WO2004055687A1 - Systeme de distribution et procede de formation d'un environnement d'emission/reception de services - Google Patents

Systeme de distribution et procede de formation d'un environnement d'emission/reception de services Download PDF

Info

Publication number
WO2004055687A1
WO2004055687A1 PCT/JP2003/013078 JP0313078W WO2004055687A1 WO 2004055687 A1 WO2004055687 A1 WO 2004055687A1 JP 0313078 W JP0313078 W JP 0313078W WO 2004055687 A1 WO2004055687 A1 WO 2004055687A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
resource
providing
resources
data
Prior art date
Application number
PCT/JP2003/013078
Other languages
English (en)
Japanese (ja)
Inventor
Shigetoshi SAMESIMA
Katsumi Kawano
Takeshi Miyao
Yoshiaki Adachi
Original Assignee
Hitachi, Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi, Ltd. filed Critical Hitachi, Ltd.
Publication of WO2004055687A1 publication Critical patent/WO2004055687A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/5055Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering software capabilities, i.e. software resources associated or available to the machine

Definitions

  • the present invention relates to a distributed system in which a plurality of devices each including a processing unit that performs data processing and a communication unit that performs communication between other devices are connected, and each of them performs processing in cooperation with each other.
  • a distributed system in which a plurality of devices each including a processing unit that performs data processing and a communication unit that performs communication between other devices are connected, and each of them performs processing in cooperation with each other.
  • it relates to technology for building appropriate linkages for computer resources, programs, data, and other resources provided by each device in order to provide services according to the services received. It can be suitably applied to buildings, home systems, social systems such as plant control and manufacturing, logistics, and control systems such as transportation systems. Background art
  • Non-Patent Document 1 As a means for discovering such dynamic resources, there is a method called plug-and-play as a means for detecting a dynamic resource configuration.
  • a device can provide the functions that a device can provide as a service, and are broadcast to other devices when connected to a network.
  • the device using the service receives the message or broadcasts a message to search for another device by specifying the service to be used, and from the information of the device responding to the message, Search for devices.
  • the broadcast range is the range of network connection and is limited by the number of hops.
  • Non-Patent Document 2 a method of controlling the disclosure range of personal information according to the service, for example, there is P3P (Platform for Privacy Preferences) established by the World Wide Web Consortium (W3C) (for example, Non-Patent Document 2). This is to determine the type of personal information to be used on the service provider site and other servers that disclose the personal information, and decide whether to receive the service by comparing it with the disclosed personal information. .
  • P3P Platinum for Privacy Preferences
  • Non-Patent Document 3 As a method of restricting the access of each resource to other resources, there is, for example, the “The Ponder Policy Specification Language” (for example, Non-Patent Document 3). This describes permission to access a specific resource, data to be released, restrictions on access, and timing switching conditions for the specific resource. Specific resources to which access is permitted can also be registered as a group.
  • Non-Patent Document 1
  • Non-Patent Document 2
  • Non-Patent Document 3
  • the service search range is limited only to network connectivity, and there was a problem when personal information was leaked to search for an available service.
  • the resources used vary depending on the user and the service as described above, the conventional method that describes the service and the resources to be used as a policy and determines whether the user receives the service or not. In this case, there was a limit to the flexible use of resources to provide services.
  • the devices that cooperate to provide services are from widows such as Kiosk terminals that can be used for the public to access control devices that can be controlled only by specific users, servers such as servers that monitor and manage services and charge for them.
  • Security settings span a wide range. These devices range from high-spec devices with security management functions to low-spec devices without such functions. There are various combinations of resources that have data, resources that access data, and resources that guarantee performance, and not all resources can execute the specified policy. Alternatively, performance and security at the time of access can be secured In many cases, it is difficult to check in advance whether or not a combination exists, and it is difficult to describe all combinations as policies.
  • the present invention has been made in view of the above-mentioned problems, and among resources that are dynamically discovered, resources are flexibly shared only by resources that are effective for service provision, and a required condition is satisfied. Provide a service delivery environment that satisfies.
  • a plurality of devices each including a processing unit for performing data processing and a communication unit for performing communication with another device are connected, and a required service is provided to a distributed system that performs processing in cooperation with each other.
  • the resource disclosure policy as the security capability of either the confidentiality performance or the processing performance of the resource, it is possible to prevent leakage of data, etc. due to unauthorized use, and to secure the speed at which services are provided. it can.
  • a step of limiting the range of resources to be published that is, the range of granting access rights to resources, according to the assurance capability of resources such as security in a distributed system, and a service
  • a step of presenting at the level corresponding to the resource and a step of selecting the resource to be used for providing the service by comparing the service with the resource and providing an appropriate service according to the service and the personal information to be disclosed. Services can be exchanged using resources. .
  • a mode in which a mode corresponding to the service for which each resource is to be disclosed is held in association with the resource, and the service is identified and the resource is accessed. Restricting the public resources according to the request and the mode, and by executing the step, the data is not released to resources other than those effective for providing the desired service, and the required quality is maintained.
