JP2006319848A - Information processor, program, information processing system, and method for evading solitary state - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide technology by which the solitary state of a node in a P2P network is rapidly evaded while assuring the security of information without increasing data processing amount and cost. <P>SOLUTION: For example, connection information to be connected to a group of emergency connection nodes different from a group of normal connection nodes to allow data communication is stored in a node ND3. Then, the node ND3 detects generation of a failure wherein the data communication with the normal connection nodes ND1, ND2 can not be performed, an emergency connection node NDA included in the group of emergency nodes is accessed by referring to the connection information and connection permission application including information indicating statuses of the failure is transmitted. After that, an emergency connection state connected with the emergency connection node NDA to allow the data communication is established in response to reception of the connection permission information transmitted from the emergency connection node NDA according to the statuses of the failure. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a communication technology via a network.

  As an alternative to the server-client model type network configuration that centralizes network management, peer-to-peer type (hereinafter abbreviated as “P2P”) in which peers that are network participants connect to the network in an equal position. ) Large-scale networks are getting attention.

  Here, as for this P2P network (P2P network), for example, as shown in FIG. 18, a P2P network is constructed in each of three sites A, B, and C, and communication between each site is representative of each site. It is assumed that the process is performed between the terminals, that is, nodes (Node-1, Node-A, Node-X). In this case, for example, if Node-1 and Node-2 at Site A are powered off or spontaneously leave the network, a failure that cannot be made communicably connected occurs. When starting up, the nodes (Node-1 and Node-2) that were connected so that they can communicate with each other cannot be connected so that Node-3 cannot configure the network. .

  For such a situation, conventionally, in a so-called pure type P2P network, Node-3 performs a so-called broadcast to search for a node that can be communicably connected to Node-3, or within the same site. There was a need to wait until the failure related to Node-1 and 2 was resolved. However, in the broadcast method, the traffic on the network becomes too large, and the transmission of data that is actually transmitted / received is obstructed. On the other hand, in the method of waiting until the failure is resolved, the isolated state of Node-3 cannot be avoided at all or cannot be avoided quickly.

  In a so-called hybrid P2P network, every time a node becomes isolated, an operation is performed in which an authentication server installed outside the company is inquired and nodes that can be communicably connected are instructed. However, it takes a relatively long time to access the authentication server, and the isolated state cannot be avoided efficiently.

  Also, the method of broadcasting or the method of querying the authentication server steals Node-3's identification information (eg, IP address or ID) and impersonates Node-3 and allows it to participate in the network. Information security becomes a problem.

  Therefore, in order to prevent problems such as isolation in the network, one peer configuring the P2P network is on standby if a power failure occurs or a failure occurs due to spontaneous disconnection from the network. A technique for changing another peer has been proposed (for example, Patent Document 1). Further, in a P2P network, a technique is provided for managing peer group attributes in consideration of updating of peer group attributes while maintaining consistency among all peers of peer group members (for example, Patent Document 2). .

  Prior art documents relating to such technology include the following.

JP 2004-72603 A JP 2004-260279 A

  However, in the technique proposed in Patent Document 1, since it is necessary to keep another peer on standby, an extra resource is required, which increases the size of the system and further increases costs such as additional investment. Will be invited.

  Further, in the technique proposed in Patent Document 2, in order to hold the attribute information of all peer groups that are members of the peer group inside each peer, information must be frequently exchanged between the peers. Increase in the amount of data required for management such as an increase in traffic and an increase in the amount of data required for management.

  The present invention has been made in view of the above problems, and can avoid a node isolation state in a P2P network promptly while ensuring information security without incurring an increase in data processing amount or cost. The purpose is to provide technology.

  In order to solve the above-described problem, the invention of claim 1 is an information processing apparatus that performs data communication with an external device through a P2P network, and a communication unit that performs data communication with a group of normally connected nodes, Connection information storage means for storing connection information for connecting to an emergency connection node group different from the normal connection node group so that data communication is possible, and the occurrence of a failure that prevents data communication with the normal connection node group by the communication means A failure occurrence detecting means for detecting the failure, and at least one or more included in the emergency connection node group by the communication means by referring to the connection information in response to the detection of the occurrence of the failure by the failure occurrence detecting means. Access to the emergency connection node, and apply for a connection permission application including information indicating the failure status to the one or more emergency connection nodes. In response to receiving the connection permission information by the receiving means, receiving means for receiving connection permission information transmitted from the one or more emergency connection nodes according to the status of the failure, And connecting means for establishing an emergency connection state in which data communication is established with the one or more emergency connection nodes.

  The invention according to claim 2 is the information processing apparatus according to claim 1, wherein the connection information includes key information for connecting to at least the one or more emergency connection nodes so that data communication is possible. The connection permission application includes the key information.

  The invention according to claim 3 is the information processing apparatus according to claim 1 or 2, wherein the access authority to the data group stored in the predetermined storage unit in the information processing apparatus is given from the external apparatus. In response to the detection of the occurrence of the failure by the failure occurrence detection means, the authority information storage means for storing the authority information to indicate, to prohibit the change and addition of the data content to the data group from the external device, It further comprises authority information changing means for changing authority information.

  The invention according to claim 4 is the information processing apparatus according to claim 3, wherein the connection permission information is transmitted by the one or more emergency connection nodes in response to detection of the change of the authority information. It is characterized by that.

  The invention according to claim 5 is the information processing apparatus according to claim 3 or claim 4, wherein the authority information changing unit is configured to execute the operation when the emergency connection state is established by the connection unit. The authority information is changed so as to permit addition of data contents to the data group from the above emergency connection node.

  The invention according to claim 6 is the information processing apparatus according to any one of claims 1 to 5, wherein the connection permission is permitted after the one or more emergency connection nodes detect the occurrence of the failure. It is characterized by transmitting information.

  The invention according to claim 7 is the information processing apparatus according to claim 6, wherein the one or more emergency connection nodes issue a predetermined signal to the normal connection node group, and the normal connection node The occurrence of the failure is detected in response to not receiving a signal in response to a predetermined signal from the group.

  The invention according to claim 8 is the information processing apparatus according to claim 6, wherein the one or more emergency connection nodes request a confirmation of the occurrence of the failure to a predetermined upper server. In response to the predetermined upper server issuing a predetermined signal to the normal connection node group and not receiving a signal in response to the predetermined signal from the normal connection node group, Occurrence confirmation information indicating that the occurrence of a failure is correct is transmitted to the one or more emergency connection nodes, and the one or more emergency connection nodes are responsive to receiving the occurrence confirmation information in response to the failure. It is characterized by detecting the occurrence of.

  The invention according to claim 9 is the information processing apparatus according to claim 6, wherein the one or more emergency connection nodes request a confirmation of the occurrence of the failure to a predetermined upper server. The predetermined host server refers to the predetermined data managed by the predetermined host server, and confirms that the failure has occurred correctly, indicating that the failure has occurred correctly. Occurrence confirmation information is transmitted to the one or more emergency connection nodes, and the one or more emergency connection nodes detect the occurrence of the failure in response to receiving the occurrence confirmation information. And

  The invention according to claim 10 is the information processing apparatus according to any one of claims 1 to 7, further comprising information acquisition means for acquiring the connection information from a predetermined host server. To do.

  The invention according to claim 11 is the information processing apparatus according to any one of claims 3 to 5, further comprising failure cancellation detection means for detecting the cancellation of the failure, wherein the connection means includes In response to detection of the cancellation of the failure by the failure cancellation detection means, the emergency connection state is canceled, and a normal connection state connected so as to enable data communication with the normal connection node group is established. To do.

