 1000 having the smallest number of hops to the authentication terminal is set as the authentication terminal without performing the above-described authentication terminal selection process and the like. You can change the terminal.

  As described above, in the group communication system according to the present embodiment, even if the communication of the authentication terminal (first information processing apparatus) is disconnected, the other terminal 1000 (second information processing apparatus) remains the authentication terminal. Since the second information processing apparatus authenticates the participating terminal, it is possible to cause the participating terminal to participate in the group in the subsequent group communication. In addition, since the second information processing apparatus also performs the above-described presence confirmation process performed by the first information processing apparatus, the group communication can be maintained even if the communication of the first information processing apparatus is disconnected. .

  Further, when the communication of the authentication terminal is disconnected, the terminal 1000 having a small average value of the number of hops between the terminals 1000 is set as the authentication terminal. In an ad hoc network, as the number of hops increases, there is a high possibility that communication between them will be disconnected. Therefore, by setting the terminal 1000 having the smallest number of hops to each terminal 1000 as the authentication device, the possibility of disconnecting the communication of the authentication terminal is reduced. That is, stable group communication can be realized.

  In the present embodiment, communication using an ad hoc network is assumed. However, the present invention can also be applied to communication according to a TCP / IP protocol such as a LAN or the Internet. In this case, the terminal 1000 includes a wired communication interface (wired communication I / F) such as Ethernet (registered trademark) instead of the wireless I / F 1005. In the protocol such as TCP / IP, for example, the number of hops as a unit for measuring the communication quality described above can be acquired as the number that passes through an information processing device such as a route control device (router).

  In this embodiment, the evaluation value of the communication quality between the terminals 1000 uses the number of hops between the terminals 1000. For example, a response until a response to a message transmitted to another terminal 1000 is returned. You may make it use time and the number (response unanswered) in which a response was not returned. In addition to the number of non-responses, the wireless quality, the degree of strength change, the amount of noise, the packet loss rate, etc. can be used as the communication quality evaluation value. Further, the average value or the maximum value of the evaluation values of the communication quality can be used as the evaluation value of the communication status of the terminal.

  In this embodiment, only one group communication key 4004 is used for message encryption. For example, a MAC (Message Authentication Code) for an encrypted message is attached. Thus, another key may be used to generate the MAC. Thereby, group communication with higher safety can be performed.

  Further, in the presence confirmation process of the present embodiment, when the member that has not received the response message is deleted from the member list 4100, the terminal B (1000) recreates the group communication key 4004 and distributes it to the members. The group communication key 4004 held by the member may be updated. As a result, data transmitted and received in the subsequent group communication is encrypted by the recreated group communication key 4004, so that it is possible to prevent data from being intercepted from a terminal 1000 not registered in the member list 4100. .

  Further, in the presence check process of the present embodiment, the authentication terminal detects the disconnection of the communication of the terminal 1000. For example, the terminal 1000 indicates that the terminal 1000 leaves the group in response to an input from the user. The message may be transmitted to the authentication terminal, and the terminal 1000 may be deleted from the member list 4100 when the authentication terminal receives the leave message.

  In this embodiment, the authentication terminal deletes the terminal 1000 that has detected the disconnection from the member list 4100 by the presence confirmation process, but the communication state is information indicating a state in which the member list 4100 is disconnected. Information may be stored. In this case, information indicating the communication state of the terminal 1000 is also set in the member list 4100. Thereby, the terminal 1000 can grasp | ascertain whether it can communicate with the terminal 1000 which belongs to a group. Further, when the terminal 1000 outputs the communication state of the member, the user can grasp which member can communicate with. Further, the terminal 1000 may transmit information indicating a communication state to the authentication terminal in response to an input from the user (communication state information acquisition unit, communication state information transmission unit). In this case, the authentication terminal receives information indicating the communication state of terminal 1000 (communication state information receiving unit), updates member list 4100, and distributes member list 4100 to the members of the group. The information indicating the communication state of the terminal is, for example, “file receiving”, “chatting”, “user leaving”, and the like. By managing such information in the member list 4100, the user can grasp the detailed state of the members of the group.

  In this embodiment, when a terminal 1000 that does not belong to a group joins the group, the terminal 1000 is started by transmitting a participation request message to the authentication terminal. One of them sends an invitation message in which the terminal ID of the terminal B (1000) as the authentication terminal and the electronic certificate of the terminal B (1000) are set to the terminal 1000 that does not belong to the group (invitation message) (Transmission unit). In this case, the participating terminal transmits a participation request message to the authentication terminal as a response (response message) to the received invitation message (participation response unit).

