JP4689954B2 - Information management system and information management method - Google Patents

Description

  The present invention relates to an information management system in which a plurality of terminal devices that store data and an information management server that manages management information related to the data are connected via a network. The present invention relates to a technique for confirming an execution by an information management server when an influential process is executed.

  In recent years, digital works such as music, video, and games (hereinafter also referred to as “contents”) can be easily obtained through distribution using package media in addition to the Internet and digital broadcasting. In addition, when using these digital works, from the viewpoint of copyright protection, etc., a digital work that restricts the number of times the digital work is played, moved, copied, etc., and a license right that indicates the right to use the digital work Management and usage control methods (DRM: Digital Rights Management) are also being studied.

When copying or moving such digital works and their licenses between a plurality of terminals, copying or moving within an unlimited range is not permitted, and only copying or moving within a certain range is permitted. In general, it is considered that copying and moving are permitted only between a plurality of terminal devices owned by the same user or different users.
In order to realize such copying and moving within a certain range, it is necessary to form a group with terminals that can perform processing such as copying and moving contents. Such group management is performed on the basis of group information unique to each group used to determine whether or not it belongs to a group, a terminal list indicating a list of terminal devices belonging to the group, and the like.

  Specifically, when a group is formed with a predetermined number (for example, five) of terminal devices permitted by the server, can the terminal device be registered in the terminal list when there is a request for registration of the terminal device to the group? If the limit number is not reached, the terminal device is registered in the terminal list, and it is determined whether the terminal device registered in the terminal list belongs to the group. Information specific to the group (group information) to be transmitted from the server. On the other hand, when the terminal device leaves the group, when the group information is deleted in the terminal device, the server is notified that the group information has been deleted. When receiving the notification of the deletion, the server deletes the terminal device from the terminal list. By such processing, it is considered that processing (moving, copying, etc.) for a digital work or its license is permitted only between terminal devices in a group holding group information.

According to such a system, it is possible to limit the processing such as copying and moving of digital works and licenses to a range that is permitted with simple processing.
In addition, we investigated prior art, but there was no prior art.

  However, in the information management system described above, the terminal device does not always perform the correct process, and it is illegal to notify the information management server that the group information held by the terminal device has been deleted even though it has not been deleted. If the number of terminals belonging to the group is limited to, for example, 5 or 10 units, a group can be illegally formed with a terminal device exceeding the limit. Occurs.

  Such a problem is not limited to the case where the terminal device holds the group information, the server manages the terminal list related to the group information, and the terminal device deletes the group information so that the terminal device notifies the server of this. In general, an information management system in which a terminal device holds some data, manages management information related to the data in a server, and notifies the fact when the terminal device executes a process that affects the management information. That is true.

  SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to provide an information management system that solves the above-described problems and prevents fraud that tricks the execution result when a process that affects management information is executed in a terminal device. To do.

  To achieve the above object, in the information management system according to the present invention, an information management system in which a plurality of terminal devices that store data and an information management server that manages management information related to the data are connected via a network. The information management server forms a secure communication path between the management information storage means for storing the management information and each terminal apparatus, and communicates with each terminal apparatus via the communication path. First secure communication means for communicating, each terminal device is provided with a tamper resistant module, and the tamper resistant module is stored in the data storage means and data storage means for securely storing the data. Between the execution means for securely executing the process affecting the management information on the received data and the first secure communication means Forming a signal path, characterized in that a second secure communication means for sending a completion notification indicating that executes the influence process to the management information via the communication path.

As a result, there is no room for fraud in the tamper-resistant module of the terminal device, and the completion notification is transmitted via a secure communication path, so there is no room for fraud here. It is possible to safely confirm that processing that affects the process has been executed.
Further, in the information management system according to the present invention, the data is group information for determining whether or not the data belongs to a group formed by a terminal device, and the management information is within a predetermined number belonging to the group. A terminal list indicating a list of terminal devices, wherein the influential process is deletion of group information, and the information management server further performs the completion based on reception of the completion notification via the first secure communication means The terminal apparatus which transmitted notification may be provided with the update means to delete from the terminal list memorize | stored in the said management information storage means.

Thereby, it is possible to securely confirm that the group information has been deleted, and it is possible to reliably prevent a group from being illegally formed by a terminal device having a limit number or more.
In the information management system according to the present invention, the information management server includes a common management server unit, a plurality of individual management server units, and a terminal list management device unit. First communication means that communicates with a common management server unit, the common management server unit should be a destination of the completion notification to a terminal device that has transmitted a notice of notice indicating that the group information is to be deleted A list of first temporary deletion flags indicating whether or not each of the individual management server units has received the completion notification; and a second communication unit for notifying the destination of the individual management server unit. A first temporary deletion flag list storage means for storing a temporary deletion flag list associated with the terminal list, and reception of the completion notification via the first secure communication means. And a first temporary deletion flag setting unit that sets the first temporary deletion flag corresponding to the terminal device that has transmitted the completion notification. The terminal list management device unit includes the management information storage unit, Updating means and flag confirmation means for confirming a set of predetermined first temporary deletion flags included in the first temporary deletion flag list at an arbitrary timing, wherein the updating means includes a first temporary deletion flag by the flag confirmation means. The terminal device corresponding to the first temporary deletion flag may be deleted from the terminal list based on confirmation of the deletion flag set.

  Accordingly, it is possible to securely confirm that the group information has been deleted while distributing the load due to concentration of completion notifications, and to reliably prevent a group from being illegally formed by a terminal device exceeding the limit number.

In the information management system according to the present invention, the common management server unit is a list of second temporary deletion flags indicating whether or not the notice of notice has been received, and is associated with the terminal list. A second temporary deletion flag list storage means for storing a second temporary deletion flag list; and when the notice of notice is received via the second communication means, the terminal corresponding to the terminal device that has transmitted the notice of notice Second temporary deletion flag setting means for setting a second temporary deletion flag, wherein the flag confirmation means includes a second temporary deletion flag corresponding to a predetermined terminal device in the second temporary deletion flag list, The temporary deletion flag list is sequentially searched for a first temporary deletion flag corresponding to the predetermined terminal device, and the updating means is configured so that the flag confirmation means sets the second temporary deletion flag and the first temporary deletion flag. When confirming the set may be characterized in that the terminal device corresponding to the first temporarily erased flag and the second temporary deletion flag to remove from the terminal list.
Thereby, the confirmation accuracy of the completion notification can be greatly improved.

  In the information management system according to the present invention, the information management server includes a common management server unit and a plurality of individual management server units, and each terminal device further communicates with the common management server unit. The common management server unit includes a first communication unit, and the common management server unit sets a destination of the individual management server unit to be a transmission destination of the completion notification to a terminal device that has transmitted a notice of notification indicating that the group information is to be deleted. A second communication means for notifying, and a terminal list management device section, wherein each individual management server section includes a first temporary deletion flag indicating whether the first secure communication means and the completion notification have been received or not. A first temporary deletion flag list storage means for storing a temporary deletion flag list associated with the terminal list, and reception of the completion notification via the first secure communication means Based on the first temporary deletion flag setting means for setting the first temporary deletion flag corresponding to the terminal device that has transmitted the completion notification, the terminal list management device unit, the management information storage means, Updating means and flag confirmation means for confirming a set of predetermined first temporary deletion flags included in the first temporary deletion flag list at an arbitrary timing, wherein the updating means includes a first temporary deletion flag by the flag confirmation means. The terminal device corresponding to the first temporary deletion flag is deleted from the terminal list based on confirmation of the set of the deletion flag.

  As a result, it is possible to securely confirm that group information has been deleted while distributing the load due to concentration of completion notifications, and to reliably prevent illegally forming a group with more than the limit number of terminal devices. Instead, the common management server unit and the terminal list management device unit can be combined into one device, and this device can be simplified.

Further, in the information management system according to the present invention, the terminal list includes a second temporary deletion flag column corresponding to the terminal device belonging to the group and indicating whether or not the notice of notice has been received, The common management server further sets a second temporary deletion flag setting that sets the second temporary deletion flag corresponding to the terminal device that has transmitted the notice notice when the notice notice is received via the second communication means. The flag confirmation means includes: a second temporary deletion flag corresponding to a predetermined terminal device in the terminal list; and a first temporary deletion flag corresponding to the predetermined terminal device in the first temporary deletion flag list; The update means searches for the first temporary deletion flag and the second temporary deletion when the flag confirmation means confirms the set of the second temporary deletion flag and the set of the first temporary deletion flag. The terminal device corresponding to the flag may be characterized be removed from the terminal list.
Thereby, not only the accuracy of confirming the completion notification can be greatly improved, but the number of types of lists can be reduced, so that the burden of list management can be reduced.

In the information management system according to the present invention, the information management server further includes group information storage means for storing the group information, and for registering the terminal device from the terminal devices to the terminal list. When a terminal registration request is received, a registration availability determination unit that determines whether the terminal device that has requested the terminal registration can be registered in the terminal list, and the registration availability determination unit determines that registration is possible The tamper-resistant module further reads the group information read by the group information reading means to the second secure communication means. Group information storage means for storing the received group information in the data storage means when received via For example, the update unit, the when the registration determination means determines that registrable, the terminal apparatus which has transmitted the terminal registration request can and registers in the terminal list.
Thereby, the situation which joins a group by an unauthorized act can be prevented reliably.

In the information management system according to the present invention, the information management server includes a common management server unit, a plurality of individual management server units, and a terminal list management device unit. A first communication unit that communicates with a common management server unit, wherein the common management server unit receives the terminal registration request from each of the terminal devices, and sends the group information to the terminal device that has transmitted the terminal registration request. A second communication unit for notifying the destination of the individual management server unit to be a transmission destination of the acquisition request for acquiring the individual management server unit, wherein each individual management server unit includes the first secure communication unit, the group information A storage unit; and a group information reading unit. The terminal list management device unit includes the management information storage unit, the update unit, and the registration availability determination unit. The availability determination unit determines whether the terminal device that has received the terminal registration request can be registered in the terminal list when the terminal registration request is received via the first communication unit, and the second The communication means notifies the acquisition request destination when the registration permission determination means determines that registration is possible, and the first secure communication means receives the acquisition request for acquiring the group information. The group information read by the group information reading means may be transmitted to the terminal device that transmitted the acquisition request.
As a result, it is possible to distribute the load due to the concentration of registration requests while reliably determining whether or not group registration is possible.

  Further, in the information management system according to the present invention, each individual management server unit further includes a list of first temporary deletion flags indicating whether or not the group information has been deleted, the terminal list A first temporary deletion flag list storage unit for storing a temporary deletion flag list associated with the first temporary deletion flag list, and a completion notification indicating that the group information has been deleted via the first secure communication unit, First temporary deletion flag setting means for setting the first temporary deletion flag corresponding to the terminal device that has transmitted the completion notification, and the terminal list management device unit is further included in the first temporary deletion flag list Flag confirmation means for confirming a predetermined first temporary deletion flag at a timing when the terminal registration request is received, and the second communication means sends the notice of notice to each terminal device. When receiving the notification, the terminal device that has transmitted the advance notice is notified of the destination of the individual management server unit that is to be the transmission destination of the completion notice, and the updating means is configured to send the flag of the first temporary deletion flag set. Based on the confirmation by the confirmation unit, the terminal device corresponding to the first temporary deletion flag may be deleted from the terminal list before the determination by the registration availability determination unit.

  This makes it possible to securely confirm that group information has been deleted while distributing the load caused by concentration of completion notifications and registration requests, and reliably prevent groups from being illegally formed with a terminal device exceeding the limit. Not only can terminals be deleted and registered in the same group smoothly.

In the information management system according to the present invention, the common management server unit is a list of second temporary deletion flags indicating whether or not the notice of notice has been received, and is associated with the terminal list. A second temporary deletion flag list storage means for storing a second temporary deletion flag list; and when the notice of notice is received via the second communication means, the terminal corresponding to the terminal device that has transmitted the notice of notice Second temporary deletion flag setting means for setting a second temporary deletion flag, wherein the flag checking means is a second temporary deletion flag corresponding to a predetermined terminal device corresponding to a predetermined terminal device in the second temporary deletion flag list. A deletion flag and a first temporary deletion flag corresponding to the predetermined terminal device in the first temporary deletion flag list are sequentially searched, and the updating means sets a second temporary deletion flag and a first temporary deletion flag. When the flag confirming unit confirms the set of the group, the terminal device corresponding to the first temporary deletion flag and the second temporary deletion flag is deleted from the terminal list before the determination by the registration possibility determination unit. It is good.
Thereby, the confirmation accuracy of the completion notification can be greatly improved.

  In the information management system according to the present invention, the information management server includes a common management server unit and a plurality of individual management server units, and each terminal device further communicates with the common management server unit. An acquisition request for acquiring the group information to the terminal device that has transmitted the terminal registration request when the common management server unit receives the terminal registration request from the terminal devices; A second communication unit for notifying the destination of the individual management server unit to be a transmission destination, and a terminal list management device unit, wherein each individual management server unit includes the first secure communication unit, the group An information storage unit; and a group information reading unit; and the terminal list management device unit includes the management information storage unit, the update unit, and the registration availability determination unit, The recording permission / inhibition determining means determines whether or not the terminal device that has received the terminal registration request can be registered in the terminal list when the terminal registration request is received via the first communication means, The second communication means notifies the destination of the acquisition request when the registration permission determination means determines that registration is possible, and the first secure communication means reads the group information when the acquisition request is received. The group information read by the means may be transmitted to the terminal device that transmitted the acquisition request.

  As a result, it is possible not only to distribute the load due to the concentration of registration requests while ensuring the determination of whether or not group registration is possible, but also to combine the common management server unit and the terminal list management device unit into one device. It can be simplified.

  Further, in the information management system according to the present invention, each individual management server unit further includes a list of first temporary deletion flags indicating whether or not the group information has been deleted, the terminal list A first temporary deletion flag list storage unit for storing a temporary deletion flag list associated with the first temporary deletion flag list, and a completion notification indicating that the group information has been deleted via the first secure communication unit, First temporary deletion flag setting means for setting the first temporary deletion flag corresponding to the terminal device that has transmitted the completion notification, and the terminal list management device unit is further included in the first temporary deletion flag list Flag confirmation means for confirming a predetermined first temporary deletion flag at the timing of receiving the terminal registration request, wherein the second communication means sends the notice of notice to each terminal device. When receiving the notification, the terminal device that has transmitted the advance notice is notified of the destination of the individual management server unit that is to be the transmission destination of the completion notice, and the updating means includes the flag of the first temporary deletion flag set. Based on the confirmation by the confirmation unit, the terminal device corresponding to the first temporary deletion flag may be deleted from the terminal list before the determination by the registration availability determination unit.

  This makes it possible to securely confirm that group information has been deleted while distributing the load caused by concentration of completion notifications and registration requests, and reliably prevent groups from being illegally formed with a terminal device exceeding the limit. Not only can terminals be deleted and registered in the same group smoothly.

Further, in the information management system according to the present invention, the terminal list includes a second temporary deletion flag column corresponding to the terminal device belonging to the group and indicating whether or not the notice of notice has been received, The common management server further sets a second temporary deletion flag setting that sets the second temporary deletion flag corresponding to the terminal device that has transmitted the notice notice when the notice notice is received via the second communication means. The flag confirmation means includes a second temporary deletion flag corresponding to a predetermined terminal device corresponding to a predetermined terminal device in the second temporary deletion flag list, and the predetermined predetermined value in the first temporary deletion flag list. The first temporary deletion flag corresponding to the terminal device is sequentially searched, and the updating means confirms the set of the second temporary deletion flag and the set of the first temporary deletion flag. To, it may also be characterized be removed from the terminal list terminal device corresponding to the first temporarily erased flag and the second temporary deletion flag before determination of the registration permission judgment unit.
As a result, not only the accuracy of confirmation of completion notification can be greatly improved, but the number of types of lists can be reduced, so that the burden of list management can be reduced.

