JP2006345160A - Information communication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve security of communication more by dynamically dividing communication information by using a secrecy dispersing method. <P>SOLUTION: In an information communication system wherein a first terminal and a second terminal communicate information to each other, a server generates a key for restoring transmission data every time the data are transmitted, divides key information into a plurality of parts, and transfers a first divided decoding key to the first terminal and a second divided deciphering key to the second terminal as a communication partner. The first terminal restores the first divided deciphering key transmitted from the server and the second deciphering key transmitted from the second terminal to the original deciphering key, divides the transmitted data into a plurality determined according to a specified rule, enciphers the plurality of divided data with the deciphering key, and transmits the data. The second terminal restores the second divided deciphering key transmitted from the server and the first divided deciphering key transmitted from the first terminal to the original deciphering key, receives the plurality of divided data from the first terminal, and deciphers the data by using the deciphering key. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information communication system, and more particularly to an information communication method and system for realizing secure real-time communication in information communication between terminals connected to a network, a terminal device used in the information communication method, and communication. It is about the program.

A terminal device such as a PC (personal computer), a mobile terminal, a mobile phone, an information home appliance, etc. performs data communication with other terminal devices at remote sites via a network such as the Internet, or accesses a server to access contents and various Downloading information or accessing a provider's site to conduct electronic commerce or the like is routinely performed.
In communication of information using such a network, it is important to ensure a secure communication environment. With respect to secure communication, in general, an access right is set by a password or information is encrypted to prevent information leakage.

  However, the password access right setting method may leak the password due to hacking or the like. Even when information is encrypted to protect security, the encryption may be decrypted, and as a result, the information may be restored.

  By the way, a method using electronic tally is known as a technique for ensuring the security of electronic information. This method is based on the threshold secret sharing method “K out of n sharing method” originally proposed in a paper published in 1979 by Dr. Adi Shamia, the developer of the RSA encryption method. That is, this is a secure information processing technique in which a file is encrypted and divided into a plurality of parts, and it is impossible to restore the original file unless all of the divided parts are obtained at the time of decryption.

  Recently, this secret sharing method is also used in the fields of information communication and electronic commerce using a network. For example, in Japanese Patent Laid-Open No. 2003-132234 (Patent Document 1), a server machine The electronic tally generating means provided in the step divides the remaining reserved portion X of the electronic information into a plurality of tally information Yi, sends them to the user machine through different communication paths, and restores them by the electronic tally restoration means provided in the user machine. Technology is disclosed.

JP 2003-132234 A

  The technology disclosed in Patent Document 1 is a basic principle regarding the application of electronic tally to the transaction of electronic information on a server machine and a user machine using the Internet. There is no suggestion about the communication technique using the secret sharing method when the third device is interposed between them. In addition, the secret division method disclosed in Patent Document 1 assumes that the number of pieces of electronic information divided into a plurality of pieces is uniform and static, and dynamically changes the division method according to at least the communication environment. There is no suggestion.

An object of the present invention is to provide an information communication method and system using a secret sharing method with further improved security, and a terminal device and a program used therefor.
Another object of the present invention is to provide a communication technique using a secret sharing method for processing communication information in real time and dynamically dividing the communication information.
Another object of the present invention is to provide a communication technique in which the secret splitting method is dynamically changed and applied in accordance with the capability of the communication partner terminal.
Another object of the present invention is to provide a communication technique using a secret sharing method capable of destroying data for access by an unspecified person.

An information communication system according to the present invention includes a plurality of terminals and a server connected via a network, and in the information communication system that performs information communication between a first terminal and a second terminal, the server includes: Each time data is transmitted between the first terminal and the second terminal, a key for restoring the transmission data is generated, the key information is divided into a plurality of decoding keys, and the divided first division is performed. A server distributed processing unit that transfers the decoding key to the first terminal and transfers the second divided decoding key to the second terminal that is a communication partner;
The first terminal includes a first division decoding key transmitted from the server, a decoding key restoration means for restoring the original decoding key from the second division decoding key transmitted from the second terminal, and a decoding key restoration. A first distributed processing unit that divides transmission data into a plurality determined according to a predetermined rule when the original key is restored by the means, and encrypts the plurality of divided data with the restoration key; Transmission means for sending the data divided into the network,
The second terminal includes a second division decoding key transmitted from the server, a decoding key restoration means for restoring the original decoding key from the first division decoding key transmitted from the first terminal, When the original decoding key is restored by the receiving means for receiving a plurality of divided data transmitted from the terminal and the decoding key restoring means, a plurality of pieces of data received from the receiving means are restored using the restored decoding key. The information communication system includes a second distributed processing unit that decodes the divided data and restores the original transmission data from the plurality of data. (Corresponding to claim 1)
In a preferred example, the first terminal and the second terminal discard the decryption key after encrypting or decrypting the data divided into a plurality of pieces with the original decryption key.
Preferably, the server holds a terminal list indicating status information of a plurality of terminals capable of data communication in the storage means, and the first terminal acquires the terminal list from the server and communicates with the communication partner. When the state of the second terminal to be confirmed is confirmed, the server distributed processing unit generates the first and second divided decoding keys, and sends the first divided and the second terminals serving as communication partners to the first divided The decoding key or the second divided decoding key is transmitted.

The information communication system according to the present invention includes a plurality of terminals and a server connected via a network, and performs information communication between the first terminal and the second terminal.
The server has storage means for holding a list indicating status information of a plurality of terminals capable of data communication, and transmission means for transmitting the list to a terminal having a list acquisition request.
The first terminal refers to the obtained list, and divides transmission data into a plurality of pieces according to a division method that variably controls the data division method according to the state of the second terminal that is a communication partner. A processing unit, and transmission means for sending the data divided into a plurality to the network,
The second terminal receives a plurality of divided data transmitted from the first terminal, and transmits the divided data received from the receiving means to the original transmission according to the determined division method. An information communication system having a second distributed processing unit for restoring data. (Claim 4)
In a preferred example, each time data is transmitted between the first terminal and the second terminal, the server generates a key for restoring the transmission data, divides the key information into a plurality of decoding keys, A server distributed processing unit that transfers the divided first divided decoding key to the first terminal and transfers the second divided decoding key to the second terminal serving as a communication partner;
The first terminal has decoding key restoration means for restoring the original decoding key from the first division decoding key transmitted from the server and the second division decoding key transmitted from the second terminal, The one distributed processing unit, when the original key is restored by the decryption key restoration means, divides the transmission data into a plurality according to the determined division method, and encrypts the plurality of divided data with the restoration key,
The second terminal has decoding key restoration means for restoring the original decoding key from the second dividing decoding key transmitted from the server and the first dividing decoding key transmitted from the first terminal. When the original decoding key is restored by the key restoring means, the second distributed processing unit uses the restored decoding key to decode a plurality of pieces of divided data received from the receiving means and Restore the transmitted data.
Preferably, the server stores, as the list, a terminal list that holds the unique information of the terminal and the performance information of the terminal, and a performance-specific list that defines a division relationship between the performance information and the data in the storage unit, The first distributed processing unit of one terminal divides the transmission data into a plurality of pieces according to the performance information of the second terminal listed in the terminal list and the division relation defined in the performance-specific list.
Preferably, the first distributed processing unit of the first terminal further includes means for creating a decoding order list that defines an order for restoring the plurality of divided data, and the transmitting means includes the decoding order list. Is transmitted to the second terminal, and the second distributed processing unit of the second terminal restores the received divided data with reference to the decoding order list.

An information communication system according to the present invention includes a plurality of terminals and a server connected via a network, and performs communication of information between a first terminal and a second terminal.
A first distributed processing unit that divides transmission data into a plurality according to a division method that variably controls a data division method according to the performance and / or time of a second terminal that is a communication partner; Transmission means for sending the data divided into a plurality of networks,
The second terminal receives a plurality of divided data transmitted from the first terminal, and transmits the divided data received from the receiving means to the original transmission according to the determined division method. An information communication system having a second distributed processing unit for restoring data. (Claim 7)
In one example, the performance indicates at least one of the CPU processing speed, the memory capacity, and the communication line speed of the second terminal, and the first distributed processing unit increases the number of transmission data divisions as the performance decreases. To divide.