  Further, in order for the terminal 1000 not belonging to the group to easily identify the authentication terminal, the authentication terminal, for example, in an address notification message broadcast periodically, indicates a flag value indicating that the terminal 1000 is the authentication terminal. May be set. In addition, for example, the participating terminal broadcasts an authentication terminal acquisition message inquiring about the authentication terminal, and responds to the participating terminal with a response message in which the terminal ID of the authentication terminal is set in response to the authentication terminal acquisition message broadcast by the authentication terminal. The terminal ID for specifying the authentication terminal may be acquired by receiving the response message.

  As mentioned above, although embodiment of this invention was described concretely based on the embodiment, it is not limited to this and can be variously changed in the range which does not deviate from the summary.

It is a figure which shows the example of 1 structure of the ad hoc network by one Embodiment of this invention. It is a figure which shows an example of a structure of the terminal 1000 by one Embodiment of this invention. It is a functional block diagram of the terminal 1000 by one Embodiment of this invention. 5 is a diagram showing information included in group information 3105. FIG. It is a figure which shows the structure of the group information 3105 memorize | stored in the memory | storage part 3006 when the terminal 1000 is an authentication terminal. 6 is a diagram illustrating an example of a configuration of a group policy 4002. FIG. It is a figure which shows the flow of the process in which the terminal 1000 produces a terminal list. It is a figure explaining the flow of a process which terminal A (1000) produces | generates a group and starts group communication. It is a figure explaining the flow of member candidate selection processing. It is a figure explaining the flow of an authentication and key distribution process. It is a figure explaining the flow of an authentication terminal selection process. It is a figure explaining the flow of a hop number acquisition process. It is a figure explaining the flow of an authentication terminal setting process. It is a figure explaining the flow of the member addition process which is one of the group management processes which an authentication terminal performs. It is a figure explaining the flow of presence confirmation processing which is one of the group management processing which an authentication terminal performs. It is a figure explaining the flow of a presence confirmation process when communication of terminal B (1000) which is an authentication terminal is cut | disconnected. It is a figure explaining the flow of an authentication terminal absence confirmation process. It is a figure explaining a process when the communication condition of an authentication terminal deteriorates in presence confirmation processing. It is a figure explaining the flow of an authentication terminal cutting process.

Explanation of symbols

1000 terminals 1001 CPU
1002 Memory 1003 Display unit 1004 Input unit 1005 Wireless I / F
3001 Wireless routing unit 3002 Authentication processing unit 3003 Group generation unit 3004 Authentication terminal selection unit 3005 Group communication unit 3006 Storage unit 3100 Terminal ID
3101 Certificate 3102 Private Key 3103 CA Public Key 3104 Terminal List 3105 Group Information 4000 Group Communication Status 4001 Group ID
4002 Group policy 4003 Authentication terminal ID
4004 Group communication key 4005 Number of hops when authentication terminal is selected 4100 Member list 4101 Terminal ID

Claims (7)