  • the necessary services can be formed.
  • the officer manages the relationship between a service and another service to share information when the service is hierarchically configured with other services, and manages a certain service.
  • the resource disclosure conditions of other services are delegated to the constituent partial services, so that services can be formed without having to describe resource availability for all combinations of resources.
  • FIG. 1 is a diagram showing the overall configuration of a system according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing a detailed block of the system configuration.
  • FIG. 3 is a diagram showing a configuration example of the user Cont ext table 21 1.
  • FIG. 4 is a diagram showing a configuration example of the required service condition 2 14.
  • FIG. 5 is a diagram showing a configuration example of the service list 2 12.
  • FIG. 6 is a diagram showing a configuration example of the device group management table 2 13.
  • FIG. 7 is a diagram showing a configuration example of the system configuration management table 2 16.
  • FIG. 8 is a diagram showing a configuration example of the resource disclosure policy 217.
  • FIG. 9 is a diagram showing the flow of the service forming process 232.
  • FIG. 10 is a diagram showing a message configuration example.
  • FIG. 11 is a diagram showing a configuration example of the mode management table 2 15.
  • FIG. 12 is a diagram showing a process flow of the service session management process 2 33. .
  • FIG. 13 is a diagram showing a processing flow of the embodiment in which the service formation processing distributes software.
  • Figure 1.4 shows an example of combining distribution software with existing programs.
  • FIG. 15 is a diagram illustrating an example of a system configuration in a situation where a specific service is realized.
  • a method for distributing software and managing the mode of the device using the software as a method when the device does not have a function for mode management.
  • FIG. 1 shows a configuration example of an embodiment of a system to which the present invention is applied.
  • the service system of the present embodiment includes a gateway 1 1 1, a floor server 1 1 2, It consists of 1 13 and device 1 2 1 to 1 2 4.
  • Devices 1 2 1 to 1 2 4 are equipment that controls the actual environment, such as an information processing device equipped with a display device such as a Kiosk terminal, a voice output device such as speed, or an automatic door / vacuum device. This is a device that is required to provide services such as providing information and controlling the real environment.
  • the gateway 1 1 1, the floor servers 1 1 2 and 1 1 3 and the device 1 2 2 are connected via a communication medium 13 1.
  • the floor server 1 1 2 and the device 1 2 1, the floor server 1 1 3 and the device 1 2 4, the device 1 2 4 and the device 1 2 3 use the wireless communication media 1 3 2, 1 3 3 and 1 3 4 respectively.
  • the communication medium may be a wire such as an Ethernet (registered trademark) twisted pair cable, or may be a power saving radio or a radio such as infrared.
  • the devices 14 1 and 14 2 used by the service user operate in conjunction with these floor servers and devices as the service user moves.
  • the service user device 1 4 1 is the floor server 1 1 2 and the device 1 2 1 via the wireless communication medium 1 3 2
  • the service user device 1 4 2 is the floor server 1 via the wireless communication medium 1 3 3 13 and device 1 2 4 respectively.
  • the personal information of the service user is stored in the service user device 141, 142 or the gateway 111.
  • These gateway floor servers, devices, and user devices are collectively referred to as devices here.
  • FIG. 2 shows a detailed configuration of a system in which two devices to which the present invention is applied are connected.
  • the service requesting device 201 is a communication interface with the outside, software for performing processing in each device, a storage unit for storing various data, and a program read from the storage unit for processing. And each unit is connected by an internal path.
  • the software for performing the processing of the device 201 includes a communication processing 231, a service formation processing 2332, and a processing program 2336.
  • the data used in each process is the user context table 2 1 1, the system configuration management table 2 16 and the required service conditions 2 It has a resource disclosure policy 2 17.
  • the communication process 231 is a process for exchanging data with another device via a communication interface, and performs encryption of communication between the devices.
  • the service formation process 232 publishes the personal information stored in the user's own user's Content Xt table 211 and uses the system configuration management table 216 and resource disclosure policy 217. Search for other devices and determine service providing devices.
  • the processing program 236 performs service providing processing in cooperation with other devices.
  • the personal information is stored in the user ConteXt table 2 1 1.
  • the personal information may be generated by some application program, or may be input to the service user through an external input / output unit 243 such as a keyboard.
  • the position information sensor may be acquired by using the external input / output unit 243.
  • it may be obtained from another device via the communication process 231.
  • the required service condition 2 14 stores the required service and its condition.
  • the requested service and its conditions may be input from the service user via the external input / output unit 243, or may be downloaded via the communication process 231.
  • the external input / output unit 243 is a device controlled by a processing program 236, such as a sensor actuator or a camera, or a device via a man-machine interface such as a liquid crystal panel, keyboard, or touch panel. It has a function of controlling the processing program 236 executed above and referring to an output value. However, this is not essential, and some devices do not have external input / output units.
  • the service requesting device 201 may be a service user device 141, 142, or may be a device for the service user to input, or a gateway for providing contents. There may be.
  • the service provider device 202 runs the processing program 235 A device that provides services.
  • the device 202 is, like the service requesting device 201, provided with a communication interface with the outside, a storage unit for storing software for performing processing in each device and various data, and a storage unit. It consists of a processing unit that reads out and processes the program, and each unit is connected via an internal path.
  • the software that performs the processing of the device 201 includes a communication process 231, a service formation process 2332, a service session management process 2333, and a processing program 235.