An information communication system according to the present invention includes a plurality of terminals and servers connected via a network, and transmits data from the first terminal to the second terminal.
The first terminal confirms the information of the second terminal that is the communication partner, divides the data to be transmitted into a plurality of n, and generates m dummy data (m is an integer of at least 0). A first distributed processing unit that creates (n + m) pieces of transmission data, and a transmission unit that sends the created transmission data to the network,
The second terminal receives a plurality of (n + m) divided data transmitted from the first terminal, discards m dummy data from the plurality of data received by the receiving means, and n This is an information communication system having a second distributed processing unit that restores individual data and restores original transmission data. (Corresponding to claim 10)
For example, the first distributed processing unit variably controls the number n of data to be divided and the number m of dummy data.
In one example, the first distributed processing unit variably controls the number n of divided data according to the performance of the second terminal, and variably controls the number m of dummy data by a random number.
In one example, the first distributed processing unit further includes means for creating a decoding order list that defines the order in which a plurality of data (n + m) is restored, and the transmitting means sends the decoding order list to the second terminal. The second distributed processing unit restores the received data (n + m) with reference to the decoding order list.

  Preferably, in the information communication system, the server displays the decoding order list information transmitted from the first terminal to the second terminal and / or the data restoration result in the second distributed processing unit of the second terminal. The information shown is held in the storage device as a log.

An information communication system according to the present invention includes a plurality of terminals and a server connected via a network, and performs communication of information between a first terminal and a second terminal.
The server includes a storage unit that holds a terminal list indicating information related to a communication target terminal;
Receiving the terminal address of the communication partner transmitted from the first terminal, generating a key for restoring the transmission data, dividing the key information into a plurality of decoding keys, and dividing the divided first divided decoding key into the first A distributed processing unit that transmits to the first terminal and transmits the second divided decoding key to the second terminal as the communication partner, and holds information communicated between the first terminal and the second terminal as a history A log processing unit,
The first terminal has a storage means for holding a terminal list indicating communication partners acquired from the server, a first division decoding key transmitted from the server, and a second division decoding transmitted from the second terminal. Decoding key restoration means for restoring the original decoding key from the key, a distribution method processing unit that determines a transmission data division method with reference to the terminal list, and a transmission data is divided into a plurality of pieces according to the processing result of the distribution method processing unit And a distribution processing unit that determines the order in which the transmission data divided into a plurality of parts is restored, and a transmission unit that transmits the transmission data divided into a plurality of parts and an order list indicating the order of restoration, and
The second terminal includes a receiving unit that receives the transmission data divided into a plurality of pieces and an order list indicating the order of restoration, a storage unit that holds the acquired order list, and a second divided decoding that is transmitted from the server. In accordance with the order shown in the order list according to the key, the decoding key restoration means for restoring the original decoding key from the first divided decoding key transmitted from the first terminal, and the restoration key restored by the decoding key restoration means And a distributed processing unit for restoring received data. (Claim 15)
Moreover, this invention has the characteristics as a 1st or 2nd terminal used in the said information communication system.
Further, the present invention is characterized as a server used in the information communication system.

A data communication method according to the present invention is a data communication method for transmitting data from a first terminal to a second terminal in an information communication system including a plurality of terminals and a server connected via a network,
The first terminal includes a first distributed processing step for dividing the data into a plurality of pieces according to a division method for variably controlling the data division method according to the state of the second terminal serving as a communication partner, and the divided data Transmitting to the second terminal via the network;
The second terminal receives a plurality of divided data transmitted from the first terminal, restores the received plurality of divided data, and restores the original data; Is a data communication method. (Corresponding to Claim 18)
Preferably, the server includes a step of holding a list indicating performance information of a terminal capable of data communication in the storage unit, and a step of transmitting the list to a first terminal having a list acquisition request. The first terminal refers to the list and divides the data into numbers according to the performance of the second terminal and transmits the data.
Preferably, the server generates a key for restoring the transmission data every time data is transmitted between the first terminal and the second terminal, and divides the key information into a plurality of decoding keys. , Transferring the divided first divided decoding key to the first terminal, and transferring the second divided decoding key to the second terminal serving as a communication partner. A step of restoring the original decoding key from the transmitted first divided decoding key, the second divided decoding key transmitted from the second terminal, and a predetermined dividing method when the original key is restored And dividing the data into a plurality of pieces and encrypting the plurality of pieces of the divided pieces of data with a restoration key, the second terminal includes a second divided decryption key transmitted from the server, The original decoding key from the first divided decoding key transmitted from the terminal A step of restoring, and when the original decoding key is restored, a step of decoding the plurality of divided data received by the receiving means using the restored decoding key and restoring the original data from the plurality of data Have
Preferably, the first terminal divides data to be transmitted into a plurality of n, generates m (m is an integer of at least 0) dummy data, and creates (n + m) transmission data. Then, the created transmission data is transmitted to the second terminal via the network, and the second terminal receives a plurality (n + m) of data transmitted from the first terminal, and from the received plurality of data The m pieces of dummy data are discarded, the n pieces of data are restored, and the original transmission data is restored. (Corresponding to Claim 21)
The data communication method according to the present invention can also be grasped as follows. That is, in a data communication method that includes a plurality of terminals and servers connected via a network and transmits data from the first terminal to the second terminal, when a data transmission request occurs in the first terminal, According to the status information of the second terminal that is the communication partner acquired from the communication management server, the data division method is variably controlled to divide the data into a plurality of data, and the divided data is sent to the second terminal via the communication management server. And when the original decoding key is restored from the decoding key generated by the communication management server and divided into a plurality of pieces, the first electronic tally for restoring the plurality of pieces of divided data received is transmitted at the second terminal. Communication mode,
When a data transmission request is generated at the first terminal, the data division method is variably controlled according to the state of the second terminal serving as a communication partner to divide the data into a plurality of data, and the divided data is sent via the communication management server. The second terminal restores the received plurality of pieces of divided data when the original decoding key is restored from the decoding key generated and divided into a plurality of pieces by the second terminal. The electronic tally communication mode of the data communication method. (Corresponding to Claim 22)
Further, the present invention is grasped as a program for executing the steps of the communication method on a computer. (Corresponding to Claim 24)

  According to the present invention, a communication technique using a secret sharing method with further improved security can be obtained. In addition, using the secret sharing method, communication information can be processed in real time and the communication information can be dynamically divided. In addition, by using the secret sharing method and applying the secret sharing method according to the state of the communication partner's terminal, for example, performance, it is possible to perform dynamic division and restoration in accordance with the capability of the partner terminal.

  In addition, in a communication environment using the secret sharing method, by mixing dummy data into the divided transmission data, the data can be restored only at the terminal that is a legitimate transmission destination, while the unspecified person Since the transmission data is destroyed by the dummy data and cannot be restored to the original data, a secure communication technique can be realized.

Embodiments of the present invention will be specifically described below with reference to the drawings.
FIG. 1 shows a configuration of an information communication system according to an embodiment.
In this information communication system, a communication management server 1 and a plurality of terminals 2 and 6 are connected via a network 91 such as the Internet or a WAN (Wide Area Network), and information is communicated between these devices. . For example, a communication request and transmission data issued from the client device 20 in the terminal 2 are transmitted to the partner terminal 6 via the network 91 via the communication management server 1.

  The communication management server 1 manages communication protocols. In addition, there is provided a mechanism for performing the management for securely establishing a communication path, which is characteristic of the present invention, and for dynamically dividing transmission data by applying a secret sharing method to transmit and receive. Although this configuration and the like will be described in detail later, in the range shown in FIG. 1, the communication management server 1 stores the communication data as a log and the distributed processing server 10 that implements the functions of the present invention. A communication data log DB (database) 14 is provided. The distributed processing server 10 includes a dynamic tally processing unit 11 that manages a dynamic data partitioning method, and a memory (not shown) that holds a terminal list 12 and a performance-specific parameter list 13. Although details will be described later, these lists 12 and 13 may be understood as a management table in which rules for dynamically dividing secrets of transmission data are described.

