JP6154683B2 - Computer system - Google Patents

Description

 The present invention relates to a computer system, and more particularly to a technique for securely sharing data between a plurality of mobile terminals and managing the data on the mobile terminals.

  In recent years, smartphones and tablet terminals have become widespread, and the number of cases introduced into companies is increasing. For example, a company's sales staff can digitize many documents that need to be carried, store them on a tablet device, and carry them outside the company, thereby reducing costs by reducing the amount of printing and improving operations by reducing the weight of carrying materials. Can do. In the case of a normal PC, there are inconveniences such as difficulty in carrying out a business negotiation using an electronic pamphlet at the destination due to inconvenient carrying, slow start-up, and difficulty in sharing when sharing a screen. However, tablet terminals are fast to start up and easily share the display screen with others. As described above, as the use of storing and browsing document data in a tablet terminal becomes widespread, information sharing needs with other users have arisen in meetings.

  As such a technique, there is a technique described in Patent Document 1. The portable terminal conference system described in Patent Literature 1 includes a presenter terminal, a conference participant terminal, and a server. The presenter terminal converts the screen information of the electronic file into an image file in advance and transmits it to the server, the electronic file name of the image file corresponding to the screen information, the page number, and the mouse pointer on the active window of the presentation application Means for transmitting position display information to the server, and means for transmitting display information of the mouse pointer position to the server. The server includes means for preliminarily storing the transmitted image file and means for sequentially storing the display information. The conference participant terminal includes means for sequentially acquiring the display information from the server and displaying a mouse pointer at a screen position corresponding to the image file and the information on the mouse pointer position. It is described.

JP 2012-89092 A

  However, in the invention described in Patent Document 1, it is necessary to install a server for converting and transferring data, and a server installed in a company is usually accessed via WiFi. In this case, if an outside participant such as a staff member of a partner company is allowed to access the intranet, a security problem may occur. Further, it is necessary to notify the address information of the server consisting of a long character string to the participant, and there is a problem that the notification is complicated. Although there are some data that you want to distribute on the spot, data other than image data must be sent using other means, making it difficult to send data, and errors due to incorrect destination addresses. There is a risk of transmission. Furthermore, it is necessary to create a user account for a user who is permitted to access the server.

  In order to solve the above-described problems, the present invention proposes a data management method that enables safe data sharing between terminals of unspecified participants without requiring a server.

A typical example of the invention disclosed in the present application is as follows. That is, a computer system including a server for storing data and a plurality of terminals, wherein the plurality of terminals include a first terminal connected to the server via a first wireless communication line, the server, and the server. A second terminal that is not connectable via a first wireless communication line and that is connected to the first terminal via a second wireless communication line ; without passing through the terminal, via said first wireless communication line connected to the server, and stored in memory to encrypt data transferred from the server, the particular first one of the first terminal The first terminal authenticates a connection request from the second terminal via the second wireless communication line, and the second terminal determines the second wireless communication line based on the result of the authentication. separate contact to each said second terminal and said specific first terminal via To enable communication by, and stored in memory to encrypt data transferred from the particular first terminal, and displaying the decoded data stored in the memory.

  According to the representative embodiment of the present invention, data can be safely shared between terminals. Problems, configurations, and effects other than those described above will become apparent from the description of the following embodiments.

It is a block diagram of the system of the Example of this invention. It is a block diagram which shows the structure of a mobile terminal. It is a figure explaining the outline | summary of the transfer process of a meeting owner right. It is a figure explaining the outline | summary at the time of performing a some shared meeting between several terminals. It is a figure explaining the structure of the table figure of file attribute DB. It is a figure explaining the user interface of a local store. It is a figure explaining the user interface for a file share attribute setting. It is a figure explaining a shared store user interface. It is a figure explaining a shared meeting management interface. It is a flowchart of the whole process which downloads a document file from a document server and shares. It is a flowchart of the process which shares a file with a dedicated application. It is a flowchart of the process which recognizes the nearby sponsor mobile terminal automatically. It is a flowchart of the process which performs a shared meeting using a shared file. It is a flowchart of an expiration date determination process. It is a flowchart of a meeting owner switching process. It is a flowchart of the proximity terminal identification process by the collision between mobile terminals. It is a flowchart of the proximity terminal identification process by sound input. It is a flowchart of the proximity terminal identification process by QR code.