  Further, in the information management system according to the present invention, the data is group information for determining whether or not the data belongs to a group formed by a terminal device, and the management information is within a predetermined number belonging to the group. It is a terminal list showing a list of terminal devices, and the process that influences is a movement of group information between the terminal devices.

In the information management system according to the present invention, the data is a license of a digital work, the management information is a usage history of the license, and the influential process is usage of the license. It can also be.
In the information management system according to the present invention, the data is a license of a digital work, the management information is the number of licenses that can be held by the terminal device, and the influential process is the license of the license. It can also be characterized by deletion.

Also, in the information management system according to the present invention, the data is a digital work, the management information is the number of distribution ranges of the digital work, and the influence process is movement of the digital work. It can also be characterized.
The present invention can be realized not only as such an information management system, but also as a terminal device or an information management server constituting such an information management system, or as a terminal device or an information management server. It can also be realized as an information management method using characteristic means included in the steps as a step, or as a program for causing a computer to execute these steps. Needless to say, such a program can be distributed via a recording medium such as a CD-ROM or a transmission medium such as the Internet.

  As is clear from the above description, according to the information management system of the present invention, there is no room for fraud in the tamper resistant module of the terminal device, and a completion notification is transmitted via a secure communication path. Again, since there is no room for fraud, the information management server can more safely and surely confirm that the process affecting the management information performed by the terminal device has been executed.

  Therefore, according to the present invention, it is possible to make transparent the processing that affects the management information performed in the terminal device, and the digital distribution of digital works via the Internet or the like and the distribution of digital works via a recording medium such as a DVD. Nowadays that has become active, the practical value of the present invention is extremely high.

  In the following, an embodiment of the present invention will be described in detail with reference to the drawings when applied to a case where data that needs to be processed securely is group information and management information related to the data is a terminal list.

(Embodiment 1)
FIG. 1 is a diagram showing an overall configuration of the group information management system according to the first embodiment.
The group information management system 1 uses digital works such as music (hereinafter also referred to as “contents”) or digital works among a predetermined number of terminal devices registered in the group (for example, five). 1 is a system for copying a license indicating a right to be transferred, moving the license, and reproducing the content at the destination, and is connected to a network 10 such as the Internet as shown in FIG. The group management server 20 and a plurality of terminal devices 60 a to 60 n connected to the network 10 are configured.

  The group management server 20 includes group information 281 which is unique information for each group for determining whether or not it belongs to a group, and a group belonging terminal list 251 for each group indicating a list of terminal devices belonging to each group. Is a computer device. When the group management server 20 receives a deletion completion notification message M3 for notifying that the group information held by the terminal device has been securely deleted from the terminal device (terminal device 60m in the illustrated example) withdrawing from the group. In addition, this terminal device is deleted from the group membership terminal list 251. Further, when the group management server 20 receives the terminal registration request message M1 from the terminal device (terminal device 60n in the illustrated example) that joins the group, the group management server 20 determines whether or not the terminal device can be registered in the group belonging terminal list 251. . That is, it is determined whether or not the limit number has been reached. If registration to the group affiliation terminal list 251 is possible, a group information notification message M2 including group information 281 is transmitted to the terminal device, and this terminal device is registered in the group affiliation terminal list 251.

  Each of the terminal devices 60a to 60n is a computer device that holds group information only while belonging to a group, and performs a process of copying or moving a digital work or this license between the terminal devices belonging to this group. When the group is deleted, the group information is deleted and then a deletion completion notification message M3 is transmitted to the group management server 20, and when joining the group, a terminal registration request message M1 is transmitted to the group management server 20, and the group management server 20 The group information included in the received group information notification message M2 is held.

  In this group information management system 1, when processing such as copying and moving of digital works and licenses is performed between terminal devices, the group key included in the group information is determined to match, It is configured to allow processing such as copying and moving between apparatuses. Accordingly, since the group information is deleted for the terminal device withdrawn from the group, it is impossible to perform processing such as copying or moving digital works and licenses.

  Alternatively, the digital work and license may be encrypted in advance, and the encrypted digital work and license may be decrypted with a group key that is a key unique to the group included in the group information. According to this configuration, since the group information is deleted for the terminal device (terminal device 60m in the illustrated example) withdrawn from the group, even if the encrypted digital work and license are held, this is used. It cannot be used.

FIG. 2 is a block diagram illustrating functional configurations of the group management server 20 and the terminal devices 60a to 60n illustrated in FIG. In FIG. 2, the network 10 is not shown. In addition, since the terminal devices 60a to 60n have the same configuration, the terminal devices 60a and 60n are illustrated as general terminal devices 60.
The group management server 20 includes a secure communication unit 21, a registration availability determination unit 22, a group identifier storage unit 23, a terminal list generation unit 24a, a group belonging terminal list storage unit 25, a terminal list update unit 24b, a group A key storage unit 26, a group information generation unit 27, a group information storage unit 28, a group information reading unit 29, and the like are included.

The secure communication unit 21 forms a secure communication channel with authentication (Secure Authentication Channel, hereinafter also referred to as “SAC”) with the terminal device 60, a terminal registration request message M1, a group information notification message M2, and a deletion completion. Various messages such as the notification message M3 are securely transmitted and received.
The registration availability determination unit 22 determines whether registration to the group membership terminal list 251 is possible when the terminal registration request message M1 is received from the terminal device 60 via the secure communication unit 21.

The group identifier storage unit 23 stores a plurality of unused group identifiers 231 in already formed groups.
The terminal list generation unit 24a, when the registration availability determination unit 22 determines that the terminal device 60 that has transmitted the terminal registration request message M1 has not yet formed a group, a group indicating a list of terminal devices belonging to the group The affiliation terminal list 251 is generated for each group using an unused group identifier.

The group affiliation terminal list storage unit 25 stores the group affiliation terminal list 251 generated by the terminal list generation unit 24a.
The terminal list update unit 24b sets and registers the terminal device in the group membership terminal list 251 when the registration permission determination unit 22 determines that the terminal device that transmitted the terminal registration request message M1 can be stored in the group membership terminal list 251. The terminal device that transmitted the deletion completion notification message M3 is deleted from the group belonging terminal list 251.

Here, as shown in FIG. 3, the group membership terminal list 251 includes a group identifier (for example, “0xF001”) 2511 and a terminal list 2512 that stores a plurality of terminal identifiers (five in the illustrated example) in a list form. It is composed of Note that “-” shown in the figure indicates that a blank, that is, a terminal can be registered in a group.
The group key storage unit 26 stores a group key 261 necessary for transferring contents and licenses between terminal devices.

The group information generation unit 27 generates group information using the group key 261 when the registration permission determination unit 22 determines that the terminal device 60 that has transmitted the terminal registration request message M1 has not yet formed a group.
The group information storage unit 28 stores the group information generated by the group information generation unit 27.

The group information reading unit 29 reads the group information when the registration availability determination unit 22 determines that the terminal device that has transmitted the terminal registration request message M1 can be stored in the group belonging terminal list 251.
Here, the group information 281 includes a group identifier 2811 and a group key (for example, “◯ × Δ... □”) 2812 as shown in FIG.

  The terminal device 60 includes an operation unit 61, a graphical user interface (hereinafter also referred to as “GUI”) 62, a terminal application 63, a tamper resistant module 68, and the like. The tamper resistant module 68 includes an IC card, an IC chip, and the like, and includes a secure communication unit 64, a group information storage unit 65, a registration unit 66, and a deletion unit 67.

The operation unit 61 receives an operation by a user.
The GUI 62 is a visually appealing graphic display (icon) and provides a simple and easy-to-understand environment for the user.
The terminal application 63 instructs the secure communication unit 64 to create a terminal registration request message M1 and a deletion completion notification message M3 based on instructions from the user such as terminal registration to the group and deletion from the group. The unit 66 is instructed to register the group information in the group information storage unit 65, and the deletion unit 67 is instructed to delete the group information 281 stored in the group information storage unit 65.

The secure communication unit 64 forms an SAC with the group management server 20 and securely transmits and receives various messages such as a terminal registration request message M1, a group information notification message M2, and a deletion completion notification message M3.
The group information storage unit 65 stores group information.
The registration unit 66 registers the group information included in the group information notification message M2 sent from the group management server 20 via the secure communication unit 64 in the group information storage unit 65.

The deletion unit 67 deletes group information registered in the group information storage unit 65.
Here, as shown in FIG. 5, the terminal registration request message M1 includes a message header m11 (for example, “ΔX... □”), a group identifier m12, and a terminal identifier m13. The group identifier m12 stores a group identifier selected and sent by the group management server 20 or a group identifier input by the user. Here, the group identifier is acquired from the group management server 20 at the time of member registration for the service, or is acquired from a terminal that already belongs to the domain. The acquired group identifier is held by the terminal device or stored by the user. In the former case, it is automatically set in the terminal registration request message M1, and in the latter case, it is set based on the user input.

Further, as shown in FIG. 6, the group information notification message M2 includes a message header m21 and group information m22.
Further, as shown in FIG. 7, the deletion completion notification message M3 includes a message header m31, a group identifier m32, a terminal identifier m33, and group information m34.

  The message headers m11 to m31 shown in FIG. 5 to FIG. 7 are composed of the source and destination addresses of the messages M1 to M3, a message identifier for identifying the message, and the like.

Next, an operation of processing performed between the group management server 20 and the terminal device 60 will be described.
FIG. 8 is a sequence diagram illustrating processing performed between the group management server 20 and the terminal device 60. The processing performed in the tamper resistant module 68 is referred to as a secure process.
When there is a terminal registration instruction from the terminal application 63 (S11), the secure communication unit 64 transmits a terminal registration request message M1 to the group management server 20 (S12).

  The registration availability determination unit 22 that has received the terminal registration request message M1 via the secure communication unit 21 searches the group membership terminal list storage unit 25 and searches for the group membership terminal list having the group identifier included in the terminal registration request message M1. The presence or absence is determined (S13). If not, the terminal list generating unit 24a generates a group belonging terminal list (S14), stores the generated group belonging terminal list in the group belonging terminal list storage unit 25, and the group information generating unit 27 generates group information. Then, the generated group information is stored in the group information storage unit 28 (S15). When the terminal list and group information are generated (S14, S15), or when there is a terminal list in step S13, the registration availability determination unit 22 determines whether the terminal can be registered in the group membership terminal list (S16). This determination is made based on whether or not the number of terminals registered in the group belonging terminal list has reached a limited number. If the limit is reached, terminal registration is not performed, and the process for the terminal registration request is terminated. If the limit has not been reached, the terminal is registered in the group membership terminal list (S17), and a group information notification message M2 is transmitted to the terminal device 60 (S18).

The registration unit 66 that has received the group information notification message M2 via the secure communication unit 64 stores the group information included in the group information notification message M2 in the group information storage unit 65 (S19).
As a result, the terminal device 60 can perform processing such as copying and moving the digital work and its license with other terminal devices belonging to the group.

On the other hand, when there is a terminal deletion instruction from the terminal application 63 (S21), the deletion unit 67 securely deletes the group information stored in the group information storage unit 65 (S22). When the secure deletion of the group information is finished, the secure communication unit 64 transmits a deletion completion notification message M3 to the group management server 20 (S23).
The terminal list update unit 24b that has received the deletion completion notification message M3 via the secure communication unit 21 and the registration availability determination unit 22 searches the group membership terminal list storage unit 25, and determines the group identifier included in the deletion completion notification message M3. The terminal is deleted from the group membership terminal list (S24).

  As a result, fraud such as notifying the information management server that the group information held by the terminal device has been deleted even though it has not been deleted is reliably avoided, and there is a limitation of up to 5 or 10 devices. Nevertheless, it is possible to reliably prevent a situation in which a group can be illegally formed with a terminal device exceeding the limit. That is, according to the invention according to the first embodiment, it is possible to prevent fraud that tricks the execution result when processing that affects the management information is executed in the terminal device.

  Next, another embodiment of the present invention will be described. A case in which data that needs to be processed securely is group information and management information related to the data is a terminal list will be described in detail with reference to the drawings.

(Embodiment 2)
FIG. 9 is a diagram showing an overall configuration of the group information management system 2 according to Embodiment 2 of the present invention. In addition, the same number is attached | subjected to the part corresponding to the component of the group information management system 1, and the detailed description is abbreviate | omitted.

  The group information management system 2 has a configuration in which the group management server 20 is divided into a plurality of devices in order to distribute the load applied to the group management server 20 of the first embodiment, and as shown in FIG. Integrated management of the network 10, the common group management server 30 connected to the network 10, a plurality of individual group management servers 40a to 40j connected to the network 10, and the common group management server 30 and the individual group management server 40 Terminal list management device 50 and terminal devices 70 a to 70 n connected to the network 10.

  The common group management server 30 is a unique computer device in all services provided in the group information management system 2, and temporarily deletes the terminal device belonging to the group before actually deleting it. A temporary deletion flag list 351 for each group including a flag is held. When the common group management server 30 receives a deletion request message M3 ′ from a terminal device (terminal device 70m in the illustrated example) withdrawing from the group, the common group management server 30 sets “1” to the temporary deletion flag corresponding to this terminal device. Then, the destination of the deletion completion notification message M3 is notified. When the common group management server 30 receives a terminal registration request message M1 from a terminal device (terminal device 70n in the illustrated example) that joins the group, the common group management server 30 passes this message to the terminal list management device 50 and also sends the group information 281. The destination of the acquisition request message M1 ′ for acquisition is notified.

  The individual group management servers 40 a to 40 j are installed for each service in the group information management system 2, hold the group information 281 from the viewpoint of load distribution, and the temporary deletion flag list 451 having the same configuration as the temporary deletion flag list 351. Is a computer device that holds When the individual group management servers 40a to 40j receive the deletion completion notification message M3 from the terminal device (the terminal device 70m in the illustrated example) that withdraws from the group, the individual group management servers 40a to 40j have “1” in the temporary deletion flag corresponding to this terminal device. Set. When the acquisition request message M1 ′ is received from the individual group management servers 40a to 40j and the terminal device (terminal device 70n in the illustrated example) that joins the group, the group information notification message M2 including the group information 281 is sent to the terminal device. To deliver.

  The terminal list management device 50 holds the group affiliation terminal list 251, generates group information 281 held by the individual group management servers 40 a to 40 j as necessary, or a temporary deletion flag list held by the common group management server 30. 351 and a computer device that generates a temporary deletion flag list 451 held by the individual group management servers 40a to 40j. When receiving the terminal registration request message M1 via the common group management server 30, the terminal list management device 50 determines whether or not the terminal device can be registered in the group belonging terminal list 251. If registration to the group affiliation terminal list 251 is possible, this terminal device is registered in the group affiliation terminal list 251. Also, the terminal list management device 50 searches the temporary deletion flag lists 351 and 451 at a predetermined timing, and when “1” is set in both of the temporary deletion flags, the terminal device from the group belonging terminal list 251 Is deleted.

  Each terminal device 70a to 70n holds group information only while belonging to a group, like the terminal devices 60a to 60n, and copies of licenses corresponding to digital works and digital works between terminal devices belonging to this group. And a computer device that performs movement processing. When the terminal devices 70 a to 70 n leave the group, the terminal devices 70 a to 70 n transmit a deletion request message M 3 ′ to the common group management server 30 in advance, delete the group information, and then send a deletion completion notification message M 3 from the common group management server 30. The information is transmitted to the individual group management servers 40a to 40j having the destination, URI (Uniform Resource Identifier) that has been taught.

  Further, when joining the group, the terminal devices 70a to 70n transmit a terminal registration request message M1 to the common group management server 30, and the individual group management servers 40a to 40j having the URI taught by the common group management server 30. To the group information notification message M2 received from the individual group management servers 40a to 40j, and holds the group information included in the group information notification message M2.

