WO2008056507A1 - Information management method and information processing device - Google Patents

Information management method and information processing device Download PDF

Info

Publication number
WO2008056507A1
WO2008056507A1 PCT/JP2007/069942 JP2007069942W WO2008056507A1 WO 2008056507 A1 WO2008056507 A1 WO 2008056507A1 JP 2007069942 W JP2007069942 W JP 2007069942W WO 2008056507 A1 WO2008056507 A1 WO 2008056507A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
reliability
node
data
nodes
Prior art date
Application number
PCT/JP2007/069942
Other languages
French (fr)
Japanese (ja)
Inventor
Yumiko Nakatsuru
Original Assignee
Konica Minolta Holdings, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Konica Minolta Holdings, Inc. filed Critical Konica Minolta Holdings, Inc.
Priority to JP2008543017A priority Critical patent/JPWO2008056507A1/en
Publication of WO2008056507A1 publication Critical patent/WO2008056507A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • G06F16/1834Distributed file systems implemented based on peer-to-peer networks, e.g. gnutella
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the present invention relates to a method for managing information in a network in which information is divided and distributed and held among a plurality of nodes, and an information processing apparatus as a node constituting the network
  • V a so-called distributed processing network has gradually appeared!
  • the communication function must also be distributed.
  • data communication must be freely performed between each node constituting the network.
  • a typical form is a form of communication network called P2P (Peer to Peer).
  • P2P is a network usage mode in which information is directly exchanged between an unspecified number of nodes.
  • the central server Even when a central server is required, the central server only provides a file search database and manages connection of nodes, and the exchange of data itself is performed by direct connection between nodes.
  • Patent Document 1 proposes a technique for calculating reliability based on physical information such as CPU usage rate and memory usage rate of each node, and managing connection based on the reliability level of each node. Has been.
  • the connection between nodes is formed in a self-organizing manner so that transmission and reception between the nodes can be performed most efficiently.
  • connection management that is, the topology of the network connection is only optimized according to the reliability of each node, and is not necessarily optimal for actual data distribution processing. Absent.
  • Patent Document 1 Japanese Patent Laid-Open No. 2005-252596
  • An object of the present invention is to solve the above-described problems, and to efficiently use the information that is divided and distributed and held in a plurality of nodes on the network, and a part of the distributed data. It is an object of the present invention to provide an information management method and an information processing apparatus as a node that are less likely to cause a failure such as being unable to acquire information and can suppress the concentration of a load on a specific node.
  • the present invention has the following features.
  • a method of managing information in a network system that divides information and distributes and holds the information to a plurality of nodes, the information being divided to distribute the information to a plurality of nodes and generating the divided information
  • a distribution destination node to which the division information generated by the division step and the information division step is distributed reliability calculated based on physical information of each node is set in advance according to the property of the information.
  • a distribution destination selection step for preferentially selecting nodes within the reliability tolerance range, and an information distribution step for distributing the division information to the distribution destination nodes selected by the distribution destination selection step.
  • a method for managing information characterized by comprising:
  • a node reliability list including information on distribution destination candidate nodes and reliability calculated based on physical information of the distribution destination candidate nodes. 2. The information management method according to 1, wherein the distribution destination node is selected.
  • the node reliability list collects a reliability table that includes information related to the reliability of the node to which the node is connected, held by a plurality of nodes, and is based on the plurality of collected reliability tables. 2. The information management method according to 2, wherein the information management method is created.
  • the reliability table acquires physical information published in a connection destination node of a node holding the reliability table, and each connection destination node calculated based on the physical information 3.
  • the reliability table includes a value calculated based on physical information by a connection destination node as reliability for each connection destination node. Information management method.
  • the plurality of nodes are selected with priority given to a connection destination with a small number of hops according to the number of divisions of the information, and the plurality of nodes held by the plurality of nodes are stored. 3.