<Example 1>
Hereinafter, the present invention will be described in detail with reference to the drawings. Note that the present invention is not limited thereby.

  FIG. 1 is a configuration diagram of a system according to an embodiment of the present invention.

  In the conference room, it is assumed that a meeting organizer and a participant (inside staff) inside the organization and a participant outside the organization hold a meeting. An organizer, an insider, and an outsider hold the organizer mobile terminal 101, the insider mobile terminal 103, and the outsider mobile terminal 102, respectively, and participate in the meeting. The organizer and the insider both belong to the organization and WiFi access is permitted. On the other hand, outsiders are not allowed WiFi access.

  A document server 106 is installed in the organization, and the document server 106 can be accessed via the LAN 105. The document server 106 is a server for storing and managing the document file 113, and its role is provided by the document management service 107.

  The organizer mobile terminal 101 can connect to the WiFi access point 104, access the document file 113 in the document server 106 via the LAN 105, and download or open the document file 113. Each mobile terminal has a memory 110 for data recording, and a dedicated application 109 is installed. The user can easily share and manage data between mobile terminals using the dedicated application 109.

  Basically, if an insider's mobile terminal can establish a WiFi connection, the inside mobile terminals connect to each other via a WiFi access point and share data. There are cases where outsiders' mobile terminals cannot allow WiFi access due to security within the organization. In addition, when permitting WiFi access, since a procedure such as applying to an administrator is required, it may be difficult to permit permission in the case of a temporary meeting.

  In consideration of such a case, the outsider mobile terminal 102 and the organizer mobile terminal 101 share data by Bluetooth connection (Bluetooth is a registered trademark, the same applies hereinafter). However, when data is distributed to the outsider mobile terminal 102, the data at the delivery destination is temporarily and safely secured between outsiders while maintaining security by performing various security controls. Share In this case, what is important for security is a sandboxing and data control function by an encryption function and an external copy control function of the dedicated application 109 on the outsider mobile terminal 102.

  FIG. 2 is a block diagram showing the configuration of the mobile terminal. The organizer mobile terminal 101, outsider mobile terminal 102, and insider mobile terminal 103 have basically the same configuration, and will be described as a representative mobile terminal 201.

  In the mobile terminal 201, a terminal OS 204 is operating on a hardware base, and a general application 202 and a dedicated application 109 are operating on the OS 204.

  The mobile terminal 201 includes a camera 205, a microphone 206, a GPS reception module 207, an acceleration sensor 208, a memory 110, a Bluetooth device 210, and a WiFi device 211 as hardware configurations. In addition, the mobile terminal 201 has a processor (CPU) that executes a program. The memory 110 stores a program executed by the processor. Note that the program executed by the processor is provided to the mobile terminal 201 via a nonvolatile storage medium or a network. For this reason, the mobile terminal 201 may have an interface for reading data from a storage medium (CD-ROM, flash memory, etc.).

  The GPS receiving module 207 is a device that receives signals from GPS satellites and calculates position information on the earth. The acceleration sensor 208 is a sensor that measures acceleration when the mobile terminal 201 is moved.

  The dedicated application 109 includes an encryption / key management module 212, a terminal authentication / connection module 213, a dedicated viewer 214, a file management module 215, a shared conference module 216, and a file attribute DB 217. In the dedicated application 109, when the file is encrypted and stored in the memory 110 in the mobile terminal 201, the encryption / key management module 212 generates and manages the encryption / decryption key, and encrypts and decrypts the data. Process.

