JP5260567B2 - Cloud computing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a mechanism relating to cloud computing system, particularly, for smoothing providing (selling) and use (buying) of resources between users. <P>SOLUTION: In the system, each node can use services of others instead of providing cloud-like service resources. According to evaluation of the service providing, execution of the service use is controlled. The system has a function of setting relationships among entities including an entity (E1) which provides (sells) resources to the others, an entity (E2) which uses (buys) resources from the others, and a predetermined entity (E0) which is interposed between these entities (E1, E2) to perform processing of a transaction related to providing (selling)-use (buying) of resources or the like. This function performs processing to set relationships (#1, #2) among entities using a certificate asserting the identity of a user, a key, and a signature processing technique. <P>COPYRIGHT: (C)2011,JPO&amp;INPIT

Description

  The present invention relates to a cloud computing technology.

  The trend in IT is cloud computing. In this specification, cloud computing (hereinafter abbreviated as “cloud” as appropriate) refers to a form in which resources (resources) such as storage resources and computing resources are provided or used as services on the Internet. . In a system that realizes a cloud service (cloud computing system), server virtualization technology, distributed processing technology, and the like are used as elemental technologies.

  Examples of cloud services (hereinafter also simply referred to as “services”) are as follows. A computer (terminal) such as a PC provided with a Web browser used by a user (client) accesses a service (content etc.) on the Internet. For example, there are electronic commerce (EC) services such as Amazon (registered trademark), information retrieval services such as Google (registered trademark), and the like, and a Web site (server) that provides the service is accessed. In the node group including the server, service processing (for example, distributed processing) is performed between a plurality of nodes, and the result is returned to the user terminal. Further, the user terminal does not need to know how the processing is performed in the node group.

  Further, as a technology related to the service by the cloud computing, for example, Amazon EC2 (Amazon Elastic Compute Cloud) (Non-Patent Document 1) is available.

  Japanese Patent Application Laid-Open No. 2004-206273 (patent document) discloses a prior art example in which a user (node) 's computer resources or services based on them are mutually provided and used, or a prior art example in which the resource / service is traded. Document 1) (Computer Resource Trading System), JP 2007-323439 A (Patent Document 2) (Resource Allocation System), JP 2002-92366 A (Patent Document 3) (CPU Time Trading Method), and the like .

JP 2004-206273 A JP 2007-323439 A JP 2002-92366 A

“Amazon Elastic Compute Cloud (Amazon EC2)”, amazon web services (registered trademark), [Search September 1, 2009], Internet <URL: http://aws.amazon.com/ec2/>

  The provision of cloud services and systems is currently being led by some companies. In particular, companies such as Amazon and Google provide a cloud-like service system with a huge infrastructure (resources) including a large number of servers. A large number of users such as SMEs and individuals who do not have such infrastructure tend to remain on the cloud service / system usage side. In other words, some companies' cloud-like service systems are often used in the form of pay-per-use.

  Various functions such as EC and information retrieval on the Internet have great influence as social and public infrastructure. Therefore, the provision of a cloud-like service system for such functions is not limited to a small number of companies, and it is desirable that a large number of diverse companies and individuals participate.

  In addition, when the implementation of a cloud system is by a specific company, there is a concern that the vulnerability of that implementation may adversely affect the entire system environment, for example, because a single implementation becomes dominant . Therefore, it is desirable that a cloud system can be configured by various implementations.

  The prior art examples such as Patent Document 1 do not fully consider the resource / service provision (sell) -use (buy) mechanism and its problems on the cloud computing system.

  In view of the above, a main object of the present invention is to provide a mechanism related to a cloud computing system, in which a large number of diverse users can participate, and the entire system environment can be developed satisfactorily. In particular, in the above-described cloud computing system, each user (node) computer has different resources (or services based thereon), but the resources / services are provided (sell) -utilized (buy) between the users (nodes). By providing a mechanism that smoothes the system, the construction and development of the system can be made more efficient.

  (1) In the present invention, in order to realize the above-described mechanism, an open and fully distributed system is considered as a configuration model of a cloud computing system. That is, in an information processing system (a network of nodes (computers) group) on a communication network, for example, the nodes of an unspecified number of users (participants) can freely participate / This is a mechanism in which each node can provide (deliver) computer resources for provision (configuration) of a cloud-like service, and the service can be used. As a model on the service providing side, each participant's node freely provides storage resources, computing resources, and the like, and configures and provides a cloud-like service by using resources (a combination thereof) of the plurality of nodes. Further, as a model on the service use side, each participant's node can access and use the cloud service described above.

  Here, in a system in which each node provides and uses a service (resource) as described above, the balance between the provision and use of the service (resource) becomes one problem. In other words, it is acceptable for one user to be biased or free riding, etc., while the degree of provision is too large for the service (resource) usage, whereas the other user is too much for usage. A mechanism to do this is not desirable. In this regard, the present system has a mechanism that enables the use of services (resources) according to the degree of contribution and accuracy in the provision of services (resources) in order to achieve fairness and the like. That is, each participant's node obtains authority, points, etc. for using the service (resource) instead of providing the resource for providing the service. In other words, the service (resource) must be provided by itself as a condition for using the service (resource). As a result, participation of appropriate nodes is encouraged, removal of inappropriate nodes is promoted, and implementation of the entire system environment is made efficient.

  As the above mechanism, in this system, for example, the degree of contribution or accuracy in the act of providing a service (resource) by a first node is evaluated by another node (group), for example, and the evaluation result is obtained. The first node that provided the service (resource) has a mechanism that reflects the use of another service (resource) (its authority, etc.). For example, as the evaluation process, the second node, which is the evaluation subject, determines the accuracy by determining the presence / absence of accurate response data in the service providing action for each first node to be evaluated. evaluate. As the evaluation (evaluation information), for example, the authority to use, the points, and the like regarding the first node are increased or decreased. Then, as a reflection of the evaluation result, control (permission, etc.) regarding the use of the service of the other person by the first node to be evaluated is performed according to the evaluation information.

  This system form includes, for example, a network to which a node (group) by a user's computer is communicatively connected, and the node provides a resource by hardware and software, thereby providing a cloud computing service (various services). ) Providing a function for providing a service, a use function for performing a process of requesting and using the service, a node using the use function (first node), and a node using the provision function (third node) And an execution function that performs processing for controlling the execution of the service and the like, and an operation of providing the service (its resource) by a node (third node) that uses the provision function An evaluation function for holding the evaluation information. For example, the first node (NA) uses a use function, the second node (NB) uses an execution function and an evaluation function, the third node (NC) uses a providing function, and the fourth node (ND) uses an evaluation function. Process.

  In this system, when the service (which may be any of various services) is executed (used), the usage function of the first node passes through the execution function of the second node, and the plurality of functions of the first group. A process is performed in which the providing function of the third node is accessed, and a response from the providing function is returned to the use function of the first node via the execution function of the second node. Further, along with the above processing (service request-response, etc.), the evaluation function (second node or fourth node) is sent from each of the provision functions of the plurality of third nodes of the first group. The response is evaluated and the evaluation information is stored. And in this system, based on the level of the value in the evaluation information, from the use function when the third node uses another person's service (any of various services) as the first node. When the service is executed, the availability of the service is controlled (the level of the evaluation information is reflected in the condition for using the service).

  (2) Furthermore, in this system form, based on the above assumptions, the action (transaction) of providing (selling) -using (buying) resources (or services) between identities (nodes) associated with users. Provide a function to set the relationship to enable. The node of an arbitrary user who becomes the first type entity (E1) provides (sells) resources (its rights) to others. The node of an arbitrary user that becomes the second type entity (E2) uses (buys) a resource (its right) from another person. A node of an arbitrary user who becomes a predetermined entity (E0) is interposed between the first type and second type entities (E1, E2), and is related to the provision (sale) -use (buy) of the resource. A predetermined service (Sr) for processing a transaction is set up. The function to set the above relationship is between the first type entity (E1) and the predetermined entity (E0) by using an information processing technique including a certificate, a key, and a signature expressing the identity of the user. A process for setting the first relationship and a process for setting the second relationship between the second type entity (E2) and the predetermined entity (E0) are performed. Between the entities of the first relationship, the transaction of providing (selling) the resources of E1 to E0 is performed, and between the entities of the second relationship, transactions of utilizing (buying) the resources provided by E0 from E2 Process. In the above transaction, for example, a settlement function that buys and sells resources (rights) using points (P) based on the evaluation information, and further enables exchange of the points (P) and predetermined money (yen, etc.) Is provided.

  According to the present invention, it is related to a cloud computing system, a large number of various users can participate, and the entire system environment can be developed well. In particular, in the above-described cloud computing system, each user (node) computer has different resources (or services based thereon), but a mechanism for facilitating the provision and use of resources / services among these users (nodes). By providing it, the construction and development of the system can be made efficient.

It is a figure which shows the structural example of a node network in the system (cloud computing system) of Embodiment 1 of this invention. It is a figure which shows the structural example of a node in this system. It is a figure which shows the example (the 1) (particularly group G1 of the service provision node NC) of the connection relation etc. of the node at the time of service execution in this system. It is a figure which shows the example (the 2) (especially group G2 of the service evaluation node ND), such as a connection relation of the node at the time of service execution in this system. It is a figure which shows the example of a hash process in this system, (a) shows the process example at the time of node participation and registration, (b) shows the process example at the time of service execution. It is a figure which shows the specific example of the transaction of the resource between users in the system (cloud computing system) of Embodiment 2 of this invention. 6 is a diagram illustrating a configuration example of a node and the like in the system according to the second embodiment. FIG. It is a figure which shows the system structural example regarding the transaction of the resource between users in the system of Embodiment 2. FIG. It is a figure which shows the example 1 of a process between entities (E0-E1) in the system of Embodiment 2. FIG. It is a figure which shows the example 2 of a process between entities (E0-E1) in the system of Embodiment 2. FIG. (A), (b) is a figure which shows the example of the point P in the system of Embodiment 1,2.

  A system (cloud computing system) according to an embodiment of the present invention will be described with reference to FIGS. As explanatory symbols, the node is N, the user (participant) is U, the node IP address is A, the hash value is B, the node evaluation information (point) is P, the cloud service is S, A resource constituting the service is represented as R, management information is represented as M, an identity (node) certificate is represented as C, and so on.

(Embodiment 1)
The basic mechanism of the system according to the first embodiment of the present invention will be described with reference to FIGS. That is, in an open and fully distributed cloud computing environment that provides a service S based on the provision of resources R from an unspecified number of participants, the user of the service S can use his / her own service as a condition of use. S provides a service S, and the provider of the service S can use the service S of another person as a consideration for the provision, and shows a mechanism for balancing the provision and use of the service S.

<Concept 1-Provision and use of services>
First, the basic concept, outline, and features of the system will be described below, and then detailed embodiments will be described. As shown in FIG. 1, in the system (cloud computing system) of the present embodiment, a network 100 is configured by connection (arrangement) of computer node groups by an unspecified number of participants (users) on the Internet. In this system, resources R (storage resources and computing resources) for a cloud-like service S are provided at a node, and the service S (configured by the resource R) is mutually used between nodes. It is an information processing system for fully distributed cloud computing. The fully distributed type means that each node has a similar function without having a special node such as a centralized management node.

  This system has a mechanism for evaluating the act of providing the service S by the participant's node and enabling the use of the service S according to the evaluation result. This balances the provision and use of the service S (resource R) by the node. In this system, the service S of the other party can be used as a price for providing the service S of the participant to the node of the participant. In other words, as a condition for using the service S of another person, the provision of its own service S is requested. The user obtains authority or points to use the service S according to the evaluation of the service S provision.