  FIG. 10 is a block diagram illustrating functional configurations of the terminal list management device 50, the common group management server 30, the individual group management servers 40a to 40j, and the terminal devices 70a to 70n illustrated in FIG. In FIG. 10, the network 10 is not shown. Also, since the individual group management servers 40a to 40j have the same configuration, the individual group management servers 40a to 40j are illustrated as the individual group management server 40 indicating the general. The terminal devices 70a to 70n have the same configuration, and thus indicate the general. This is illustrated as a terminal device 70.

  Similar to the group management server 20, the terminal list management device 50 includes a registration availability determination unit 22, a group identifier storage unit 23, a terminal list generation unit 24a, a terminal list update unit 24b, a group belonging terminal list storage unit 25, and a group key storage. 26 and a group information generation unit 27, and further includes a flag confirmation unit 52 for confirming whether or not “1” is set in the temporary deletion flags of the temporary deletion flag lists 351 and 451 at a predetermined timing.

  The common group management server 30 includes a non-secure communication unit 31 that communicates with the terminal device 70, and a temporary deletion flag list storage unit 35 that stores the temporary deletion flag list 351 generated by the terminal list generation unit 24a of the terminal list management device 50. And a temporary deletion flag setting unit 32 that sets “1” to the temporary deletion flag of the temporary deletion flag list 351 when the deletion request message M3 ′ is received from the terminal device 70 via the non-secure communication unit 31.

  Similar to the group management server 20, the individual group management server 40 includes a secure communication unit 21, a group information storage unit 28, and a group information reading unit 29, and is further generated by the terminal list generation unit 24 a of the terminal list management device 50. When the temporary deletion flag list storage unit 45 for storing the temporary deletion flag list 451 and the deletion completion notification message M3 from the terminal device 70 via the secure communication unit 21 are received, the temporary deletion flag in the temporary deletion flag list 451 is set to “ And a temporary deletion flag setting unit 42 for setting “1”.

  Similar to the terminal device 60, the terminal device 70 includes an operation unit 61, a GUI 62, and a tamper resistant module 68, and further receives a non-secure communication unit 74 that communicates with the common group management server 30 and an instruction from the operation unit 61. The instruction is transmitted to the non-secure communication unit 74, the secure communication unit 64, the registration unit 66, and the deletion unit 67 of the tamper-resistant module 68, and the URL received via the non-secure communication unit 74 is transmitted to the secure communication unit 64. And a terminal application 71.

  Here, the temporary deletion flag list 351 includes a group identifier (for example, “0xF001”) 3511 and a terminal list 3512 that stores a plurality of terminal identifiers (five in the illustrated example) in a list form, as shown in FIG. The temporary deletion flag list 3513 stores the temporary deletion flag 1 individually corresponding to each terminal identifier in a list. Similarly to the temporary deletion flag list 351, the temporary deletion flag list 451 also stores a group identifier 3511, a terminal list 3512, and a temporary deletion flag list 4513 that stores the temporary deletion flag 2 individually corresponding to each terminal identifier in a list. It consists of and. Such temporary deletion flag lists 351 and 451 can be configured simply by associating the temporary deletion flags 1 and 2 with the group membership terminal list 251 and can easily manage terminal deletion.

  Note that the acquisition request message M1 'is different from the terminal registration request message M1 shown in FIG. Also, regarding the deletion request message M3 ', since the group information is deleted from the deletion completion notification message M3 shown in FIG. 7 and the message ID in the message header is different, the configuration is not shown.

Next, an operation of processing performed between the common group management server 30, the individual group management server 40, the terminal list management device 50, and the terminal device 70 will be described.
First, terminal registration processing for a group will be described.
FIG. 12 is a sequence diagram showing a process for registering a terminal in a group.
When there is a terminal registration instruction from the terminal application 71 of the terminal device 70, the non-secure communication unit 74 generates a terminal registration request message M1 including a group ID, a terminal ID, and a service ID, and generates the generated terminal registration request message M1. It transmits to the common group management server 30 (S31).

The non-secure communication unit 31 of the common group management server 30 that has received the terminal registration request message M1 sends the received terminal registration request message M1 to the registration availability determination unit 22 of the terminal list management device 50.
When receiving the terminal registration request message M1, the registration availability determination unit 22 determines whether the group belonging terminal list 251 exists in the group belonging terminal list storage unit 25 using the group identifier m12 as a key (S32). When there is no group affiliation terminal list 251 for the group, the registration permission determination unit 22 instructs the group information generation unit 27 to generate group information, and instructs the group information generation unit 27 to generate group information. To do. If there is a group affiliation terminal list 251 for the group, the process proceeds to a registration possibility determination process described later.

  Receiving the instruction, the group information generation unit 27 generates group information 281 (S33), and stores the generated group information 281 in the group belonging terminal list storage unit 25 (S34). Further, the group information generating unit 27 generates a temporary deletion flag list 351, stores the generated temporary deletion flag list 351 in the temporary deletion flag list storage unit 35 of the common group management server 30 (S35), and temporarily deletes the flag list. 451 is generated, and the generated temporary deletion flag list 451 is stored in the temporary deletion flag list storage unit 45 of the individual group management server 40 (S36).

On the other hand, the group information generation unit 27 that has received the instruction generates group information 281 (S37), and stores the generated group information in the group information storage unit 28 of the individual group management server 40 (S38).
When the lists 251, 351, 451 have been stored in the storage units 25, 35, 45, or when the lists 251, 351, 451 exist, the registration propriety determination unit 22 determines the lists 251, 351, 451 Whether or not terminal registration is possible is determined (S39). This determination is made based on whether or not the number of terminal identifiers registered in the group belonging terminal list 251 has reached the limit number. If registration is not possible, the process for the terminal registration request is terminated. On the other hand, if registration is possible, the terminal list update unit 24b registers the terminal in each list 251, 351, 451 (S40, S41, S42).

When the terminal registration is completed, the registration availability determination unit 22 notifies the terminal application 71 of the result including the URI of the individual group management server corresponding to the service ID via the non-secure communication unit 31 (S43).
Upon receiving the notification of the result including the URI, the terminal application 71 instructs the secure communication unit 64 to transmit an acquisition request message M1 ′ for acquiring the group information 281 to the URI (S44). The secure communication unit 64 that has received an instruction from the terminal application 71 forms a SAC with the individual group management server 40 having the URI, and then obtains an acquisition request message including the group ID and terminal ID in the individual group management server 40. M1 ′ is transmitted (S45). Note that the acquisition request message M1 ′ may be configured without including the terminal ID.

  The group information reading unit 29 of the individual group management server 40 that has received the acquisition request message M1 ′ identifies the corresponding group information from the group identifier (S46), checks whether or not the terminal ID is included, and if included Instructs the secure communication unit 21 to transmit group information. The secure communication unit 21 that has received the instruction transmits a group information notification message M2 to the terminal device 70 (S47).

  The registration unit 66 of the terminal device 70 that has received the group information notification message M2 extracts the group information 281 from the group information notification message M2, and stores the extracted group information 281 in the group information storage unit 65 (S48). It should be noted that a group ID may be included in the group information notification message M2 to determine whether or not it matches the group ID transmitted in the acquisition request.

  As a result, the content can be reproduced by copying the content or license between the terminal devices 70 in the group.

Next, a preparation process for deleting a terminal from a group will be described.
FIG. 13 is a sequence diagram illustrating a preparation process for deleting a terminal from a group.

  When the terminal application 71 of the terminal device 70 receives an instruction to delete a terminal from the group via the operation unit 61, a deletion request message M3 ′ for deleting the terminal is shared via the non-secure communication unit 74. It transmits to the group management server 30 (S51). Here, the deletion request message M3 'includes a group ID and a terminal ID in addition to the message header.

  When receiving the deletion request message M3 ′ from the terminal device 70 via the non-secure communication unit 31, the temporary deletion flag setting unit 32 of the common group management server 30 searches the temporary deletion flag list storage unit 35 and deletes the deletion request message. The temporary deletion flag list 351 having the group ID included in M3 ′ is specified. Then, “1” indicating deletion is set in the temporary deletion flag 1 corresponding to the terminal ID included in the deletion request message M3 ′ (S52). Then, the temporary deletion flag setting unit 32 notifies the terminal application 71 of the result including the URI of the individual group management server via the non-secure communication unit 31 (S53).

  Upon receiving the notification of the result including the URI, the terminal application 71 sends a deletion request for deleting the group information 281 to the deletion unit 67 including the URI of the individual group management server (S55). Upon receiving the deletion request from the terminal application 71, the deletion unit 67 securely deletes the group information stored in the group information storage unit 65 (S56). When the deletion of the group information is completed, the deletion unit 67 causes the secure communication unit 64 to form a SAC with the individual group management server 40 having the URI included in the deletion request, and then performs the individual group management having the URI. A deletion completion notification message M3 including a group ID and a terminal ID is transmitted to the server 40 (S57). The deletion completion notification message M3 is composed of the group ID, terminal ID, and group information here, but may be composed of only the group ID and terminal ID, or only the terminal ID and group information.

  When receiving the deletion completion notification message M3 via the secure communication unit 21, the temporary deletion flag setting unit 42 of the individual group management server 40 searches the temporary deletion flag list storage unit 45 and is included in the deletion completion notification message M3. A temporary deletion flag list 451 having a group ID is specified. Then, the temporary deletion flag setting unit 42 sets “1” indicating deletion to the temporary deletion flag 2 corresponding to the terminal ID included in the deletion completion notification message M3 (S58).

  The process of setting “1” indicating the deletion to the temporary deletion flags 1 and 2 prepares the terminal device 70 having the terminal ID for deletion from the group.

Next, a process for actually deleting a terminal from the group will be described.
FIG. 14 is a sequence diagram showing processing for actually deleting a terminal from a group. Here, a sequence is shown in which the flag confirmation unit 52 of the terminal list management device 50 confirms the temporary deletion flags 1 and 2 at an arbitrary timing.

The flag confirmation unit 52 of the terminal list management device 50 sets a predetermined group ID and terminal ID at an arbitrary timing (S61). Such group ID and terminal ID are selected from the group belonging terminal list 251 stored in the group belonging terminal list storage unit 25.
When the group ID and terminal ID are set, the flag confirmation unit 52 sets the set group ID and terminal ID from the temporary deletion flag list 351 stored in the temporary deletion flag list storage unit 35 of the common group management server 30. Is searched (S62), the contents of the temporary deletion flag 1 are confirmed (S63), and it is determined whether or not "1" indicating deletion of the terminal is set (S64).

  When “1” is set in the temporary deletion flag 1, the flag confirmation unit 52 sets the set group from the temporary deletion flag list 451 stored in the temporary deletion flag list storage unit 45 of the individual group management server 40. The temporary deletion flag list having the ID and the terminal ID is searched (S65), the contents of the temporary deletion flag 2 are confirmed (S66), and it is determined whether “1” indicating the deletion of the terminal is set (S67). .

  If “1” is also set in the temporary deletion flag 2 of the corresponding part, the flag confirmation unit 52 is stored in the group belonging terminal list storage unit 25 and deletes the terminal identifier from the corresponding group belonging terminal list 251. That is, the target terminal is deleted from the group (S68). In addition, after completing the terminal deletion from the group belonging terminal list 251, the item of the terminal identifier may be deleted from the temporary deletion flag list 351 and the temporary deletion flag list 451.

  By such processing, the terminal can be surely deleted from the group for the set group ID and terminal ID.

Next, another process for actually deleting a terminal from the group will be described.
FIG. 15 is a sequence diagram showing another process for actually deleting a terminal from a group. Here, when the terminal application 71 of the terminal device 70 transmits the terminal registration request message M1 to the common group management server 30, the flag confirmation unit 52 of the terminal list management device 50 triggers transmission of the terminal registration request message M1. A sequence for confirming the temporary deletion flags 1 and 2 is shown.

When there is a terminal registration instruction from the terminal application 71 of the terminal device 70, the non-secure communication unit 74 generates a terminal registration request message M1 including a group ID, a terminal ID, and a service ID, and generates the generated terminal registration request message M1. It transmits to the common group management server 30 (S71).
The non-secure communication unit 31 of the common group management server 30 that has received the terminal registration request message M1 sends the received terminal registration request message M1 to the registration availability determination unit 22 of the terminal list management device 50.

  When receiving the terminal registration request message M1, the registration availability determination unit 22 determines whether the group belonging terminal list 251 exists in the group belonging terminal list storage unit 25 (S72). When there is a group belonging terminal list 251 for the group, the flag confirmation unit 52 selects the group belonging terminal list 251 from the temporary deletion flag list 351 stored in the temporary deletion flag list storage unit 35 of the common group management server 30. The temporary deletion flag list having the same group ID is searched (S73), all the contents of the temporary deletion flag 1 are confirmed (S74), and it is determined whether or not “1” indicating the deletion of the terminal is set (S75). . Then, the flag confirmation unit 52 sets all terminal IDs for which “1” is set in the temporary deletion flag 1 (S76). A temporary deletion flag list having the same group ID as the group belonging terminal list 251 is searched from the temporary deletion flag list 451 stored in the temporary deletion flag list storage unit 45 of the individual group management server 40 (S77), and in step S76. All the contents of the temporary deletion flag 2 corresponding to all the set terminal IDs are confirmed (S78), and it is determined whether or not “1” indicating deletion of the terminal is set (S79).

  When “1” is also set in the temporary deletion flag 2 of the corresponding part, the flag confirmation unit 52 is stored in the group belonging terminal list storage unit 25 and deletes all terminal identifiers from the corresponding group belonging terminal list 251. (S80). That is, the terminal in which “1” is set in the temporary deletion flags 1 and 2 is deleted from the group from the group belonging terminal list having the group ID included in the terminal registration request message M1.

By such processing, a terminal for which “1” is set in the temporary deletion flags 1 and 2 can be reliably deleted from the group.
In the second embodiment, the terminal is deleted from the group when “1” is set in the temporary deletion flags 1 and 2, that is, when the And condition is satisfied, but “1” is set in the temporary deletion flag 2. When set, the terminal may be deleted from the group. Thereby, the configuration of the common group management server 30 can be greatly simplified.

Further, although the temporary deletion flags 1 and 2 are set to “1”, the reverse logic thereof, that is, the set may be set to “0”.
In the above description, the server device has been described as generating and associating the group identifier and the group key independently. However, the group identifier is generated from the group key by a one-way function, and only the group key is transmitted to the terminal device. You may make it do. In this case, the terminal device can generate the group identifier by holding the same one-way function algorithm as the server device.

  In the above description, the server is configured by three devices. However, the terminal list management device may be included in either the common group management server or the individual group management server. That is, the server may be configured with two devices. In this case, the server including the terminal list management device 50 does not hold the temporary deletion flag list, and can play its role by adding a temporary deletion flag column to the group belonging terminal list 251.

  In the first and second embodiments, the case where the data that needs to be securely processed is applied to the group information and the management information related to the data is the terminal list has been described. Needless to say, the present invention is applicable to a general configuration in which data that needs to be stored is held and the server holds management information related to the data. In the case of this general configuration, when the terminal device executes a process that affects the management information of the server, the secure communication unit 64 may notify the execution result to the server.

  In this general configuration, the data is group information for determining whether the digital work and its license belong to a group formed by a predetermined number of terminal devices that are permitted to move, copy, etc. The management information is a terminal list indicating a list of terminal devices belonging to a group, and the process having the influence can be applied as a movement of group information between the terminal devices.

The data may be a digital work license, the management information may be a license usage history, and the process having the influence may be applied as a license usage.
In addition, the data is a license of a digital work, the management information is the number of licenses that can be held by the terminal device, and the process having the influence can be applied as deletion of a license.

  Furthermore, the data is a digital work, the management information is the number of distribution ranges of the digital work, and the process having the influence can be applied as a movement of the digital work.

(Embodiment 3)
Next, still another embodiment of the present invention will be described. The following embodiment is an example embodying the present invention, and does not limit the technical scope of the present invention.

Prior to the description, the definition of the group and group information in the present embodiment will be performed again.
(Group definition)
First, a group is defined. In general, in a content distribution service, a process of copying and moving content distributed to terminals and content rights between terminals is not permitted within an unlimited range, but is permitted only within a certain range.