  • the plurality of reliability tables include a plurality of different reliability values for the same node, the average value, the maximum value, the minimum value, or the weighted average value is used. 4. The information management method according to 3, wherein the reliability of the node is calculated using the method.
  • the physical information includes CPU specification information, CPU usage rate information, memory usage rate information, and connection time information in each node.
  • the reliability tolerance range is preset according to at least one of the importance of the information and the amount of calculation for the processing as the property of the information 1 Management method of information described in.
  • An information processing apparatus as a node in a network system that divides and distributes information to a plurality of nodes, and divides the information to distribute the information to a plurality of nodes. And the reliability calculated based on the physical information of each node as the distribution destination node to which the division information generated by the information division unit is distributed depends on the property of the information.
  • Distribution destination selection means for preferentially selecting nodes within a predetermined reliability tolerance range, and information distribution means for distributing the division information to the distribution destination nodes selected by the distribution destination selection means.
  • an information processing apparatus comprising:
  • the distribution destination selection unit includes: a distribution destination candidate node, and a distribution destination from a node reliability list that includes information related to reliability calculated based on physical information of the distribution destination candidate node. 14. The information processing apparatus according to 13, wherein a node is selected.
  • the distribution destination selection unit collects a reliability table, which is held by a plurality of nodes, and includes information on the reliability of the connection destination node of the node, and is based on the collected plurality of reliability tables. 15. The information processing apparatus according to 14, wherein the node reliability list is created.
  • the distribution destination selection unit acquires physical information published in the connection destination node, and holds the reliability table including the reliability of the connection destination node calculated based on the physical information. 16. The information processing device according to 15, wherein
  • the distribution destination selection means holds the reliability table including a value calculated by the connection destination node based on the physical information as the reliability of the connection destination node. 16.
  • the distribution destination selection unit preferentially selects the plurality of nodes according to the number of divisions of the information, giving priority to a connection destination with a small number of hops, and the plurality of nodes held by the plurality of nodes 16.
  • the node reliability list is created based on a reliability table, 15. Information processing device.
  • the distribution destination selection means includes an average value, a maximum value, a minimum value, or a weighted value. 16. The information processing apparatus according to 15, wherein any one of the average values is used to calculate the reliability of the node in the node reliability list.
  • the distribution destination selection unit re-creates the node reliability list every predetermined period or each time processing that affects the reliability of each node is performed.
  • the physical information includes at least one or more of CPU specification information, information on CPU usage, information on memory usage, and information on connection time in each node. 14.
  • the distribution destination selection unit presets the reliability tolerance range in accordance with at least one of the importance of the information and the amount of calculation for the processing as the property of the information. 14. The information processing apparatus according to 13, wherein
  • the information management method and the information processing apparatus as a node according to the present invention, when information is divided and distributed to a plurality of nodes on the network, the following processing is performed.
  • a node whose reliability calculated based on the physical information of each node is within the reliability tolerance range set in advance according to the nature of the information to be stored is preferentially selected as a distribution destination node. To distribute. As a result, it is difficult to obtain a part of the distributed information for the information distributed and held in multiple nodes on the network. It is possible to prevent the load from being concentrated on the network, and to use the distributed information efficiently for IJ.
  • FIG. 1 is a diagram showing an example of the overall configuration of a network 1.
  • FIG. 2 is a diagram illustrating a hardware configuration example of a node (terminal device) 2 configuring the network 1.
  • FIG. 4 is a diagram showing an example of a connection table TL of node 2 associated as shown in FIG.
  • FIG. 5 is a block diagram illustrating a functional configuration example of the node (terminal device) 2.
  • FIG. 6 is a sequence diagram for explaining an example of processing when establishing a connection for SSL communication.
  • FIG. 8 is a flowchart showing an example of a flow of data property determination processing.
  • FIG. 10 is a diagram showing a connection state of the network 1 in the information distribution arrangement processing example 1.
  • FIG. 11 is a diagram showing the description content of the reliability table held by each node in FIG.
