JP2002055839A - Server computer, method for updating software and storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To automatically and safely apply a patch to a client to be maintained and managed. SOLUTION: A server 1 in a client-server system is provided with a software(SW) data base 11 for recording the SW information of each client to be maintained and managed, a patch data base 12 for recording information concerned with a target to which a patch is to be applied, and a patch processing part 17 for distributing the matched result of contents of the SW data base 11 and the patch data base 12 to the patch applicable client and a client 21 in the system is provided with a communication part 41 for receiving the patch information from a network 5 and a patch adaptive processing part 44 for applying the patch on the basis of the patch information received by the communication part 41.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a server computer, a software updating method, and a storage medium used in, for example, a client server system.

[0002]

2. Description of the Related Art In recent years, sites using computer systems have been disclosed on networks such as the Internet. In contrast, unauthorized access to sites from the Internet has frequently occurred, and there are security holes in computer systems. Is becoming very problematic.

[0003] This security hole can be filled in both in hardware and software. In particular, filling a security hole with software is called patching (software update). Software patches are provided by product providers for product bug countermeasures. The bugs vary widely, and many are related to security.

On the other hand, well-intentioned security researchers are constantly searching for security holes in a system, and as a result, in many cases, patches are distributed to the system as a measure to fill the found security holes. I have.

[0005] In addition, since a person other than a well-intentioned security researcher, for example, a maliciously malicious hacker, is looking for a security hole, the work from patch distribution to patch application must be performed extremely quickly. In order to maintain a high level of security, it is necessary to always apply the latest patches to applicable systems.

However, it is not easy to correctly apply the latest patches to a running system.

For example, when the latest patch is applied to an operating system (hereinafter referred to as an OS) for managing each hardware and software on a certain computer, application software (an operating system operating under the OS environment until then) is applied. (Hereinafter referred to as software)
There are many cases where the device stops working. Therefore,
Software patches must be applied after verifying that they do not affect other software.

[0008]

As described above, conventionally, it is difficult to apply a patch to a computer system or software that is already operating, and therefore, there are many troubles caused by improper patch application.

[0009] For example, if a patch for software for constructing a site on the Internet is not properly applied, a security hole is not filled, and the site or computer system may be continuously exposed to the attack by the hacker.

[0010] The present invention has been made to solve such a problem, and a patch can be automatically and safely applied to a computer system. As a result, it is possible to contribute to, for example, improvement of system security. It is an object to provide a server computer, a software update method, and a storage medium.

[0011]

According to a first aspect of the present invention, there is provided a server computer, comprising:
In a server computer connected to a client computer via a network, at least a first database in which information of software that executes processing on the client computer is registered, software to be updated, and software dependent on the software to be updated A second database in which reference information, which is information, is registered; and, when the content of the second database is updated, the content of the first database is compared with the content of the second database to update the software. And a means for distributing software update information to a client computer capable of updating software as a result of the determination by the matching means. It is characterized in that.

According to a second aspect of the present invention, there is provided a server computer connected to a client computer via a network, comprising: a first database in which information of at least software for executing processing on the client computer is registered; A second database in which reference information, which is information on software to be updated and software dependent on the software to be updated, is registered; and when the content of the second database is updated, the first database and the second database are updated. A first comparing unit that determines whether the software update can be performed on the client computer to be updated by comparing the contents of the second database; and a client that can update the software as a result of the determination by the first comparing unit. Means for requesting the current software information from the computer, and comparing the software information returned in response to the request with the second database to determine whether or not the software update can be performed on the client computer to be updated. And a means for distributing software update information when the software of the client computer to be updated can be updated as a result of the determination by the second matching means. .

According to a third aspect of the present invention, there is provided a software updating method by a server computer connected to a client computer via a network, wherein at least information of software executing processing on the client computer is stored in the server computer. Registering or updating reference information, which is information on software to be updated and software dependent on the software to be updated, in the server computer, and updating or updating the software to be updated and the reference information of the server computer. If so, determining whether the software update can be performed on the client computer to be updated by comparing the updated content with the information on the software; Result of the determination, it is characterized by having the steps of distributing software updates from the server computer for the software updatable client computers.

