JP2000057112A - Method for executing remote procedure call on network, and network system capable of executing remote procedure call - Google Patents

Abstract

PROBLEM TO BE SOLVED: To obtain a system in which excellent remote procedure call for a client to request a service to a server is performed by allowing a relay and audit server to check that a received 1st response message is a proper message and to transmit a 2nd response message to the client. SOLUTION: A response message generating part performs a signature on a document by using a secret key of a public key cryptograph system belonging to a server and generates a service response message. The service response message is transmitted to a transmitting and receiving part 230 of a relay and audit server. The transmitting and receiving part 230 of the relay and audit server transfers the received service response message to a response message analyzing part 250. The response message analyzing part 250 inspects each signature included in an audit certificate using each public key. And, when a document is authenticated as a correct one, the document is transmitted to a client through the transmitting and receiving part 230.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a remote procedure / method invocation method for a client to request a service from a server in a distributed environment network system comprising one or more servers and one or more clients. In particular, the present invention relates to a remote procedure call / method system in which a service request reaches a server via at least one relay / audit server.

More specifically, the present invention relates to a distributed network environment in which a service requested by a client is provided by the cooperative operation of a plurality of servers.
The present invention relates to a method for guaranteeing the performance of a service requested remotely, and in particular, intervening a relay / audit server on a network to authenticate the source of a service request,
The present invention relates to a remote procedure call / method that can guarantee the quality of a service provided from a server.

[0003]

2. Description of the Related Art Recent developments in the field of information processing and information communication have been remarkable. In this type of technical field, research and development for interconnecting computer systems have been more active than before. The main purpose of interconnecting the systems is to share computer resources by a plurality of users and to share and distribute information.

As a transmission medium for connecting the systems, that is, a “network”, a LAN (Local A) installed in a limited space such as a campus of a university or a business office is used.
area network) and a WAN (Wide Area Network) with a LAN connected by a dedicated line.
Public telephone line (PSTN), ISDN (Integ
rated Service Digital Net
work) and the Internet.

[0005] The LAN is generally constructed as a client-server type in which a specific computer on the network is used as a server (file server, print server) and used by other clients. In such a client-server model, a mechanism of entrusting execution of some procedures of a program to another computer on a network, that is, "Remote Procedure Call (RPC)"
Call) ”or“ Remote Method Call (RM
I: Remote Method Invocatio
n) "is used. The result of the execution of the remote procedure is returned to the calling computer as a return value. You can also use your computer's keyboard or file to perform input to the program or output to the same computer's display or file.

[0006] The mechanism of remote procedure or remote method call is not limited to the LAN world, and can be used on a wide area network such as the Internet. Various protocols available on the Internet, for example, HTTP (Hyper Text Tra)
nsfer Protocol), HTTPS, SH
TTP (secure HTTP), FTP (File
Transfer Protocol), CORBA
(Common ORB Architecture
e), IIOP (Internet Inter-OR)
B Protocol, JavaRMI (Remot
e Method Invocation) is also realized as a remote procedure / remote method call. A typical client / server model of the Internet is a WWW (World Wide Web) server and a W
It is composed of a WW browser (well-known).

[0007] A WWW server usually has a large number of services.
Objects are stored, and services are provided via the Internet in response to service requests from WWW clients. An example of a service object is an HTML (Hy) for forming a home page on a display of a WWW client (browser).
per Text Markup Language)
File. The location of each service object possessed by the WWW server is determined by a URL (Uniform Reso).
source Locator). U
The RL is described in a format that specifies a means for accessing various information resources on the Internet (that is, a communication protocol) and the name of the resource, that is, "protocol name /// server name (/ directory name ...) / file name". Is done.

[0008] The browser as a WWW client,
A service request message in a format based on the URL is transmitted to the WWW server. On the other hand, the WWW server
Interpret the service request message and provide the requested service. However, the server does not always execute the requested service by itself, and may entrust the provision of a part of the service to another server. One of the methods in which a server requests another server to provide a service is CG
I (Common Gateway Interface)
e) (CGI itself is a standard convention, so if you comply with this convention, Visual
CGI programs can be created in various languages such as Basic, C, Delphi, Perl, etc.).

For example, when a WWW client inputs a search item on a browser screen, the WWW server may request another database server to execute a search and transmit a search result. In this case, the database server provides a part of the requested service in cooperation with the WWW server by a mechanism such as CGI. The database server generates the contents of the corresponding column in the table indicating the search result, and the WWW server generates the rest of the table (see FIG. 6).

[0010] A server (tentatively referred to as a "parent server") that first receives a service request from a client entrusts the generation of a part of the contents in the homepage to another server (tentatively referred to as a "child server"). . Then, the parent server generates a home page from the content generated by itself and the content returned from the child server, and returns the home page to the client. Further, the child server may entrust the provision of a part of the service to its own child server ("grandchild server").

The parent-child relationship of a plurality of servers providing a service forms a kind of tree structure. FIG. 7 schematically shows this. In the figure, server B is a parent server that first receives a service request (URL) from a client, and servers A and C are child servers of server B. Further, the server D requested to provide some services from the server C is a grandchild server of the server B.

Conventionally, in most cases, servers that execute services requested by clients, that is, servers that constitute a tree structure, all belong to a single or similar organization, and their interests are substantially the same. (For example, in FIG. 6, the database server belongs to the same “organization 1” as the WWW server.) The service requested by the client is physically provided by the cooperative operation of a plurality of servers. However, from the viewpoint of the client, there is no need to be aware of such a tree structure, which is practically one.
I could think that one server would provide the service responsibly. In other words, it was sufficient for the client to trust the server that requested the service.

However, as the world of computer networking evolves further, the relationships between the machines that make up the network also become highly complicated. For example, a tree structure of servers for providing a specific service may be composed of a set of servers over different organizations. For example, in FIG. 7, the server B and the database server belong to “organization 1”, the child server A belongs to “organization 2”, and the child server C and grandchild server D belong to “organization 3”. It is also expected that parent server B and child server C belong to different organizations and their interests do not completely match.

