JPH09218836A - Security protection method for network - Google Patents

Abstract

PROBLEM TO BE SOLVED: To quickly protect security indefinitely by exchanging information between each member and the agent for information exchange corresponding to each member by the ciphering system fixed for every member and exchanging information by the ciphering system fixed separately between agents for information exchange with each other. SOLUTION: A control origin to be one of participating members 2 has a thymus agent 5 at the cite outside its own fire wall 3 and the participating members 2 except the control origin has the broker agent 6, the helper T cell agent 7 and the killer T cell agent 8 which are generated from the thymus agent 5. A member agent 4 performs an information exchange with the agent of the other participating members 2 through the broker agent 6, the ciphering system stipulated by the participating members 2 is used in the communication between the member agent 4 and the broker agent 6, and the common ciphering system which is set in the thymus agent 5 is used in the communication between mutual broker agents 6.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technology for ensuring security on a network when a plurality of companies and individuals share or exchange information on the network and work together.

[0002]

2. Description of the Related Art In a general system such as an operation system or a database system, a user is given a password to control data access authority, but the setting is left to the system administrator.

A firewall is known as a security technique on a network, but this is a mechanism that allows only access from a specific machine (address) on the network. That is, I of the source and the destination
Access control is performed by a combination of P addresses, and generally has a function of limiting the IP address that can access the resource for each service and leaving an access record. It is necessary to individually set each combination of the IP addresses of the transmission source and the transmission destination.

There are various cryptographic methods for information transmission security. This is a technique for preventing information leakage, assuming that the other party to communicate with has been decided. There is no particular consideration as to how to ensure security in situations that may change dramatically.

References on cryptosystems include Kazuo Takaragi et al., "Cryptography and Applications," Information Processing Society of Japan, vol. 32,
No. 6 (1991) pp. 714-723, Kazuo Takaragi, "Standardization trends in ISO / IEC JTC1" IT
U Journal vol. 24, No. 8 (1994) second
There are pages 9-33.

Agent-oriented programming is one of the methods for constructing software on a network. In the study of agents, the autonomy of the agents and the communication method for reaching the optimum state as a whole are the main research subjects. , There is no research that recognizes a group of agents including replacement of members as one organization isolated from the others and secures its security.

References on agents include "Objects of multi-agent system research" (Computer Software Vol.12 No.1 Jan. 1995, No. 78-).
84), "Basics and Applications of Agents" (Journal of the Japan Society for Artificial Intelligence Vol.10 No.5 Sept. 1995, pp.662-711)
and so on.

[0008]

[Problems to be Solved by the Invention] A series of activities (for example, in the case of a manufacturing industry, planning, designing, producing, selling, maintaining, etc. of a new product), which were conventionally performed by one enterprise, are treated as one project. , A group of companies or individuals participating in this project is called a virtual enterprise. In addition, from raw material production to intermediate product production, which was conventionally called the “supply chain”,
A group of companies, from production of finished products to sales of finished products,
It is also possible to form a project in which information is exchanged closely with each other. Such a set of a plurality of enterprises or individuals is also referred to as a virtual enterprise in this specification.

The advantage of forming a virtual enterprise is that each provides its own strengths, which makes it possible to establish a very competitive organization as a whole in a short period of time, resulting in large profits. That is. Even if one company prepares everything and invests capital, sales,
It is becoming difficult to secure an advantage over others in all activities such as design and production. In addition, in an era where market trends are changing drastically like in recent years, profits cannot be secured unless they can enter a new market in a short period of time. Even if one company decides to enter a new field, it may take a long time to prepare, and by the time the product reaches the market, the selling point may change and the investment amount may not be recovered. By participating in Virtual Enterprise, you can expect a large profit as a share with a small investment amount.

Documents on virtual enterprises include, for example, "Special Issue on Virtual Enterprises" (Nikkei Information Strategy, September 1994, pages 46-67) and "The Arrival of the Enterprise Integration Era" (Nikkei Computer, October 1994, 56-71).

In order to realize such a virtual enterprise, smooth collaboration between a plurality of enterprises and individuals is necessary, and information sharing or information exchange on the network is indispensable. It is extremely important to ensure the security of information exchanged there.