According to a fourth aspect of the present invention, there is provided a software updating method by a server computer connected to a client computer via a network, wherein at least information of software executing processing on the client computer is stored in the server computer. Registering or updating reference information, which is information on software to be updated and software dependent on the software to be updated, in the server computer, and updating or updating the software to be updated and the reference information of the server computer. If so, determining whether the software update can be performed on the client computer to be updated by comparing the updated content with the information on the software; As a result of the determination, means for requesting the current software information to a client computer capable of updating the software, and comparing the current software information returned to the server computer in response to the request with the software update information Determining whether or not software update is possible for the client computer to be updated, and distributing software update information when the software of the client computer to be updated can be updated as a result of the determination. It is characterized by.

According to a fifth aspect of the present invention, there is provided a storage medium storing a program for operating a server computer connected to a client computer via a network, wherein the server computer executes processing at least on the client computer. When the information of the software to be executed is registered, and the reference information which is information on the software to be updated and the software dependent on the software to be updated is registered or updated, and the software to be updated and the reference information of the server computer are registered or updated. By comparing the updated content with the software information to determine whether or not the client computer to be updated can be updated. As a result of the determination, the software can be updated. Wherein a program to distribute software updates to the client computer is characterized in that the server computer is able to store read.

A storage medium according to a sixth aspect of the present invention is a storage medium storing a program for operating a server computer connected to a client computer via a network, wherein the server computer executes processing at least on the client computer. When the information of the software to be executed is registered, and the reference information which is information on the software to be updated and the software dependent on the software to be updated is registered or updated, and the software to be updated and the reference information of the server computer are registered or updated. By comparing the updated content with the software information to determine whether or not the client computer to be updated can be updated. As a result of the determination, the software can be updated. A request is made to the client computer for current software information, and the current software information returned in response to the request is compared with the software update information to determine whether software update is possible for the client computer to be updated. In this case, as a result of the determination, when the software of the client computer to be updated can be updated, a program for distributing software update information is stored in the server computer in a readable manner.

According to the first, third and fifth aspects of the present invention, information on software to be executed on the client computer is registered in the first database of the server computer, and the software to be updated and the software to be updated are stored in the first database. Reference information, which is information on dependent software, is registered in the second database of the server computer. When the contents of the second database of the server computer are updated, the updated contents are compared with the software information of the first database to determine whether or not the software update target client can be updated. As a result of the determination, the software update information is distributed from the server computer to the client computers that can update the software. Software can be updated automatically and securely.

According to the second, fourth, and sixth aspects of the present invention, information of software to be executed on the client computer is registered in the first database of the server computer. Reference information, which is information on dependent software, is registered in the second database of the server computer. Then, when the contents of the second database of the server computer are updated, the updated contents are compared with the software information of the first database to determine whether or not the software update can be performed on the client computer to be updated, and As a result of this determination, the current software information is requested from the client computer capable of updating the software. The current software information of the client computer returned to the server computer in response to the request is compared with the reference information of the second database to determine again whether or not the software update of the client computer to be updated can be performed. As a result of the determination, if the software of the client computer to be updated can be updated, the software update information is delivered to the client.Therefore, the client computer to be updated software receives the software update information from the server computer, so that the software is updated. It can be updated automatically and securely. As a result,
It can contribute to improvement of system security.

[0019]

Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 is a diagram showing a configuration of a client server system according to one embodiment of the present invention, FIG. 2 is a diagram showing an example of the contents of an SW database in a server of the client server system of this embodiment, and FIG. FIG. 4 is a diagram illustrating an example of the contents of a patch database in the server of the client-server system according to the embodiment.

As shown in FIG. 1, this client-server system is installed in a server computer 1 (hereinafter referred to as a server 1) installed in a maintenance center or the like, and in a plurality of companies and the like who have made a maintenance contract with the maintenance center. Client computers 21, 22, 31, 32 of the respective computer systems 2, 3 (hereinafter referred to as clients 21, 22,
2, 31, 32) via a network 5.

The server 1 includes a CPU, a ROM, a RAM, a hard disk drive, a keyboard, a mouse, a monitor,
It has hardware such as a communication interface. The hard disk drive has an operating system (hereinafter referred to as OS), a software database 11 (hereinafter referred to as SW database 11), a patch database 12, a database management unit 13 (hereinafter referred to as DB management unit 13), a pattern matching unit 14 (hereinafter referred to as DB management unit 13). Collation means), software such as a security detection unit 15, a communication unit 16, and a patch processing unit 17 are installed. These units may be configured by hardware. The SW database 11 is called a first database, and the patch database 12 is called a second database.