  The terminal authentication / connection module 213 automatically detects a nearby connectable terminal, establishes a connection session, and authenticates the terminal when connecting to the organizer mobile terminal 101 from the mobile terminal 201 of the neighboring participant Provide such functions. Terminal authentication methods include common passcode authentication, acceleration caused by common operations on terminals (for example, operations that collide each other), authentication based on operation time and GPS information, and occurrence in the same conference room. There are authentication using special sound data (for example, hash value of audio data), authentication using data obtained by temporarily reading QR codes created by a plurality of terminals, and the like. Details of the authentication method will be described later.

  The dedicated viewer 214 is a tool that opens a file of PDF or office software (document creation, spreadsheet, presentation, etc.) stored in the local store of the memory 110 and displays data. Since the data itself is encrypted and saved, the decrypted file is opened using the encryption / key management module 212. The file management module 215 is a module that manages files and directories stored in the local store of the memory 110. The file management module 215 can be used to perform general file management such as copying, renaming, and deleting a file, and creating and deleting a directory.

  The shared conference module 216 provides a function for conducting an electronic conference using a file shared between a plurality of terminals. Specifically, the shared conference module 216 executes synchronous processing among a plurality of mobile terminals such as opening, closing, page turning, and marking of a shared file, and the conference ownership right that is a conference screen operation right. This is a module for receiving and delegating, managing a plurality of shared meetings, and the like.

  The file attribute DB 217 is a database that holds attribute information of files and directories on a local store or a shared store managed by the file management module 215 of the mobile terminal 201. Here, the shared store is a logical data store for managing a file group released for sharing among a plurality of mobile terminals participating in the conference, and is shared by the file management module 215 of the dedicated application 109. A list of files set as files can be displayed as the contents of the local store. A shared conference is a logical space in which a shared file screen is shared between a plurality of mobile terminals 201 and a synchronous operation such as page switching or marker assignment by remote operation is performed. In this system, a plurality of shared conferences can be simultaneously executed between a plurality of mobile terminals 201. There are a local store view that displays the contents of the local store, a shared store view that displays the contents of the shared store, and a shared meeting management view that displays and manages multiple shared meetings. It can be switched and displayed.

  FIG. 3 is a diagram for explaining the outline of the conference ownership transfer process.

  Normally, the connection configuration of the participant's mobile terminal is preferably a star configuration centering on the organizer's terminal. However, in the case of Bluetooth connection, only up to 7 units can be connected per specification. Therefore, as shown in FIG. 3, the Bluetooth connection 308 is indirectly connected to the organizer via another mobile terminal. In some cases, the mobile terminal 101 is connected. Specifically, the outsider mobile terminal 102B may make a Bluetooth connection to the insider mobile terminal 103B via the outsider mobile terminal 102A.

  When such a network is configured, when a shared file is set in the insider mobile terminal 103B, data is distributed to each mobile terminal through the network. After the data is distributed, the organizer who is the owner of the insider mobile terminal 103B starts a shared conference. At that time, the initial conference ownership 301 exists in the insider mobile terminal 103B, but when the authority to operate the conference screen is transferred to the user of the outsider mobile terminal 102B, it is via a configured network. A conference ownership transfer command is transmitted, and the authority is transferred to the outsider mobile terminal 102B. This situation is shown in FIG.

  Thus, once the terminal is successfully authenticated and the network is configured, the conference ownership can be transferred to either the insider terminal or the outsider terminal.

  FIG. 4 is a diagram illustrating an overview when a plurality of shared meetings are executed between a plurality of terminals.

  FIG. 4 shows a situation in which a plurality of shared conferences are performed on three terminals, namely, mobile terminal A 402, mobile terminal B 403, and mobile terminal C 404. One shared meeting uses one shared file. In FIG. 4, since there are four shared files of shared file A 405, shared file B 406, shared file C 407, and shared file D 408, four shared conferences can be performed.

  An area where such a shared conference exists is defined as a shared conference area 401. For example, the shared file A405 is held and released by the mobile terminal A402, but the conference owner right for operating the conference screen is held by the mobile terminal B403. The three mobile terminals participate in four shared conferences, and the shared conference screen to be displayed can be freely switched in the shared conference management view. In addition, the conference ownership can be freely switched from the user having the current conference ownership to another user.