  The invention according to claim 12 is the information processing apparatus according to claim 11, wherein the failure cancellation detection unit is configured to transmit data to and from the normal connection node group every predetermined period in the emergency connection state. The cancellation of the failure is detected by trying communication.

  The invention according to claim 13 is the information processing apparatus according to claim 11, wherein the failure release detecting means is at least one normal connection node of the normal connection node group in the emergency connection state. In response to receiving a signal from the terminal, the release of the failure is detected.

  The invention according to claim 14 is a program for causing the information processing apparatus to function as the information processing apparatus according to any one of claims 1 to 13 by being executed by a computer included in the information processing apparatus. is there.

  The invention of claim 15 is an information processing system for performing data communication between a plurality of information processing apparatuses over a P2P network, and the information processing apparatus according to any one of claims 1 to 13, A normal connection node group and the emergency connection node group are provided.

  The invention according to claim 16 is an isolated state avoidance method for avoiding an isolated state due to a failure in data communication with the normal connection node group in an information processing apparatus that performs data communication with the normal connection node group through a P2P network. (A) storing connection information for connecting to an emergency connection node group different from the normal connection node group so that data communication is possible; and (b) in response to detecting the occurrence of the failure, By referring to the connection information, access is made to at least one or more emergency connection nodes included in the emergency connection node group, and the connection including information indicating the status of the failure to the one or more emergency connection nodes Transmitting a permission application; and (c) receiving connection permission information transmitted from the one or more emergency connection nodes in accordance with the failure status; (d) responding to reception of the connection permission information in the step (c), and establishing an emergency connection state in which data communication is established with the one or more emergency connection nodes. And

  According to the invention of any one of claims 1 to 13, in response to detection of the occurrence of a failure in which data communication with the normal connection node group is not possible, data is sent to the emergency connection node group different from the normal connection node group. By referring to the connection information for communicable connection, at least one emergency connection node included in the emergency connection node group is accessed, and a connection permission application including information indicating the failure status is transmitted. In response to reception of connection permission information transmitted from one or more emergency connection nodes according to the failure status, an emergency connection state is established in which data communication is established with one or more emergency connection nodes. By adopting such a configuration, it is possible to apply for connection permission to the emergency connection nodes that are narrowed down in the connection information in the form of the failure status, thus increasing the data processing amount and cost. Kukoto without while ensuring the security of information, it is possible to quickly avoid the orphaned nodes in the P2P network.

  According to the second aspect of the present invention, the security of information can be properly maintained by including the key information for connection enabling data communication in the connection permission application.

  According to the third aspect of the present invention, in response to the detection of the occurrence of the failure, the authority is set so as to prohibit the change and addition of the data contents to the data group stored in the predetermined storage unit from the external device. By adopting a configuration in which information is changed, it is possible to prevent alteration of data from a node with low reliability that is not normally connected when searching for a node to be urgently connected.

  Further, according to the invention described in claim 4, since the connection permission information is transmitted in response to the detection of the change of the authority information, it is assumed that the malicious connection has been attempted by impersonating an isolated node and making an emergency connection. When data causing a virus or other trouble is stored in a certain node, it is possible to prevent a situation in which the emergency connection destination node acquires the data and causes a problem.

  Further, according to the invention described in claim 5, when the emergency connection state is established, the authority information is permitted so as to permit addition of data contents to the data group stored in the predetermined storage unit from the emergency connection node. Because it is possible to prevent the contents of the base data from being altered without permission even if data appending is permitted for nodes that are not normally connected, the information can be changed. Can ensure sufficient security.

  According to the invention of claim 6, the emergency connection node can establish the emergency connection after sufficiently confirming the occurrence of the failure by transmitting the connection permission information after detecting the occurrence of the failure. It is possible to prevent an emergency connection from being established by a malicious node pretending to be an isolated node.

  According to the seventh aspect of the present invention, the emergency connection node issues a predetermined signal to the normal connection node group and does not receive a signal in response to the predetermined signal from the normal connection node group. In response to this, since the occurrence of a failure is detected, it is possible to reliably grasp the situation where the failure has occurred. That is, information security can be ensured.

  Further, according to the invention described in claim 8, in response to a request from the emergency connection node, the predetermined upper server issues a predetermined signal to the normal connection node group, and the normal connection node group In response to not receiving a signal in response to a predetermined signal, it is confirmed that the occurrence of the failure is correct and is notified to the emergency connection node, so that the situation where the failure has occurred can be reliably grasped. That is, information security can be ensured.

  Further, according to the invention described in claim 9, in response to a request from the emergency connection node, a predetermined upper server refers to predetermined data managed by itself to confirm that the failure has occurred correctly. In order to notify the emergency connection node, for example, it is possible to reliably detect the occurrence of a failure based on information managed by the higher-level server such as information on withdrawal of the node from the network.

  In addition, according to the invention described in claim 10, in order to obtain connection information from a predetermined upper server, for example, the safe and latest information managed by the upper server is used, or in order of easy access to the region. Since the emergency connection can be established by using the information that can be used for the emergency connection, the isolated state can be quickly and reliably eliminated.

  Further, according to any of the inventions of claims 11 to 13, in response to the detection of the cancellation of the failure, the emergency connection state is canceled and the normal connection is established so that data communication can be performed with the normal connection node. By adopting a configuration that establishes a connection state, for example, data security with an emergency connection destination that is not normally connected directly is avoided as much as possible, thereby further ensuring information security. it can.

  Further, according to the invention described in claim 14, the same effects as those of the invention described in claims 1 to 13 can be obtained.

  Further, according to the invention described in any one of claims 15 and 16, the same effect as that of the invention described in claim 1 can be obtained.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

<Overview of the network>
FIG. 1 is an information processing system for performing data communication between a plurality of nodes (information processing apparatuses) over a peer-to-peer type (hereinafter abbreviated as “P2P”) network according to a first embodiment of the present invention. 1 is a diagram illustrating an outline of 1. FIG.

  As shown in FIG. 1, the information processing system 1 includes three sites (Site-A to C) SA to SC and an upper server US. Each of the three sites SA to SC includes three nodes (peers). Specifically, the site SA includes nodes (Node-1 to ND3) ND1 to ND3, the site SB includes nodes (Node-A to C) NDA to NDC, and the site SC includes nodes (Node-X to Z). NDX to NDZ are provided. Further, the three nodes in each site are connected to each other via a P2P network so that data communication is possible, and data communication between the sites is performed between the representative nodes ND1, NDA, and NDX at each site.

  In the following, the connection enabling data communication is also simply referred to as “connection”.

  FIG. 2 is a diagram illustrating a configuration of one network segment SG that configures the information processing system 1. Here, it is assumed that each node included in the information processing system 1 is configured by a personal computer (hereinafter abbreviated as “personal computer”). The personal computer P1 corresponding to one node is connected to the hub HB through the Ethernet cable EC so that data communication is possible. Similarly, a plurality of personal computers P2 to Pn are connected to the hub HB so that data communication is possible, and data communication is possible between the personal computers P1 to Pn. Further, the hub HB is connected to another segment (not shown) through the router RT so that data communication is possible. The personal computers P1 to Pn are provided with monitors M1 to Mn, respectively, and can output various image data visually.

  In this way, the information processing system 1 is configured by connecting a plurality of network segments as shown in FIG.

<Configuration of information processing apparatus>
Here, a personal computer constituting one node (information processing apparatus) will be described.

  FIG. 3 is a diagram illustrating the external appearance of a personal computer PC, which is one node, and FIG. 4 is a block diagram illustrating the functional configuration of the personal computer PC. As described above, the personal computer PC can perform data communication with other nodes (that is, external devices) via the P2P network, and is configured as an information processing device that processes various types of information.