  A plurality of terminals that are mutually permitted to perform the processing are regarded as belonging to the same set, and the set can be defined as follows. When any two elements belonging to the set are extracted, the two elements are permitted to perform processing such as copying and moving of content. A set defined as above is called a group. In other words, it is necessary to belong to the same group in order to perform processing such as content movement.

(Group information definition)
Next, group information is defined. A process of moving and acquiring content required by the first terminal from the second terminal will be described. According to the definition of the group, content movement is permitted when the first terminal and the second terminal belong to the same group, and content movement is not permitted when they do not belong to the same group.

  In the present embodiment, the first terminal and the second terminal perform group determination to determine whether or not they belong to the same group before performing content movement processing. Information necessary for the group determination is defined as group information. Note that the group information according to the third embodiment generally includes the terminal list of the first and second embodiments, and details of the contents of the form group information will be described later.

FIG. 16 is a block diagram showing the group information management server 100, the group information changing device 200, the group information holding terminals 300 and 400, and their surrounding environment according to Embodiment 3 of the present invention.
In FIG. 16, the group information management server 100, the group information changing device 200, and the group information holding terminals 300 and 400 are connected via a wired or wireless transmission path N so that data communication is possible. In this group information management system S, at least one group information management server 100 and at least two group information holding terminals 300 and 400 are connected to each other via the transmission line N so that data communication is possible.

  Here, the group information management server 100 is installed on the provider α side related to the music distribution service as an example of the content distribution service, and the group information holding terminal 300 is based on a contract with the provider α. Installed on the contractor β side. In the following, the internal configurations of the group information management server 100, the group information change device 200, and the group information holding terminal 300 will be described with reference to FIGS.

  FIG. 17 is a block diagram showing an internal configuration of the group information management server 100 shown in FIG. In FIG. 17, the group information management server 100 includes a group information storage unit 101 that stores group information, an updated terminal list storage unit 102 that stores a list of group information holding terminals for which group information update processing has been completed, Group information setting / updating unit 103 that performs setting and changing processing of group information stored in the information storage unit 101, and group information acquisition / transmission unit that performs acquisition and transmission processing of group information stored in the group information storage unit 101 104, a group information update determination unit 105 that determines whether or not to update group information, and a communication unit 106 that performs communication processing with the group information holding terminal.

  FIG. 18 is a block diagram showing an internal configuration of the group information changing apparatus 200 shown in FIG. In FIG. 18, the group information changing apparatus 200 includes a group information setting / change information input unit 201 that accepts input of information for new setting and update processing of group information, and a communication unit 202 that performs communication processing with the group information management server 100. And.

  FIG. 19 is a block diagram showing an internal configuration of group information holding terminal 300 shown in FIG. In FIG. 19, the group information holding terminal 300 generates a group information acquisition request message to the group information storage unit 301 for storing group information, the group information management server 100 and other group information holding terminals, and transmits the group information. An acquisition request unit 302, a group information acquisition / update unit 303 that acquires group information from the group information management server 100 and other group information holding terminals, and updates the group information in the group information storage unit 301; A message for notifying the information holding terminal of an update notification is generated and sent to the update notification transmitting unit 304, and the group information acquired from the group information management server 100 and other group information holding terminals and held in the group information storage unit 301 Group information obtained from the group information A group information update determination unit 305 that determines whether to perform update processing based on information, and a message for transmitting information necessary for update determination to other group information holding terminals during processing such as content search and acquisition A processing request transmission unit 306 that generates and transmits, a group information acquisition / transmission unit 307 that generates and transmits a message for transmitting group information to another group information holding terminal, and the group information management server 100 and other And a communication unit 308 that performs communication processing with the group information holding terminal.

Here, a data structure of data held by the group information management server 100 and the group information holding terminal 300 will be described.
(Data structure of data held by the group information management server 100)
First, data held by the group information management server 100 will be described. The group information management server 100 holds group information in the group information storage unit 101, and holds an updated terminal list in the updated terminal list storage unit 102. The group information held by the group information management server 100 will be described with reference to FIG. The group information is as defined above.

FIG. 20 is a diagram showing the contents of the group information. In FIG. 20, g1501 is a group identifier that uniquely identifies group information, g1502 is management information that is information for managing group information actual data, and g1503 is group information actual data that is necessary for group determination.
The management information in the present embodiment will be described as generation information indicating the generation of the corresponding group information actual data. Generation information is an example of a set in which the magnitude relationship between two elements is always determined when any two elements are taken. More specifically, a version whose value monotonously increases whenever group information is changed will be described as an example of management information.

  Group information (hereinafter referred to as a group information terminal list) when the group information actual data is a terminal list will be described with reference to FIG. FIG. 21 shows the contents of the group information terminal list. In FIG. 21, g1601 is a group identifier, g1602 is a version as management information, and g1603 to g1604 are lists of terminal identifiers of the group information holding terminal 300 belonging to the group corresponding to the group identifier 1601. Here, the terminal identifier is an identifier that uniquely identifies the group information holding terminal 300.

  Next, the updated terminal list held by the group information management server 100 will be described with reference to FIG. FIG. 22 shows the contents of the group information updated terminal list. 22, g1801 is a group identifier, and g1802 to g1803 are terminal identifiers of the group information holding terminal 300 updated to the latest group information among the group information holding terminals 300 belonging to the group corresponding to the group identifier 1801.

(Data structure of data held by the group information holding terminal 300)
Next, data held by the group information holding terminal 300 will be described. The group information holding terminal 300 holds group information in the group information storage unit 301. Since the data structure of the group information held by the group information holding terminal 300 is the same as the data structure of the group information held by the group information management server 100, description thereof is omitted.

The data structure of the data held by the group information management server 100 and the group information holding terminal 300 has been described above.
Next, the data structure of messages transmitted and received between the group information management server 100, the group information change device 200, and the group information holding terminal 300 will be described.

(Data structure of messages sent and received during communication)
First, the data structure of a message transmitted and received during communication in the present embodiment will be described with reference to FIG. FIG. 23 is a diagram showing the contents of the message format. In FIG. 23, m1901 is a message header, and m1902 is a message body. Here, the message header includes at least information for specifying the transmission destination and information for specifying the transmission source. The information specifying the transmission destination is referred to as a message destination, and the information specifying the transmission source is referred to as a destination when a reply message is transmitted to the message. There is an IP address as information for specifying the transmission source or the transmission destination. The message body m1902 includes information unique to each message. The unique information will be described for each message.
Four messages that are important in the present embodiment will be described with reference to FIGS.

(Group information acquisition request message)
First, the group information acquisition request message will be described with reference to FIG. FIG. 24 shows the contents of the group information acquisition request message. The group information acquisition request message is transmitted from the group information holding terminal 300 to the group information management server 100, or from the group information holding terminal 300 to another group information holding terminal 300.

  24, m801 is a message header, m802 is a terminal identifier of the group information holding terminal 300 that transmitted the group information acquisition request message, m803 is a group identifier of group information held by the group information holding terminal 300, and m804 is holding group information. This is a version of the group information held by the terminal 300.

(Update notification message)
Secondly, the update notification message will be described with reference to FIG. FIG. 25 shows the contents of the update notification message. The update notification message is transmitted from the group information holding terminal 300 to another group information holding terminal 300. 25, m1001 is a message header, m1002 is a group identifier of group information held by the group information holding terminal 300 that has transmitted the update notification message, and m1003 is a version of the group information held by the group information holding terminal 300.

(Processing request message)
Third, the processing request message will be described with reference to FIG. FIG. 26 shows the contents of the processing request message. The processing request message is transmitted from the group information holding terminal 300 to another group information holding terminal 300. 26, m1101 is a message header, m1102 is a group identifier of group information held by the group information holding terminal 300 that has transmitted the processing request message, m1103 is a version of the group information held by the group information holding terminal 300, and m1104 is Information necessary for processing a processing request.

  Here, the information necessary for processing includes processing identification and processing target identification. The process identification is identification of processes such as content search, transfer, copy, and content right search, transfer, and copy. The processing target identification is, for example, information for uniquely specifying the content to be searched in the content search process, such as a content identifier or a content name.

(Group information transmission message)
Fourthly, the group information transmission message will be described with reference to FIG. FIG. 27 shows the contents of the group information transmission message. The group information transmission message is transmitted from the group information management server 100 to the group information holding terminal 300 or from the group information holding terminal 300 to another group information holding terminal 300. In FIG. 27, m1201 is a message header, and m1202 is group information held by the group information management server 100 or group information holding terminal 300 of the transmission source.

The data structure of the message transmitted and received between the group information management server 100, the group information changing device 200, and the group information holding terminal 300 has been described above.
In the group information management system S having the above configuration, when the contractor β owns the group information holding terminal 300 and the group information holding terminal 400, the contract information is acquired in the group information holding terminal 300 by the music distribution service of the operator α. An overview of processing required to move music content to the group information holding terminal 400 will be described with reference to FIG.

The contractor β determines whether there is a group for the group information holding terminal group held by the contractor β. (FIG. 28: Step S2001).
If the group does not exist, a new group is set (FIG. 28: Step S2002).
It is determined whether the group information holding terminal 300 and the group information holding terminal 400 are included in the group or the newly set group (FIG. 28: Step S2003).

If either one of the group information holding terminal 300 and the group information holding terminal 400 does not belong to the group or the newly set group, the group information of the group information management server 100 or the group information not belonging to the newly set group A holding terminal is added and group information update processing is performed (FIG. 28: step S2004).
It is determined whether or not the group information of the group information holding terminal 300 and the group information holding terminal 400 is the latest (FIG. 28: Step S2005). If the group information of the group information holding terminal 300 and the group information holding terminal 400 is not the latest, the latest group information is acquired and the group information held by itself is updated (FIG. 28: step S2006). If necessary, an update notification is transmitted to another group information holding terminal (FIG. 28: step S2007).

Each determination process in step S2001, step S2003, and step S2005 is performed by connecting the group information holding terminals 300 and 400 to the group information management server 100 via the Internet or the like and viewing a list of group information holding terminals belonging to the group with a web browser. Is possible.
The outline of the processing necessary for moving the music content from the group information holding terminal 300 to the other group information holding terminal 400 has been described above.

  Next, details of the group information new setting process in step S2002, the group information update process in step S2004, and the group information acquisition process of the group information holding terminal in step S2006 will be described. Finally, a process related to the update notification message transmitted with the group information update process will be described.

(Details of new group information settings and update processing)
First, the group information new setting and updating process will be described. In the present invention, the group information is managed by the group information management server 100. Therefore, the group information new setting process and update process must newly set and change the group information held by the group information management server 100. It is assumed that the group information new setting and changing process is performed by the contractor β, the person in charge of the business operator α, etc., but the group information setting / changing process is the same. It is assumed that the persons in charge of the person β and the company α are collectively referred to as a changer γ, and the changer γ performs new setting and change processing of group information.

First, a process when the changer γ newly sets group information in the group information storage unit 101 of the group information management server 100 will be described.
For example, the changer γ connects to the group information change device 200 from the group information holding terminal through the Internet and inputs information to be set in the group information setting / change information input unit 201.

  The input information includes at least a terminal identifier list of group information holding terminals belonging to the same group. For example, “New group id = 0x0001, 0x0003, 0x0004” is input. The input data is transmitted to the group information setting / updating unit 103 through the communication unit 202 and the communication unit 106 of the group information management server 100. The group information setting / updating unit 103 assigns a group identifier to the new group and stores it in the group information storage unit 101 together with the input terminal identifier.

In the present embodiment, the group information actual data is described as a terminal list. A group information terminal list l601 in FIG. 29A is assigned with 0xF001 as a group identifier. The version is set for each group information, and the initial value is a base point of a value that monotonically increases in the group information management server 100. It is assumed that 2 is set in the terminal list l601.
In this way, the group information setting process is performed, and if necessary, a normal end notification is returned through the communication unit 106 and the communication unit 202 of the group information changing device 200.

Next, processing when the changer γ updates group information stored in the group information storage unit 101 of the group information management server 100 will be described.
For example, the changer γ connects to the group information changing device 200 from the group information holding terminal through the Internet and inputs information to be changed to the group information setting / change information input unit 201.

The group information actual data will be described as a terminal list with reference to FIGS.
FIGS. 29A to 29D are diagrams showing an example of the group information terminal list. The group information terminal list including the terminal list includes a group identifier, a version, and a terminal identifier. In the group information terminal list l601 in FIG. 29A, the group identifier is 0xF001, the version is “2”, the terminal identifiers are 0x0001, 0x0003, 0x0004 is stored.

  First, a case where a terminal with the terminal identifier 0x0005 is added to the terminal list l601 will be described. The changer γ designates the terminal identifier 0xF001 and inputs an instruction to add the terminal identifier 0x0005 to the group information setting / change information input unit 201. For example, “gid = 0xF001 add tid = 0x0005” is input. The input data is transmitted to the group information setting / updating unit 103 through the communication unit 202 and the communication unit 106 of the group information management server 100.

  The group information setting / updating unit 103 identifies the corresponding group information terminal list 1601 from the group information storage unit 101 using the group identifier 0xF001 as a key from the received input data, and adds the terminal identifier 0x0005 to the terminal list. Since the group information terminal list l601 has been updated, the version is incremented by 1 and stored in the group information storage unit 101. The group information terminal list l602 in FIG. 29B is the group information terminal list after the additional processing is performed on the state in FIG. In this way, the group information terminal list is changed, and if necessary, a normal end notification is returned through the communication unit 106 and the communication unit 202 of the group information changing device 200.

Next, a case where the changer γ deletes the terminals having the terminal identifiers 0x0004 and 0x0005 from the group information terminal list l602 will be described.
The changer γ designates the terminal identifier 0xF001 and inputs an instruction to delete the terminal identifiers 0x0004 and 0x0005 to the group information setting / change information input unit 201.
For example, “gid = 0xF001 del tid = 0x0004, 0x0005” is input. The input data is transmitted to the group information setting / updating unit 103 through the communication unit 202 and the communication unit 106 of the group information management server 100.

  The group information setting / updating unit 103 specifies the corresponding group information terminal list l602 from the group information storage unit 101 using the group identifier 0xF001 as a key from the received input data. The terminal identifiers 0x0004 and 0x0005 are deleted from the group information terminal list l602. Next, since the group information terminal list l602 has been changed, the version is incremented by 1 to 4 and stored in the group information storage unit 101. The group information terminal list l603 of FIG. 29C is the group information terminal list after the deletion process is performed on the state of FIG. The change process is performed in this way, and if necessary, a normal end notification is returned through the communication unit 106 and the communication unit 202 of the group information changing device 200.

  In the above description, the difference information between the group information terminal list before the change and the group information terminal list after the change is input as the change information. However, all the terminal identifiers of the group information terminal list after the change are input. The terminal information in the group information terminal list may be overwritten. However, in the overwriting process, the terminal list is overwritten and the version is updated (added by 1).

Note that the changer γ may directly operate the group information change device 200. In order to facilitate the change work, the state of the terminal list before or after the change may be displayed to the changer γ at the time of the change.
The group information changing device 200 may be installed in any location such as a server group operated by the business operator α or a group information holding terminal.

Further, authentication may be performed prior to processing when new setting or changing of group information is performed. Specifically, a general method is assumed such as using terminal-specific information, a user password, or a certificate from another reliable device.
In addition, when there are a plurality of levels of authority to change the group information, the authentication process is performed according to the level according to the level. Here, if there are multiple levels, if level 1, group information holding terminals can be added to the group, but group information holding terminals cannot be deleted, and group information holding terminals can be added to or deleted from the group at level 2. That's it.

  In the above description, the group information is specified using the group identifier as a key. However, the group information can be specified using the terminal identifier as a key. Specifically, when the group information storage unit 101 is searched using the terminal identifier 0x0001 as a key, the group information terminal list l601 is specified. When the terminal identifier is used as a key, a plurality of group information may be detected, but the changer γ may be selected, or the same processing as described above may be performed for each of the plurality of group information. When the terminal identifier is used as a key, the group information acquisition request message may not include a group identifier.