  Further, in this system, in order to avoid arbitrary evaluation and perform fair evaluation, from the node group of the participants of the network 100, for example, a plurality of nodes (groups based thereon) randomly arranged according to the service S Are set (selected) as evaluation targets (mutual evaluation targets). For example, using a hash process, a plurality of nodes in a predetermined range in which the hash value B such as the IP address A of the node is close to each other are set as one group. In addition, in order to perform a fair evaluation, a random node (an NB, which will be described later) selected by a predetermined algorithm, for example, according to the service S from the node group of the participants of the network 100 becomes the evaluation subject.

  In addition to the services S (storage services, etc.) used and provided by the user's node, the processing of specific services S (groups by a plurality of nodes) is also used for various processing functions such as evaluation constituting the system mechanism. This is realized as a process performed using

  The service S includes a basic storage service and a computing service (calculation service). The storage service is a service that can perform operations such as reading and writing on data (content) stored in a plurality of nodes (storage resources provided by them). The calculation service is a service that gives calculation instructions to a plurality of nodes (computation resources provided by them) and obtains calculation result data.

  As an evaluation function (evaluation process), for example, an evaluation subject node can determine whether or not correct response data has been normally received from each node (evaluation target node) of a group that provides storage services. The accuracy of provision of the service S by the node is evaluated. The evaluation result (evaluation information P) is stored in a predetermined node (a plurality of nodes in the group related to the evaluation process), and is reflected in the authority and points for using the service S in each node (evaluation target node). The

<Concept 2-Rules>
In the present system, the service S (resource R) provided by the resource R is provided to the user by a mechanism for fairly evaluating the result of providing the service S (resource R) and reflecting the result in the use of the service S (resource R). Encourage provision. The user (its identity) increases in evaluation and the authority and points for using the service S of the other node improve as the performance and quality of the service S provided by the resource R supply at the own node increase. On the other hand, when the user (its identity) wants to use the service S of another node more, it is necessary to improve the performance and quality of the service S provided by the resource R supply at the own node. In this system, by the above mechanism (design of fairness and incentives), it is possible to promote participation of appropriate nodes and to eliminate inappropriate nodes (arbitrary, for example, malicious nodes). In other words, in this system environment, it is possible to promote the optimization of voluntary implementation by the nodes of the participants, and at the same time, a single implementation becomes dominant due to the configuration of various implementations of the node group. Implementation vulnerabilities can prevent the entire environment from being adversely affected.

  In this system environment, in order to balance the provision and use of the service S (resource R) of the node group and to ensure fairness, etc., the rules (including the above concept 1) that the participant (node) must comply with Have. As one of the goals of this agreement, the implementation (group) of participants 'nodes that do not comply with this agreement (inappropriate nodes) will be removed from this system environment when the majority of the participants' nodes comply with this agreement. May be automatically excluded. The node of this system has a configuration (module 10 in FIG. 2) reflecting (implementing) this agreement.

  This system has a mechanism for evaluating that a participant's node correctly observes the rules. As this mechanism, in particular, the contribution of the service S (resource R) provided by the node is evaluated based on accuracy.

<Concept 3-Identity>
A participant (user U) of this system has an identity for balancing the provision and use of the service S (resource R). One or more (n) nodes N can belong (arrange, etc.) to one identity. The identity is associated with user U, node N, resource R, point P, and the like. The identity (node N belonging to it) is confirmed by predetermined authentication (certificate C). Authentication (certificate C) is based on, for example, an electronic certificate technique using a public key.

  For the sake of explanation, for the sake of simplicity, the evaluation target, the point P, and the like are appropriately considered in units of node N instead of in units of identity. For example, the evaluation target is a node N, and the node N has a point P (and a certificate C or the like). To be exact, the identity to which the node N belongs is a target.

  This system is completely distributed and does not have a mechanism (such as a special node) for centrally managing identities. In this mechanism, the identity is associated with some finite resource in the real world in order to prevent forgery of the identity or the like (for example, free riding using only the service S). As this finite resource, the IP address A and resource R of the node N (computer) of the participant are associated with the identity. This prevents identity forgery and the like.

  The identity of the participant (user U) (and the n nodes N belonging to the participant) is basically identified (authenticated) by a certificate C (self-issued certificate) issued by the participant himself / herself. The participant can join (belongs to) n nodes N that provide / use resources R as identities. The n nodes may include a node that provides only, a node that performs only use, a node that performs both, and the like. One certificate C (identity certificate) is issued to these n nodes N. A different IP address A is set for each of the n nodes.

  The node also has a function (certification function 11 in FIG. 2) for verifying that it belongs to an identity (certificate C issued by the identity (user U)). For example, when an identity (its certification) is requested from a certain first node (other node certification function 11b in FIG. 2) to a certain second node (local node certification function 11a in FIG. 2), the second node A signed message digitally signed with the private key of certificate C of (its identity) is returned to the first node. This signed message is a message describing that “the executor of this node is the owner of this public key (private key)”. By verifying this message, the first node can confirm the identity of the second node.

  The participant's identity (its node) publishes the public key (public key certified by the certificate C) in advance. The identity keeps a secret key that is a key pair with the public key. The identity proves the identity of the node using the private key (the signed message thereby). Thereby, the identity is identified from others.

  Based on the certificate C, information such as the evaluation information P in the evaluation provided by the service S is managed in units of each node N and identity units (user U units) that include them. The node (user U) can inherit the identity and the rights associated therewith by managing the identity (the proof function 11 or the like). For example, even after the IP address A of the node N belonging to the identity is changed, the authority concerning the contribution (evaluation information P etc.) of the previous IP address A at the node N and the provision and use of the service S (resource R)・ Points can be taken over. The certificate C of the identity of the node N is unchanged even if the IP address A of the node N changes.

<Concept 4-Evaluation Method>
On the network 100 of this system, a mechanism (evaluation method) and its subject (node and its function) for ensuring and managing the balance between provision and use of service S (resource R) in the identity (node) are provided.

  In this system, as shown in FIG. 3 and FIG. 4, processing is performed between nodes in each node state (function) such as use (NA), execution, etc. (NB), provision (NC), evaluation, etc. (ND) related to the service S. Is done. Each node switches functions (21 to 24 in FIG. 2) according to the processing / state of each time. For example, the node NB switches to perform processing using the NB function 22 when controlling execution of the service, and to perform processing using the ND function 24 when performing processing related to evaluation.

  In order to correctly and fairly evaluate the act of providing the service S (resource R) by the node (service providing node NC), the service using node NA passes through nodes (NB, ND, etc.) determined according to a predetermined algorithm. Then, the service S by the service providing node NC is used.

  In the present embodiment, a predetermined node (NB, ND, etc.) is used as an evaluation subject, and the final service providing node NC (its identity) is used as an evaluation target, and the evaluation related to the provision of the service S by the node NC. I do. In particular, in the first evaluation method, evaluation processing is performed by the service execution node NB, and in the second evaluation method, evaluation processing is performed by the service evaluation node ND.

  The target of the evaluation process is the contribution (actual result), accuracy, quality, and the like in the act of providing the service S by the node (a plurality of nodes in the group). As for the evaluation of accuracy, for example, it is simply determined in a binary manner whether or not there is an accurate response between the nodes NB and NC. Moreover, you may evaluate the quality of the said provision (response) not only with binary but with multiple values. For example, it is based on determination of response time (time required for request-response) or determination of the degree of difference when the content of response data is compared with accurate response data.

  In the evaluation process, the evaluation subject node (NB) determines the majority by comparing the response results (for example, data D) by the plurality of nodes NC of the group corresponding to the service S (for example, storage service). Judge and evaluate accuracy. That is, for example, the largest number of response results are regarded as correct responses, and the other (small number) response results are regarded as incorrect responses.

  Then, regarding the evaluation information P, for example, the evaluation value (point) of the node NC of the correct response is increased (or maintained) according to the response result. In addition, the evaluation value (point) of the node NC of the erroneous response is maintained (or lowered). The evaluation method may be a form in which the evaluation value of the node with the correct response is raised (a form in which authority and points for using the service S are raised accordingly), or a form in which the evaluation value of the node with the incorrect response is lowered (accordingly) The authority and points for using the service S may be reduced).

  In addition, as an evaluation method (a form of evaluation information P and a form of control of using service S), an evaluation value or a level (e.g., provided point p) by evaluation of the provision of service S is stored as evaluation information P. In addition, a method of granting authority, points, etc. (use point q) related to the use of the service S according to the level of the provision point p (method A). For example, the use of the service S is controlled according to the state or increase / decrease of the use point q, but the provision point p does not change according to the service S use. That is, for example, during normal times, if the usage point p is equal to or greater than the threshold, the service S is permitted, and if the usage point p is less than the threshold (due to a decrease in evaluation), the service S is not permitted. It is conceivable to control such as. Similarly, it is possible to control the use of the service S in a predetermined unit by reducing the use point p. In addition, for example, control of changing the level of use of the service S (for example, quality of provision, priority, etc.) according to the provision point p is also conceivable.

  As another evaluation method, the provision point p obtained by evaluating the provision of the service S may be regarded as a utilization point q related to the use of the service S (method B). That is, like the electronic money or point service method, the point P (p = q) is increased for each service S providing unit (evaluation improvement), and the point P (p = q) is increased for each service S usage unit. It is a method to reduce (consume).

  As a form of the evaluation information (point) P, the above-described p and q may be managed separately, and q may be determined from p by calculation or the like.

  Further, the mechanism that does not hold the evaluation information (points) P related to the own node in the own node prevents, for example, malicious participants from tampering the point and using the service. If information security problems such as tampering can be solved, the evaluation information P related to the own node may be held and referred to in the own node.

<Network>
A detailed embodiment will be described below based on the above. FIG. 1 shows a network 100 according to node N (group) of participants (user U-identity) in the present system. Only a few nodes N (eg N1-N8) are shown schematically. It is assumed that the user Ui (identity, certificate Ci), IP address Ai, its hash value Bi, evaluation information (point) Pi, management information Mi, and the like are associated with each node Ni, not limited to N1. Information such as evaluation information Pi for each node Ni is held and managed not in the own node Ni but in another node (ND described later), and the information is referred to as necessary.

  The network 100 can communicate with each other by directly or indirectly connecting the nodes N with a communication link (broken line) through an IP network or the like. A user U (its identity) who is a participant in the system can arrange (participate) n nodes N, but in a simple case, it may be considered as 1 identity-1 node.

<Node, module>
In FIG. 2, a configuration example of the node N is shown. Each participant's node N is a computer such as a PC in which the module 10 for realizing the mechanism of the present system is installed. The module 10 is configured by a program or the like, and is executed by the node N. The user U provides a cloud-like service S (resource R for the configuration) to the outside (another node N) in a state in which the node N (module 10) is in operation (connected to the network 100). Further, the service S (resource R) of the outside (other node N) is used. Its provision and use can be selected and set by the user U each time.

  The node N has a set of an IP address A and a port, can be identified by the value, and can communicate between the nodes N. The node N includes hardware 101 (CPU, memory, disk, IO (peripheral device), etc.) and software 102 (OS, middleware, server, browser, application, etc.). These correspond to the storage resource 103 and the calculation resource 104.

  The module 10 has a certification function 11, a hash processing function 12, a service function 13, a resource delivery function (setting function) 14, an information management function 15, and the like. The module 10 includes a service use function (NA function) 21, a service execution function (NB function) 22, and a service provision function (NC function) 23 as processing functions corresponding to each node state (NA to ND described later). Service evaluation function (ND function) 24 and the like. The node N holds information data such as management information (M) 50, a certificate (identity / node certificate) (C) 51, log information (L) 53, evaluation information (P) 54, and the like.