  • FIG. 12 is a diagram showing a range of nodes that acquire a reliability table when the number of hops is 2 as a reliability table acquisition range.
  • FIG. 14 This is a diagram showing the contents of the created node reliability list in the information distribution arrangement processing example 1.
  • FIG. 14 This is a diagram showing the contents of the created node reliability list in the information distribution arrangement processing example 1.
  • FIG. 15 is a diagram showing a state in which divided data is distributed and distributed to a selected data distribution destination node in information distribution arrangement processing example 1;
  • FIG. 16 is a diagram showing a connection state of the network 1 in the information distribution arrangement processing example 2. 17] This is a diagram showing the range of nodes that acquire the reliability table when the number of hops is 3 as the reliability table acquisition range.
  • FIG. 19 This is a diagram showing the contents of the created node reliability list in the information distribution arrangement processing example 2.
  • FIG. 19 This is a diagram showing the contents of the created node reliability list in the information distribution arrangement processing example 2.
  • FIG. 20 is a diagram showing a state in which divided data is distributed and distributed to a selected data distribution destination node in the information distribution arrangement processing example 2. Explanation of symbols
  • FIG. 1 is a diagram illustrating an example of an overall configuration of a network 1 configured by an information management method and an information processing apparatus according to the present embodiment.
  • the overall configuration of the network 1 according to the embodiment of the present invention will be described with reference to FIG.
  • the network 1 includes a plurality of nodes such as terminal devices 2 (21, 22,..., 2n), a switch hub 3, a router 4, and an authentication server 5.
  • LAN Local Area Network
  • the terminal device 2 as a node constituting the network is an information processing device, and executes data input / output processing with another device such as a personal computer, a workstation, or a printer. It is a device to do.
  • a node simply refers to this terminal device, and a personal computer as an information processing device will be used.
  • P2P Peer to Peer
  • P2P is a network usage mode in which information is directly exchanged between an indefinite number of nodes.
  • the central server is not used, and the connection topology of FIG. 3 will be described later.
  • the nodes (terminal devices) 2 associated in advance are directly connected to communicate with each other.
  • Other nodes are indirectly connected through directly connected nodes.
  • the authentication server 5 is only responsible for management related to the certificate for authentication, and is not directly related to the connection for communication.
  • Router 4 is not directly involved in communication between nodes (terminal devices).
  • these nodes 2 perform data communication with each other while maintaining security, and efficiently.
  • the information is divided according to the reliability of each node so that it can be used, the distribution destination node is determined, and distribution is performed.
  • FIG. 2 is a diagram illustrating an example of a hardware configuration of the node (terminal device) 2.
  • the terminal device 2 includes a CPU 20a, a RAM 20b, a ROM 20c, a hard disk 20d, a communication interface 20e, an image interface 20f, an input / output interface 20g, and other various circuits or devices. .
  • the communication interface 20e is, for example, a NIC (Network Interface Card), and is connected to! /, Or one of the ports of the switching hub 3 via a twisted pair cable!
  • the image interface 20f is connected to a monitor and sends a video signal for displaying a screen to the monitor.
  • the input / output interface 20g is connected to an input device such as a keyboard or a mouse or an external storage device such as a CD-ROM drive. And the signal which shows the content of operation which the user performed with respect to the input device is input from an input device. Or, read the data recorded on a recording medium such as a CD—ROM into an external storage device and input it. Alternatively, data to be written to the recording medium is output to the external storage device.
  • an input device such as a keyboard or a mouse or an external storage device such as a CD-ROM drive.
  • the signal which shows the content of operation which the user performed with respect to the input device is input from an input device. Or, read the data recorded on a recording medium such as a CD—ROM into an external storage device and input it. Alternatively, data to be written to the recording medium is output to the external storage device.
  • the data disk 20d will be described later with reference to a functional block diagram (FIG. 5).
