JP4470573B2 - Information distribution system, information distribution server, terminal device, information distribution method, information reception method, information processing program, and storage medium - Google Patents

Description

  The present invention relates to an information distribution system, an information distribution server, a terminal device, an information distribution method, an information reception method, an information processing program, and a storage medium. More specifically, by mediating transmission / reception of information between terminal devices, The present invention relates to a device that reduces the information transmission load of a server device.

In recent years, with the spread of communication networks such as the Internet, CE (CE: Consumer Electronics) devices are becoming popular.
CE devices include, for example, audio-visual devices such as video decks, stereos, and televisions, home appliances such as rice cookers and refrigerators, and other electronic devices with built-in computers that have a network connection function. Can be used.

Thus, for example, the user can access the server device from a mobile phone by using a mobile phone, set a recording reservation on the home video deck via the network, or set an air conditioner.
Also, movie content and music content can be downloaded to a television receiver or stereo for playback, and game content can be downloaded to a game machine for use.

  The CE device periodically accesses the server device, for example, and whether there is an update (version upgrade, etc.) of digital information (content, program, data, etc.) currently stored, or newly distributed digital information An inquiry is made as to whether or not there is information, and if there is a corresponding item, there is one configured to download it from the server device.

The CE device configured as described above can download updated or new digital information without omission and can manage the stored digital information to be the latest.
As described above, for example, there is the following technique for providing a service for updating digital information in a terminal device to the latest one.

JP-A-9-190353

  In the present invention, a communication management center establishes a communication line with a wireless communication terminal composed of a mobile phone or the like, and transmits an update program.

When the server device distributes digital information used by the CE device, access from the CE device may concentrate at a specific time.
Such concentration of access tends to occur, for example, when software update is started or when new game software download sales are started.
In order to cope with such concentration of access, it is necessary to provide the server device with a capacity capable of withstanding the load.
In this case, although the usual load is small, it is necessary to make the processing capacity of the server device much larger than normal in order to prepare for a specific peak. There exists a problem that the installation cost of an apparatus will become high.

Also, in order to reduce the load on the server device, the CE device that has downloaded the digital information and the CE device that requests the digital information are connected by peer-to-peer so that the digital information can be transmitted and received between the CE devices. Is also possible.
However, since CE devices are often connected to a network via a relay device such as a router, in order to make a peer-to-peer connection between them, a port is statically opened in the accessed router, etc. I had to wait for access.
Such a statically opened port (such as a listening port) may be accessed by a third party, resulting in a problem that the security level is lowered.

  Accordingly, an object of the present invention is to reduce the load on the server device by distributing it when the load on the server device increases due to the concentration of download access or the like.

In order to achieve the above object, the present invention provides an information distribution system in which an information distribution server that transmits information and a terminal device that uses information transmitted by the information distribution server are arranged to be connectable by a communication network. When the information delivery server receives the information transmission request from the second terminal device after transmitting the information to the first terminal device, the information distribution server and the second terminal device One terminal device of the terminal devices is caused to set a communication path in a relay device installed between the terminal device and the communication network, and communication path identification information for identifying the communication path is set to the one of the terminal devices. After receiving from the terminal device, the communication path identification information is notified to the other terminal device, and the first terminal device and the second terminal device use the communication path identification information. in front An information distribution system comprising: connecting a line by accessing one terminal device, wherein the second terminal device receives the information from the first terminal device using the connected line. Provided (first configuration).
In addition, an information transmission means for receiving the information transmission request from the first terminal device and transmitting the information requested for transmission to the first terminal device; and a transmission request for the information from the second terminal device. Access to the relay device provided between the one terminal device and the communication network from the outside to the request receiving means for receiving, one of the first terminal device and the second terminal device Communication path requesting means for requesting setting of a possible communication path, path identification information receiving means for receiving communication path identification information for identifying a communication path set in response to the request from the one terminal device, and the reception Route identification information transmission means for transmitting the communication path identification information to the other terminal device, the first terminal device and the second terminal device connect a line by the transmitted communication path identification information, and the first Terminal device to provide information distribution server, characterized by comprising a transmission confirmation means for confirming that it has received the information from the first terminal device (second configuration).
In the second configuration, after transmitting the information to the first terminal device, it comprises a line maintaining means for maintaining the connection of the line with the first terminal device, and the transmission confirmation means Until the terminal device confirms that the terminal device has received the information, communication with the first terminal device can be performed using the maintained line (the third device). Constitution).
In the second configuration, the one terminal device uses the one terminal device and the other terminal device as confirmation information for verifying that the terminal device accessed using the communication path is the other terminal device. It can also comprise so that the confirmation information transmission means transmitted to a terminal device may be comprised (4th structure).
In the third configuration, the line maintaining means maintains line connection with a plurality of first terminal devices, and is provided to the terminal devices from the plurality of first terminal devices and the second terminal device. A route setting information receiving means for receiving route setting information for determining whether or not the communication route can be set by a relay device, and the first terminal device and the first device using the received route setting information. The first terminal device for transmitting information to the second terminal device is selected from the plurality of first terminal devices so that at least one of the two terminal devices can set a route. And a first terminal device selection means (fifth configuration).
In the third configuration, the line maintaining means maintains a line connection with a plurality of first terminal devices, and transmits a determination of the degree of information transmission capability of these terminal devices from the plurality of first terminal devices. A capability determination unit that receives capability information and determines the degree of information transmission capability of the plurality of first terminal devices, and a second unit for transmitting information to the second terminal device using the determined capability. And a first terminal device selection means for selecting one terminal device (sixth configuration).
In the second configuration, when the transmission load of the information is a predetermined value or less, the information can be directly transmitted to the second terminal device (seventh configuration).
Further, the present invention is a terminal device arranged to be connectable to a communication network via a relay device, and information request means for requesting information transmission to the information distribution server, and the relay device can be accessed from the outside Route setting means for setting a simple communication route, route identification information transmitting means for sending communication route identification information for identifying the set communication route to the information distribution server, and another terminal device using the set communication route A connection unit that accepts access from the other terminal device and connects to the other terminal device; and an information reception unit that receives the requested information from the other terminal device using the connected line. Is provided (eighth configuration).
In an eighth configuration, an information storage device that stores information transmitted by the information distribution server, a request reception unit that receives a transmission request for the stored information from another terminal device connected using the connection unit, An information transmission unit that acquires information from which the transmission request has been received from the information storage device and transmits the information to the other terminal device can also be configured (ninth configuration).
In the ninth configuration, a communication capability information transmitting unit that transmits transmission capability information for determining the degree of information transmission capability to the information distribution server may be provided (tenth configuration).
In the eighth configuration, first confirmation information receiving means for receiving confirmation information for confirming other terminal equipment connected using the connection means from the information distribution server; and the other terminal equipment Second confirmation information receiving means for receiving confirmation information from the connection means, wherein the connection means is received by the first confirmation information receiving means and the confirmation information received by the second confirmation information receiving means. When the confirmation information matches, it can be configured to accept access from the other terminal device (eleventh configuration).
In the eighth configuration, a device authentication means for performing device authentication on the other terminal device may be provided (a twelfth configuration).
In addition, the present invention provides a computer comprising: an information transmission unit; a request reception unit; a communication path request unit; a path identification information reception unit; a path identification information transmission unit; and a transmission confirmation unit. Means for receiving an information transmission request from the first terminal device and transmitting the information requested to be transmitted to the first terminal device; and the request receiving means from the second terminal device. The request receiving step for receiving the information transmission request and the communication path requesting means communicate with the one terminal device to either the first terminal device or the second terminal device. The communication path requesting step for requesting setting of a communication path accessible from the outside to a relay device provided between the network and the path identification information receiving means A path identification information receiving step for receiving communication path identification information for identifying a communication path set in accordance with the one terminal device, and the path identification information transmitting means for transmitting the received communication path identification information to the other terminal. The first terminal device and the second terminal device connect a line according to the transmitted communication route identification information by the route identification information transmission step for transmitting to the device and the transmission confirmation means, and the second terminal device Provides an information distribution method comprising: a transmission confirmation step for confirming that the information has been received from the first terminal device (a thirteenth configuration).
In the thirteenth configuration, the computer includes a line maintaining unit, and after the information is transmitted to the first terminal device by the line maintaining unit, the connection of the line with the first terminal device is maintained. A line maintaining step, and in the transmission confirmation step, communication with the first terminal device is maintained until the second terminal device confirms that the information has been received. (14th configuration).
In the thirteenth configuration, the computer includes confirmation information transmission means, and the one terminal device performs verification confirmation that the terminal device accessed using the communication path is the other terminal device. Can also be configured to include a confirmation information transmitting step for transmitting to the one terminal device and the other terminal device (fifteenth configuration).
In a fourteenth configuration, the computer includes route setting information reception means and first terminal selection means, and in the line maintenance step, maintains line connections with a plurality of first terminal devices, Route setting for determining whether the communication route can be set by the relay device provided in the terminal device from the plurality of first terminal devices and the second terminal device by the route setting information receiving means A route setting information receiving step for receiving information, and at least one of the first terminal device and the second terminal device using the route setting information received by the first terminal selection means; A first terminal device selection step of selecting a first terminal device for causing the second terminal device to transmit information from the plurality of first terminal devices, so that a route can be set; It may be configured to include (Configuration 16).
In a fourteenth configuration, the computer includes a capability determination unit and a first terminal device selection unit. In the channel maintenance step, the line connection with a plurality of first terminal devices is maintained, and the capability The determination means receives transmission capability information for determining the degree of information transmission capability of the terminal devices from the plurality of first terminal devices, and determines the degree of information transmission capability of the plurality of first terminal devices. A first terminal device selection for selecting a first terminal device for causing the second terminal device to transmit information using the determined capability by the first terminal device selecting means; And a step (a seventeenth configuration).
In the thirteenth configuration, when the transmission load of the information is equal to or less than a predetermined value, the information may be directly transmitted to the second terminal device (eighteenth configuration).
In addition, the present invention is arranged to be connectable to a communication network via a relay device, and includes an information requesting unit, a route setting unit, a route identification information transmitting unit, a connecting unit, and an information receiving unit. In the computer, an information requesting step for requesting information transmission to the information distribution server by the information requesting unit, a route setting step for setting a communication route accessible from the outside to the relay device by the route setting unit, A path identification information transmitting step for transmitting communication path identification information for identifying the set communication path to the information distribution server by a path identification information transmitting means; and another terminal using the communication path set by the connection means. A connection step of accepting access from the device and connecting to the other terminal device, and the information receiving means Providing information receiving method, characterized in that it is composed of an information receiving step of receiving the requested information from the other terminal device by using a connecting line (Configuration 19).
In a nineteenth configuration, the computer includes an information storage device that stores information transmitted by the information distribution server, a request reception unit, and an information transmission unit, and is connected by the request reception unit using the connection unit. A request receiving step for receiving the transmission request for the stored information from the other terminal device, and the information transmitting means obtains the information received for the transmission request from the information storage device and transmits the information to the other terminal device. It is also possible to configure so as to include an information transmission step (a twentieth configuration).
In a twentieth configuration, the computer includes a communication capability information transmission unit, and the communication capability information transmission unit transmits transmission capability information for determining a degree of information transmission capability to the information distribution server by the communication capability information transmission unit. (A twenty-first configuration).
In a nineteenth configuration, the computer includes first confirmation information receiving means and second confirmation information receiving means, and the connection means is connected from the information distribution server by the first confirmation information receiving means. The confirmation information is received from the other terminal device by the first confirmation information receiving step for receiving confirmation information for confirming the other terminal device connected by using the second confirmation information receiving means. A second confirmation information receiving step, wherein in the connecting step, the confirmation information received in the first confirmation information receiving step matches the confirmation information received in the second confirmation information receiving step. In this case, it can be configured to receive access from the other terminal device (22nd configuration).
In a nineteenth configuration, the computer may include a device authentication unit, and the device authentication unit may include a device authentication step of performing device authentication on the other terminal device (a twenty-third configuration).
The present invention also provides an information transmission function for receiving an information transmission request from a first terminal device and transmitting the information requested for transmission to the first terminal device, and the information from a second terminal device. A request accepting function for accepting a transmission request, and a relay device provided in any one of the first terminal device and the second terminal device between the one terminal device and the communication network A communication path request function for requesting setting of a communication path accessible from the outside, and a path identification information reception function for receiving communication path identification information for identifying a communication path set in response to the request from the one terminal device A path identification information transmission function for transmitting the received communication path identification information to the other terminal apparatus, and the first terminal apparatus and the second terminal apparatus connect a line by the transmitted communication path identification information. , The second terminal device to provide an information processing program for realizing the transmission confirmation function, with computer to verify that it has received the information from the first terminal device (24 configuration).
In the twenty-fourth configuration, after transmitting the information to the first terminal device, a line maintenance function for maintaining a connection of the line with the first terminal device is realized by the computer. In the transmission confirmation function, Until the second terminal device confirms that the information has been received, communication with the first terminal device can be performed using the maintained line ( 25th configuration).
In the twenty-fourth configuration, the one terminal device uses the one terminal device and the other terminal as confirmation information for verifying that the terminal device accessed using the communication path is the other terminal device. The confirmation information transmission function to be transmitted to the terminal device may be realized by the computer (26th configuration).
In the twenty-fifth configuration, the line maintenance function maintains line connection with a plurality of first terminal devices, and is provided to the terminal devices from the plurality of first terminal devices and the second terminal device. A route setting information receiving function for receiving route setting information for determining whether or not the communication route can be set by the relay device, and the first terminal device and the first device using the received route setting information. The first terminal device for transmitting information to the second terminal device is selected from the plurality of first terminal devices so that at least one of the two terminal devices can set a route. The first terminal device selection function can be realized by the computer (a 27th configuration).
In the twenty-fifth configuration, in the line maintenance function, transmission for maintaining a line connection with a plurality of first terminal devices and determining a degree of information transmission capability of the terminal devices from the plurality of first terminal devices. A capability determination function for receiving capability information and determining a degree of information transmission capability of the plurality of first terminal devices, and a second for causing the second terminal device to transmit information using the determined capability. A first terminal device selection function for selecting one terminal device may be realized by the computer (a twenty-eighth configuration).
In the twenty-fourth configuration, when the information transmission load is equal to or less than a predetermined value, a function of directly transmitting the information to the second terminal device can be realized by the computer (the twenty-ninth configuration). Constitution).
Further, the present invention provides an information request function for requesting information transmission to an information distribution server in a computer arranged to be connectable to a communication network via a relay device, and a communication path accessible to the relay device from the outside A route setting function for setting the communication route identification information for identifying the set communication route, and an access from other terminal devices using the set communication route. And an information receiving program for realizing a connection function for connecting to the other terminal device and an information receiving function for receiving the requested information from the other terminal device using the connected line. (Thirty configuration).
In the thirtieth configuration, the information distribution server transmits a request reception function that receives a transmission request for the stored information from another terminal device that has been connected using the connection function, and information that has received the transmission request. An information transmission function that is acquired from an information storage device that stores information and that is transmitted to the other terminal device can be configured to be realized by the computer (31st configuration).
In the thirty-first configuration, a communication capability information transmission function for transmitting transmission capability information for determining the degree of information transmission capability to the information distribution server can be realized by the computer (a thirty-second configuration).
In the thirtieth configuration, a first confirmation information receiving function for receiving confirmation information for confirming another terminal device connected using the connection function from the information distribution server, and the other terminal device A second confirmation information receiving function for receiving confirmation information from the computer, and the connection function includes the confirmation information received by the first confirmation information receiving function and the second confirmation information receiving function. If the confirmation information received in step 2 matches, the access from the other terminal device can be accepted (33rd configuration).
In the thirtieth configuration, a device authentication function for device authentication of the other terminal device may be realized by the computer (a thirty-fourth configuration).
The present invention also provides a computer-readable storage medium storing an information processing program having any one of the twenty-fourth to thirty-fifth configurations (the thirty-fifth configuration).