  • As data used in each process there are a user context table 211, a surf and a list 212, a device group management table 211 mode management table 215.
  • the service formation process 232 searches for the service list 221 of the own device or another device using the personal information provided from the service requesting device 201 or the service providing device 202.
  • the equipment that can provide the service and its interface are presented. ⁇
  • the service session management process 2 3 3 links data between devices specified by the service requesting device 201 and uses the resource disclosure mode described in the mode management table 210 to publish data between devices. Restrict resources such as computing resources and processing programs.
  • the processing program 235 is an application program that operates to provide services, exchanges information with humans and the environment via the external input / output unit 242, and uses the external storage 241. To store and withdraw data.
  • the device management table 2 13 stores management information on the devices used to provide the service.
  • the service list 2 12 stores information on interfaces that the processing program 23 S discloses to other processing programs.
  • the external input / output unit 242 is the same as that described for the external input / output unit 243 of the service using side device.
  • FIG. 3 shows a configuration example of the user context table 2 1 1.
  • the file 310 is composed of records 311 to 314.
  • Record 311 is an item indicating location information in the real world. Here, it is stored that “Address” indicating the address is “Chiyoda 1” in Chiyoda-ku and “Location” indicating the location is “areal”.
  • Record 312 shows personal information on the network. In this case, the e-mail address "E-Mail Address" is "anon@sdl.hitachi.co.jp". Is recorded.
  • the record 3 13 indicates the affiliated organization, and stores the religion, affiliated union, and the like.
  • Record 314 is a field for storing a user identifier, and stores, for example, a password ID for using a computer, an electronic signature indicating the user, and the like.
  • FIG. 4 shows a configuration example of the required service condition 2 14.
  • (A) shows the components of the entire required service condition 2 14. It consists of a service entry 651, a functional condition 652, a data condition 653, and a calculation condition 655.4.
  • the functional condition 652 is composed of the number of soft resources 612, resource identifiers and use interfaces 613 to 614 as shown in (b).
  • the number of soft resources 612 stores the number of soft resources used by the service represented by the identifier shown in the service entry 652.
  • the number of resources is the same as the number of items 6 13 and 6 14.
  • the resource identifiers and use interfaces 613 and 614 store the index of the software resource, the identifier of the processing program used by the service, and the interface used.
  • 'resource identifier' may or may not be specified.
  • the processing program is “*”, that is, an arbitrary processing program, and that the processing program indicated by the interface “InfoOut (Map) j is used.
  • IDL Interface Definition Language
  • IDL Interface Definition Language
  • ISBN4-7561-2015-6 Inside CORBA—Corba and its Application to System Development
  • WSDL Web Service Description Language
  • the data condition 653 is composed of the number of data resources 615 and the data resources 616 and 617 as shown in (c).
  • the number of data resources 6 15 stores the number of data resources used by the service represented by the identifier shown in the service entry 651.
  • the number of resources is the number of items 6 16 and 6 17.
  • the data resources 6 16, 6 and 17 store the identifiers and access conditions of the data used by the service.
  • item “O n 1 i n e” force S of data U se r C o n t ext is specified
  • data “M a p” is specified.
  • a data resource may be identified using a file name or a unique identifier for each resource.
  • the calculation condition 654 is composed of the number of calculation resources 6 18 and the calculation resources 6 19 as shown in (d).
  • the number of computational resources 6 18 stores the number of computational resources used by the service represented by the identifier shown in the service entry 651, and is the number of items 6 19.
  • the computational resource 6 19 stores the computational resource and amount used by the service in the device where the processing program specified by the software resource exists. For example, item 6 19 indicates that the device indicated by index 1 of the software resource requires two threads.
  • FIG. 5 shows a configuration example of the service list 2 12.
  • the service list 2 12 includes a service entry 5 11 1, a processing program 5 12, an interface 5 13 3, and a device identifier 5 14.
  • the service entry 511 is a finoredo that stores an identifier indicating the type of service.
  • the processing program '512' is a field for storing an identifier of a processing program which operates to provide the service.
  • the interface 513 is an interface provided by the processing program. This is a field for storing the identifier of the resource type.
  • the interface 5 13, like the use interface of FIG. 4, is not a call function of the processing program, but a series of call procedures as defined in, for example, WSDL (Web Service Description Language). Also includes the interface of the call processing from the processing program. In some cases, processing programs provide services in cooperation with each other.
  • the device identifier 514 is a field for storing the identifier of the device in which the processing program indicated by each record is stored. In the case of a processing program stored in the own device, the identifier of the own device is stored. When the processing provider of another device is used to realize the service entry 511, the identifier of the device storing the processing program 512 is stored. When a service is provided in cooperation with processing programs existing on multiple devices, the relationship is established in advance.If ⁇ , the service list 2 1 2 is constructed in this format. There is also.
  • Records in the service list 211 may have data resource registrations.
  • the data identifier is stored in the field of the processing program.
  • Record 5 23 shows an example of ⁇ .
  • the required service conditions and the service list are described as described with reference to FIGS. 4 and 5, and the resources that are effective in providing the service are determined by collating them as described later.
  • examples of software resources, data resources, and calculation resources have been described.
  • resources of input / output devices and other resources may be explicitly described and managed.
  • the flow of data between resources may be described, and this may be used for determining effective resources.
  • FIG. 6 shows a configuration example of the device group management table 2 13.