  • Programs and data are stored for! / These programs and data are read into the RAM 20b as necessary, and the programs are executed by the CPU 20a.
  • Each node 2 is given a host name (machine name), an IP address, and a MAC address for identification with other nodes 2.
  • the host name can be freely assigned by the network 1 administrator.
  • the IP address is given according to network 1 rules.
  • the MAC address is a fixed address given to the communication interface 10e of the node 2.
  • FIG. 3 is a diagram illustrating an example of a node topology, that is, a logical topology of the terminal device 2.
  • the connection form of the node (terminal device) will be described with reference to FIG.
  • the node 2 is assumed to be arranged in the virtual space. It is associated with at least one other neighboring node 2 in the virtual space, as indicated by the dotted line. And by these associations, all nodes 2 are directly or indirectly related to each other.
  • the number of hops the number of nodes via the shortest route to the partner node + 1. However, the number of hops that exceed the router can also be used.
  • FIG. 4 is a diagram showing an example of the connection table TL of the node 2 associated as shown in FIG.
  • a list of information for connection with other nodes 2 that can directly transmit data and have a hop number of 1, that is, “directly related” is stored in a table.
  • connection tables TL1, TL2, TL6, TL7, TL8, and TL9 as shown in FIG. 4 are stored in PC1, PC2, PC6, PC7, PC8, and PC9 in FIG. 3, respectively. .
  • FIG. 5 is a block diagram showing an example of the functional configuration of the node (terminal device) 2. The processing functions of each part of node 2 will be described with reference to FIG.
  • the other information holding unit 211 is used by attribute data indicating attributes of the node 2 or the user, a digital certificate of the node 2 itself, a revocation list (CRL), an operating system (OS), or application software. Data, data created by the user with application software, and other various data are stored as files.
  • the digital certificate is issued by the authentication server 5 at the request of the node 2, held by the node 2, and used to authenticate each other when the nodes 2 communicate with each other.
  • Revocation list CRU is a registration and description of digital certificate revocation due to node withdrawal, etc., which is managed by authentication server 5, but in this embodiment that performs P2P communication, each node 2 has its own revocation list (CRL). And manage updates.
  • connection table TL indicating a list of attributes such as the host name, IP address, and MAC address of the other node 2 directly associated with the node 2 itself. Saved.
  • connection tables TL1, TL2, TL6, TL7, TL8, and TL9 are stored in the connection table holding unit 201 of PC1, PC2, PC6, PC7, PC8, and PC9 in FIG. As described above using 4.
  • the contents of these connection tables TL are created in advance by the administrator based on the association of each node 2.
  • the other operation unit 212 manages the connection table TL held in the other information holding unit 211.
  • the other operation unit 212 performs processing such as storing data in the other information holding unit 211 or updating the stored data.
  • the attribute data is updated each time the environment or setting content of node 2 changes.
  • the other operation unit 212 performs authentication processing of the other node 2 based on a digital certificate transmitted from the other node 2 or the like. In addition, whether or not the digital certificate sent is revoked is checked with reference to the revocation list (CRL) stored in the other information holding unit 211 !. In addition, processing is performed when node 2 is about to newly join or leave the network.
  • CTL revocation list
  • Other operation unit 212 is connected via data reception unit 207 and data transmission unit 210 as necessary.
  • the data communication with other nodes 2 of the network 1 is performed, and the data in the other information holding unit 211 is referred to or updated as necessary.
  • the data receiving unit 207 performs a control process for performing data communication with other nodes 2.
  • the data receiving unit 207 receives a packet necessary for the node 2 among the packets flowing through the network 1.
  • the data analysis unit 208 extracts necessary information from the reception data received by the data reception unit 207 and analyzes the content thereof to determine the type of the reception data.
  • the data creation unit 209 creates transmission data to be transmitted to another node 2 based on an instruction from the other operation unit 212.
  • the data transmission unit 210 transmits the transmission data generated by the transmission data generation unit 209 and packetized to the other node 2.