Even when the terminal identifier is used as a key, the processing after group information is specified is the same as when the group identifier is used as a key.
The group information new setting and updating process has been described above.

(Details of group information acquisition processing)
Next, the group information acquisition process of the group information holding terminal 400 will be described. A case where the group information holding terminal 400 acquires / updates group information will be described. The group information holding terminal 400 obtains group information from the group information management server 100 and other group information holding terminals (in this embodiment, the group information holding terminal 300).

First, a case where the group information holding terminal 400 acquires group information from the group information management server 100 will be described, and then a process performed when the group information holding terminal 400 acquires from another group information holding terminal 300 will be described.
First, a case where the group information holding terminal 400 acquires group information from the group information management server 100 will be described.

The group information holding terminal 400 creates a group information acquisition request message by the group information acquisition request unit 302 and transmits it to the group information management server 100 through the communication unit 308. When receiving the group information acquisition request message, the group information management server 100 determines whether to update the group information.
The update determination includes a method using a version and a method using an updated terminal list.

First, an update determination process using a version will be described, and then an update determination process will be described using an updated terminal list.
First, a process when the group information update determination is performed using the version will be described.
It is assumed that the group information management server 100 holds a group information terminal list l601 (FIG. 29 (a)). However, although 2 is stored in the version of the group information terminal list l601, it is assumed that the version is more generally stored.

As shown in FIG. 24, the group information acquisition request message includes a message header, a terminal identifier, a group identifier, and a version.
The group information management server 100 that has received the group information acquisition request message transmits the group information acquisition request message to the group information update determination unit 105 through the communication unit 106. The group information update determination unit 105 that has received the group information acquisition request message makes an update determination.

  Here, the update determination by the group information update determination unit 105 will be described. The group information update determination unit 105 extracts a terminal identifier m802, a group identifier m803, and a version m804 from the group information acquisition request message. The group information update determination unit 105 identifies and acquires the corresponding group information terminal list l601 from the group information storage unit 101 using the group identifier m803 as a key.

The group information update determination unit 105 determines whether or not the terminal identifier m802 is included in the group information terminal list l601. When the terminal identifier m802 is included, it is determined that it belongs to the group corresponding to the group identifier m803, and when it is not included, it is determined that it does not belong to the group.
If it is determined that it does not belong to the group, the process is terminated, and a reply message including a group information deletion instruction is transmitted to the group information holding terminal 400. The reply message is transmitted to a destination corresponding to the message header m801.

If it is determined to belong to the group, the following processing is performed.
The group information update determination unit 105 extracts the version ver from the group information terminal list l601 and performs a comparison process with the version m804 acquired from the group information acquisition request message.
When ver> m804, a reply message including the group information terminal list 1601 in the message body is transmitted to the group information holding terminal 400.

If ver> m804 is not satisfied, no update is required, and a reply message including an update unnecessary notification in the message body is transmitted to the group information holding terminal 400.
When no update is required, the network load can be reduced by not transmitting the group information.
Note that, when ver <m804 is not possible at normal time, it may be regarded as an abnormal system, and a reply message including a notification indicating that the message body is abnormal may be transmitted to the group information holding terminal 400.

In the case of an abnormal system, the group information holding terminal 400 may be regarded as illegal and processing such as exclusion from the group may be performed. Excluding from the group indicates that the corresponding terminal identifier is deleted from the group information terminal list l601. The method for deleting the group information terminal identifier from the group information terminal list l601 has been described above.
Next, processing of the group information holding terminal 400 that has received the reply message will be described.

First, a case where group information is included in the reply message will be described.
In the group information holding terminal 400, the group information acquisition / update unit 303 acquires the received reply message through the communication unit 308. The group information acquisition / update unit 303 extracts group information from the reply message, and updates the group information in the group information storage unit 301. It should be noted that a match confirmation for confirming a match between the group identifier of the extracted group information and the group identifier of the group information held by itself is updated, and the version of the extracted group information and the version of the group information held by itself are updated. A determination may be made.

Next, a case where a group information deletion instruction is included in the reply message will be described.
Processing until the group information acquisition / update unit 303 acquires the reply message is the same as the case where the reply message includes group information. The group information acquisition / update unit 303 deletes the group information in the group information storage unit 301.

Next, a case where an update unnecessary notification is included in the reply message will be described.
The group information acquisition / update unit 303 that acquired the reply message performs no processing.
In the above, the process in the case of performing update determination using a version has been described.

  Next, processing in the case of performing group information update determination using the group information updated terminal list will be described with reference to FIGS. FIGS. 30A to 30C are diagrams showing examples of the contents of the group information updated terminal list. As shown in FIG. 30A, the group information updated terminal list l901 stores 0xF001 as a group identifier and 0x0003 and 0x0004 as terminal identifiers of updated terminals. The group information management server 100 holds the group information updated terminal list l901 in the updated terminal list storage unit 102, and the group information holding terminals having the terminal identifier 0x0003 and the terminal identifier 0x0005 hold the group information terminal list l602. And

A process when the group information holding terminal with the terminal identifier 0x0003 and the group information holding terminal with the terminal identifier 0x0005 transmit a group information acquisition request message to the group information management server 100 will be described.
First, a case where the group information holding terminal having the terminal identifier 0x0003 transmits a group information acquisition request message will be described.

  The group information update determination unit 105 receives the group information acquisition request message through the communication unit 106. The group information acquisition request message includes a terminal identifier 0x0003, a group identifier 0xF001, and version 3. The group information update determination unit 105 extracts the terminal identifier 0x0003 and the group identifier 0xF001. The group information update determination unit 105 identifies and extracts the group information updated terminal list l901 from the updated terminal list storage unit 102 using the group identifier 0xF001 as a key, and the terminal identifier 0x0003 is added to the terminal identifier list of the group information updated terminal list l901. It is determined whether or not it is included.

The terminal identifier list of the group information updated terminal list l901 includes the terminal identifier 0x0003, and the group information holding terminal with the terminal identifier 0x0003 determines that the group information has already been updated, and sends a reply message including an update unnecessary notification Sent to the group information holding terminal.
The processing of the group information holding terminal that has received the reply message has been described above.

Next, a case where the group information holding terminal having the terminal identifier 0x0005 transmits a group information acquisition request message will be described.
The group information update determination unit 105 receives the group information holding terminal group information acquisition request message through the communication unit 106. The group information acquisition request message includes a terminal identifier 0x0005, a group identifier 0xF001, and version 3. The group information update determination unit 105 extracts the terminal identifier 0x0005 and the group identifier 0xF001. The group information update determination unit 105 identifies and extracts the group information updated terminal list l901 from the updated terminal list storage unit 102 using the group identifier 0xF001 as a key, and the terminal identifier 0x0005 is added to the terminal identifier list of the group information updated terminal list l901. It is determined whether or not it is included.

  The terminal identifier list of the group information updated terminal list l901 does not include the terminal identifier 0x0005, and the group information holding terminal corresponding to the terminal identifier 0x0005 determines that the group information has not been updated, and the group information is included in the message body. Is sent, and the terminal identifier 0x0005 is added to the terminal identifier list of the group information updated terminal list l901.

The group information updated terminal list after the addition is a group information updated terminal list l902 shown in FIG.
Next, the update of the group information updated terminal list when the group information is changed will be described.
A case where the group information setting / updating unit 103 has changed the group information of the group identifier 0xF001 will be described. The group information setting / updating unit 103 identifies and acquires the group information updated terminal list l902 corresponding to the group identifier 0xF001 from the updated terminal list storage unit 102 using the group identifier 0xF001 of the group information that has been updated as a key. All the terminal identifier items in the updated terminal list l902 are deleted. The group information updated terminal list 1903 after the deletion is the group information updated terminal list l903 (FIG. 30C). This is because when there is a change in group information, there is no group information holding terminal updated with the group information reflecting the change at the time of change.

As can be seen from the above description, when the update determination is performed using the group information updated terminal list, the group information acquisition request message may not have a version.
Although the update determination is performed based on the version or the updated terminal list, since the group information managed by the group information management server 100 is the latest, the group information may be constantly updated without performing the update determination.

If the group information holding terminal that has transmitted the group information acquisition request message can be confirmed to belong to the corresponding group by a method different from the determination by the group identifier of the group information acquisition request message, whether or not it belongs to the group This determination is not necessary, and the group information acquisition request message may not have a terminal identifier.
The other methods are group authentication based on a user's password, and a message is encrypted with common information held in common by the group, and an encrypted message can be decrypted with corresponding common information, and thus determined to belong to the same group There are methods.

  In the above, the process until the group information holding terminal acquires group information from the group information management server 100 and updates it has been described.

Next, a case where group information is updated between group information holding terminals will be described.
Description will be made assuming that the group information holding terminal 300 acquires group information from another group information holding terminal 400.

A process from when the group information holding terminal 300 creates a group information acquisition request message by the group information acquisition request unit 302 and transmits it to the group information holding terminal 400 through the communication unit 308 to acquire group information will be described.
The group information acquisition request message includes a message header m801, a terminal identifier m802, a group identifier m803, and a version m804 as shown in FIG.

The group information holding terminal 400 that has received the group information acquisition request message transmits the group information acquisition request message to the group information update determination unit 305 through the communication unit 308.
The group information update determination unit 305 receives the group information acquisition request message and performs update determination. Here, the update determination process by the group information update determination unit 305 will be described.

The group information update determination unit 305 extracts a terminal identifier m802, a group identifier m803, and a version m804 from the group information acquisition request message.
The group information holding terminal 400 determines whether the group identifier m803 matches the group identifier of the group information held in the group information storage unit 301. If they do not match, the process ends and a group mismatch error message is returned. If the result of the coincidence determination is coincident, the subsequent processing is performed.

The group information holding terminal 400 determines whether or not the terminal identifier m802 exists in the terminal list of group information held in the group information storage unit 301.
If not, the process ends and a terminal identifier mismatch error message is returned. If it exists, the following processing is performed.
The update determination process by the group information update determination unit 305 will be described with the version of the group information held by the group information holding terminal 300 being ver1 and the version of the group information held by the group information holding terminal 400 being ver2.

The group information update determination unit 305 acquires ver2 from the group information acquisition request message and ver1 from the group information storage unit 301, and performs version comparison processing.
When ver1 = ver2, a reply message including an update unnecessary notification is transmitted to the group information holding terminal 400.
When ver1> ver2, since the group information of the group information holding terminal 300 is newer than the group information of the group information holding terminal 400, a reply message including the group information held by the group information holding terminal 300 is transmitted to the group information holding terminal 400. .

In the case of ver1 <ver2, the group information holding terminal 300 has older group information than the group information holding terminal 400. Therefore, the group information holding terminal 300 sends a group information acquisition request message to the group information holding terminal. 400 is transmitted.
Next, processing of the group information holding terminal 400 that has received the reply message will be described.

A case will be described where a reply message including group information held by the group information holding terminal 300 is received.
In the group information holding terminal 400, the group information acquisition / update unit 303 acquires the received reply message through the communication unit 308. The group information acquisition / update unit 303 extracts the group information from the reply message, and updates the group information in the group information storage unit 301.

Here, a method of updating the terminal list in the group information acquisition / update unit 303 will be described.
There are two methods for updating the terminal list. First, the first method is to overwrite the group information held by the group information acquired from the group information holding terminal 300, and the second method is the group information. This is a method of generating new group information from the group information acquired from the holding terminal 300 and the group information held by itself.

Regarding the second method, more specifically, the group information acquired from the group information holding terminal 300 is the group information terminal list l604 (FIG. 29D), and the group information held by itself is the group information terminal list l601 (FIG. 29 ( This will be described as a)).
The group information terminal list l604 includes terminal identifiers 0x0001 and 0x0005, and the group information terminal list l601 includes terminal identifiers 0x0001, 0x0003, and 0x0004. As an example of a method for newly generating a group information terminal list from the group information terminal list l601 and the group information terminal list l604, there is a method of merging terminal identifiers. As a result of the merge, a group information terminal list l602 (FIG. 29B) including terminal identifiers 0x0001, 0x0003, 0x0004, and 0x0005 is generated. Set a high value for both versions. In the above example, 5 is set. Note that the version may not be changed. Although the method of merging terminal identifiers has been described as an example of a method for newly generating a group information terminal list from two group information terminal lists, the method for generating a group information terminal list is not limited to this. The second method is effective in such an operation that the number of terminals belonging to the same group is updated monotonously.

If the reply message includes an update unnecessary notification, no processing is performed.
When the reply message includes a group information acquisition request, the same processing is performed if the positions of the group information holding terminal 300 and the group information holding terminal 400 in this description are switched.
The processing when there is a group information acquisition request between the group information holding terminals has been described above.

  The process from the group information holding terminal 400 acquiring group information from the group information management server 100 or another group information holding terminal 300 to updating the group information has been described above.

(Processing related to update notification messages)
Finally, a process related to the update notification message transmitted with the group information update process will be described.

The update notification message prompts the group information holding terminal that has received the update notification message to update the group information and smoothly updates the group information of the same group.
FIG. 31 shows the configuration of group information management terminal 100, group information holding terminals 300 and 400 and 500 belonging to group I, and group information holding terminal 600 belonging to group II different from group I according to the embodiment of the present invention. It is the figure which showed the data transmitted / received between each apparatus in the block diagram shown.

  The group information management server 100 and each group information holding terminal are connected so that data communication is possible, group I is a terminal group held by the contractor β, and group II is held by a contractor δ different from the contractor β. A terminal. In general, the subscribers of terminals belonging to the same group are considered to be the same user. However, the way of forming a group differs depending on the operation, such as the formation of the same group by a plurality of users, and the terminals owned by the same user belonging to a plurality of groups. A group may be set for each possible process, or one terminal may belong to a plurality of groups.

The group in the following description is a group regarding permission / non-permission of all processing such as movement and copying of the group information holding terminal, and all the group information holding terminals will be described as belonging to one group.
In the group information management server 100 and the group information holding terminal 300 having the above configuration, the group information holding terminal 300 acquires group information from the group information management server 100 and then transmits a group information update notification message to hold the group information. Operations until the terminal 400 updates the group information will be described with reference to FIGS.

First, a case where group information can be acquired only from the group information management server 100 will be described with reference to FIGS.
With reference to FIG. 32, processing of each unit until the group information holding terminal 300 acquires group information from the group information management server 100 and the group information of the group information holding terminal 400 is updated will be described.

The group information holding terminal 300 creates a group information acquisition request message in the group information acquisition request unit 302 by the operation of the contractor β and transmits it to the group information management server 100 through the communication unit 308 (φ in FIG. 31 and FIG. 32: Step S2101).
The group information management server 100 that has received the group information acquisition request message sends it from the communication unit 106 to the group information acquisition / transmission unit 104. The group information acquisition / transmission unit 104 extracts a group identifier from the group information acquisition request message, identifies and acquires group information corresponding to the group I from the group information storage unit 101 using the group identifier as a key. (FIG. 32: Step S2102). Here, the update determination may be performed.

The group information acquisition / transmission unit 104 transmits a group information transmission message including the acquired group information from the communication unit 106 to the group information holding terminal 300. (FIG. 32: Step S2103).
The group information holding terminal 300 receives the group information transmission message from the group information management server 100 (χ in FIG. 31 and FIG. 32: step S2104), and transmits it to the group information acquisition / update unit 303. The group information acquisition / update unit 303 extracts the group information from the group information transmission message, and updates the group information in the group information storage unit 301. (FIG. 32: Step S2105).

The group information acquisition / update unit 303 performs control so as to transmit an update notification message to the update notification transmission unit 304 when the update of the group information ends normally.
The update notification transmission unit 304 broadcasts an update notification message that prompts the group information to be updated to other group information holding terminals (ψ in FIG. 31 and FIG. 32: step S2106).
As shown in FIG. 25, the update notification message includes a message header m1001, a group identifier m1002, and a version m1003.

