JP2005198267A - Central processing device, controlling center device, network system using them, and its communication controlling method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To properly cope with an unauthorized access such as computer virus, etc. by flexibly changing configuration of a central processing device using data for controlling and enabling various configurations to be taken even in the same hardware. <P>SOLUTION: The central processing device for producing data packets after giving header information to data inputted from external in an I/O unit 3 is designed to generate the data for controlling in a controlling unit 4 for controlling the transparency of the data packets, to download the data to a router 1, and to make the data packets to pass through when both values are coincide by the result of comparing the data for controlling with destination information stored in the header information of the data packets in the router 1. The configuration of the central processing device can be altered by changing a combination of the data for controlling, and the programmable architecture can be realized even in the same hardware. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a central processing unit, a control center device, a network system, and a communication control method thereof that can change the configuration in a programmable manner using the same hardware and can secure security against unauthorized access such as a computer virus.

Conventionally, the central processing unit has a structure based on a Neumann processor, and the structure is fixed at the manufacturing stage. Further, in order to solve the problems of the complexity of the structure and the minimization of power consumption by the Neumann type processor, a pipeline type data driven type processor has been developed. Data-driven processors are regarded as promising as a basis for a new paradigm for realizing an integrated system in which software and hardware are organically integrated. In the data driven processor, the data to be processed is packetized and the destination of the data and the instruction code are given to the header part. Therefore, the processing can be performed regardless of the continuity of the program, and the update (during pipeline processing) Flushing) or additional control functions associated with inter-stage constraints (interlocking) are not required at all. In the data driven processor, a plurality of nanoprocessors are connected by a packet router, the nanoprocessor has a dedicated arithmetic processing function, and the instruction code of the packet is processed by each nanoprocessor.
Makoto Iwata, Soichi Miyata, Hiroaki Terada “Self-timed Super Pipeline Data Driven Processor” IEICE Transactions DI Vol.J81-DI No.2 February 1998

  However, in the Neumann type processor and the data driven type processor described in Non-Patent Document 1, the configuration of the central processing unit is fixed, and the programs to be processed operate on all the central processing units of the same type. Although this has the advantage that a common program can be developed, there is a problem that it is difficult to cope with unauthorized access such as computer viruses and wormware. That is, since the configuration of the central processing unit is fixed, it is easy to grasp internal processing, and it is easy to create a computer virus program. Also, even illegally copied programs operate normally and it is difficult to prevent illegal copying.

  The purpose of the present invention is to flexibly change the configuration of the central processing unit by using control program data, and to enable various configurations even with the same hardware, It exists in solving the said subject.

  In order to achieve the above object, according to the first aspect of the present invention, transmission of a data packet is controlled in a central processing unit having means for adding predetermined header information to external data and generating a data packet. A control data generating unit that generates control data for the control, a comparison unit that compares control data generated by the control data generating unit and destination information stored in header information of a data packet, There is provided a central processing unit having a data packet transmission unit that transmits a data packet only when a comparison result by the comparison unit satisfies a predetermined condition.

In a second aspect of the present invention, the central processing unit in the first aspect includes a path control unit that performs path control based on the control data generated by the control data generation unit,
The path control unit compares the control data generated by the control data generation unit with the destination information stored in the header information of the data packet, and determines whether to transmit the data packet. A central processing unit is provided.

  According to a third aspect of the present invention, in the first or second aspect, in the central processing unit including a plurality of arithmetic units connected to the path control unit, the control data is stored in the arithmetic unit. A central processing unit is further characterized in that it is an identifier.

  In the fourth aspect of the present invention, in the first to third aspects, when the comparison result satisfies a predetermined condition, the control data and the destination information stored in the header information of the data packet match. A central processing unit is provided which is further characterized in that

  According to a fifth aspect of the present invention, in the third or fourth aspect, there are a plurality of the comparison units, each having means for holding control data, and the arithmetic unit based on the control data A central processing unit is provided that specifies the order of use of the computers.