Conventionally, information that greatly influences the competition in the market, such as a new product development plan, a sales plan, a new product specification, and cost, has been physically isolated from others as "in-house secret". Also, regarding information other than the company itself, such as information obtained from suppliers, it is mainly recorded on paper,
Security was secured by managing the paper. The security of electronic information could be maintained by limiting the contents that can be accessed by the user ID and by limiting the sites that can access the internal network with a firewall. However, in the virtual enterprise, the parties to whom access is permitted and the contents may change from time to time. Therefore, in order to actually form and operate the virtual enterprise, the conventional information technology has various problems in terms of security. The problems to be solved are listed below.

(1) Correspondence to member transition of virtual enterprise For example, even if one user ID of the database is set in common for the virtual enterprise,
There is a huge amount of firewall settings for the machine addresses of participating members that may be scattered globally, and moreover, depending on the changes in the participating members and the machines used,
Its maintenance is necessary. If you do not set up or maintain each site, it will interfere with the work with new members, and there is a confidentiality leakage problem that the withdrawn members or the former members after the dissolution of the virtual enterprise continue to refer to the data of the company. Occur.

In practice, the contents that can be accessed are different for each participating member, and therefore the database user IDs cannot be made common. Therefore, managing individual user IDs including changing the access authority is also a complicated task.

In the life cycle of the establishment, continuation, and dissolution of the virtual enterprise, it is a major issue to allow only the participating members to access the data at any given time and continue to secure the security promptly.

(2) Correspondence to different cryptosystems There is an activity to standardize cryptosystems, for example, different standard schemes are adopted in the US, Europe and Japan, or a company traditionally uses its own cryptosystem. It is possible that
It is also possible that new cryptosystems will begin to be used locally. It is unlikely that all Virtual Enterprise participants will use the same encryption method. However, it is extremely complicated work to individually prepare the conversion of the mutual encryption methods. Further, it is necessary to hold which member uses which encryption method, and to correct the held contents when there is a change. Another issue is how to quickly exchange information while maintaining security between participating members that use different encryption methods.

(3) Construction of self-defense mechanism against fraudulent operations If there is a suspicion that an unauthorized access has occurred, it is necessary to immediately switch the encryption key or the encryption method itself. Also, if a member is suspected of having a virus, that member should be quarantined immediately to prevent transmission. Another issue is how to construct such a self-defense mechanism in a group of multiple members.

[0018]

In the present specification, a constituent element of a virtual enterprise will be referred to as an "agent", and the following discussion will be made. Agents are independent programs that communicate with each other and operate autonomously. A business entity or individual participating in a certain project provides an information processing person or an information processing system which outputs certain information by inputting certain information and performing a specific process, or an information retention manager or retention management. Provide a system (eg database). These work is carried out while exchanging information with each other on the network. From the viewpoint of system construction of the entire virtual enterprise, each information processor,
The information holding manager will set up an agent and work together to carry out the project.

Naturally, there may be a plurality of agents in each participating company, and a person who personally participates in the project may have a plurality of agents.
That is, the virtual enterprise dealt with in the present specification exists as an aggregate or organization of a group of agents on the network, which is separated from a physical human organization.

An object of the present invention is to provide such virtual
To solve the above-mentioned problems regarding security of information exchange in an enterprise.

In the present invention, an agent acting as a representative of a virtual enterprise participating company or an individual is referred to as a "member agent (information exchange agent)", and an agent in charge of information exchange between the member agents is newly provided. This is called a "broker agent". In addition, a "T cell agent (abnormality monitoring agent)" that mainly monitors the behavior of the broker agent, and immediately protects the existing broker agent when any unauthorized access occurs is also provided. For T cell agents, "helper T" plays a major role in detecting abnormalities.
There are two types: a "cell agent" and a "killer T cell agent" that attacks agents requesting unauthorized access. In addition to the "broker agent" that is in charge of actual information exchange, the reason for separately providing such a "T-cell agent" is that it makes it possible to quickly detect and deal with abnormal situations, and improve overall security. Is to increase In addition, a "thymus agent (control agent)" that generates a broker agent and a T cell agent is also provided.