  The certification function 11 is a processing function related to certification (authentication) related to the node N and its identity, and has its own node certification function 11a, another node certification function 11b, and the like, and manages the certificate (C) 51 and the like. The own node certification function 11a performs processing for issuing the own node certificate (C) 51 (when the own node is certified in response to a request from another node). The other node certification function 11b performs a process of authenticating (confirming) the certificate 51 of the other node (when requesting from the own node to prove the other node). Note that the public key information in the certificate (C) 51 is disclosed to the outside, and the secret key information is concealed within the own node.

  The certification function 11 is a part of the function that allows the node N described above to inherit the identity of the user U and the rights associated therewith. By using the certification function 11 or the like, a node (for example, a new participating node) can inherit the identity associated with the node and its right (evaluation information P or the like).

  The hash processing function 12 performs hash processing (processing using a hash function) for associating various services S (its service type T) with the group of the node N that is the processing subject (access destination). Do.

  The service function 13 performs basic storage service 13a (service type T1) processing, computing service 13b (service type T2) processing, and applied service 13c (service type Tx) processing using them. , Using the resource R (the storage resource 43, the calculation resource 44, etc.). For example, in the processing of the storage service (T1) 13a in the storage resource 43, communication (request-response) with an external node N is performed (a), and the data D (content) identified by the ID (identifier) Then operations such as reading and writing are performed. For example, in the processing of the calculation service (T2) 13b in the calculation resource 44, communication (request-response) with an external node N is performed (b), and an operation (operation O) for data D (content) identified by the ID is performed. ) And the resulting data D ′ is returned.

  The resource delivery function 14 is based on the resource R (storage resource 103, calculation resource 104, etc.) by the hardware 101 and software 102 of the own node N, and the resource R (storage resource 43, For example, processing for setting the calculation resource 44). For example, a participant (user U) determines to what extent the resource R (resource R having the right to use, etc.) that he / she owns is to be provided, the amount of the resource, the operating time, etc. It can be set freely.

  The information management function 15 creates and manages management information (M) 50 and the like for managing the system mechanism. In addition, the information management function 15 can exchange information data such as management information (M) 50 and evaluation information (P) 54 by appropriately communicating with an external node N (c).

  Further, the service execution function 22 and the service evaluation function 24 exchange log information (L) 53 and evaluation information (P) 54 by communicating with external nodes (d).

  In addition, the node N or the module 10 may be provided with a graphical user interface function for making it easy for the user U to operate various functions of the present system using a Web browser or the like.

<Cloud computing service>
In this system, functions of a basic cloud computing service (cloud service S) will be described. The mechanism of the service S itself is basically the same as that of the existing technology. The service S basically includes a storage service 13a and a computing service (calculation service) 13b. The service types T for identification are T1 and T2. Information such as service type T that is different for each service is set and managed in management information M.

  (1) Storage service 13a (T1): The target content (data D) (ID that uniquely identifies it) can be read / written (created / referenced / updated / deleted). It is a service. The target data D is stored using the storage resource 43 provided by the service providing node NC. The target data D (replication) is stored in a plurality of nodes NC in the same group.

  (2) Computing service 13b (T2): A set (calculation request) of the target content (data D) and operation (operation O) is given to the service providing node NC (the computing resource 44 to be delivered), In this service, the result (calculation result) of applying the operation O to the data D at the node is returned as new content (data D ′).

  By providing the resource R at the participant node (IP address + port), at least the basic service S (T1, T2) is provided. Further, by using these (T1, T2) in combination, it is possible to configure and provide an applied service 13c (Tx). Accuracy in the provision of these services S is an evaluation target.

  Various services and processes in this system are services S realized by cloud computing. That is, in any service S, the same processing related to the service is performed in a plurality (three or more) of nodes in the group / range to be accessed. The group / range is determined by a predetermined algorithm (hash process) described later. Processing such as an evaluation function, which is characteristic in this system, is also processed in the form of a specific service S (service type T).

  When using the service S, it is possible to specify and request the service type T, target data D (its ID), its operation, and the like. It is not necessary to designate and be aware of the specific IP address A of the service providing node NC.

<Model and process flow>
A series of processing flows and models at the time of execution (use (request), provision (response), evaluation, etc.) of the service S by the nodes in the system (network 100) will be described with reference to FIGS. 3 and 4, the connection relationship of the nodes (NA, NB, NC, ND) in each state when the service S (for example, the storage service (T1)) is used from the node N1 (NA) of the user U1. An example is shown. FIG. 3 shows a group G1 that serves as the service providing node NC. FIG. 4 particularly shows a group G2 which is a service evaluation node ND.

  The node NA (N1) is a node that requests and uses the cloud service S by the NA function 21, and is referred to as a “service use node”. The nodes NC (for example, N3 (NC1), N4 (NC2), N5 (NC3)) are nodes that provide the cloud-like service S by the NC function 23, and are referred to as “service providing nodes”.

  The node NB (for example, N2) is a node that is interposed between the use of the service S by the node NA and the provision of the service S by the node NC, and is referred to as a “service execution node”. The node NB controls the execution of the service S by the NB function 22, grasps the provision of the service S by the node NC, records it as log information L, evaluates the provision (response), and evaluates it as the evaluation information P. Record and send this information to the node ND for storage.

  The node ND (NDa, NDc) holds the evaluation information P related to the service providing node NC by the ND function 23 and confirms or provides the evaluation information P according to a request (reference) from the node NB And is referred to as a “service evaluation node”. The node NDc (for example, N6) is a node that holds log information L (Lc) and evaluation information P (Pc) regarding the node NC (group G1) in FIG. The evaluation information Pc includes evaluation information (points) (P3 to P5) of each node (N3 to N5) of the group G1. Similarly, the node NDa (for example, N8) is a node that holds log information L (La) and evaluation information P (Pa) regarding the node NA (N1) in FIG. 3 (when the node is in the NC state). The evaluation information Pa includes evaluation information (points) P1 of the node N1.

  As an example, the flow (201 to 204) in the case of executing the storage service (T1) will be described below. The target data (content) and its ID are Da. The operation is the same in any case, such as storage (writing) or reference (reading) of the target data Da. A plurality of (for example, three) node NCs (for example, N3 to N5) having data Da (replica) are included. The evaluation method is a case where the evaluation process is performed at the node NB, and the evaluation information P is stored in the node ND and can be referred to. Further, there is one node NA, NB, and there are a plurality (three or more) nodes NC, ND. The certification (authentication) of each node is performed at any time using the above-described certification function 11 (certificate C or the like), but the description thereof is omitted.

  First, the flow of 201 (a1, a4), 203 (a2 (a2-1 to 3), a3 (a3-1 to 3)) is a request-execution of service S between NA-NB-NCs. Indicates response processing. On the other hand, secondly, the flow of 202 (b1, b2), 204 (b3 (b3-1 to 3)) is a process related to the evaluation between NB-ND (NDa, NDc) associated with the first process. Show. NDa is involved in processing of confirmation (e.g., control relating to use point q) of evaluation information (Pa) etc. relating to NA (N1), and NDc is used to store evaluation information (Pc) etc. relating to NC (G1) (particularly control relating to provision point p). ). An example of the processing order is {a1, b1, b2, a2, a3, a4, b3}.

  (1) (a1: Service request): The service use node NA (N1) (its NA function 21) issues and transmits a service S use request to the service execution node NB (N2) (its NB function 22). . This request includes information such as [service type (T1) + ID (Da)] (and other information such as write data and operation instructions as appropriate). For example, NA (N1) determines and accesses an NB as an access destination based on reference to management information M (M1).

  (2) (b1, b2: Evaluation information confirmation): The service execution node NB (N2) first determines the node ND (NDa: ND) based on the management information M (M2) reference to the access (a1) from the NA. An access / request (b1) for confirming the evaluation information Pa (P1) related to the NA (N1) is performed on the node (the node holding the evaluation information Pa (P1) related to the NA (N1)). In the present embodiment, the NB function 22 (or ND function 24) of the node NB accesses the node NDa (ND function 24), confirms the evaluation information Pa of the node NA, and controls the execution of the service S. . Note that the process of confirming the evaluation information P and the like is also realized as a predetermined service S, and the access destination is a plurality of nodes NDa of the predetermined group G3.

  For the access (b1), for example, the NDa (N8) determines that the node NA (N1) (its identity) is the current point P1 based on the reference to the management information M (M8) and the evaluation information Pa (P1). Whether or not the use of the service S is permitted according to (use point q) is confirmed. Alternatively, in another method, the NDa performs a process of consuming the point Pa (P1) (use point q) of the node NA (N1) in order to use the service S. Then, the confirmation result (for example, OK (permitted) / NG (not permitted)) is transmitted from NDa to NB (b2). If OK (permitted), the subsequent processing (after a2) is performed. The confirmation with NDa may be performed with NB after b2 (obtains Pa).

  (3) (Determination of G1 (NC)): Next, the node NB (N2) (its NB function 22) provides the service S (T1) (target data Da) based on the reference of the management information M2. A group G1 of a plurality of node NCs to be accessed is determined (confirmed) by hash processing (input value [T1 + Da]). This uses the hash processing function 12 (details will be described later). As a result, the IP address A (A3 to A5) of each node NC (eg, NC1 to NC3) to be accessed is recognized. In the management information M2 referred to by the NB (N2) in the above process, for example, a group G1 of a plurality of node NCs is associated with each IP address A by hash processing using information including [T1 + Da] as an input value. (A3 to A5) are obtained.

  (4) (a2: Service execution (request)): The NB (NB function 22) sends each of a plurality (three) of nodes NC (NC1 to NC3) (nodes that hold data Da) of the access destination group G1. On the other hand, a request for providing the service S is transmitted in parallel (a2-1 to 3). The request includes information such as service type T1, ID (Da), and operation instruction. For example, it is a request for reference (reading) of the data Da itself. The parallel access can be executed simultaneously or sequentially depending on the service type T. The service itself can send a response (a4) to the NA if at least one correct response is obtained from the NC.

  (5) (a3: Service provision (response)): Each node NC (NC function 23) receiving the request (a2) from the NB is designated by the ID in the storage resource 43 of its own node in the operating state. A specified operation (for example, reading) is performed on the data Da to be transmitted, and the result (for example, the data Da itself) is transmitted as a response to the NB (a3-1 to 3). The NB receives a response from each NC (NC1 to NC3). However, an accurate and quick response cannot be obtained when the NC is not operating, the load is high, or the communication link between the NB and the NC is in a failure state. In addition, depending on the state of the node NC at that time (for example, the non-operating state), the target data Da may not be updated. However, if the data can be updated by at least one node NC, then the nodes in the group G1 By transferring (copying) the data between the NCs (205), the data Da can be held in each node NC.

  (6) (a4: Service response): The NB (NB function 22) sends the response (accurate response data) to the requesting node NA based on the response from each NC (NC1 to NC3) of the group G1. ). The NA (NA function 21) receives the response.

  (7) (Evaluation Process): The node NB performs the above processes (a3, a4), and also performs a process related to the evaluation regarding the node NC (providing the service S) with the node ND (group G2). First, the NB (NB function 22) records log information L (Lc) regarding the state / result of execution (201, 203) of the service S (T1) including the state / result of the response by each NC of G1. To do. Moreover, NB (ND function 24) performs an evaluation process about the response result (a3-1 to 3) of each NC of G1. Specifically, for example, the NB aggregates the response results of each NC and evaluates the accuracy of the response of each NC based on a majority decision. For example, it can be confirmed that the response contents are correct when the response results from the NCs are the same. In addition, the NB determines, for example, whether or not an accurate response (its data) from each NC has been received normally (rapidly) (OK) or not (NG) by binary, and thereby the evaluation value (provided by the node NC) Increase or decrease point p). In the case of the calculation service (T2) and in the case of other applied services (Tx), evaluation can be made in the same way. The NB creates evaluation information P (Pc) based on the result of the evaluation process, and records it, for example, with or as part of the log information L (Lc). It should be noted that not only relative comparison and evaluation among a plurality of nodes NC in parallel, but also absolute evaluation of responses in units of individual nodes NC may be performed. Further, the quality of the service S may be determined according to the content of the service S (service type T) (for example, in the case of a moving image distribution service, the quality of the moving image data, the length of response time, etc.). The evaluation information P by the NB is information representing increase / decrease in the evaluation value (provided point p) of the node NC, for example, depending on the evaluation method. For example, the node whose response is OK is +1.