  In a sixth aspect of the present invention, in a central processing unit having means for adding predetermined header information to external data and generating a data packet, control data for controlling the transmission of the data packet is generated A control data generation unit, a comparison unit that compares the control data generated by the control data generation unit with the destination information stored in the header information of the data packet or the identification number stored in the program; There is provided a central processing unit having a data packet transmission unit that transmits a data packet only when the comparison results by the comparison unit match.

  According to a seventh aspect of the present invention, there is provided a control center apparatus capable of communicating with a terminal including the central processing unit according to any one of the first to sixth aspects, a program database storing a program, and a control A control data database storing data, a program is read from the program database, a control data is read from the control data database, and the control data and the program are output to the terminal via another route And a control center device.

  According to an eighth aspect of the present invention, in the seventh aspect, the control unit further outputs combined data of the program and control data when the program is output to the terminal. A control center device is provided.

  According to a ninth aspect of the present invention, in the seventh or eighth aspect, the information processing apparatus further includes an encryption processing unit that performs an encryption process using a predetermined encryption key, and the encryption processing unit uses the control data, There is provided a control center device further characterized in that after the program or the composite data is encrypted, it is output to the terminal.

  According to a tenth aspect of the present invention, there is provided a network system in which a terminal including the central processing unit according to any one of the first to sixth aspects and a control center apparatus are connected via a network. The control center apparatus reads a program database storing a program, a control data database storing control data, a program from the program database, and reads control data from the control data database. There is provided a network system characterized by having a control unit for controlling to output the data for use and the program to the terminal through another route.

  According to an eleventh aspect of the present invention, in the tenth aspect, the control unit further outputs combined data of the program and control data when the program is output to the terminal. A network system is provided.

  In a twelfth aspect of the present invention, in the tenth or eleventh aspect, the control center device further includes an encryption processing unit that performs an encryption process using a predetermined encryption key, and the encryption processing unit The control data and the program or the combined data are encrypted and output to the terminal, and the terminal further includes a decryption processing unit that decrypts the encrypted data. A network system is provided.

  According to a thirteenth aspect of the present invention, there is provided a communication control method by a network system in which a terminal having a central processing unit and a control center device are connected to be able to communicate with each other via a network. Read the program from the program database, read the control data from the control database, and output the control data and the combined data of the program and the control data to the terminal via another path, and the central processing of the terminal In the processing device, the destination information is added to the program to generate a data packet, the comparison unit compares the control data with the destination information of the data packet, and the data packet transmission unit displays the comparison result by the comparison unit. Provided is a communication control method characterized in that a data packet is transmitted only when a predetermined condition is satisfied. That.

  According to the present invention, the configuration of the central processing unit can be flexibly changed by using control data, and various configurations can be taken even with the same hardware. Thereby, it becomes difficult for a third party to grasp the internal configuration of the central processing unit, and unauthorized access by a computer virus program or the like can be prevented. Further, by changing the internal configuration of the central processing unit, it is possible to prevent the illegally copied program from operating, and to provide a central processing unit that operates only the legitimate program. In addition, it is possible to provide a control center device that outputs control data to a terminal equipped with the central processing unit, a network system using the control center device, and a communication control method thereof.

  Embodiments of the present invention will be described below with reference to the accompanying drawings.

  FIG. 1 shows and describes the configuration of the central processing unit of the present invention.

  As shown in FIG. 1, a plurality of (n-1) processor elements (hereinafter referred to as "PE") 2-1 to 2- (n-1) can transmit and receive data packets in the router 1. Connected to be. In the following description, reference numeral 2 is used to collectively refer to PE2-1 to PE2- (n-1). The router 1 is further connected to an I / O unit 3 that controls input / output of data from the outside, and transmits / receives control data to / from the control unit 4 that controls the configuration of the central processing unit in a programmable manner. One central processing unit 6 is configured using all of the above-described components.