  As shown in FIG. 3, the personal computer PC includes a processing unit 11 having a box shape, an operation unit 12, and a display unit (monitor) 13.

  A drive 101 for inserting the optical disk 91 and a drive 102 for inserting the memory card 92 are provided on the front surface of the processing unit 11.

  The operation unit 12 includes a mouse 121 and a keyboard 122, and receives an input operation on the processing unit 11 from a user.

  The display unit 13 is composed of, for example, a CRT and functions as a display unit.

  As shown in FIG. 4, the processing unit 11 of the personal computer PC includes an input / output I / F 14 connected to the operation unit 12 and the display unit 13 and a control unit 15 electrically connected to the input / output I / F 14. And. The processing unit 11 includes a storage unit 16 that is electrically connected to the control unit 15 and an input / output I / F 17.

  The input / output I / F 14 is an interface for controlling transmission / reception of data between the operation unit 12, the display unit 13, and the control unit 15.

  The storage unit 16 includes, for example, a hard disk and is installed with an operating system (hereinafter also referred to as “OS”) 161 that defines the basic operation of the personal computer. The storage unit 16 is also installed with a program 162 for realizing various operations including data communication executed under the management of the OS 161. In the personal computer PC, the functions of the functional blocks shown in FIG. 5 are realized by the control unit 15 reading and executing the data management program 162.

  In addition, in the P2P network, the storage unit 16 is different from the normal connection node group when a failure that prevents data communication with a node group that is normally connected to enable data communication (also referred to as a “normal connection node group”) occurs. Information (hereinafter also referred to as “emergency connection information”) 163 for urgently connecting to a node group (also referred to as “emergency connection node group”) is stored.

  In the emergency connection information 163, for example, a table (for example, an IP address corresponding to each node included in the emergency connection node group, key information used for network authentication, etc. is described in order to access the emergency connection node group. Also referred to as “failure connection table”. Note that the above-mentioned “normal connection node group” and “emergency connection node group” are used to include a set of a plurality of nodes and a single node, respectively. Hereinafter, each node included in the normal connection node group is appropriately referred to as a “normal connection node”, and each node included in the emergency connection node group is appropriately referred to as an “emergency connection node”.

  The input / output I / F 17 is an interface for inputting / outputting data to / from the optical disk 91 and the memory card 92 as recording media via the drives 101 and 102.

  The control unit 15 includes a CPU 15a and a memory 15b. The control unit 15 performs overall control of the operation of the personal computer PC, that is, the information processing apparatus, and controls various information processing in the personal computer PC based on user operations, programs 162, and the like. is there. Here, based on various operations of the operation unit 12 by the user, the control unit 15 reads and executes the program 162 stored in the storage unit 16, thereby realizing various types of information processing. The control unit 15 can also read various data and programs recorded on the optical disc 91 and the memory card 92 via the input / output I / F 17 and execute various controls.

  The function of the upper server US is realized by reading various programs, data, and the like into a CPU, a memory, and the like included in the control unit of the personal computer. Further, the upper server US manages information (participation / withdrawal information) such as participation and withdrawal of each node with respect to the P2P network in a predetermined storage unit built therein.

  FIG. 5 is a block diagram illustrating a specific functional configuration of each node included in the information processing system 1. Since the functional configuration of each node is the same, here, a personal computer PC that is one node will be described as an example.

  The functional configuration shown in FIG. 5 is realized by executing a program in the control unit 15, data temporarily stored in the memory 15 a, and various data stored in the storage unit 16.

  The personal computer PC receives a packet necessary for itself among the packets flowing on the network 201 by the data receiving unit 202. Necessary data is extracted by the data analysis unit 203 from the packet received by the data reception unit 202, and is filtered based on, for example, the data destination or the like based on the data destination. Here, if the information is necessary information for the personal computer PC and the information is a processing command related to the personal computer PC, the processing is performed by any one of the data operation function 204, the authentication function 205, and the network application function 206. Is done.

  Further, the personal computer PC has a node information holding unit 209. The node information holding unit 209 includes a connection table holding unit CT that stores a table (connection table) describing a normal connection node group corresponding to a node to which the personal computer PC is normally connected so that data communication is possible. The connection table is updated by the connection table management function 208. The node information holding unit 209 includes a failure connection table holding unit ICT that stores a table describing a group of emergency connection nodes (failure connection table). Here, it is assumed that the node NDA and the node NDX are listed in order in the failure connection table as the emergency connection node group. The failure connection table referred to here corresponds to the emergency connection information 163. The connection table and the failure connection table are acquired from the upper server US by the function of the control unit 15.

  The data transmission unit 211 transmits information according to the connection table held by the node information holding unit 209. For example, when it becomes necessary to send information to another node, the information of the other node described in either the connection table held in the Node information holding unit 209 or the connection table at the time of failure The destination is determined with reference to (for example, unique destination information that can specify a node such as an IP address), and the information is transmitted. At this time, the information to be transmitted is shaped into a network packet by the data creation unit 210 and transmitted to the destination by the data transmission unit 211.

  In this way, the data reception unit 202 and the data transmission unit 211 can perform data communication with the normal connection node group and the emergency connection node group.

  The data holding unit 207 stores a data group composed of various data, and is mainly realized by the storage unit 16. The node information holding unit 209 stores information indicating access authority (also referred to as “access authority information”) to each data group stored in the data holding unit 207 from each normal connection node group or each emergency connection node group. .

  Here, the authentication function 205 and the network application function 206 will be further described.

  The authentication function 205 is for performing network authentication in order to connect to other nodes so that data communication is possible, and permits or rejects connection with individual nodes.

  Network authentication is a work to check whether the accessing user has the right to access in order to realize the security function in the network etc. The user name and password are entered as the authentication method in the computer system. It is common to make it. Specifically, a name (user name) is assigned to each user, a character string (password) that only the user can know is stored together with the user name, and these combinations are input to the user during authentication.

  When the connection is permitted by the authentication function 205, information indicating that the connection is permitted is held in the connection table.

  The connection table stores IP addresses and public key information corresponding to each node included in the normal connection node group, and the authentication function 205 performs network authentication using the public key. Note that the connection table may include a black list in which nodes for which connection is rejected are listed. Furthermore, if the common key information is used for network authentication, the common key information may be stored in the data holding unit 207. The failure connection table stores an IP address and common key information corresponding to each node included in the emergency connection node group.

  The network application function 206 selects a P2P network group in which the personal computer PC voluntarily participates and applies whether or not to participate in the P2P network. For example, after the personal computer PC is turned on, an application is voluntarily applied to which P2P network to participate in, a withdrawal from the currently participating P2P network, or a new participation in the P2P network.

  When the power of the personal computer PC is turned on by the function of the personal computer PC as described above, the nodes (normally connected node group) that have been connected so far are known from the connection table, and each node included in the normal connected node group is identified. Connect sequentially.

  Note that the P2P network in the information processing system 1 is a so-called hybrid P2P network provided with a host server US. For this reason, when a new application is applied to a certain P2P network by the network application function 206, information related to the normal connection node group is input from the upper server US, and the connection table is updated. If the network is a pure type that does not have an upper server, a so-called broadcast is performed for all nodes participating in a certain P2P network, so that the connection destination Only the nodes that responded to indicate a certain thing should be collected in the connection table.

  However, in the case of broadcasting, so-called impersonation in which IP addresses, IDs, and the like are stolen becomes relatively easy, and therefore, a hybrid P2P network is preferable in terms of information security.