  The communication management server 1 is configured by hardware including a processing unit (CPU) and a memory. In this embodiment, the distributed processing server 10 having the dynamic tally processing unit 11 is realized by software. And

  The plurality of terminals 2 and 6 are information processing apparatuses such as a PC (personal computer), a mobile phone, and a PDA, and function as client devices 20 and 60. Each of the client devices 20 and 60 includes GUIs 21 and 61 and dynamic tally processing units 22 and 62 as data input / output means. Moreover, although not shown in figure, the some terminal 2 and 6 have a memory | storage device which stores transmission / reception data and other information. In this example, the dynamic tally processing units 22 and 62 are configured by software, and have a processing function characteristic of the present invention, for example, a function of performing dynamic division of transmission data and restoration processing of divided data. This will be described later.

Next, details of various functions of the server 1 and the terminals 2 and 6 in the information communication system will be described with reference to FIG.
Since the functions of the client devices 20 and 60 of the terminals 2 and 6 are the same, the configuration on the client device 20 side will be described below as an example.

  The dynamic tally processing unit 22 of the client device 20 includes a terminal information acquisition unit 221, a connection unit 222, a distribution method processing unit 223, and a secret sharing processing unit 224.

The terminal information acquisition unit 221 is a processing unit for acquiring information on a large number of terminals held in the distributed processing server 10. Based on the acquired terminal information, the address of the terminal that is the communication partner is recognized, the terminal information that is the transmission source is acquired, and the process of transmitting to the distributed server 10 is performed. This processing operation will be described in detail later.
The connection unit 222 is processing means for confirming a device such as a communication partner terminal or server and establishing a communication path with the device.

  The distribution method processing unit 223 is a processing unit that determines a transmission data dividing method, which is one of the characteristics of the present invention. Although details will be described later with reference to FIGS. 4 and 5, each time a transmission request is generated from the terminal, the distribution method processing unit 223 performs the division method according to the state of the terminal that is the transmission partner, time information, or the like. Is controlled variably. The transmission data is divided according to the determined division method.

The secret sharing processing unit 224 is one feature of the present invention, has electronic tally means, divides transmission data into a plurality of pieces by the electronic tally means, and converts the received data divided into a plurality of pieces into original data. Restore process. Further, the processing unit 224 has means for inserting one or a plurality of dummy data into the divided transmission data. Further, when it becomes the receiving side, it has means for removing the dummy data inserted from the received data and correctly restoring the original data from the data divided into a plurality on the initial transmitting side. Further, the secret sharing processing unit 224 has processing means for encrypting transmission data with an encryption key and decrypting reception data with the encryption key.
The processing function and operation of the secret sharing processing unit 224 will be described in detail later.

The dynamic tally processing unit 11 of the distributed processing server 10 includes a request analyzing unit 120, a terminal information registration unit 121, a terminal inquiry processing unit 122, a secret sharing processing unit 123, a log processing unit 124, and a relay processing unit 125. In FIG. 2, the communication data log DB 14 (FIG. 1) is not shown.
The request analysis unit 120 analyzes various requests transmitted from the terminal and activates a processing unit corresponding to the request. Requests from terminals include terminal information registration requests, data transmission requests, and the like.

  The terminal information registration unit 121 is processing means for registering terminal information requested from a terminal in the terminal list 12. Here, the terminal list 12 is a management table for registering information on terminals that can receive management (or service) by the dynamic distributed processing server 10, and this will be described later with reference to FIG.

The terminal inquiry processing unit 122 is processing means for providing the contents of the terminal list 12 held by itself when there is an inquiry about terminal information from the terminals 2 and 6. The terminal inquiry processing unit 122 provides not only the terminal list 12 but also the performance-specific parameter list 13 to the terminal.
The secret sharing processing unit 123 has electronic tally means, generates a key (decryption key) for decrypting transmission data, and divides the generated key into a plurality of processes.

  The log processing unit 124 stores communication information between terminals processed in accordance with the management of the dynamic tally processing unit 11 in the communication data log DB 14. As illustrated in FIG. 13, the communication data log DB 14 holds information indicating transmission terminal information 141, reception terminal information 142, transmission data name 143, transmission start time 144, reception end time 145, and communication result 146 as a log.

  The relay processing unit 125 has a function of relaying data communication between the terminals 2 and 6, and relays data through a session between the terminals. As data communication between terminals, communication is performed via the distributed processing server 10 as in the present embodiment (first mode), and not via the distributed processing server 10 as will be described later (FIGS. 15 to 17). Although it is assumed that communication is performed directly between terminals (second mode), the relay processing unit 125 functions in the former mode.

  Next, the terminal list 12 and the performance-specific parameter list 13 for registering management information will be described. These lists are characteristic of the present embodiment, and are held in a storage unit such as a memory of the distributed processing server 10. Note that these lists 12 and 13 may be incorporated and held in software.

As shown in FIG. 10, in the terminal list 12, corresponding to the terminal to be registered, terminal-specific information, for example, terminal information 101 for registering the IP address of the terminal, registration date and time 102 indicating the date and time registered in the list , Terminal type 103 indicating the type of terminal such as PC, PDA or mobile phone, the performance 104 of the CPU mounted on the terminal, the memory capacity 105 of the terminal, the line speed performance 106, and network information including the IP address of the terminal 107 and information such as session information 108 including a session ID are registered. In the session information 108, a session is established between the distributed processing server 10 and the terminal at the time of registration of the terminal information (FIG. 3), and a session ID at the time of establishment is registered.
In addition, actual specification values are registered as values indicating the performance of the CPU performance 104, the memory capacity 105, and the line speed 106.

The performance-specific parameter list 13 is a management table for determining the number of transmission data divisions according to state information such as terminal performance.
As shown in FIG. 11, the performance-specific parameter list 13 includes a performance value 111 indicating performance values H, M, and L, a CPU speed 112, a memory capacity 113, a line speed 114, and the number of divisions according to the performance value. Information of the division number parameter 115 shown is registered. The division number parameter 115 is set such that the higher the performance, the smaller the division number, n1 for high H, n2 for medium M, and n3 for low L. For example, “2”, “3”, and “4” are set as high, medium, and low. That is, for a terminal with low performance, the number of divisions is increased to reduce the load and improve the transmission efficiency.

  The number of data divisions is determined by the sum of the three parameters of the CPU speed 112, the memory capacity 113, and the line speed 114. For example, if the performance of the destination terminal is CPU speed (performance H) (number of divisions 2), memory capacity (performance M) (number of divisions 3), line speed (performance L) (number of divisions 4), The total number of divisions is 9 (= 2 + 3 + 4).

Note that the division number parameter is not uniquely set according to the performance value as described above, but may be variable. For example, like the performance-specific parameter list 13 ′ shown in FIG. 14, the number of divisions can be changed sequentially according to the time zone. For example, when the line is busy, such as working hours, it is preferable to increase the number of divisions of transmission data for transmission.
As another alternative, the list 13 in FIG. 11 and the list 13 ′ in FIG. 14 may be used in combination.

Next, with reference to FIG. 3, the terminal related information registration processing operation in the information communication system will be described.
Registration of terminal information is the first processing operation that a terminal newly connected to the network 91 performs in order to receive the service of the distributed processing server 10. When a terminal is newly connected to the network 91, the terminal information acquisition unit 221 of the dynamic tally processing unit 22 is activated to automatically acquire terminal information necessary for registration (for example, the contents of FIG. 10) (S301).

  The connection unit 222 connects the terminal 2 to the distributed processing server 10 via the network. When the connection is confirmed, the terminal information acquisition unit 221 transmits the terminal information to the distributed processing server 10 via the network 91 (S302). Here, the terminal information to be transmitted includes various information registered in the terminal list 12, that is, terminal information (for example, the IP address of the terminal) 101 and terminal specification information (performance information 104, 105, 106).

  In the distributed processing server 10, the dynamic tally processing unit 11 receives various requests from the terminal and performs processing according to each request. If the request analysis unit 120 analyzes the request from the terminal and recognizes that the request is a registration request for terminal information, the terminal information registration unit 121 is activated (S303).