  The input / output of the router 1 has a relationship of n inputs and n outputs, and the path state is controlled by the control unit 4. The PE 2 has a processing function such as an operation and executes an instruction command in which an instruction code of a data packet is stored. Details of the data packet will be described later. The data packet is input to the I / O unit 3 and is transferred by the router 1 according to the control data of the control unit 4. The transferred data packet is output through the I / O unit 3 after an instruction command is executed at PE2 and all instructions are completed. The route control by the control unit 4 is performed by transmitting control data for setting the route order of the PE 2 in a pipeline format to the router 1 and determining the route order. By adopting such a method, it is possible to change the configuration in a programmable manner using the same hardware and realize various architectures.

  Next, a detailed configuration of the data packet will be described with reference to FIG.

  As shown in FIG. 2, the data packet 21 includes a header portion 22 and a data portion 23. The data part 23 stores data to be processed by the PE2. The header part 22 is composed of an identification ID 24, an instruction code 25, and a destination PE number 26. The destination information described in the claims corresponds to the destination PE number 26, for example. The identification ID 24 is a unique code for identifying the data packet in the central processing unit 6. The instruction code 25 indicates processing for data stored in the data portion 23. For example, integer operations, logical operations, and data storage processing in a table correspond to this. The destination PE number 26 indicates the destination PE number of the data packet. The format of the destination PE number 26 is not limited to a numerical value, and may be in the form of characters or the like, as long as it indicates the next destination of the data packet, such as the input / output number and port number of PE2. Each time the instruction code 25 and the destination PE number 26 are processed by the PE 2, the processed PE 2 gives a new instruction code and a destination PE number. The data of the data part 23 is input from the outside, and the header of the header part 22 is given by the I / O part 3.

  Next, FIG. 3 illustrates a block diagram of the router 1.

  As shown in FIG. 3, the router 1 includes a plurality of input selection units 31 and a plurality of output selection units 32. The data packet transmitted from the PE 2 or the I / O unit 3 is processed by the input selection unit 31 of the router 1. The input selection unit 31 compares the input data packet with the setting by the control data of the control unit 4, and transmits only the data packet that satisfies the condition. Details will be described later. The data packet that has passed through the input selection unit 31 is output from the output selection unit 32 to the PE 2 or the I / O unit 3. The output selection unit 32 selects a data packet to be output to the PE 2 or the I / O unit 3 when data is transferred from the plurality of input selection units 31.

  FIG. 4 shows a detailed configuration of the input selection unit 31. The input selection unit 31 uses the PE number extraction unit 41 to extract the PE number of the destination PE number 26 of the data packet from the data packet input from the I / O unit 3 or PE2. The extracted PE number is transmitted to the comparison unit 42. On the other hand, control data is transmitted from the control unit 4 to the comparison unit 42. The comparison unit 42 compares the PE number extracted in the above processing with the numerical value of the control data, and sends a signal of “1” if they match and “0” if they match. The AND circuit 43 integrates the signal and the data packet and controls transmission of the data packet. As a result, the data packet is transmitted only when the comparison result of the comparison unit 42 matches (output signal is “1”). By using this mechanism, the sender of the data packet needs to know the control data of the control unit 4 in advance, and can prevent attacks due to unauthorized access such as computer viruses and wormware. In addition, since unnecessary data packets are not transmitted, the processing load on the entire central processing unit can be reduced.

  Hereinafter, the operation of the central processing unit 6 according to the first embodiment of the present invention will be described in detail with reference to the flowcharts of FIGS.

  As shown in FIG. 5A, the configuration of the central processing unit is constructed as an initial state. As a feature of the present invention, it is possible to adopt various configurations by the program definition by the control unit 4 even though the hardware is the same.

  First, the control data Ci is generated by the control unit 4 (step S501). Ci is control data for the i-th input selection unit 31 of the router 1, and Cn + 1 is control data for the input selection unit 31 for the I / O unit 3. For example, the control data of the I / O unit 3 is “0”, and the number of each PE is a numerical value from “1 to n”. The generated control data Ci is stored in a memory area (not shown) of the control unit 4 (step S502). Thereafter, the control unit 4 reads the stored control data Ci, and downloads the control data Ci to the input selection unit 31 of the router 1 in order (step S503). Through the above processing, the configuration of the central processing unit is constructed.