  FIG. 5 is a diagram for explaining the configuration of the table diagram of the file attribute DB.

  The file attribute DB is a database that stores information on files and directories handled by the file management module in the dedicated application.

  The file attribute DB includes, as attribute values, a file ID 501, a file path 502, a type 503, an update date 504, an external copy permission flag 505, a public flag 506, a temporary sharing flag 507, an expiration date 508, and a sharing destination external copy permission flag. 509.

  Type 503 holds information for identifying either a directory or a file, where “F” means a file and “D” means a directory. The external copy permission flag 505 indicates whether files and directory data stored in the local store can be copied to another general application, an external PC, etc., “1” is permitted, “0” is not permitted. means. Although it depends on the operation of the system, basically, the attribute value of type 503 is determined based on the security attribute set on the document server. Even if the data owner is used, copying to an external PC It is possible to control data transfer via a general application on a mobile terminal such as an email or a browser.

  The public flag 506 is a flag for designating whether the file is a shared file that is shared and shared with other mobile terminals that are permitted to connect. “1” is a shared file, and “0” is a non-shared file. means. When the file of the local store is set as a shared file, the value of the public flag 506 is “1” and is displayed in the list of shared stores.

  The temporary sharing flag 507 means a security attribute that is temporarily accessible during a shared conference. When the shared meeting is closed to the owner holding the shared file, access to the shared file from other terminals becomes impossible and the data is deleted. By turning on the temporary sharing attribute, for example, data can be shared in a temporary and secure manner in a meeting with an unspecified outsider.

  The expiration date 508 indicates a time limit for accessing the shared file copied to the sharing destination mobile terminal. Based on this attribute value, the dedicated application of the copy destination mobile terminal determines whether or not the data can be decrypted, and automatically deletes the data. As a result, the distribution source user can specify the data access period.

  The sharing destination external copy permission flag 509 is an attribute for setting whether copying to an external PC or data transfer by a general application is permitted in a mobile terminal that is a distribution destination of a shared file. “1” is permission, “ “0” means no permission. By setting the sharing destination external copy permission flag 509 to non-permission, it is possible to realize restricted file distribution in which a user holding a distribution destination terminal can use data only on the terminal.

  FIG. 6 is a diagram illustrating the user interface of the local store, and is a screen that is displayed first after the dedicated application is activated.

  The local store view 601 displays files and directories stored in the local store as a local file list 605 in a list format. Using the local store view 601, a directory can be traced and a target file can be accessed. When the edit button 604 is operated, a menu is displayed, and operations such as file selection, deletion, copying, and movement can be performed. Further, if the upper directory button 603 is operated, the current directory can be moved to the upper directory.

  At the bottom of the screen, a Local Store button 606, a Shared Store button 607, and a Shared Meeting button 608 are arranged. By operating these buttons, a local store view, a shared store view (see FIG. 8), a shared conference, and so on are displayed. It is possible to switch to the management view (see FIG. 9).

  In order to view the property information of each file, a specified file item on the local file list 605 is long-pressed to display a context menu 609. By selecting the Property menu, a file attribute information view with property information is displayed. 610 can be displayed.

  FIG. 7 is a diagram illustrating a file sharing attribute setting user interface. When the file attribute information view is displayed in the procedure described with reference to FIG. 6 and the ON button of the file sharing property is operated, the file sharing setting view 701 is displayed. On this view, attributes such as temporary sharing, expiration date, sharing destination external copy permission, passcode, etc. can be set, and if the OK button is operated after setting, file sharing according to the specified setting can be performed. it can. When the OK button is operated, the display returns to the file attribute information view, but it is possible to confirm that the file sharing is turned on by changing the display mode (for example, color) of the ON button of the file sharing property. .

  FIG. 8 is a diagram illustrating the shared store user interface.

  The shared store view 801 shown in FIG. 8 can be displayed by operating the Shared Store button. In the shared store view 801, in addition to the shared file list 804, an edit button 803 capable of deselecting a shared file, a connection button 802 for starting connection to the organizer mobile terminal 101, and the like are arranged. .