  • the data operation unit 206 refers to data (information), and performs processing for dividing the data to be distributed.
  • the processing held in 201 is performed. That is, the data operation unit 206 functions as an information dividing unit and an information distributing unit.
  • the distribution destination nodes are accessed to collect and restore the divided data.
  • the data holding unit 201 holds data to be processed by the data operation unit 206 or divided data.
  • the reliability table operation unit 205 sets, for example, a range of distribution destination candidate nodes, collects a reliability table from the nodes in the range, and generates a reliability table held by itself. Do. To create the reliability table, the reliability calculation unit 204 collects the reliability calculation result of the connection destination node. Get and create. The reliability table will be described later.
  • the reliability calculation unit 204 acquires physical information from the connection destination node, calculates reliability, and acquires reliability tables of a plurality of distribution destination candidate nodes from the reliability table operation unit 205.
  • a process for creating a node reliability list, a process for obtaining a node reliability list from another node, and a process for selecting a distribution destination node from the node reliability list are performed. Details will be described later.
  • the reliability table holding unit 202 holds a reliability table of a plurality of distribution destination candidate nodes that are processing targets of the reliability table operation unit 205.
  • the reliability table includes information on the reliability of the connection destination node of the node.
  • the reliability holding unit 203 holds a node reliability list that is a processing target of the reliability calculation unit 204 and information necessary for the creation thereof. In some cases, it also holds the reliability and physical information obtained from the connected node.
  • the reliability table operation unit 205, the reliability calculation unit 204, the reliability holding unit 203, and the reliability table holding unit 202 function as a distribution destination selection unit.
  • the data operation unit 206, the reliability table operation unit 205, and the reliability calculation unit 204 communicate data with other nodes 2 of the network 1 via the data reception unit 207 and the data transmission unit 210 as necessary.
  • the data in the data holding unit 201, the reliability table holding unit 202, and the reliability holding unit 203 are referred to or updated as necessary.
  • the node 2 in the present embodiment can perform SSL (Secure Sockets Layer) communication with the node 2 directly or indirectly associated.
  • SSL is a protocol for securely transmitting and receiving data over a network by performing encryption using a digital certificate. The flow of processing for establishing a SSL communication connection in this embodiment will be described below.
  • FIG. 6 is a diagram for explaining an example of the flow of processing when establishing a connection for SSL communication. This will be described in more detail with reference to FIG. 6, taking as an example the case where the nodes in FIG.
  • connection itself is established.
  • the data creation unit 209 creates connection request data
  • the data transmission unit 210 transmits the connection request data to the other node PC2.
  • data receiving section 207 receives connection request data from PC1, and data analysis section 208 analyzes the type of the data. Naturally, it is analyzed as connection request data.
  • the data creation unit 209 generates connection permission data indicating that the connection is permitted, and transmits the connection permission data to the PC 1.
  • connection permission data is received by the data receiving unit 207 of PC1, and then a predetermined process is performed, PC1 and PC2 are connected. However, at this point, the connection for SSL communication has not been established yet, and then the flow for establishing a connection for SSL communication is entered.
  • the data creation unit 209 generates SSL version data indicating a compatible SSL version, and the data transmission unit 210 transmits this to the other (step Sl ).
  • the data transmission unit 210 transmits this to the other (step Sl ).
  • PC1 has sent SSL purge data to PC2.
  • the data reception unit 207 receives the SSL version data
  • the data analysis unit 208 analyzes the type of the data
  • the data creation unit 209 uses the PC2 of the versions indicated in the SSL version data. Select one compatible version with, and generate SSL version selection data indicating this.
  • the data transmission unit 210 transmits this to PC1 (step S2).
  • the X.509 digital certificate is transmitted to PC1.
  • This X.509 certificate If the certificate is not signed by a well-known authentication server 5, it also sends a chain of certificates to reach it.