  According to the present invention, when accesses from terminal devices are concentrated, the load on the server device can be distributed and reduced.

(Outline of the embodiment)
When the download load is concentrated, the distribution server serves as a relay point for the CE device (client) and introduces the CE device that has already downloaded the digital information to the CE device that requests the digital information. Then, the distribution server dynamically opens a port for accessing one of the CE devices from the outside, and notifies the other CE device of the port.
The other CE device is connected to the one CE device using this port, the two CE devices establish a peer-to-peer connection, and digital information is downloaded between the CE devices.
In addition, the distribution server issues a connection ticket for the CE device that performs peer-to-peer connection to confirm both parties, and prevents impersonation by a third party.

  By using the CE device as a server for transmitting digital information, the distribution server can reduce the number of downloads from the distribution server and distribute / reduce the load. In addition, since the CE device does not need to open a static port, it can maintain a high security level.

  The distribution server has an operation mode at a low load and an operation mode at a high load. The switching of these operation modes is, for example, operating in an operation mode at a low load during normal times, operating in an operation mode at a high load during a period when access is expected to be concentrated, or monitoring the load, The operation mode is switched according to the monitored load amount.

  FIG. 1A shows a digital information distribution method at a low load (normal time). As shown in the figure, since the load on the distribution server is small during normal times, the distribution server individually performs digital processing on the CE device A, CE device B, CE device C,... Send information.

FIG. 1B shows a digital information distribution method at the time of high load (access peak).
At the time of high load, the distribution server transmits the digital information to the CE device A and then stands by while maintaining the communication path with the CE device A.
Thereafter, when there is a transmission request for this digital information from the CE device B, the CE device C,..., The CE device and the CE device A are connected while maintaining the communication path with the CE device B, the CE device C,. Matching is requested, and CE device B, CE device C,... Are requested to download digital information from CE device A.
In response to this, the CE device B, the CE device C,... Connect to the CE device A and download the digital information from the CE device A.

The CE device A functions as a client node at the stage of downloading digital information from the distribution server. The CE device A functions as a server node at the stage of transmitting digital information to the CE device B, CE device C,..., And the CE device B, CE device C,.
Here, a node is a terminal or network device connected to a network, and a side that transmits digital information is called a server node, and a side that receives digital information is called a client node.
In this way, the distribution server distributes digital information by making the CE devices peer-to-peer connection for a certain period during which the distribution server is heavily loaded.

FIG. 2 is a flowchart for explaining the outline of the digital information distribution procedure at the time of high load.
First, the CE device A requests the distribution server to transmit digital information (step 2).
In response to this transmission request, the distribution server transmits digital information to the CE device A, and further requests the CE device A to function as a server node to transmit this information to other CE devices (step 4). ).

The CE device A receives this digital information from the distribution server. Then, it is accepted to function as a server node (step 6).
The distribution server receives the acceptance and stands by while maintaining the line connection (session) in order to secure the communication path with the CE device A. At this time, the distribution server obtains client information including information regarding whether or not a port can be dynamically set in the router from the CE device A and the line speed of the communication line.