If a client obtains an account with server B for a fee, the client will trust server B in its entirety, and server B will provide a service commensurate with the received account fee. We will do our best and will not dare to distrust. However, the server C of another organization has no obligation or reason to the client, or has a possibility of having a bad intention to the client and refusing to provide a legitimate service or performing an unjust service. is there. If server B returns unjustified service from child server C to the client, the client may suffer a great blow or be destroyed. In the current network environment, there is no mechanism to guarantee the service returned to the client.

In the case where the child server C belongs to an organization different from the parent server B, a kind of contract relationship is established such that the server B pays the server C for providing the service. There is also. The amount of this consideration may be determined on a pay-per-use basis, that is, according to the number of service requests from clients. In such a case, the server C can devour a dummy service request to the server B frequently, thereby devouring the value, that is, the profit (see FIG. 8). A dummy service request is easily issued by a fraudulent client impersonating a general user. Server B in the current network environment
However, there is no mechanism such as the server C or the dummy client to control fraudulent activities.

[0016]

SUMMARY OF THE INVENTION It is an object of the present invention to provide an improved remote procedure for a client to request a service from a server in a distributed network system comprising one or more servers and one or more clients. It is to provide a method for making a call.

It is a further object of the present invention to provide an excellent remote procedure invocation scheme of the type in which service requests reach the server via at least one relay / audit server.

A further object of the present invention is to provide an excellent service for guaranteeing legitimate performance of a service in a distributed network environment in which a service requested by a client is provided by a cooperative operation of a plurality of servers. It is to provide a system which has been developed.

A further object of the present invention is to provide a relay / audit server on a network so that the source of a service request can be authenticated and the quality of service provided from the server can be guaranteed. An object of the present invention is to provide an excellent remote procedure calling method.

[0020]

SUMMARY OF THE INVENTION The present invention has been made in consideration of the above problems, and has a first aspect in which one or more clients requesting a service and one or more servers having a service object are provided. Performing a remote procedure call over a network comprising: (a) a relay / audit server receiving a first request message from a client;
(B) the relay / audit server transmitting a second request message to the first server to which the first request message is requested; and (c) the first server receives the first request message. Receiving a second request message, and verifying that the second request message has passed through the relay / audit server; and (d) the first server responding to the second request message with a second request message. Transmitting the first response message to the relay / audit server; (e) inspecting the relay / audit server to verify that the received first response message is a valid message; The relay / audit server sending a second response message to the client, executing a remote procedure call over the network. It is because of the way.

Here, the first server further transmits a third request message entrusted with at least a part of the processing of the second request message to the second server, and further transmits the second request message to the second server. The first response message may be transmitted to the relay / audit server together with the response message received from the server.

Further, if the inspection in the step (c) is abnormal, the first server may not execute the processing of the received second request message.

Further, if the inspection in the step (e) is abnormal, the relay / audit server may not transmit the second response message to the client.

[0024] Further, the method may further include a step in which the relay / audit server records a history of transmission / reception of the request message and / or the response message.

Also, a second aspect of the present invention is a method for executing a remote procedure call on a network comprising one or more clients requesting a service and one or more servers having service objects. (A) the relay / audit server receiving the first request message from the client and identifying the user; and (b) the relay / audit server comprises:
Transmitting a second request message to the first server to which the first request message is requested;
(C) the first server receiving the received second request message and identifying that the message is a message from the relay / audit server;
(D) the first server transmitting a first response message in response to a second request message to the relay / audit server; and (e) the relay / audit server comprises:
Verifying that the received first response message is a valid message; and (f) transmitting the second response message to the client by the relay / audit server. This is a method for executing a remote procedure call on a network.

Here, the first server further transmits a third request message entrusted with at least a part of the processing of the second request message to the second server, and the second server The first response message may be transmitted to the relay / audit server together with the response message received from the server.

Further, if the inspection in the step (e) is abnormal, the relay / audit server may not transmit the second response message to the client.

[0028] The method may further include the step of the relay / audit server recording a transmission / reception history of the request message and / or the response message.

A third aspect of the present invention is a method for executing a remote procedure call on a network comprising one or more clients requesting services and one or more servers having service objects. (A) the relay / audit server receiving a first request message from the client; (b)
The relay / audit server transmits a second request message signed with a private key of its own public key cryptosystem to the first server to which the first request message is requested. (C) receiving the second request message received by the first server, and authenticating using the public key of the relay / audit server; (d) the first server Transmitting a first response message in response to a second request message to the relay / audit server, with a signature using a private key of the public key cryptosystem of the relay / audit server; An audit server receiving the first response message, authenticating using the public key of the first server, and verifying that the message is legitimate;
An audit server sending a second response message to the client.

Here, the first server further attaches a signature using its own public key cryptosystem secret key,
A third request message entrusted with at least a part of the processing of the second request message is transmitted to a second server, and the second server receives the second message,
Authenticating using the public key of the first server,
A response message in response to the response message is transmitted to the first server with a signature using a secret key of its own public key cryptosystem, and the first server transmits the received response message to the second server. After authentication using a public key, a first response message may be transmitted to the relay / audit server.

If the authentication in the step (c) is abnormal, the first server may not execute the processing of the received second request message.

If the authentication in the step (e) is abnormal, the relay / audit server may not transmit the second response message to the client.

Further, the method may further include the step of the relay / audit server recording a history of transmission / reception of the request message and / or the response message.

According to a fourth aspect of the present invention, there is provided a network system capable of executing a remote procedure call, comprising: a client transmitting a request message for requesting a service and receiving the response message; And at least one relay / audit server that forwards the received service response message to the requesting client, and forwards the received service response message to the requesting client. At least one server having a service object for verifying that the message has been received via the path and transmitting a response message in response to the requested message. Is an executable network system.