  The terminal information registration unit 121 refers to the received terminal information and searches the terminal list 12 using the terminal information as a key (S304). As a result of referring to the contents of the terminal list 12, if information related to the terminal information is not registered, it is verified whether a session is established for the requested terminal (S305). As a result, if the session is established, the session ID is acquired and added to the registration target.

In this way, the received terminal information, terminal specification information, and session ID are newly registered in the terminal list 12 (S306). In addition, when terminal specification information related to the terminal information has already been registered, check whether there is any change in the contents of the terminal specification information, and if there is a change, write the received changed information, The contents of the terminal list 12 are updated.
When the terminal related information registration process is completed, a response indicating the completion of registration is returned from the dynamic allocation processing unit 11 to the dynamic tally processing unit 22 of the terminal 2, and the series of registration processing ends (S307).

  Although not described in detail, when registering the terminal-related information, the user 21 (administrator) specific information (ID) and password are input from the GUI 21 of the client device 20. It is preferable to verify the user ID and password registered in the storage unit in the server, and permit registration of the terminal information when the user ID matches.

Next, an information communication processing operation in the information communication system will be described with reference to FIGS.
This example shows an operation of transmitting data from the client device 20 of the terminal 2 to the client device 62 of the terminal 6 under the management of the dynamic tally processing unit 11 of the distributed processing server 10. Prior to the transmission operation, it is assumed that data (file) to be transmitted is created in advance and stored in a storage device (not shown) with a file name in the client device 20.

The processing operation will be described in detail below.
First, a terminal information acquisition request is issued from the GUI 21 of the client device 20 to the dynamic tally processing unit 22 in order to confirm information of a terminal that is a transmission partner. Upon receiving this request, the terminal information acquisition unit 221 of the dynamic tally processing unit 22 transmits an acquisition request for information on a terminal that is a transmission partner to the distributed processing server 10 (S401). In this case, the information transmitted to the distributed processing server 10 includes an acquisition request for a list of terminal information (reference numeral 101 in FIG. 10) in the terminal list 12.

  In the distributed processing server 10, the terminal inquiry processing unit 122 of the dynamic tally processing unit 11 reads the terminal list 12 and the performance-specific parameter list 13 from the memory. Then, terminal-related information (reference numerals 103 to 108 in FIG. 10) related to the terminal address of the terminal 6 is extracted from the terminal list 12, and the terminal-related information and the performance-specific parameter list 13 are returned to the requesting terminal 2 as an answer. Transmit (S402).

When the client device 20 receives the related information (partner terminal list) of the terminal 6 and the parameter list 13 by performance, it stores them in the memory, and the GUI displays the contents of the partner terminal list 12 on the display screen (S403).
For example, the terminal information is displayed as a list such as “TANAKA-PC@base.co.jp” (name @ address). From the list of terminal information displayed, the terminal of the other party to which the user wants to connect is selected by the input means. Then, the dynamic tally processing unit 22 refers to the session information 108 of the selected terminal 6 and determines whether the session ID is registered and confirms whether it is connected to the network (S404). When the connection to the network is confirmed, the terminal address of the transmission partner is transmitted to the distributed processing server 10.

  In the dynamic tally processing unit 11 of the distributed processing server 10, the secret sharing processing unit 123 refers to the terminal information from the received terminal address (S405), and generates a decryption key (AB11) (S406). The decryption key has a data size of about several bytes as a keyword. Here, the information of the selected terminal is referred to by acquiring the performance information (CPU speed 104, memory capacity 105, line speed 106) and the like of the transmission partner from the terminal list 12 using the terminal information as a key. This is because the tally condition for the decoding key is determined later based on this performance information.

This decryption key is a key for confirming the connection relation of the terminals and a key for restoring the transmission data. Further, the secret sharing processing unit 123 divides the decryption key generated by the electronic tally means into two (S407). One of the divided decryption keys a11 is transmitted to the transmission source terminal 2, and the other decryption key b11 is transmitted to the transmission destination terminal 6 whose connection has been confirmed.
The dynamic tally processing unit 22 on the transmission side receives the decoding key a11, stores it in the memory, and further transmits the key a11 (S408). The relay processing unit 125 of the distributed processing server 10 relays the transmission request of the key a11 and transmits it to the terminal 6 (S409).

  In the client device 60 at the transmission destination (reception side), the secret sharing processing unit 624 of the dynamic tally processing unit 62 receives the decryption key a11, and first receives the decryption key a11 and stores it in the memory. The original decryption key AB11 is restored from the other decryption key b11 (S410). When the key AB11 is restored, the secret sharing processing unit 624 confirms that the terminal 2 and the terminal 6 have a secure connection relationship (S411). That is, even if the terminal 6 receives the forged decryption key x11 from another unrelated terminal x, the original key AB11 cannot be restored from the decryption key x11 and b11. The transmission data from the terminal x that is the transmission source is also treated as illegal data and is not restored.

  When the secret sharing processing unit 624 confirms the connection status between the terminals, the secret sharing processing unit 624 transmits information on the connection status “connection is possible” and the other decryption key b11. The relay processing unit 125 of the distributed processing server 10 relays this transmission response and transmits it to the terminal 2 (S412).

  The dynamic tally processing unit 22 of the transmission source terminal 2 recognizes that a secure communication path has been secured by receiving “connectable”. In addition, the original decoding key AB11 is restored from the other decoding key b11 received and the decoding key a11 acquired previously (S413). The decryption key AB11 is used as an encryption key for transmission data.

Now, the description will be moved to FIG. The next operation phase is data transmission from the terminal 2 to the terminal 6 whose communication path has been confirmed.
First, in the client device 20, the distribution method processing unit 223 of the dynamic tally processing unit 22 performs a process of dividing the transmission data by dynamically changing the division method according to the state of the terminal 6 of the transmission partner (S501). ).

This characteristic data division processing will be described in detail with reference to the flowchart of FIG.
In FIG. 6, the distribution method processing unit 223 of the client device 20 reads the counterpart terminal list stored in the memory, and acquires terminal specification information (performance information 104 to 106 in FIG. 10) (601). Also, the performance-specific parameter list 13 stored in the memory is read, and the performance-specific parameter list 13 is referenced to calculate the number of divisions related to the specifications of the terminal 6 (602). For example, “9” is calculated as the total data division number n from the performance values of the terminal 6 such as the CPU speed and the memory capacity.

Furthermore, in the embodiment of the present invention, the security of transmission data is further improved by mixing dummy data into the transmission data divided into a plurality.
The purpose of mixing dummy data is to reduce the risk of data being decoded and to reduce the risk of unauthorized restoration processing. If dummy data and correct data are restored together, it will of course be an error because it cannot be restored correctly. In the case of an error, since there is a possibility that it is not a valid communication partner (data acquirer), all data (transmission data and its restored data) are discarded (deleted).

In the flow of FIG. 6, in order to determine the number of dummy data to be mixed, random numbers from integers 0 to 3 are generated, and the random number value is set as the dummy data number m (603).
Then, the total number of divisions (n + m = s) is obtained from the total number of divisions n calculated from the performance-specific parameter list 13 and the number of divisions m calculated from random numbers for dummy data (604).

  Next, a division method for dividing data evenly or non-uniformly is determined. In this case, the equal division is a method of dividing data into a plurality of s with the same capacity, and the unequal means a method of dividing data into a plurality of s with an uneven capacity.

  Here, a random number of 0 or 1 is generated (6051), and when “0”, it is determined as non-uniform division, and when “1”, it is determined as equal division (6052). A random number from 1 to 9 is generated, and an unequal ratio is determined according to the random number (6053). Note that the non-uniform division of data can be realized by applying a normal non-uniform electronic tally technique.

  In this way, the division number and division method of transmission data are determined. It should be noted that the steps 6051 to 6053 of the data division method by equality or non-uniformity are eliminated, and all the data is equally divided, or the division method is uniformly determined so that all the data is unevenly divided. It may be set.

  Next, according to the calculated total number of divisions s and the division method (steps 6051 to 6053), the process proceeds to a processing operation for determining the position of dummy data to be inserted. This process is a process for creating a restoration order list 70 in which the order in which transmission data divided into a plurality of parts is restored is determined, and the position (order) at which dummy data is inserted in the list 70 is clarified (see FIG. 5, S502).