The thymus agent is placed at the virtual enterprise management source. The member agents participating in the virtual enterprise notify the thymus agent of the information that they can provide and the name of the adopted encryption method. In the thymus agent, a broker agent and a T cell agent are generated and distributed to each site. A broker agent corresponding to each member agent is prepared. The member agent and the broker agent in charge thereof exchange information using the encryption method adopted there. On the other hand, the broker agents communicate with each other using a common encryption method. That is, the broker agent plays the role of an interpreter, and absorbs the difference in encryption method between members.

When there is a request for information transmission / reception from a member agent, the broker agent determines the other party for information exchange. Since such information is included when the broker agent is generated by the thymus agent, such a determination is possible.

When an existing member leaves, a special message is sent from the member agent to the broker agent in charge. In response to that message,
The behavior pattern of the broker agent changes, which the helper T cell agent detects and causes the broker agent to enter into self-destruction processing. Alternatively, the thymus agent terminates the regular contact with the helper T cell agent in charge of the member agent. The helper T cell agent causes the broker agent to go into suicide when it loses contact with the thymic agent. When the broker agent self-destructs, the remaining helper, killer T cell agent, also enters self-destruction processing. The thymus agent judges that the broker agent has disappeared because the helper T cell agent has not issued a regular contact request, and notifies the other broker agents. As a result, the member agents of the withdrawing member are completely separated from the agents forming the virtual enterprise.

When a new member joins, the new member agent informs the thymus agent of the information it can provide, the adopted encryption method name, etc., as in the case of startup. The thymus agent generates the corresponding broker agent and T cell agent and distributes them to the site. The thymus agent also informs other broker agents about the birth of a new broker agent.

The helper T cell agent constantly monitors the behavior of the broker agent. It is, for example,
It is an advanced process of the current "vaccine" program, such as checking the broker agent's own code size and specific processing times. It also monitors multiple killer T cell agents, helpers distributed to the site,
Check for unauthorized access and viruses. When an abnormality is detected, the processing of the helper T cell agent changes as follows depending on the degree.

First, if it is mild, the thymus agent is contacted to immediately change the encryption key between broker agents. If the situation is severe, the broker agent will self-destruct, and the "agent will be on the waterfront" to temporarily isolate the member agent. This is similar in process to the isolation of the leaving member. The return of the member agent may be performed in the same manner as the new member joining process. When the broker agent in charge decides to self-defeat, if the agent requesting transmission / reception of information determines that it is suspicious, it sends a dispatch command to the killer T cell agent.
The killer T cell agent travels across the network and performs a forced termination of that agent. Regarding "movement on the network", "Mobile Agent", "Telescribe agent" on page 664 of the article "Thinking about Agents" in "Basics and Applications of Agents" mentioned above.
Please refer to. Also, even if the helper T cell agent has instructed self-destruction processing, but the broker agent is still active, the killer T cell agent is dispatched and the forced termination of the broker agent is executed.

In some cases, the broker agent and the T cell agent may be self-destructed and replaced entirely in all member agents.
As a result, for example, in the encryption method between broker agents, it is possible to change the encryption method itself to a completely new one instead of changing the key or the like.

At the time of dissolution of the virtual enterprise, the thymus agent of the management source is terminated. The helper T-cell agent determines that the virtual enterprise has dissolved because the regular contact with the thymus agent has been interrupted, and begins the process of self-destructing the broker agent in charge. When the broker agent self-destructs, the remaining helper, killer T cell agent, also enters self-destruction processing. This is also realized by the same process as the isolation of the withdrawal member.

As described above, according to the present invention, the above-mentioned virtual enterprise participation member transition is dealt with,
Each problem of coping with the difference in encryption method and establishing a self-defense mechanism against fraudulent acts is solved.

[0031]

BEST MODE FOR CARRYING OUT THE INVENTION The present embodiment will be described below with reference to FIGS.

First, FIG. 1 shows the overall structure of the present invention.