  The information processing system 1 can be realized with the above-described configuration. Examples of data exchange in the information processing system 1 include general file exchange and file sharing.

<P2P network failure>
FIG. 6 is a diagram for explaining the occurrence of a failure in the P2P network. As shown in FIG. 6, in the information processing system 1, for example, the nodes ND1 and ND2 of the site SA are not in the P2P network because they are powered off or voluntarily leave the network. Assume that a failure occurs that prevents communication and connection. In this case, when the node ND3 is started up, a failure in which data communication with the normal connection node groups ND1 and ND2 cannot be established, and the node ND3 cannot perform data communication with the normal connection node group via the P2P network (hereinafter referred to as “isolation”). Also referred to as a “state”).

  Hereinafter, an operation for quickly avoiding the isolated state while ensuring the security of information will be described by taking as an example the case where the node ND3 is in the isolated state.

<Isolated avoidance action>
FIG. 7 is a diagram illustrating a sequence of an isolated state avoidance operation when the node ND3 is in an isolated state. The isolated state avoidance operation is realized by the functions of the control units 15 of the node ND3 and other nodes, and the functions of the control unit of the upper server US.

  The isolated state avoidance operation will be described below with reference to FIG.

  When the power is turned on and the node ND3 starts up, the node ND3 issues a connection request to the nodes ND1 and ND2, which are normal connection nodes that had been established until the power was turned off last time. Try. However, since the nodes ND1 and ND2 do not participate in the P2P network here, there is no response to the connection request from the nodes ND1 and ND2, and the node ND3 cannot communicate with the nodes ND1 and ND2 (isolated state) ). For example, if the data transmission unit 211 issues a connection request to the normal connection node group and the data reception unit 202 does not receive a response from the normal connection node within a predetermined period, the control unit 15 Detects a failure that prevents data communication.

  In response to the detection of the occurrence of the failure, the control unit 15 sets the access authority information so as to prohibit the change and addition of the data contents to the data group stored in the data holding unit 207 from another node which is an external device. change. It should be noted that here, as well as prohibiting modification and addition of data contents to the data group stored in the data holding unit 207, only data communication for searching for connectable nodes can be performed. The access authority information is changed.

  In the node ND3, in order to avoid an isolated state, the control unit 15 refers to the failure connection table stored in the failure connection table holding unit ICT and refers to the emergency connection listed in the failure connection table. Search for nodes that can be connected to the current node group. Specifically, a message (emergency connection message) indicating an application for requesting permission for emergency connection (emergency connection permission application) is sequentially transmitted to the nodes included in the emergency connection node group, and a message for permitting emergency connection ( If an emergency connection permission message is returned, a node that can be connected can be detected.

  The operation for searching for connectable nodes (search operation) will be further described.

  First, under the control of the control unit 15, in response to detection of the occurrence of a failure, the access authority information is updated as described above, and the emergency connection listed in the failure connection table is referred to by referring to the failure connection table. Emergency connection messages are transmitted to the nodes in order.

  For example, when the node NDA is listed at the beginning of the emergency connection node group listed in the failure connection table, the node NDA is first accessed and an emergency connection message is transmitted. The emergency connection message includes information indicating a failure state (here, a failure has occurred where data communication cannot be performed with the nodes ND1 and ND2) and network authentication for connecting to the node NDA so that data communication is possible. Key information.

  In the following description, it is assumed that the node NDA is listed first in the emergency connection node group listed in the failure connection table, and the node NDX is listed next.

  The node NDA that has received the emergency connection message confirms whether or not the node ND3 that has issued the emergency connection message belongs to the P2P network by network authentication using an authentication function using key information included in the emergency connection message. Here, when it is confirmed that the node ND3 belongs to the P2P network, the failure status is confirmed based on the information indicating the failure status included in the emergency connection message.

  Here, the node NDA confirms the status of the failure by making an inquiry to the upper server of the P2P network. Specifically, the node NDA transmits a message (failure state confirmation message) corresponding to a signal (confirmation request signal) for requesting confirmation of the occurrence state of the failure to the upper server US. The failure status confirmation message is attached with information indicating the failure status included in the emergency connection message.

  In response to receiving the failure status confirmation message, the upper server US transmits a predetermined confirmation signal to the nodes ND1 and ND2 in order to confirm the failure status. If a signal in response to the predetermined confirmation signal does not return for a predetermined time, a message (failure state report message) reporting a failure state including information (occurrence confirmation information) indicating that the failure occurrence state is correct is sent to the node NDA. Send to. In this way, it is possible to reliably grasp the situation where a failure has occurred. That is, information security can be ensured.

  Here, in order to confirm the occurrence status of the failure, the upper server US directly inquires the nodes ND1 and ND2, but this is not restrictive, and the failure occurrence status is also confirmed by the following operations. can do. If the upper server US refers to the participation / withdrawal information managed in the upper server US in response to the reception of the failure status confirmation message, it is confirmed that the nodes ND1 and ND2 have left the P2P network. The failure status report message including the occurrence confirmation information is transmitted to the node NDA.

  Then, the node NDA detects the occurrence of the failure in response to the reception of the occurrence confirmation information included in the failure status report message. In response to detection of the occurrence of the failure, the node NDA transmits a message (emergency connection permission message) indicating information (connection permission information) permitting emergency connection from the node ND3 to the node NDA to the node ND3. .

  Thereafter, in the node ND3, when an emergency connection permission message is received by the data receiving unit 202, an access is made so that the file stored in the data holding unit 207 can be read from the emergency connection node under the control of the control unit 15. Authority information is changed. Then, by transmitting a message (connection message) for establishing a connection from the node ND3 to the node NDA, a state (emergency connection state) in which the node ND3 and the node NDA are connected to be able to perform data communication is established. Is done. In this way, for example, the occurrence of a failure can be reliably detected based on information managed by the higher-level server US such as information about withdrawal of a node from the P2P network.

  Here, if the node NDA has not participated in the P2P network, a connection is attempted to the next node NDX listed in the failure connection table.

  Note that if all the nodes listed in the failure connection table do not participate in the P2P network, the node ND3 may acquire another failure connection table from the upper server US.

  For example, the upper server US manages reliable and up-to-date information about node participation and withdrawal from the P2P network. For this reason, the isolated state can be quickly and reliably eliminated by establishing the emergency connection by using the safe and latest information managed by the host server SB.

  Further, for example, if the node ND3 is installed in Japan, a failure connection table in which a group of emergency connection nodes in Japan that can be accessed in a relatively short time is listed is used. If an emergency connection using the table cannot be established, the emergency connection node group in a foreign country (for example, the United States) that requires a relatively long time for access may be updated to the connection table for failure. good. In other words, the isolated state may be quickly and surely resolved by using information that can be used to try an emergency connection in order of easy access and establishing an emergency connection.

  Here, an operation flow when an isolated state is avoided by connecting a certain node (for example, the node ND3) to the emergency connection node will be described. Hereinafter, a node that is a target for avoiding an isolated state is referred to as an “isolation avoidance target node”.

  FIG. 8 is a flowchart showing an operation flow in the isolation avoidance target node when the isolated state of the node is avoided. FIG. 9 is a flowchart showing an operation flow in the emergency connection node when the isolated state of the node is avoided. FIG. 10 is a flowchart showing an operation flow in the upper server US when avoiding an isolated state of a node.