  • PC1 holds in advance a root certificate that certifies authentication server 5 itself, and verifies whether any of them has signed an X.509 certificate received from PC2. Also, check if the certificate is not listed in the certificate revocation list (CRL) issued by the authentication server 5 that signed it, and if so, terminate communication at this point (step S3). .
  • CTL certificate revocation list
  • PC2 notifies PC1 of the end of response (step S4).
  • PC1 Upon receiving a response end notification from PC2, PC1 generates a pre-master key, which is a 384-bit random value, in order to generate a common key used in SSL communication.
  • the data creation unit 209 of the PC 1 encrypts the premaster key with the public key of the PC 2 included in the X.509 certificate received from the PC 2 and transmits it to the PC 2 (Step S5).
  • the PC 1 performs control to generate a common key that is actually used for data encryption based on the pre-master key and to switch the communication encryption key to the common key.
  • a cipher switch notification for switching the sign key is transmitted to the PC 2 (step S6).
  • PC2 When the notification of the sign change end from PC1 is received (step S7), PC2 also transmits the sign change notice to PC1 that performs the sign key change (step S8).
  • the data receiving unit 207 of PC2 decrypts the premaster key encrypted with its own public key received from PC1 with its corresponding private key.
  • the data analysis unit 208 analyzes this and confirms that the type of data is a premaster key
  • the data operation unit 204 generates a common key based on the received premaster key, and thereafter performs a communication with PC1. Then, control is performed so that encrypted communication using the common key is performed. In other words, the encryption key is switched.
  • the PC 2 transmits a notification of the completion of the number switching to the PC 1 (step S9).
  • connection establishment is performed when PC1 confirms the X.509 certificate of PC2.
  • PC2 may also check PC1's X.509 certificate. This is S
  • each node 2 of the network 1 can perform an operation of securely communicating as a mutually authenticated node.
  • the divided data is distributed to each node and held, and the distributed and held data is searched and collected, and distributed at any node. Data can be used.
  • the reliability here is the physical reliability, which relates to the processing performance and the degree of occurrence of a failure related to the connection.
  • the occurrence of such a failure is suppressed by selecting a distribution destination node based on the reliability of each node.
  • the reliability is calculated as the physical information power of each node.
  • Physical information includes, for example, CPU specification information, information on CPU usage, and memory usage. Information on connection time, information on connection time, and the like may be used.
  • Patent Document 1 Japanese Patent Laid-Open No. 2005-252596.
  • the physical information may further include geographical elements, dedicated hardware usage status, maintenance status, and the like.
  • a geographical element is an element such as a difference in the stability of power supply in, for example, a network overseas.
  • Dedicated hardware usage status refers to the factors such as whether encryption (decryption) processing is possible and whether it has dedicated processing functions for the data, such as whether it is for image processing.
  • the maintenance status is, for example, regular maintenance! /, Power, maintenance frequent occurrence! /, Na! /, Kato! /, And other factors.
  • the reliability is related to the processing performance and the degree of occurrence of a failure related to the connection.
  • the above-described physical information that affects the reliability is arbitrarily set, and it is freely trusted to reflect the effect most.
  • a degree calculation method may be set.
  • the reliability of each node obtained using the predetermined physical information and the calculation method as described above is stored in the reliability table by the connection destination node described in the reliability table. It is. In other words, the reliability table held by each node describes the reliability of the “directly associated” connection destination node of that node.
  • the distribution destination node is selected according to the reliability of each node obtained by creating the node reliability list as described above, but a node with a high reliability is simply selected. No way to choose!
  • the allowable reliability range of the distribution destination node that distributes the data is set, and the node having the reliability within the range is prioritized. As a distribution destination node.
  • the property of data is, for example, the importance of data or the amount of calculation for processing the data. For images and encrypted data that require a large amount of processing time, a node with high processing capacity should be selected. You should select a node with a low probability of connection failure.