Next, the CE device B requests transmission of the same digital information (step 8). At this time, the distribution server acquires client information from the CE device B.
Then, when the CE device A and the CE device B satisfy a predetermined condition (for example, a port can be dynamically set in one of the routers, the line speed is high, etc.), the CE device A and CE device B are combined as a pair for peer-to-peer connection.
When the CE device A can set the port, the distribution server causes the CE device A to set the port and notifies the CE device B of the IP address and the port number (step 10a). If it can be set, the CE device B is set to a port and its IP address and port number are notified to the CE device A (step 10b).

In the CE device A and the CE device B, the side to which the IP address and the port number are notified accesses the CE device on the other side using this, and makes a peer-to-peer connection (step 12).
Then, the CE device B requests the CE device A to transmit digital information, and the CE device A transmits the digital information to the CE device B (step 14).
CE device B receives and stores the digital information (step 16).

  As described above, in the present embodiment, when the load is concentrated on the distribution server, the digital information is securely downloaded by peer-to-peer connection by forwarding to the CE device that has already downloaded the digital information. Can do. Since downloading is performed by peer-to-peer connection in this way, the load on the distribution server can be distributed.

(Details of the embodiment)
FIG. 3 is a block diagram showing an example of the configuration of the information distribution system according to the present embodiment.
The information distribution system 1 includes a distribution server 2, an authentication server 3, a network 4, routers 5, 5,..., CE devices 6, 6,.
In the following, the individual routers 5, 5,..., CE devices 6, 6,.

The distribution server 2 is a server that distributes digital information to the CE device 6.
The distribution server 2 transmits a list of digital information that can be distributed to the CE device 6 in response to a request from the CE device 6. The CE device 6 can select digital information to be downloaded from this list.

Here, the digital information may be any digital information as long as it can be distributed on the network 4.
Specifically, software and applications such as firmware, OS (Operating System), kernel, middleware, and application software, application data used by software applications such as map information, license data, dictionary data, and stock price data There are contents such as movie contents, music contents and game contents which are a kind of application data, which can be mainly copyrighted works, or upgrades and revisions thereof.

The distribution server 2 transmits digital information to each CE device 6 at a normal low load.
When the load is temporarily concentrated, the CE device 6 (server node) that has already transmitted the digital information is matched with the CE device 6 (client node) that has requested the digital information. Mediate peer-to-peer connections.
Then, the digital information is transmitted from the server node to the client node.
Here, the peer-to-peer connection is a connection form in which each node connected to the network is equal, and each node can be a server node or a client node.

Various timings for switching between these two operation modes are possible.
For example, a certain period of time when new digital information is distributed (this period can be predicted in advance) is assigned to a peer-to-peer distribution period, and other periods are distributed to individual CE devices 6, or The distribution load is monitored from the number of download accesses from the CE device 6 and the traffic state. If the transmission load of digital information is equal to or less than a predetermined value set in advance, the load is directly distributed to each CE device 6. Can be configured to deliver over a peer-to-peer connection.

In the matching process of the CE device 6 to be connected peer-to-peer, information on the CE device 6 itself and the surrounding environment such as the dynamic port setting possibility and the line speed in the router is acquired from the accessing CE device 6. This is used to find a pair of CE devices 6 that can be efficiently downloaded by peer-to-peer connection.
Further, the distribution server 2 performs device authentication of the CE device 6 accessed using the authentication server 3, and also issues a connection ticket for the CE device 6 to be peer-to-peer connected to confirm the connection partner, Prevent unauthorized access by third parties.

The authentication server 3 is a server device that performs device authentication of the CE device 6 based on secret information shared with the CE device 6 in advance.
The authentication server 3 stores device information related to device attributes such as a model number representing the model of the CE device 6 in addition to secret information such as the device ID and passphrase (having more characters than the password) of each CE device 6. Yes.

The authentication server 3 receives the combination of the device ID and the passphrase from the CE device 6 and performs device authentication by comparing this with the stored one. Then, an authentication ticket for referring to the device authentication result is issued in association with the device authentication result, and transmitted to the CE device 6.
The authentication ticket is used for the distribution server 2 to query the device authentication result of the CE device 6, and the authentication server 3 can provide the distribution server 2 with device information of the CE device 6 together with the device authentication result.

In the information distribution system 1, device authentication is performed collectively by the authentication server 3, so that device authentication can be performed while keeping the authentication information secret from a third party (the distribution server 2 or another service server).
It is also possible to configure so that the distribution server 2 performs device authentication without providing the authentication server 3. In this case, the distribution server 2 includes authentication information and device information.

The CE device 6 is a device that performs device authentication with the authentication server 3 and acquires digital information from the distribution server 2. The CE device 6 can also function as a server node, and can also transfer digital information acquired from the distribution server 2 to another CE device 6.
The CE device 6 includes, for example, an audiovisual device (such as a television receiver, a recording device, and a stereo), a game machine, a personal computer, a portable information terminal, a microwave oven, a washing machine, an air conditioner, and the like.

For example, the CE device 6 periodically accesses the distribution server 2 and requests the distribution server 2 for a list of digital information.
Then, the distribution server 2 is requested to transmit the digital information using the difference between the digital information described in this list and the digital information currently stored in the list.
The CE device 6 downloads the requested digital information from the distribution server 2 or downloads from the CE device 6 by peer-to-peer connection with other CE devices 6.

The CE device 6 is generally connected to the network 4 via the router 5.
In this case, the communication path to the CE device 6 can be specified on the network 4 by the IP address of the router 5 and the port number set for the port.
When the CE device 6 is directly connected to the network 4, the communication path of the CE device 6 can be specified on the network 4 by the global IP of the CE device 6.

The router 5 is a relay device that relays the connection between the CE device 6 and the network 4. The router 5 can connect a plurality of CE devices 6, and can identify and distribute communication for each CE device 6 by the port number.
Further, the router 5 blocks the CE device 6 when it is accessed from the outside, but dynamically sets a port from the inside (from the CE device 6), and the CE device 6 is externally connected via this port. Some have the function of accepting access from.
In this way, as a port that can dynamically set a port, for example, there is a UPnP (Universal Plug and Play) compatible router.

  In this embodiment, the router 5 is used as the relay device. However, the relay device is not limited to the router 5 and may be configured by another mechanism. In any case, any device may be used as long as access from the outside is blocked and the CE device 6 can set a communication path from the inside.

The network 4 is a communication network configured by the Internet, for example, and the network 4 mediates communication between the distribution server 2, the authentication server 3, and the CE device 6.
The distribution server 2, the authentication server 3, and the CE device 6 encrypt communication on the network 4 using SSL (Secure Sockets Layer), for example, and prevent eavesdropping by a third party.
The network 4 can also be configured by a WAN (Wide Area Network), a LAN (Local Area Network), an optical communication network, a communication network via a communication satellite, or a combination thereof.

FIG. 4 is a schematic diagram illustrating an example of a logical configuration of digital information.
The digital information 10 includes an information main body 12 and a header 11 which is additional information. The header 11 further includes an information identifier 13, an encryption key identifier 14, an electronic signature 15, basic additional information 16, and the like. It is configured.

The information identifier 13 is an identifier for uniquely identifying digital information, and includes, for example, a URI (Universal Resource Identifier).
For example, the information identifier 13 is described in a list of digital information transmitted from the distribution server 2 to the CE device 6 and used by the CE device 6 to select the digital information.

The encryption key identifier 14 is an identifier for identifying an encryption key for decrypting digital information.
The CE device 6 has an encryption key by embedding it in a tamper resistant chip, and the CE device 6 selects an encryption key to be used for decrypting the information main body 12 by the encryption key identifier 14. Here, the tamper-resistant chip is an IC chip configured to make it difficult to analyze the internal configuration from the outside.
Alternatively, an encryption key server that transmits an encryption key may be provided in the information distribution system 1, and the CE device 6 may be configured to download the encryption key from the encryption key server using the encryption key identifier 14.

The electronic signature 15 is information for performing issuer authentication and integrity confirmation of the digital information 10. The CE device 6 has key information for signature verification by embedding it in a tamper resistant chip.
More specifically, for example, the distribution server 2 has a secret key, and the CE device 6 has a public key corresponding to this as key information for certificate detection. If the information recorded in the electronic signature 15 can be decrypted with the public key, it can be confirmed that the digital information 10 is transmitted from the distribution server 2. Furthermore, for example, it is possible to detect the integrity (presence / absence of tampering or omission) of the digital information 10 using a hash function.

The basic additional information 16 includes, for example, data size, date of issue, copyright holder, and other additional information, and is used for searching digital information.
The information body portion 12 is a body data portion of the digital information 10 and is encrypted so that it can be decrypted with the encryption key specified by the encryption key identifier 14.

The information body 12 is decrypted by the CE device 6 and then used by a CPU (Central Processing Unit) of the CE device 6.
Thus, since the digital information of the present embodiment is encrypted, it does not make sense to receive the digital information. Therefore, the CE device 6 can freely distribute the digital information to other CE devices 6, and there is no problem even if it is distributed to clients other than those assumed by the digital information distributor.

The procedure for distributing the digital information to the CE device 6 when the distribution server 2 is heavily loaded will be described below with reference to the flowcharts of FIGS.
In the following description, it is assumed that the CE device A downloads digital information from the distribution server 2, and the CE device B is introduced to the CE device A by the distribution server 2, and downloads the digital information from the CE device A. .