  Next, processing when data is input will be described with reference to FIG.

  When data is input to the I / O unit 3 (step S504), the I / O unit 3 adds the header information 22 to generate a data packet (step S505). The data packet is a program stored in a memory (not shown) or the like, and designates an instruction code 25 and a destination PE number 26. After generating the data packet, the I / O unit 3 outputs the data packet to the router 1 (step S506). The output data packet is transferred to the input selection unit 31 as data 1 shown in FIG. 3, the destination PE number 26 stored in the header information of the data packet is extracted (step S507), and the control data C1 (i = The input selection unit 31 compares the numerical value of 1) and the extracted numerical value of the destination PE number. If they are different, the packet is discarded (step S508). If they match, it is determined whether Ci is a numerical value assigned to the I / O unit 3 (step S509). Since the details of the comparison process have been described above, they are omitted.

  If it is not a numerical value assigned to the I / O unit 3, the data packet is transmitted to the PE with the destination PE number 26 via the output selection unit 32 (step S510), and the processing of the instruction code 25 is executed in PE2. Is done. When the program continues, a packet with a new PE number and instruction code is generated according to the program when the instruction is executed in PE2. The generated data packet is transferred to the input selection unit 31 as data 2 shown in FIG. 3, and the same processing as that for data 1 is performed. When the series of programs is completed, the PE 2 that performs the last process assigns the number of the I / O unit 3 as a new PE number.

  As a result of the determination in step 509, in the case of the I / O unit 3, the data packet is transferred to the I / O unit 3, and when the program processing is completed, the process ends (steps S511 and S512). If not completed, the process returns to step 506.

  For example, it is assumed that the control data is “1, 2, 4, 5, 0”. In this case, there are five input selection units. “1, 2, 4, 5” are downloaded in order to the input selection unit 31 for data 1 to data 4 shown in FIG. 3, and “0” corresponding to Cn + 1 is downloaded to the input control unit 31 for the I / O unit 3. The In this case, the central processing unit 6 is constructed to implement a pipeline process as shown in FIG. By changing the control data, the PE to be used can be changed, and various configurations can be constructed. Next, processing of the data packet shown in FIG. 7 is assumed. The data packet 1 is transmitted from the I / O unit 3 to the router 1. Since “1” is set as the control data in the input selection unit 31 for data 1 and the destination PE number of the data packet 1 is also “1”, both numerical values match, and the data packet 1 is PE2−2. 1 is transferred. In the PE 2-1, the instruction code 25 of the data packet 1 is read and “C = A + B” processing is performed. Since the program continues, after processing, the PE 2-1 generates a data packet 2 and transmits it to the router 1. The data packet 2 is compared by the input selector 31 for data 2, and since both the control data and the destination PE number match “2”, the data packet 2 is transferred to the PE 2-2. In PE <b> 2-2, the instruction code 25 of the data packet 2 is read, and “C is written to memory” is processed to generate the data packet 3. Thereafter, the data packet 3 and the data packet 4 are processed in the same manner. In PE2-5, in order to perform the final processing of the program, the data packet 5 having the destination PE number “0” assigned to the I / O unit 3 is generated. The transferred data packet 5 is compared by the input selection unit 31. Since the control data is “0”, the data packet 5 is transferred to the I / O unit 3 by the processing of steps S509 and S511. When the program processing is completed with the data packet 5, the processing is completed at step S512.

  As described in detail above, according to the first embodiment of the present invention, the configuration of the central processing unit can be flexibly changed by using control data, and various configurations can be achieved even with the same hardware. It can be taken. For example, when the control data matches the identifier of PE2, the use order of PE2 is controlled by the control data, and the control data determines the configuration of the central processing unit. This makes it difficult for a third party to grasp the internal configuration of the central processing unit, and prevents unauthorized access by a computer virus program or the like. Further, by changing the internal configuration of the central processing unit, it is possible to prevent the illegally copied program from operating. Furthermore, it can cope with illegal activities such as illegal counterfeiting of hardware.