The DB management unit 13 stores the SW database 11
When the contents of the patch database 12 change due to monitoring and management of the patch database 12 and information being registered or updated in the patch database 12,
A message is sent to the patch processing unit 14 and the patch processing unit 1
Start 4 When activated, the patch processing unit 14 searches the SW database 11 for software to which the newly registered patch information is to be applied, based on the reference information of the patch database 12 included in the message. It is necessary to apply the patch and this patch to the software of the system corresponding to the newly registered patch information, that is, the patch application processing unit (software) on the client (hardware) on which the applicable software is installed. Is transmitted (distributed), such as an instruction (command, procedure, etc.) and accompanying patch information (software update information) such as setting information (eg, parameters for setting the command).

Here, the reference information is information on the software to be patched and the dependent software shown in FIG. 3, and includes at least the name of each software. However, it is desirable to include the setting information of the dependent software.

The clients 21, 22, 31, 3 of each of the computer systems 2, 3 connected to the network 5
2, a communication unit 41, an encryption processing unit 42, a verification unit 43, a patch application processing unit 44, and the like are provided. They are,
For example, in the case of software, it is installed in a hard disk drive or the like. The communication unit 41 transmits and receives information via the server 1 and the network 5. The encryption processing unit 42 decrypts information received from the server 1 via the network 5 and encrypts SW information transmitted to the server 1. The verification unit 43 verifies the validity of the electronic signature added to the patch information transmitted from the server 1. If the information received from the server 1 via the network 5 is the transmission notice information, and the verification result of the electronic signature by the verification unit 43 is correct, the patch application processing unit 44 is installed in the client itself (hardware). It collects software setting information (not shown, such as the name of the software installed in the client itself, its version, etc.), attaches an electronic signature, and returns it to the server 1. Further, when the patch application processing unit 44 receives patch information such as a patch, a command for patch application, and setting information from the server 1 via the network 5, if the verification result of the electronic signature by the verification unit 43 is correct, Apply patches to software installed on the client itself based on the received patch information.

As shown in FIG. 2, the SW database 11
Includes hardware information (hereinafter H) as system information.
W information) and software information (hereinafter referred to as SW information) are set and managed. As HW information,
HW information (HW information) for each computer system to be maintained
, HW2,..., HWn) are set and managed.

The SW information includes software information for each HW, that is, for HW1, for example, operating system (OS), patch version, OS setting information (OS config), middleware 1 (MW1), M
W1 config, MW2 ..., application 1 (Appli
1) (MW11, MW12 ... MW1r1), Appli 1co
nfig, ..., Appli 2) (MW21, MW22 ... MW2r)
1 (MWs on other HWs, applications that depend on the application (including those that depend on this and those that depend on this)), Appli 2config,..., Etc. are set and managed. Software information is set and managed for HW2 as well as for HW1.

The SW database 11 is a database for describing software configuration information of a system that is considered to need to be patched. If it is known that there is a dependency (effect) when a patch is applied between software, the information is also accumulated in the SW database 11. The configuration information of each software includes not only the version information of the software but also setting information (config), information of applied patches, and the like.

That is, this SW database 11
This is a database including hardware constituting a system in which software to be applied with a patch is used, software installed on the hardware, and setting information of the software.

As shown in FIG. 3, the patch database 1
2, OS name (such as Solaris (registered trademark)), patch version (such as Ver.1.0), config, MW name (orac
le), oracleconfig, etc. are stored.

The patch database 12 is a database for storing information on other software that has been verified not to be affected by applying a patch to certain software. The stored information includes which patch is for which version of software and which patch, by applying the patch, what software is not affected by the operation and which version is set. Information such as whether there is a condition such as information (config).

That is, the patch database 12
Can be said to be a database that describes a combination of software to which a patch is to be applied, software that does not cause an abnormal operation when the patch is applied, and its conditions.

Here, as the combination of the patch and the software that does not cause abnormal operation, for example, the combination of the patch target software (AAA) and the dependent software (BBB) in FIG. 2, the patch target software (AAA) and the dependent software ( In addition to the combination of the software to be patched and the dependent software, such as the combination with CCC), the software to be patched (AA)
A combination that does not cause an abnormal operation even when the patch target software and a plurality of dependent software are installed at the same time, such as a combination of A), dependent software (BBB), and dependent software (CCC) is also included. What is needed for the relationship between software AAA, BBB, and CCC is, for example, a DB system on the Web,
The Web server works normally when the OS is patched,
This is because the DB may not operate normally.

The combination of the software to be patched and the dependent software is not limited to the case where the software is installed in the same hardware, but the case where the software is installed in the same system (each software is installed separately on a plurality of hardware). Is included).