  By specifying the dummy data insertion position in the restoration order list 70 in this way, the receiving side terminal refers to the restoration order list 70 while referring to the restoration order list 70 to determine the position of the dummy data position. Can be thrown away. The original data can be restored from the remaining data (n).

The creation of the restoration order list 70 will be described in detail with reference to FIG.
As shown in FIG. 12, the restoration order list 70 has a format in which a file name, a data size, and a type are registered for each of a plurality of data (1 to N). As the type, the position of regular transmission data indicates “OK”, and the position of dummy data indicates “NG”.
The restoration order list 70 is a function provided for the client device having the dynamic tally processing means, and is stored in advance in the memory of the client device.

When creating the restoration order list 70, the contents of the restoration order list 70 are first initialized (701). In this initialization process, a list 70 is created in which rows are reserved for the total number of divisions s. (In this case, N = s)
Next, the insertion position of dummy data is obtained (702). The insertion position of the dummy data is determined by generating a random number of 1 or 0, and in the case of 0, the position is allocated with normal divided data, and in the case of 1, the dummy data is allocated at that position. When the number of random numbers 1 reaches the number m of dummy data, normal divided data is all allocated to the remaining positions.

In the case of dummy data allocation, “NG” is set in the “type” column of the dummy data insertion position (703). On the other hand, “OK” is set as the “type” of the position of the normal divided data.
In this way, the restoration order list 70 is created by continuing the above operation until the allocation of all the data numbers s is completed.

  The flow of creating the restoration order list 70 shown in FIG. 7 is an example, and the present invention is not limited to this. For example, the regular divided transmission data may be allocated to the even number, and the dummy data may be allocated to the odd number. Alternatively, the dummy data may be fixedly allocated to a position that is a multiple of “3”.

  When the creation of the restoration order list 70 is completed, the secret sharing processing unit 224 then performs transmission data division processing based on the restoration order list 70 (FIG. S503). This division processing will be described in detail with reference to FIG.

  First, the secret sharing processing unit 224 transmits transmission data based on the division method (equal division or non-uniform division) and the division number n (for example, the total number of data N (= s) −m) determined by the electronic tally means. Is divided into n (801). Since the transmission data is already stored with the file name assigned to the storage device of the client device 20, the file data is read and divided. In addition, non-uniform division of data by electronic tally can be realized by using an electronic tally method known to those skilled in the art.

  It is determined whether the total number N of data is equal to s (803). If still “No”, information of transmission data (N = 1st information) is acquired from the restoration order list 70 (804), and the type Is “OK” or “NG” (805). If the result of determination is “NG”, the dummy data is generated (806) because the position is a place where dummy data is to be inserted. Thereafter, the file size of the dummy data is stored in the restoration order list 70 (807).

On the other hand, if the result of determination in step 805 is “OK”, the file size corresponding to the transmission data (N = 1) in the restoration order list 70 is updated in the same manner (that is, the file capacity is stored) ( 807). Then, N is updated to N + 1 (808), and the process proceeds to step 803. In the next case, N is updated to “2”, and the above allocation processing of divided data and dummy data is repeated.
The divided data is encrypted by the decryption key AB11 and temporarily stored in the memory. In this state, transmission is awaited.

  If the total number N of data posted in the restoration order list 70 reaches s as a result of the determination in step 803, it is judged that all the data has been allocated, and the restoration order list 70 is transmitted (S504).

  Referring to FIG. 5, the restoration order list 70 transmitted from the dynamic tally processing unit 22 of the client device 20 is received by the distributed processing server 10 and received by the destination terminal 6. The restoration order list 70 acquired by the distributed processing server 10 is processed as a log by the log processing unit 124 and stored in the communication data log DB 14 (S505).

Further, the client device 60 temporarily stores the received restoration order list 70 in the memory, and returns a reception “OK” to the terminal 2 (S506).
The distributed processing server 10 relays the received “OK” response transmitted from the terminal 6 and transmits it to the terminal 2 (S507).
When the transmission-side client device 20 receives the reception OK, the dynamic tally processing unit 22 sequentially reads and transmits the total number N of transmission data held in the memory (S508).

  The transmission data is given a file name defined in the restoration order list 70 in order to identify each. Further, the format of the transmission data will be described. The transmission data is composed of a data part and a header part, and the header part includes No and an original file name given by the restoration order list 70 as management information. Of course, a decoding key is required to obtain the header information from the transmission data. The data transmission order and the restoration order are not related.

The data transmitted from the terminal 2 is relayed by the distributed processing server 10 and transmitted to the terminal 6 (S509).
The client device 60 of the receiving terminal 6 temporarily stores the received N data in the memory. Thereafter, the received data is restored using the previously obtained restoration order list 70 and decoding key AB11 (S510).

The received data restoration process will be described in detail with reference to FIG.
The secret sharing processing unit 624 obtains management information indicating the file name given to sequentially received data and the number of data (901). Then, the file name is compared with the restoration order list 70 received earlier (902), and if it matches, the received data is recognized as data divided by the secret sharing process. Then, with reference to the type column of the restoration order list 70, it is determined whether the data is restored or discarded without being restored (903).

The data to be restored is decrypted by the decryption key AB11 that has been previously received and decrypted to restore the original data (904). When the dummy data is received, it is determined as dummy data from the file name, and the data is discarded without being restored (905).
In this way, when the total number N of data is received and all the number of data (for example, n) that are normally divided is restored (906), the series of restoration processing is terminated.

  When the restoration process is completed, the restoration result is transmitted (S511). When all the data is restored and the original data is created in the restoration process, a restoration success (OK) is transmitted. It is transmitted (S511).

  The dynamic tally processing unit 11 of the distributed processing server 10 relays the restoration result to be transmitted, acquires it as a log, and stores it in the communication data log DB 14 (S512). The restoration result is finally received by the dynamic tally processing unit 22 of the client device 20 on the transmission side, and the series of transmission processing ends (S513).

As described above, according to the present embodiment, a decoding key for restoring transmission data is generated by the management server, and the key is electronically tallyed into a transmission side device and a reception side device. Delivered. As a result, the transmitting apparatus can recognize that the security of the communication path with the receiving apparatus has been secured by receiving one of the electronically tallyed decoding keys sent from the receiving apparatus.
Also, on the receiving side, if all the decryption keys that have been electronically tallyed do not match, the received data cannot be restored, so the security of the communication data is improved.

  Furthermore, according to this embodiment, dummy data is further inserted into the transmission data divided into a plurality of parts, and the list indicating the restoration order is transmitted. Unless the restoration order list is received, the restoration of the received data becomes quite difficult and the security is greatly improved.

  In addition, since the management information used for data communication is stored in the DB as a log, the fact that data communication was performed or failed with which terminal by tracing the log information And the time and the like.

Next, another embodiment will be described with reference to FIGS.
The information communication system shown in FIG. 15 differs from the system shown in FIG. 2 in that the client devices 20 and 60 of the terminals 2 and 6 have embedded dynamic tally processing units 23 and 63. The processing means of the dynamic tally processing units 22 and 62 are the same as those described above.

  The dynamic tally processing units 22 and 62 described in FIG. 2 implement a communication function (referred to as a first electronic tally communication mode) through the distributed processing server 10 (communication management server 1). On the other hand, the embedded dynamic tally processing units 23 and 63 realize a communication function (referred to as a second electronic tally communication mode) for performing direct data communication between the terminals 2 and 6 without passing through the distributed processing server 10.

  The case where the second electronic tally communication mode is used corresponds to the case where the transmission source terminal 2 (or client device 20) has already acquired the address of the transmission destination terminal 6 (or client device 60). In this case, it is not necessary to make an inquiry to the distributed processing server 10 for a request for acquiring partner terminal information as in the above-described embodiment. In other words, the first electronic tally communication mode is a case where communication is performed by searching for a terminal as a transmission destination from an unspecified number of terminals managed by the distributed processing server 10. The electronic tally communication mode is for direct communication with a specific partner terminal.