  By tapping the file item on the shared file list 804, the specified file is opened and the contents of the file are displayed on the shared meeting view 808. This operation command is also transmitted to a dedicated application on the mobile terminal of another conference participant, and the file is similarly opened and displayed on the shared conference view 808.

  The shared conference view 808 includes a shared store view return button 805 for returning to the shared store view 801, an ownership transfer button 806 for transferring ownership, an end button 807 for ending the shared conference, and a handwritten marker on the screen. A marker button 809 for displaying a tool screen for drawing, a page return button 810 for switching the page of the shared file, and a page feed button 811 are arranged.

  For marking operations and page switching operations on the shared conference view 808, these operation commands are also transmitted to other participating mobile terminals (preferably, transmitted simultaneously with the operation), and the operations are reproduced on each terminal. The Since only command data is transmitted, the amount of data transfer can be reduced, and the shared conference view 808 can be comfortably remotely operated. When the connection button 802 is operated, a passcode input dialog 812 is displayed, and processing for connecting to the organizer mobile terminal 101 as a client is executed.

  FIG. 9 is a diagram for explaining the shared conference management interface.

  A shared conference management view 901 can be displayed by operating the Shared Meeting button at the bottom of the shared conference management interface screen. In the shared conference management view 901, the shared file names and conference owner names handled in all the shared conferences existing in the shared conference area shown in FIG. By selecting a shared meeting file to be displayed on the shared meeting management view 901, the shared meeting view 905 in which the selected shared meeting is held can be displayed. In this case, a shared conference management view return button 904 is arranged at the upper left part of the shared conference view 905. When this button is operated, the previous shared conference management view 901 can be returned to. In this way, it is possible to display a screen of any shared conference shared on the shared conference area and participate in the conference.

  FIG. 10 is a flowchart of the entire process of downloading and sharing a document file from the document server.

  First, the meeting organizer starts a dedicated application on his / her mobile terminal 101, accesses the document server, and downloads data to the mobile terminal 101 (step 1001). Next, a file to be shared is set on the local store in the dedicated application (step 1002). Details of the processing in step 1002 will be described with reference to FIG.

  Another participant starts a dedicated application on his / her mobile terminal and detects the organizer mobile terminal 101 in the vicinity (step 1003). Details of the processing in step 1003 will be described with reference to FIG. This automatic detection is a process of automatically searching for a nearby mobile terminal that is running a dedicated application via WiFi or Bluetooth connection. When the nearby organizer mobile terminal 101 is found, the other mobile terminals access the found organizer mobile terminal 101 (step 1004).

  The organizer mobile terminal 101 authenticates the access request (step 1005). Usually, authentication is performed using a passcode, but other authentication means described later can also be used.

  If the authentication is successful, another mobile terminal that is permitted to access downloads the shared file that has been made public (step 1006). When the download is completed, the organizer specifies a file from the shared files displayed in the shared store and starts a shared conference (step 1007). Details of the processing in step 1003 will be described with reference to FIG.

  FIG. 11 is a flowchart of a process for sharing a file with a dedicated application. This process corresponds to step 1002 in the flowchart of FIG.

  First, the meeting organizer designates a file to be shared with the dedicated application of the mobile terminal 101 (step 1101). On the screen displayed when the shared file is specified, security attributes for sharing such as temporary sharing and expiration date are set for each shared file (step 1102). Finally, a pass code for permitting shared file access is set (step 1103).

  FIG. 12 is a flowchart of processing for automatically recognizing a nearby organizer mobile terminal. This process corresponds to step 1003 in the flowchart of FIG.

  While the organizer mobile terminal 101 has started file sharing, the shared store view is displayed on the other mobile terminal (step 1201), and the passcode is automatically entered by entering the passcode input dialog displayed by pressing the connection button. Detection is started (step 1202).