The operation of the client / server system will be described below. When a patch is provided from the software vendor to the maintenance center, the system management engineer of the maintenance center verifies whether the application of the patch of the software affects other software. When this verification verifies that there is no influence on other software, the system management engineer gives a procedure for applying a patch to the patch database 12 of the server 1 and information on software not affected.

Thus, when the patch database 12 is updated in the server 1, the DB management unit 13 sends a message to the patch processing unit 17, and the patch processing unit 17 is started.

The patch processing unit 17 passes reference information of the patch database 12 included in the message to the pattern matching unit 14.

The pattern matching unit 14 performs pattern matching between the patch database 12 and the SW database 11 on the basis of the reference information, and determines, from the SW database 11, software to which the patch information newly registered in the patch database 12 is to be applied. Search for.

As a result of the pattern matching, if there is software that should be patched but the effect has not been verified, the pattern matching unit 14 causes the patch processing unit 17 to stop the process of applying the patch.

On the other hand, if the result of the pattern matching proves that there is no effect on all software of the target computer system, the pattern matching unit 14 continues to apply a patch to the patch processing unit 17. Notice. When the pattern matching unit 14 notifies the patch processing unit 17 of the continuation of the process of applying a patch, the patch processing unit 17 transmits transmission notice information before transmitting the patch program to the client of the computer system. Is transmitted from the communication unit 16 to the corresponding client.

When the client 21, 22, 31, 32 of the computer system 2, 3, for example, the client 21, receives the transmission notice information from the patch processing unit 17, it collects its own current system information and sends it to the server. 1 is returned to the patch processing unit 17. Note that the transmission notice information from the server 1 may not be encrypted,
Since an electronic signature is required and the system information returned from the client 21 needs to be encrypted, the system information is encrypted by the encryption processing unit 42 and an electronic signature is given.

The reply (system information) from the client 21 is sent to the patch processing unit 17 through the communication unit 16 of the server 1.
Is received, the patch processing unit 17 performs a security check through the security detection unit 15, and then extracts the SW information included in the reply (system information).

Then, the patch processing unit 17
The W information is passed to the pattern matching unit 14 and compared with the SW information in the SW database.

As a result of this comparison, the S
If there is a difference between the W information and the SW information of the current client received from the client 21, the batch processing unit 1
7 updates the SW database 11.

Subsequently, the batch processing section 17 updates the updated S
Only when the contents of the W database 11 and the contents of the patch database 12 are collated and matched, a procedure (instruction) to be patched and parameters (for example, setting information such as command arguments) are generated, and a patch (program ) And batch information such as instructions and accompanying setting information required when applying this patch, to the security processing unit 15.
The security processing unit 15 encrypts the batch information, adds an electronic signature to the encrypted information, and transfers the information to the communication unit 16, and the communication unit 16 transmits the information with the electronic signature to the communication unit 16 via the network 5. Send to client 21. In this case, since software to be patched is installed in the client 21, when the client 21 receives the information in the communication unit 41, the communication unit 41 passes the electronic signature added to the information to the verification unit 43, Request verification of electronic signature.

The verification unit 43, based on the passed electronic signature,
It verifies whether the received information is really from the server 1 or not.

When the electronic signature is authenticated by the verification unit 43, the encryption processing unit 42 subsequently decrypts the encrypted information to obtain patch information. This patch information is passed to the patch adaptation processing unit 44.

The patch adaptation processing unit 4 to which the patch information has been passed
4 applies a patch to the software by temporarily stopping the software on the client based on the patch information.

In the case of a computer system that cannot be temporarily stopped, the patch adaptation processing unit 44 inquires of the server 1 or the system administrator of the client 21 about the time zone of the patch application, and reports the result of the inquiry to the patch adaptation processing time. Register as yourself.

The client 21 (hardware)
There is a certain order for stopping the running software group without any problem in stopping the software. Therefore, these orders are also registered in the SW database 11 in advance, and the information of the stop procedure (stop information ) Is also distributed from the server 1 to the client 21 as a part of the patch information. This stop information is also encrypted.

In the above embodiment, an example has been described in which both information encryption and digital signature authentication are performed. However, only one of them may be used, or a network in which the server / client is completely closed. Then, encryption or electronic authentication need not be performed.