  • the device group management tape 213 includes fields 711 to 715.
  • the service session 711 is a field for storing the identifier of the entity of the service being provided, is generated by the service formation process 232, and is used by the service session management process 233. Where the same There are multiple entities with the service identifier of For example, the entity that provides the navigation service indicated by the service identifier “N avi” to user A using the device AA and the entity that provides the navigation service for user B using the device BB Exists. In this way, even if the service identifier is the same, if the device, processing program, or user used is different, it is identified by different service sessions. .
  • the configuration member 7 12 is a field for storing the configuration member devices of the session.
  • the device status 711 is a field for storing the status of the device indicated by the record
  • the task status 714 is for storing the status of the processing program for executing the service of the device indicated by the record.
  • the fields 713 and 714 can be updated, for example, by using a method as disclosed in Japanese Patent Application Laid-Open No. 2001-145174.
  • the update time 715 stores the latest time when the state of the device and the processing program indicated by the record is detected.
  • FIG. 7 is a diagram showing an example of the system configuration management table 2 16.
  • A is a diagram logically expressing an example of a system configuration to which the present invention is applied.
  • Computers 1901 to 1906 for performing the functions shown in the figure are connected by communication paths 1951 to 1957, respectively.
  • B is a part of the configuration management table and displays the assurance capability held by each communication path.
  • a communication path 1911 1 is a field for storing a classification of a communication path between devices.
  • the evaluation scale 1912 and the assurance level 1913 the evaluation scale and the assurance level of the communication channel indicated by each record are stored.
  • Record 1921 has communication channel "C1", that is, 1951 to 1953, power S, and evaluation scale "Confidentia 1", that is, assurance level "2" regarding confidentiality of communication channel. It has been shown.
  • the assurance level is arbitrarily determined for each system. For example, it can be determined at the following levels:
  • Assurance level 1 Individual encryption communication between devices
  • Assurance level 2 Encrypted communication shared between multiple devices
  • (c) is a part of the configuration management table, and displays the assurance capability held by each device.
  • the device 1931 is a field for storing the identifier of the device.
  • the evaluation scale 1932 and the assurance level 1933 are fields for storing the evaluation scale and the assurance level, respectively, similarly to the communication channel.
  • the guarantee level should be the same as described above.
  • FIG. 7 shows a configuration example of the resource disclosure policy 217.
  • Field 2 0 1 1 is a field for storing the identifier of the resource to be published.
  • each of the evaluation scales 201 and 2 and the assurance level 201 are the evaluation scales that are acceptable when disclosing each resource.
  • the assurance level is stored. For example, in record 2021, the resource “UserCont Xt: O ⁇ 1ine” must be disclosed to the assurance level “2” for the evaluation scale “Confidentia 1”. And forgive.
  • the resource “UserCont Xt: O ⁇ 1ine” must be disclosed to the assurance level “2” for the evaluation scale “Confidentia 1”. And forgive.
  • FIG. 1 shows a configuration example of the resource disclosure policy 217.
  • Field 2 0 1 1 is a field for storing the identifier of the resource to be published.
  • each of the evaluation scales 201 and 2 and the assurance level 201 are the evaluation scales that are acceptable when disclosing each resource.
  • FIG. 9 shows a processing flow of the service ⁇ processing 2 32.
  • the resource release policy, the resource to which the access right is to be disclosed, the evaluation scale, and the assurance level are set in the resource release policy 217
  • the transmission range of the service providing device search message is set in a range that satisfies the assurance level (step 211).
  • the system configuration in the system configuration management table 216 is compared with the resource release policy 217, and only devices that satisfy the assurance level are specified.
  • the service requesting device 201 acquires the condition of the requested service from the required service condition 214, generates a unique request identifier, creates a signature, and sends a service providing device search message (step 8 1 1).
  • the request identifier is created to be unique using, for example, the identifier of the own device and the time.
  • This message may be issued to a server that has a list of available services retrieved using a method such as the one found in the Understanding Universal Plug and Play White Paper, or a network segment. You can also cast it to the website.
  • the service-providing devices X and Y that have received this message search the service list 2 12 to determine whether their devices have resources that match the conditions described in this message. Find out and determine if it can be made public.
  • the specified resource is reserved.
  • the record of the detected service list or the secured computing resource is registered by adding a record to the mode management table 215.
  • exclusive control may be performed to determine that it cannot be disclosed. Also, access control may be performed.
  • the search message is forwarded to another service providing device (step 812).
  • the case where there is no part of the matching resources is, for example, the case where there is no matching processing program which is a part of the element for providing a certain service described in a certain service list.
  • the search message is transferred to other service providing devices using the Trader service method of “Inside CORBA—Corba and its application to system development” (ISBN4-7561-2015-6). , Turn The number of times of sending may be limited.
  • the service requesting device 201 receives the response message issued in step 812, and compares the request identifier added to the message with the request identification “” child created in step 810. Check whether the response is to the own device. Also, the resource information contained in the response message is obtained (step 813).
  • the system configuration management table 216 and the resource disclosure policy 217 are collated to extract a combination of a resource effective for service provision and a service provision form using the resource.
  • the flow of data between resources is described in the required service condition 2 14, and this may be determined.