  (B3: Storage of evaluation information): Based on the evaluation process, the NB (the ND function 24) converts the log information Lc and the evaluation information Pc into a plurality of nodes ND (NDc) (the ND of the predetermined group G2). Send (copy) to function 24) and save. Each ND may return a response to b3 to the NB. The process of storing the evaluation information P and the like is also realized as a predetermined service S (service type is Td), and a group G2 (for example, 3 in FIG. 4) by a plurality of nodes NDc to be accessed at the time of the process. The two nodes ND1 to ND3) are determined by a predetermined hash process (input value: including [Td], for example) as described above. Note that a node different from the NC is selected and determined as the ND.

  Each node NDc (for example, N6) (the ND function 24) of the group G2 stores (registers) log information Lc and evaluation information Pc related to NC (G1) therein. The evaluation information Pc includes points (for example, P3 to P5) regarding each NC (for example, N3 to N5). The log information Lc and the evaluation information Pc may not be stored depending on the status of the node ND at that time (for example, the non-operating state). However, if the information can be stored in at least one node NDc, then the group By exchanging (copying) the information between the nodes NDc in G2 (305), the information can be held at each node NDc. The evaluation information P by the ND is, for example, the absolute value (current value) of the evaluation value (provided point p) of the node NC according to the evaluation method, and the evaluation information P (increase / decrease amount) from the NB is added. Updated by

  In FIG. 4, the access (b3, 204) from the NB to the NDc is the access b3-1 to b3-1 to each node NDc (for example, ND1 (Nx), ND2 (Ny), ND3 (Nz)) of the group G2. . In NDc (Nx to Nz), IP address A is Ax to Az and hash value B is Bx to Bz, respectively. In the management information M2 referred to by the NB (N2) during the storage process (Td), for example, a group G2 of a plurality of nodes NDc is obtained by hash processing using information including a predetermined service type (Td) as an input value. Are associated with each other, and each IP address A (Ax to Az) is obtained.

  Since the evaluation information Pc held in the NDc (G2) is related to the NC (N3 etc.), the NC (N3 etc.) is in the NA state by the NA function 21 as a NA state through another NB (eg N9). When the service S is used (311), the service S is referred to in the same manner as 202 (312). In the above example, in the other evaluation methods, the NB does not perform the evaluation process but records and stores the log information Lc, and the NDc performs the evaluation process based on the log information Lc and stores the evaluation information Pc. It becomes the form.

<Hash processing (service and node mapping)>
Next, the hash process will be described with reference to FIG. FIG. 5A shows an example of hash processing for the configuration of the management information M at the time of participation / registration of a node in this system. FIG. 5B shows an example of hash processing based on reference to the management information M when the service S is executed after the registration. In the present embodiment, as a mechanism for selecting and mapping a plurality of nodes (ranges / groups (G1, G2, etc.) described above) that are targets (access destinations) for processing the service S on the network 100, a hash is used. Function processing (hash processing) is used.

  As basic control, a hash value B with the IP address value A or the like of the participating node as an input value is taken and registered in the management information M. In addition, the service S is associated with a plurality of nodes in the range / group (G) in which the service S is processed using the hash value B with the service type T, ID, and the like as input values. By using hash processing, although depending on the characteristics of the hash function, a plurality of nodes (for example, NCs) in the group on the network 100 have a generally random and distributed distribution. That is, processing is distributed in the network 100 (node group).

  When using the service S, different output values can be obtained by using information such as different service types T as input values of the hash function. That is, a plurality of nodes in different access destination ranges / groups (G) for each service S are selected and determined. Needless to say, the information used as the input value of the hash function is not limited to the service type T, the IP address A, or the like, and various information can be used. Also, if different types of functions (such as hash functions) are prepared for mapping, different output values can be obtained even with the same input value.

<Hash processing (a)>
In FIG. 5A, when a node (identity) that newly participates in the network 100 is registered (arranged), information related to the node is registered in the management information M (the management information M of each node is updated). ). The IP address value A of the node is input to a predetermined hash function (H1), and the output hash value B (IP address hash value) is obtained. The hash value B by H1 is normalized to a predetermined numerical range (for example, 0 ≦ B ≦ 1). In FIG. 5A, each point on a ring (ring buffer) in a predetermined numerical range indicates a B value. With the hash (H1), a continuous IP address A (group) representing the distance on the network 100, which is an input value, is converted (mapped) into a discrete hash value B (group), which is an output value.

  The hash function H1 is a function having a predetermined characteristic that obtains a representative numerical value as an output hash value from an input data value. In the present embodiment, as a characteristic of H1, there is discontinuity that obtains a discontinuous output value group from a continuous input value group. Also, it has determinism to obtain the same output value from the same input value. In addition, for example, the mapping (distribution of output values) is uniform so as to be distributed over the entire output value range. As another form, not only a hash function but also other predetermined functions having characteristics such as mapping a continuous value (A) to a discontinuous value (B) as described above can be applied.

  In the example of FIG. 5A, as the random IP address value A on the network 100, the IP addresses (A3 to A5) of the three nodes NC (N3 to N5) in the example of FIG. Assume that B3 to B5 (neighbor values of B4) are reached. In other words, when a predetermined neighborhood range 501 in the B value space (for example, B3 to B5, which are neighbor values of B4) is taken, disjoint IP addresses A (A3 to A5) are obtained. .

  The information of the A → B mapping by the hash processing is registered in the management information M as the bidirectional mapping information of AB. Each node may hold management information M relating to the entire node group of the network 100, but it is not necessary to have information relating to all nodes in particular, and each node holds information relating to nodes in the neighborhood range (group) of the own node. Then, it may be configured to update to the latest information as appropriate by performing communication for exchanging the management information M between the nodes. As the neighborhood range (group) of the own node, for example, a predetermined neighborhood range in a B-value space as shown in FIG.

<Hash processing (b)>
With reference to FIG. 5B, the hash processing at the time of executing the service S after the above setting will be described. For example, in FIG. 3, the NB (N2) refers to the management information M2 in response to the request for the service S (T1) from the NA (N1), and operates the target data Da with the requested service S (T1). A plurality of service providing nodes NC (group G1) serving as access destinations to be determined are determined (confirmed) by hash processing.

  The NB (hash processing function 12), for example, inputs [T1 + Da] to the hash function H1 and obtains its output value h (normalized to a predetermined range (0 ≦ h ≦ 1) similarly to B). The h value is associated with the B value on the ring in FIG. Then, a predetermined neighborhood range 502 (for example, three neighborhood values including front and rear) regarding the h≈B value is taken. For example, it is assumed that the B value closest to the h value is B4 and the closest values before and after that are B3 and B5. This is associated as a predetermined range / group = G1. That is, G1 = {B3 (A3), B4 (A4), B5 (A5)}.

  By referring to the management information M, a plurality of nodes (for example, N3 to N5) having corresponding IP address values A are obtained for a plurality (three) of B values of G1. The G1 is associated as a plurality of service providing nodes NC (NC1 to NC3) serving as access destinations that hold and provide the data Da with the storage service (T1).

  The association (T1, Da, G1 (NC), etc.) may be registered in the management information M and referred to as appropriate (the omission of each hash process) or every time the service is executed. It is good also as a form (it can reproduce by making it the same hash input value etc.) reproduced by calculating. In addition, by changing the input value (for example, service type T) to the hash function (H1) and performing the same processing as described above, it is possible to select and map a range / group (G) by a plurality of different nodes.

<Effects>
According to the system of the first embodiment, the evaluation increases according to the provision of the service S (participation level, accuracy, etc.) at the participant's node, and the authority and points for using the service S are increased according to the evaluation. The system environment can be promoted through the balance between the use and provision of the service S (resource R) by encouraging the participation of a large number of diverse users through a mechanism that takes into account fairness and participation incentives. The whole can be developed well. Further, the present invention is not limited to the storage service and can be effectively applied to a case where a large amount of processing is required in real time, such as an applied service such as a moving image reproduction service.

(Embodiment 2)
Based on the above, a system (cloud computing system) according to the second embodiment of the present invention will be further described. The second embodiment is based on the system configuration of the first embodiment as it is as a system configuration, and additional elements are added as a mechanism to operate on it. This element mainly relates to the provision (sell) -use (buy) action (transaction) of the resource R (or service S) between the identities (nodes N) of a plurality of participants (users U). These are various functions relating to the setting of the relationship, particularly the setting of the relationship relating to the service (business) of buying and selling the resource R. By using this function, a relationship (key chain relationship) can be freely set between the identities of the participants (node N), and a trading business can be freely performed. As a result, it is possible to trade (accommodate) resources R and the like between users having different computer resources and environments. For example, the point P described in the first embodiment can be traded (moved) between users. it can. It also enables trading transactions linked to the existing economy, thereby making profits possible.

  In the first embodiment, for example, it is conceivable that the service S is difficult to use unless a certain user provides the service S and raises the evaluation information (points) P to some extent. In addition, even if an accurate service S or the like is provided (disclosed), there is a case where the evaluation (increase in the point P) is not connected (for example, the point P is concentrated on the service S of some popular users). If it gets higher). In this case, the distribution of the points P among users in the system is biased. In the second embodiment, for example, even a user with a small value of point P (provided point p, use point q) can be pointed in a transaction with another user (in exchange for his own resource R, etc.) by the above-described relationship setting mechanism. Since P can be obtained, it is easy to participate in the system. Further, it is possible to further enhance the effects such as the provision-use balance of the service S (resource R) described in the first embodiment.

  In the second embodiment, the evaluation information (points) P handled in the first embodiment is used in a transaction between users. In particular, in the case of a trading business, it has a function that can be used as an electronic monetary trading point and the point P can be exchanged for money such as yen. In terms of control, another type of point may be determined (associated) by calculation or the like from the point P of the first embodiment.

  As symbols for explanation, an entity (same meaning as identity) is E, a key (key) is k, a right (predetermined right associated with resource R or service S) is K, and so on. In addition, elements having mutual correspondence such as a participant (user U), an identity (entity E), a node N, and a certificate C will be described by using only a part of them as appropriate.

<Concept 1-Relationship setting>
First, the basic concept of the mechanism and function (setting of relationship by key chain, resource trading business, etc.) in the second embodiment will be described below. On the network 100 described above, an arbitrary (desired) participant (identity, etc.) is used as a subject, and the resource R is provided from an arbitrary (desired) first-type participant (resource provider). It has a mechanism that allows an act (transaction) to provide R to an arbitrary (desired) second type participant (resource user) freely. The provision-use act (transaction) between the participants may be performed free of charge, but in particular, the form (service) that provides (sells) -uses (buys) for a fee (with consideration). Scheme).

  For the sake of explanation, it is assumed that the resource provider is a first type identity (entity: E1) and the resource user is a second type identity (entity: E2). A predetermined service (business) for providing (selling) -utilizing (buying) a resource R (service S) between identities (nodes) between E1 and E2 is provided. A participant is a business entity (entity: E0). Certificates C0, C1, C2 associated with E0, E1, E2, respectively, key k k0, k1, k2, resource R R0, R1, R2, right K K0, K1, K2, (The same applies to other symbols).