In the above example, the group identifier m1002 stores the group identifier of the group to which the group information holding terminal 300 belongs, and the version m1003 stores the version of the group information held by the group information holding terminal 300.
Although the update notification message is described as being broadcast, it may be unicast to a specific group information holding terminal. An update notification is transmitted to a terminal that is close to a specific group information holding terminal in terms of the network configuration, or to a group information holding terminal corresponding to a terminal identifier in a terminal list described in advance in the group information.

Hereinafter, processing of the group information holding terminal that has received the update notification message will be described. The processing of the group information holding terminal that has received the update notification message is the same for broadcast and unicast.
The processing of the group information holding terminal that has received the update notification message is the case of the group information holding terminal 400 belonging to the same group I as the group information holding terminal 300, and the group information holding terminal 600 that belongs to the group II different from the group information holding terminal 300. The case will be described.

First, the processing after receiving the update notification message of the group information holding terminal 400 belonging to the group I will be described.
The group information holding terminal 400 receives the update notification message from the group information holding terminal 300 (FIG. 32: step S2107), and transmits the update notification message to the group information update determination unit 305 through the communication unit 308.

The update determination unit 305 extracts a group identifier from the update notification message and determines whether or not it matches the group identifier of the group information held in the group information storage unit 301. If they match, the subsequent processing is performed. If they do not match, the subsequent processing is not performed.
Since the group information holding terminal 300 and the group information holding terminal 400 belong to the group I, the group identifiers match and the subsequent processing is performed.

An update determination process is performed to determine whether or not to perform an update process from the version of the group information included in the update notification message and the version of the group information held by the group information holding terminal 300 (FIG. 32: step S2108).
The update determination process is the same as the update determination process when the group information holding terminal described above receives a group information acquisition request message.

If the group information holding terminal 300 and the group information holding terminal 400 are guaranteed by other methods to belong to the same group, the group matching confirmation is not performed.
Further, since the group information holding terminal 300 that is the transmission source of the update notification message has acquired group information from the group information management server 100, the group information included in the update notification message is the group held by the group information management server 100. Information, that is, the latest group information. In this case, for example, 0xFFFF may be stored as a special value indicating that update determination processing is not necessary for the version. The group information holding terminal 400 that has received the update notification message whose version is the special value performs the update process without performing the update determination process. Note that a certificate of the group information management server 100 may be used as a mechanism for ensuring that the group information holding terminal 300 that is the transmission source of the update notification message has acquired the group information from the group information management server 100.

When it is determined that the update is necessary by the update determination process, the group information acquisition request unit 302 creates a group information acquisition request message and transmits it to the group information management server 100 through the communication unit 308 (see FIG. 31 and FIG. 32). : Step S2109).
The group information management server 100 that has received the group information acquisition request message transmits it to the group information acquisition / transmission unit 104 through the communication unit 106.

The group information acquisition / transmission unit 104 that has received the group information acquisition request message identifies and acquires the corresponding group information from the group information storage unit 101 using the group identifier as a key (FIG. 32: step S2110).
The group information acquisition / transmission unit 104 generates a reply message including the acquired group information and transmits it to the group information holding terminal 400 through the communication unit 106 (FIG. 32: step S2111).

The group information holding terminal 400 receives the reply message (FIG. 32: Step S2112), and updates the group information in the group information storage unit 301 (FIG. 32: Step S2113).
The detailed processing from step S2109 to step S2113 has been described in the description of the group information acquisition / update processing from the previous group information management server 100.

In the above description, the update determination process is described as being performed by the group information holding terminal 400, but the update determination may be performed by the group information management server 100.
Processing when the group information management server 100 performs update determination with the same configuration as above will be described with reference to FIG.
The processing from step S2201 to step S2207 in FIG. 33 is as described in steps S2101 to S2107. Next, the group information holding terminal 400 does not perform the update determination process, and transmits a group information acquisition request to the group information management server 100 (FIG. 33: step S2208). This group information acquisition request has been described in step S2109.

When the group information management server 100 receives a group information acquisition request from the group information holding terminal 400, the group information management server 100 transmits the group information acquisition request message to the group information update determination unit 105 through the communication unit 106.
The group information update determination unit 105 performs the following processing.
The group information management server 100 identifies and acquires group information corresponding to the group I by the method described in step S2102. An update determination is performed from the identified group information and the group information extracted from the group information acquisition request message (FIG. 33: step S2209). The update determination method has been described above.

  If the group information needs to be updated as a result of the update determination, the group information is acquired (FIG. 33: Step S2210), and the group information is transmitted to the group information holding terminal 400 (FIG. 33: Step S2211). These processing contents are the same as those in steps S2110 and S2111. The group information holding terminal 400 receives the group information update message (FIG. 33: step S2212), and updates the group information storage unit 301 (FIG. 33: step S2213). The processing contents are the same as those in FIG. 32: Step S2112 and Step S2113. If it is determined that no update is required, an update unnecessary notification message is transmitted to the group information holding terminal 400 (FIG. 33: step S2214).

When the group information holding terminal 400 receives the update unnecessary notification message (FIG. 33: Step S2215), the process ends without performing the process related to the group information update.
As described above, the latest group information is acquired from the group information management server 100 and updated.

Next, a process after reception of the update notification message of the group information holding terminal 600 belonging to the group II which is a group different from the group information holding terminal 300 will be described.
The group information holding terminal 600 receives the update notification message from the group information holding terminal 300, and the group information holding terminal 600 transmits the update notification message to the group information update determination unit 305 through the communication unit 308.
The group information update determination unit 305 extracts a group identifier from the update notification message, and performs a match determination from the group identifier of the group information held in the group information storage unit 301. The group information holding terminal 300 belongs to the group I, and the group information holding terminal 600 belongs to the group II. In the group identifier matching determination, the group information does not match and the subsequent processing is not performed.

Here, it has been described that the group information holding terminal 300 transmits a group information acquisition request message to the group information management server 100. However, the group information management server 100 pushes group information to the group information holding terminal 600 in the online environment. The processing after group information acquisition is the same.
The case where the group information holding terminal 300 transmits the update notification after acquiring the latest group information from the group information management server 100 has been described above.

Next, group information update processing when communication is performed between group information holding terminals will be described. Communication between group information holding terminals is performed when searching for desired content or acquiring content within the same group.
The former is a group information holding terminal that performs a search broadcasts a search request to a search target terminal, that is, 1: n communication, and the latter is a unicast acquisition request to a specific terminal after the search. 1: 1 communication.

An update process performed when the group information holding terminal 300 communicates with another group information holding terminal 400 will be described with reference to FIGS. 34 and 35. FIG.
FIG. 34 is a block diagram showing the configuration of group information management server 100 and group information holding terminals 300 and 400 belonging to group I according to the embodiment of the present invention, and shows data transmitted and received between the devices. .

Processing of the group information holding terminal 300 that transmits the search request and the acquisition request and the group information holding terminal 400 that receives the search request and the acquisition request will be described. The processing is the same even if a group information update notification is transmitted instead of the search request and the acquisition request.
For the sake of simplicity, the search request and the acquisition request will be described together as processing requests. The processing request requires information necessary for update determination, and in this embodiment, the management information of the group information, specifically, the version will be described as an example.

In addition, time information acquired from the group information management server 100 is assumed. Since the group information management server 100 is premised on holding the latest group information, the group information management server 100 determines that the group information is newer when the acquisition time is later.
As shown in FIG. 26, the processing request message includes a message header m1101, a group identifier m1102, a version m1103, and a processing content m1104.

In the above example, the group identifier m1102 stores the group identifier of the group to which the group information holding terminal 300 belongs, and the version m1103 stores the version of the group information held by the group information holding terminal 300.
The group information holding terminal 300 creates and transmits the processing request message by the processing request transmission unit 306 (φ in FIG. 34 and FIG. 35: step S2301).

The group information holding terminal 400 receives the processing request message (FIG. 35: step S2302), and extracts the version.
The group information update determination unit 305 acquires the version of the group information held by the group information storage unit 301 from the group information storage unit 301 and performs the update determination process (FIG. 35: step S2303).

  The group information update determination unit 305 terminates the process when no update is necessary. When the group information holding terminal 300 needs to be updated, the group information holding terminal 400 generates an update notification message by the update notification transmitting unit 304 and transmits it to the group information holding terminal 300 through the communication unit 308 (χ−1 in FIG. 34). And FIG. 35: Step S2304). The update notification message may be broadcast.

The group information holding terminal 300 receives the update notification message (FIG. 35: step S2305), and transmits the group information acquisition request message to the group information management server 100 by the group information acquisition request unit 302 (ψ-1 and FIG. 34). FIG. 35: Step S2306).
When the group information holding terminal 400 is determined to be updated by the update determination process, the group information holding terminal 400 transmits a group information acquisition request message to the group information management server 100 by the group information acquisition request unit 302 (see FIG. 34 x-2 and FIG. 35: Step S2307).

  The group information management server 100 receives the group information acquisition request message, acquires the group information held in the group information storage unit 101 by the group information management server 100 (FIG. 35: step S2308), and includes the group information. A reply message is transmitted to the group information holding terminal 300 or 400 that has transmitted the group information acquisition request message (FIG. 35: step S2309).

The group information holding terminal 300 or 400 receives the reply message (FIG. 35: step S2312, step S2310), and updates the group information in the group information storage unit 301 (FIG. 35: step S2313, step S2311).
Processing from transmission of group information acquisition request message to group information update by group information holding terminal 300 or 400 (FIG. 35: Step S2306, Step S2308, Step S2309, Step S2312, Step S2313, or Step S2307 to Step S2311) Explained earlier.

Here, the version of the group information held by the group information holding terminal 300 is 2, the version of the group information held by the group information holding terminal 400 is 3, and the group information held by the group information management server 100 is A case where the version is 4 will be described.
According to the method described above, the group information holding terminal 300 determines that the group information needs to be updated, and acquires and updates the latest group information group information from the group information management server 100. The version of the group information held by the group information holding terminal 300 is 4, but the version of the group information held by the group information holding terminal 400 remains 3.

A method for setting the version of the group information held by the group information holding terminal 400 to 4 in such a case will be described.
The group information holding terminal 300 stores the version of the group information held by the group information holding terminal 400. When the group information is received from the group information management server 100, the version of the group information received from the group information management server 100 is stored. Is extracted from the stored version of the group information holding terminal 400, and an update notification message is transmitted to the group information holding terminal 400 when it is determined that updating is necessary.

The processing of the group information holding terminal 300 that has received the update notification message has been described above.
As another method, information for identifying the other group information holding terminal for processing in the group information acquisition request message transmitted by the group information holding terminal 300 (in the above example, the identifier or IP address of the group information holding terminal 400, etc.) The group information management server 100 including the items included in the message header may be updated at the same time assuming that there are pseudo update requests from two terminals. In addition, when the version of the group information held by the group information holding terminal 400 is included in the group information acquisition request message, it is possible to determine whether to update the group information held by the group information holding terminal 400.

The process for updating group information during communication between group information holding terminals has been described above.
When the group information holding terminal 300 broadcasts a processing request message depending on the processing content, it may be unicast, but the processing of the group information holding terminal 400 that receives the processing request is the same.

In addition, when there are update notifications from a plurality of group information holding terminals to the group information holding terminal 300, an update determination may be made every time an update notification message is received, and an unnecessary group information update request may not be made. . Further, once an update notification message is received, processing may not be performed even if the update notification message is received for a certain period.
In the above description, the group information holding terminal that has received the update notification message has been described as acquiring the latest group information from the group information management server 100.

Next, a case where the group information holding terminal that has received the update notification message acquires group information from another group information holding terminal and performs update processing will be described with reference to FIGS. 36 to 38.
FIG. 36 is a block diagram showing the configuration of group information holding terminals 300 and 400 belonging to group I according to the embodiment of the present invention, showing data transmitted and received between the devices.

A description will be given from the point where the group information holding terminal 300 transmits the processing request message.
As illustrated in FIG. 26, the processing request message includes a message header m1101, a group identifier m1102, a version m1103, and a processing content m1104.
The group identifier m1102 stores the group identifier of the group to which the group information holding terminal 300 belongs, and the version m1103 stores the version of the group information held by the group information holding terminal 300.

First, a case where group information update determination is performed on the group information holding terminal 400 side that receives the processing request message in the above configuration will be described with reference to FIGS.
The group information holding terminal 300 generates and transmits the processing request message by the processing request transmission unit 306 (φa and φb in FIG. 36 and FIG. 37: step S2401).
The group information holding terminal 400 receives the processing request message (FIG. 37: step S2402), and extracts the version.

The group information update determination unit 305 acquires the version of the group information held by itself from the group information storage unit 301 and performs an update determination process (FIG. 37: step S2403).
The group information update determination unit 305 terminates the process when no update is necessary, and transmits a reply message including an update unnecessary notification to the group information holding terminal 300 through the communication unit 308 (FIG. 37: step S2413). Further, the group information holding terminal 300 receives the reply message from the group information holding terminal 400 (FIG. 37: step S2414). If the update is not required, the reply message including the update unnecessary notice may not be transmitted.

When the group information holding terminal 300 needs to be updated, the group information acquisition / transmission unit 307 acquires group information from the group information storage unit 301 (FIG. 37: step S2409), generates a group information transmission message, and transmits the communication unit. It transmits to the group information holding terminal 300 through 308 (χa in FIG. 36 and FIG. 37: step S2410).
The group information transmission message includes a message header m1201 and group information m1202, as shown in FIG.

The group information holding terminal 300 receives the group information transmission message from the group information holding terminal 400 (FIG. 37: step S2411), and updates the group information in the group information storage unit 301 (FIG. 37: step S2412).
Although the case where the group information holding terminal 400 pushes the group information by the group information transmission message has been described, an update notification message is sent instead of the group information transmission message, and the group information acquisition request message is sent to the group information holding terminal 300. May be generated and transmitted, and the group information of the group information holding terminal 300 may be updated.

When the group information holding terminal 400 is determined to be updated by the update determination process, the group information holding terminal 400 sends a group information acquisition request message to the group information management server 100 by the group information acquisition request unit 302. (Χb in FIG. 36 and FIG. 37: Step S2404).
The group information holding terminal 300 receives the group information acquisition request message, and the group information acquisition / transmission unit 307 acquires the group information held in the group information storage unit 301 (FIG. 37: step S2405), and transmits the group information. A message is generated and transmitted to the information holding terminal 400 through the communication unit 308 (ψb in FIG. 36 and FIG. 37: Step S2406).

  The group information holding terminal 400 receives the group information transmission message from the group information holding terminal 300 (FIG. 37: step S2407), and updates the group information in the group information storage unit 301 (FIG. 37: step S2408).

Next, a case where group information update determination is performed on the group information holding terminal 300 side that transmits the processing request message in the above configuration will be described with reference to FIG.
The group information holding terminal 300 transmits the processing request message by the processing request transmission unit 306 (FIG. 38: step S2501).
The group information holding terminal 400 receives the processing request message (FIG. 38: Step S2502), creates a group information acquisition request message by the group information acquisition request unit 302, and transmits it to the group information holding terminal 300 through the communication unit 308. (FIG. 38: Step S2503).

The group information holding terminal 300 receives the group information acquisition request message from the group information holding terminal 400 and makes an update determination (FIG. 38: step S2504).
Note that the process from the update determination process to the group information update (FIG. 38: step S2504 to step S2515) is the same process if the group information holding terminal 300 and the group information holding terminal 400 are interchanged in the explanation of step S2403 to step S2414. Become.

  Here, the case where the group information holding terminal 300 transmits a processing request message for content search and acquisition processing has been described. In addition, after the group information holding terminal 300 acquires / updates group information from the group information management server 100, a group information update notification is transmitted to the group information holding terminal 400, and the group information update process is performed by communication between the group information holding terminals. May be performed.