  The operation flow shown in FIG. 8 is executed under the control of the control unit in the isolation avoidance node, the operation flow shown in FIG. 9 is executed under the control of the control unit in the emergency connection node, and the operation flow shown in FIG. It is executed under the control of the control unit in the upper server US. Then, the operation flow of the node to be isolated shown in FIG. 8, the operation flow of the emergency connection node shown in FIG. 9, and the operation flow of the upper server US shown in FIG. An operation for avoiding the state is realized.

  The operation flow in the isolation avoidance target node, emergency connection node, and upper server US is performed in parallel, but in order to prevent the explanation from becoming complicated, the isolation avoidance target node side, the emergency connection node side, and the upper server US side The operation flow will be described separately.

  First, the operation flow on the isolation avoidance target node side will be described with reference to the flowchart of FIG. Here, when the power of the node is turned on, the operation flow of FIG. 8 is started.

  In step S1, a connection request is issued to the normally connected nodes (normal connection node group), and the process proceeds to step S2.

  In step S2, it is determined whether or not there is a response from the normal connection node group in response to the connection request issued in step S1. Here, if there is a response, since it is possible to connect to the normal connection node group, it can be determined that the node is not in an isolated state, and thus the operation flow for avoiding the isolated state is terminated. On the other hand, if there is no response from the normal connection node group, it can be detected that a failure that prevents data communication with the normal connection node group has occurred, and it can be determined that the node is in an isolated state. move on.

  In step S3, the access authority information is changed so as to prohibit the change and addition of data contents to the data group stored in the data holding unit 207 in the node from another node which is an external device, and the process proceeds to step S4. For example, the access authority information is changed so that only data communication for searching for connectable nodes is possible.

  In step S4, the emergency connection node listed in the failure connection table is designated with reference to the failure connection table, and the process proceeds to step S5.

  In step S5, an emergency connection message indicating an emergency connection permission application is transmitted to the emergency connection node, and the process proceeds to step S6. If this step is the first time, the emergency connection node specified in step S4 is the transmission destination. If this step is the second time or later, the emergency connection node specified in step S8 is the transmission destination. .

  In step S6, it is determined whether an emergency connection permission message is received from the emergency connection node that is the destination of the emergency connection message. If the emergency connection permission message is not received, the process proceeds to step S7, and if received, the process proceeds to step S9.

  In step S7, it is determined whether or not an emergency connection message has been transmitted to all emergency connection nodes listed in the failure connection table. Here, if an emergency connection message has not been transmitted to all emergency connection nodes, the process proceeds to step S8. On the other hand, when an emergency connection message is transmitted to all emergency connection nodes, this operation flow is terminated. When an emergency connection message is transmitted to all emergency connection nodes, the operation flow may not be terminated, but another failure connection table may be acquired from the upper server US.

  In step S8, the emergency connection node listed next to the emergency connection node that sent the emergency connection message immediately before is specified from the group of emergency connection nodes listed in the connection table at the time of failure. move on.

  In step S9, the access authority information is changed so that the file stored in the data holding unit 207 can be read from the emergency connection node, and the process proceeds to step S10.

  In step S10, a connection message is transmitted to the emergency connection node that has transmitted the emergency connection permission message, an emergency connection state is established, and this operation flow is terminated.

  Next, the operation flow on the emergency connection node side will be described with reference to the flowchart of FIG. Each node constituting the P2P network may always be an emergency connection node. That is, the emergency connection node is not particularly determined, and each node constituting the P2P network appropriately operates as an emergency connection node. Then, each node starts an operation flow as an emergency connection node shown in FIG. 9 when the power is turned on.

  In step S11, it is determined whether an emergency connection message has been received. Here, the determination in step S11 is repeated until an emergency connection message is received. If an emergency connection message is received, the process proceeds to step S12.

  In step S12, a failure status confirmation message is transmitted to the upper server US, and the process proceeds to step S13.

  In step S13, the failure status report message is received from the upper server US, and the process proceeds to step S14.

  In step S14, it is determined by referring to the failure status report message received in step S13 whether or not the information indicating the failure status included in the received emergency connection message is correct. Here, if the information indicating the failure status is correct, the process proceeds to step S15. If the information indicating the failure status is incorrect, the emergency connection is not established so as not to allow the emergency connection by impersonation. This operation flow ends.

  In step S15, an emergency connection permission message is transmitted to the isolated node that has transmitted the emergency connection message, and the process proceeds to step S16.

  In step S16, the connection message is received from the isolated node that has transmitted the emergency connection message, the emergency connection state is established, and the operation flow is terminated.

  Next, the operation flow on the upper server US side will be described with reference to the flowchart of FIG. It is not known at what timing the node is isolated. Therefore, the host server US starts the operation flow shown in FIG. 10 when the power is turned on.

  First, in step S21, it is determined whether a failure status confirmation message has been received from the emergency connection node. Here, the determination in step S21 is repeated until the failure status confirmation message is received, and when the failure status confirmation message is received, the process proceeds to step S22.

  In step S22, it is confirmed whether or not the failure status is correct, and the process proceeds to step S23. Specifically, a predetermined confirmation signal is transmitted to the node (for example, the nodes ND1 and ND2) that is the cause of the failure based on the information indicating the failure status attached to the failure status confirmation message. If a signal responding to the predetermined confirmation signal does not return within a predetermined time, it can be confirmed that the failure occurrence state is correct. On the contrary, if the signal responding to the predetermined confirmation signal is returned within the predetermined time, it can be confirmed that the failure occurrence state is not correct.

  In step S23, a failure status report message for reporting whether the failure occurrence status confirmed in step S22 is correct or not is transmitted to the node that has transmitted the failure status confirmation message, and this operation flow ends.

  As described above, in the information processing system 1 according to the embodiment of the present invention, one node stores connection information for connecting to an emergency connection node group different from the normal connection node group so that data communication is possible. Keep it. And when the said one node detects the occurrence of a failure incapable of data communication with the normal connection node group, it accesses at least one or more emergency connection nodes included in the emergency connection node group by referring to the connection information And send a connection permission application including information indicating the failure status. After that, in response to reception of connection permission information transmitted from one or more emergency connection nodes according to the failure status, an emergency connection state is established in which data communication is established with one or more emergency connection nodes. To do.

  With such a configuration, because the application for connection permission is applied to the emergency connection node group narrowed down in the connection information together with the status of the failure, the situation of surrounding nodes that cannot be recognized by simple impersonation is used as a standard It is possible to determine whether or not emergency connection is possible. And since it is not necessary to add an extra resource like the said patent document 1, an additional investment is unnecessary and it can suppress that the enlargement of a system, the increase in cost, etc. are caused. Further, since the information amount of the connection table at the time of failure may be small, there is no increase in the amount of data required for management, an increase in traffic on the network, and the like as in Patent Document 2.

  Therefore, in the information processing system 1 according to the embodiment of the present invention, it is possible to quickly avoid an isolated state of a node in the P2P network while ensuring information security without incurring an increase in data processing amount or cost. .

  In addition, the security of information can be appropriately maintained by including the key information for connecting data communication in the connection permission application.

  In response to detection of the occurrence of a failure, the access authority information is changed so that a node in an isolated state prohibits changing and adding data contents to the data group stored in the storage unit 16 from other nodes. To do. With such a configuration, when searching for a node to be urgently connected, alteration of data from a node with low reliability that is not normally connected can be prevented.

  Further, when the emergency connection state is established, the access authority information is changed so as to permit addition of data contents to the data group stored in the predetermined storage unit 16 from the emergency connection node. Even if data addition is permitted for a node, it is possible to prevent the data content as a base from being altered without permission. Therefore, sufficient security of information can be ensured.