  In this mechanism, an arbitrary participant can participate (and leave) as the various entities (E0, E1, E2) according to his / her intention selection. As the business entity (E0), it is possible to set up an information processing service (referred to as Sr) related to the transaction of provision (sale) -use (buy) of the resource R between the identities (nodes) (see FIG. 4). The service Sr can be started and ended freely). The service Sr is the buying and selling of the resource R with respect to E1 and E2 when viewed from E0, the provision (sale) of the resource R when viewed from E1, and the use (buy) of the resource R when viewed from E2. The service Sr has a different meaning from the above-described cloud service S, and is, for example, a form of service processing of the client server system (E1 and E2 are clients (request side) and E0 is a server (response side)).

  Similarly, according to the choice of the participant, the entity (E1) for providing (selling) the resource R, the entity (E2) for using (buying), and the entities (E1 and E2) that perform both of them Participation (and withdrawal) is possible. Although E1 and E2 are described separately, they may be regarded as one type of entity that performs both of the above (the same is true for information processing). The above E0, E1, and E2 are processing functions corresponding to the node state at that time in the same manner as the processing functions (NA to ND) of each node state described above.

  The resource R to be offered (sold) -used (buyed) is a computer resource of the node N (the storage resource described above) that can be used to configure the cloud service S (Embodiment 1). 43 and computational resources 44). The provision and use of the service S in the first embodiment and the provision and use of the resource R in the second embodiment have different meanings. For example, the provision (sale) of the resource R in the second embodiment is the first The resource R (right K) of one user is given to another second user in exchange for the point P as a consideration. Thereby, the first user can increase his / her point P. Further, when the resource R for which the second user has the right K is used as the service S as in the first embodiment, the point P obtained by the evaluation is not the first user but the second user P. It will be counted by the user. In the second embodiment, the target is described as the resource R. However, similarly to the first embodiment, the service S including the resource R is also considered as the target.

  The resource R is generally associated with a predetermined right K, and information on the right K associated with the resource R is managed in this system. The action (information processing) of providing (selling) to using (buying) the resource R between users is associated with updating or moving (information processing) of the corresponding right K. The update is, for example, transfer or grant of ownership or usage right of the resource R, rewriting of information, etc. according to the form of the right K. The information on the right K associated with the resource R includes information necessary for control in the present system, for example. That is, it simply includes information on which identity (node) currently has which resource R in the system. Further, the information on the right K may include, for example, information-processing rights management information corresponding to legal rights information regarding a predetermined right / authority such as possession or use of the resource R, a control mechanism thereof, and the like. . Further, the resource R or the service S itself may have the right K information. Further, when the nature of the target resource R or service S is freely disclosed to others, management of the right K information can be omitted.

  In this system (each node), the relationship between the entities (E0, E1, E2) in a plurality of users (E0-E1 relationship, E0-E2 relationship) can be freely set by a key chain described later. It has a function that can. The key chain is realized by an information processing technique such as a digital signature using the certificate C and the key k proved thereby.

<Concept 2-Service Sr, Settlement>
The business entity (E0) that provides the service Sr such as the resource R trading business provides a settlement function (or settlement system) for the resource provider (E1) and the resource user (E2). That is, it has a mechanism for performing the settlement process associated with the existing economic money (for example, yen) in connection with the processing of the service Sr. The settlement processing includes, for example, processing for exchanging points P and yen (¥) used for trading in the second embodiment, bank account withdrawal processing on a predetermined date, and the like. Further, the payment function may be a function or a system realized by cooperation with an external payment function (for example, a payment system dedicated to this system or a payment system such as an existing financial institution). For example, E0 may appropriately communicate with an external payment system to execute the payment process.

  Based on the payment function, the entity (E0) that provides the service Sr pays the resource provider (E1) for the resource R that has been provided. For example, E0 uses E1 resource R1 (corresponding right K1) by buying at trading point P based on the exchange rate at that time (that is, sum of right K1 from E1 to E0, etc.). Further, E0 provides the resource R to E2 in response to the use (buy) of the resource R1 from E1 as well as payment of the price from the resource user (E2). For example, E0 provides E2 by selling its available resource R0 (for example, resource R1 obtained from E1 above) (corresponding right K0 / K1) at trading points P based on the exchange rate at that time. (Ie, distribution of right K1 from E0 to E2, etc.). In E2, the resource obtained by the above payment is the resource R2 that can be used by itself (the above example is also described in FIG. 6).

  The resource provided (sold) from E1 to E0 by the service Sr may be different from the resource provided (sold) from E0 to E2, and the transaction timing may be different. For example, E0 can collect a plurality of small resources R from a plurality of E1, configure one large resource R or service S and provide (sell) it to E2, and conversely, provide a large resource R (service S). It can be divided into a plurality of pieces and provided (sold) to a plurality of E2.

  By providing (selling) -using (buying) spread between these entities (E1-E0-E2), E0 can make a profit. By providing E0 (Sr), E1 can obtain point P or the like instead of providing its own resource R (for example, idle resources such as storage) to E0. Since the point P obtained by E1 corresponds to the evaluation information (P) 54 of the first embodiment, it is reflected in the conditions for using the service S (first embodiment). E1 can also use (buy) other people's resources R, exchange them for yen, or the like as E2, using the point P. On the other hand, E2 can obtain a resource R or the like instead of providing its point P or the like to E0. E2 can also provide (sell) the resource R to others as E1, using the resource R. The resource R2 obtained by E2 is, for example, the resource R1 of E1 (FIG. 6), and E2 accesses the resource R1 (service S, etc.) of the E1 within the scope of the right K2 of the resource R2. Can be used. E2 can configure and provide (disclose) the service S (Embodiment 1) using the resource R2 (R1). Further, the business entity (E0) that has made the two transactions can obtain a profit by the difference in the selling price according to the exchange rate of the buying and selling of the resource (R1 → R0 → R2).

  The exchange rate (market price) in the service Sr can be set / changed freely by E0 (its user U) and presented to a trading partner or the like. E1 and E2 can respond to buying and selling by their own judgment with reference to the rate and the like presented by E0. Alternatively, the rate may be automatically determined. For example, a rate determination function (a program or the like) provided in an external settlement function of E0 may determine the rate by calculation based on the supply and demand situation of the resource R, and E0 may present information on the rate.

  Further, in the second embodiment, the exchange of the consideration in the trading service Sr is based on information processing such as increase / decrease at a predetermined point P. For example, in a transaction between E1 and E0, a predetermined unit of the target resource R (right K) is bought and sold at a predetermined point P.

  In addition, when there are a plurality of E0s that provide the same service Sr (a target of trading), it is possible to present rates and the like, so each participant (E1, E2) is dissatisfied with a certain E0 presentation rate. Then, you can buy and sell at a different E0 presentation rate. In other words, the adjustment effect due to competition (promotion of entry / exit of appropriate participants, price adjustment, etc.) works.

<Concept 3—Key chain>
In the second embodiment, as an information processing technical means (implementation) for realizing the above mechanism, a key k (certificate C and a key k proved thereby) expressing each identity in the user group, It has a function capable of setting the above-described relationship by the key chain. When setting a relationship by a key chain, a process of issuing a certificate C (and key k) corresponding to the relationship is performed between the corresponding entities. This processing can be performed by publicly known digital signature processing (that is, processing for signing one (signed side) public key with the other (signing side) private key). Specifically, the key k is a key pair of a public key (referred to as ka) and a secret key (referred to as kb).

  Participant (the node) who wants to do business of buying and selling the resource R (providing service Sr) registers as E0 in this system, opens service Sr, and uses E0 service Sr (participation in trading) (The node) registers in the system as E1 and E2 (a registration function 81 described later). When the resource R is provided (sold), it is E1, when it is used (buy), it is E2, and in both cases it is E1 and E2.

  The registration corresponds to setting (creation) of a relationship using a key chain. The processing function for setting (creating) the key chain is technically realized by a digital signature using the above-described certificate C (certification function 11). One entity (E0) digitally signs the other entity (E1, E2), thereby setting a relationship between the keys k (certificate C). Along with the registration, one entity E1 (E2) in the transaction relationship is issued a certificate C1 (C2) and a key k1 (k2) digitally signed by the certificate C0 and key k0 of the other entity E0. .

  In setting the relationship by the key chain, the identity (E0) of the upper side, that is, the signing side (referred to as the parent), and the identity (E1) of the lower side, ie, the side of signing (referred to as the child) Or E2), and certificate C and key k are associated with each other. For example, E1 (child) public key ka (corresponding certificate C1) is signed by E0 (parent) private key kb (corresponding certificate C0). Similarly, the public key ka (corresponding certificate C2) of E2 (child) is signed by the private key kb (corresponding certificate C0) of E0 (parent).

  In the service Sr, the provision (sale) of the resource R by the subordinate (child) identity (E1) as the resource provider is the key of the upper (parent) in the key chain relationship of the key k1 (certificate C1) of the E1. The right K (K1, right of the resource R (R1, R0) of the corresponding identity (E1, E0) is added to the provision (corresponding right K) of the resource R by the identity (E0) corresponding to k0 (certificate C0) K0) is updated).

  Similarly, the use (buy) of the resource R by the lower (child) identity (E2) to be the resource user is the upper (parent) key k0 in the key chain relationship of the key k2 (certificate C2) of the E2. The right K (K2, K0 of the resource R (R2, R0) of the corresponding identity (E2, E0) distributed from the use (corresponding right K) of the resource R by the identity (E0) corresponding to (certificate C0) ) Is updated).

  As for the setting of the relationship by the key chain, it is possible to set a plurality of relationships among a large number of users in a chained or multiplexed manner. That is, for example, a node that is a parent (E0) in the relationship of the key chain of the first transaction can become a child (E1 or E2) node in the relationship of the key chain of another second transaction, and vice versa. It is. Moreover, the relationship for each trading partner user can be set.

  Reflection and affiliation of points P and the like for each user (identity) is also appropriately processed (update processing, settlement processing, etc.) according to the set relationship. The relationship by the key chain is based on the mutual reliability of individual users (identities) in the network 100 having no special node. The authenticity of the identity of the signer (E0) depends on the evaluation by other nodes (status of evaluation information P, etc.), the signature by the node (parent) of another key chain, and the provision of the service Sr at that node. It is reflected in the results. Information on the set relationship and information such as transaction results are accumulated, so that the reliability of the identity (node) is built accordingly.

  As described in the first embodiment, the parent (E0) and the children (E1, E2) in the key chain relationship are each an external (other) evaluation node group (evaluation information P held by the group). Etc.). In the second embodiment, information such as the right K in addition to the point P is managed in the evaluation node group. When a sale transaction for the resource R in the service Sr is concluded (established), an update process is performed on the possessed information of the corresponding evaluation node group. For example, increase / decrease in possession point P of the corresponding entity, update of right K, and the like.

  When closing the transaction, for example, the parent (E0) sends an instruction or the like by a signed message with its own certificate C0 (key k0) to the other child (E1 or E2) or the corresponding evaluation node group. The contract can be realized. That is, the information on the point P and the right K can be updated (for example, the above-mentioned summation and distribution). The side that has received the instruction (signed message) can confirm that the other party is the correct entity (E0) by the verification.

  With the above-described mechanism such as the key chain, a relationship relating to the provision (sale) -use (buy) of the resource R can be introduced between the nodes (identities) of the participants in the network 100. P can be exchanged. In particular, by using this function, the business of buying and selling the resource R becomes possible in the form of a service Sr by the entity E0. Any identity on the network 100 can freely participate as E0, E1, or E2, and has the characteristics of an open / completely distributed type as in the first embodiment.