A plurality of companies or individuals (hereinafter referred to as participating members) 2 participating in the virtual enterprise exist on the physical network 1 to which an unspecified large number are connected. The participating members also have an internal network and are isolated from the external network by the firewall 3. Participating members provide the various systems of sites on the internal network for the virtual enterprise. These are systems (agents of the person in charge) used by the person in charge of the work of the virtual enterprise among the participating members,
It may be a database (agentified database). They will be referred to as member agents 4. Since the internal network is sufficient between the member agents inside one participating member, communication is carried out according to the encryption method adopted therein if necessary. Since it is protected by the firewall 3, there may be cases where the encryption is not used internally.

As one of the participating members, there is a member 2 who manages the virtual enterprise (located in the upper right in FIG. 1). The management source has a thymus agent 5 at a site outside his firewall 3. In the participating members other than the management source, the broker agent 6, the helper T cell agent 7, generated from the thymus agent, and the site outside the firewall are
It has a killer T cell agent 8. In this embodiment, each participating member other than the management source has a broker agent corresponding to each member agent on a one-to-one basis, and one broker agent has two helper T cell agents and one killer T cell agent. I will have it.

Each member agent 4 passes through the broker agent 6 corresponding to itself to other participating members 2
Exchange information with agents inside. For the communication between the member agent 4 and the broker agent 6, the encryption method defined by the participating member 2 is used. A common encryption method set by the thymus agent 5 is used for communication between the broker agents 6.

The establishment of a virtual enterprise, the exchange of information between members, the process for maintaining security, the change of members, and the dissolution of a virtual enterprise will be sequentially described below with reference to FIGS. 2 to 5.

First, the establishment of a virtual enterprise will be described with reference to FIG. First, the virtual enterprise manager receives an application for the member agent 4 from the participating member 2 (201). At this time, the encryption method adopted by each member agent 4 is also contacted. This can be a regular secure email or whatever. The virtual enterprise management source is the participating member 2 and its member agent 4.
Examines whether it is a proper partner for participation in this virtual enterprise (202). If it is a proper partner, the information of each member agent 4 is set to a state in which the thymus agent 5 can accept it (203). Also, the thymus agent 5 is set so as to handle each encryption method. Then, separately, each participant 2 is informed of the result of the examination and the address of the thymus agent 5 (20
4).

Each member agent 4 in the encrypted state is setting information of a new agent accessible to the member agent 4, a list of information that the member agent 4 can provide, and the member agent 4
Informs the thymus agent 5 of a list of information that he may frequently access (205). The “new agent setting information” means, for example, the member agent 4
Access to a new user ID, the address of a machine outside the internal network of the participating member 2 and authorized to be accessible by the firewall 3, and a new user ID in the operating system of the machine, etc. Is.

The thymus agent 5 terminates the reception of the contact from each member agent at a certain point in time (206), and starts the generation of the broker agent 6 and the T cell agents 7, 8. Subsequent contact from the member agent 4 is the processing for joining a new member. The thymus agent 5 first creates an "information map" in the virtual enterprise based on the information sent from the member agent 4 (207). This is shown in FIG.
3 is a correspondence table of information existing in the virtual enterprise and IDs of the broker agents 6 corresponding to the member agents 4 holding the information as illustrated in FIG. Then, the broker agent 6 is generated for each member agent 4 (208). As the generation method, a method in which the thymus agent 5 creates everything and activates the broker agent 6, and a method in which the initial state of the broker agent 6 is generated and activated, and thereafter,
There is a method in which each broker agent 6 receives necessary information from the thymus agent 5 and grows it. Finally, each broker agent 6 has attributes and functions accessible to the member agent 4 in charge. This is created based on the setting information of the new agent sent from the member agent 4 and the encryption method that was previously contacted. It also has a function related to a common encryption method between the broker agents 6. As for this common encryption method, two systems are prepared for normal use and emergency use. It also holds a list of information that the member agent 4 in charge may frequently access and a “simple information map” created based on the information map in the virtual enterprise created earlier. This is to allow another broker agent 6 corresponding to the information to be immediately searched when an input / output request for the information comes from the member agent. For information not included in the “simple information map”, the thymus agent 5 is inquired and added to the “simple information map”. The parties to which each broker agent 6 is allowed to exchange information are limited to the member agent 4 in charge, the thymus agent 5, all broker agents 6 other than himself, and the helper T cell agent 7 which monitors himself. Each broker agent 6 also has an authentication function for confirming whether the other party is actually permitted when there is an information access request. For details of the "authentication function," see "ISO / I
5 of "Standardization Trends in EC JTC1".