  Next, a second embodiment of the present invention will be described in detail.

  In the second embodiment of the present invention, PE2 has one configuration. In this case, as shown in FIG. 8, there is no router 1 that performs path control. Since the other configuration is the same as that of FIG. 1 described above, in the following description, the same components will be described using the same reference numerals.

  The second embodiment will be described below with reference to the flowcharts of FIGS. 9 (a) and 9 (b).

  As shown in FIG. 9A, as the initial state, the control unit 4 generates control data Ci (step S901). When there is one PE2, the processing of the control unit 4 is as described above.

  Next, processing when data is input will be described with reference to FIG.

  The data packet generation process is the same as that in FIG. 5 described above, and is therefore omitted (steps S902 and 903). After generating the data packet, the I / O unit 3 outputs the data packet to the PE 2 (step S904). The PE 2 extracts the destination PE number 26 stored in the header information of the data packet and the control data Ci from the control unit 4 (steps S905 and 906), and obtains the numerical value of the control data Ci and the extracted destination PE number. Compare (step S907). If they are different, the packet is discarded. If they match, it is determined whether Ci is a numerical value assigned to the I / O unit 3 (step S908).

  If it is not a numerical value assigned to the I / O unit 3, the data packet is processed by PE2 and the program continues. If Ci is a numerical value assigned to the I / O unit 3, the data packet is transferred to the I / O unit 3, and ends when the program processing is completed (steps S909 and S910). If not completed, the process returns to step 904 (step S911). In step S905, instead of the destination PE number 26, for example, an identification number stored in the program may be used.

  In the second embodiment of the present invention, it is assumed that the data part 23 is included in the data packet, but the data part 23 may not be included. In this case, no data is input from the I / O unit 3, the data to be processed is stored in a memory inside or outside the central processing unit, and the program is sequentially processed by the PE 2, each time processing data is received from the memory. A Neumann type processor to be read is configured.

  As described above in detail, according to the second embodiment of the present invention, the control data is used for determining the validity of the program, thereby preventing unauthorized access by a computer virus program or the operation of an illegally copied program. Can be prevented.

  Next, a third embodiment of the present invention will be described in detail.

  As shown in the configuration diagram of FIG. 10, in the third embodiment of the present invention, the control center device 100, the control center device 100, and the terminal 112 including the central processing unit 6 are connected to a network such as the Internet. The present invention relates to a network system configured to be communicably connected via a communication system 111 and a communication control method thereof.

  In the control center apparatus 100, the update program DB 101 stores an update program executed by the central processing unit 6 in the terminal 112, and the control data DB 102 stores the central processing unit 6 in the terminal 112. The control data for controlling the above configuration in a programmable manner is stored, and the encryption key assigned to each terminal 112 is stored in the encryption key DB 103. Each terminal 112 holds the decryption key in advance.

  In the control unit 104 that controls the entire control center apparatus 100, the update program (abbreviated as PGM in FIG. 10) reading unit 105 reads the update program from the update program DB 101. Control data is read from the control data DB 102 by the control data reading unit 107. Then, the update program and the control data are combined by the combining unit 106, and the combined data is output to the update program encryption processing unit 109 of the encryption processing unit 108.

  On the other hand, control data is output from the control data reading unit 107 to the control data encryption processing unit 110 of the encryption processing unit 108. The combined data of the update program and the control data is encrypted by the update program encryption processing unit 109, and the control data is encrypted by the control data encryption processing unit 110. These encrypted data are transmitted to the destination terminal 112 via a communication control unit (not shown) and the network 111 here.

  In the terminal 112, a communication control unit (not shown) receives encrypted data input via the network 111. Then, the synthesized data of the encrypted update program and control data is input to the update program decryption processing unit 113 and decrypted, and the synthesized data of the decrypted update program and control data is a central operation. The data is input to an I / O unit (for example, corresponding to reference numeral 3 in FIG. 1) of the processing device 6. On the other hand, the encrypted control data is input to the control data decryption processing unit 114 and decrypted, and the decrypted control data is transmitted to the control unit of the central processing unit 6 (for example, the code 4 in FIG. 1). Equivalent).