In the case of the second electronic tally communication mode, for example, both the embedded dynamic tally processing unit 63 and the dynamic tally processing unit 62 function in the receiving terminal. This will be described in detail later with reference to FIGS. 16 to 17, but the function sharing such that the embedded dynamic tally processing unit 63 performs a server function and the dynamic tally processing unit 62 performs a client function. I am letting.
In other words, by providing the functions of the distributed processing server 10 (in the above-described embodiment) on the client devices 20 and 60 side, between the client devices (between terminals) without going through the distributed processing server 10. It can be said that direct data communication can be performed.

  15, the embedded dynamic tally processing unit 23 includes a request analysis unit 230, a terminal information registration unit 231, a terminal inquiry processing unit 232, a secret sharing processing unit 233, a log processing unit 234, and a relay processing unit 235. Have Since the embedded dynamic tally processing unit 63 has the same configuration, the embedded dynamic tally processing unit 23 side will be described below as an example.

The request analysis unit 230 analyzes a request received by the client device 20. The processing function of the dynamic tally processing unit 22 is executed according to the analysis result.
The terminal information registration unit 231 registers and manages the acquired terminal information of the other party in the memory. The partner terminal information is the same information as the terminal information registered in the terminal list 12 shown in FIG. 10 (corresponding to the terminal list 12 in FIG. 16). Also, since each terminal holds its own terminal information in the memory, it can provide its own terminal information to the requesting terminal in response to an acquisition request.

  The terminal inquiry processing unit 232 is a processing unit that receives a request from another terminal and provides information on its own terminal. It may be understood that the secret sharing processing unit 233 includes processing means similar to the secret sharing processing unit 224 in the dynamic tally processing unit 22.

The log processing unit 234 is a processing unit that acquires communication-related information as a log when data communication is performed through the embedded dynamic tally processing unit 23. In particular, the data received by the embedded dynamic tally processing unit 23 on the receiving side and the related information are acquired as a log and stored in a storage device (transmission / reception history DB).
The relay processing unit 235 is a processing unit that relays requests and data communication between the dynamic tally processing unit 22 of its own terminal and the counterpart terminal.

Next, an information communication processing operation in the information communication system based on the embodiment of FIG. 15 will be described with reference to FIGS.
First, a terminal information acquisition request is issued from the GUI 21 of the client device 20 to the dynamic tally processing unit 22 in order to confirm information of a terminal that is a transmission partner. Upon receiving this request, the dynamic tally processing unit 22 transmits a terminal information acquisition request to the terminal 6 serving as a transmission partner (S601).

  In the communication mode according to this example, it is assumed that the client device 20 acquires and holds the address of the terminal 6 as a transmission partner in advance. Although the address of the terminal 6 is already known, the performance information of the terminal 6 is not known, or even if it has been acquired, the performance etc. may be changed, so it is necessary to acquire the other party's terminal information There is.

  In the embedded dynamic tally processing unit 63 of the client device 60, the request analysis unit 630 analyzes the request, and the terminal inquiry processing unit 632 reads the terminal list 12 stored in the memory. The terminal list 12 includes its own terminal information. Then, the contents (terminal information) of the terminal list 12 are transmitted as an answer to the terminal 2 (S602). In the above-described embodiment, the terminal list 12 and the performance parameter list 13 are transmitted to the terminal 2, but the performance parameter list 13 is not necessarily transmitted. This is because the performance-specific parameter list 13 is a conversion table of performance information and division number parameters, so that the performance-specific parameter list 13 may be stored in the memory of each client device in advance.

Upon receiving the terminal list of the terminal 6 transmitted from the terminal 6, the client device 20 stores it in the memory and displays the contents of the partner terminal list on the display screen (S603).
The user of the client device 20 confirms the status of the terminal 6 as the transmission partner from the terminal address list displayed on the display screen. Thereafter, the dynamic tally processing unit 22 confirms the connection status of the partner terminal 6 to the network (S604). When the connection status to the network is confirmed, the address of the terminal 2 and the terminal information are transmitted to the terminal 6 (S604).

In the embedded dynamic tally processing unit 63, the secret sharing processing unit 633 determines that communication with the terminal 2 is possible, refers to the terminal information of the received terminal 2 (S605), and displays the decryption key (AB11). Generate (S606).
This decryption key is a key for confirming the connection relation of the terminals and a key for restoring the transmission data. Further, the secret sharing processing unit 633 divides the decryption key generated by the electronic tally means into two (S607). One of the divided decryption keys a11 is transmitted to the transmission source terminal 2, and the other decryption key b11 is transmitted to the dynamic tally processing unit 62 of the client device 60, under the management of the secret sharing processing unit 624, the memory (S608).

  The dynamic tally processing unit 22 of the client device 20 receives the decoding key a11 and stores it in the memory, and further transmits the key a11 to the destination terminal 6 (S609).

  In the destination client device 60, the embedded dynamic tally processing unit 63 relays the transmission request of the key a11 and sends it to the dynamic tally processing unit 62 (S610).

The dynamic tally processing unit 62 receives the decoding key a11, and restores the original decoding key AB11 from the decoding key a11 and the other decoding key b11 that has been received and stored in the memory (S611). . By restoring the key AB11, the secret sharing processing unit 624 confirms that the terminal 2 and the terminal 6 are in a terminal connection relationship with security (S612). For example, even if the terminal 6 receives the forged decryption key x11 from another unrelated terminal x, the transmission data from the terminal x that is the transmission source of the decryption key x11 is also treated as illegal data and is not restored. .
When the secret sharing processing unit 624 confirms the connection status between the terminals, the secret sharing processing unit 624 transmits information on the connection status “connection is possible” and the other decryption key b11. The embedded dynamic tally processing unit 63 relays the response and transmits it to the terminal 2 (S613).

  The dynamic tally processing unit 22 of the client device 20 recognizes that a secure communication path has been secured by receiving “connectable”. In addition, the original decoding key AB11 is restored from the other decoding key b11 received and the decoding key a11 acquired previously (S614). This decryption key AB11 is used as an encryption key for transmission data.

Next, referring to FIG. 17, the next phase is data transmission from the terminal 2 to the terminal 6 for which the communication path has been confirmed.
First, the distribution method processing unit 223 of the dynamic tally processing unit 22 performs a process of dividing the transmission data by dynamically changing the division method according to the state of the transmission partner terminal 6 (S701). The processing of this division method is the same as the processing according to FIG.

  Next, the process proceeds to a processing operation for determining the position of dummy data to be inserted in accordance with the calculated total number of divisions s and the division method. This process is a process for creating the restoration order list 70 in which the order in which the transmission data divided into a plurality of parts is restored is the same as the process shown in FIG.

Once the restoration order list 70 is created, the secret sharing processing unit 233 performs transmission data division processing based on the restoration order list 70 (S703). This division processing is also the same as the processing shown in FIG.
When the data allocation is completed for all of the items listed in the restoration order list 70, the restoration order list 70 is transmitted (S704).

  The restoration order list 70 transmitted from the dynamic tally processing unit 22 of the client device 20 is sent to the dynamic tally processing unit 62 via the embedded dynamic tally processing unit 63. The embedded dynamic tally processing unit 63 acquires the restoration order list 70 as a log and stores it in the transmission / reception history DB (S705).

  The dynamic tally processing unit 62 of the client device 60 temporarily stores the received restoration order list 70 in the memory, and returns a reception “OK” to the terminal 2 (S706). The embedded dynamic tally processing unit 63 relays the received answer and transmits it to the terminal 2 (S707).

  When the transmission-side client device 20 receives the reception OK, the dynamic tally processing unit 22 sequentially reads and transmits the total number N of transmission data held in the memory (S708). The plurality of data transmitted from the terminal 2 is relayed by the embedded dynamic tally processing unit 63 and transmitted to the terminal 6 (S709).

  The client device 60 on the receiving side temporarily stores the received N pieces of data in the memory. Then, the division | segmentation data received using the decompression | restoration order list | wrist 70 and decoding key AB11 which were acquired previously are decompress | restored (S710).