At the same time that each broker agent 6 is completely generated, two corresponding helper T cell agents 7 are generated (209). The helper T cell agent 7 has a function of knowing all the specifications of the broker agent 6 in charge and checking whether the broker agent 6 is working normally or whether any fraudulent activity has occurred. It also has a function of checking the helper T cell agent 7 and the killer T cell agent 8 having the same specifications as itself. The reason why there are two helper T cell agents 7 is to check mutual normal operation. Items to check include, for example, whether or not a virus is infected, another agent is not requesting access, the number of times a certain process is abnormally high or low, and the processing time of a certain process is abnormal. It is not long or short, or the operating system has not issued a copy request for the agent. "Another agent" means an agent that is not associated with this virtual enterprise. Checking for access requests by another agent is
In the present embodiment, the data access request can be made only by the "related party" agent, and the "outside party"
This is because there is a possibility that it is trying to obtain the data illegally. Also, it has one system of cryptographic function for communication with the thymus agent 5. This is a completely different type of encryption method from the broker agent 6. The helper T cell agent 7 uses this code system to make regular contact with the thymus agent 5. The term "regular" depends on the performance of the network and the like, but for example, the order of "minute" is conceivable. If the load on the network and the load on the thymus agent are relatively small, it is possible to further finely set them to the “second” order. Basically, the smaller the regular interval, the better the response to changes in the situation, but the more overhead processing, the higher the possibility of adversely affecting other processing.
Upon confirming that the communication from the thymus agent has been lost, the helper T cell agent 7 issues a termination instruction to the broker agent 6 in charge. When the broker agent 6 disappears, self-destruction processing starts.

The specifications of the killer T cell agent 8 are the same regardless of the member agent 4. It has a function to forcibly terminate the specified agent from helper T cell agent 8. In an emergency, the thymus agent 5 produces a large amount of the killer T cell agent 8 and terminates all the related agents. However, since the killer T cell agent 8 cannot pass through the firewall, it does not harm the member agents and the like existing on the network inside the participating members. Only the connection between the virtual enterprise members will disappear.
In the initial state, one killer T cell agent 8 is generated for each broker agent 6. The killer T cell agent 8 starts the self-destruction process when the broker agent 6 and the helper T cell agent 7 disappear at the site that is initially arranged.

When the necessary agents have been generated, the thymus agent 5 directs each member agent 4 to one broker agent 61 in charge, two helper T cell agents 7, and one killer T cell agent 8. Send one as a team (209).

When each team arrives at the target site,
Communication is performed within the team and between the teams to confirm the operation (211), whereby the virtual enterprise start-up processing is completed.

While the virtual enterprise is continued, the member agent 4 repeatedly refers to and updates the information. This will be described with reference to FIG. All such information exchanges among participating members are done via the broker agent 6. That is, when a certain member agent 4 wants to refer to or update certain information, it issues a request to the broker agent 6 in charge. Each member agent 4 knows only the broker agent 6 in charge of it. This request is assumed to be encrypted by the method adopted by the member agent 4. The broker agent 6 receives the request (301). Next, the code is decrypted, the simple information map is searched for the information (302), and the request is transferred to the broker agent 6 in charge of the member agent 4 holding the information (303). This request is transmitted by the encryption method for broker agency 6. The broker agent 6 having received the request transfers it to the member agent 4 in charge of itself, and the request content is executed (304). This transfer is also converted into the encryption system for the member agent 4 and sent. Information in response to the request is returned to the transfer source broker agent 6 by the encryption method between the broker agents 6 (305), and further transmitted to the member agent 44 of the request source by the encryption method between the member agents 4 (306). ).

By the way, the member agent 4 includes indirect work such as general affairs and work of the management department such as workflow management, in addition to actual operations such as designing, ordering, and planning.

Next, the process for maintaining security will be described with reference to FIGS. FIG. 4 shows a processing flow of the helper T cell agent 7, and FIG. 5 shows a processing flow of the thymus agent 5.