  The subsequent processing by the central processing unit 6 of the terminal 112 is the same as the processing of the central processing unit 6 described in detail with reference to FIGS. In other words, the features will be described with reference to FIG. 1 and FIG. 2 while avoiding redundant explanation here, and the control unit 4 makes the configuration of the central processing unit 6 programmable based on the decoded control data. To control. That is, control data is output to the router 1 in order to control the route state of the router 1.

  On the other hand, the I / O unit 3 further adds data for processing by the PE 2 to the decrypted update program and control data as necessary, adds an identification ID 24 corresponding to these data, and generates a data packet. 21 is generated and output to the router 1.

  In this case, regarding the correspondence relationship with FIG. 2 described above, the update program corresponds to the instruction code 25 and the control data corresponds to the destination PE number 26.

  In the router 1, the input selection unit 31 described above compares the input data packet 21 and the setting by the control data of the control unit 4, and transmits only those that satisfy the condition. For example, the destination PE number 26 included in the data packet 21 is compared with the control data. The data packet that has passed through the input selection unit 31 is output from the output selection unit 32 to the PE 2 or the I / O unit 3. That is, the route order is determined in the router 1 based on the control data.

  Since the subsequent processing is as described above, further description is omitted.

  In the above description regarding the third embodiment, the combined data of the update program and control data encrypted by the control center 100 and the encrypted control data make a pair and separate paths. However, the encrypted update program and the encrypted control data may be paired and transmitted via another route. In this case, the update program read from the update program DB 101 by the update program reading unit 105 of the control unit 104 is sent to the encryption processing unit 108, encrypted by the update program encryption processing unit 109, Here, the data is sent to the terminal 112 via a communication control unit (not shown) and the network 111. In the terminal 112, the update program decryption processing unit 113 decrypts the encrypted update program and outputs it to the I / O unit 3 of the central processing unit 6.

  The I / O unit 3 adds an update program and data for processing by the PE 2 as necessary, adds an identification ID 24 corresponding to the data, generates a data packet 21 and outputs it to the router 1. To do. In this case, the destination PE number 26 corresponding to the control data is not included in the data packet 21, but the router 1 that has received the data packet 21 performs I / O in the output order or in the data packet 21. The route order is specified by comparing the identifier newly given by the unit 3 with the control data from the control unit 4. However, it is not limited to such a method.

  In the above description, the update program, the control data, and the like are encrypted by the encryption processing unit 108 and then transmitted, and the decryption processing units 113 and 114 decrypt the data on the terminal 112 side. The encryption / decryption is not essential, and the encryption processing unit 108 and the decryption processing units 113 and 114 are of course optional components.

  As described in detail above, according to the third embodiment of the present invention, the control data is transmitted from the external control center device to the central processing unit of the terminal. Copying and the like can be further prevented. Further, since the control data, the synthesized data of the update program, and the control data are transmitted after being encrypted, secure communication control is also realized.

  The present invention is not limited to the first to third embodiments, and various modifications are possible within the scope of the invention described in the claims, and these are also within the scope of the present invention. Needless to say, it is included. For example, the PEs 2 may all be the same type or different. The type here means the processing content of PE2 such as integer operation and logical operation. In addition, the central processing unit according to the present invention can take a multistage connection configuration. In this case, the internal configuration pattern of the central processing unit is expanded, and further security can be ensured.