Also, in any of the following communications, the communication path is encrypted using a technology such as SSL, and CE device A and CE device B are connected to the network 4 via router A and router B, respectively. .
Further, the following operations are performed by the CPUs provided in the distribution server 2, the authentication server 3, the CE device A, the CE device B, the router A, and the router B according to predetermined programs.

First, the CE device A (FIG. 5) acquires an update trigger and starts a digital information download process (step 22).
The update trigger is a command that causes the CE device to perform digital information download processing.
For example, the update trigger may be generated inside the CE device A periodically about once a day, or may be generated when the user instructs the CE device A to perform a download process.

Each CE device 6 stores a URL (Uniform Resource Locators) for accessing the information distribution site of the distribution server 2.
Then, when the CE device A obtains the update trigger, it accesses the distribution server 2 using this, and requests transmission of the information identifier list (step 24).

Upon receiving the information identifier list transmission request from the CE device A, the distribution server 2 requests device authentication from the CE device A in order to confirm that the CE device A is a valid CE device 6 (step 26). ). When the distribution server 2 has a device authentication function, the distribution server 2 performs device authentication.
When receiving the device authentication request from the distribution server 2, the CE device A accesses the authentication server 3 and receives device authentication (step 28).

Here, the procedure of the device authentication process will be described in detail with reference to FIG. In this embodiment, device authentication using a digest is performed as an example. This procedure is applicable to each CE device 6 in addition to the CE device A.
First, when receiving a device authentication request from the distribution server 2, the CE device 6 makes a device authentication request to the authentication server 3 (step 200). The CE device 6 may store the URL of the authentication site of the authentication server 3 in advance, or may receive the URL from the distribution server 2 and receive the designation of the authentication server.

The authentication server 3 receives a device authentication request from the CE device 6, generates a challenge code (such as a random number) and a one-time ID and transmits them to the CE device 6 (step 202).
At this time, the authentication server 3 stores the challenge code and the one-time ID in association with each other.

The CE device 6 receives the challenge code and the one-time ID from the authentication server 3. Then, the received challenge code is combined with a pre-stored passphrase and calculated with a predetermined logic to generate a digest as a result of the calculation (step 204).
Then, the CE device 6 transmits the device ID and digest together with the one-time ID and device ID to the authentication server 3 (step 206).

The authentication server 3 receives these pieces of information from the CE device 6 and identifies the challenge code transmitted to the CE device 6 by comparing the one-time ID received from the CE device 6 with the previously stored one-time ID.
Further, the authentication server 3 specifies the passphrase of the CE device 6 using the device ID received from the CE device 6.

Then, a digest is generated with the same logic as that of the CE device 6 using the combination of the identified challenge code and passphrase.
Then, the authentication server 3 compares the generated digest with the digest received from the CE device 6 and confirms the match between the two to authenticate the CE device 6 (step 208).

Then, the authentication server 3 generates an authentication ticket corresponding to the device authentication result and transmits it to the CE device 6 (step 210), and the CE device 6 receives this (step 212).
The authentication ticket is, for example, ID information issued in association with the device authentication result.

Since the digest used for device authentication becomes a different disposable value each time device authentication is performed, the confidential information of the CE device 6 can be concealed even if it is illegally obtained by a third party, and damage is minimized. To the limit.
The device authentication method using the above digest is an example, and any method can be used to confirm the validity of the CE device 6, for example, by simply collating secret information shared by the CE device 6 and the authentication server 3. Good.

Returning to FIG. 5, the CE device A transmits the authentication ticket received from the authentication server 3 to the distribution server 2 (step 30).
The distribution server 2 receives the authentication ticket from the CE device A and transmits the authentication ticket to the authentication server 3 (not shown).
The authentication server 3 receives the authentication ticket from the distribution server 2 and transmits a device authentication result corresponding to the authentication ticket to the distribution server 2.
The distribution server 2 receives this device authentication result from the authentication server 3 and confirms that the CE device A is device-authenticated by the authentication server 3 (step 32).

Next, the distribution server 2 transmits the information identifier list of the digital information provided by the distribution server 2 to the CE device A (step 34).
The CE device A receives this information identifier list from the distribution server 2 and compares it with the information identifier of the digital information currently stored in itself.

Then, the CE device A transmits the difference of the comparison results (information identifier of the digital information that is not stored in the information identifier list) to the distribution server 2 and requests the difference digital information (step 36). As described above, the CE device A includes information requesting means for requesting the distribution server 2 to transmit digital information.
The difference can be displayed on a display device or the like, and the user can select the requested digital information.
The distribution server 2 receives the information identifiers from the CE device A, and downloads the digital information specified by these information identifiers to the CE device A (step 38).

Here, the procedure of the download process will be described in detail with reference to FIG.
First, the distribution server 2 transmits information requested from the CE device A to the CE device A (step 220). When the CE device A is the first terminal device, the distribution server 2 receives the information (digital information) transmission request from the first terminal device and transmits the information to the first terminal device. Means.
The CE device A receives the digital information from the distribution server 2 and stores it. Then, the distribution server 2 is notified that the download has been completed (step 221).

Next, the distribution server 2 requests the CE device A to distribute digital information as a server node (server node request) (step 222).
When receiving a server node request from the distribution server 2, the CE device A transmits client information as a response to the distribution server 2 (step 224).

The client information relates to the network environment (the line speed of the CE device A, whether it can be accessed from the outside (that is, whether the port can be dynamically set in the router A or has a global IP, etc.)) and can be provided It includes information such as an identifier list of digital information and access authorization.
The line speed of the CE device A is used for determining which CE device 6 the distribution server 2 uses as a server node. That is, a CE device 6 with a higher line speed has a higher digital information transmission capability to other CE devices 6 and is desirable as a server node.

  The access authorization is information indicating whether or not external access is permitted. The CE device 6 permits external access when accepting a server node request, and disallows otherwise.

The digital information that can be provided is stored in the CE device 6 and can be transmitted to other CE devices 6.
The digital information that can be provided includes, in addition to what CE device A has downloaded from distribution server 2 in step 221, CE device A that has already been stored and can be transmitted to other CE devices 6. Also good.

After receiving the client information from CE device A, distribution server 2 stores and registers CE device A as a server node candidate in the storage device (step 226).
Then, the distribution server 2 transmits a registration confirmation notification to the CE device A (step 228).
Further, the distribution server 2 similarly registers a plurality of CE devices 6 as server node candidates.
The timing for registering the CE device 6 as a server node candidate and the timing for performing the matching process for peer-to-peer connection will be described later.

Returning to FIG. 5, upon receipt of the registration confirmation notification from the distribution server 2, the CE device A waits while maintaining a session with the distribution server 2 (maintaining line connection) until a digital information distribution request is received. Step 40).
This is to secure a communication path with the CE device A when mediating the peer-to-peer connection between the CE device A and another CE device 6.
As described above, the distribution server 2 includes line maintenance means for maintaining the connection of the line with the first terminal device.

Next, as shown in FIG. 8, while the distribution server 2 and the CE device A are connected to each other, the CE device B obtains an update trigger (step 50), and the distribution server 2 stores the information identifier list. Assume that a request is made (step 52).
In this case, the distribution server 2 makes a device authentication request to the CE device B (step 54), and the CE device B receives this and connects to the authentication server 3 to perform device authentication (step 56). The device authentication procedure is the same as that for CE device A.
Here, assuming that the CE device B is the second terminal device, the distribution server 2 includes request receiving means for receiving a transmission request for the digital information previously transmitted from the second terminal device to the first terminal device. Yes.

The CE device B receives the authentication ticket from the authentication server 3 and transmits it to the distribution server 2 (step 58).
The distribution server 2 receives the authentication ticket from the CE device B, transmits it to the authentication server 3, acquires the device authentication result of the CE device B from the authentication server 3, and confirms that the CE device B has been authenticated. Confirm (step 60).

Next, the distribution server 2 transmits the information identifier list to the CE device B (step 62).
Then, the CE device B transmits the information identifier of the digital information that is requested to be transmitted to the distribution server 2 based on the difference between the information identifier list and the information identifier of the currently stored digital information (step 64).
As described above, the CE device B includes information requesting means for requesting the distribution server 2 to transmit digital information.

The distribution server 2 receives the information identifier from the CE device B, and thereby recognizes the digital information requested by the CE device B.
Then, the distribution server 2 searches the CE devices 6 registered as server node candidates for those that can distribute this digital information.

If there is a server node candidate capable of distributing the digital information requested by the CE device B, the distribution server 2 requests the CE device B to transmit client information (step 65).
The distribution server 2 directly transmits the digital information to the CE device B when the digital information requested by the CE device B cannot be distributed to any server node candidate.

In response to the client information transmission request, the CE device B transmits client information including the line speed and whether or not external access is possible (that is, whether or not a port can be dynamically set in the router B) to the distribution server 2 ( Step 66).
As described above, the CE device B includes communication capability information transmission means for transmitting transmission capability information for determining the degree of information transmission capability (line speed or the like) to the distribution server 2.

The distribution server 2 receives the client information from the CE device B, and selects (matches) a CE device 6 that is currently registered as a server node candidate and that is to be connected to the CE device B in a peer-to-peer connection. Here, it is assumed that CE device A is selected (step 67).
Here, whether or not external access is possible constitutes route setting information for determining whether or not the communication route can be set by the relay device, and the distribution server 2 transmits the route setting information to the first terminal device and the second terminal device. Route setting information receiving means for receiving from the terminal device.