According to a fifth aspect of the present invention, there is provided a network system capable of executing a remote procedure call, comprising: a client for transmitting a request message for requesting a service and receiving the response message; And one or more relay / audit servers for receiving the service request, specifying the request source, transferring the service response message to the request destination server, and transferring the received service response message to the request source client; and At least one server having a service object for receiving the message, identifying the source of the message, and transmitting a response message in response to the requested message. Is an executable network system.

According to a sixth aspect of the present invention, there is provided a network system capable of executing a remote procedure call, wherein the client transmits a request message for requesting a service and receives the response message, and a service request message. One or more relays that receive the service request message and transfer it to the requesting server, and receive the response message to the service request and transfer the received service response message to the requesting client.
An audit server, and at least one server having a service object for receiving a service request message and transmitting a response message in response to the requested message, the relay / audit server and the server comprising: This is a network system capable of executing a remote procedure call, which is characterized in that a signature is sometimes attached using a private key of a public key cryptosystem owned by the user, and authentication is performed using a public key of a transmission source when a message is received.

[0037] In the network system according to the fourth to sixth aspects of the present invention, the relay / audit server checks that the received service response message is a valid message, and then sends the message to the request source. In addition to the transmission, a history of transmission and reception of the request message and / or the response message may be recorded.

According to a seventh aspect of the present invention, there is provided a service request message and a service response message on a network comprising at least one client requesting a service and at least one server providing the requested service. Receiving a service request message, transmitting a service request message with a signature of the server to another server, and receiving a response message to the service request. And a means for authenticating the transmission source and transmitting the authenticated transmission to the client of the service request source.

According to an eighth aspect of the present invention, there is provided a service request message and a service response message on a network including at least one client requesting a service and at least one server providing the requested service. A server for receiving or transmitting a service request message, a means for receiving the service request message and specifying the request source, a means for attaching the signature of the service request message and transmitting the service request message to another server, Means for receiving a response message to the request, authenticating the transmission source, and transmitting the message to the service requesting client. Server.

[0040] In the server according to the seventh and eighth aspects of the present invention, further, a means for checking that the received service response message is a valid message, and a transmission / reception history of the request message and / or response message. And means for recording

According to a ninth aspect of the present invention, there is provided a remote procedure calling operation executed on a network comprising at least one client requesting a service and at least one server providing the requested service. A supporting relay / monitoring server that transmits and receives request messages and response messages, a request message analysis unit that analyzes received request messages and extracts request parameters, and links predetermined information to request parameters. And a response message analyzing unit that analyzes the response message and extracts the receipt digitally signed by the transmission source server, and a receipt processing unit that electronically authenticates the receipt. It is a relay / monitoring server that is a feature.

[0042]

In the distributed network system according to the present invention, there are at least one client requesting a service and at least one server having a service object.

The server may respond to a certain service request only with a service object owned by itself, or may respond by cooperating with another server. Servers can communicate with each other by, for example, CGI (Co
A cooperative operation can be realized by a connection form such as a "monitor interface".

In the present invention, a client requesting a service transmits a service request message to a relay / audit server without directly accessing a server having a service object. This relay
It is assumed that the audit server is located somewhere on the network system.

If the network system is the Internet, the server may be, for example, a myriad of HTML (Hyper)
HTTP (Hyper Text Tra) that owns the Text Markup Language file
nsfer Protocol) server, and the service object is an HTML file (home page). In addition, the client uses a URL (Unifo
rm Resource Locator).

Upon receiving the request message from the client, the relay / audit server attaches a signature using the private key of the public key cryptosystem owned by itself to the received message,
Send to the server that has the corresponding service object. Here, when relaying the request message, the relay / audit server may specify the client user who has requested the service. By specifying
The relay / audit server can prove the source of the request message and record the reception log. Further, the relay / audit server may record a message transmission log.

The server having the service object is
When the request message is received via the relay / audit server, authentication is performed using the public key of the relay / audit server, and the source of the service request can be confirmed. By performing the authentication, the server can provide the service with confidence.

The server responds to the request message with only the service objects that it owns. In this case, a response message is sent to the relay / audit server with a signature using the private key of the public key cryptosystem of the user.

Alternatively, the server can delegate part of the processing of the requested service to another server (for example, a child server forming a tree structure). In this case, the server attaches a signature using its own private key of the public key cryptosystem,
Send a request message to another server.

The other server (child server) that has received the request message from the server authenticates the requesting server using the public key. Then, when returning the response message, a signature is made using the private key of the public key cryptosystem.
Another server can request a service from another server (grandchild server), but this also involves a signature when transmitting a request message and an authentication when receiving a response message.

The response message from the server to the request service is temporarily relayed and returned to the client before returning to the client.
Received by the audit server. This response message includes
The server signature is added. When the response message is formed by cooperation of a plurality of servers, the signatures of all (or at least some) servers involved in the response message are added to the response message. The relay / audit server authenticates the signature using the public key of each server, and confirms the source of the service object. Further, the relay / audit server checks whether the content of the response message is a valid message for the service request. If the content of the response message is abnormal or invalid, for example, a retransmission request may be issued or a warning may be issued.

After such authentication and inspection steps, a response message is transmitted from the relay / audit server to the requesting client. Since the origin of the response message is clear and the content has been checked, the client can reliably receive the response message.

Further, the relay / audit server can record the transmission / reception history of the request message and the response message, and can monitor the remote procedure call operation. If a particular client user is behaving untrustworthy on the network, for example, if the requesting client frequently issues the same service request, the requesting server is notified or the client is warned. Or may be issued.

Still other objects, features and advantages of the present invention are:
It will become apparent from the following more detailed description based on the embodiments of the present invention and the accompanying drawings.

[0055]

Embodiments of the present invention will be described below in detail with reference to the drawings.