  Further, since the emergency connection node transmits an emergency connection permission message after detecting the occurrence of the failure, the emergency connection can be established after sufficiently confirming the occurrence of the failure. For this reason, it is possible to prevent an emergency connection from being established by a malicious node pretending to be an isolated node.

<Release emergency connection status>
As described above, a node in an isolated state can quickly resolve the isolated state by establishing an emergency connection state with the emergency connection node. However, the emergency connection state is a state in which direct connection is made to a node that is not normally connected, and is not necessarily a preferable state in terms of information security. Therefore, the information processing system 1 releases the emergency connection state and establishes the connection with the normal connection node group when the connection with the normal connection node group is possible in the emergency connection state.

  The operation for canceling the emergency connection state will be described below.

  FIG. 11 is a diagram illustrating a sequence of canceling the emergency connection state when the node ND3 is in an emergency connection state with the node NDA. Note that the operation for canceling the emergency connection state is realized by the functions of the control units 15 of the node ND3 and other nodes.

  Hereinafter, the emergency connection state canceling operation will be described with reference to FIG.

  Here, since the power of the nodes ND1 and ND2 is OFF, the node ND3 is in an isolated state, and the node ND3 transmits an emergency connection message to the node NDA, so that the node NDA is urgent to the node ND3. A case where the connection permission message is transmitted and the emergency connection state is established between the node ND3 and the node NDA will be described.

  When the emergency connection state is established, the node ND3 periodically executes a process (surrounding search schedule) for searching whether or not a surrounding node, that is, a normal connection node can be connected. The normal connection node group is a normal connection node that participates in the P2P network and can be connected so that data communication is possible, and can reach a desired node via the normal connection node. Search for a node.

  Specifically, a connection request is issued to the normal connection node group at a predetermined cycle after the emergency connection state is established. When there is a normal connection node (in this case, the node ND1) that is powered on in the normal connection node group, the connection permission for the connection request is transmitted from the normal connection node to the node ND3. Is done. At this time, for example, the emergency connection is temporarily disconnected to obtain the IP address of the indirectly connected node of about four layers, and the emergency connection destination node (for example, the node NDA) is included therein. ) Is included, it can be determined that the desired node can be reached.

  In this way, the node ND3 detects the cancellation of the failure by trying data communication with the normal connection node group every predetermined period in the emergency connection state.

  When detecting the cancellation of the failure, the node ND3 transmits a message (emergency connection disconnection message) for notifying the emergency connection disconnection to the node NDA that is the emergency connection destination. When the node NDA receives the emergency connection disconnection message, the node NDA transmits a message permitting disconnection of the emergency connection (emergency connection disconnection permission message) to the node ND3. When the node ND3 receives this emergency connection disconnection permission message, the emergency connection with the node NDA is disconnected.

  Then, under the control of the control unit 15, the node ND 3 permits the file change, deletion, addition, etc. to the data group stored in the data holding unit 207 from the connected node (here, the node ND 1). Change the access authority information so that it returns to its original state. When this access authority information is restored, a state (normal connection state) is established in which a connection (session) between the node ND3 and the node ND1, which is a normal connection node, is established.

  Here, an operation flow for canceling the emergency connection state will be described.

  FIG. 12 is a flowchart showing an operation flow in a node (isolation avoidance target node) when canceling the emergency connection state, and FIG. 13 shows an operation flow in the emergency connection destination node when canceling the emergency connection state. It is a flowchart.

  The operation flow shown in FIG. 12 is executed under the control of the control unit in the isolation avoidance target node, and the operation flow shown in FIG. 13 is executed under the control of the control unit in the emergency connection destination node. Then, the operation flow of the isolated avoidance target node shown in FIG. 12 and the operation flow of the emergency connection destination node shown in FIG. 13 are performed in parallel, thereby realizing the operation of canceling the emergency connection state.

  The operation flow in the isolation avoidance target node and the emergency connection destination node is performed in parallel, but in order to prevent the explanation from becoming complicated, the operation flow between the isolation avoidance target node side and the emergency connection destination node side is Separately described.

  First, the operation flow on the isolation avoidance target node side will be described with reference to the flowchart of FIG. Here, when the emergency connection state is established, the operation flow of FIG. 12 is started.

  In step S31, the count for measuring the timing for performing the surrounding search is started, and the process proceeds to step S32.

  In step S32, it is determined whether or not a predetermined time has elapsed since the count started in step S31 has reached a predetermined value. Here, the determination in step S32 is repeated until the predetermined time elapses, and when the predetermined time elapses, the process proceeds to step S33.

  In step S33, a connection request is transmitted to each node belonging to the normal connection node group, and the process proceeds to step S34.

  In step S34, it is determined whether a connection permission for the connection request transmitted in step S33 is received from the normal connection node group. Here, if connection permission is not received within a predetermined period from the transmission of the connection request in step S33, the process returns to step S31, and if connection permission is received, the process proceeds to step S35.

  In step S35, an emergency connection disconnection notification (emergency connection disconnection message) is transmitted to the emergency connection destination, and the process proceeds to step S36.

  In step S36, an emergency connection disconnection permission message is received from the emergency connection destination, and the process proceeds to step S37.

  In step S37, the emergency connection is disconnected and the process proceeds to step S38.

  In step S38, the access authority information is changed, and the process proceeds to step S39. Here, the access authority information is changed so as to return to the original state so as to permit the change, deletion, addition, etc. of the file to the data group stored in the data holding unit 207 from the normal connection node.

  In step S39, the connection with the normal connection node that is the connection permission source is established, and the operation flow is terminated.

  Next, an operation flow in the emergency connection destination node will be described with reference to the flowchart of FIG. When the emergency connection destination node enters the emergency connection state, the operation flow shown in FIG. 13 is started.

  First, in step S41, it is determined whether an emergency connection disconnection notification (emergency connection disconnection message) has been received. Here, the determination in step S41 is repeated until an emergency connection disconnect message is received. If an emergency connection disconnect message is received, the process proceeds to step S42.

  In step S42, an emergency connection disconnection permission message is transmitted to the isolation avoidance target node, and this operation flow ends.

  As described above, in the information processing system 1 according to the present embodiment, after the isolation avoidance target node is in an emergency connection state, for example, a connection request is made to the normal connection node group at a predetermined cycle, and this connection In response to the request, a signal indicating connection permission is received from the normal connection node, thereby detecting the cancellation of the failure. In response to the detection of the cancellation of the failure, the emergency connection state is canceled and the normal connection state in which data communication with the normal connection node is established is established. By adopting such a configuration, for example, information security can be further ensured by avoiding an unsafe state such as data communication with an emergency connection destination that is not normally connected directly.

<Modification>
As mentioned above, although embodiment of this invention was described, this invention is not limited to the thing of the content demonstrated above.

  For example, in the above-described embodiment, in the emergency connection state, the node ND3 that has avoided the isolated state due to the emergency connection attempts data communication with the normal connection node group every predetermined period. For example, each node included in the normal connection node group transmits a connection request to the node ND3 when the failure is resolved by turning on the power. You may make it detect cancellation | release of a fault. Even if it becomes such a structure, the effect similar to embodiment mentioned above can be acquired.

  The configuration will be specifically described below with reference to FIG.

  FIG. 14 is a diagram illustrating a sequence of the operation for canceling the emergency connection state when the node ND3 is in an emergency connection state with the node NDA. The operation for canceling the emergency connection state is realized by the function of each control unit 15 of the nodes ND3, ND1, and NDA.

  Here, since the power of the nodes ND1 and ND2 is OFF, the node ND3 is in an isolated state, and the node ND3 transmits an emergency connection message to the node NDA, so that the node NDA is urgent to the node ND3. A case will be described where a connection permission message is transmitted and an emergency connection state (session) is established between the node ND3 and the node NDA.