The update notification message includes a group identifier and a version necessary for processing for updating group information during communication between group information holding terminals. Therefore, the process for the update notification message is the same as the process for the process request message.
The processing for updating group information during communication between group information holding terminals has been described above.

When the group information holding terminal 300 broadcasts a processing request message depending on the processing content, it may be unicast, but the processing of the group information holding terminal 400 that receives the processing request is the same.
The process for updating group information between group information holding terminals has been described above. By making it possible to update group information between group information holding terminals, it becomes possible to reduce access to the group information management server 100.

The process related to the update notification message transmitted along with the group information update process has been described above.
So far, the group information new setting, update processing, group information acquisition processing, and update processing using the update notification message when the group information actual data is the terminal list have been described.

Hereinafter, with regard to new setting of group information, update processing, group information acquisition processing, and update processing using update notification message when group information actual data is common information, the difference from the case where group information actual data is a terminal list is the center Explained.
First, the data structure of group information held by the group information management server 100 and the group information holding terminal will be described.

Group information (hereinafter referred to as group information common information) when the group information actual data is common information will be described with reference to FIG.
39A and 39B are diagrams showing the contents of the group information common information and the common information terminal list.
In FIG. 39A, g1701 is a group identifier, g1702 is a version as management information, and g1703 is common information held in common by group information holding terminals belonging to the same group.

Next, the data structure of the common information terminal list held by the group information management server 100 will be described.
A common information terminal list indicating the correspondence between group information holding terminals and groups required when the group information actual data is common information will be described with reference to FIG.
In FIG. 39B, g1711 is a group identifier, and g1712 to g1713 are lists of terminal identifiers of group information holding terminals belonging to the group corresponding to the group identifier.

Details of group information new setting processing, group information update processing, and group information acquisition processing necessary for moving music content from a group information holding terminal to another group information holding terminal will be described.
First, processing when the changer γ newly sets group information in the group information storage unit 101 of the group information management server 100 will be described with reference to FIGS. 40 (a1) to (b3). 40A1 to 40B3 are diagrams illustrating an example of group information common information and a common information terminal list.

The changer γ connects to the group information changing device 200 and inputs “new group tid = 0x0001, 0x0003, 0x0004” to the group information setting / changing information input unit 201, and the group information setting / updating unit 103 receives it. The process up to here has been described above.
The group information setting / updating unit 103 assigns a group identifier to the new group, and stores it in the group information storage unit 101 as a common information terminal list together with the input terminal identifier. What is assigned 0xF001 as a group identifier is the common information terminal list l701 in FIG. 40 (b1). The common information is generated simultaneously with the generation of the common information terminal list, and the group information common information is stored together with the group identifier. The group information common information c701 in FIG. 40A1 is set to 0xAAAA as the common information and 2 as the version.

Next, processing when the changer γ updates group information stored in the group information storage unit 101 of the group information management server 100 will be described.
The process until the changer γ inputs the change information to the group information setting / change information input unit 201 and specifies the group information stored in the group information storage unit 101 is the same as in the case of the group information terminal list.

The group information including the common information includes a group identifier, a version, and common information. In the group information common information c701 in FIG. 40 (a1), 0xF001 is stored as the group identifier, “2” is stored as the version, and common information 0xAAAA is stored.
The common information terminal list includes a group identifier and a terminal identifier. In the common information terminal list l701 in FIG. 40 (b1), 0xF001 is stored as a group identifier, and 0x0001, 0x0003, and 0x0004 are stored as terminal identifiers.

Description will be made assuming that the group information management server 100 holds the group information common information c701 and the common information terminal list l701 in the group information storage unit 101.
First, a case will be described in which a group information holding terminal having a terminal identifier 0x0005 is added to a group corresponding to the common information terminal list l701.
The process from when the changer γ inputs change information until the group information setting / updating unit 103 starts the process is the same as in the group information terminal list. The common information terminal list l701 is specified using the group identifier 0xF001 as a key, the terminal identifier 0x0005 is added, and the common information terminal list l702 in FIG. 40 (b2) is updated. Next, the group information common information c701 is specified using the group identifier 0xF001 as a key, the version is changed, and the group information common information c702 is updated.

Similarly, the processing for deleting the terminals with the terminal identifiers 0x0004 and 0x0005 is updated to the common information terminal list l703 in FIG. 40 (b3) and the group information common information c703 in FIG. 40 (a3).
Although the group information common information and the common information terminal list are managed as separate tables, the group information common information and the common information terminal list may be managed as a merged table.

The group information acquisition process of the group information holding terminal when the group information actual data is common information will be described.
A case where the group information holding terminal 400 updates group information will be described.
The group information holding terminal obtains group information from the group information management server 100 and other group information holding terminals.

First, a case where the group information holding terminal 400 acquires group information from the group information management server 100 will be described, and then a process when the group information holding terminal 300 acquires from another group information holding terminal 400 will be described.
First, a process until the group information holding terminal acquires group information from the group information management server 100 and updates when the group information is group information common information will be described.

The processing until the group information holding terminal 400 generates and transmits a group information acquisition request message and the group information update determination unit 105 of the group information management server 100 receives the group information acquisition request message is the case of the group information terminal list. The same.
The group information update determination unit 105 extracts the terminal identifier m802, the group identifier m803, and the version m804 from the group information acquisition request message.

The group information common information c701 and the common information terminal list l701 of the corresponding group information are identified and acquired from the group information storage unit 101 using the group identifier m803 as a key.
It is determined whether or not the terminal identifier m802 is included in the common information terminal list l701. When the terminal identifier m802 is included, it is determined that it belongs to the group corresponding to the group identifier m803, and when it is not included, it is determined that it does not belong to the group. If it is determined that it does not belong to the group, the process is terminated, and a reply message including a group information deletion instruction is transmitted to the group information holding terminal 400 that has transmitted the group information acquisition request message. If it is determined to belong to the group, the following processing is performed.

The group information update determination unit 105 performs update determination processing by version. The update determination process has been described in the terminal list section.
When the group information update determination unit 105 determines that the update is necessary, a reply message including the corresponding group information common information c701 is transmitted from the group information storage unit 101 to the group information holding terminal 400 using the group identifier m803 as a key.

When the update is unnecessary, a reply message including an update unnecessary notification is transmitted to the group information holding terminal 400.
The processing of the group information holding terminal 400 that has received the reply message will be described.
A case where group information common information is included in the reply message will be described.

In the group information holding terminal 400, the group information acquisition / update unit 303 acquires the received reply message through the communication unit 308. The group information acquisition / update unit 303 extracts the group information common information c701 from the reply message, and updates the group information common information in the group information storage unit 301.
The following three methods can be considered for updating the group information common information.

  First, the first method is a method of overwriting the group information common information held by the acquired group information common information c701. The second method is a method for newly generating and storing group information common information based on a certain generation rule from the group information common information c701 and the group information common information before update held by itself. The third method is a method of overwriting the group information common information version and not overwriting the common information.

  Here, a generation rule of the second method will be described. For example, the common information of the group information real data is obtained by exclusive ORing two pieces of common information, newly generating group information common information, and storing the version of the higher version of the two pieces of group information common information. is there. According to this method, when updating the group information common information of the group information holding terminal 300 and the group information holding terminal 400, the group information common information held by the group information holding terminal 300 and the group information holding terminal 400 before the update is the same. If the group information common information held by the group information holding terminal 300 and the group information holding terminal 400 before the update is different, the updated group information common information matches. May not match. Therefore, when updating the group information common information with a plurality of group information holding terminals, it is effective when performing a restriction that “the group information common information before update is the same”.

In the first and second methods, the group information common information may change when an update process occurs. In the third method, the group information common information does not change.
Here, an example of a method for determining whether or not belonging to a group using the group information common information will be described.
When communicating with each other between group information holding terminals, it is conceivable to transmit a communication message encrypted using common information as a key.

In this case, the group information holding terminal that has received the encrypted communication message decrypts and interprets the encrypted communication message using the common information as a decryption key. When terminals that transmit and receive the communication message have the same common information (belong to the same group), decoding is possible and processing is performed normally.
In addition, when the same common information is not included (does not belong to the same group), the encrypted communication message cannot be decrypted and the communication message cannot be interpreted, so that subsequent processing cannot be performed.

  If the first and second methods are applied to the case where common information is used as an encryption key as described above, updating the group information common information may change the common information, and the update is reflected to all terminals in the group. Until then, communication may not be possible even within the same group. That is, it is assumed that communication is not possible between group information holding terminals that were able to communicate before update.

  As a method for avoiding such an incommunicable case, a third method that updates the version that is the management information and does not update the common information that is the actual data of the group information is effective. In the third method, the common information that is actual group information data may not be included in the group information common information for updating.

  In addition, since the first and second methods can change the common information every time the update is performed, communication is not allowed unless the group information holding terminals hold the latest group information. It can be said that it is effective in an operation that does not permit communication unless it is between group information holding terminals holding the latest group information.

Note that it may be possible to specify which of the first to third methods is used as the common information update method for the management information so that the group information management server 100 can control these three methods.
When the group information management server 100 controls the updating method, group information can be effectively managed in various operations such as emphasizing user convenience or emphasizing security.

The group information holding terminal 400 extracts the common information c701 from the reply message through the above processing, and updates the common information in the group information storage unit 301.
Prior to the update process, group identifier matching confirmation or version determination may be performed.
When the reply message includes a group information deletion instruction, the group information acquisition / update unit 303 deletes the group information in the group information storage unit 301. Further, no processing is performed when an update unnecessary notification is included in the reply message.

The update determination using the group information updated terminal list described in the case of the group information terminal list may be performed.
The process from when the group information is group information common information to when the group information holding terminal acquires and updates the common information from the group information management server 100 has been described above.

  Next, when the group information is common information, the group information holding terminal 300 transmits a group information acquisition request message to the group information holding terminal 400, and the group information holding terminal 300 acquires and updates the group information. explain.

The processing from when the group information holding terminal generates and transmits a group information acquisition request message until the group information update determination unit 105 of the group information holding terminal 400 receives the group information acquisition request message is the same as in the case of the group information terminal list. It is.
The group information update determination unit 105 of the group information holding terminal 400 extracts a terminal identifier m802, a group identifier m803, and a version m804 from the group information acquisition request message.

The group identifier m803 and the group identifier of the group information held by itself are compared. If they match, the subsequent processing is performed. If they do not match, a group mismatch error message is returned.
The group information update determination unit 105 performs update determination processing by version.
When the group information update determination unit 105 determines that update is necessary, a reply message including the group information common information c 701 is transmitted to the group information holding terminal 300.
If no update is required, a reply message including an update unnecessary notification is transmitted to the group information holding terminal 300.

Next, processing of the group information holding terminal 300 that has received the reply message will be described.
In the group information holding terminal 300, the group information acquisition / update unit 303 acquires the received reply message through the communication unit 308. The group information acquisition / update unit 303 extracts the group information common information c701 from the reply message, and updates the group information common information in the group information storage unit 301.

As for the method for updating the group information common information, the three methods described when the group information common information is acquired from the group information management server 100 are assumed. The group information common information c701 is extracted from the reply message, and the group information common information in the group information storage unit 301 is updated.
It should be noted that group identifier matching confirmation and version determination may be performed before the update process.

The group information holding terminal holds the common information terminal list together with the group information common information, determines whether it is included in the group from the terminal identifier acquired from the group information acquisition request message, and does not belong to the group If it is determined, a reply message including a group information deletion instruction may be transmitted.
When the reply message includes a group information deletion instruction, the group information holding terminal 300 deletes the group information. The processing from receiving the reply message including the group information deletion instruction to deleting the group information has been described above.

When the reply message includes an update unnecessary notification, the group information holding terminal 300 performs no processing.
The process from when the group information is group information common information to when the group information holding terminal acquires and updates the group information common information from another group information holding terminal has been described above.

As described above, when the group information holding terminal receives the group information from the group information management server 100 or communicates with another group information holding terminal, the group information actual data is stored in the terminal list. In the case of the common information.
The group information may be included in the group information update notification message or the processing request message, and the group information holding terminal that has received the update notification message or the processing request message may update the group information after the update determination.

Through the above processing, the group information holding terminal 400 that has updated the group information can perform content transfer processing from the group information holding terminal 300 belonging to the same group.
Note that a flag for identifying a group information acquisition destination for update may be included in the management information of the group information, or may be included as an item in the message body.
It should be noted that a control flag is provided in the update notification, and the update notification such as forcing the group information update process immediately without performing the update determination process, and for prompting the group information update process if necessary and performing the update determination process. The level may be divided.

In the present embodiment, it has been described that a group information holding terminal updates group information, or an update notification is transmitted when content is moved or searched. An update notification may be broadcasted to prompt the group information in the same group to be updated to the latest one.
It is also possible to simplify the group information request / acquisition processing by transmitting the processing request message and the update notification message including the group information.

Further, there is a problem that a malicious user transmits an update notification message to a large number of group information holding terminals, concentrates access for group information acquisition requests on the group information management server 100, and brings down the group information management server 100. .
This is because if a malicious user falsifies the group identifier of the update notification message, the group information holding terminal belonging to another group can be urged to update.

In order to solve the above-described problem, authentication may be enabled on the transmission / reception side of the update notification message by encrypting the update notification message.
As a typical example, an encryption key is generated based on actual group information data, and the update notification message is encrypted. According to this method, only an update notification from a group information holding terminal belonging to the same group can be interpreted.

Note that although a terminal has been described as an example of a unit belonging to a group, a unit belonging to a group may be a user or a home.
Although the group information includes the management information, the group information may not be included. In this case, the group information update determination process is not performed.
According to the present invention, it is possible to update the group information of other terminals at the update timing of the group information of one terminal in the group, so that the group information can be updated more efficiently. In addition, since the group information is updated only for the terminals that need to be updated, the load on the network can be reduced.

  The terminal device according to the information management system of the present invention is useful as a computer device such as a DVD player or a personal computer that reproduces digital works with usage restrictions. The information management server according to the information management system of the present invention is a digital device. The present invention is useful as a computer device that receives a reproduction state of a copyrighted work via a transmission medium such as the Internet.