The block diagram of the central processing unit which concerns on the 1st Embodiment of this invention. The figure which shows the structure of a data packet. The block diagram of the router 11 which concerns on the 1st Embodiment of this invention. The figure which shows the structure of the input selection part 31. FIG. The flowchart explaining a series of operation | movement of the 1st Embodiment of this invention. The figure which shows an example of a structure of the central processing unit which concerns on the 1st Embodiment of this invention. The figure which shows an example of the operation | movement of the program processing which concerns on the 1st Embodiment of this invention. The block diagram of the central processing unit which concerns on the 2nd Embodiment of this invention. The flowchart explaining a series of operation | movement of the 2nd Embodiment of this invention. The block diagram of the network system which concerns on the 3rd Embodiment of this invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Router, 2 ... PE, 3 ... I / O part, 4 ... Control part, 6 ... Central processing unit, 31 ... Input selection part, 32 ... Output Selection unit, 41... PE number extraction unit, 42.

Claims (13)

In a central processing unit having means for giving predetermined header information to data from outside and generating a data packet,
A control data generator for generating control data for controlling the transmission of data packets;
A comparison unit that compares the control data generated by the control data generation unit with the destination information stored in the header information of the data packet;
A data packet transmission unit that transmits a data packet only when a comparison result by the comparison unit satisfies a predetermined condition;
A central processing unit comprising: The central processing unit according to claim 1 includes a route control unit that performs route control based on the control data generated by the control data generation unit,
The path control unit compares the control data generated by the control data generation unit with the destination information stored in the header information of the data packet, and determines whether to transmit the data packet. Central processing unit. In a central processing unit including a plurality of arithmetic units connected to the path control unit,
The central processing unit according to claim 1, wherein the control data is an identifier of the arithmetic unit.   4. The center according to claim 1, wherein the case where the comparison result satisfies a predetermined condition means that the control data and the destination information stored in the header information of the data packet coincide with each other. Arithmetic processing unit.   5. The comparison unit according to claim 3, wherein the comparison unit includes a plurality of units, each of which has a means for holding control data, and specifies a use order of the arithmetic units based on the control data. Central processing unit. In a central processing unit having means for giving predetermined header information to data from outside and generating a data packet,
A control data generator for generating control data for controlling the transmission of data packets;
A comparison unit for comparing the control data generated by the control data generation unit with the destination information stored in the header information of the data packet or the identification number stored in the program;
A data packet transmission unit that transmits a data packet only when the comparison results by the comparison unit match, and
A central processing unit comprising: A control center device capable of communicating with a terminal including the central processing unit according to any one of claims 1 to 6,
A program database storing programs, and
A control data database storing control data; and
A program is read from the program database, control data is read from the control data database, the control data, and a control unit that controls the program to be output to the terminal via another path;
A control center device comprising:   8. The control center apparatus according to claim 7, wherein the control unit further outputs combined data of the program and control data when the program is output to the terminal.   An encryption processing unit that performs encryption processing with a predetermined encryption key, and encrypting the control data and the program or the synthesized data by the encryption processing unit and then outputting the encrypted data to the terminal The control center device according to claim 7, further characterized by: A network system in which a terminal including the central processing unit according to any one of claims 1 to 6 and a control center device are connected to each other through a network,
The control center device is
A program database storing programs, and
A control data database storing control data; and
A control unit that reads a program from the program database, reads control data from the control data database, and controls the control data and the program to be output to the terminal via another path;
A network system comprising:   The network system according to claim 10, wherein when the control unit outputs the program to the terminal, the control unit outputs combined data of the program and control data.   The control center device further includes an encryption processing unit that performs encryption processing with a predetermined encryption key, and after the control data and the program or the combined data are encrypted by the encryption processing unit. 12. The network system according to claim 10, further comprising a decryption processing unit that outputs to the terminal, and the terminal further decrypts the encrypted data. A communication control method using a network system in which a terminal having a central processing unit and a control center device are connected to each other through a network,
The control center device reads a program from a program database, reads control data from a control database, and outputs the control data and synthesized data of the program and control data to the terminal via another path. ,
In the central processing unit of the terminal, the destination information is added to the program to generate a data packet, the comparison unit compares the control data with the destination information of the data packet, and the data packet transmission unit compares the comparison data. The data packet is transmitted only when the comparison result by the section satisfies a predetermined condition,
A communication control method characterized by the above.

Images