After selecting the CE device A, the distribution server 2 generates a connection ticket and transmits it to the CE device A (step 68).
This connection ticket is composed of random numbers, for example. As will be described later, the connection ticket is also transmitted to CE device B, and CE device A and CE device B are used as confirmation information for confirming that the connection partner is introduced by distribution server 2. The

  In this way, the distribution server 2 uses the one terminal device to confirm the confirmation information for confirming that the terminal device accessed using the communication path based on the communication path identification information is the other terminal device. Confirmation information transmitting means for transmitting to the terminal device and the other terminal device is provided.

  Here, in the matching process between the CE device B and the server node candidate, the client information of the CE device B and the client information of the server node candidate are collated, and a server node that satisfies a predetermined condition is introduced to the CE device B. Examples of such conditions include the following.

First, it is necessary that at least one of the CE device B and the server node candidate is externally accessible.
This is the case, for example, when at least one of the CE device B and the server node candidate is connected to the network 4 via a router that can dynamically set a port, or directly connected to the network 4.

  As described above, the distribution server 2 uses the route setting information (external access permission) so that at least one of the first terminal device and the second terminal device can set the route. And a first terminal device selection means for selecting a first terminal device for transmitting information from the plurality of first terminal devices to the second terminal device.

Alternatively, the number of client nodes that are currently peer-to-peer connected to server node candidates or the number of matched client nodes may be a predetermined number or less.
This is to prevent the load from being concentrated on the CE device 6 functioning as a server node.

  Furthermore, the line speed can be a condition. For example, since the CE device 6 with a high line speed does not take a download time, it downloads digital information directly from the distribution server 2 and is likely to be a server node. Since it takes a long time to download, server node candidates are introduced as client nodes. That is, the CE device 6 with a high line speed is a server node, and the CE device 6 with a low line speed is a client node.

  Here, the line speed constitutes transmission capability information for determining the transmission capability of the CE device 6, and the distribution server 2 receives transmission capability information from a plurality of first terminal devices, and the plurality of first devices A first terminal for selecting a first terminal device for causing the second terminal device to transmit information, using capability determination means for determining the degree of information transmission capability of the terminal device; Device selection means.

  Further, the server node can be introduced by a round robin method. The round robin method is a kind of scheduling method and assigns server nodes to be introduced at fixed time intervals (time slices).

Next, a procedure in which CE device A and CE device B perform digital-to-peer connection by introducing the distribution server 2 to download digital information will be described.
In this embodiment, it is assumed that both CE device A and CE device B are provided with a router. In this case, when the distribution server 2 matches the CE device B and the CE device A, a port may be set in the router B of the CE device B and a port may be set in the router A of the CE device A.
First, the case where the router B is set with a port will be described with reference to the flowchart of FIG. This can be applied when the router A does not have a dynamic port setting function.

The distribution server 2 selects the CE device A as the peer-to-peer connection destination of the CE device B, transmits the connection ticket to the CE device A, and then transmits the same connection ticket to the CE device B. Then, it requests the CE device B to set a port in the router B (step 69).
In response to this, the CE device B sets a port in the router B and notifies the distribution server 2 of the communication path identification information (IP address and port number of the router B) (step 70).
The CE device B receives and stores the connection ticket. As described above, the CE device B includes first confirmation information receiving means for receiving confirmation information (connection ticket) for confirming another CE device connected using the set port.

Here, the port setting process will be described in detail with reference to the flowchart of FIG.
First, when receiving a port setting request from the distribution server 2, the CE device B requests the router B to set a port (step 240).
In response to this request, the router B sets a port and notifies the CE device B of the port number (step 242).
This port serves as a communication path for later peer-to-peer connection with CE device A.
As described above, the CE device B transmits a path setting unit that sets a communication path that can be accessed from the outside to the relay device, and a path identification that transmits communication path identification information that identifies the set communication path to the information distribution server. Information transmission means is provided.

After receiving the port number from the router B, the CE device B transmits communication path identification information, which is information necessary for accessing the CE device B from the outside, to the distribution server 2 (step 244).
Here, the communication path identification information includes the IP address and port number of router B.
Then, the distribution server 2 receives the communication path identification information from the CE device B (step 246).

Returning to FIG. 9, the distribution server 2 causes the CE device B to set the port as described above, and then receives the communication path identification information (IP address and port number) received from the CE device B, and the CE device in step 69. The same connection ticket that was sent to B is sent to CE device A (step 80).
The CE device A receives these pieces of information from the distribution server 2 and transmits a receipt notification to the distribution server 2 (step 82).

Then, the CE device A accesses the CE device B using the communication path identification information received from the distribution server 2, establishes a peer-to-peer connection, and transmits a connection ticket to the CE device B (step 84). .
Thereafter, the CE device B and the CE device A perform communication using the established line.
As described above, the CE device B includes a connection unit that accepts access from another terminal device (CE device A) using the set communication path and connects to the other terminal device.

The CE device B verifies the identity of the connection ticket transmitted from the CE device A and the connection ticket received from the distribution server 2, whereby the CE device connected by the CE device A by introduction of the distribution server 2. (Step 86).
Then, the CE device B transmits the information identifier of the requested digital information to the CE device A (step 88).

  As described above, the CE device B includes the second confirmation information receiving unit that receives the confirmation information from another terminal device (CE device A), and the connection unit receives the confirmation information received by the first confirmation information receiving unit. And the confirmation information received by the second confirmation information receiving means match the access from the other terminal device.

The CE device A receives the information identifier from the CE device B, and thereby specifies the digital information requested by the CE device B.
Then, the CE device A searches the stored digital information for the digital information requested by the CE device B and transmits it to the CE device B (step 90).

The CE device B receives and stores this digital information from the CE device A (step 92), and transmits a reception completion notification to the distribution server 2 (step 94).
As described above, the CE device B uses the connected line to receive digital information requested from another terminal device (CE device A) and information storage for storing the digital information transmitted from the distribution server 2. Equipment.

  The distribution server 2 receives a reception completion notification from the CE device B. The distribution server 2 maintains the line connection state when the CE device A continues to function as a server node and introduces the next client node. When the CE server A functions as the server node, the distribution server 2 establishes the line connection. Release (step 96)

Although the case where the CE device B downloads digital information from the CE device A has been described above, the CE device B can further serve as a server node and transmit the digital information to another CE device 6.
In this case, the CE device B acquires request information receiving means for receiving a transmission request for digital information stored in another CE device or information storage device, and the digital information that has received the transmission request from the information storage device. Information transmitting means for transmitting to the terminal device.

  Next, a case where the router A is set with a port will be described with reference to the flowchart of FIG. This can be applied when the router B does not have a dynamic port setting function.

When the distribution server 2 selects the CE device A as the peer-to-peer connection destination of the CE device B, the distribution server 2 requests the CE device A to set a port in the router A (step 99).
In response to this request, CE device A sets a port in router A, and transmits communication path identification information (IP address and port number of router A) to distribution server 2 (step 100).
Since this procedure is the same as the case where the router B described above sets the port, the description thereof is omitted.

As performed in step 69 and step 99, the distribution server 2 connects the terminal device to any one of the first terminal device (CE device A) and the second terminal device (CE device B). Communication path requesting means for requesting setting of a communication path (port) accessible from the outside to a relay device (router 5) provided between one terminal device and the communication network is provided.
Then, the distribution server 2 uses the communication path identification information (in this case, the IP address and the port number) for identifying the communication path set in response to the communication path setting request, such as performed in step 246 or step 100. Route identification information receiving means for receiving from one terminal device is provided.

Next, the distribution server 2 transmits the connection ticket and communication path identification information (IP address and port number) to the CE device A to the CE device B, and instructs the CE device B to download from the CE device A (step). 102).
The distribution server 2 includes a path identification information transmitting unit that transmits the received communication path identification information to the other terminal device, as performed in Step 80 and Step 102.
The CE device B uses the communication path identification information to access the CE device A and establishes a peer-to-peer connection with the CE device A. Then, the connection ticket is transmitted to the CE device A (step 104).

The CE device A receives the connection ticket from the CE device B, verifies the identity with the connection ticket received from the distribution server 2, and confirms that the CE device B is the CE device introduced by the distribution server 2. (Step 106).
Then, the CE device A notifies the CE device B that the CE device B has been confirmed.
After receiving this notification, the CE device B transmits an information identifier to the CE device A and requests the CE device A to transmit digital information (step 108).

The CE device A receives the information identifier from the CE device B, and specifies the digital information requested by the CE device B.
Then, the digital information requested by the CE device B is retrieved from the digital information stored by itself and transmitted to the CE device B (step 110).

The CE device B receives and stores this digital information from the CE device A (step 112), and transmits a reception completion notification to the distribution server 2 (step 114).
After receiving the reception completion notification from the CE device B, the distribution server 2 maintains the line connection with the CE device A when the CE device A is introduced to another CE device 6 as a server node. If not used as a node, the line connection with the CE device A is released (step 116).

  As described above, the distribution server 2 receives the reception completion notification transmitted in step 94 or step 114, and the first terminal device and the second terminal device connect the line by the communication path identification information. And a transmission confirmation means for confirming that the second terminal device has received the information from the first terminal device.

  In the above, the ports are set in the router A and the router B. However, when at least one of the CE device A and the CE device B has a global IP (for example, the relay device is directly connected to the network 4). In such a case, the global IP of the one CE device 6 is notified to the other CE device 6 so that they can be peer-to-peer connected. In this case, there is no need to request port setting.