  • the equipment to be used as the service providing equipment is selected according to the predetermined criteria (Step 8 14).
  • the predetermined evaluation measure is whether or not all resources providing the service described in the required service condition are accessible. If the judgment is valid, the session identifier information indicating the access right and the resource allocation are transmitted to the selected device (step 815), and the service is received. -If the result of the determination in step 211 is not valid, update the resource release policy 217 (step 215) and return to step 181. Updating of the resource disclosure policy is, for example, a process of relaxing the condition of the assurance level 2003 or adding a resource to be disclosed. These may be selected from the difference between the required service conditions 2 14 and the resources that were found. .
  • the selection of the service providing device is omitted in the present embodiment, for example, the attribute of the resource and the like can be registered in the service list 212 and used by returning it together with the resource information. .
  • authentication and access control of the service requesting device 201 may be performed using data added to the service providing device search message.
  • provide specific services In this embodiment, a method of distributing a message by adding a session identifier to the specification of the service providing device for the service is described. However, as shown in Japanese Patent Application No. 2002-44411, each service is provided. A session for data sharing between devices may be established and used to identify a particular service. Also, in this embodiment, an example has been described in which the required service conditions are added to the service providing device search message to search for resources that can be provided by the service providing device. The side device 201 may check with the required service condition.
  • FIG. 10 shows an example of a message configuration exchanged between devices.
  • (a) is a diagram showing a configuration example of a search message of a service providing device. This is issued in the message (1) of the service formation process 2 32 described in FIG.
  • This message consists of message header 911, message type 912, required service condition 913, requester signature 914, request identifier 915, and data 916.
  • the message header 911 is used in the communication process 231 and stores information necessary for exchanging data between devices. It also encrypts the message and anonymizes the sender.
  • the message type 912 stores information for identifying the type of the message, and stores information such as a service providing device search message and a response message to the message.
  • the required service condition 9 13 is a condition for searching for a service providing device.
  • the information of condition 2 14 is stored.
  • the request source signature 914 stores the signature at the time of issuing the message in the service using side device that has issued the service providing device search message.
  • the request identifier 915 is information for uniquely identifying the service providing device search message.
  • Data 916 is a field for storing other additional data.
  • (b) is a diagram showing a configuration example of a response message to the service providing device search message described in (a) '. This is issued in the message (2) of the service formation process 2 32 described in FIG.
  • the message header is the same as in ( a ), and the message type 9.12 stores that it is a service providing device response message.
  • the request source signature 914 and the request identifier 915 stored in the service providing device search message received as a trigger for transmitting the response are included in the request source signature 914 and the request identifier 915.
  • the provided service 921 stores a resource provided by the transmission source device of the response message acquired from the service list 212 or a service identifier and related information.
  • (c) is a diagram showing a configuration example of a message for determining and specifying a service providing device. This is issued in the message (3) of the service formation process 2 32 described in FIG.
  • the message header 911, the message type 912, the requester signature 914, and the session identifier 932 are the same as the service providing device search message described in (a).
  • the session identifier 932 a unique identifier that is generated in step 815 and is a key for using the resource for providing the service is stored.
  • the allocation data 931 stores a column of resource identifiers that operate to provide the service.
  • As an example of a software resource an example is shown in which a software resource identifier and a use interface are stored in fields 941 to 942.
  • the number of resources constituting the allocation data 931 can be any number.
  • the service requesting device 201 has a resource disclosure policy.
  • the resource 217 exists is shown, even if the resource exists in another device, it can be easily implemented by acquiring the resource disclosure policy 217.
  • the level of service that can be provided can be determined according to the range of the resource whose access right is disclosed, and an appropriate service can be formed.
  • FIG. 11 shows a configuration example of the mode management table 2 15.
  • the mode management table 2 15 is composed of a resource identifier 4 11 1, a public mode 4 12 and a public purpose service 4 13.
  • the resource identifier 411 is an identifier of a resource in the device, and stores an identifier of a processing program, data, a computer resource, or the like.
  • the "open mode" 412 is an item for storing the open mode of the resource specified in each record. For example, the following specification is made.
  • the disclosure purpose service 4 13 specifies the identifier of the service that is to release the resource specified in each record.
  • record 422 indicates that the resource "map data" is open to other resources for the service specified by the identifier "Navi”.
  • the record 4 2 4 indicates that the thread of the operating system indicated by the resource “K Thread>” indicates that the specific resource of the service “Navi” is selected by the method described in this embodiment, and the session identifier "1" indicates that it is available for the assigned one.
  • Figure 15 shows the service 1 1 1 1 providing the “video viewing service” for user A and the service 1 1 1 2 providing the service for user B (air-conditioning temperature control).
  • An example of a service configuration is shown.
  • the service 111 uses the resource “speaker” and provides the service using the other service “video playback”.
  • the service "Video playback” is a resource "VCR” And provide services using “speakers”.
  • the users of service 1 1 1 1 1 and service 1 1 1 2 are different, and the data is not disclosed in these questions.