When the restoration process is completed, the restoration result (OK or NG) is transmitted (S711). The embedded dynamic processing unit 63 acquires the restoration result to be transmitted as a log, stores it in the transmission / reception history DB (S712), relays it, and transmits it to the terminal 2 on the transmission side.
The dynamic tally processing unit 22 of the client device 20 receives the restoration result and ends a series of transmission processing (S713).

As mentioned above, although one Example of this invention was described, this invention is not limited to said Example, It can implement variously.
According to the above-described embodiment, each time a transmission request is made, the terminal issues an inquiry to the distributed processing server 10 about the information of the terminal that is the communication partner, and the server 10 makes an inquiry about the terminal information. However, according to the alternative example, the terminal list 12 and the performance-specific parameter list 13 are held in each terminal and the distributed processing server 10, and each time the contents of these lists of the distributed processing server 10 are updated, the server 10 The update information may be transmitted to all terminals, and the contents of the lists 12 and 13 may be rewritten.

  As another modification, it is not essential to insert dummy data into the transmission data. If dummy data is inserted into a plurality of divided transmission data, the possibility that the data is falsified is further reduced, and security can be further secured. However, without inserting dummy data, as described above, for communication between terminals, security is ensured by the electronic tally of the decryption key, and the transmission data is also divided into a plurality of pieces and transmitted and restored. Since it cannot be restored to the original data without relying on the decryption key, it can be said that this is sufficient security.

The definition or terminology of terms in the above embodiment is not limited to the above. For example, the terminal list, the performance-specific parameter list, and the restoration order list have been described and described. However, these configurations and names are examples, and are not limited to the above-described embodiments.
In addition to the above, various modifications may be made within the scope of the present invention.

The figure which shows an example of the information communication system in one Example of this invention. The figure which shows the processing function of the terminal and server in the information communication system by one Example. The figure which shows the registration process sequence of the terminal relevant information in the information communication system by one Example. The figure which shows the communication processing sequence of the information in the information communication system by one Example. The figure which shows the communication processing sequence of the information in the information communication system by one Example. The figure which shows the processing flow of the distribution method process part 223 of the transmission side terminal 2 by one Example. The figure which shows the creation processing flow of the restoration order list | wrist by the secret sharing process part 224 of the transmission side terminal 2 by one Example. The figure which shows the division | segmentation processing flow of the transmission data by the secret sharing process part 224 of the transmission side terminal 2 by one Example. The figure which shows the decompression | restoration process flow of the received data of the receiving side terminal 6 by one Example. The figure which shows an example of the terminal list | wrist 12 in the information communication system by one Example. The figure which shows an example of the parameter list 13 classified by performance in the information communication system by one Example. The figure which shows an example of the decoding order list | wrist 70 in the information communication system by one Example. The figure which shows the example of communication data log DB14 in the information communication system by one Example. The figure which shows the parameter list classified by performance by another example. The figure which shows the processing function of the terminal in the information communication system by another Example. The figure which shows the process sequence of the communication between terminals in the information communication system by another Example. The figure which shows the process sequence of the communication between terminals in the information communication system by another Example.

Explanation of symbols

1: Communication management server 2, 6: Terminal 10: Distributed processing server 11: Dynamic tally processing unit 12: Terminal list 13: Performance-specific parameter list 20, 60: Client device 22, 62: Dynamic tally processing unit 221 621: Terminal information acquisition unit, 222, 622: Connection unit 223, 623: Distribution method processing unit, 224, 624: Secret distribution processing unit 120: Request analysis unit 121: Terminal information registration unit 122: Terminal inquiry processing unit 123: Secret Distributed processing unit 124: log processing unit 125: relay processing unit 70: restoration order list.

Claims (24)