  Further, in this embodiment, when both the server node and the client node are accessible from the outside (when a port can be dynamically set in the router 5 or when having a global IP), and when the server node has an external access If it is not possible and the client node is accessible externally, the server node accesses the client node and makes a peer-to-peer connection. If the server node is externally accessible and the client node is externally inaccessible, the client node It was configured to access the server node from the node and make a peer-to-peer connection.

For example, in the above embodiment, the router for setting the port is the side that receives the provision of digital information (CE device B) by the combination of the CE devices 6, or the side that provides the digital information (CE device A). However, it can be set to be fixed to either.
For example, if the router that receives the digital information is matched so that the port is always set, there is no need for the digital information providing side to set the port on the router, so the psychological burden on the user seems to be small. .

Next, an example of timing for registering server node candidates and timing for matching will be described.
The distribution server 2 intensively registers server node candidates at the timing of registering server node candidates (server node request timing), and concentrates client nodes on the server nodes at different timings (server node introduction timing). introduce.

The distribution server 2 always makes a server node request to the CE device 6 accessed at the server node request timing, and performs server node candidate registration intensively. However, the number of server node candidates connected to the distribution server 2 should not exceed the upper limit value. If the upper limit is exceeded, the process moves to the server node introduction timing.
In addition, the server node request timing is not fixedly set in this way, and the server node request timing is set when the distribution load (number of connections, network traffic status) of the distribution server 2 exceeds a certain value. You can also.

At the server node introduction timing, matching processing is intensively performed, and the CE device 6 accessed at this timing is matched with a server node candidate group registered at the server node request timing as a client node.
At the server node introduction timing, the server node is introduced as long as the server node can distribute the digital information. If the server node cannot distribute the digital information, the distribution server 2 transmits the digital information directly to the client node.

Next, the hardware configuration of the distribution server 2 will be described with reference to FIG.
In the distribution server 2, the CPU 40 has a RAM (Random Access Memory) 41, a ROM (Read Only Memory) 42, an input device 44, an output device 46, a storage device 50, a network connection device 48, and a storage medium drive device via a bus line 60. 54 or the like.

The CPU 40 is a central processing unit that performs various types of information processing according to programs stored in the ROM 42, the storage device 50, and the like.
For example, by executing these programs, the CPU 40 communicates with the CE device 6 and the authentication server 3 via the network 4 and distributes digital information.
The ROM 42 is a read-only memory that stores basic programs and parameters for operating the distribution server 2.

The RAM 41 is a readable / writable memory that provides a working area when the CPU 40 performs digital information distribution processing and other information processing.
For example, the RAM 41 temporarily stores a program read from the storage device 50 and causes the CPU 40 to use it, or temporarily stores client information, communication path identification information, or a connection ticket received from the CE device 6. Such information can be used for matching of the CE device 6.

The input device 44 includes input devices such as a keyboard and a mouse, for example, and can input various information.
The output device 46 includes, for example, a display device such as a CRT (Cathode-ray Tube) or a liquid crystal display, and an audio output device such as a speaker, and can output information to the outside.
Using the input device 44 and the output device 46, for example, the operator of the distribution server 2 can perform maintenance work on the distribution server 2, and the like.

The storage medium driving device 54 is configured such that a storage medium such as a flexible disk, a magneto-optical disk, a magnetic tape, and a semiconductor memory is detachable. If it is compatible, writing can be performed.
For example, digital information stored in a storage medium can be read using the storage medium driving device 54 and stored in the data storage unit 58 or a program can be installed in the program storage unit 56.

  The network connection device 48 is a device that connects the distribution server 2 to the network 4, and the distribution server 2 can be connected to the CE device 6 and the authentication server 3 via the network connection device 48.

The storage device 50 includes, for example, a large-capacity storage medium such as a hard disk, and a program storage unit 56 and a data storage unit 58 are formed.
The program storage unit 56 stores various programs executed by the CPU 40 such as an OS (Operating System) and a digital information distribution program.
By executing the digital information distribution program, the CPU 40 can perform individual distribution processing at low load and distribution processing by peer-to-peer connection at high load.

The data storage unit 58 stores digital information and other data. The digital information is read from the data storage unit 58 and transmitted to the CE device 6.
Further, the CPU 40 can extract an information identifier from digital information stored in the data storage unit 58 to generate an information identifier list.

The data stored in the data storage unit 58 includes, for example, access-permitted device attribute values, server node information, and device authentication information in addition to digital information.
The access-permitted device attribute value is information for determining for each CE device 6 whether or not there is an authority to acquire digital information from the distribution server 2, for example, device individual identification information such as a device ID, The model information of the CE device 6 is associated with the presence or absence of authority to acquire digital information.

In the embodiment described above, the digital information is distributed to all the CE devices 6. For example, the digital information that can be acquired by the CE device 6 depends on the service subscribed to by the user and the model of the CE device 6. It can be configured to limit.
In such a configuration, when the distribution server 2 receives a digital information transmission request from the CE device 6, the distribution server 2 determines whether the CE device 6 has the authority to acquire the digital information. If the user does not have the authority to acquire the digital information, the distribution of the digital information is rejected.
The access-permitted device attribute value can be received, for example, from the CE device 6 or received from the authentication server 3, and the distribution server 2 may store these, or digital information Such information may be requested and received at the time of transmission request.

  The server node information is information related to the server node, and includes a device attribute value, a provided information identifier list, access permission information, a distribution request history, and the like. These are transmitted from the CE device 6 when there is a digital information transmission request from the CE device 6, but can also be stored in advance by the distribution server 2.

The device attribute value is device individual identification information such as device ID or model information. These pieces of information can be used for the distribution server 2 to identify the CE device 6.
The provided information identifier list is a list of information identifiers of digital information provided to the server node so far.
The access permission information is information indicating whether or not external access is possible, and indicates whether or not the CE device 6 can accept an external access by setting a port in the router.
The distribution request history is history information for requesting the CE device 6 to distribute digital information as a server node, and includes the distributed digital information, the number of times of distribution, the time of distribution, and the like.

The device authentication information is connection information for connecting to the authentication server 3 configured by, for example, a URL. When requesting device authentication from the CE device 6, the device authentication information is transmitted to the CE device 6 to specify the server device that is the device authentication destination. Used to specify.
When device authentication is performed not by the authentication server 3 but by the distribution server 2, the combination of the device ID of the CE device 6 and the passphrase is held as device authentication information.

Although the hardware configuration of the distribution server 2 has been described above, the hardware configurations of the CE device 6 and the authentication server 3 are basically the same as those of the distribution server 2.
For example, in the case of the CE device 6, the program storage unit 56 stores an OS, an application program for using digital information, a digital information update program, and the like. Stored digital information.

Among these, by executing the digital information update program, it is possible to download digital information from the distribution server 2 or to exchange digital information with other CE devices 6 through peer-to-peer connection. Note that the digital information update program includes connection information to the distribution server 2 configured by a URL or the like, and the CE device 6 can access the distribution server 2 using this information.
In the present embodiment, the CE device 6 acquires the connection information of the authentication server 3 from the distribution server 2 and connects to the authentication server 3. However, the CE device 6 stores the connection information to the authentication server 3 in advance. You may keep it.

In the case of the authentication server 3, a device authentication program is stored in the program storage unit 56, and this is executed to perform device authentication processing of the CE device 6.
The data storage unit 58 stores the same combination of device ID and passphrase that is stored in each CE device 6, and device authentication is performed using this combination.
Further, the device ID and the passphrase are further stored in combination with attribute information representing the attributes of each CE device 6 and model number information representing the model.

In the case of the CE device 6, the program storage unit 56 stores a download program for downloading digital information from the distribution server 2, which is executed to access the distribution server 2 and request digital information. Or requesting device authentication from the authentication server 3, or functioning as a server node or a client node.
The data storage unit 58 stores digital information downloaded from the distribution server 2 or the server node.
In addition, the CE device 6 may be provided with a tamper resistant chip and the like, and may be configured to store secret information such as a combination of a device ID and a passphrase.

Next, a modified example of the device authentication method will be described.
In the embodiment described above, the distribution server 2 requests the authentication server 3 to perform device authentication of the CE device 6. However, the authentication server 3 is provided with a function (device authentication means) for performing mutual authentication on the CE device 6. It is possible to replace device authentication by mutual authentication.
Here, the mutual authentication means that the CE device 6 that is peer-to-peer connected mutually authenticates the connected CE device 6.

When the access from the CE device 6 is concentrated on the distribution server 2, the number of device authentications increases intensively. Thus, by performing the device authentication of the CE device 6 by mutual authentication, the device authentication is performed. The load can be distributed to each CE device 6.
The mutual authentication can be performed, for example, at a timing when the distribution server 2 matches the CE device 6 and the two are peer-to-peer connected.

  FIG. 13 is a flowchart for explaining an example of a procedure in which CE device A and CE device B perform mutual authentication. In this example, mutual authentication is performed using a passphrase that is secret information shared in advance between the CE device A and the CE device B.

After CE device A and CE device B establish peer-to-peer connection, CE device A requests CE device B to generate a random number (step 250).
In response to the random number request from the CE device A, the CE device B generates a random number Rs and transmits it to the CE device A (step 252). At this time, the CE device B stores the random number Rs.

CE device A receives random number Rs from CE device B. A random number Rc is generated and a session key Kses is further generated (step 254). The session key Kses is composed of a random number, for example, and is used as an encryption key for communication between the CE device A and the CE device B after mutual authentication.
Next, the CE device A encrypts Rs and Rc with the passphrase PP, and generates a token 1 represented by the following formula (1).