  • the service 1 1 1 1 and the service 1 1 2 1 are services for the same user A, and data is shared to provide the service. ⁇
  • FIG. 12 shows the flow of the service session management process 233 when the service is provided as shown in FIG. 15, for example.
  • the device X on the service providing side is the device 1101 having the user context table 111
  • the device Y on the service providing side is the device 1, 0 having the application program for providing the service. 1 is shown.
  • the link between the device X and the device Y is specified by the service formation process 2 32 described above.
  • the service providing device Y issues a position information request (step 101), and the service providing device ⁇ receives this (step 101) and confirms the service session identifier in the request message. (Step 1 0 1 3).
  • step 1 2 1 the hierarchical relationship between services is searched (step 1 2 1 1). If the resources can be secured (step 101), it is confirmed whether or not the member is the designated member of the requested service (step 104). If the service is formed by the service formation process 2 32, that is, if the service is a combination of a service session and a device registered in the device group management table, request data is returned (step 101). If the resources cannot be secured (step 101) and if the requested service is not the designated member (step 101), the request is rejected (step 101).
  • the description of the service hierarchy is formed by registering the services formed in the service list 212.
  • Data sharing between services is configured in the mode management table 2 15 It can be controlled by registering the identifier of the element service as a resource identifier. Using this, control can be performed according to the following applications.
  • Restricted resource disclosure Become a component of one service so that the resource is not directly disclosed to other services. For example, while providing a video playback service that outputs video output to a TV, access to a processing program having an interface such as TV program settings and power settings is suppressed.
  • a service can be formed without describing resource availability for all combinations of resources.
  • the service session management device X having the user Content X t is provided by the service providing device X.
  • the data corresponding to the application identifier may be voluntarily transmitted.
  • the service providing device Y controls to pass data only to the resource that provides the service specified by the service session identifier, and not to pass data to other resources.
  • the service session identifier may be used as a key for encrypting the public data, and the public side may perform encryption and the use side may perform decryption.
  • step 12 1 1 and the next judgment step can be omitted.
  • FIG. 13 is a diagram showing a flow of software distribution processing of the service formation processing.
  • a service providing device group is searched between the service requesting device 201 and the service providing device X using a known method such as "Unae: rstanding Universal Plug and Play White PaperJ".
  • Step 1 3 1 1) select a group of devices having functions effective for providing the service, select resources and management functions required for the service to be provided (Step 1 3 1 2), and select the resource management Distribute the software with the function to the selected device (Step 13 13)
  • the distributed service providing device X receives this and cooperates with the software already running on the device. (Steps 1 3 1 4).
  • Figure 14 is a diagram showing an example of combining distribution software and existing programs.
  • the processing program The mode is managed in 1712 by linking with other devices via the distributed software 1712 without directly linking the processing programs of the other devices with the processing programs of the other devices.
  • the software configuration inside is service-reliable via communication processing 1711.
  • the cost 21 2 is acquired and released to other devices only via the distributed software 17 12.
  • the software is distributed from the service requesting device. Although an example has been shown, it may be performed from another device.
  • software to be distributed in the present embodiment software for publishing data and processing programs and securing calculation resources, as well as software for monitoring data transmission and reception between devices may be distributed. Good.
  • the resources can be flexibly linked only with the resource group effective for providing the service according to the service.
  • the level of services that can be provided can be determined according to the range of resources for which access rights are disclosed, and appropriate services can be formed.
  • each resource has a mode to identify whether it is effective for providing a specific service.
  • this mode By using this mode to control public resources, data other than those effective to provide the desired service can be obtained.
  • the required services can be formed with the required quality without being disclosed.
  • resource management software is distributed to each device, and each device performs data transmission and reception between applications and execution management via the software, so that even devices that do not have a mode management function in advance can be used. Modes effective for providing services can be managed.
  • the resources can be flexibly linked only with the resource groups effective for providing the service according to the service.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente invention concerne un environnement d'émission/réception de services qui partage de manière souple des ressources uniquement par le biais d'un groupe de ressources compétent pour la fourniture de services dynamiquement trouvé parmi une pluralité de groupes de ressources et satisfaisant une condition requise. Un traitement (232) de formation de services envoie une condition (214) de service de requête et recherche les ressources décrites dans une liste (212) de services de chaque dispositif et les ressources de calcul de chaque dispositif de manière à estimer le niveau de services valides. A ce stade, la plage de recherche peut être limitée conformément à une politique (217) de divulgation des ressources. Dans le traitement (232) de formation de services de chaque dispositif, les données devant être présentées à un autre dispositif sont limitées. Un traitement (233) de gestion des sessions de services présente chaque ressource en fonction du service proposé au moyen du mode de divulgation de chaque ressource stocké dans la table (215) de gestion de mode.
PCT/JP2003/013078 2002-12-18 2003-10-10 Systeme de distribution et procede de formation d'un environnement d'emission/reception de services WO2004055687A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2002366023A JP4284060B2 (ja) 2002-12-18 2002-12-18 分散システムおよびサービス授受環境形成方法
JP2002-366023 2002-12-18