  In the emergency connection state, for example, when the power of the node ND1 included in the normal connection node group is turned on, the node ND1 issues a connection request to the normally connected nodes ND2 and ND3. At this time, a message (failure avoidance message) indicating that the failure has been avoided is also transmitted to the upper server US.

  When the node ND3 receives a connection request from the node ND1 included in the normal connection node group, the node ND3 issues a connection permission to the node ND1. At this time, the node ND3 refers to the connection table stored in the Node information holding unit 209 to determine whether or not the node that has issued the connection request belongs to the normal connection node group. Further, at this time, it is also determined whether or not it is possible to reach a desired node via the normal connection node that has issued the connection request. For example, the emergency connection is temporarily disconnected to obtain the IP address of the indirectly connected node of about four layers, and the IP address of the node that is the emergency connection destination (for example, the node NDA) is included therein. If the address is entered, it can be determined that the desired node can be reached.

  The node ND3 that has issued the connection permission to the node ND1 transmits a message (emergency connection disconnection message) notifying the emergency connection disconnection to the node NDA that is the emergency connection destination. When the node NDA receives the emergency connection disconnection message, the node NDA transmits a message permitting disconnection of the emergency connection (emergency connection disconnection permission message) to the node ND3. When the node ND3 receives this emergency connection disconnection permission message, the emergency connection with the node NDA is disconnected.

  Then, under the control of the control unit 15, the node ND 3 permits the file change, deletion, addition, etc. to the data group stored in the data holding unit 207 from the connected node (here, the node ND 1). Change the access authority information so that it returns to its original state. When this access authority information is restored, a state (normal connection state) is established in which a connection (session) between the node ND3 and the node ND1, which is a normal connection node, is established.

  An operation flow for canceling the emergency connection state will be described.

  FIG. 15 is a flowchart showing an operation flow in the node (isolation avoidance target node) when canceling the emergency connection state, and FIG. 16 is a flowchart showing an operation flow in the normal connection node when canceling the emergency connection state. is there. The flowchart showing the operation flow in the emergency connection destination node when canceling the emergency connection state is the same as FIG.

  The operation flow shown in FIG. 15 is executed under the control of the control unit in the isolation avoidance target node, and the operation flow shown in FIG. 16 is executed under the control of the control unit in the normal connection node. Then, the operation flow of the isolation avoidance target node shown in FIG. 15, the operation flow of the normal connection node shown in FIG. 16, and the operation flow of the emergency connection destination node shown in FIG. 13 are performed in parallel. Operation to cancel the emergency connection state is realized.

  The operation flow in the isolation avoidance target node, normal connection node, and emergency connection destination node is performed in parallel, but in order to prevent the explanation from becoming complicated, the operation between the isolation avoidance target node side and the normal connection node side The flow will be described separately. Since the operation flow on the emergency connection destination node side has already been described above, the description thereof is omitted here.

  First, the operation flow on the isolation avoidance target node side will be described with reference to the flowchart of FIG. Here, when the emergency connection state is established, the operation flow of FIG. 15 is started.

  In step S51, it is determined whether a connection request is received from the normal connection node. Here, the determination in step S51 is repeated until a connection request is received, and when a connection request is received, the process proceeds to step S52. At this time, whether or not the node that issued the connection request belongs to the normal connection node group and whether or not the node that can be reached through the normal connection node that issued the connection request can be reached. judge.

  In step S52, a notification for permitting connection (connection permission message) is transmitted to the normal connection node that has issued the connection request, and the process proceeds to step S53.

  In steps S53 to S57, processing similar to that in steps S35 to S39 in FIG. 12 is performed.

  Next, the operation flow in the normal connection node will be described with reference to the flowchart of FIG. When the power is turned on, the normal connection node starts the operation flow shown in FIG.

  First, in step S61, a connection request is transmitted to a normally connected node, and the process proceeds to step S62. For example, a connection request is transmitted from the normal connection node ND1 to the isolation avoidance target node ND3.

  In step S62, a message indicating that the failure has been avoided (failure avoidance message) is transmitted, and the process proceeds to step S63.

  In step S63, a connection permission message (connection permission notification) is received, and the process proceeds to step S64.

  In step S64, the connection with the node that has transmitted the connection permission is established, and this operation flow ends. In this step S64, for example, the node ND1 establishes a connection with the node ND3 that has transmitted the connection permission.

  In the above-described embodiment, the node ND3 accesses the node NDA included in the emergency connection node group by referring to the failure connection table in response to the detection of the occurrence of the failure. The emergency connection state between the node ND3 and the node NDA has been established by transmitting a connection permission application including information indicating the status of the network. However, the present invention is not limited to this, and in response to detection of the occurrence of a failure, By referring to the connection table, access is made to at least one or more emergency connection nodes included in the emergency connection node group, and a connection permission application including information indicating a failure state is transmitted, so that the node ND3 and the relevant node An emergency connection state with one or more emergency connection nodes may be established. Even with this configuration, it is possible to obtain the same effects as in the above embodiment.

  At this time, the key information included in the emergency connection message may be key information for connecting to at least one emergency connection node so that data communication is possible.

  In the above-described embodiment, when the node is isolated, the access authority information is changed so that only data communication for searching for a connectable node is possible. In the emergency connection state, the emergency connection is performed. The access authority information has been changed so that the file stored in the data holding unit 207 can be read from the node. However, the change contents of the access authority information are not limited to the above.

  FIG. 17 is a diagram illustrating a variation of changing the access authority. FIG. 17 illustrates two cases (case 1 and case 2).

  Case 1 corresponds to the contents of the above embodiment, and when the node is in an isolated state, access authority information is set so that only data for searching for a connectable node can be communicated. Is changed. In the emergency connection state, the access authority information is changed so that only two-way file reading is permitted between the isolation avoidance target node and the emergency connection destination node. This change of the access authority information can be said to be preferable in terms of ensuring a high level of information security. For example, even if data containing a virus is stored in a node that pretends to be an isolated node, in the isolated state, access authority is set so that only data communication for searching for a connectable node is possible. Since the information has been changed, it is possible to prevent other nodes from inadvertently reading data including viruses.

  Case 2 is a case where information security is slightly relaxed with an emphasis on convenience over Case 1. Specifically, when a node becomes isolated, in addition to data communication to search for connectable nodes, it is possible to read files from other nodes and higher servers to the isolation avoidance target node. The access authority information is changed as follows. In the emergency connection state, the access authority information is changed between the isolation avoidance target node and the emergency connection destination node so that the addition of the file is permitted in addition to the bidirectional file reading.

  As in Case 2, when a node is in an isolated state, the following configuration can be realized by permitting reading of a file to the isolation avoidance target node from another node or an upper server. it can.

  For example, when checking whether the information on the failure occurrence status is correct from the upper server or the emergency connection node, the access authority information of the isolation avoidance target node is referred to, and the access authority information of the isolation avoidance target node has a predetermined content. It can be confirmed that the node that has requested the emergency connection is in an isolated state by detecting that it has been changed.

  That is, in the above-described embodiment, the emergency connection permission message is transmitted if the emergency connection node has the correct information on the failure status transmitted from the isolated node. However, the present invention is not limited to this, and in addition, in response to the emergency connection node detecting a change in access authority information in the isolated node, either directly or indirectly through the upper server US, the emergency connection node A permission message may be transmitted.

  With this configuration, if data that causes a virus or other trouble is stored in a malicious node that has attempted to make an emergency connection by impersonating an isolated node, the data It is possible to prevent a situation in which the emergency connection destination node obtains a problem.