  Token 1 = CBC (PP, IV, Rc‖Rs‖Kses) (1)

  Here, the encrypted information obtained by encrypting the information A by the encryption method E using the key information D is expressed as E (D, A), and the formula (1) uses the information “Rc‖Rs‖Kses” as a key. This means that the token 1 is generated by encrypting the information PP (here, the passphrase) using the encryption method CBC.

“RcＲRs” means information obtained by concatenating Rc and Rs in this order. When Rc is “123” and Rs is “456”, “Rc‖Rs” is “123456”. I mean.
The CBC method is one of encryption methods using an algorithm called AES128 (Advanced Standard 128-bit Key Version). This encryption method divides information (message) into 128-bit blocks (message blocks). The message block is encrypted using the encryption result of the previous message block. IV (Initial Vector) is an initial value used to encrypt the first message block.
In addition to the AES128-CBC mode used in Equation (1), AES128 includes an AES128-ECB mode in which each message block is encrypted with a common key.

After generating the token 1, the CE device A transmits the token 1 to the CE device B (step 256). At this time, the CE device A stores a random number Rc.
At this time, the CE device A can also be configured to transmit the device ID to the CE device B. With this configuration, the CE device B can specify the peer CE device A that has peer-to-peer connection.

The CE device B receives the token 1 and the device ID from the CE device A, and then decrypts the token using the passphrase PP, and the random number Rc ′ and the random number Rs ′ from the token 1 (of the decrypted information, respectively) Information corresponding to the random number Rc and the random number Rs) and the session key Kses are extracted.
Here, the CE device B has such knowledge that the decrypted information is obtained by concatenating the random number Rc, the random number Rs, and the session key Kses, which are 128-bit information, in this order. A random number Rc ′, a random number Rs ′, and a session key Kses are extracted from information decrypted using knowledge.

The CE device B compares the random number Rs ′ with the previously stored random number Rs and determines that the CE device A is the genuine CE device 6 because they are the same (step 258). That is, it is possible to confirm that the CE device A has the passphrase PP when the random number Rs ′ and the random number Rs match. In this way, by encrypting and transmitting with a random number and a passphrase, device authentication can be performed without transmitting the passphrase directly to the CE device 6 on the other side, so a passphrase is obtained by a third party. It can prevent danger.
After determining the identity between the random number Rs ′ and the random number Rs, the CE device B generates a token 2 represented by the following formula (2) and transmits it to the CE device A (step 260).

  Token 2 = CBC (PP, IV, Rs‖Rc‖Kses) (2)

Here, the reason why the order of the random number Rs and the random number Rc is reversed from the formula (1) is to make it difficult for a third party to decrypt the code. Further, since Kses is already shared by the CE device A and the CE device B, it is not always necessary to enter the equation (2).
At this time, the CE device B can also be configured to transmit a device ID to the CE device A. Accordingly, the CE device A can specify the CE device B.

  The CE device A decrypts the token 2 and extracts a random number Rs ′ and a random number Rc ′. Then, it is determined that the CE device B is a valid CE device 6 because the random number Rc ′ is the same as the previously transmitted random number Rc (step 262). Furthermore, the identity of the random number Rs ′ and the session key Kses may be determined.

  In this way, the CE device A and the CE device B mutually authenticate that the other party is a valid CE device 6, and then perform encrypted communication using the shared session key Kses to transmit and receive digital information ( Step 264).

In the above mutual authentication method, CE device A and CE device B can both perform mutual authentication without transmitting the passphrase PP to the other party and further share the session key Kses.
Since the information for mutual authentication using a random number is set to a different value each time, and the session key Kses is also set to a different value every time the peer-to-peer connection is made, the security level can be increased.

Further, confirmation information for detecting whether or not the tokens 1 and 2 are tampered with during transmission can be added to these tokens.
For this purpose, AES128 has a mode called AES128-CBC-MAC (hereinafter referred to as MAC). This is the last message block of encryption information by CBC.
The side that receives the encryption information receives both the CBC encryption information and the MAC, and decrypts the encryption information. Then, the decrypted information is encrypted again by CBC, and the last block is compared with the MAC. If the two match, it can be confirmed that the encrypted information has not been tampered with.

The following effects can be obtained by the embodiment described above.
(1) When the load is temporarily concentrated on the distribution server 2, it can be reduced by distributing it.
(2) Since the CE device 6 can dynamically set the port for the router 5, the peer-to-peer access can be performed securely.

(3) The distribution server 2 can match what meets the predetermined condition from the connected CE device 6 and can efficiently distribute digital information.
(4) The distribution server 2 can perform device authentication of the CE device 6 when mediating the peer-to-peer connection. Further, the authentication act itself can be requested by the authentication server 3 to be performed.

(5) Since the distribution server 2 distributes digital information on the premise of device authentication of the CE device 6, the attributes of the CE device 6 are specified, third-party server access is eliminated, and peer-to-peer connection is performed. Distribution can be performed securely.
(6) Since the distribution server 2 issues a connection ticket to the CE device 6 that performs peer-to-peer connection, the CE device 6 can confirm that the connection partner is the introduction of the distribution server 2. .

It is a figure for demonstrating the operation mode of the delivery server at the time of low load and high load. It is a flowchart for demonstrating the outline | summary of the digital information delivery procedure at the time of high load. It is the block diagram which showed an example of the structure of the information delivery system of this Embodiment. It is the schematic diagram which showed an example of the logical structure of digital information. It is a flowchart for demonstrating the procedure which delivers digital information to CE apparatus used as a server node candidate. It is a flowchart for demonstrating the procedure of the apparatus authentication process using a digest. It is a flowchart for demonstrating in detail the procedure of a download process. It is a flowchart for demonstrating the procedure at the time of receiving download access from the CE apparatus used as a client node. It is a flowchart for demonstrating the procedure which downloads digital information between CE apparatuses by peer-to-peer connection. It is a flowchart for demonstrating the procedure which sets a communication path (port) to a relay apparatus (router). It is a flowchart for demonstrating the other procedure which downloads digital information between CE apparatuses by peer-to-peer connection. 3 is a block diagram for explaining a hardware configuration of a distribution server 2. FIG. It is a flowchart for demonstrating an example of the procedure which performs mutual authentication.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information distribution system 2 Distribution server 3 Authentication server 4 Network 5 Router 6 CE apparatus 10 Digital information 11 Header part 12 Information body part 13 Information identifier 14 Encryption key identifier 15 Electronic signature 16 Basic additional information

Claims (35)