Publications (1)

Publication Number Publication Date
WO2004055687A1 true WO2004055687A1 (fr) 2004-07-01

Family

ID=32588296

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2003/013078 WO2004055687A1 (fr) 2002-12-18 2003-10-10 Systeme de distribution et procede de formation d'un environnement d'emission/reception de services

Country Status (2)

Country Link
JP (1) JP4284060B2 (fr)
WO (1) WO2004055687A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2520051A (en) * 2013-11-08 2015-05-13 Ibm Entitlement system and method for resources in a multi-computer system controlled by a single instance

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2416872A (en) * 2004-07-30 2006-02-08 Canon Kk System for managing tasks on a network by using a service discover, a task manager and a service publisher
GB0425860D0 (en) 2004-11-25 2004-12-29 Ibm A method for ensuring the quality of a service in a distributed computing environment
US8320880B2 (en) * 2005-07-20 2012-11-27 Qualcomm Incorporated Apparatus and methods for secure architectures in wireless networks
US8826369B2 (en) * 2009-08-11 2014-09-02 Nec Corporation Terminal, communication system, data management method, server and storage medium
KR101653237B1 (ko) 2010-03-25 2016-09-01 삼성전자주식회사 복수 장치를 이용하는 콘텐츠 서비스 제공 방법 및 시스템
JP5691318B2 (ja) 2010-09-09 2015-04-01 株式会社リコー 画像処理装置及び画像処理システム
JP6340996B2 (ja) 2014-08-22 2018-06-13 富士通株式会社 暗号化方法、情報処理プログラム、及び情報処理装置
EP3761593B1 (fr) 2014-11-14 2023-02-01 Convida Wireless, LLC Découverte de ressources et de services basée sur des autorisations
WO2017077581A1 (fr) * 2015-11-02 2017-05-11 富士通株式会社 Système, procédé et programme de traitement d'informations