  When automatic detection is started, a connection request is broadcast via WiFi and Bluetooth connections, and a response from the organizer mobile terminal 101 is awaited (step 1203). When the response from the organizer mobile terminal 101 is returned (step 1204), the organizer mobile terminal is successfully detected (step 1205). The response from the organizer mobile terminal 101 includes the address of the organizer mobile terminal 101 (for example, the IP address used in the WiFi network).

  On the other hand, if no response is returned and a time-out occurs, a detection error dialog is displayed and the process ends (step 1206).

  FIG. 13 is a flowchart of a process for conducting a shared conference using a shared file. This process corresponds to step 1007 in the flowchart of FIG.

  After the shared file is transferred from the organizer mobile terminal 101 to another mobile terminal (step 1301), the organizer displays the shared store view, designates the shared file to be shared, and opens the file (step 1302). When the file is opened, the shared meeting view 808 is activated and the designated shared file is displayed (step 1303).

  As an initial stage, when the organizer who opens the shared file acquires the conference ownership (step 1304) and performs a slide operation or a marking operation on the shared conference view 808, the operation command is transmitted to other terminals, and the operation is performed. Is reproduced (step 1305).

  At the end of the conference, when the end of the shared conference view 808 is operated on the mobile terminal having the conference ownership and the conference ends (step 1306), the shared file for which temporary sharing is set is deleted (step 1307).

  FIG. 14 is a flowchart of the expiration date determination process.

  The expiration date of the file stored in the local store is checked when the dedicated application is started on each terminal. After starting the dedicated application (step 1401), the expiration date of the file stored in the local store is checked (step 1402), and the file whose expiration date has passed is deleted (step 1403). Even if the deletion fails, the application of the rules can be tightened by preventing the execution of the decryption process of the encrypted data when the file is opened by the dedicated viewer.

  FIG. 15 is a flowchart of the conference owner switching process.

  When a user with conference ownership operates the ownership transfer button of the shared conference view 808 (step 1501), a conference participation user list is displayed (step 1502). When the user selects a user to whom the conference ownership is to be transferred, a conference ownership transfer command is transmitted, and the authority transfer processing is executed (step 1503).

  FIG. 16 is a flowchart of proximity terminal identification processing due to a collision between mobile terminals.

  This process is a process of identifying participant terminals by performing operations such as physically hitting mobile terminals instead of passcode authentication, and can realize stronger security than passcode authentication. .

  First, the dedicated application is activated on the mobile terminal 101 serving as the organizer, and the shared file is released (step 1601). Next, a dedicated application is activated on the sharing destination mobile terminal, and an operation of physically colliding with the mobile terminal held by the organizer is performed (step 1602). At the time of collision, both terminals detect the collision using the acceleration sensor, and record the collision occurrence time and GPS data (step 1603).

  Thereafter, when the sharing destination mobile terminal accesses the organizer mobile terminal 101 via WiFi or Bluetooth connection (step 1604), the organizer mobile terminal 101 uses the collision time and GPS data sent from the sharing destination mobile terminal. The terminal is authenticated (step 1605). That is, the organizer mobile terminal 101 performs authentication by confirming the proximity of the collision time and the position information. As the proximity confirmation method, thresholds A and B of time data and GPS data are set, and the collision time sent from the sharing destination mobile terminal is within the threshold A from the collision time stored in the organizer mobile terminal 101 If the GPS data transmitted from the sharing destination mobile terminal is within the threshold B from the GPS data stored in the organizer mobile terminal 101, it is determined that the authentication is successful. By making a check based on the proximity of the position of the terminal by GPS and the proximity of the time when the collision is detected, erroneous determination can be prevented.

  FIG. 17 is a flowchart of proximity terminal identification processing by sound input.

  This process is a process of identifying a participant terminal by a common sound input to a plurality of mobile terminals instead of the passcode authentication, and can realize stronger security than the passcode authentication.

  First, the dedicated application is activated on the mobile terminal 101 serving as the organizer, and the shared file is released (step 1701). Next, the dedicated application is activated on the sharing destination mobile terminal (step 1702). Thereafter, the organizer emits a sound such as clapping or making a voice, and simultaneously inputs an acoustic signal to all nearby mobile terminals (step 1703). At that time, each terminal records the data of the sound produced by the organizer and the collection time (step 1704).