The helper T cell agent 7 monitors the behavior of other agents in the team (401). In particular, it checks whether the broker agent 6 is operating normally. Also, the thymus agent 5 is regularly contacted (401, 502). Therefore, it is checked whether or not a virus infection is a little suspicious or whether there is regular contact (402). This step and step 4
03 will be described later. If suspicion of unauthorized access or a certain period of time has passed since the last key change (404),
The thymus agent 5 is requested to change the encryption key (405). When the thymus agent 5 receives the message from the helper T cell agent 7 (503),
It is an emergency encryption system for broker agent 6, and it sends a new key and changes the key of the normal encryption system.
In the normal encryption system after changing to the new key, the key of the emergency encryption system is immediately changed and the new key is notified (515). With this, even if the deciphering of the current ordinary encryption system is successful somewhere, the emergency key is normally not used at all, so the new key can be safely communicated. Also, regarding the normal encryption system,
Immediately after the change to the new key, there is a high possibility that it has not been decrypted, so you can still safely contact the new key of the emergency encryption system. In order to ensure a high level of security for the emergency encryption system, the encryption key used once is never used again.

When the encryption key is changed more than a certain number of times,
If the suspected misconduct is extremely strong (406), the helper T cell agent 7 requests the thymus agent 5 to adopt another encryption method (409), and then terminates the broker agent in charge. Order (41
0). When the broker agent 6 in charge ends and disappears (412), the helper T cell agent 7 enters self-destruction processing (414). When the helper T cell agent 7 disappears, the killer T cell agent 8 starts the self-destruction process, and all the virtual enterprise agents that originally existed at the site disappear (414).

Here, when it is clear that the agent requesting the access to the broker agent 6 in charge is illegitimate (407), before the helper T cell agent 7 instructs the broker agent 6 to terminate (410), Command the killer T cell agent 8 to forcibly terminate the agent that requested the misconduct (4
08). The killer T cell agent 8 moves through the network and executes a forced termination of the agent.
If the broker agent 6 is not terminated even though the broker agent 6 is instructed to terminate (No in 412), the killer T cell agent 8 is instructed to forcibly terminate the broker agent 6 (41).
3). With the disappearance of the broker agent 6, both the helper and killer T cell agents 7 and 8 start self-destruction processing (414).

The thymus agent 5, which has received a request for adoption of another encryption method, is the other helper T cell agent 7
Terminate regular contact with (512). As a result, the remaining helper T cell agents 7 command the broker agent 6 in charge to end (410), and finally all the virtual enterprise agents that originally existed disappear. Along with this, a team of broker agents 6 that employs an encryption method different from the previous one for communication between broker agents 6 and a corresponding helper, killer T cell agent 7, 8
Send again to each member agent (51
4).

The thymus agent 5 may create this new-born agent group immediately after receiving a request for adoption of the encryption method, or may generate it in its spare time and keep it in itself. good. In the present embodiment, a method is adopted in which a manufacturing process is performed after receiving a hiring request.

The encryption method adopted by the deleted current agent is registered in the "use prohibited encryption method list" (not shown) in the thymus agent 5 (513).
In the broker agents and the like generated thereafter, cryptosystems other than the "unusable cryptosystem list" are used. As a result, a secure encryption method is always secured.

The helper T cell agent 7 is the member agent 4 in charge, the broker agent 6, or another helper T cell agent 7.
If any sign of virus infection is found in the killer T cell agent 8 (402), only the member agent 4 of the killer T cell agent 8 is separated from the virtual enterprise. This is helper T cell agent 7
Commanded the forced termination of broker agent 6 (41
0), with the disappearance of the broker agent 6, both the helper and the killer T cell agents 7 and 8 start self-destruction processing (414). At this time, the helper T cell agent 7, which is the discoverer, sends a report to the thymus agent 5 about which agent may be infected (403). The thymus agent 5 is an agent other than the member agent 2 and if the infection is slight (505, 506), immediately sends a new team to the member agent 4 (508). If the member agent 4 itself is suspicious, the participating member 2
To that effect (507a) and until the countermeasure is taken (507b), the member agent 4 remains isolated. The thymus agent 5 notifies the other broker agents 6 that the broker agent 6 corresponding to the member agent 4 has disappeared. As a result, each broker agent 6 replies that the member agent 4 in charge requests access to the information in charge of the disappeared broker agent 6 and that the broker agent 6 is inaccessible in the isolated state. After the measures are taken by the participating member 2, the member agent 4 is restored by performing the same process as the joining process of a new member described later.