A control method for a group communication system for performing communication between a plurality of information processing devices belonging to the same group,
Each of the information processing devices is connected to be communicable with each other,
Each of the information processing devices belonging to the group is
Storing identification information of the information processing apparatus belonging to the group;
Send and receive data to and from each of the information processing devices corresponding to the stored identification information,
The first information processing apparatus, which is the information processing apparatus belonging to the group,
Authenticate other information processing devices trying to join the group,
When the authentication is successful, the participation notification information including the identification information of the other information processing device is transmitted to each of the information processing devices belonging to the group,
The communication quality information that is information indicating the communication quality between the first information processing device and the information processing device belonging to the group other than the first information processing device is acquired, and the acquired The information processing device that is different from the first information processing device belonging to the group when it is determined whether or not its communication status has deteriorated based on the communication quality information and is determined to have deteriorated Is selected as the second information processing device,
A message indicating that the first information processing device leaves the group is sent to the selected second information processing device;
The second information processing apparatus
Detecting that the communication of the first information processing apparatus is disconnected by receiving the message ;
Acting the authentication when communication of the first information processing apparatus is disconnected,
When the proxy authentication is successful, the participation notification information is transmitted to each of the information processing devices belonging to the group,
Each of the information processing devices belonging to the group is
Receiving the participation notification information transmitted from the first information processing apparatus or the second information processing apparatus;
Storing the identification information included in the received participation notification information;
A control method for a group communication system. A control method for a group communication system according to claim 1 ,
The first information processing apparatus includes:
The communication quality information is acquired every predetermined period ,
Based on the acquired communication quality information, calculate an evaluation value for evaluating the communication status of the information processing apparatus,
A second information processing device that performs the authentication for each of the information processing devices other than the first information processing device belonging to the group when the calculated evaluation value falls below a predetermined threshold; Send an authentication device selection message instructing you to select
Each of the information processing devices other than the first information processing device belonging to the group,
Receiving the authentication device selection message;
In response to receiving the authentication device selection message, the communication quality information between the information processing device and each of the information processing devices belonging to the group is acquired,
Calculating the evaluation value based on the acquired communication quality information;
Transmitting the calculated evaluation value to the first information processing apparatus;
The first information processing apparatus includes:
Receiving the evaluation value from each of the information processing devices belonging to the group;
Selecting the second information processing apparatus according to the received evaluation value;
A control method for a group communication system. A control method for a group communication system according to claim 1,
Each of the information processing devices belonging to the group stores an encryption key for encrypting data,
The first information processing apparatus or the second information processing apparatus transmits the encryption key to the other information processing apparatus when the authentication is successful,
Each of the information processing devices belonging to the group performs encryption on the data to be transmitted / received using the encryption key,
A control method for a group communication system. A control method for a group communication system according to claim 1,
Each of the information processing devices performs communication by ad-hoc wireless communication or TCP / IP wired communication,
The first information processing apparatus includes:
The number of hops between the first information processing apparatus for each of the information processing apparatus other than the first information processing apparatus belonging to the group, obtained as the communication quality information,
Selecting the second information processing apparatus according to the acquired number of hops;
A control method for a group communication system. A group communication system for performing communication between a plurality of information processing devices belonging to the same group,
Including a plurality of information processing devices,
Each of the information processing devices is connected to be communicable with each other,
Each of the information processing devices belonging to the group is
A member storage unit for storing identification information of the information processing apparatus belonging to the group;
A group communication unit that transmits and receives data to and from each of the information processing devices corresponding to the identification information stored in the member storage unit;
With
The first information processing apparatus, which is the information processing apparatus belonging to the group,
A first authentication processing unit that performs authentication of another information processing apparatus that intends to join the group;
The communication quality information that is information indicating the communication quality between the first information processing device and the information processing device belonging to the group other than the first information processing device is acquired, and the acquired The information processing device that is different from the first information processing device belonging to the group when it is determined whether or not its communication status has deteriorated based on the communication quality information and is determined to have deteriorated An authentication device selection unit that selects one of the two as the second information processing device;
A leave message transmission unit that sends a message indicating that the first information processing device leaves the group to the selected second information processing device;
When the authentication is successful, a participation notification information transmission unit that transmits participation notification information including identification information of the other information processing device to each of the information processing devices belonging to the group;
With
The second information processing apparatus that belongs to the group and is the information processing apparatus different from the first information processing apparatus,
A disconnect detection unit that detects that the communication of the first information processing apparatus has been disconnected by receiving the message ;
A second authentication processing unit that performs the authentication when the communication of the first information processing apparatus is disconnected;
A second participation notification information transmitting unit that transmits the participation notification information to each of the information processing devices belonging to the group when the authentication on behalf of the second authentication processing unit is successful;
With
Each of the information processing devices belonging to the group is
A participation notification information receiving unit for receiving the participation notification information transmitted from the first information processing apparatus or the second information processing apparatus;
A member management unit for storing the identification information included in the received participation notification information in the member storage unit;
A group communication system comprising: An information processing apparatus having a function of the second information processing apparatus in the group communication system according to claim 5 ,
A disconnect detection unit that detects that the communication of the first information processing apparatus has been disconnected by receiving the message ;
A second authentication processing unit that performs the authentication when the communication of the first information processing apparatus is disconnected;
A second participation notification information transmitting unit that transmits the participation notification information to each of the information processing devices belonging to the group when the authentication on behalf of the second authentication processing unit is successful;
An information processing apparatus comprising: In the second information processing apparatus according to claim 1,
Storing identification information of the information processing apparatus belonging to the group;
Transmitting and receiving data to and from each of the information processing devices corresponding to the stored identification information;
Detecting that the communication of the first information processing apparatus has been disconnected by receiving the message ;
Proxying the authentication when communication of the first information processing apparatus is disconnected;
Transmitting the participation notification information to each of the information processing devices belonging to the group when the delegated authentication is successful;
Storing the identification information included in the participation notification information;
A program for running

Images