As described above, the client of this embodiment
According to the server system, the server 1 is provided with the SW database 11 and the patch database 12, and when the patch database 12 is updated, the patch processing unit 17 is activated, and the updated patch database 12 and the SW database 11 are updated. Since the patch is delivered to the corresponding client of the corresponding computer system only when the contents are collated and matched, the corresponding client can apply the patch safely.

Before delivering the patch information to the client to which the patch is to be applied, the server 1 sends advance notice information and sends the current system information of the client to the server 1.
Then, it is determined whether or not the patch can be applied, and if the patch is applicable, the patch information is transmitted. Therefore, the patch can be applied more safely.

Further, since the patch information is encrypted by the server 1 and added with an electronic signature and sent to the target client, the risk of data tampering, unauthorized spoofing, interception of data by a third party, etc. can be avoided, and the patch can be secured. And can reliably hit the target client. Also, the client can apply the patch after confirming the source of the patch information.

That is, the client of this embodiment
According to the server, the patch can be automatically and safely applied to the client 21 of the computer system 2 to be maintained and managed, and as a result, the system security can be improved.

The present invention is not limited only to the above embodiment. In the above-described embodiment, an example has been described in which the respective components are arranged in the server 1 and the clients 21, 22, 31, and 32. However, the present invention can also be realized by an applet and a browser.

For example, as shown in FIG. 4, a server 51 is provided with a patch database 52 and an applet 53,
SW database 62 and browser 6 for client 61
3 may be provided. The applet 53 is a program that is downloaded to the browser 63 via a network, embedded in a window (screen) of the browser 63, and executed. As the applet 53, for example, ja
Use va applet or the like.

In this case, when the client 61 accesses the server 51 from the browser 63, the applet 53 is downloaded to the client 61 (S101), embedded in the browser 63, and starts the following processing.

First, the applet 53
The SW information from the first SW database 62 is downloaded to the server 51 (S102).

Then, the server 51 matches the downloaded SW information with the contents of the patch database 52 (S103). If the result of this matching is that the latest patch is applicable, the patch information of the server 51 is sent to the client 61. After downloading (S104), the patch is applied to the client 61 (S105).

That is, the client of the above embodiment
The server system is a so-called push-type operation mode in which a patch is applied to a client by an action from the server side. In this case, a so-called OS, MW or other product maintenance-type operation mode in which the client 61 works on the server 51. It can be said that this is an operation mode.

Further, as shown in FIG. 5, the server 71 may be provided with a patch database 72, a SW database 73, and an applet 74, and the client 81 may be provided with a browser 82.

In this case, the client 81 accesses the server 71 from the browser 82 to the applet 7
4 is downloaded (S201), the applet 74 starts processing.

In this case, the applet 74 first downloads information (SW information) of the current system (SW) actually operating on the client 81 to the server 71 (S202), and reads the SW database 73 of the server 71. Update.

Then, in the server 71, the updated contents of the SW database 73 and the patch database 72
(S203), and if the latest patch is applicable, the patch information of the server 71 is downloaded to the client 81 (S2).
04), and apply the patch to the client 81 (S20)
5).

That is, the client of the example shown in FIG.
The server system is an enhancement of the function of the applet 74 as compared with the example of FIG. 4, and can be said to be a so-called system maintenance type operation mode in which a maintenance staff of the computer system applies a patch by operating the client 81.

The software in the above embodiment may be stored in a computer-readable storage medium such as a floppy (registered trademark) disk.
In this case, the computer reads out the software (program) stored in the storage medium, whereby the processing in each embodiment becomes possible.

As a storage medium, a magnetic disk,
Floppy disk, hard disk, optical disk (C
D-ROM, CD-R, DVD, etc.), a magneto-optical disk (MO, etc.), a semiconductor memory, or any other storage medium that can store programs and that can be read by a computer. May be.

An OS (Operating System) running on the computer based on instructions of a program installed on the computer from the storage medium.
Alternatively, MW (middleware) such as database management software and network software may execute a part of each process for realizing the present embodiment.

Further, the storage medium is not limited to a medium independent of the computer, but also includes a storage medium in which a program transmitted through a LAN, the Internet, or the like is downloaded and stored or temporarily stored.

Further, the number of storage media is not limited to one, and the case where the processing in the present embodiment is executed from a plurality of media is also included in the recording medium of the present invention, and any media configuration may be used.

The computer executes each process in the present embodiment based on a program stored in a storage medium. The computer includes one device such as a personal computer and a system in which a plurality of devices are connected to a network. Any of these configurations may be used.

