Information management system having a common management server for establishing secure communication among groups formed out of a plurality of terminals
First Claim
1. An information management system comprising:
- a terminal apparatus; and
an information management server configured to permit a predetermined number of terminal apparatuses to receive content therefrom and configured to manage a plurality of terminal apparatuses permitted to receive the content, the terminal apparatuses permitted to receive the content being managed as a group of terminal apparatuses associated with the information management server,wherein the information management server includes;
a management information storage unit configured to store a list indicating terminal information identifying a registered terminal apparatus, the information management server permitting the registered terminal apparatus to receive the content from the information management server;
a judging unit configured to judge whether or not a number of registered terminal apparatuses, concurrently permitted by the information management server to receive the content from the information management server, exceeds the predetermined number of terminal apparatuses, the judging unit performing the judgment when the information management server receives, from the terminal apparatus of the information management system, a request for registration that identifies the registered terminal apparatus identified in the list stored in the management information storage unit; and
a first secure communication unit configured to establish a secure communication channel with the terminal apparatus of the information management system and configured to transmit, to the terminal apparatus of the information management system via the secure communication channel, group information identifying the group of terminal apparatuses associated with the information management server, the first secure communication unit performing the establishing and the transmitting when the judging unit judges that the number of registered terminal apparatuses currently permitted by the information management server to receive the content from the information management server does not exceed the predetermined number of terminal apparatuses,wherein the terminal apparatus of the information management system includes a tamper-resistant module, andwherein the tamper-resistant module includes;
a data storage unit configured to securely store the group information transmitted from the first secure communication unit; and
a second secure communication unit configured to, when the terminal apparatus of the information management system leaves the group of terminal apparatuses associated with the information management server, establish a secure communication channel with the first secure communication unit and transmit, to the information management server via the secure communication channel established between the first secure communication unit and the second secure communication unit by the second secure communication unit, a request for deleting the terminal information identifying the registered terminal apparatus, which left the group of terminal apparatuses, from the list stored in the management information storage unit.
6 Assignments
0 Petitions
Accused Products
Abstract
A group management server in a group information management system includes: a group member terminal list storage unit for storing a group member terminal list; and a secure communication unit for establishing a secure communication channel with a plurality of terminal apparatuses and communicating with each of the terminal apparatuses via the communication channel. Each terminal apparatus includes a tamper-resistant module. The tamper-resistant module includes: a group information storage unit for storing group information securely; a deletion unit for securely executing deletion, which is processing that affects the group member terminal list, of the group information stored in the group information storage unit; and a secure communication unit for establishing a secure communication channel with the secure communication unit and transmitting a complete deletion notification message via the communication channel.
-
Citations
19 Claims
-
1. An information management system comprising:
-
a terminal apparatus; and an information management server configured to permit a predetermined number of terminal apparatuses to receive content therefrom and configured to manage a plurality of terminal apparatuses permitted to receive the content, the terminal apparatuses permitted to receive the content being managed as a group of terminal apparatuses associated with the information management server, wherein the information management server includes; a management information storage unit configured to store a list indicating terminal information identifying a registered terminal apparatus, the information management server permitting the registered terminal apparatus to receive the content from the information management server; a judging unit configured to judge whether or not a number of registered terminal apparatuses, concurrently permitted by the information management server to receive the content from the information management server, exceeds the predetermined number of terminal apparatuses, the judging unit performing the judgment when the information management server receives, from the terminal apparatus of the information management system, a request for registration that identifies the registered terminal apparatus identified in the list stored in the management information storage unit; and a first secure communication unit configured to establish a secure communication channel with the terminal apparatus of the information management system and configured to transmit, to the terminal apparatus of the information management system via the secure communication channel, group information identifying the group of terminal apparatuses associated with the information management server, the first secure communication unit performing the establishing and the transmitting when the judging unit judges that the number of registered terminal apparatuses currently permitted by the information management server to receive the content from the information management server does not exceed the predetermined number of terminal apparatuses, wherein the terminal apparatus of the information management system includes a tamper-resistant module, and wherein the tamper-resistant module includes; a data storage unit configured to securely store the group information transmitted from the first secure communication unit; and a second secure communication unit configured to, when the terminal apparatus of the information management system leaves the group of terminal apparatuses associated with the information management server, establish a secure communication channel with the first secure communication unit and transmit, to the information management server via the secure communication channel established between the first secure communication unit and the second secure communication unit by the second secure communication unit, a request for deleting the terminal information identifying the registered terminal apparatus, which left the group of terminal apparatuses, from the list stored in the management information storage unit.
-
-
2. An information management system comprising:
-
a plurality of terminal apparatuses for storing data; and an information management server for managing management information concerning the data, the information management server being connected to the plurality of terminal apparatuses via a network, wherein the information management server includes; a management information storage unit operable to store the management information; and a first secure communication unit operable to establish a secure communication channel with each terminal apparatus and operable to communicate with each terminal apparatus via a respective secure communication channel, wherein each terminal apparatus includes a respective tamper-resistant module, wherein each respective tamper-resistant module includes; a data storage unit operable to securely store the data; an execution unit operable to securely execute processing affecting the management information concerning the data securely stored in the data storage unit; and a second secure communication unit operable to establish a secure communication channel with the first secure communication unit and operable to transmit a completion notification via the secure communication channel established by the second secure communication unit, the completion notification indicating that the processing affecting the management information has been executed, wherein the data is group information used for determining whether or not a terminal apparatus belongs to a group formed by terminal apparatuses, wherein the management information is a terminal list of not more than a predetermined number of terminal apparatuses which belong to the group, wherein the processing affecting the management information is deletion of the group information, wherein the information management server further includes an updating unit operable to delete a terminal apparatus, which has transmitted the completion notification, from the terminal list stored in the management information storage unit, the terminal apparatus being deleted from the terminal list upon the information management server receiving the completion notification via the first secure communication unit of the terminal apparatus being deleted from the terminal list, wherein the information management server further includes; a common management server; a plurality of individual management servers; and a terminal list management apparatus, wherein each terminal apparatus further includes a respective first communication unit operable to communicate with the common management server, wherein the common management server includes a second communication unit operable to notify a terminal apparatus which has transmitted an advance notification of a destination address of an individual management server to which the completion notification should be transmitted, the advance notification indicating that the group information is about to be deleted, wherein each individual management server includes; the first secure communication unit; a first temporary deletion flag list storage unit operable to store a temporary deletion flag list associated with the terminal list, the temporary deletion flag list being a list of one or more first temporary deletion flags indicating whether or not the completion notification has been received; and a first temporary deletion flag setting unit operable to set a first temporary deletion flag that corresponds to the terminal apparatus, which transmitted the completion notification, the first temporary deletion flag being set by the first temporary deletion flag setting unit upon receipt of the completion notification via the first secure communication unit, wherein the terminal list management apparatus further includes; the management information storage unit; the updating unit; and a flag confirmation unit operable to confirm at an arbitrary timing whether or not a predetermined first temporary deletion flag included in the first temporary deletion flag list has been set, and wherein the updating unit deletes, from the terminal list, the terminal apparatus that corresponds to the first temporary deletion flag, the terminal apparatus being deleted from the terminal list based on the confirmation by the flag confirmation unit that the predetermined first temporary deletion flag has been set. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An information management system comprising:
-
a plurality of terminal apparatuses for storing data; and an information management server for managing management information concerning the data, the information management server being connected to the plurality of terminal apparatuses via a network, wherein the information management server includes; a management information storage unit operable to store the management information; and a first secure communication unit operable to establish a secure communication channel with each terminal apparatus and operable to communicate with each terminal apparatus via a respective secure communication channel, wherein each terminal apparatus includes a respective tamper-resistant module, wherein each respective tamper-resistant module includes; a data storage unit operable to securely store the data; an execution unit operable to securely execute processing affecting the management information concerning the data securely stored in the data storage unit; and a second secure communication unit operable to establish a secure communication channel with the first secure communication unit and operable to transmit a completion notification via the secure communication channel established by the second secure communication unit, the completion notification indicating that the processing affecting the management information has been executed, wherein the data is group information used for determining whether or not a terminal apparatus belongs to a group formed by terminal apparatuses, wherein the management information is a terminal list of not more than a predetermined number of terminal apparatuses which belong to the group, wherein the processing affecting the management information is moving the group information between the terminal apparatuses, wherein the information management server further includes an updating unit operable to delete a terminal apparatus, which has transmitted the completion notification, from the terminal list stored in the management information storage unit, the terminal apparatus being deleted from the terminal list upon the information management server receiving the completion notification via the first secure communication unit of the terminal apparatus being deleted from the terminal list, wherein the information management server further includes; a common management server; a plurality of individual management servers; and a terminal list management apparatus, wherein each terminal apparatus further includes a respective first communication unit operable to communicate with the common management server, wherein the common management server includes a second communication unit operable to notify a terminal apparatus which has transmitted an advance notification of a destination address of an individual management server to which the completion notification should be transmitted, the advance notification indicating that the group information is about to be deleted, wherein each individual management server includes; the first secure communication unit; a first temporary deletion flag list storage unit operable to store a temporary deletion flag list associated with the terminal list, the temporary deletion flag list being a list of one or more first temporary deletion flags indicating whether or not the completion notification has been received; and a first temporary deletion flag setting unit operable to set a first temporary deletion flag that corresponds to the terminal apparatus, which transmitted the completion notification, the first temporary deletion flag being set by the first temporary deletion flag setting unit upon receipt of the completion notification via the first secure communication unit, wherein the terminal list management apparatus further includes; the management information storage unit; the updating unit; and a flag confirmation unit operable to confirm at an arbitrary timing whether or not a predetermined first temporary deletion flag included in the first temporary deletion flag list has been set, and wherein the updating unit deletes, from the terminal list, the terminal apparatus that corresponds to the first temporary deletion flag, the terminal apparatus being deleted from the terminal list based on the confirmation by the flag confirmation unit that the predetermined first temporary deletion flag has been set.
-
-
14. An information management system comprising:
-
a plurality of terminal apparatuses for storing data; and an information management server for managing management information concerning the data, the information management server being connected to the plurality of terminal apparatuses via a network, wherein the information management server includes; a management information storage unit operable to store the management information; and a first secure communication unit operable to establish a secure communication channel with each terminal apparatus and operable to communicate with each terminal apparatus via a respective secure communication channel, wherein each terminal apparatus includes a respective tamper-resistant module, wherein each respective tamper-resistant module includes; a data storage unit operable to securely store the data; an execution unit operable to securely execute processing affecting the management information concerning the data securely stored in the data storage unit; and a second secure communication unit operable to establish a secure communication channel with the first secure communication unit and operable to transmit a completion notification via the secure communication channel established by the second secure communication unit, the completion notification indicating that the processing affecting the management information has been executed, wherein the data is group information used for determining whether or not a terminal apparatus belongs to a group formed by terminal apparatuses, wherein the management information is a terminal list of not more than a predetermined number of terminal apparatuses which belong to the group, wherein the data is a license of a digital work, wherein the management information is a historical log of the license, wherein the processing affecting the management information is a use of the license, wherein the information management server further includes an updating unit operable to delete a terminal apparatus, which has transmitted the completion notification, from the terminal list stored in the management information storage unit, the terminal apparatus being deleted from the terminal list upon the information management server receiving the completion notification via the first secure communication unit of the terminal apparatus being deleted from the terminal list, wherein the information management server further includes; a common management server; a plurality of individual management servers; and a terminal list management apparatus wherein each terminal apparatus further includes a respective first communication unit operable to communicate with the common management server, wherein the common management server includes a second communication unit operable to notify a terminal apparatus which has transmitted an advance notification of a destination address of an individual management server to which the completion notification should be transmitted, the advance notification indicating that the group information is about to be deleted, wherein each individual management server includes; the first secure communication unit; a first temporary deletion flag list storage unit operable to store a temporary deletion flag list associated with the terminal list, the temporary deletion flag list being a list of one or more first temporary deletion flags indicating whether or not the completion notification has been received; and a first temporary deletion flag setting unit operable to set a first temporary deletion flag that corresponds to the terminal apparatus, which transmitted the completion notification, the first temporary deletion flag being set by the first temporary deletion flag setting unit upon receipt of the completion notification via the first secure communication unit, wherein the terminal list management apparatus further includes; the management information storage unit; the updating unit; and a flag confirmation unit operable to confirm at an arbitrary timing whether or not a predetermined first temporary deletion flag included in the first temporary deletion flag list has been set, and wherein the updating unit deletes, from the terminal list, the terminal apparatus that corresponds to the first temporary deletion flag, the terminal apparatus being deleted from the terminal list based on the confirmation by the flag confirmation unit that the predetermined first temporary deletion flag has been set.
-
-
15. An information management system comprising:
-
a plurality of terminal apparatuses for storing data; and an information management server for managing management information concerning the data, the information management server being connected to the plurality of terminal apparatuses via a network, wherein the information management server includes; a management information storage unit operable to store the management information; and a first secure communication unit operable to establish a secure communication channel with each terminal apparatus and operable to communicate with each terminal apparatus via a respective secure communication channel, wherein each terminal apparatus includes a respective tamper-resistant module, wherein each respective tamper-resistant module includes; a data storage unit operable to securely store the data; an execution unit operable to securely execute processing affecting the management information concerning the data securely stored in the data storage unit; and a second secure communication unit operable to establish a secure communication channel with the first secure communication unit and operable to transmit a completion notification via the secure communication channel established by the second secure communication unit, the completion notification indicating that the processing affecting the management information has been executed, wherein the data is group information used for determining whether or not a terminal apparatus belongs to a group formed by terminal apparatuses, wherein the management information is a terminal list of not more than a predetermined number of terminal apparatuses which belong to the group, wherein the data is a license of a digital work, wherein the management information is the number of licenses that each terminal apparatus can hold, wherein the processing affecting the management information is deletion of the license, wherein the information management server further includes an updating unit operable to delete a terminal apparatus, which has transmitted the completion notification, from the terminal list stored in the management information storage unit, the terminal apparatus being deleted from the terminal list upon the information management server receiving the completion notification via the first secure communication unit of the terminal apparatus being deleted from the terminal list, wherein the information management server further includes; a common management server; a plurality of individual management servers; and a terminal list management apparatus, wherein each terminal apparatus further includes a respective first communication unit operable to communicate with the common management server, wherein the common management server includes a second communication unit operable to notify a terminal apparatus which has transmitted an advance notification of a destination address of an individual management server to which the completion notification should be transmitted, the advance notification indicating that the group information is about to be deleted, wherein each individual management server includes; the first secure communication unit; a first temporary deletion flag list storage unit operable to store a temporary deletion flag list associated with the terminal list, the temporary deletion flag list being a list of one or more first temporary deletion flags indicating whether or not the completion notification has been received; and a first temporary deletion flag setting unit operable to set a first temporary deletion flag that corresponds to the terminal apparatus, which transmitted the completion notification, the first temporary deletion flag being set by the first temporary deletion flag setting unit upon receipt of the completion notification via the first secure communication unit, wherein the terminal list management apparatus further includes; the management information storage unit; the updating unit; and a flag confirmation unit operable to confirm at an arbitrary timing whether or not a predetermined first temporary deletion flag included in the first temporary deletion flag list has been set, and wherein the updating unit deletes, from the terminal list, the terminal apparatus that corresponds to the first temporary deletion flag, the terminal apparatus being deleted from the terminal list based on the confirmation by the flag confirmation unit that the predetermined first temporary deletion flag has been set.
-
-
16. An information management system comprising:
-
a plurality of terminal apparatuses for storing data; and an information management server for managing management information concerning the data, the information management server being connected to the plurality of terminal apparatuses via a network, wherein the information management server includes; a management information storage unit operable to store the management information; and a first secure communication unit operable to establish a secure communication channel with each terminal apparatus and operable to communicate with each terminal apparatus via a respective secure communication channel, wherein each terminal apparatus includes a respective tamper-resistant module, wherein each respective tamper-resistant module includes; a data storage unit operable to securely store the data; an execution unit operable to securely execute processing affecting the management information concerning the data securely stored in the data storage unit; and a second secure communication unit operable to establish a secure communication channel with the first secure communication unit and operable to transmit a completion notification via the secure communication channel established by the second secure communication unit, the completion notification indicating that the processing affecting the management information has been executed, wherein the data is group information used for determining whether or not a terminal apparatus belongs to a group formed by terminal apparatuses, wherein the management information is a terminal list of not more than a predetermined number of terminal apparatuses which belong to the group, wherein the data is a digital work, wherein the management information is a limited number of distributions of the digital work, wherein the processing affecting the management information is moving of the license, wherein the information management server further includes an updating unit operable to delete a terminal apparatus, which has transmitted the completion notification, from the terminal list stored in the management information storage unit, the terminal apparatus being deleted from the terminal list upon the information management server receiving the completion notification via the first secure communication unit of the terminal apparatus being deleted from the terminal list, wherein the information management server further includes; a common management server; a plurality of individual management servers; and a terminal list management apparatus, wherein each terminal apparatus further includes a respective first communication unit operable to communicate with the common management server, wherein the common management server includes a second communication unit operable to notify a terminal apparatus which has transmitted an advance notification of a destination address of an individual management server to which the completion notification should be transmitted, the advance notification indicating that the group information is about to be deleted, wherein each individual management server includes; the first secure communication unit; a first temporary deletion flag list storage unit operable to store a temporary deletion flag list associated with the terminal list, the temporary deletion flag list being a list of one or more first temporary deletion flags indicating whether or not the completion notification has been received; and a first temporary deletion flag setting unit operable to set a first temporary deletion flag that corresponds to the terminal apparatus, which transmitted the completion notification, the first temporary deletion flag being set by the first temporary deletion flag setting unit upon receipt of the completion notification via the first secure communication unit, wherein the terminal list management apparatus further includes; the management information storage unit; the updating unit; and a flag confirmation unit operable to confirm at an arbitrary timing whether or not a predetermined first temporary deletion flag included in the first temporary deletion flag list has been set, and wherein the updating unit deletes, from the terminal list, the terminal apparatus that corresponds to the first temporary deletion flag, the terminal apparatus being deleted from the terminal list based on the confirmation by the flag confirmation unit that the predetermined first temporary deletion flag has been set.
-
-
17. An information management method of using an information management system, the information management system including a terminal apparatus and an information management server, the information management server permitting a predetermined number of terminal apparatuses to receive content therefrom and managing a plurality of terminal apparatuses permitted to receive the content, the terminal apparatuses permitted to receive the content being managed as a group of terminal apparatuses associated with the information management server, the information management method comprising:
-
storing a list in the information management server, the list indicating terminal information identifying a registered terminal apparatus, the information management server permitting the registered terminal apparatus to receive the content from the information management server; judging, via the information management server, whether or not a number of registered terminal apparatuses, concurrently permitted by the information management server to receive the content from the information management server, exceeds the predetermined number of terminal apparatuses, said judging being performed when the information management server receives, from the terminal apparatus of the information management system, a request for registration that identifies the registered terminal apparatus identified in the list stored in the information management server; establishing, via the information management server, a secure communication channel with the terminal apparatus of the information management system; transmitting, to the terminal apparatus of the information management system via the secure communication channel, group information identifying the group of terminal apparatuses associated with the information management server, the transmitting being performed by the information management server when said judging judges that the number of registered terminal apparatuses currently permitted by the information management server to receive the content from the information management server does not exceed the predetermined number of terminal apparatuses; securely storing, in the terminal apparatus of the information management system, the group information transmitted from the information management server; establishing, via the terminal apparatus of the information management system, a secure communication channel with the information management server when the terminal apparatus of the information management system leaves the group of terminal apparatuses associated with the information management server; and transmitting, from the terminal apparatus of the information management system to the information management server, via the secure communication channel established by said establishing via the terminal apparatus, a request for deleting the terminal information identifying the registered terminal apparatus, which left the group of terminal apparatuses, from the list stored in the information management server.