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11203228A (ja) * 1998-01-20 1999-07-30 Nippon Telegr & Teleph Corp <Ntt> ネットワークリソース組み合わせ方式
EP0964334A2 (fr) * 1998-06-03 1999-12-15 International Business Machines Corporation Système, méthode et produit de programme d'ordinateur pour découvrir des ressources dans un environnement d'ordinateur distribué
EP1152334A2 (fr) * 2000-04-19 2001-11-07 Hitachi, Ltd. Méthode et système pour fournir des services d'application
JP2002073576A (ja) * 2000-08-31 2002-03-12 Toshiba Corp バッチジョブ制御システム
US20020184357A1 (en) * 2001-01-22 2002-12-05 Traversat Bernard A. Rendezvous for locating peer-to-peer resources

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11203228A (ja) * 1998-01-20 1999-07-30 Nippon Telegr & Teleph Corp <Ntt> ネットワークリソース組み合わせ方式
EP0964334A2 (fr) * 1998-06-03 1999-12-15 International Business Machines Corporation Système, méthode et produit de programme d'ordinateur pour découvrir des ressources dans un environnement d'ordinateur distribué
EP1152334A2 (fr) * 2000-04-19 2001-11-07 Hitachi, Ltd. Méthode et système pour fournir des services d'application
JP2002073576A (ja) * 2000-08-31 2002-03-12 Toshiba Corp バッチジョブ制御システム
US20020184357A1 (en) * 2001-01-22 2002-12-05 Traversat Bernard A. Rendezvous for locating peer-to-peer resources

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KASHIWA D ET AL: "Mobile computing ni okeru resource hakken shuho no ichiteian", THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TSUSHIN SOCIETY TAKAI KOEN RONBUNSHU 2, 7 September 1998 (1998-09-07), pages 131, XP002981582 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2520051A (en) * 2013-11-08 2015-05-13 Ibm Entitlement system and method for resources in a multi-computer system controlled by a single instance
US10298392B2 (en) 2013-11-08 2019-05-21 International Business Machines Corporation Resource entitlement in a multi-computer system controlled by a single instance

Also Published As

Publication number Publication date
JP2004199300A (ja) 2004-07-15
JP4284060B2 (ja) 2009-06-24

Similar Documents

Publication Publication Date Title
US7206788B2 (en) Schema-based services for identity-based access to device data
Xu et al. A federated capability-based access control mechanism for internet of things (iots)
Rhodes et al. Wearable computing meets ubiquitous computing: Reaping the best of both worlds
US8037519B2 (en) Apparatus and method for managing access to one or more network resources
KR100996621B1 (ko) 기술 디바이스들의 분류 방법 및 이 방법을 수행하기 위한 장치
US7613702B2 (en) Schemas for a notification platform and related information services
US7770229B2 (en) System and method for the propagation of DRM protected content
US9948517B2 (en) Methods and apparatuses for discovery and notification of services
JP4546720B2 (ja) 共通のグループラベルを用いたピア・ツー・ピアネットワークにおけるノード間の通信のための方法
Bracciale et al. Lightweight named object: An ICN-based abstraction for IoT device programming and management
US20030023623A1 (en) Schema-based service for identity-based access to presence data
US20060259575A1 (en) User interface distribution systems and methods
Undercoffer et al. A secure infrastructure for service discovery and access in pervasive computing
JP2003242123A (ja) 合議型アクセス制御方法
CN107637043A (zh) 用于约束环境中资源管理的业务提供方法、系统和装置
Zhang et al. A model of workflow-oriented attributed based access control
JP2019212017A (ja) 通信装置および通信方法
JP4284060B2 (ja) 分散システムおよびサービス授受環境形成方法
JP2003242119A (ja) ユーザ認証サーバおよびその制御プログラム
Handorean et al. Secure service provision in ad hoc networks
Chin et al. A context-constrained authorisation (cocoa) framework for pervasive grid computing
Kurkovsky et al. Classification of privacy management techniques in pervasive computing
KR20080000310A (ko) 홈네트워크 간의 정보 공유 시스템 및 정보 공유 방법,그리고 정보 공유 생성 방법
JP2007241560A (ja) ホームゲートウェイソフトウェアパーミッション管理システム
JP6798737B1 (ja) 個人情報管理システム及び個人情報管理方法

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase