JPH09218851A - Computer network system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To keep the soundness of a network system by automatically detecting and correcting the loss of data due to the unauthorized alteration and accidents of the data and automatically performing the load distribution of computer processings under a distribution environment and the separation of a computer with a computing function fault. SOLUTION: The computers 100 connected by a communication network and provided with the same data in data bases 200 are respectively divided into a plurality of areas and installed and the respective computers 100 are in charge of the same processing, based on the data inside the data bases 200 in the respective areas. Further, the respective computers 100 compare the data inside the data bases 200 of the other computers 100 with the data provided inside their own data bases 200 through a communication channel 300, and when they are different, issue an alarm and change them to the appropriate data, based on the conditions of the data inside the data bases 200 of all the computers 100.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer network system.

[0002]

2. Description of the Related Art The value of information is increasing in an advanced information society. It is expected that the number of services that provide high-value information for a fee using the Internet will increase in the future. At this time, by fraudulently tampering with the paid data of the computer that provides the information, it is possible for an illicit person to make a great profit or to cause a great damage to another person. For example, if the electronic payment system performs the authentication process based on the key information of the public key server, an unauthorized person can make unauthorized access to the public key server and rewrite the key information for the convenience of the unauthorized person. It is possible to cheat, and it is possible to obtain a large amount of profit. Moreover, it is possible that the high-value data of the computer will be erased due to the administrator's negligence or an accident, resulting in significant damage. For this reason, it is necessary to enhance the security function that protects high-value data for a computer system that handles high-value data.

[0003]

Therefore, the main objects of the present invention are (1) automatic detection / correction of data tampering or data loss due to an accident, (2) in a distributed environment,
The present invention provides a computer network system having a feature of keeping a system in a healthy state by mutual interference between computers against troubles such as a function stop due to an excessive load on the computer or an accident of the computer.

[0004]

[Means for Solving the Problem] In the immune system of the living body, "discrimination between self and nonself" is strictly performed. That is,
The code that represents oneself is an MHC molecule, and the same MH as oneself
Attacks foreign substances that do not have C molecules and holds itself. The present invention realizes the above-described object of the present invention by mimicking such an immune system of a living body.

The basic idea of the present invention is that computers having the same data, which are connected by a communication line, are installed separately in a plurality of areas, and the computers are the same in each area based on the same data. Is in charge of processing
Furthermore, each computer compares the data of other computers with the data of itself via the communication line, and if they are different, issues a warning and changes to appropriate data based on the status of the data of all computers.

As one of the concrete implementation methods for solving the above-mentioned object (1), each computer is numbered from 1 to n, and any different computer i and computer j can be used.
The common key K (i, j) is shared in advance between (1 ≦ i, j ≦ n). Computer i is computer j = i + 1 (mod
n) to access the data P in the memory of computer j
The hash value h (P (j)) of (j) is calculated, and the hash value h of the data P (i) in the memory of the computer i is calculated.
(P (i)) is calculated and h (P (i)) = h (P
The process of performing the comparative inspection of data by confirming (j)) is repeated from i = 1 to n at regular intervals.

The hash value h (P (i)) of the data P (i) in the memory of the computer i (1≤i≤n) and the computer j =
When the hash value h (P (j)) of the data P (j) in the memory i + 1 (mod n) does not match, the computer i sends the information for changing the data to all the computers.

Each computer r that has received the information for changing the data uses the data P (r) in its own memory and the additional data change information S (r) (identification information such as the data change number and the data change date / time) as a key. It is encrypted with K (j, r) and transmitted to computer j.

The computer j decrypts the data P (r) and S (r) using the key K (j, r), checks S (r), and then P (1), ..., P (j- 1), P (j + 1), ...,
Of P (n), the data P (j) is changed to the matching data having a predetermined value or more.

As one of the concrete realization methods for solving the above-mentioned purpose (2), when a load of a predetermined value or more is applied to the computer, or the calculation processing is hindered due to the abnormality of the calculation function. , The computer sends a signal for load balancing to each of the other computers.

Each computer that has received the signal for load balancing transmits information indicating its own processing load to the computer for load balancing, and the computer for load balancing receives the load information of each computer. Then, the load amount to be distributed to each computer is calculated appropriately, and the load is distributed to each computer accordingly.

[0012]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described in detail below with reference to the drawings.

FIG. 1 is a diagram showing a system configuration of an embodiment of the present invention. This system has multiple areas 1-5
And a database 200 storing the same data.
The computer 100 and the database 200 in each area are connected to each other, and the computers 100 are connected to each other via a communication line 300. The cabinet computer 100 is a computer representing an area that provides information to a plurality of computers in the area.

FIG. 2 shows the internal configuration of the computer 100. The computer 100 includes a hash calculation device 101, a signature creating / verifying device 102, a data changing device 103, and a computing device 10.
4, encryption / decryption device 105, memory 106, communication device 10
7. A load balancer 108 is provided. The hash calculator 101 calculates the hash value h (P) of the given data P.
Is a device for calculating. For details of the hash function for obtaining a hash value, see Eiji Okamoto, "Introduction to Cryptography", Kyoritsu Shuppan (1993), Nos. 138-14.
It is described on page 1. The signature creation / verification device 102
This is a device for creating identification information to be described later and for performing a data comparison inspection. The data changing device 103 is a device for changing the data in the database. The arithmetic device 104 is a device for performing arithmetic on data. The encryption / decryption device 105 is a device for encrypting and decrypting data. The load balancer 108
This is a device that executes processing for distributing the load between computers. For specific processing of each of these parts,
It will be described later.

(First Embodiment) In the present embodiment,
The information providing server system will be described. That is, in this system, a qualified person who can receive the information access accesses the computer 100, performs an authentication process for being a qualified person, and, when accepted, provides the information stored in the database 200. As shown in FIG. 1, a computer 100 having a database 200 storing the same data connected by a communication line 300 is installed in a plurality of areas, and each computer 100 provides a service for providing data in each area. To do.

The memory of the database 200 is divided into m areas as shown in FIG.
Is a region k (1 ≦ k ≦
m) hash value h (P
k) is calculated, and the calculation result is stored in the additional area a (k). Here, k indicates 1, 2, ..., M. In addition,
The data Pk is data to be protected, and is paid information such as stock prices.

Each computer 100 is assigned a number from 1 to n, and the computer 100 with the number i is referred to as a computer 100 (i).

Further, any two computers 100 (i)
And the computer 100 (j) share a unique common key K (i, j) for encryption / decryption and store them in their respective memories 106. As the common key cryptosystem, known ones such as DES and FEAL can be used.

Each computer 100 inspects the data stored in the database 200 in the following data inspection step.

(Data inspection step) Each computer 100
(1), ..., 100 (n) repeats the following processing at regular intervals as shown in FIG. 4 until i = 1, ..., N, k = 1 ,. Compare and inspect the data.

(1) Computer 100 (i) is computer 100
(J = i + 1 (mod n)) to the communication device 107 (i)
Is accessed via the communication line 300 to obtain data h (Pj (k)) in the additional area a (k) in the memory of the database 200 (j). Where "j = i + 1"
(Mod n) "is the remainder value obtained by dividing i + 1 by n is j.
Means that

(2) The computer 100 (i) has h in the additional area a (k) of the memory of the database 200 (i).
For (Pi (k)), using the arithmetic unit 104 (i), h (Pi (k)) = h (Pj (k)), holds, that is, both hash values are equal. confirm. If this equation is not satisfied, the computer 100 (i) uses the communication device 107 (i) to make information for data change including the number k of the area in which data is changed with respect to each of the other computers 100 (i). Is transmitted via the communication line 300 using the communication device 107 (i). However, Pi
(K) represents the data in the area k of the memory of the database of the computer 100 (i). Here, the "information for changing data" means, for example, the number of the computer for changing the data, the number of the memory area for changing the data, the time information when the information for changing the data is transmitted, the data changing Is the number of the computer that sent the information for

In the data inspection step (2),
When the computer 100 (i) transmits information for data change, each computer 100 changes the data by the following steps.

(Data Change Step) (1) Each computer 10 that has received the information for data change
0 (r) (1 ≦ r ≦ n) stores the data Pk (r) in the area k where the abnormality is found and the data change additional information S (r) (information such as the data change number and the data change date / time) in the memory 106.
The encryption / decryption device 105 using the common key K (r, j) in (r)
Encrypt using (r). That is, E (r, k: j) = E (K (r, j): Pr (k) || S
(R)), and E (r, k: j) is calculated by the communication device 107 (r).
To send to the computer 100 (j) via the communication line 300. However, A || B represents the connection of data A and B. Concatenation means, for example, A = 1011 and B = 1100.
If it is 1, it means an operation of simply arranging data to be connected in time series, such as A | B = 101111001.

(2) The computer 100 (j) uses the sent encrypted text E (r, k: j) and the encryption / decryption device 105 (j) with the key K (r, j) in the memory 106 (j). ), Pr (k) ‖S (r) = D (K (r, j): E (r,
k: j)), and Pr (k) and S (r) are decoded. Calculator 100
(J) confirms the data change number, time date information, etc. of the additional information S (r), and then, in accordance with a predetermined security level t, the data P1 in the area k of each computer.
(K), ..., Pj-1 (k), Pj + 1 (k), ..., P
Of t (k), t or more matching data are judged to be valid data, and the data changing device 103 (j) is used to unify the data in the area k in the database 100 (j) to the valid data. To change.

(Second Embodiment) In the present embodiment,
In the first embodiment, a specific method of updating data in the database 200 will be described.

(Data Update Step) (1) An administrator is set for each computer 100, and the unique secret key di of the administrator i is stored in the memory 106 (i) of the computer 100 (i). In the memory 106 of each computer 100, the public key (ei,
ni) is stored. However, ni = pi × qi
(Pi and qi are prime numbers), ei × di≡1 (mod N
i) (Ni is the least common multiple of pi-1 and qi-1). Note that such a key is described on pages 88 to 91 of the above-mentioned "Introduction to Cryptographic Theory".

(2) Computer 100 for instructing data update
(R) is the computer 100 for the update data R and the update additional information S (information such as the update data number and update date and time).
Using the hash calculation device 101 (r) in (r), R ‖
The hash value h (R | S) of S is calculated, and the memory 106
Private key dr in (r) and signature creation / verification device 102
Using (r), wr = exp (h (R | S), dr) mod nr, is calculated, and R, S, and wr are further calculated in the encryption / decryption device 105.
It is encrypted with the key K (i, r) using (r), that is, E (r, i, R) = E (K (i, j): R | S || w
r), and E (r, i, R) is calculated by each of the other computers 100.
The communication line 107 (r) is used for (i)
To send via. However, A || B represents the connection of data A and B.

(3) The administrator i of the computer 100 (i) who has received the ciphertext E (r, i, R) reads 106 in the memory.
The encryption / decryption device 105 using the key K (i, r) of (i)
Using (r), R | S | wr = D (K (i, r): E (r, i,
R)), and decode R, S, and wr. After confirming the update data R and the update additional information S, the administrator i
Using the hash calculation device 101 (i) in (i), R‖
The hash value h (R | S) of S is calculated, and the memory 106
The signature creation / verification device 102 using the private key di in (i)
Using (i), the identification information wi is created by wi = exp (h (R || S), di) mod ni, and wi is stored in the memory 106.
Key K (i, j) in (i) and encryption / decryption device 105 (i)
The encrypted text E (K (i, j): wi) encrypted by using the communication device 107 (i) is transmitted to each of the other computers 100 (j) via the communication line 300. However, exp
(A, x) represents a value of a raised to the power x.

(4) The manager j of each computer 100 (j) uses the key K (i, j) in the memory 106 (j) and the encryption / decryption device 105 (j) to obtain the ciphertext E (K (i , J): wi)
, Wn are decrypted, and the data update code C is created for the identification information w1, w2, ..., Wn by C = (w1, w2, ..., Wn) (FIG. 5), and the update data R is obtained. C is computer 100
Input in (j).

(5) The computer 100 (j) has the memory 10
Using each public key (ek, nk) (1 ≤ k ≤ n) in 6 (j) and the signature creation / verification device 102 (j), h (R | S) ≡exp (wk, dk) (mod n
k), are inspected. This expression is h (R | S) -exp (wk,
dk) is divisible by nk. If the above equation is satisfied for all k, the data update processing has priority over the data inspection / change processing described in the first embodiment, and the computer 100 (j) uses the data change device 103 to make the database 200 (j The data in () is updated to R.

(Third Embodiment) In the present embodiment,
A modification of the second embodiment for updating the data in the database 200 in the first embodiment will be described.

(Data Update Step) (1) An administrator is set for each computer 100, and a unique secret key di of the administrator i is stored in the memory 106 (i) of the computer 100 (i). In the memory 106 of each computer 100, the public key (ei,
ni) is stored. However, ni = pi × qi
(Pi and qi are prime numbers), ei × di≡1 (mod N
i) (Ni is the least common multiple of pi-1 and qi-1).

(2) Computer 100 for instructing data update
(R) is the computer 100 for the update data R and the update additional information S (information such as the update data number and update date and time).
Using the hash calculation device 101 (r) in (r), R ‖
The hash value h (R | S) of S is calculated, and the memory 106
Private key dr in (r) and signature creation / verification device 102
Using (r), wr = exp (h (R | S), dr) mod nr, is calculated, and R, S, and wr are further calculated in the encryption / decryption device 105.
Encrypt with the key K (i, r) using (r). That is, E (r, i, R) = E (K (i, j): R || S || w
r), and E (r, i, R) is calculated by each of the other computers 100.
The communication line 107 (r) is used for (i)
To send via. However, A || B represents the connection of data A and B.

(3) The administrator i of the computer 100 (i) who has received the ciphertext E (r, i, R) reads 106 in the memory.
The encryption / decryption device 105 using the key K (i, r) of (i)
Using (r), R | S | wr = D (K (i, r): E (r, i,
R)), and decode R, S, and wr. After confirming the update data R and the update additional information S, the administrator i
Using the hash calculation device 101 (i) in (i), R‖
The hash value h (R | S) of S is calculated, and the memory 106
The signature creation / verification device 102 using the private key di in (i)
Using (i), the identification information wi is created by wi = exp (h (R || S), di) mod ni, and wi is stored in the memory 106.
Key K (i, r) in (i) and encryption / decryption device 105 (i)
The encrypted text E (K (i, r): wi) encrypted by using the communication device 107 (i) is transmitted to the computer 100 (r) via the communication line 300. However, exp (a,
x) represents a value of a raised to the power x.

(4) The administrator r of the computer 100 (r) uses the key K (i, r) in the memory 106 (r) and the encryption / decryption device 1.
05 (r) is used to decrypt wi from the ciphertext E (K (i, r): wi), and the data update code C is C = (w1, for identification information w1, w2, ..., Wn. w2, ..., Wn) (Fig. 5) and update data R and C are calculated by computer 100.
Input in (r).

(5) The computer 100 (r) has the memory 10
Using each public key (ek, nk) (1 ≤ k ≤ n) in 6 (r) and the signature creation / verification device 102 (r), h (R | S) ≡exp (wk, dk) (mod n
If the above equation is satisfied for all k, the data update processing has priority over the data inspection / change processing described in the first embodiment, and the computer 100 (r) is the data change device 1
Data in the database 200 (r) using R.03.
To update.

(6) The computer 100 (r) encrypts R, S and C with the key K (i, r) using the encryption / decryption device 105 (r), that is, E (r, i, C) ) = E (K (i, r): R || S || C), and E (r, i, C) is calculated by each of the other computers 100.
A communication line 300 using the communication device 107 (r) for (j)
To send via.

(7) Each computer 100 (j) has a memory 1
Each public key (ek, nk) in 06 (j) (1 ≦ k ≦ n)
And signature creation / verification device 102 (j), h (R | S) ≡exp (wk, dk) (mod n
If the above equation is satisfied for all k, the data update processing has priority over the data inspection / change processing described in the first embodiment, and the computer 100 (j) is the data change device 1
Data in the database 200 (j) using R.03.
To update.

(Fourth Embodiment) In the data updating step (1) of the second and third embodiments, the administrator i stores the secret key di in the memory 106 (of the computer 100 (i) ( i), not a computer such as an IC card 1
It is stored in a storage medium other than 00 (i) and is owned by the manager i.

(Fifth Embodiment) In the present embodiment,
In the first embodiment, each computer 1 as shown in FIG.
The mechanism of load balancing between 00s will be described.

(Load Balancing Step) (1) When a load equal to or more than a predetermined value is applied to the computer 100 or the calculation processing is hindered due to an abnormality in the calculation function, the load distribution device 108 of the computer 100 is activated. Then, a signal for load balancing is transmitted to each of the other computers 100 using the communication device 107 via the communication line 300.

(2) Each computer 100 that has received the signal notifying the load balancing uses the load balancing device 108 to send the communication device 107 to the computer 100 that has issued the load balancing signal regarding the information of its own calculation processing load. Using communication line 300
To send via.

(3) The load balancing computer 100 performs load balancing using the load balancing device 108 based on the load information sent from each computer 100. As a method thereof, for example, a part or all of its own load is distributed to one or a plurality of computers having a relatively light load.

(Sixth Embodiment) In the first embodiment, when the function of a computer 100 (i) is stopped, the computer 100 (j = i-1 (mod n)) is replaced by the computer 100 (i). ), The computer 1
00 (i) is disconnected, and computer 100 (i + 1 (mod
n)) is regarded as the computer 100 (i), and the comparison inspection / change of data is performed by the method of the first embodiment.
Data is updated by the method of the second embodiment and load distribution is performed by the method of the fifth embodiment.

[0046]

According to the present invention, since each computer independently inspects and corrects the data of another computer,
Even if an illicit person (maybe an administrator) tampered with the data of a certain computer, or even if the data was lost due to an accident, another computer would detect it and change it to proper data. Therefore, high-value data can be protected safely.

Further, in the case of a trouble such as an excessive load on a computer or a stoppage of a calculation function, the load is automatically distributed to other computers in a distributed environment. Therefore, it is not necessary to install a management computer for load balancing, and load balancing can be performed if the load balancing computer is operating normally. As a result, the system can always be kept in a healthy state.

[Brief description of drawings]

FIG. 1 is a diagram showing a system configuration of the present invention.

FIG. 2 is a diagram showing an internal configuration of a computer in the system configuration of FIG.

3 is a diagram showing a memory of a database in the system configuration of FIG. 1. FIG.

FIG. 4 is a diagram showing steps in which a computer in the system configuration of FIG. 1 checks data in a database of another computer.

5 is a diagram showing steps of creating a data update code for updating data in a database in the system configuration of FIG.

FIG. 6 is a diagram showing a mechanism by which a computer in the system configuration of FIG. 1 performs load distribution.

[Explanation of symbols]

100 ... Calculator, 101 ... Hash Calculator of Calculator 100, 102 ... Signature / Verification Device in Calculator 100, 10
3 ... data changing device in computer 100, 104 ... arithmetic device in computer 100, 105 ... encryption / decryption device in computer 100, 106 ... memory in computer 100, 107 ... communication device in computer 100, 108 ... computer A load balancer within 100.

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁶ Identification number Internal reference number for FI Technical indication H04L 9/32 H04L 9/00 675B (72) Inventor Kenji Sakuraba Ozenzenji, Aso-ku, Kawasaki-shi, Kanagawa Address: 1099 Company Hitachi, Ltd. System Development Laboratory

Claims (12)

[Claims] 1. In a computer system for performing calculation processing using specific data, computers having the data connected by a communication line are respectively installed in a plurality of areas, and each computer has the data in each area. Is in charge of the same calculation process, each computer compares the data of other computers with its own data via the communication line, and if they are different, it sends the information for data change to all other computers. A computer network system characterized by transmitting and changing the data of each computer to proper data based on the status of the data of all computers. 2. A computer according to claim 1, wherein each computer is numbered from 1 to n as a method of comparing the data of another computer with the data of its own via a communication line. Accesses the computer j = i + 1 (mod n), calculates the hash value h (P (j)) of the data P (j) in the memory of the computer j, and further, the data P (i) in the memory of the computer i. Of the hash value h (P (i)) of i and confirming h (P (i)) = h (P (j)), the step of performing the data comparison check is repeated from i = 1 to n. A computer network system characterized by being performed at regular intervals. 3. A computer according to claim 1, wherein each computer is numbered from 1 to n as a method of comparing the data of another computer with the data of its own via a communication line. The memory of each computer is divided into a plurality of areas 1, ..., M, and the area k (1 ≦ i ≦ n) of the memory of each computer i (1 ≦ i ≦ n).
The hash value h (Pi (k)) of the stored data Pi (k) is stored in k ≦ m), the computer i accesses the computer j = i + 1 (mod n), and the memory of the computer j is accessed. Hash value h (P
j (k)) and the hash value h (Pi (k)) in the memory area k of the computer i, h (Pj (k)) = h
A computer network system characterized by performing a comparative inspection of data for each area by confirming (Pi (k)), and each computer performing a comparative inspection of data by sequentially performing a data comparative inspection for each area. 4. The method according to claim 1, wherein each computer is numbered from 1 to n as a method of changing to appropriate data, and any different computer i and computer j (1 ≦ i, j) are selected. The common key K (i, j) is shared in advance between ≦ n, and the hash value h (P) of the data P (i) in the memory of the computer i (1 ≦ i ≦ n) is defined in claim 2. (I)) and the data P in the memory of the computer j = i + 1 (mod n)
When the hash value h (P (j)) of (j) does not match, the computer i transmits the information for changing the data to all the computers, and receives the information for changing the data. The computer r encrypts the data P (r) and the data modification additional information S (r) (identification information such as the data modification number and the data modification date and time) in its own memory with the key K (j, r), and the computer j Computer j uses the key K (j, r) to send data P (r) and S
After decoding (r) and checking S (r), P (1),
, P (j−1), P (j + 1), ..., P (n), the data P is the matching data having a predetermined value or more.
A computer network system characterized by changing (j). 5. A method according to claim 3, wherein each computer is numbered from 1 to n as a method of changing to appropriate data, and any different computer i and computer j (1 ≦ i, j ≦ n) share a common key K (i, j) in advance, and the area k (1 ≦ k ≦) of the memory of the computer i (1 ≦ i ≦ n) is shared.
m) the hash value h (Pi of the data Pi (k)
(K)) and the hash value h (Pj of the data Pj (k) in the memory area k of the computer j = i + 1 (mod n).
If (k) does not match, the computer i transmits information for data change including the number of the area to be changed to all computers, and each computer r that has received the information for data change Encrypts the data Pk (r) in the area k of its own memory and the data modification additional information S (r) (identification information such as data modification number and data modification date) with the key K (j, r), and , the computer j uses the key K (j, r) to decrypt the data Pr (k) and S (r), examines S (r), and then P1
(K), ..., Pj-1 (k), Pj + 1 (k), ..., P
A computer network system, characterized in that, among n (k), data Pj (k) is changed to matching data having a predetermined value or more. 6. The method according to claim 2, wherein each computer is numbered from 1 to n as a method of updating the data possessed by each computer. i and computer j (1 ≦ i, j ≦
n), the common key K (i, j) is shared in advance, and each computer i (1 ≦ i ≦ n) has an administrator i set, and the administrator i is unique. The administrator r who possesses the secret information si and instructs the data update using the computer r (1 ≦ r ≦ n) is the update data P and the data update additional information S.
The identification information w using the secret information sr for the data h (P, S) created from (update date and time, update data number, etc.)
r is created, and each of P, S, and wr is encrypted using the key K (r, i) in the computer r, and the ciphertext is sent to each computer i. The update data P and the data update additional information S are decrypted from the obtained ciphertext using the key K (r, i) in the computer i, and after checking S, the update data P and the update data additional information S are created. Data h
The identification information wi is obtained by using the secret information si for (P, S).
Is created and wi is a common key K for each of the other computers j.
Ciphertext E (K (i, j): w encrypted with (i, j)
i) is sent, and each manager j sends the sent ciphertext E (K (i, j):
Wi) is decrypted from wi using the key K (i, j) in the computer j, and the data update code C =
(S1, s2, ..., Sn) are created, the update data P, the update data additional information S, and the data update code C are input to the computer j, and the computer j confirms the correctness of each identification information of the data update code C. Then, the computer network system updates the update data P with priority over the data inspection / change processing according to any one of claims 2 to 5. 7. The method according to claim 1, wherein each computer is numbered from 1 to n as a method of updating the data possessed by each computer, and two arbitrary computers i and j are different from each other. (1 ≦ i, j ≦
n), the common key K (i, j) is shared in advance, and each computer i (1 ≦ i ≦ n) has an administrator i set, and the administrator i is unique. Each computer possesses the private key di, each computer possesses the public key (ei, ni) corresponding to the private key di, and the administrator r who instructs the data update using the computer r (1 ≦ r ≦ n) Data P and data update additional information S
Concatenated data P‖S (update date and time, update data number, etc.)
Using the secret key di for the hash value h (P || S) of, the identification information wr is created with wr = exp (h (P | S), dr) mod nr, and the concatenated data P | S || The ciphertext E (K (r, i): P.parallel.s.vertline.wr) obtained by encrypting wr using the key K (r, i) in the computer r is transmitted to each other computer i, and each administrator i. Is the ciphertext E (K (r, i): P | S | w
From r), the update data P, the data update additional information S and the identification information wr are decrypted using the key K (r, i) in the computer i, and after checking S, the update data P and the update data additional information S For the hash value h (P | S) of the concatenated data P | S, the identification information wi is created using the secret key di as follows: wi = exp (h (P | S), di) mod ni, The encrypted text E (K (i, j): wi) obtained by encrypting the encrypted key E with the key K (i, j) is transmitted to each of the other computers j, and each manager j transmits the encrypted text E (K ( i, j): w
i) is decrypted wi using the key K (i, j) in the computer j, and the data update code C = (s
, S2, ..., Sn), and inputs the update data P, the data update additional information S, and the data update code C to the computer i, and the computer i identifies each identification information wt of the data update code C wt.
For (1 ≦ t ≦ n), using the public key (et, nt), h (P∥S) ≡exp (wt, et) (mod n
When the validity of the data update code C is confirmed in t) and, the data inspection / change processing of claims 2 to 5 is given priority,
A computer network system characterized by updating to update data P. However, ni = pi × qi (pi, q
i is a prime number, ei × di≡1 (modNi) (Ni is p
i−1 and qi−1, the least common multiple), exp (a, x)
Represents the value of a raised to the power x. 8. The method according to any one of claims 2 to 5, wherein each computer is assigned a number from 1 to n as a method of updating the data possessed by each computer. Computer i and computer j (1 ≦ i, j ≦
n), the common key K (i, j) is shared in advance, and each computer i (1 ≦ i ≦ n) has an administrator i set, and the administrator i is unique. The administrator r who possesses the secret information si and instructs the data update using the computer r (1 ≦ r ≦ n) is the update data P and the data update additional information S.
The identification information w using the secret information sr for the data h (P, S) created from (update date and time, update data number, etc.)
r is created, and each of P, S, and wr is encrypted using the key K (r, i) in the computer r, and the ciphertext is sent to each computer i. The update data P and the data update additional information S are decrypted from the obtained ciphertext using the key K (r, i) in the computer i, and after checking S, the update data P and the update data additional information S are extracted. The identification information w is created for the created data h (P, S) by using the secret information si.
i is created, and wi is a common key K (i,
The ciphertext E (K (i, r): wi) encrypted by r) is transmitted, and the manager r sends the ciphertext E (K (i, r): w sent.
From i), wi is decrypted using the key K (i, r) in the computer r, and the data update code C = (s
, S2, ..., Sn), and inputs the update data P, the update data additional information S, and the data update code C to the computer j, and the computer j confirms the validity of each identification information of the data update code C. Then, prioritizing the data inspection / change processing of claims 2 to 5, the update data P is updated,
Further, the computer r transmits the ciphertext erj obtained by encrypting P, S, and C, respectively, using the key K (r, j) in the computer r, to each other computer j. Ciphertext sent from erj
To decrypt P, S and C using the key K (r, j) in the computer j, input P, S and C to the computer j, and the computer j validates each identification information of the data update code C. Is confirmed, the computer network system is updated with the update data P in preference to the data inspection / change processing of claims 2-5. 9. The method according to claim 1, wherein each computer is numbered from 1 to n as a method of updating the data possessed by each computer, and two arbitrary computers i and j are different from each other. (1 ≦ i, j ≦
n), the common key K (i, j) is shared in advance, and each computer i (1 ≦ i ≦ n) has an administrator i set, and the administrator i is unique. Each computer possesses the private key di, each computer possesses the public key (ei, ni) corresponding to the private key di, and the administrator r who instructs the data update using the computer r (1 ≦ r ≦ n) Data P and data update additional information S
Concatenated data P‖S (update date and time, update data number, etc.)
Using the secret key di for the hash value h (P || S) of, the identification information wr is created with wr = exp (h (P | S), dr) mod nr, and the concatenated data P | S || The ciphertext obtained by encrypting wr using the key K (r, i) in the computer r is transmitted to each of the other computers i, and each manager i uses the key K (r,
i) is used to decode the update data P, the data update additional information S, and the identification information wr, and after checking S, the update data P
For the hash value h (P | S) of the concatenated data P || S of the update data additional information S and the identification information w using the secret key di.
A ciphertext E (K (i, r): wi) in which i is created with wi = exp (h (P | S), di) mod ni, and wi is encrypted with a key K (i, r). To the computer r, and the administrator r sends the ciphertext E (K (i, r): w
From i), wi is decrypted using the key K (i, r) in the computer r, and the data update code C = (s
, S2, ..., Sn), and inputs the update data P, the data update additional information S, and the data update code C to the computer r, and the computer r identifies each identification information wt of the data update code C.
For (1 ≦ t ≦ n), using the public key (et, nt), h (P∥S) ≡exp (wt, et) (mod n
When the validity of the data update code C is confirmed in t) and, the data inspection / change processing of claims 2 to 5 is given priority,
The updated data P is updated, and the computer r further encrypts each of P, S, and C using the key K (r, j) in the computer r to obtain a ciphertext E (K (r, j): P | S ‖C) is sent to each computer j, and each manager j sends the ciphertext E (K
(R, j): From key P (| S || C), the key K (r,
j) is used to decrypt P, S, and C, and P, S, and C are input to the computer j, and the computer j uses the public key (et) for each identification information wt (1 ≦ t ≦ n) of the data update code C. , Nt)
, H (P | S) ≡exp (wt, et) (mod n
When the validity of the data update code C is confirmed in t) and, the data inspection / change processing of claims 2 to 5 is given priority,
A computer network system characterized by updating to update data P. However, ni = pi × qi (pi, q
i is a prime number, ei × di≡1 (modNi) (Ni is p
i−1 and qi−1, the least common multiple), exp (a, x)
Represents the value of a raised to the power x. 10. The computer according to claim 1, wherein a load equal to or greater than a predetermined value is applied to the computer, or when the calculation processing is hindered due to an abnormality in the calculation function, the computer distributes the load to each of the other computers. Each computer that transmits a signal for performing the load and receives the signal for performing the load balancing is
Information indicating the processing load of the computer is transmitted to the load-balancing computer, and the load-balancing computer appropriately calculates the load amount to be distributed to each computer from the received load information of each computer. The computer network system is characterized in that the load is distributed to each computer accordingly. 11. The computer according to claim 2, wherein each computer is numbered from 1 to n, and when the function of a computer i (1 ≦ i ≦ n) is stopped, the computer j = i−1 ( When the mod n) recognizes that the computer i has stopped, it disconnects the computer i, and the computer i + 1 (m
od n) is regarded as the computer i, the data is compared / inspected by the method of claim 2 or 3, and the data is changed by the method of claim 4 or 5, A computer network system characterized in that the data is updated by any one of the methods 9 and the load is distributed by the method of claim 10. 12. In claim 1, when a new computer connected to a communication line is added, n is replaced by n in any one of claims 2 to 10.
It is considered as +1 and the data is compared / inspected by the method of claim 2 or 3, the data is changed by the method of claim 4 or 5, and the data is changed by any of the methods of claims 6-9. A method for updating the data according to claim 1,
A computer network system characterized by performing load distribution by the method 0.