In an information communication system that includes a plurality of terminals and a server connected via a network and performs information communication between a first terminal and a second terminal,
The server
Each time data is transmitted between the first terminal and the second terminal,
A key for restoring transmission data is generated, the key information is divided into a plurality of decoding keys, the divided first divided decoding key is transferred to the first terminal, and the second divided decoding key is A server distributed processing unit for transferring to a second terminal as a communication partner,
The first terminal is
Decoding key restoration means for restoring the original decoding key from the first division decoding key transmitted from the server and the second division decoding key transmitted from the second terminal;
When the original key is restored by the decryption key restoration unit, the transmission data is divided into a plurality determined according to a predetermined rule, and the plurality of divided data are encrypted with the restoration key. A distributed processing unit;
Transmission means for sending the divided data to a network,
The second terminal is
Decoding key restoration means for restoring the original decoding key from the second dividing decoding key transmitted from the server and the first dividing decoding key transmitted from the first terminal;
Receiving means for receiving a plurality of divided data transmitted from the first terminal;
When the original decoding key is restored by the decoding key restoration means, the plurality of pieces of divided data received from the receiving means are decoded using the restored decoding key, and the original transmission is made from the plurality of data. A second distributed processing unit for restoring data;
An information communication system comprising: The information according to claim 1, wherein the first terminal and the second terminal discard the decryption key after encrypting or decrypting the data divided into a plurality of parts by the original decryption key. Communications system. The server holds a terminal list indicating status information of a plurality of terminals capable of data communication in a storage unit,
When the first terminal acquires the terminal list from the server and confirms the state of the second terminal that is a communication partner, the server distributed processing unit generates first and second divided decoding keys. 3. The information communication according to claim 1, wherein the first divided decoding key or the second divided decoding key is transmitted to the first terminal and the second terminal which are communication partners. system. In an information communication system that includes a plurality of terminals and a server connected via a network and performs information communication between a first terminal and a second terminal,
The server
Storage means for holding a list indicating status information of a plurality of terminals capable of data communication;
Transmitting means for transmitting the list to a terminal having a request to acquire the list,
The first terminal is
A first distributed processing unit that references the acquired list and divides the transmission data into a plurality of pieces according to a division method that variably controls the data division method according to the state of the second terminal that is a communication partner; ,
Transmission means for sending the divided data to a network,
The second terminal is
Receiving means for receiving a plurality of divided data transmitted from the first terminal;
A second distributed processing unit that restores the data divided into a plurality of pieces of data received from the receiving unit to the original transmission data according to the determined division method;
An information communication system comprising: Each time the server transmits data between the first terminal and the second terminal,
A key for restoring transmission data is generated, the key information is divided into a plurality of decoding keys, the divided first divided decoding key is transferred to the first terminal, and the second divided decoding key is A server distributed processing unit for transferring to a second terminal as a communication partner,
The first terminal is
Decoding key restoration means for restoring the original decoding key from the first divided decoding key transmitted from the server and the second divided decoding key transmitted from the second terminal;
The first distributed processing unit, when the original key is restored by the decoding key restoration unit, divides the transmission data into a plurality according to the determined division method, and divides the plurality of divided data Encrypt with the restoration key,
The second terminal is
Decoding key restoration means for restoring the original decoding key from the second division decoding key transmitted from the server and the first division decoding key transmitted from the first terminal;
When the original decoding key is restored by the decoding key restoration unit, the second distributed processing unit uses the restored decoding key to decode a plurality of pieces of divided data received from the receiving unit, and 5. The information communication system according to claim 4, wherein the original transmission data is restored from a plurality of data. The server stores, as the list, a terminal list that holds terminal specific information and terminal performance information, and a performance-specific list that defines a division relationship between the performance information and data in the storage unit,
The first distributed processing unit of the first terminal divides the transmission data into a plurality of pieces according to the performance information of the second terminal listed in the terminal list and the division relationship defined in the performance-specific list. 6. The information communication system according to claim 4 or 5, wherein The first distributed processing unit of the first terminal further includes means for creating a decoding order list that defines an order for restoring a plurality of divided data, and the transmitting means stores the decoding order list in the order. To the second terminal,
7. The information communication system according to claim 4, wherein the second distributed processing unit of the second terminal restores the received divided data with reference to the decoding order list. In an information communication system that includes a plurality of terminals and a server connected via a network and performs information communication between a first terminal and a second terminal,
The first terminal is
A first distributed processing unit that divides the transmission data into a plurality of pieces according to a division method that variably controls the data division method according to the performance and / or time of the second terminal serving as a communication partner;
Transmission means for sending the divided data to a network,
The second terminal is
Receiving means for receiving a plurality of divided data transmitted from the first terminal;
An information communication system comprising: a second distributed processing unit that restores a plurality of pieces of data received by the receiving unit to the original transmission data according to the determined division method. The performance indicates at least one of a CPU processing speed, a memory capacity, and a communication line speed of the second terminal,
9. The information communication system according to claim 4, wherein the first distributed processing unit divides the transmission data by increasing the number of transmission data divisions as the performance decreases. In an information communication system that includes a plurality of terminals and servers connected via a network and transmits data from a first terminal to a second terminal,
The first terminal is
Means for confirming information of the second terminal as a communication partner, data to be transmitted is divided into a plurality of n, and m pieces of dummy data (m is an integer of at least 0) are generated, and (n + m) A first distributed processing unit for creating a piece of transmission data, and a transmission means for sending the created transmission data to a network,
The second terminal is
Receiving means for receiving a plurality of (n + m) divided data transmitted from the first terminal; discarding m dummy data from the plurality of data received from the receiving means; An information communication system comprising: a second distributed processing unit that restores original transmission data by restoring. 11. The information communication system according to claim 10, wherein the first distributed processing unit variably controls the number n of data to be divided and the number m of dummy data. 11. The first distributed processing unit variably controls the number n of divided data according to the performance of the second terminal, and variably controls the number m of dummy data by a random number. Or 11 information communication systems. The first distributed processing unit further includes means for creating a decoding order list that defines an order for restoring a plurality of data (n + m), and the transmitting means transmits the decoding order list to the second terminal. And
13. The information communication system according to claim 10, wherein the second distributed processing unit restores received data (n + m) with reference to the decoding order list. The server logs information on the decoding order list transmitted from the first terminal to the second terminal and / or information indicating a data restoration result in the second distributed processing unit of the second terminal The information communication system according to claim 10, wherein the information communication system is stored in a storage device. In an information communication system that includes a plurality of terminals and a server connected via a network and performs information communication between a first terminal and a second terminal,
The server
A storage means for holding a terminal list indicating information related to a communication target terminal, a terminal address of a communication partner transmitted from the first terminal, a key for restoring transmission data, generating a key, and information on the key A distributed processing unit that transmits the divided first divided decoding key to the first terminal and transmits the second divided decoding key to the second terminal serving as a communication partner; A log processing unit that holds information communicated between the first terminal and the second terminal as a history,
The first terminal is
A storage means for holding a terminal list indicating a communication partner acquired from the server, a first divided decoding key transmitted from the server, and a second divided decoding key transmitted from the second terminal. A decoding key restoring means for restoring the decoding key of the transmission method, a distribution method processing unit that determines a transmission data division method with reference to the terminal list, and a transmission data is divided into a plurality of pieces according to a processing result of the distribution method processing unit A distribution processing unit that determines the order in which the transmission data divided into a plurality of parts is restored, and a transmission unit that transmits the transmission data divided into a plurality of parts and an order list indicating the order of restoration, and
The second terminal is
Receiving means for receiving transmission data divided into a plurality of parts and an order list indicating the order of restoration; storage means for retaining the obtained order list; second split decoding key transmitted from the server; and According to a decoding key restoration unit that restores the original decoding key from the first divided decoding key transmitted from the first terminal, and a restoration key restored by the decoding key restoration unit, according to the order shown in the order list, A distributed processing unit for restoring received data;
An information communication system comprising: The 1st or 2nd terminal used in the information communication system in any one of Claims 1 thru | or 15. A server used in the information communication system according to claim 1. In an information communication system including a plurality of terminals and servers connected via a network, a data communication method for transmitting data from a first terminal to a second terminal,
A first distributed processing step in which the first terminal divides data into a plurality according to a division method that variably controls a data division method according to a state of the second terminal serving as a communication partner;
A transmission step of transmitting the divided data to the second terminal via a network;
The second terminal receives a plurality of divided data transmitted from the first terminal; and
Restoring the received data divided into a plurality of parts to restore the original data;
A data communication method characterized by comprising: The server includes a step of storing a list indicating performance information of a terminal capable of data communication in a storage unit, and a step of transmitting the list to the first terminal having a request to acquire the list. ,
The data communication method according to claim 18, wherein the first terminal divides data into a number corresponding to the performance of the second terminal by referring to the list. Each time the server transmits data between the first terminal and the second terminal,
A key for restoring transmission data is generated, the key information is divided into a plurality of decoding keys, the divided first divided decoding key is transferred to the first terminal, and the second divided decoding key is Transferring to a second terminal as a communication partner,
The first terminal restores the original decoding key from the first divided decoding key transmitted from the server and the second divided decoding key transmitted from the second terminal;
A step of dividing the data into a plurality of pieces according to a predetermined dividing method when the original key is restored, and encrypting the divided pieces of data with the restoration key;
The second terminal restores the original decoding key from the second divided decoding key transmitted from the server and the first divided decoding key transmitted from the first terminal;
When the original decoding key is restored, using the restored decoding key, a step of decoding a plurality of divided data received from the receiving means and restoring the original data from the plurality of data is provided. 20. A data communication method according to claim 18 or 19, characterized in that: The first terminal divides the data to be transmitted into a plurality of n, generates m (m is an integer of at least 0) dummy data, and creates (n + m) transmission data. Transmitting the transmitted data to the second terminal via a network,
The second terminal receives a plurality (n + m) of data transmitted from the first terminal, discards m dummy data from the received plurality of data, restores n data, and restores the original data 21. The data communication method according to claim 18, wherein the transmission data is restored. In a data communication method including a plurality of terminals and a server connected via a network and transmitting data from a first terminal to a second terminal,
When a data transmission request occurs in the first terminal, the data division method is variably controlled in accordance with the status information of the second terminal that is the communication partner acquired from the communication management server, and the data is divided into a plurality of pieces. The divided data is transmitted to the second terminal via the communication management server, and the original decoding key is restored from the decoding key generated by the communication management server and divided into a plurality of pieces at the second terminal. A first electronic tally communication mode for restoring a plurality of the received divided data,
When a data transmission request is generated at the first terminal, the data division method is variably controlled according to the state of the second terminal to be a communication partner to divide the data into a plurality of data, and the divided data is transmitted to the communication terminal. When the original decoding key is restored from the decoding key generated by itself and divided into a plurality of pieces, the plurality of pieces of the divided data received are transmitted to the second terminal without going through the management server. A second electronic tally communication mode for restoring
A data communication method characterized by comprising: In a data communication system including a plurality of terminals and a server connected via a network and transmitting data from a first terminal to a second terminal,
Each time the server transmits data between the first terminal and the second terminal,
A key for restoring transmission data is generated, the key information is divided into a plurality of decoding keys, the divided first divided decoding key is transferred to the first terminal, and the second divided decoding key is A server distributed processing unit for transferring to a second terminal as a communication partner,
The first terminal is
When the original decoding key is restored from the first divided decoding key transmitted from the server and the second divided decoding key transmitted from the second terminal, the transmission data can be determined according to a predetermined rule. A first distributed processing unit that divides the data into a plurality of pieces and encrypts the divided pieces of data with the restoration key, and communicates with the second terminal through the server or without passing through the server. Transmission means for selecting whether to communicate with the terminal and sending the divided data to the network,
The second terminal is
Receiving means for receiving a plurality of divided data transmitted from the first terminal;
The original decoding key is restored from the second division decoding key transmitted from the server and the first division decoding key transmitted from the first terminal, and the reception is performed using the restored decoding key. A second distributed processing unit that decodes the plurality of divided data received from the means and restores the original transmission data from the plurality of data, generates a key for restoring the transmission data, and stores a plurality of information on the key And a third distributed processing unit that transfers the divided third divided decoding key to the first terminal and holds the fourth divided decoding key in the second terminal. And the third distributed processing unit uses the decoding key restored from the third division decoding key and the fourth division decoding key, and is data transmitted from the first terminal, Decrypt the data received through the receiving means without passing through the server, An information communication system, wherein the data is restored to the data. 23. A program for executing the method according to claim 18 on a PC of a server or a terminal.

Images