An information distribution system in which an information distribution server that transmits information and a terminal device that uses information transmitted by the information distribution server are arranged to be connectable by a communication network,
When the information distribution server receives the information transmission request from the second terminal device after transmitting the information to the first terminal device, the information distribution server includes the first terminal device and the second terminal device. One of the terminal devices causes the relay device installed between the terminal device and the communication network to set a communication path, and receives communication path identification information for identifying the communication path from the one terminal device. After that, notify the other terminal device of the communication path identification information,
The first terminal device and the second terminal device connect a line by the other terminal device accessing the one terminal device using the communication path identification information,
The information distribution system, wherein the second terminal device receives the information from the first terminal device using the connected line. An information transmission means for receiving an information transmission request from the first terminal device and transmitting the information requested to be transmitted to the first terminal device;
Request accepting means for accepting a transmission request for the information from a second terminal device;
Setting of a communication path in which one of the first terminal device and the second terminal device can externally access a relay device provided between the one terminal device and the communication network Communication path requesting means for requesting,
Route identification information receiving means for receiving communication route identification information for identifying a communication route set in response to the request from the one terminal device;
Route identification information transmitting means for transmitting the received communication route identification information to the other terminal device;
The first terminal device and the second terminal device connect a line according to the transmitted communication path identification information, and confirm that the second terminal device has received the information from the first terminal device. Transmission confirmation means,
An information distribution server comprising: After transmitting the information to the first terminal device, comprising line maintenance means for maintaining a connection of the line with the first terminal device,
Until the transmission confirmation means confirms that the second terminal device has received the information, communication with the first terminal device is performed using the maintained line. The information distribution server according to claim 2, wherein   Confirmation that the one terminal device transmits confirmation information to the one terminal device and the other terminal device to confirm that the terminal device accessed using the communication path is the other terminal device. The information distribution server according to claim 2, further comprising an information transmission unit. The line maintenance means maintains line connections with a plurality of first terminal devices,
Route setting information for receiving, from the plurality of first terminal devices and the second terminal device, route setting information for determining whether or not the communication route can be set by a relay device provided in these terminal devices. Receiving means;
From the plurality of first terminal devices, using the received route setting information, such that at least one relay device of the first terminal device and the second terminal device can be route-set, First terminal device selection means for selecting a first terminal device for causing the second terminal device to transmit information;
The information distribution server according to claim 3, further comprising: The line maintenance means maintains line connections with a plurality of first terminal devices,
Capability determining means for receiving transmission capability information for determining the degree of information transmission capability of the terminal devices from the plurality of first terminal devices, and determining the level of information transmission capability of the plurality of first terminal devices; ,
First terminal device selection means for selecting a first terminal device for causing the second terminal device to transmit information using the determined capability;
The information distribution server according to claim 3, further comprising:   The information distribution server according to claim 2, wherein when the transmission load of the information is equal to or less than a predetermined value, the information is directly transmitted to the second terminal device. A terminal device arranged to be connectable to a communication network via a relay device,
An information requesting means for requesting the information delivery server to transmit information;
Route setting means for setting a communication route accessible from the outside to the relay device;
Route identification information transmitting means for transmitting communication route identification information for identifying the set communication route to the information distribution server;
Connection means for accepting access from another terminal device using the set communication path, and connecting to the other terminal device;
Information receiving means for receiving the requested information from the other terminal device using the connected line;
A terminal device comprising: An information storage device storing information transmitted by the information distribution server;
Request accepting means for accepting a transmission request for the stored information from another terminal device connected using the connection means;
Information transmitting means for acquiring the information received from the transmission request from the information storage device and transmitting the information to the other terminal device;
The terminal device according to claim 8, comprising:   The terminal device according to claim 9, further comprising communication capability information transmission means for transmitting transmission capability information for determining a degree of information transmission capability to the information distribution server. First confirmation information receiving means for receiving confirmation information for confirming other terminal devices connected using the connection means from the information distribution server;
Second confirmation information receiving means for receiving confirmation information from the other terminal device;
Comprising
The connection means accepts access from the other terminal device when the confirmation information received by the first confirmation information receiving means matches the confirmation information received by the second confirmation information receiving means. The terminal device according to claim 8.   9. The terminal device according to claim 8, further comprising device authentication means for performing device authentication on the other terminal device. In a computer comprising information transmission means, request reception means, communication route request means, route identification information reception means, route identification information transmission means, and transmission confirmation means,
An information transmission step of receiving an information transmission request from the first terminal device by the information transmission means and transmitting the information requested to be transmitted to the first terminal device;
A request receiving step of receiving a transmission request for the information from the second terminal device by the request receiving means;
The communication path request means externally connects to one of the first terminal device and the second terminal device and to a relay device provided between the one terminal device and the communication network. A communication route request step for requesting setting of an accessible communication route;
A communication path identification information receiving step for receiving, from the one terminal device, communication path identification information for identifying a communication path set in response to the request by the path identification information receiving means;
A route identification information transmission step of transmitting the received communication route identification information to the other terminal device by the route identification information transmission means;
The transmission confirmation means connects the first terminal device and the second terminal device according to the transmitted communication path identification information, and the second terminal device receives the information from the first terminal device. A transmission confirmation step to confirm receipt,
An information distribution method comprising: The computer includes line maintenance means,
A line maintaining step of maintaining the connection of the line with the first terminal device after transmitting the information to the first terminal device by the line maintaining unit;
Until the second terminal device confirms that the information has been received in the transmission confirmation step, communication with the first terminal device is performed using the maintained line. The information delivery method according to claim 13, wherein The computer includes confirmation information transmission means,
Confirmation that the one terminal device transmits confirmation information to the one terminal device and the other terminal device to confirm that the terminal device accessed using the communication path is the other terminal device. The information delivery method according to claim 13, further comprising an information transmission step. The computer includes route setting information receiving means and first terminal selection means,
In the line maintenance step, line connection with a plurality of first terminal devices is maintained,
A path for determining whether or not the communication path can be set by the relay apparatus provided in the terminal device from the plurality of first terminal devices and the second terminal device by the route setting information receiving unit. A route setting information receiving step for receiving setting information;
The plurality of the plurality of terminals so that at least one of the first terminal device and the second terminal device can set a route by using the received route setting information by the first terminal selection unit. A first terminal device selection step of selecting a first terminal device for causing the second terminal device to transmit information from the first terminal device;
The information delivery method according to claim 14, further comprising: The computer includes a capability determination unit and a first terminal device selection unit,
In the line maintenance step, line connection with a plurality of first terminal devices is maintained,
The capability determination means receives transmission capability information for determining the degree of information transmission capability of these terminal devices from the plurality of first terminal devices, and determines the level of information transmission capability of the plurality of first terminal devices. An ability determination step for determining;
A first terminal device selection step of selecting a first terminal device for causing the second terminal device to transmit information using the determined capability by the first terminal device selection means;
The information delivery method according to claim 14, further comprising:   The information distribution method according to claim 13, wherein when the information transmission load is equal to or less than a predetermined value, the information is directly transmitted to the second terminal device. In a computer arranged to be connectable to a communication network via a relay device, and comprising an information requesting means, a route setting means, a route identification information transmitting means, a connecting means, and an information receiving means,
An information requesting step for requesting the information delivery server to transmit information by the information requesting means;
A route setting step for setting a communication route that can be accessed from the outside by the route setting means;
A route identification information transmission step of transmitting communication route identification information for identifying the set communication route to the information distribution server by the route identification information transmission means;
A connection step of accepting access from another terminal device using the set communication path by the connection means, and connecting to the other terminal device;
An information receiving step of receiving the requested information from the other terminal device using the connected line by the information receiving means;
An information receiving method comprising: The computer includes an information storage device that stores information transmitted by the information distribution server, a request reception unit, and an information transmission unit.
A request accepting step for accepting a transmission request for the stored information from another terminal device connected using the connection means by the request accepting means;
An information transmission step of acquiring the information received from the transmission request by the information transmission unit and transmitting the information to the other terminal device;
The information receiving method according to claim 19, further comprising: The computer includes communication capability information transmission means,
21. The information receiving method according to claim 20, further comprising a communication capability information transmitting step of transmitting transmission capability information for determining a degree of information transmission capability to the information distribution server by the communication capability information transmitting unit. The computer includes first confirmation information receiving means and second confirmation information receiving means,
A first confirmation information receiving step of receiving confirmation information for confirming another terminal device connected by using the connection means from the information distribution server by the first confirmation information receiving means;
A second confirmation information receiving step of receiving confirmation information from the other terminal device by the second confirmation information receiving means;
Including
In the connection step, when the confirmation information received in the first confirmation information reception step matches the confirmation information received in the second confirmation information reception step, access from the other terminal device is accepted. The information receiving method according to claim 19. The computer includes device authentication means,
20. The information receiving method according to claim 19, further comprising a device authentication step of performing device authentication of the other terminal device by the device authentication means. An information transmission function for receiving an information transmission request from the first terminal device and transmitting the information requested to be transmitted to the first terminal device;
A request reception function for receiving a transmission request for the information from a second terminal device;
Setting of a communication path in which one of the first terminal device and the second terminal device can externally access a relay device provided between the one terminal device and the communication network A communication path request function for requesting,
A path identification information reception function for receiving communication path identification information for identifying a communication path set in response to the request from the one terminal device;
A path identification information transmission function for transmitting the received communication path identification information to the other terminal device;
The first terminal device and the second terminal device connect a line according to the transmitted communication path identification information, and confirm that the second terminal device has received the information from the first terminal device. Send confirmation function,
Information processing program that realizes the above on a computer. After transmitting the information to the first terminal device, the computer realizes a line maintenance function for maintaining the connection of the line with the first terminal device,
In the transmission confirmation function, until the second terminal device confirms that the information has been received, the communication with the first terminal device is performed using the maintained line. 25. The information processing program according to claim 24, characterized in that:   Confirmation that the one terminal device transmits confirmation information to the one terminal device and the other terminal device to confirm that the terminal device accessed using the communication path is the other terminal device. The information processing program according to claim 24, wherein the information transmission function is realized by the computer. The line maintenance function maintains line connections with a plurality of first terminal devices,
Route setting information for receiving, from the plurality of first terminal devices and the second terminal device, route setting information for determining whether or not the communication route can be set by a relay device provided in these terminal devices. Receive function,
From the plurality of first terminal devices, using the received route setting information, such that at least one relay device of the first terminal device and the second terminal device can be route-set, A first terminal device selection function for selecting a first terminal device for causing the second terminal device to transmit information;
26. The information processing program according to claim 25, which is realized by the computer. The line maintenance function maintains line connections with a plurality of first terminal devices,
A capability determination function for receiving transmission capability information for determining a degree of information transmission capability of the terminal devices from the plurality of first terminal devices, and for determining a level of information transmission capability of the plurality of first terminal devices; ,
A first terminal device selection function for selecting a first terminal device for causing the second terminal device to transmit information using the determined capability;
26. The information processing program according to claim 25, which is realized by the computer.   25. The information processing program according to claim 24, wherein when the information transmission load is equal to or less than a predetermined value, the computer realizes a function of directly transmitting the information to the second terminal device. In a computer arranged to be connectable to a communication network via a relay device,
An information request function for requesting the information delivery server to transmit information;
A route setting function for setting a communication route accessible from the outside to the relay device;
A path identification information transmission function for transmitting communication path identification information for identifying the set communication path to the information distribution server;
A connection function that accepts access from another terminal device using the set communication path and connects to the other terminal device; and
An information receiving function for receiving the requested information from the other terminal device using the connected line;
Information processing program that realizes A request reception function for receiving a transmission request for the stored information from another terminal device connected using the connection function;
An information transmission function for acquiring the information received from the transmission request from an information storage device storing the information transmitted by the information distribution server and transmitting the information to the other terminal device;
31. The information processing program according to claim 30, wherein the information is realized by the computer.   32. The information processing program according to claim 31, wherein the computer realizes a communication capability information transmission function for transmitting transmission capability information for determining a degree of information transmission capability to the information distribution server. A first confirmation information receiving function for receiving confirmation information for confirming other terminal devices connected using the connection function from the information distribution server;
A second confirmation information receiving function for receiving confirmation information from the other terminal device;
Is realized by the computer,
In the connection function, when the confirmation information received by the first confirmation information reception function matches the confirmation information received by the second confirmation information reception function, access to the other terminal device is accepted. The information processing program according to claim 30, wherein:   The information processing program according to claim 30, wherein a device authentication function for device authentication of the other terminal device is realized by the computer. A computer-readable storage medium storing the information processing program according to any one of claims 24 to 35.

Images