It is a figure which shows the whole structure of the group information management system 1 which concerns on this Embodiment 1. FIG. It is a block diagram which shows the function structure of the group management server 20 shown by FIG. 1, and terminal device 60a-60n. It is a figure which shows the structural example of a group affiliation terminal list. It is a figure which shows the structural example of group information. It is a figure which shows the structural example of a terminal registration request message. It is a figure which shows the structural example of a group information notification message. It is a figure which shows the structural example of a deletion completion notification message. It is a sequence diagram which shows the process performed between the group management server 20 and the terminal device 60. It is a figure which shows the whole structure of the group information management system which concerns on Embodiment 2 of this invention. It is a block diagram which shows the function structure of the terminal list management apparatus 50 shown by FIG. 9, the common group management server 30, the individual group management servers 40a-40j, and the terminal devices 70a-70n. It is a figure which shows the structural example of a temporary deletion flag list. It is a sequence diagram which shows the process of the terminal registration to a group. It is a sequence diagram which shows the preparatory process for deleting a terminal from a group. It is a sequence diagram which shows the process for actually deleting a terminal from a group. It is a sequence diagram which shows the other process for actually deleting a terminal from a group. It is a figure which shows the group information management server which concerns on Embodiment 3 of this invention, a group information change apparatus, a group information holding terminal, and each surrounding environment. It is a block diagram which shows the detailed structure of a group information management server. It is a block diagram which shows the detailed structure of a group information change apparatus. It is a block diagram which shows the detailed structure of the group information holding terminal shown in FIG. It is a figure which shows the content of the group information which concerns on embodiment of this invention. It is a figure which shows the content of the group information terminal list which concerns on embodiment of this invention. It is a figure which shows the content of the group information updated terminal list which concerns on embodiment of this invention. It is a figure which shows the content of the message format which concerns on embodiment of this invention. It is a figure which shows the content of the group information acquisition request message which concerns on embodiment of this invention. It is a figure which shows the content of the update notification message which concerns on embodiment of this invention. It is a figure which shows the content of the processing request message which concerns on embodiment of this invention. It is a figure which shows the content of the group information transmission message which concerns on embodiment of this invention. It is a flowchart which shows the process which a group information holding terminal performs before the movement process of a content. It is a figure which shows an example of the group information terminal list which concerns on embodiment of this invention. It is a figure which shows an example of the content of the group information updated terminal list which concerns on embodiment of this invention. It is a block diagram which shows the structure of the group information management server and group information holding terminal which concern on embodiment of this invention, and the flow of a process. It is a flowchart which shows a process after a group information holding terminal acquires group information from a group information management server, and a group information holding terminal acquires and updates group information after an update determination. It is a flowchart which shows a process until a group information holding terminal acquires group information after a group information holding terminal acquires group information from a group information management server and update determination in a group information management server. It is a block diagram which shows the structure of the group information management server and group information holding terminal which concern on embodiment of this invention, and the flow of a process. 10 is a flowchart showing processing from when the group information holding terminal 300 transmits a processing request message to the group information holding terminal 400 until the group information holding terminal 400 acquires group information from the group information management server 100 after the update determination. It is a block diagram which shows the structure of the group information holding terminal which concerns on embodiment of this invention, and the flow of a process. 6 is a flowchart showing processing from when the group information holding terminal 300 transmits a processing request message to the group information holding terminal 400 until the group information holding terminal 400 updates the group information after the update determination. The group information holding terminal 300 transmits a processing request message to the group information holding terminal 400, the group information holding terminal 400 returns a group information request message, and after the group information holding terminal 300 determines update, the group information holding terminal 300 updates the group information with each other. It is a flowchart which shows the process of. It is a figure which shows the content of the group information common information which concerns on embodiment of this invention, and the terminal list for common information. It is a figure which shows an example of the group information common information which concerns on embodiment of this invention, and the terminal list for common information.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1, 2 Group information management system 10 Network 20 Group management server 21, 64 Secure communication part 22 Registration availability determination part 24a Terminal list production | generation part 24b Terminal list update part 25 Group belonging terminal list storage part 26, 65 Group key storage part 27 Group Information generating unit 28 Group information storage unit 29 Group information reading unit 30 Common group management server 31, 74 Non-secure communication unit 32, 42 Temporary deletion flag setting unit 35, 45 Temporary deletion flag list storage unit 40, 40a to 40j Individual group management Server 50 Terminal list management device 52 Flag confirmation unit 60, 60a to 60n, 70, 70a to 70n Terminal device 63, 71 Terminal application 66 Registration unit 67 Deletion unit 68 Tamper resistant module 251 Group belonging terminal list 281 group -Loop information 351 and 451 temporarily erased flag list M1 terminal registration request message M1 'acquisition request message M2 group information notification message M3 deletion completion notification message M3' deletion request message

Claims (14)

An information management system in which a plurality of terminal devices that store data and an information management server that manages management information related to the data are connected via a network,
The data is group information for determining whether it belongs to a group formed by terminal devices, and the management information is a terminal list showing a list of terminal devices within a predetermined number belonging to the group,
The information management server
Management information storage means for storing the management information;
A first secure communication means for forming a secure communication path with each terminal device and communicating with each terminal device via the communication path;
A common management server unit, a plurality of individual management server units, and a terminal list management device unit;
Each terminal device,
A tamper resistant module,
First communication means for communicating with the common management server unit,
The tamper resistant module is
Data storage means for securely storing the data;
Execution means for securely executing deletion processing of the group information on the data stored in the data storage means;
A second secure communication means that forms a secure communication path with the first secure communication means and transmits a completion notification indicating that the group information deletion process has been performed via the communication path ;
The common management server unit
A second communication means for notifying a terminal device that has transmitted a notice of notice indicating that the group information is to be deleted from now on to a destination of the individual management server unit to be a transmission destination of the completion notification;
Each of the individual management server units is
Said first secure communication means;
A first temporary deletion flag list storage unit for storing a temporary deletion flag list associated with the terminal list, the first temporary deletion flag indicating whether or not the completion notification has been received;
First temporary deletion flag setting means for setting the first temporary deletion flag corresponding to the terminal device that has transmitted the completion notification based on the reception of the completion notification via the first secure communication means;
The terminal list management device unit
The management information storage means;
Updating means for deleting the terminal device that has transmitted the completion notification from the terminal list stored in the management information storage means, based on the reception of the completion notification via the first secure communication means ;
Flag confirmation means for confirming a set of predetermined first temporary deletion flags included in the first temporary deletion flag list at an arbitrary timing;
The update unit, based on the confirmation of the set of the first temporarily erased flag by the flag check unit, the information management system that is characterized in that to remove the terminal device corresponding to the first temporary deletion flag from the terminal list . The common management server unit further includes a second temporary deletion flag list indicating whether or not the advance notice has been received, and a second temporary deletion flag list associated with the terminal list. 2 temporary deletion flag list storage means;
A second temporary deletion flag setting unit that sets the second temporary deletion flag corresponding to the terminal device that has transmitted the notification when the notification is received via the second communication unit;
The flag confirmation means includes a second temporary deletion flag corresponding to a predetermined terminal device in the second temporary deletion flag list, and a first temporary deletion flag corresponding to the predetermined terminal device in the first temporary deletion flag list. Search sequentially,
When the flag confirmation unit confirms the set of the second temporary deletion flag and the set of the first temporary deletion flag, the updating unit determines the terminal device corresponding to the first temporary deletion flag and the second temporary deletion flag. The information management system according to claim 1 , wherein the information management system is deleted from the terminal list. An information management system in which a plurality of terminal devices that store data and an information management server that manages management information related to the data are connected via a network,
The data is group information for determining whether it belongs to a group formed by terminal devices, and the management information is a terminal list showing a list of terminal devices within a predetermined number belonging to the group,
The information management server
Management information storage means for storing the management information;
A first secure communication means for forming a secure communication path with each terminal device and communicating with each terminal device via the communication path;
A common management server unit and a plurality of individual management server units;
Each terminal device,
A tamper resistant module,
First communication means for communicating with the common management server unit,
The tamper resistant module is
Data storage means for securely storing the data;
Execution means for securely executing deletion processing of the group information on the data stored in the data storage means;
A second secure communication means that forms a secure communication path with the first secure communication means and transmits a completion notification indicating that the group information deletion process has been performed via the communication path ;
The common management server unit
A second communication means for notifying the terminal device that has transmitted a notice of notice indicating that the group information is to be deleted from now on to the destination of the individual management server unit to be the transmission destination of the completion notification;
A terminal list management unit,
Each of the individual management server units is
Said first secure communication means;
A first temporary deletion flag list storage unit for storing a temporary deletion flag list associated with the terminal list, the first temporary deletion flag indicating whether or not the completion notification has been received;
First temporary deletion flag setting means for setting the first temporary deletion flag corresponding to the terminal device that has transmitted the completion notification based on the reception of the completion notification via the first secure communication means;
The terminal list management device unit
The management information storage means;
Updating means for deleting the terminal device that has transmitted the completion notification from the terminal list stored in the management information storage means, based on the reception of the completion notification via the first secure communication means ;
Flag confirmation means for confirming a set of predetermined first temporary deletion flags included in the first temporary deletion flag list at an arbitrary timing;
The update unit, based on the confirmation of the set of the first temporarily erased flag by the flag check unit, the information management system that is characterized in that to remove the terminal device corresponding to the first temporary deletion flag from the terminal list . The terminal list corresponds to a terminal device belonging to the group, and includes a column of a second temporary deletion flag indicating whether the notice of notice has been received,
The common management server unit further sets a second temporary deletion flag that sets the second temporary deletion flag corresponding to the terminal device that has transmitted the notice of notice when the notice of notice is received via the second communication means. Comprising setting means,
The flag confirmation means sequentially searches a second temporary deletion flag corresponding to a predetermined terminal device in the terminal list and a first temporary deletion flag corresponding to the predetermined terminal device in the first temporary deletion flag list. ,
When the flag confirmation unit confirms the set of the second temporary deletion flag and the set of the first temporary deletion flag, the updating unit determines the terminal device corresponding to the first temporary deletion flag and the second temporary deletion flag. The information management system according to claim 3 , wherein the information management system is deleted from the terminal list. The information management server further includes group information storage means for storing the group information;
Registration for determining whether or not a terminal device that has made a terminal registration request can be registered in the terminal list when receiving a terminal registration request for registering the terminal device in the terminal list from each terminal device Availability determination means;
A group information reading unit that reads the group information stored in the group information storage unit when the registration permission determination unit determines that registration is possible;
The tamper resistant module further includes group information storage means for storing the received group information in the data storage means when the group information read by the group information reading means is received via the second secure communication means. Prepared,
It said updating means, when said registration determination means determines that registrable, the information management system of claim 1, wherein the terminal device has transmitted the terminal registration request and registers the terminal list. The common management server unit further includes a second temporary deletion flag list indicating whether or not the advance notice has been received, and a second temporary deletion flag list associated with the terminal list. 2 temporary deletion flag list storage means;
A second temporary deletion flag setting unit that sets the second temporary deletion flag corresponding to the terminal device that has transmitted the notification when the notification is received via the second communication unit;
The flag confirmation means includes a second temporary deletion flag corresponding to a predetermined terminal device in the second temporary deletion flag list and a first temporary deletion flag corresponding to the predetermined terminal device in the first temporary deletion flag list. Search sequentially,
When the flag confirming unit confirms the set of the second temporary deletion flag and the set of the first temporary deletion flag, the updating unit determines a terminal device corresponding to the first temporary deletion flag and the second temporary deletion flag. The information management system according to claim 5 , wherein the information management system is deleted from the terminal list before the determination by the registration availability determination unit. The information management server further includes
Group information storage means for storing the group information;
Registration for determining whether or not a terminal device that has made a terminal registration request can be registered in the terminal list when receiving a terminal registration request for registering the terminal device in the terminal list from each terminal device Availability determination means;
A group information reading unit that reads the group information stored in the group information storage unit when the registration permission determination unit determines that registration is possible;
The tamper resistant module further includes
A group information storage means for storing the received group information in the data storage means when the group information read by the group information reading means is received via the second secure communication means;
4. The information management system according to claim 3 , wherein the update unit registers the terminal device that has transmitted the terminal registration request in the terminal list when the registration permission determination unit determines that registration is possible . The terminal list corresponds to a terminal device belonging to the group, and includes a column of a second temporary deletion flag indicating whether the notice of notice has been received,
The common management server unit further sets a second temporary deletion flag that sets the second temporary deletion flag corresponding to the terminal device that has transmitted the notice of notice when the notice of notice is received via the second communication means. Comprising setting means,
The flag confirmation unit corresponds to a second temporary deletion flag corresponding to a predetermined terminal device corresponding to a predetermined terminal device in the second temporary deletion flag list, and to the predetermined terminal device in the first temporary deletion flag list. Sequentially search the first temporary deletion flag to
When the flag confirming unit confirms the set of the second temporary deletion flag and the set of the first temporary deletion flag, the updating unit determines a terminal device corresponding to the first temporary deletion flag and the second temporary deletion flag. The information management system according to claim 7 , wherein the information management system is deleted from the terminal list before determination by the registration permission determination unit. Claim 1 or 3 information management system, wherein the executing the moving process of the group information between the terminal device securely on the data stored in said executing means the data storage means. Wherein the data is a licensed digital work, the management information is the use history of the license, according to claim 1 or 3 wherein the execution means is characterized by utilizing the license data stored in said data storage means The information management system described. Wherein the data is a licensed digital work, the management information is the number of licenses that may be the terminal device is held, said executing means and said deleting the license data stored in said data storage means The information management system according to claim 1 or 3 . Wherein the data is a digital work, claim the management information is the number of distribution range of the digital work, said execution means, characterized in that moving the digital work stored in said data storage means The information management system according to 1 or 3 .   An information management method in an information management system in which a plurality of terminal devices that store data and an information management server that manages management information related to the data are connected via a network,
  The data is group information for determining whether it belongs to a group formed by terminal devices, and the management information is a terminal list showing a list of terminal devices within a predetermined number belonging to the group,
  The information management server includes a common management server unit, a plurality of individual management server units, and a terminal list management device unit, and each terminal device includes a tamper resistant module,
  In the information management server,
    A management information storage step for storing the management information;
    The first secure communication means includes a first secure communication step of forming a secure communication path with each terminal apparatus and communicating with each terminal apparatus via the communication path,
  In each terminal device,
    Including a first communication step of communicating with the common management server unit;
    In the tamper resistant module,
      A data storage step for securely storing the data;
      An execution step of securely executing the deletion processing of the group information on the stored data;
      A second secure communication step of forming a secure communication path with the first secure communication means and transmitting a completion notification indicating that the group information deletion process has been executed via the communication path;
  In the common management server unit,
    Including a second communication step of notifying the terminal device that has transmitted a notice of notice indicating that the group information is to be deleted from now on the destination of the individual management server unit to be the transmission destination of the completion notification,
  In each individual management server unit,
    Said first secure communication step;
    A first temporary deletion flag list storage step for storing a temporary deletion flag list associated with the terminal list, the first temporary deletion flag indicating whether or not the completion notification has been received;
    A first temporary deletion flag setting step for setting the first temporary deletion flag corresponding to the terminal device that has transmitted the completion notification based on the reception of the completion notification via the first secure communication means;
  In the terminal list management device unit,
    The management information storing step;
    An update step of deleting the terminal device that has transmitted the completion notification from the terminal list stored in the management information storage step based on the reception of the completion notification via the first secure communication means;
    A flag confirmation step of confirming a set of predetermined first temporary deletion flags included in the first temporary deletion flag list at an arbitrary timing;
    In the updating step, the terminal device corresponding to the first temporary deletion flag is deleted from the terminal list based on the confirmation of the first temporary deletion flag set in the flag confirmation step.
  An information management method characterized by that.   An information management method in an information management system in which a plurality of terminal devices that store data and an information management server that manages management information related to the data are connected via a network,
  The data is group information for determining whether it belongs to a group formed by terminal devices, and the management information is a terminal list showing a list of terminal devices within a predetermined number belonging to the group,
  The information management server includes a common management server unit and a plurality of individual management server units, the common management server unit includes a terminal list management device unit, and each terminal device includes a tamper resistant module,
  In the information management server,
    A management information storage step for storing the management information;
    A first secure communication step in which a first secure communication means forms a secure communication path with each terminal device and communicates with each terminal device via the communication path;
  In each terminal device,
    Including a first communication step of communicating with the common management server unit;
    In the tamper resistant module,
      A data storage step for securely storing the data;
      An execution step of securely executing the deletion processing of the group information on the stored data;
      A second secure communication step of forming a secure communication path with the first secure communication means and transmitting a completion notification indicating that the group information deletion process has been executed via the communication path;
  In the common management server unit,
    Including a second communication step of notifying the terminal device that has transmitted a notice of notice indicating that the group information is to be deleted from now on the destination of the individual management server unit to be the transmission destination of the completion notification,
  In each individual management server unit,
    Said first secure communication step;
    A first temporary deletion flag list storage step for storing a temporary deletion flag list associated with the terminal list, the first temporary deletion flag indicating whether or not the completion notification has been received;
    A first temporary deletion flag setting step for setting the first temporary deletion flag corresponding to the terminal device that has transmitted the completion notification based on the reception of the completion notification via the first secure communication means;
  In the terminal list management device unit,
    The management information storing step;
    An update step of deleting the terminal device that has transmitted the completion notification from the terminal list stored in the management information storage step based on the reception of the completion notification via the first secure communication means;
    A flag confirmation step of confirming a set of predetermined first temporary deletion flags included in the first temporary deletion flag list at an arbitrary timing;
    In the updating step, the terminal device corresponding to the first temporary deletion flag is deleted from the terminal list based on the confirmation of the first temporary deletion flag set in the flag confirmation step.
  An information management method characterized by that.

Images