  Thereafter, when the sharing destination mobile terminal accesses the organizer mobile terminal 101 via WiFi or Bluetooth connection (step 1705), the organizer mobile terminal 101 authenticates the terminal using the similarity of the sound data and the collection time data. (Step 1706). For the similarity of sound data, an existing sound recognition technique such as sampling sound data, performing frequency analysis, and calculating correlation can be applied. The authentication is performed by setting a threshold A for sound data similarity and a threshold B for collecting time, and comparing sound data recorded in the organizer mobile terminal 101 with sound data transmitted from the sharing destination mobile terminal, The sound data has a similarity greater than or equal to a threshold A, and the collection time recorded in the organizer mobile terminal 101 is compared with the collection time transmitted from the sharing destination mobile terminal. If so, authentication is successful.

  FIG. 18 is a flowchart of proximity terminal identification processing using a QR code (registered trademark, hereinafter the same).

  This process provides a method for reducing the complexity of entering a passcode in the authentication procedure.

  First, a dedicated application is activated on the organizer mobile terminal 101 and a shared file is made public (step 1801). Next, the organizer mobile terminal 101 generates a temporary QR code for the conference and displays it on the terminal screen (step 1802). Thereafter, the dedicated application is activated on the shared mobile terminal, and the QR code displayed on the screen of the organizer mobile terminal 101 is read (step 1803).

  Thereafter, when the sharing destination mobile terminal accesses the organizer mobile terminal 101 via WiFi or Bluetooth connection (step 1804), the organizer mobile terminal 101 authenticates the terminal using the transmitted QR code reading data (step 1804). 1805). Specifically, the organizer mobile terminal 101 performs authentication when the data encoded by the QR code matches the data transmitted from the sharing destination mobile terminal.

  By this method, it is possible to omit the passcode input operation and limit the identification to terminals that are close together within a range where the QR code can be read.

  The terminal authentication process has been described above with reference to FIGS. 16 to 18, but the organizer mobile terminal 101 according to the present embodiment only needs to implement one or more of the authentication processes described above.

  As described above, in the embodiment of the present invention, data transferred in a format that can be handled only by a dedicated application is stored and managed, so that sandboxing is possible, and data can be safely transferred between terminals. Can be shared. Further, by automatically detecting a nearby mobile terminal, data can be easily shared between terminals. Also, data can be handled safely at the transfer destination terminal according to the policy set by the data transfer source terminal. For this reason, it is possible to provide a data sharing environment using a Bluetooth connection to participants of an unspecified conference, and to control the security of the transferred file.

  Furthermore, by authenticating a terminal using a collision operation, sound, QR code, or the like of a nearby mobile terminal, safer and simpler terminal authentication can be realized.

  The present invention is not limited to the above-described embodiments, and includes various modifications and equivalent configurations within the scope of the appended claims. For example, the above-described embodiments have been described in detail for easy understanding of the present invention, and the present invention is not necessarily limited to those having all the configurations described. A part of the configuration of one embodiment may be replaced with the configuration of another embodiment. Moreover, you may add the structure of another Example to the structure of a certain Example. In addition, for a part of the configuration of each embodiment, another configuration may be added, deleted, or replaced.

  In addition, each of the above-described configurations, functions, processing units, processing means, etc. may be realized in hardware by designing a part or all of them, for example, with an integrated circuit, and the processor realizes each function. It may be realized by software by interpreting and executing the program to be executed.

  Information such as programs, tables, and files that realize each function can be stored in a storage device such as a memory, a hard disk, or an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.

  Further, the control lines and the information lines are those that are considered necessary for the explanation, and not all the control lines and the information lines that are necessary for the mounting are shown. In practice, it can be considered that almost all the components are connected to each other.

101 organizer mobile terminal 102 outside mobile terminal 103 inside mobile terminal 104 WiFi access point 105 LAN
106 Document server 109 Dedicated application 110 Memory 201 Mobile terminal 202 General application 204 OS
205 Camera 206 Microphone 207 GPS Reception Module 208 Acceleration Sensor 210 Bluetooth Device 211 WiFi Device 212 Encryption / Key Management Module 213 Terminal Authentication / Connection Module 214 Dedicated Viewer
215 File management module 216 Shared conference module 217 File attribute DB

Claims (9)

A computer system comprising a server for storing data and a plurality of terminals,
The plurality of terminals are not connectable to the server via a first wireless communication line, to the server via the first wireless communication line, and are not connectable to the server via the first wireless communication line . A second terminal connected by two wireless communication lines,
The first terminal is
Connecting to the server via the first wireless communication line without going through another first terminal ;
The data transferred from the server is encrypted and stored in the memory,
A specific first terminal among the first terminals authenticates a connection request from the second terminal via the second wireless communication line,
The second terminal is
Based on the result of the authentication, the specific first terminal and the second terminal can communicate with each other via a separate connection via the second wireless communication line,
Encrypting data transferred from the specific first terminal and storing it in a memory;
A computer system for decoding and displaying data stored in the memory. The computer system according to claim 1,
The specific first terminal sets an attribute of data to be transferred to the second terminal;
The computer system is characterized in that the attribute includes whether or not data can be temporarily shared, a time limit for accessing data, and whether or not access to data by another application program operating on the second terminal is permitted. The computer system according to claim 1 or 2,
The first wireless communication line conforms to the WiFi standard,
The computer system according to claim 2, wherein the second wireless communication line conforms to the Bluetooth standard and is connected in a star shape with the specific first terminal as a center . A computer system according to any one of claims 1 to 3,
The second terminal broadcasts a connection request via the second wireless communication line to detect the specific first terminal;
The particular first terminal, after authenticating the second terminal transmitting the connection request, the computer system for transmitting address information of the particular first terminal. A computer system according to any one of claims 1 to 4,
The specific first terminal transmits a command for operating displayed data on a screen to the second terminal,
It said second terminal in accordance with commands sent from the particular first terminal, a computer system, characterized in that to reproduce the screen operation performed in the particular first terminal. A computer system according to any one of claims 1 to 5,
The second terminal transmits a passcode input by a user to the specific first terminal,
The specific first terminal determines that the authentication of the second terminal is successful when a passcode transmitted from the second terminal matches a predetermined passcode. system. A computer system according to any one of claims 1 to 6,
The plurality of terminals include an acceleration sensor and a position detection unit,
When the operation of causing the specific first terminal and the second terminal to collide with each other, the two terminals detect a change in acceleration due to the collision operation, and the time and position at which the change in acceleration is detected. Record information in the memory,
The second terminal transmits the acceleration detection time and position information at the time of acceleration detection to the specific first terminal,
In the specific first terminal, the acceleration detection time and the position information at the time of acceleration detection transmitted from the second terminal are recorded in the acceleration detection time and the position at the time of acceleration detection recorded in the specific first terminal. A computer system characterized by determining that the authentication of the second terminal is successful when the information matches within a predetermined error range. A computer system according to any one of claims 1 to 7,
The plurality of terminals include microphones that detect acoustic signals,
The specific first terminal and the second terminal detect a sound generated in the vicinity, record data of the detected sound and information of a position where the sound is detected in the memory,
The second terminal transmits the recorded sound data and position information at the time of sound detection to the specific first terminal,
In the specific first terminal, the sound data transmitted from the second terminal and the position information at the time of sound detection are the sound data recorded in the specific first terminal and the position at the time of sound detection. A computer system characterized by determining that the authentication of the second terminal is successful when the information matches within a predetermined error range. A computer system according to any one of claims 1 to 8,
The second terminal has a camera for acquiring an image;
The specific first terminal generates a visually recognizable code, displays the generated code on a screen,
It said second terminal captures the code displayed on the screen of the particular first terminal, transmits data code the shot to the particular first terminal,
The specific first terminal determines that the authentication of the second terminal is successful when the code data transmitted from the second terminal matches the data of the generated code. A computer system.