When it is judged that the infection symptom is malicious or the infection is already spreading, the thymus agent 5
Terminates the regular contact with all the helper T cell agents 7 (509) and creates a large amount of killer T cell agents 8 to quickly eliminate all the current virtual enterprise agents (510). The killer T cell agent 8 is mobilized because the current helper T cell agent 7, the killer T cell agent 8 and the broker agent 6 are degenerated, and all the current agents cannot be surely eliminated only by the regular disconnection of the thymus agent 5. This is because there is a possibility.
The newly mobilized killer T cell agent 8 itself
When the other agents are gone, self-destruction begins. Then, after the cause is resolved, the thymus agent 5 regenerates the broker agent 6, the helper T cell agent 7, and the killer T cell agent 8,
Distribute and restore all virtual enterprise agents (511).

When the participating member 2 withdraws from the virtual enterprise, the fact is notified to the management source. The management informs the thymus agent 5 to disconnect the participating members at some point. After the designated time, the thymus agent 5 terminates the regular contact with the helper T cell agent 7 in charge of the member agent belonging to the participating member (504). As a result, the broker agent 6, the helper, and the killer T cell agents 7 and 8 related to the member agent 4 disappear, and disconnection from the virtual enterprise is established (410 and 414). Also, the fact that those broker agents 6 have disappeared is notified to the other broker agents 6. These are the same processes as the isolation of the member agent 4 that may be infected by a virus.
If a member agent 4 desires an emergency disconnection in an emergency, it sends a withdrawal message to the broker agent 6 in charge. The broker agent 6 that has received it starts an unusual process such as creating a special file. The helper T cell agent 7 that has detected this command orders the broker agent 6 to terminate, and all the virtual enterprise agents that originally existed at the site disappear, and disconnection is established.

When a new member joins the virtual enterprise, the procedure similar to that for starting the virtual enterprise is followed. That is, first, the virtual enterprise manager receives an application for the member agent 4 from a new member. At this time, the encryption method adopted by each member agent 4 is also contacted. The virtual enterprise management source examines whether the participating member 2 and its member agent 4 are proper partners for participating in this virtual enterprise. If it is a valid partner, the information of each member agent is set to a state in which the thymus agent can accept it. Also, the thymus agent 5 is set so that the encryption method can be handled. Then, separately, the new member is informed of the result of the examination and the address of the thymus agent 5. Each member agent 4 in the new member is encrypted and the setting information of the new agent accessible to the member agent 4 and the list of information that the member agent 4 can provide, the member agent 4 frequently accesses Contact Thymus Agent 5 with a list of possible information. The thymus agent creates and sends a team of broker agent 6, helper, and killer T cell agent 7, 8 for each member agent. Further, it notifies all the current broker agents 6 that a new broker agent 6 has joined, so that the existing member agents 4 can access.

At the time of dissolution of the virtual enterprise, the management source informs the thymus agent 5 that the dissolution will occur at some point. Thymus agent 5
If you do not continue virtual enterprise (50
1, No), after the designated time, the regular contact with all the helper T cell agents 7 is terminated (504). As a result, all broker agents 6, helpers, and killer T cell agents 7, 8 disappear, and virtual
The dissolution of the enterprise is approved.

The life of a virtual enterprise is
Various cases are possible. Larger ones may be years, and smaller ones may be months, weeks, or even days. Even on a large scale,
Participation / withdrawal of members can be done in a few days.

[0059]

[Effects of the Invention] In a virtual enterprise composed of a plurality of enterprises or individuals, even if the encryption method adopted by each is different or the participating members are frequently changed, the member It is possible to easily realize that information can be exchanged only with. Also, when exchanging information within the virtual enterprise, it is easy to implement an immune mechanism that detects and excludes unauthorized access and isolates virus-infected members to prevent their transmission. It is possible.