FIG. 1 schematically shows the configuration of a network system 100 used for implementing the present invention.
The network system 100 stores data (ie, a service request message, a service response message, etc.)
.. Are connected to a network 10 as a transmission medium for providing a distributed computing environment. Hereinafter, each unit will be described.

The network 10 is a LAN (Loc) installed in a limited space such as a university or a company premises.
al Area Network). Or,
A LAN (Wi-Fi) in which LANs are interconnected by a dedicated line
de Area Network) or a public switched telephone network (PSTN: Public Switched Tel)
ephone Network), ISDN (Inte
graded Service Digital Ne
work), or the Internet, which is a large collection of these networks. Each data terminal device 50A is a modem or a TA (Terminal Ada).
network 1 via a LAN adapter, etc.
Connected to 0.

Some of the data terminal devices 50A are servers that provide services, and others are clients that request services. Data terminal devices 50A may be dedicated machines designed as servers or clients, but in many cases are general-purpose computer systems that operate by installing applications for servers or clients. Each data terminal device communicates with each other via the network 10 by, for example, TCP / IP.
(Transmission ControlProt
ocol / Internet Protocol).

The server has a plurality of service objects, and the service object is appropriately set in response to a service request.
Provide the object to the requestor. An example of a service object is HTML for forming a home page
(Hyper Text Markup Langua
ge) file and HTTP (Hyper Tex)
(Transfer Protocol) and can be transmitted via the network 10. Further, the client can specify a desired service object according to the URL format.

A service request by a URL via the network 10 is a kind of remote procedure / method call. Further, the server does not always execute the service by itself in response to a certain service request, and may entrust another server to provide a part of the service. One of the methods in which a server requests another server to provide a service is C
GI (Common Gateway Interface)
ce). That is, the server that receives the service request from the client first (tentatively referred to as “parent server”) entrusts the generation of a part of the content in the homepage to another server (tentatively referred to as “child server”).
Then, the parent server generates a home page from the content generated by itself and the content returned from the child server, and returns the home page to the client. Further, the child server may entrust the provision of a part of the service to its own child server ("grandchild server"). The parent-child relationship of a plurality of servers providing a service forms a kind of tree structure. In such a case, a response to the requested service is performed by cooperative cooperation between the servers having the tree structure.

For example, when a WWW client inputs a search item on a browser screen, the WWW server may request another database server to execute a search and transmit a search result. In this case, the database server provides a part of the requested service in cooperation with the WWW server by a mechanism such as CGI. That is, the database server generates the contents of the corresponding column in the table indicating the search result, and the WWW server generates the rest of the table (described above).

The present invention is particularly unique in that at least one of the servers existing on the network 10 functions as a “relay / monitoring server”. The relay / monitoring server issues a service request to the server on behalf of the client. The client
The service request message is transmitted to the relay / monitoring server without directly accessing the server, and the service response message is received via the relay / monitoring server.

The relay / monitoring server guarantees the contents of the message by authenticating the source when receiving the message. At the time of message transmission, the origin of the message is proved by signing the message. The client can receive the service with confidence through the relay / monitoring server. In addition, the relay / monitoring server
By identifying the client user requesting the service and recording its log, the user's untrustworthy behavior is also monitored. The details of the message transmission / reception operation including the relay / monitoring server will be described later.

FIG. 2 schematically shows a tree structure of a server formed to provide a certain service from a client. In the figure, two child servers 4 and 5 exist in a parent server 3 that provides a service, and a grandchild server 6 that succeeds the child server 5 also exists. However, not all servers belong to the same operating organization. A relay / monitoring server 2 is interposed between the client 1 and the server 4. The relay / monitoring server 2 may be a data terminal device specially designed for realizing its function, or may be a general-purpose computer system in which an application program for the relay / monitoring server is introduced. .

FIG. 3 is a block diagram schematically illustrating the configuration of the relay / monitoring server 2 that realizes the present invention. As shown in the figure, the relay / monitoring server 2 includes an audit certificate creation unit 210, a request message analysis unit 220, a transmission / reception unit 2
30; a receipt processing unit 240; and a response message analyzing unit 250. Hereinafter, each unit will be described.

The transmission / reception unit 230 is a device for transmitting / receiving a message via the network 10. For the client 1, it receives a service request message and transmits a service response message. Further, the server 3 transmits a service request message and receives a service response message to the server 3.

The request message analysis unit 220 analyzes the service request message received from the transmission / reception unit 230. In addition, the request parameters in the request message are extracted and passed to the audit certificate creating unit 210.

The audit certificate generation unit 210 owns a private key of a public key cryptosystem for performing an electronic signature. When the request parameter is passed from the request message analysis unit 220, the request parameter is concatenated with the audit certificate number and a character string indicating the expiration date, and further, an electronic signature is performed using a secret key. This electronic signature means an audit certificate issued by the relay / monitoring server 2.
Thereafter, the request message with the audit certificate is transmitted from the transmission / reception unit 230. In addition, the audit certificate generation unit 210
There is a log file for managing request messages from clients, and a log is generated each time a request message from a client is processed.

The response message analysis unit 250 analyzes the response message received from the server. The response message includes a receipt that has been digitally signed by the sending server. Response message analyzer 250
Extracts the receipt from the response message and passes it to the receipt processing unit 240.

The receipt processing unit 240 is provided for each of the servers 3, 4,
It holds the public keys 5 and 6, and authenticates the signature of the receipt passed from the response message analysis unit 250. In this embodiment, in the service response message returned from the server 3, the electronic signatures of all (or at least a part of) the servers 3, 4,... These electronic signatures serve as receipts for the servers 3, 4,.... The receipt processing unit 240 electronically authenticates each signature using the public key of the corresponding server. Further, the receipt processing unit 240 manages a log file for each server, and when the authentication procedure is successful, adds the log to the log file of the corresponding server.

Each block shown in FIG. 3 can be designed as a dedicated hardware device, or can be implemented in the form of a program module introduced into a general-purpose computer system.

FIG. 4 is a block diagram schematically illustrating the configuration of the server 3 provided for implementing the present invention. As shown in the figure, the server 3 includes a service object unit 3
10, a response message generator 320, a request message analyzer 330, a transmitter / receiver 340, a response message analyzer 350, and a request message generator 360. Hereinafter, each unit will be described.

The transmission / reception unit 340 is a device for transmitting / receiving a message via the network 10. It receives the service request message and sends the service response message to the relay / audit server 2 or its own parent server. In addition, it sends a service request message and receives a service response message to its own child server.

The service object section 310 is composed of a set of service objects provided by the server 3 in response to a service request. One example of a service object is an HTML file for forming a home page on the display of a WWW client. The service object unit 310 is a disk-type storage device that stores the service object. The parent server that requests a service from the client 1 or the child server sends the desired service object to the UR.
L.

The request message analyzing section 330 analyzes the service request message received from the transmitting / receiving section 340. The analysis processing here is to extract the audit certificate from the request message and check the validity and validity of the message. Request message analyzer 33
0 also has an invalid identifier table for managing the identifier of the audit certificate that has become invalid.

The request message analyzer 330 electronically authenticates the audit certificate using the public key of the request message sender, and verifies the expiration date in the audit certificate. If the expiration date has expired, the next step is not performed, and no service object is provided. If the audit certificate has not expired, it is next checked whether or not the identifier of the audit certificate is in the invalid identifier table. If it is present in the table, it means that the audit certificate is no longer valid, so that the next step is not performed, and as a result no service object is provided. If the identifier of the audit certificate is not in the invalid identifier table, the identifier is added to the table. As a result, the diversion of the same audit certificate is prohibited.

After the inspection of the audit certificate is completed, the request message analysis unit 330 passes the request parameters in the request message to the service object unit 310. In response to this, when the service object unit 310 owns the corresponding service object, the service object unit 310 supplies the service object to the response message generation unit 320. When the corresponding service object is not owned by itself, but is owned by a descendant server 4, 5,..., A service request message is transmitted to the descendant server 4, 5,. Prompt.

The response message generator 320 generates a response message based on the service object extracted from the service object unit 310. Also, the response message generation unit 320 owns a private key of the public key cryptosystem, and attaches a receipt to the response message by performing an electronic signature on the response message. The response message acknowledging the receipt is transmitted by the transmitting / receiving unit 340 to the service request source.

The request message generator 360 generates a service request message to be transmitted to the descendant servers 4, 5,... Request message generator 36
0 owns the private key of the public key cryptosystem and attaches an audit certificate to the request message by performing an electronic signature on the request message. The request message with the audit certificate is transmitted to the service request destination by the transmission / reception unit 340. The service request to the descendant servers 4, 5,... Is, for example, a CGI (Common Gateway Inte
rface).

The response message analyzer 350 analyzes the response message received by the transceiver 340 from the descendant servers 4, 5,... The response message includes a receipt including the electronic signatures of all (or at least a part of) the descendant servers 4, 5,... Responding to the service request. The response message analysis unit 350 electronically authenticates the receipt using the public keys of the descendant servers 4, 5,. When sending a service object owned by the server 3 itself in addition to the service objects sent from the descendant servers 4, 5,..., The server 3 prompts the service object unit 310 to extract a desired service object. (For example, this corresponds to a case where the server 3 creates a table on the homepage and a predetermined column in the table is created by a descendant server (such as a database server)).

As will be described in detail below, the server 3 not only functions as a server itself for providing a service object, but also functions as a certificate authority that authenticates response messages from the servers 4, 5, and 6 that are descendants of the server 3. Please understand that it also has.

Each block shown in FIG. 4 can be designed as a dedicated hardware device, or can be implemented in the form of a program module introduced into a general-purpose computer system.

It should be understood that the other servers 4, 5, and 6, which are descendants of the server 3, have the same configuration as that shown in FIG. For example, the server 4 (not shown) includes a service object unit 410, a response message generation unit 420, a request message analysis unit 430,
It comprises a transmitting / receiving unit 440, a response message analyzing unit 450, and a request message generating unit 460.

Next, the processing operation of a remote procedure call on the network system 100 will be described. FIG. 5 schematically shows how the service request issued by the client 1 is processed by the cooperative operation of the relay / monitoring server 2 and each of the servers 3, 4, 5,.

In this example, each server 3, 4, 5,...
It is a TP server, and the client 1 transmits a service request message using the HTTP protocol. It is assumed that the server 3 generates one file described in HTML in cooperation with its own descendant servers 4, 5,. For example, the server 3 provides a service object corresponding to the first half of the table included in the HTML file, and its child server 4 provides a service object corresponding to the second half of the table. The servers 3, 4, 5,... Are, for example, CGI (Common).
Gateway Interface). Here, each server 3, 4, 5, ...
Assuming the domain name of "server300", "ser
ver400 "," server500 "...

The client uses the HTTP protocol to send a first service request message (s
service1) to the relay / monitoring server.

[0087]

GET / service1 HTTP / 1.
1

When the relay / monitoring server 2 receives the first service request message, it passes it to the request message analyzer 220.

The request message analysis unit 220 determines “se” as a request parameter in the first service request message.
rservice1 ". Then, the own URL
The correspondence table is searched, and the URL “http: // server300 / ob” corresponding to “service1” is searched.
The audit certificate generation unit 2
Hand over to 10. This URL is the domain name "server"
Service object “object31” owned by the service object part of the server 3 having “300”
0 ".

The audit certificate generation unit 210 generates the following data including the following three parameters: a message identifier, an expiration date, and a service name.

[0091]

(Equation 2)

The data of the above three items has an identifier of 1 and an expiration date (here, world time) of 1 June 8, 1998.
From 0:10 to 10:15 on the same day, the service name is service1, that is, for a service request having an identifier 1, 10: 1 on June 8, 1998.
This indicates that access to service 1 is permitted from 0 minutes to 10:15 on the same day. This 3
The data of the set of words means access authority to the service object. In the technical field related to network computing, access authority is also called "capability".

The audit certificate generation unit 210 applies a message digest function to the data of the three-term set, and holds the private key secretkey of the public key cryptosystem held by itself.
1 is used to perform an electronic signature. The signature added here plays a role of “audit certificate 10” in the subsequent server 3, but is hereinafter referred to as “signature1”.

The audit certificate generation unit 210 sends the requested “se
URL "http: // se" corresponding to "service1"
The second service request message as described below is transmitted to the transmission / reception unit 340 of the server 3 on the basis of the reverse service 300 / object 310 ″.

[0095]

(Equation 3)

[0096] When the transmission / reception section 340 of the server 3 receives the second service request message, it passes it to the request message analysis section 330. Request message analyzer 330
Performs the following steps in response to this.

(1) Extract the name of the service object from the first line of the message to obtain a first reference for the service object. (2) Of the request headers in HTTP "
A value corresponding to the field name “Capability” is extracted and set as the first capability. (3) “HTTP request header”
The value corresponding to the field name “Signature” is extracted and used as the first signature. (4) It is checked whether the expiration date described in the first capability has expired. The process proceeds to the step, but if not, a response message indicating that the capability is invalid is input to the transmitting / receiving unit 340. (5) Search whether the first capability exists in the invalid identifier table. If it is not in the table, the process proceeds to the next step, but if not, a response message indicating that the capability is invalid is input to the transmission / reception unit 340. (6) Using the public key of the relay / monitoring server 2 Checks whether the first signature is a correct signature of the first capability, and if so, replaces the identifier of the first capability with an invalid identifier table Add. (7) passes the request message to the service object 310 indicated by the first reference. The first
Is input to the request message generator 360.

By registering the identifier of the capability once received in the invalid identifier table, it is possible to prevent an unauthorized person on the network from diverting the same capability.

When the server 4 further needs a service object to respond to the second service request message, the service object section 310 of the server 3 sends a service request to the service object section 410 of the server 4. It requests the request message generator 360 to generate a request message to transmit the message.

[0100] The request message generator 360
Public key cryptosystem secretretkey2 possessed by itself
To generate a third service request message including the first capability, the first signature, and the second signature (ie, “audit certificate 20”).

The server 3 sends an HTML message to the server 4
Assume that the latter half of the table in the file is requested. In this case, the third service request message is as follows.

[0102]

(Equation 4)

Request message analyzer 430 of server 4
Performs the following steps upon receiving the third service request message.

(1) Extract the name of the service object from the first line of the message to obtain a second reference of the service object. (2) A value corresponding to a field name “Capability” is extracted from the format of a request header in HTTP and is set as a first capability (access right). (3) A value corresponding to the field name "Signature" is extracted from the format of the request header in HTTP and is used as a first signature. (4) A value corresponding to the field name “Signature2” is extracted from the format of the request header in HTTP and is used as a second signature. (5) Check whether the validity period of the first capability is within the validity period. If it is within the time limit, the process proceeds to the next step; otherwise, a response message indicating that the capability is invalid is passed to the transmission / reception unit 410. (6) Search whether the identifier of the first capability is in the invalid identifier table. If it is not in the table, the process proceeds to the next step; otherwise, a response message indicating that the capability is invalid is transmitted and received by the transmitting / receiving unit 410.
To enter. (7) Using the public key of the relay / monitoring server 2 to check whether the first signature is a correct signature of the first capability. If the signature is correct, the identifier of the first capability is added to the invalid identifier table. (8) Using the public key of the server 3 to check whether the second signature is a correct signature of the first capability. If the signature is correct, the process proceeds to the next step; otherwise, the step is stopped. (9) Pass the request message to the service object section 410 indicated by the first reference. Also, the first
Are input to the request message generator 460.

By registering the identifier of the capability once received in the invalid identifier table, it is possible to prevent an unauthorized person on the network from diverting the same capability.

The service object unit 410, having received the request message, generates the latter half of the table in the requested HTML file. The entity of the service object provided by the service object unit 410 is, for example, as follows.

[0107]

<Tr> <td> bbbb100 <td> 100 <td> 1000 <tr> <td> bbbb200 <td> 200 <td> 2000 <tr> <td> bbbb300 <td> 300 <td> 3000

The service object section 410 generates the “document 1” and sends it to the response message generating section 4
Pass to 20.

The response message generation unit 420
Generates a service response message by signing the document 1 using the private key of the public key cryptosystem owned by. Then, the transmission / reception unit 340 of the server 3 is transmitted via the transmission / reception unit 440.
Send a service response message to The signature attached to the service response message has a meaning as “receipt 30”.

Upon receiving the service response message, the transmitting / receiving unit 340 of the server 3 passes the service response message to the response message analyzing unit 350.

The response message analyzing section 350 analyzes the service response message and authenticates the signature using the public key of the server 4. This authentication work means that the server 3 also has a role as a certificate authority for each of the servers 4, 5, and 6 that are its descendants.

If the signature is correctly authenticated, response message analysis section 350 passes document 1 in the service response message to service object section 310.

The service object section 310 generates the first half of the table in the requested HTML file. The entity of the service object provided by the service object unit 410 is, for example, “Document 2” as shown below.

[0114]

<Tr> <td> aaaa100 <td> 100 <td> 1000 <tr> <td> aaaa200 <td> 200 <td> 2000 <tr> <td> aaaa300 <td> 300 <td> 3000

The service object section 310 connects the above-mentioned document 1 and document 2 to generate “document 3” as shown below.

[0116]

<Html> <head> <title> Synthesis result of table </ title> </ head> <body> <table> <tr> <td> aaa100 <td> 100 <td> 1000 <tr> < td> aaaa200 <td> 200 <td> 2000 <tr> <td> aaaa300 <td> 300 <td> 3000 <tr> <td> bbbb100 <td> 100 <td> 1000 <tr> <td> bbb200 <td > 200 <td> 2000 <tr> <td> bbbb300 <td> 300 <td> 3000 </ table> </ body> </ html>

The generated document 3 is passed to the response message generator 320.

The response message generating unit 320
Sign the document 3 using the private key of the public key cryptosystem possessed by, and generate a service response message. The signature attached to the service response message has a meaning as “receipt 80”. And the service response message is
It is transmitted to the transmission / reception unit 240 of the relay / audit server 2 via the transmission / reception unit 340.

The transmission / reception unit 240 of the relay / monitoring server 2
The received service response message is passed to the response message analyzer 250.

The response message analysis unit 250
Then, each signature included in the audit certificate 80 is checked using the public key of each of the servers 4. That is, the relay / monitoring server 2
Functions as a certificate authority for each of the servers 3, 4,.

When the authentication is correctly performed, the document 3 is transmitted to the client 1 via the transmission / reception unit 240. When the authentication fails, instead of the document 3, a response message indicating that the service response message is incorrect is transmitted. I do.

In the above description, the example in which the server 3 responds to the service request from the client 1 only in cooperation with the server 4 has been described. The same is true for In such a case, the “audit certificate 40” is attached when the server 3 transmits the request message to the server 5, and the “audit certificate 50” is attached when the server 5 transmits the request message to the server 6. When the server 6 transmits a response message to the server 5, “Receipt 60” is displayed. When the server 5 transmits a response message to the server 3, “Receipt 7” is displayed.
"0" is appended to each.

Further, in the above-described embodiment, HTTP has been described as a protocol for transmitting and receiving messages between computers via a network. However, the present invention can be similarly applied using any other protocol. Can be. The protocol is, for example, HTTPS, S-HT
TP (secure HTTP), FTP (FileT
transfer Protocol), CORBA (C
ommon ORB Architecture), II
OP (Internet Inter-ORB Pro
tocol), JavaRMI (Remote Met)
hod Invocation).

[Supplement] The present invention has been described in detail with reference to the specific embodiments. However, it is obvious that those skilled in the art can modify or substitute the embodiment without departing from the spirit of the present invention. That is, the present invention has been disclosed by way of example, and should not be construed as limiting. In order to determine the gist of the present invention, the claims described at the beginning should be considered.

[0125]

As described above in detail, according to the present invention,
In a distributed network system including one or more servers and one or more clients, a method for performing an excellent remote procedure call for a client to request a service from a server can be provided.

Further, according to the present invention, it is possible to provide an excellent remote procedure calling system in which a service request reaches a server via at least one relay / audit server.

Further, according to the present invention, in a distributed network environment in which a service requested by a client is provided by a cooperative operation of a plurality of servers, an excellent service for guaranteeing proper execution of a service is provided. Can be provided.

Further, according to the present invention, by providing a relay / audit server on a network, it is possible to authenticate the source of a service request and to guarantee the service provided by the server. A procedure / method invocation scheme can be provided.

[Brief description of the drawings]

FIG. 1 is a diagram schematically showing a configuration of a network system 100 provided for implementing the present invention.

FIG. 2 is a diagram schematically showing a tree structure of a server formed to provide a certain service from a client.

FIG. 3 is a block diagram schematically illustrating a configuration of a relay / monitoring server 2 that realizes the present invention.

FIG. 4 is a block diagram schematically showing a configuration of a server 3 provided for implementing the present invention.

FIG. 5 is a diagram schematically illustrating operations for processing a remote procedure call on the network system 100.

FIG. 6 is a diagram schematically showing how a WWW server processes a remote procedure called from a client in cooperation with a database server on a network.

FIG. 7 is a diagram schematically showing a state in which a number of servers respond to a service request of a client in cooperation with each other on a network. More specifically, a number of servers have a tree structure related to a service request / response. To form
FIG. 3 is a diagram illustrating a state where each server belongs to different organizations.

FIG. 8 is a diagram schematically showing how a large number of servers cooperate and respond to a client's service request on a network. More specifically, some child servers use dummy clients. FIG. 9 is a diagram showing a situation in which an invalid service request is issued.

[Explanation of symbols]

 Reference Signs List 100 network system 210 audit certificate generation unit 220 request message analysis unit 230 transmission / reception unit 240 response message analysis unit 250 reception receipt generation unit

Claims (22)

[Claims] 1. A method for executing a remote procedure call on a network comprising one or more clients requesting services and one or more servers having service objects, comprising: (a) relaying and auditing; A server receiving a first request message from a client; and (b) the relay / audit server comprises:
Transmitting a second request message to a first server to which the request message is sent; and (c) the first server receives the received second request message, Checking that the request message has passed through the relay / audit server; and (d)
The first server transmitting a first response message in response to a second request message to the relay / audit server; and (e) the first response message received by the relay / audit server is Checking a valid message; and (f) transmitting, by the relay / audit server, a second response message to the client. Way to do that. 2. The first server further transmits a third request message entrusted with at least a part of the processing of the second request message to a second server, and transmits the third request message from the second server. The method for executing a remote procedure call over a network according to claim 1, wherein the first response message is transmitted to the relay / audit server together with the received response message. 3. The method according to claim 1, wherein the first server does not execute the processing of the received second request message if the inspection in the step (c) is abnormal. A method for making a remote procedure call over a network as described. 4. The relay / audit server does not transmit a second response message to the client if the inspection in the step (e) is abnormal. For making remote procedure calls over a network of devices. 5. The remote server on a network according to claim 1, further comprising a step of recording the transmission and reception history of the request message and / or the response message by the relay / audit server. Method for performing procedure calls. 6. A method for executing a remote procedure call on a network comprising one or more clients requesting services and one or more servers having service objects, comprising: (a) relaying and auditing; A server receiving a first request message from a client and identifying a user; and (b) the relay / audit server sends a request to the first server to which the first request message is sent. Transmitting a second request message; and (c) the first server receiving the received second request message and identifying that the message is from the relay / audit server; (D) the first server transmits a first response message in response to a second request message to the relay / audit server; (E) the relay / audit server checks that the received first response message is a valid message, and (f) the relay / audit server sends the second response message to the server. Sending to the client. Performing a remote procedure call over the network. 7. The first server further transmits a third request message entrusted with at least a part of the processing of the second request message to the second server, and transmits the third request message from the second server. 7. The method for executing a remote procedure call over a network according to claim 6, wherein a first response message is transmitted to the relay / audit server together with the received response message. 8. The server according to claim 6, wherein the relay / audit server does not transmit the second response message to the client if the inspection in the step (e) is abnormal. For making remote procedure calls over a network of devices. 9. The remote server over a network according to claim 6, further comprising a step of the relay / audit server recording a history of transmission and reception of the request message and / or the response message. Method for performing procedure calls. 10. A method for executing a remote procedure call on a network comprising at least one client requesting a service and at least one server having a service object, comprising: (a) relaying and auditing; A step in which the server receives a first request message from a client; and (b) the relay / audit server sends a public key held by the relay / audit server to a first server to which the first request message is requested. Sending a second request message signed with a cryptographic secret key;
(C) the first server receiving the received second request message and authenticating using the public key of the relay / audit server; and (d) the first server is configured to Sending a first response message in response to a second request message to the relay / audit server with a signature using the private key of the public key cryptosystem possessed by the relay / audit server; Receiving the first response message, authenticating using the public key of the first server, and verifying that the message is valid; (f) the relay / audit server performs Sending a response message to the client. A method for performing a remote procedure call over a network. 11. The third server, wherein the first server further attaches a signature using a private key of the public key cryptosystem of the first server and entrusts at least a part of the processing of the second request message. A request message is transmitted to a second server, the second server receives the second message, authenticates using the public key of the first server, and sends a response message in response to the authentication. Affixes a signature using a secret key of its own public key cryptosystem and sends it to the first server, and the first server authenticates the received response message using the public key of the second server 11. The method for performing a remote procedure call over a network according to claim 10, further comprising: sending a first response message to the relay and audit server afterwards. 12. The method according to claim 10, wherein if the authentication in step (c) is abnormal, the first server does not execute the processing of the received second request message.
Or a method for executing a remote procedure call over a network according to any of the preceding claims. 13. The server according to claim 10, wherein if the authentication in the step (e) is abnormal, the relay / audit server does not transmit the second response message to the client. For making remote procedure calls over a network of devices. 14. The remote control over a network according to claim 10, further comprising the step of the relay / audit server recording a history of transmission and reception of the request message and / or the response message. Method for performing procedure calls. 15. A network system capable of executing a remote procedure call, comprising: a client transmitting a request message for requesting a service and receiving a response message; and a server receiving the service request message and receiving a service request message. One or more relay / audit servers that forward the service request message to the requesting client while forwarding the service request message to the requesting client, and receive the service request message and receive the message via a legitimate route. Inspection that
A remote system callable network system comprising: one or more servers having a service object for transmitting a response message in response to a requested message. 16. A network system capable of executing a remote procedure call, comprising: a client that transmits a request message for requesting a service and receives a response message thereof; and receives a service request message and identifies a source of the request. And one or more relay / audit servers that forward the service request message to the requesting client, and forward the service request message to the requesting client, and receive the service request message and send the message. A remote procedure call executable network system comprising: one or more servers having a service object for identifying a source and transmitting a response message in response to a requested message. 17. A network system capable of executing a remote procedure call, comprising: a client transmitting a request message for requesting a service and receiving a response message; and a server receiving the service request message and receiving a service request message. One or more relay / audit servers that forward the service request message, forward the received service response message to the requesting client, and receive the service request message. Service that sends a response message in response to the
The relay / audit server and the server each have a signature using a private key of a public key cryptosystem owned by the relay / audit server when sending a message, and a public key of a transmission source when receiving a message. A network system capable of executing a remote procedure call, wherein authentication is performed using the network system. 18. The relay / audit server checks that the received service response message is a legitimate message and then transmits the message to the service request source, and transmits and receives the request message and / or response message. 18. A history is recorded.
A network system capable of executing the remote procedure call according to any one of the above. 19. A server for receiving or transmitting a service request message or a service response message on a network including at least one client requesting a service and at least one server providing the requested service. Means for receiving the service request message, means for applying the service request message to another server with a signature of its own, and receiving the response message to the service request and authenticating the sender. Means for transmitting to a client that has requested the service. 20. A server for receiving or transmitting a service request message or a service response message on a network including at least one client requesting a service and at least one server providing the requested service. Means for receiving the service request message and identifying the source of the request, means for attaching the self-signed message to the service request message to another server, and receiving a response message to the service request, Means for authenticating the transmission source and transmitting it to the service requesting client. A server characterized by the above-mentioned. 21. A system according to claim 20, further comprising means for checking that the received service response message is a valid message, and means for recording a history of transmission and reception of the request message and / or the response message. Item 1
21. The server according to any one of 9 or 20. 22. A relay / monitoring server for supporting a remote procedure call operation executed on a network comprising one or more clients requesting a service and one or more servers providing the requested service, A transmission / reception unit for transmitting and receiving a request message and a response message; a request message analysis unit for analyzing a received request message to extract a request parameter; A relay / monitoring server, comprising: a response message analyzing unit that analyzes a response message and extracts a receipt electronically signed by a transmission source server; and a receipt processing unit that electronically authenticates the receipt.