<Example>
Next, an example will be described with reference to FIG. E0 (parent) sets up a service Sr for buying and selling resources R among a plurality of participants (E1, E2). In the information processing for buying and selling in Sr, points P (information values that can be increased or decreased) are used based on the description of the first embodiment. In the information processing of Sr, calculation and transfer are mainly performed in the unit of point P, and later settlement can be made with exchanged money (yen). In the display information for the user, for example, circle information may also be displayed.

  Based on the registration (key chain setting) processing in this system, E1 (child) certificate C1 (key k1) and E2 (child) with respect to E0 (parent) certificate C0 (key k0) Certificate C2 (key k2) is set as a key chain relationship (referred to as # 1 and # 2).

  Further, in the evaluation node group (group) respectively associated with E0, E1, and E2, the point P of the corresponding entity (node) and the right K (K0, K1, K2) of the resource R (R0, R1, R2), respectively. Information. In each node, various information (P or the like) is temporarily stored in the management information (M) 50 in the form of storage or the like, and information update processing is performed with the information stored in the corresponding group.

  The node of the participant who becomes E0 on the network 100 opens the service Sr by registration. E0 presents information on the service Sr to be started (such as the resource R to be bought and sold, the exchange rate of the resource R unit, the point P, and the yen). For example, it is presented in the form of a Web page or the like that can be accessed and referenced from each external node by an E0 settlement function. Or the form which acquires the said information by exchanging the management information M between the nodes mentioned above may be sufficient.

  The nodes of the participants who become E1 and E2 can participate in the provision (sale) -use (buy) of the resource R in the service Sr based on the presentation information, and when participating, information on E0 (Sr) Register. As a result, the parent-child relationship (# 1, # 2) by the above-described key chain is set between E0-E1 and between E0-E2. For example, the first relationship # 1 (E0-E1) by the first key chain (k0-k1) or signature, the second relationship # 2 (E0-E2) by the second key chain (k0-k2) or signature, It is. For example, C1 (k1) is signed by C0 (k0). E0 proves itself (identity and node) with C0 (k0).

  (1) As an example of the first transaction, the processing when providing (selling) the resource R1 of the node E1 (resource provider) to the node E0 (resource R0 of the node E0) is as follows.

  1a indicates a request for provision (sale) of the resource R1 from E1 (child) to Sr (settlement function or the like) of E0 (parent). At the time of this transaction (for example, t1), for example, the exchange rate for one unit of the resource R is “1P = 10 yen”. For example, the price of the resource R1 is 10P (= 100 yen). 1b indicates to 1a the response of the use (buy) of R1 from Sr to E1 of E0, and the payment of the consideration (P) from E0 to E1 (receipt of the consideration of E1). 1c indicates that R1 (corresponding K1) of E1 is provided (summed) to R0 (corresponding K0) of E0 along with 1a and 1b. Note that R1 of E1 is a resource entity (for example, storage) (shown by a solid line), and R1 that falls within R0 of E0 is not a resource entity but its control information (information of right K), etc. (shown by a broken line).

  Further, as an example, each resource R has information on the corresponding right K. In FIG. 6 (the same applies to the E1, E2 and E0 sides), the management information M (M1, M2, etc.) to which the information on the right K corresponds. ) Shows how it is managed. In addition, the information regarding the point P (the current possessed value of the user, the temporary increase / decrease value according to the sale) is similarly managed as temporary information in the corresponding management information M. Show.

  In the transaction of 1a and 1b, when E0 receives (contracts) the request from E1, as shown by 3a, E0 pays the price (for example, 10P (= 100 yen)). E1 receives the consideration from E0, and instead, E1's resource R1 right K1 is summed with E0 resource R0 right K0. The actual payment processing and information update processing of the consideration payment are executed between the payment function of the corresponding node (E0, E1) and the evaluation node group corresponding thereto.

  As a result of the transaction, E1 is + 10P (100 yen) and E0 is -10P (100 yen) as acquisition point P (yen) information for each user. By the subsequent settlement processing, the increase / decrease in the point P of each user is reflected in the increase / decrease in the yen (when P is exchanged for a circle). In the case where P is not exchanged for a circle, for example, in the case of a user who intends to accumulate his / her point P, accumulation as the point P is possible by a user setting relating to settlement processing (settlement function).

  In addition, as a process for updating the information on the right K, the resource R1 of E1 (its right K1) is added to the resource R0 (its right K0) in Sr of E0. R0 can handle a large resource R0 containing a plurality of resources according to the results of a plurality of transactions. Here, for the sake of explanation, it is assumed that a resource R2 (right K2) different from R1 is included in R0 (the resource R2 of E2 in the following second transaction). Note that the case where R0 = R2 = R1 (that is, the case where E0 sells the resource R1 purchased from E1 to E2 as it is) may be considered.

  (2) As an example of the second transaction, processing when the node of E2 (resource user) uses (buys) the resource R0 (R2) of the node of E0 is as follows.

  For E0 (parent) Sr, E2 (child) who becomes a resource user pays consideration (P) to E0, and uses (buys), for example, resource R2 provided by S0 in Sr. That is, the right K2 of the resource R2 out of the right K0 of the resource R0 possessed by E0 is distributed as the right K2 of E2. As described above, the right K2 of R2 corresponds to the right K1 of R1 of the holding source E1 when R2 = R1 (the resource entity remains held by E1).

  2a is a request to use (buy) the resource R2 from the E2 (child) to the Sr (settlement function, etc.) of the E0 (parent), and the payment (P) of the consideration (P) from the E2 to the E0 Receiving). At the time of this transaction (for example, t2), for example, the exchange rate per unit of the resource R is “1P = 11 yen”. For example, the price of the resource R2 is 10P (= 110 yen). 2b indicates a response of R2 provision (sale) from Sr of E0 to E2 with respect to 2a. 2c indicates that R2 (corresponding K2) of R0 (corresponding K0) of E0 is provided (distributed) as R2 (corresponding K2) of E2 along with 2a and 2b.

  In the transaction of 2a and 2b, E2 requests R2 use (buy) to Sr of E0, E0 receives it (accepts the contract), and receives the price (10P (= 110 yen)) shown in 3b . Then, instead of paying the consideration to E0, E2 distributes the right K2 of the resource R2 among the resources R0 of E0 as the right K2 of the resource R2 of E2 (settlement process and information update process). As a result of the above transaction, as acquisition point P (yen) information for each user, E2 becomes −10P (110 yen), and E0 becomes + 10P (110 yen).

  As a result of trading (settlement etc.) in the two relationships # 1, # 2 between the above three parties (E1, E0, E2), E0 is -10P (100 yen) by the first transaction, Together with + 10P (110 yen) due to the transaction of 2, it is possible to obtain 10 yen (± 0P), which is the difference (3c). For E1, 10P (100 yen) can be obtained in response to providing (selling) the resource R1 to others. This incremental point P can be used, for example, when it is desired to use another person's service S (Embodiment 1). On the other hand, for E2, the resource R2 can be used (purchased) from another person in accordance with a decrease of 10P (100 yen). E2 needs 10P (100 yen) as a condition for enabling this use (buy). For this purpose, for example, the point P can be obtained by providing (selling) the resource R or evaluating the service S as described above. Must be acquired. E2 can configure (for example) the service S (Embodiment 1) by itself using the resource R2 that has become available to itself, and provide (publicize) it to others. Will be counted as point P.

<Function>
FIG. 7 shows processing functions, information data, and the like included in the module 10 of the node N in the second embodiment. The identity of the user U as a participant is associated with the entity E. Entity E is associated with certificate C. The n nodes N belonging to the entity E are proved by the certificate C. The node N has a resource R (service S) to be provided (sold) by the service Sr, and this resource R (service S) is associated with a right K (information thereof). As related functions and the like of the first embodiment, the elements described above (FIG. 2), in particular, the certification function 11 (including management of the certificate C, the key k, etc.), the provided resource R (the storage resource 43, etc.), information There is a management function 15 (management information (M) 50). The certificate C is associated with a key k (for example, a key pair of a public key ka and a private key kb).

  The module 10 of the node N according to the second embodiment has various functions shown as the relationship setting function 30, information data, and the like. In the relationship setting function 30, an E0 function (service Sr function) 60, an E1 function (resource provision (sell) function) 61, an E2 function (resource use (buy) function) 62, an E0 settlement function 71, (E1, E2) ) Settlement function 72, registration function 81, key chain management function 82, information update function 90, right management function 91, point management function 92, and the like. The information data includes point P information 55, resource R and right K information 57, presentation information (Sr information) 58, relationship information 59, and the like, and is stored in the management information 50, for example. Each function is realized by program processing, for example. In each function, communication processing with a function corresponding to an external node is performed as necessary. In addition, it has a graphical user interface function that enables a user to perform operations such as a request by displaying information related to trading using a Web browser or the like.

  The point P information 55 is temporary management information (current possessed value or increase / decrease value by buying / selling) based on evaluation information (P) 54 related to self (identity) managed by the corresponding evaluation node group. Etc.) (used in payment processing, information update processing, etc.). Further, when a certain node confirms information such as the point P related to itself (for example, when necessary for control), a process for inquiring information to the corresponding evaluation node group as in the processing example of the execution node NB described above. This is possible. Or, in particular, an information inquiry function for that purpose may be provided in each node, and information may be inquired to a corresponding evaluation node group having information of its own point P or the like (right K, etc.) to enable confirmation regarding its own current situation. .

  The information 57 of the resource R and the right K is based on the management information managed by the corresponding evaluation node group regarding the resource R (service S) provided by the identity (node) and the corresponding right K. Temporary management information (used in information update processing, etc.). The resource 57 and right K information 57 is, for example, the aforementioned right management information.

  Note that the point P information and the right K information may be managed in the own node, not in the other party (evaluation node group). In this case, countermeasures such as the above-described alteration prevention function are provided.

  The presentation information 58 is the information on the service Sr (information such as the resource R to be traded and the exchange rate) presented by the E0 function 60 and the settlement function 71.

  The relation information 59 is management information in the own node regarding the relation set by using the key chain management function 82 (and the certification function 11 etc.). For example, relationship identification information, parent entity / node information, child entity / node information, and corresponding certificate C and key k identification information.

  The E0 function 60 is a function of the state of E0 (parent, service Sr provider), and performs a process of setting up and providing a service Sr for buying and selling the resource R for the children (E1, E2) in the node of E0. For example, it is a form of a server function that receives an access such as a request from the E1 function 61 and the E2 function 62 (client function) and processes a response.

  The E1 function 61 is a function of the state of E1 (child, resource provider), and performs a process of providing (selling) the resource R to E0 (service Sr) in the node of E1. For example, according to the operation of the corresponding user U, the presentation information 58 from E1 to E0 (Sr) is referred to, and a request (order for sale) or order for the resource R to be traded is sent to E0 (Sr). Processing to send and get the response. Similarly, the E2 function 62 is a function in the state of E2 (child, resource user), and performs processing of using (buying) the resource R for E0 (service Sr) in the node of E2.

  In response to a request from E1 (E1 function 61) or E2 (E2 function 62), the E0 function 60 determines whether or not to make a contract according to the judgment of the user U. Processing for transmitting a response for receiving a response to E2 or a price for receiving the value to E2.

  In response to the establishment of the service Sr, the information presenting function of the E0 function 60 (or the payment function 71) is used for the contents of the service Sr (for example, the target resource R and conditions) and the exchange rate (for example, the point P and the yen). Exchange rate) information is presented as presentation information 58 to the outside. Further, the information reference function of the E1 function 61 and the E2 function 62 (or the payment function 72) accesses and refers to the presentation information 58.