As a result, a virtual enterprise having high security can be quickly established, continued, and dissolved, and the members participating in the virtual enterprise can enjoy the merit safely.

[Brief description of drawings]

FIG. 1 is a block diagram showing an overall configuration of a system to which the present invention is applied.

FIG. 2 is a flowchart at the time of starting a virtual enterprise in the system of FIG.

FIG. 3 is a flowchart of a broker agent when referring to / updating information in the system of FIG.

FIG. 4 is a flowchart of a helper T cell agent during security maintenance processing in the system of FIG.

5 is a flowchart of a thymus agent during security maintenance processing in the system of FIG.

6 is an explanatory diagram of an example of an information map in the system of FIG.

[Explanation of symbols]

 1 ... Physical network 2 ... Participating member 3 ... Firewall 4 ... Member agent 5 ... Thymus agent 6 ... Broker agent 7 ... Helper T cell agent 8 ... Killer T cell agent

Claims (10)

[Claims] 1. When sharing or exchanging information between a certain plurality of members in a network to which an unspecified number of sites are connected, each member has one agent for exchanging information. By exchanging information between each member and the corresponding information exchange agent by the encryption method specified for each member, each information exchange agent exchanges information by the encryption method specified separately, A method for ensuring security for networks, characterized in that information can be exchanged even if different members use different encryption methods. 2. The information exchange agent according to claim 1, which is outside the firewall of the internal network of each member, and each member communicates only with the corresponding information exchange agent through the firewall. A method for ensuring security for networks, characterized in that information can be exchanged with members of. 3. The information exchange agent according to claim 1 or 2, wherein each information exchange agent has a list of what information each member holds, and each member should be aware of which information is where. A security ensuring method for a network, characterized in that the information exchange agent exchanges information with other members who need it by communicating only with the corresponding information exchange agent, and each member can exchange information. 4. The transition of a member according to claim 1, 2 or 3, wherein each information exchange agent corresponding to each member is added according to participation of a new member or deleted according to withdrawal of an existing member. Correspondingly, a method for ensuring security for networks, characterized in that information can always be exchanged only between members. 5. The encryption system according to any one of claims 1 to 4, characterized in that the encryption system between the information exchange agents can be changed to a new system by replacing all the information exchange agents corresponding to each member. How to secure your network. 6. The information exchange agent according to claim 1, further comprising an abnormality monitoring agent corresponding to each information exchange agent, and the abnormality monitoring agent monitors the behavior of the corresponding information exchange agent. A method of ensuring security for a network, characterized in that, when an abnormality is detected, the member corresponding to the information exchange agent can be made in a state in which information exchange with other members is not possible by terminating the information exchange agent. 7. The information exchange agent according to claim 6, further comprising a forced termination agent corresponding to each information exchange agent, wherein the abnormality monitoring agent monitors the behavior of the corresponding information exchange agent, A method for ensuring network security, characterized in that, when an agent attempting to make unauthorized access to an agent is discovered, the agent for forced termination terminates the agent forcibly to prevent fraud from occurring. . 8. The agent for information exchange and the agent for abnormality monitoring according to claim 6 or 7,
The anomaly monitoring agent has a supervisory agent that is in constant contact with the anomaly monitoring agent.The anomaly monitoring agent terminates the corresponding information exchanging agent after the periodical contact with the supervisory agent is interrupted. It also has the function of terminating the information. By controlling the abnormality monitoring agent corresponding to a specific member by interrupting the regular contact, the general agent can put the member in a state where information cannot be exchanged with other members. A characteristic security method for networks. 9. The management agent according to claim 8, wherein the general agent can terminate all the information exchange agents and the abnormality monitoring agents by interrupting the regular communication to all the abnormality monitoring agents. A method for ensuring security for networks, characterized in that information exchange between them can be completed. 10. The integrated agent according to claim 8, wherein all the information exchanging agents and the abnormality monitoring agents are terminated by the general agent interrupting the regular communication to all the abnormality monitoring agents and immediately taking the place. A method of ensuring security for a network, characterized in that the encryption method between information exchange agents can be easily changed to a new method by generating and distributing an information exchange agent and an abnormality monitoring agent.