The term "computer" is not limited to a personal computer, but also includes an arithmetic processing unit, a microcomputer, and the like included in information processing equipment, and is a general term for equipment and devices capable of realizing the functions of the present invention by programs. .

[0073]

As described above, according to the present invention, information on software to be executed on a client computer is registered in a server computer, and information on software to be updated and software dependent on the software to be updated is registered. When the reference information is registered or updated, it is determined whether the software can be updated by comparing the updated content with the software information, and the software update information is delivered to the client computer when the software can be updated. The client computer can automatically and safely update software based on the received software update information.

As a result, it is possible to contribute to improvement of system security.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of a client-server system according to one embodiment of the present invention.

FIG. 2 In this client-server system,
The figure which shows the SW database of a server.

FIG. 3 In this client-server system,
The figure which shows the patch database of a server.

FIG. 4 is a diagram showing an application example using an applet.

FIG. 5 is a diagram showing an application example using an applet.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Server, 2, 3 ... Computer system, 5 ... Network, 11 ... SW database, 12 ... Patch database, 13 ... DB management part, 14 ... Pattern matching part, 15 ... Security detection part, 16 ... Communication part, 17
... Patch processing unit, 21, 22, 31, 32 ... Client, 41 ... Communication unit, 42 ... Encryption processing unit, 43 ... Verification unit,
44 ... Patch application processing unit.

Claims (6)

[Claims] 1. A server computer connected to a client computer via a network, a first database in which information of at least software for executing processing on the client computer is registered, software to be updated, and software to be updated A second database in which reference information, which is information on software depending on the second database, is registered; and when the content of the second database is updated, the content of the first database is compared with the content of the second database. Collation means for judging whether or not software update can be performed on a client computer to be software-updated; Server computer, characterized by comprising a means. 2. A server computer connected to a client computer via a network, a first database in which information of at least software that executes processing on the client computer is registered, software to be updated, and software to be updated A second database in which reference information, which is information on software depending on the second database, is registered; and when the content of the second database is updated, the content of the first database is compared with the content of the second database. A first comparing unit that determines whether or not the software update can be performed on the client computer to be updated with the software. Means for requesting information; and second matching means for determining whether or not software update can be performed on a client computer to be updated by comparing software information returned in response to the request with the second database. And a means for distributing software update information when the software of the client computer to be updated can be updated as a result of the determination by the second matching means. 3. A method for updating software by a server computer connected to a client computer via a network, wherein at least information of software that executes processing on the client computer is registered in the server computer; Registering or updating reference information, which is information on software dependent on the software to be updated, in the server computer; and updating or updating the software to be updated and the reference information of the server computer when the software or reference information is registered or updated. Determining whether or not the software update of the client computer to be updated can be performed by collating the information with the information; Software update method characterized by having the steps of distributing software updates from the server computer against Ian computers. 4. A method for updating software by a server computer connected to a client computer via a network, wherein at least information of software executing processing on the client computer is registered in the server computer; Registering or updating reference information, which is information on software dependent on the software to be updated, in the server computer; and updating or updating the software to be updated and the reference information of the server computer when the software or reference information is registered or updated. Determining whether or not the software update of the client computer to be updated can be performed by collating the information with the information; Means for requesting the current software information to the client computer, and comparing the current software information returned to the server computer in response to the request with the software update information to the client computer to be updated. A software update method comprising: determining whether software update is possible; and, if the determination result indicates that the software of the client computer to be updated can be updated, delivering software update information. 5. A storage medium storing a program for operating a server computer connected to a client computer via a network, wherein the server computer registers at least information of software for executing processing on the client computer, Registering or updating reference information that is information on the software to be updated and software that depends on the software to be updated, and when the software to be updated and the reference information of the server computer are registered or updated, the update content and information on the software By making the software update possible for the client computer for which the software is to be updated. Storage medium characterized by that the software the server computer a program for delivering the update information is available stores read by. 6. A storage medium storing a program for operating a server computer connected to a client computer via a network, wherein the server computer registers at least information of software for executing processing on the client computer, Registering or updating reference information that is information on the software to be updated and software that depends on the software to be updated, and when the software to be updated and the reference information of the server computer are registered or updated, the update content and information on the software By making the software update possible for the client computer for which the software is to be updated. Requesting the current software information, and comparing the current software information returned in response to the request with the software update information to determine whether or not software update is possible for the client computer to be updated. A storage medium wherein a program for distributing software update information when the software of the client computer to be updated can be updated as a result of the determination is readable by the server computer.