  In addition, about the detailed process and system for trading transactions in the service Sr (for example, trading orders and contract adjustments), the same technologies and systems as those of various existing trading systems can be applied.

  In addition, functions such as the E0 function 60, the E1 function 61, and the E2 function 62 record information (history) such as sales transaction results. Further, this history information may be managed by an evaluation node group like the log information (L) 53 described above, for example.

  The payment function 71 for E0 performs a payment process related to the service Sr. The payment function 72 for E1 and E2 is a client function corresponding to the payment function 71 for E0, and accesses the payment function 71 on the E0 side and performs processing related to payment. The payment function 71 may be a function provided in the E0 node, and may further be a function that performs processing in cooperation (communication or the like) from the payment function 71 of the E0 to an external payment system.

  Specifically, the E0 settlement function 71 has, for example, a rate setting function, a settlement processing function using exchange money (yen), and the like. The rate setting function is a function that allows an E0 user to freely set an exchange rate (market price) or the like related to Sr. Alternatively, the rate setting function is a function that automatically determines and sets the exchange rate in cooperation with an external settlement system or the like (rate determination function). The settlement processing function with exchange money performs settlement processing in a yen exchanged with the point P or the like. For example, it is a function of performing settlement processing (bank account withdrawal processing, etc.) on a predetermined date in cooperation with an external financial institution.

  As a method for automatically determining the rate, for example, the demand / supply status of the resource R (service S) in the user (node) group of this system exists and fluctuates at any time. For example, according to a settlement function or information exchange between nodes), a method of calculating a rate according to the supply and demand situation may be mentioned. For example, if the number of users (E1) who can provide a specific resource Rx in the system is small and the number of users (E2) who want the resource Rx is large, the rate for the resource Rx is determined to be high. And so on.

  When a sales transaction is concluded between E0-E1 or E0-E2, an update process related to the point P, right K, etc. by the information update function 90 occurs, and a settlement process for payment-receipt of consideration occurs. Settlement processing related to points P and yen by the settlement function (71, 72) is performed. By this update process and settlement process, the information on the increase or decrease of the point P corresponding to the consideration of the sale is recorded with the point P information 55 in the corresponding node, and the information of the point P held by the corresponding evaluation node group is updated. . Also, the right management function 91 or the like updates the right K information according to the sale with the right K information 57 in the corresponding node (summation, distribution, etc.), and the right K information held by the corresponding evaluation node group Is updated.

  The registration function 81 performs processing such as establishment of a service Sr and registration of an entity (node) related to the service Sr. The node of E0 (corresponding user) can set the start and end of the service Sr by the registration function 81. In the case of starting, the presentation information 58 of the service Sr is presented to the outside by the information presentation function. Further, the registration function 81 (corresponding user) of the nodes that become E1 and E2 performs the registration process to the desired service Sr and the like for the registration function 81 (or settlement function 71 etc.) of E0. Participation is determined by referring to the presentation information 58 of the service Sr by the information reference function. The E0 registration function 81 performs a process of registering the node as E1 and E2 in the service Sr.

  At the time of the registration, the corresponding entity (node) uses the key chain management function 82 to perform a process of setting a relationship based on the key chain between the corresponding entities (the node). The key chain management function 82 performs the processing using the certification function 11 and the information of the certificate C and the key k. The key chain management function 82 uses, for example, digital signature processing by the certification function 11 to create, change, or delete a key chain (relationship) between participants (identities), and to the key chain. Performs processing such as information data management. In the case of setting (creation), the E0 key chain management function 82 issues (signs) the certificates C1 and C2 (keys k1 and k2) of E1 and E2 using the certificate C0 (key k0) of E0. Process. Information regarding the set key chain (relation) is recorded as relationship information 58. The proof function 11 described above can perform processing such as authentication between the nodes described above using the certificate C and the key k in which the relationship by the key chain is set. It should be noted that the setting of the relationship by the key chain needs to be done at least in advance (contract) in Sr (it is not necessary to set at the time of participation in the network 100 in the first embodiment).

  The information update function 90 performs information update processing, information management, and the like regarding the right K corresponding to the resource R and the point P of consideration associated with the provision (sale) -use (buy) of the resource R in the service Sr. The information update function 90 is related to the information management function 15 that manages the management information (M) 50 and the like, and may be configured as a part thereof. The information update process is a process linked with, for example, the certification function 11 and the rights management function 91.

  The right management function 91 performs processing for managing the resource R information of the resource itself (identity and node) and the information 57 of the right K corresponding thereto. The right management function 91 may be a function that cooperates with the resource delivery function 14 of the first embodiment or a part thereof.

  Regarding the update processing of the right K, for example, the information 57 of the resource R and the right K is held in the corresponding node (eg, in the management information M) or the corresponding evaluation node group, and the information update function 90 (and the right management function) 91, etc.) by accessing the information and performing update processing, or by instructing update processing to the corresponding node.

  Regarding the update process of the point P, by using the information update function 90 (and the settlement functions 71 and 72), the point P of each entity (node) is obtained by paying-receiving the consideration point P at the time of closing the transaction. A process of increasing / decreasing the value (point P information 55 in the own node or information held in the corresponding evaluation node group) is performed.

  Based on the point P information 55 related to the evaluation information (P) 54 of the first embodiment, the point management function 92 performs information management of the point P handled in the second embodiment, and other types of points. If it exists, processing such as generation (calculation) and management, and user setting for exchanging points P and circles is performed.

<System configuration>
FIG. 8 shows a system configuration example between entities related to the service Sr. A business entity E0 (its node) that is a provider of the service Sr for selling and selling the resource R, an entity E1 (its node) that is a provider of the resource R (R1), and an entity E2 that is a user of the resource R (R2) ( That node). Each node has a corresponding evaluation node group (group G (GE0, GE1, GE2)), and the evaluation node (E0-ND, etc.) is evaluated in units of identities (and nodes) expressed by the certificate C. Information (points) P, right K, and other information are managed. This is a case where the above key chains (relationships) # 1 and # 2 are set.

  E0 opens the service Sr by the registration function 81 and presents information (exchange rate etc.) of the service Sr by the settlement function 71 (information presentation function) (presentation information 58). E1 or E2 refers to the information (presentation information 59) of the service Sr of E0 by the settlement function 72 (information presentation function) as in 1d and 2d, and to the Sr of E0 (registration function 81) by the registration function 81 (For example, registration of participating node information). Upon registration, the key chain management function 82 of E0 issues the certificate C1 (key k1) or C2 (k2) to the registration entity (E1 or E2) using the certification function 11 (C1, k1). Thus, the key chain relationship # 1 or # 2 is set. In the management information M (M0, M1, M2) of each entity (E0, E1, E2), the aforementioned point P information 55, the right K information 57 (K0, K1, K2) and the like are managed.

<Processing>
9 and 10, based on FIGS. 6 to 8, as a processing example, first, the transaction of the resource R1 in the relationship # 1 between E1 and E0 in FIG. 6, and secondly, E2 to E0 in FIG. 6. The transaction of the resource R2 in the relationship # 2 will be described. Although the case of the first transaction will be mainly described, the case of the second transaction is realized in substantially the same manner.

<Process (1)>
FIG. 9 shows an example of processing such as registration in the service Sr and key chain setting. The E1 side registration function corresponding to each function on the E0 side is not shown.

  (1) A user of a node (for example, node N01) to be an arbitrary E0 registers itself as E0 with respect to the settlement function 71 by the registration function 81 and opens a service Sr by the E0 function 60. The information presentation function uses the information of the service Sr to be started as the presentation information 58.

  Further, as in 4a, the settlement function 71 or the like (user) sets the rate in the service Sr (may be changed later or may be changed as appropriate). In the presentation information 58, information on the set rate is presented.

  (2) When a user of an arbitrary E1 node (for example, the node N11) refers to the presentation information 58 (service Sr information) of E0 by the information reference function, and participates in the resource provision (sale) in Sr The registration function 81 accesses the registration function 81 of E0 and the like (1d) and registers itself as E1. The registration function 81 of E0 records information on the node of E1 as a child (resource provider) in the relation information 59 and the like.

  (3) Then, as in 4c, the key chain management function 82 performs a process of setting (creating) the relationship # 1 by the key chain having the parent (E0) -child (E1) relationship in the registration. The E0 key chain management function 82 uses its own certification function 11 and certificate C0 (key k0), and uses the E1 key chain management function 82 (certification function 11, certificate C1 (key k1)). , E1 certificate C1 (key k1) is issued (signed) (4d). E1 manages what is issued from E0 by the proof function 11 or the like. Each key chain management function 82 records information related to the set (created) key chain (relationship) # 1 of E0-E1 in the relationship information 59.

  (4) With the above settings, the transaction S1 can be processed between the E1 and E0, such as 1a (request), 1b (response), 1c (resource provision, rights update). To do. As a result of the transaction, the E0 function 60 and the E1 function 61 manage their own information such as the increase / decrease value of the consideration (payment-receipt) point P and the information regarding the update of the right K of the resource R to be bought and sold. The information is recorded in the information M, and an update process by the information update function 90 is instructed.

<Process (2)>
In FIG. 10, processing examples such as update processing and payment processing of information (points P and rights K) in accordance with sales and purchases in the service Sr are shown following FIG. 9. The information update function 90 of each entity (E0, E1) performs update processing related to the point P and the right K associated with the sale / sale of the service Sr with the counterparty node or with the corresponding evaluation node group. To do.

  The E0 (parent) node sends a signed message using its own certificate C0 (k0) to the trading partner (child) E1 node and the evaluation node group (group GE1) corresponding to the E1. The update process can be instructed by (transmission). For example, in the case of the transaction of the first relationship # 1, this instruction indicates the resource R1 (corresponding right K1) of the child E1 (C1, k1) to be provided (sold) as the parent E0 (C0, k0). ) Resource R0 (R0 including R1) is provided as an instruction to add up the corresponding right K. In the case of the transaction of the second relationship # 2, a part of the resource R2 (corresponding right K2) of the resource R0 (corresponding right K0) of the parent E0 (C0, k0) to be used (buy). ) Is used as the resource R2 of the child E2 (C2, k2).

  For example, when the first transaction between E1 and E0 is closed (for example, E0 receives a request from E1), E0 responds to E1 that the deal is closed, and an evaluation node group corresponding to E1 ( GE1), and also communicates with the evaluation node group (GE0) corresponding to itself E0 to update the right K (K1) regarding the concluded resource R (R1) and to increase or decrease the point P And so on. In addition, although you may instruct | indicate to GE1 directly from E0, it is good also as a form which instruct | indicates from E1 to GE1 via E1.

  In order to indicate that the instruction between the nodes is based on the correct entity (node), it is assumed that the message is signed using a key chain relationship. The side receiving the instruction can verify the identity of the instructed side by verifying the signed message, and can prevent unauthorized use. The signature and verification processes are performed using the proof function 11. In the process of transmitting the instruction using the signed message, the transmitting side (E0) attaches the signature data with the E0 private key kb to the instruction information, and the receiving side uses the E0 public key ka as the signature data. It can be verified by decrypting with.

  In the node that has received the instruction (signed message), after the verification, an update process according to the instruction is performed. For example, the above-described summing and distribution processing related to the right K, the increase of the point P received on the E1 side, the decrease of the point P payment on the E0 side, and the like.