  In the above-described embodiment, the emergency connection node inquires the host server US for confirmation of the failure status. However, the present invention is not limited to this. For example, the emergency connection node directly confirms the failure status. Also good. Specifically, after the emergency connection node issues a predetermined confirmation signal to the normal connection node group and issues a signal in response to the predetermined confirmation signal from the normal connection node group, the emergency connection node issues a predetermined confirmation signal. The occurrence of a failure may be detected in response to not receiving within a predetermined period. With such a configuration, it is possible to reliably grasp the situation where a failure has occurred. That is, information security can be ensured.

It is a figure which shows the outline | summary of the P2P network which concerns on 1st Embodiment of this invention. It is a figure which illustrates the structure of the segment of a network. It is a figure which illustrates the external appearance of the personal computer which is a node. It is a block diagram which shows the function structure of a personal computer. It is a block diagram which shows the concrete function structure of each node. It is a figure which shows generation | occurrence | production of a failure. It is a figure which shows the sequence of the avoidance operation | movement of an isolated state. It is a flowchart which shows the avoidance operation | movement flow of an isolated state. It is a flowchart which shows the avoidance operation | movement flow of an isolated state. It is a flowchart which shows the avoidance operation | movement flow of an isolated state. It is a figure which shows the sequence of cancellation | release operation | work of an emergency connection state. It is a flowchart which shows the cancellation | release operation | movement flow of an emergency connection state. It is a flowchart which shows the cancellation | release operation | movement flow of an emergency connection state. It is a figure which shows the sequence of the cancellation operation | movement of the emergency connection state which concerns on a modification. It is a flowchart which shows the cancellation | release operation | movement flow of the emergency connection state which concerns on a modification. It is a flowchart which shows the cancellation | release operation | movement flow of the emergency connection state which concerns on a modification. It is a figure which shows the variation of a change of access authority. It is a figure which shows the outline | summary of a P2P network.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information processing system 11 Control part 12 Operation part 15 Control part 15a CPU
15b Memory 16 Storage unit 162 Program 163 Emergency connection information 207 Data holding unit 208 Connection table management unit 209 Node information holding unit ND1, ND2, ND3, NDA, NDB, NDC, NDX, NDY, NDZ node SA, SB, SC site US Upper server

Claims (16)

An information processing apparatus that performs data communication with an external device via a P2P network,
A communication means for performing data communication with a group of normally connected nodes;
Connection information storage means for storing connection information for connecting to an emergency connection node group different from the normal connection node group so that data communication is possible;
A failure occurrence detection means for detecting the occurrence of a failure incapable of data communication with the normal connection node group by the communication means;
In response to the detection of the occurrence of the failure by the failure occurrence detection means, the communication means accesses the at least one emergency connection node included in the emergency connection node group by referring to the connection information. An application transmission means for transmitting a connection permission application including information indicating the status of the failure to the one or more emergency connection nodes;
Receiving means for receiving connection permission information transmitted from the one or more emergency connection nodes according to the state of the failure;
In response to reception of the connection permission information by the receiving means, connection means for establishing an emergency connection state in which data communication is established with the one or more emergency connection nodes;
An information processing apparatus comprising: The information processing apparatus according to claim 1,
The connection information is
Including key information for connecting to at least the one or more emergency connection nodes so that data communication is possible;
The connection permission application is
An information processing apparatus comprising the key information. The information processing apparatus according to claim 1 or 2,
Authority information storage means for storing authority information indicating access authority to a data group stored in a predetermined storage unit in the information processing apparatus from the external device;
In response to detection of the occurrence of the failure by the failure occurrence detection means, authority information change means for changing the authority information so as to prohibit the change and addition of data contents to the data group from the external device;
An information processing apparatus further comprising: The information processing apparatus according to claim 3,
The connection permission information is
An information processing apparatus that is transmitted in response to detection of a change in the authority information by the one or more emergency connection nodes. The information processing apparatus according to claim 3 or 4,
The authority information changing means is
The authority information is changed so as to permit addition of data contents to the data group from the one or more emergency connection nodes when the emergency connection state is established by the connection means. Processing equipment. An information processing apparatus according to any one of claims 1 to 5,
The one or more emergency connection nodes are
An information processing apparatus that transmits the connection permission information after detecting the occurrence of the failure. The information processing apparatus according to claim 6,
The one or more emergency connection nodes are
The occurrence of the failure is detected in response to issuing a predetermined signal to the normal connection node group and not receiving a signal in response to the predetermined signal from the normal connection node group. Information processing device. The information processing apparatus according to claim 6,
The one or more emergency connection nodes are
A request signal for requesting confirmation of the occurrence of the failure is sent to a predetermined upper server,
The predetermined host server is
Occurrence confirmation information indicating that the occurrence of the failure is correct in response to not receiving a signal responding to the predetermined signal from the normal connection node group by issuing a predetermined signal to the normal connection node group To the one or more emergency connection nodes,
The one or more emergency connection nodes are
An information processing apparatus that detects the occurrence of the failure in response to receiving the occurrence confirmation information. The information processing apparatus according to claim 6,
The one or more emergency connection nodes are
A request signal for requesting confirmation of the occurrence of the failure is sent to a predetermined upper server,
The predetermined host server is
When it is confirmed that the occurrence of the failure is correct by referring to predetermined data managed by the predetermined upper server, occurrence confirmation information indicating that the occurrence of the failure is correct is sent to the one or more emergency connections. Call to the node,
The one or more emergency connection nodes are
An information processing apparatus that detects the occurrence of the failure in response to receiving the occurrence confirmation information. An information processing apparatus according to any one of claims 1 to 7,
Information acquisition means for acquiring the connection information from a predetermined upper server;
An information processing apparatus further comprising: An information processing apparatus according to any one of claims 3 to 5,
Failure release detection means for detecting the release of the failure;
Further comprising
The connecting means comprises:
In response to detection of the cancellation of the failure by the failure cancellation detection means, the emergency connection state is canceled and a normal connection state is established that allows data communication with the normal connection node group. Information processing apparatus. The information processing apparatus according to claim 11,
The failure release detecting means is
In the emergency connection state, the information processing apparatus detects the cancellation of the failure by trying data communication with the normal connection node group every predetermined period. The information processing apparatus according to claim 11,
The failure release detecting means is
In the emergency connection state, in response to receiving a signal from at least one normal connection node of the normal connection node group, the information processing apparatus detects cancellation of the failure.   A program for causing the information processing apparatus to function as the information processing apparatus according to any one of claims 1 to 13 by being executed by a computer included in the information processing apparatus. An information processing system for performing data communication between a plurality of information processing apparatuses via a P2P network,
An information processing apparatus according to any one of claims 1 to 13,
The normal connection node group;
The emergency connection node group; and
An information processing system comprising: In an information processing apparatus that performs data communication with a normal connection node group via a P2P network, an isolated state avoidance method for avoiding an isolated state due to a failure that prevents data communication with the normal connection node group,
(a) storing connection information for connecting to an emergency connection node group different from the normal connection node group so that data communication is possible;
(b) By referring to the connection information in response to detection of the occurrence of the failure, access is made to at least one emergency connection node included in the emergency connection node group, and the one or more emergency Transmitting a connection permission application including information indicating the status of the failure to the connection node;
(c) receiving connection permission information transmitted from the one or more emergency connection nodes according to the state of the failure;
(d) in response to receiving the connection permission information in the step (c), establishing an emergency connection state in which data communication is established with the one or more emergency connection nodes;
An isolated state avoidance method characterized by comprising:

Images