-
-
18. A terminal apparatus for storing data, the terminal apparatus being connected via a network to an information management server, the information management server permitting a predetermined number of terminal apparatuses to receive content therefrom and managing a plurality of terminal apparatuses permitted to receive the content, the terminal apparatuses permitted to receive the content being managed as a group of terminal apparatuses associated with the information management server, the information management server storing a list indicating terminal information identifying a registered terminal apparatus, the information management server permitting the registered terminal apparatus to receive the content from the information management server, the information management server judging whether or not a number of registered terminal apparatuses, concurrently permitted by the information management server to receive the content from the information management server, exceeds the predetermined number of terminal apparatuses, the judging being performed when the information management server receives, from the terminal apparatus, a request for registration that identifies the registered terminal apparatus identified in the list stored in the information management server, the information management server establishing a secure communication channel with the terminal apparatus and transmitting, to the terminal apparatus via the secure communication channel, group information identifying the group of terminal apparatuses associated with the information management server, the establishing and transmitting being performed when the information management server judges that the number of registered terminal apparatuses, currently permitted by the information management server to receive the content from the information management server, does not exceed the predetermined number of terminal apparatuses, the terminal apparatus comprising a tamper-resistant module,
wherein the tamper-resistant module includes: -
a data storage unit configured to securely store the group information transmitted from the information management server; and a second secure communication unit configured to, when the terminal apparatus leaves the group of terminal apparatuses associated with the information management server, establish a secure communication channel with the information management server and transmit, to the information management server via the secure communication channel established by the second secure communication unit, a request for deleting the terminal information identifying the registered terminal apparatus, which left the group of terminal apparatuses, from the list stored in the information management server.
-
-
19. An information management server for permitting a predetermined number of terminal apparatuses to receive content therefrom and for managing a plurality of terminal apparatuses permitted to receive the content, the terminal apparatuses permitted to receive the content being managed as a group of terminal apparatuses associated with the information management server, the information management server comprising:
-
a management information storage unit configured to store a list indicating terminal information identifying a registered terminal apparatus, the information management server permitting the registered terminal apparatus to receive the content from the information management server; a judging unit configured to judge whether or not a number of registered terminal apparatuses, concurrently permitted by the information management server to receive the content from the information management server, exceeds the predetermined number of terminal apparatuses, the judging unit performing the judgment when the information management server receives, from one terminal apparatus, a request for registration that identifies the registered terminal apparatus identified in the list stored in the management information storage unit; and a first secure communication unit configured to establish a secure communication channel with the one terminal apparatus and configured to transmit, to the one terminal apparatus via the secure communication channel, group information identifying the group of terminal apparatuses associated with the information management server, the first secure communication unit performing the establishing and transmitting when the judging unit judges that the number of registered terminal apparatuses currently permitted by the information management server to receive the content from the information management server does not exceed the predetermined number of terminal apparatuses, wherein the one terminal apparatus includes a tamper-resistant module, and wherein the tamper-resistant module includes; a data storage unit configured to securely store the group information transmitted from the information management server; and a second secure communication unit configured to, when the terminal apparatus of the information management system leaves the group of terminal apparatuses associated with the information management server, establish a secure communication channel with the first secure communication unit and transmit, to the information management server via the secure communication channel established between the first secure communication unit and the second secure communication unit by the second secure communication unit, a request for deleting the terminal information identifying the registered terminal apparatus, which left the group of terminal apparatuses, from the list stored in the management information storage unit.
-
Specification