  5b is an example of the above-mentioned instruction (signed message), in which an instruction to the effect such as the above summation is transmitted from E0 to the E1-compatible group GE1 (evaluation node E1-ND). At this time, the information update function 90 (using the certification function 11) of E0 creates a signed message using its own certificate C0 (key k0) and transmits it to GE1. Upon receiving the instruction, the evaluation node of GE1 verifies the received signed message and confirms the sender (E0). Then, according to the instruction content, the E1-compatible right (KE1) and point (PE1) information Update. Similarly to 5b, 5a is an instruction (signed message) from E0 to E0 corresponding group GE0 (evaluation node E0-ND). Processing for updating the information on the right (KE0) and the point (PE0) on the E0 side is performed.

  The update process described above is an example of a process with the E0 side as the subject (instructing side). However, depending on the form of the transaction, the update process with the E1 side as the subject may be used. Further, the above update process may be performed via E0 to E1 (information update function 90) (instruction from E0 to E1, instruction from E1 to GE1, etc.). Moreover, it is good also as a form etc. which instruct | indicate from E0 to GE0 and process between GE0 and GE1.

  Further, in the process (instruction) related to the update of the right K associated with the buying and selling, not only the information on the right K possessed by the corresponding group but also the information on the point P possessed by the corresponding group can be similarly updated. For example, the information update function 90 of E0 (or the settlement function 71 or the like) can instruct the update of the information of the point P together with the instruction regarding the update of the right K. In the case of the transaction of the first relationship # 1, for example, as in 5a, information on the decrease in the point P due to payment (-P of M0: decrease of 10P, for example) is given to the E0 corresponding group GE0 by an instruction. Further, as in 5b, from E0 to the E1-corresponding group GE1, information on the increase of the point P due to reception (+ P of M1: for example, increase of 10P) is given by an instruction. The evaluation node of each group (GE0, GE1) updates the information (PE0, PE1) of the possessed point P according to the instruction.

  On the other hand, with the update of the information on the point P in the above trading, settlement processing is performed in the exchange target yen (when P is exchanged for yen). Reference numeral 5g indicates a settlement process in yen by the settlement function 71 of E0. The E0 settlement function 71 communicates with an external financial institution and performs the settlement processing based on the updated information (such as information on the increase or decrease of the point P in M0). Although not shown, the same process is performed by the settlement function 72 on the E1 side.

<Point P>
Using FIG. 11, an example of the point P is as follows. First, as described above, the evaluation information (points) P of the first embodiment is mainly information related to evaluation of the provision of the service S (provision point p), and authority related to control of use / execution of the service S based thereon. Information such as points (use points q). On the other hand, the point P of the second embodiment is a point used in transactions such as buying and selling of the resource R in the service Sr. For example, as described above, the point P is set such that the higher the evaluation of the service S provision, the higher the P value (provision point p). For example, at first, the p value is small, but the p value becomes higher due to the actual performance of providing the service S. Further, it is assumed that the value of the usage point q in the case of using the service S increases or decreases in accordance with the level of the p value.

  FIG. 11A is an example of the point P (p, q) of the first embodiment, and the point P (providing point p and usage) that increases or decreases according to the evaluation of the provision of the service S by a certain identity (node). This is a variation example of point q). At time t, at t1, P increases from 0 to a positive value due to the increase of the provision point p (for example, the usage point q also increases). Similarly, at t2, P decreases to a negative value due to a decrease in p (for example, the use point q also decreases). At t3, P increases to a positive value due to the increase of p again. Further, at t4, when the other party's service S is used with the identity using the point P (p, q), the point P (use point q) is reduced (consumed).

  In accordance with the point P, in the second embodiment, for example, when the point P is 0 or less, the entity E1 needs to obtain the point P by providing (selling) the resource R in the service Sr. Further, when the point P is in a positive state, the entity E2 can use (buy) the resource R in the service Sr by decreasing the point P.

  FIG. 11B is a variation example of the point P according to the buying and selling of the resource R at the service Sr in the second embodiment. The same applies until t4. At t5, the point P increases according to the unit of provision (sale) of the resource R as E1 in a certain identity, and at t6, the use of the resource R as E2 (at the same identity ( This is a case where the point P decreases according to the unit of (buy). Similarly, in the entity E0 that provides Sr, its own point P increases / decreases in accordance with the buying / selling for E1 and E2.

<Effects>
According to the second embodiment, in the cloud computing system, each user U (node N) has a different resource R / service S, but the provision (sale) -use (buy) of the resource R and the like between them. By providing a mechanism (relationship setting function 30 or the like) that facilitates the act (transaction), the construction and development of the system can be made efficient. A new and useful mechanism has been realized that takes into account resource R / service S transactions between users on the cloud computing system and issues (equity, balance, etc.). First, in the system of the first embodiment, each user U can freely provide and use the service S, and each user U receives evaluation information (points) P and the like according to the activity. obtain. On the premise of that, in the system of the second embodiment, each user U can freely participate in a transaction of transaction (service Sr) of resource R etc. based on his / her point P, resource R, etc. is there. Therefore, E0 can obtain a profit according to the result of the operation of the service Sr. E1 can obtain (receive) points P (or yen) as compensation by selling his resource R (its right K) to another person (E0). E1 can easily use the service S (Embodiment 1) of others by the obtained point P. Also, E2 can buy another person's resource R (its right K) by giving (paying) his / her point P (or yen) to the other person (E0) as a consideration. E2 can use the resource R obtained by buying it by itself, and it is easy to provide the service S (Embodiment 1) to others by using the resource R. For example, E2 can obtain a resource R that cannot be realized in its own computer environment from another party, and can configure and provide its own service S (Embodiment 1) using it. Further, as described above, the balance between provision and use of the resource R / service S in the present system (first embodiment) is enhanced by the interchange of the resources R between the users and the cooperation with the existing economy. And effective use of computer resources and realization of new services.

  In addition, although it is possible to adopt a form that does not buy and sell using points P and yen, in that case, the service Sr of E0 has a processing function that mediates the act of providing and using resources R and the like between users (nodes). It can be constituted as follows. In this case, the balance and other effects can be obtained.

  The mechanism of the second embodiment is based on the mechanism of the first embodiment. For example, a mechanism in which each user can buy and sell the resource R (service S) directly from the beginning with a circle or the like has problems such as being advantageous to a specific user (company).

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.

  The present invention can be used for cloud computing.

  DESCRIPTION OF SYMBOLS 10 ... Module, 11 ... Proof function, 11a ... Own node proof function, 11b ... Other node proof function, 12 ... Hash processing function, 13 ... Service function, 14 ... Resource supply function, 15 ... Information management function, 21 ... Service use Function (NA function), 22 ... Service execution function (NB function), 23 ... Service providing function (NC function), 24 ... Service evaluation function (ND function), 30 ... Relationship setting function, 43 ... Storage resource, 44 ... Calculation Resource 50 ... Management information table 51 ... Certificate 53 ... Log information 54 ... Evaluation information 55 ... Point (P) information 57 ... Resource (R) and rights (K) information 58 ... Presentation information 59 ... relationship information, 60 ... entity (E0) and its E0 function (service Sr function), 61 ... entity (E1) and its E1 function (resource provision (sell) function), 6 ... entity (E2) and its E2 function (resource use (buy) function), 71 ... settlement function (for E0), 72 ... settlement function (for E1, E2), 81 ... registration function, 82 ... key chain management function, 90 ... Information update function, 91 ... Rights management function, 92 ... Point management function, 100 ... Network, 101 ... Hardware, 102 ... Software, 103 ... Storage resource, 104 ... Calculation resource, 201-205, 305, 311, 312 ... Process, 501 502: Neighboring range.

Claims (7)

It has a network in which nodes of user computers are connected by communication,
(1) The node provides a resource by hardware and software, thereby providing a processing function of providing a service by cloud computing, a use function of performing a process of requesting and using the service, An execution function that performs processing for controlling execution of the service, and a third node that uses the provision function, interposed between a first node that uses the use function and a third node that uses the provision function An evaluation function for evaluating the act of providing the service and retaining the evaluation information, and the use function of the first node that uses the service passes through the execution function of the second node. Thus, the providing function of the plurality of third nodes of the first group providing the service is accessed, and the response from the providing function is the actual value of the second node. In response to the use function of the first node via the row function, the evaluation function of the second node or the fourth node is accompanied by the plurality of third nodes of the first group. A response from each of the providing functions is stored, and the evaluation information is stored. The execution function of the second node or the evaluation function of the fourth node is based on the level of the evaluation information. Controlling the execution of the service when the third node uses the service using the provided function of another node using the use function;
(2) On the premise of (1) above, the node is
A node of any user that is a first type entity that sells the resource or service to another person, a node of any user that is a second type entity that buys the resource or service from another person, and A relationship between entities including a node of an arbitrary user, which is a predetermined entity that processes a transaction related to selling and buying of the resource or service, is interposed between the first and second type entities. Has the function to
The function of setting the relationship is to establish a first relationship between the first type entity and the predetermined entity by using a certificate, a key, and a digital signature processing technique expressing the identity of the user. A process of setting, and a process of setting a second relationship between the second type entity and the predetermined entity,
Between the entities in the first relationship, perform a transaction of selling the resource or service of the first type entity to the predetermined entity;
Wherein in the second inter-relationship entity, have row processing of the transaction to buy resources or services the predetermined entity to sell from the second type of entity,
The function of setting the relationship includes a registration function of registering an entity according to the transaction by setting the relationship when performing the transaction instead of when the node joins the network,
The function of setting the relationship of the nodes is
Using certificates, keys, and digital signature processing techniques that represent the identity of the user,
In the process of setting the first relationship, the digital signature of the key of the first type entity by the key of the predetermined entity with the predetermined entity as the signing side and the first type entity as the signed side Process to set the first relationship by processing,
In the process of setting the second relationship, the digital signature of the key of the second type entity by the key of the predetermined entity is set with the predetermined entity as the signing side and the second type entity as the signed side. Perform processing to set the second relationship by processing,
In the transaction between the first relationship entity and the transaction between the second relationship entity, the identity is confirmed by using the certificate, the key, and the digital signature processing technology when the transaction is concluded. A cloud computing system characterized by performing processing to perform . The cloud computing system according to claim 1 ,
Information on the right associated with the resource or service that is the object of the transaction is managed in at least one of the evaluation functions of the own node or the corresponding other node,
The function of setting the relationship of the nodes uses the certificate, the key, and the digital signature processing technology to store the right information associated with the resource or service between the entities when the transaction is concluded. A cloud computing system characterized by performing an updating process. The cloud computing system according to claim 1 ,
Based on the evaluation information, provide points to be used in the trading transaction,
The function of setting the relationship between the nodes performs the process of updating the points between the entities in accordance with the closing of the transaction using the certificate, the key, and the digital signature processing technology. A process of paying points to be paid from the predetermined entity to the first type entity is performed between the related entities, and the predetermined entity is accompanied by the purchase. The cloud computing system is characterized in that the entity performs a process of receiving a point to be paid from the second type entity. The cloud computing system according to claim 3 .
In connection with the transaction of buying and selling, having a settlement function or system for exchanging the points and predetermined money,
The said node performs the payment process which exchanges the said points for the said predetermined money after the completion of the said transaction using the said payment function or system, The cloud computing system characterized by the above-mentioned. The cloud computing system according to claim 1 ,
In the processing relating to the transaction, the predetermined entity includes a process of collecting a plurality of resources acquired by buying from a plurality of first type entities and selling the resources to a second type entity; A cloud computing system characterized in that one resource acquired by buying from a first type entity is divided into a plurality of pieces and sold to a plurality of second type entities. The cloud computing system according to claim 1 ,
The cloud computing system characterized in that the function of setting the relationship of the nodes has a function of freely setting a rate in the transaction by the user. The cloud computing system according to claim 1 ,
The function of setting the relationship of the nodes has a function of automatically determining a rate in the transaction by calculation based on a supply and demand situation of the resource or service between the users. system.

Images