  • an appropriate reliability tolerance range is set in advance according to the property of the data from the balance that prevents such reliability and load concentration, and the level may be too high or too low. Priority is given to the distribution-destination node with appropriate reliability.
  • distribution allocation processing that is, the nature of the data is determined, the data is divided based on it, a reliability tolerance range is set, a distribution destination node is selected based on the reliability of the node, and Explain the overall flow of distributed processing!
  • FIG. 7 is a flowchart showing a typical process flow from information division processing to distribution destination selection processing to information distribution processing.
  • FIG. 8 is a flowchart showing the flow of processing for determining the nature of data for information division processing and distribution destination selection processing.
  • the node holding the data first determines the nature of the data and sets the importance level of the data.
  • the nature of the data here is the degree of confidentiality of the data and the type of data indicating the amount of calculation for the processing of the data.
  • step S101 the node holding the data determines whether there is an instruction from the user for setting the importance of the data. That is, the data operation unit 206 It is determined whether or not the instruction input by the operation is stored in the data holding unit 201
  • step S101 If there is a user instruction input (step S101; YES), the importance level setting in step S103 is executed. If there is no user instruction input (step S101; NO), the next step S102 is executed.
  • step S102 the data operation unit 206 determines the nature of the data in order to set the importance level of the data.
  • the nature of data is the confidentiality of the data and the type of data.
  • Fig. 9 shows the correspondence table for data confidentiality and importance level settings based on data type.
  • the data operation unit 206 determines the nature of data classified into such a table from the data held in the data holding unit 201.
  • the confidentiality of data is classified as high confidentiality! /, In order, top secret, confidential, internal secret, disclosure to affiliated companies, disclosure possible or not specified, etc. A severity level of 5 is assigned. These can be determined by, for example, a method of reading information added to data or reading out embedded information.
  • the types of data are classified in such a way that those that require a large amount of computation, such as images and encrypted data, are less important than non-text data, which is more important, and text data.
  • importance levels 5 to 7 are assigned. These can be determined from the extension of the data file, for example.
  • step S103 the corresponding importance level is set based on the nature of the data. Or, if there is an instruction from the user, set the importance level according to it. That is, the data operation unit 206 refers to the data held in the data holding unit 201 and the table, and sets the importance level based on the property of the data.
  • the importance level based on the data properties also corresponds to the number of divisions for dividing the data and the reliability tolerance range of the nodes that distribute the data.
  • the number of divisions and the reliability depend on the data properties. Specified to change the degree tolerance.
  • step SI 1 the node holding the data divides the data in order to distribute the data to each node. That is, the data operation unit 206 refers to the data held in the data holding unit 201, and acquires the importance level set according to the nature of the data or according to a user instruction. Also, the number of divisions and the division method corresponding to the importance level are set, and the data is divided.
  • the number of divisions may be determined in advance so as to be appropriately set according to the data size, network scale, connection topology, and the like.
  • the data division method for example, a striping method for dividing a document or the like in units of lines may be used. Also, a public method such as a two-dimensional parity method, a multiple parity method, or a Reed-Solomon method may be used. Also, in order to avoid information damage and deterioration, redundancy may be provided at the time of division.
  • step S11 functions as an information dividing step.
  • a reliability tolerance range is set.
  • the reliability calculation unit 204 acquires the importance level set according to the data property from the data operation unit 206. Further, in order to collate the reliability of the data distribution destination node, a reliability tolerance range corresponding to the importance level is set and temporarily stored in the reliability holding unit 203.
  • the importance level according to the nature of the data refers to the importance of the data corresponding to the type of data (image data, encrypted data, etc.) as shown in Fig. 9, for example. is there.
  • data with high importance will have a higher reliability tolerance depending on the degree
  • data such as images that will take longer to process will have a higher reliability tolerance depending on the degree. I will make it correspond.
  • the reliability is represented by a value from 0 to 100. 0 is least reliable
  • the allowable range of reliability is expressed as “reliability 60-80”.
  • nodal force components whose reliability values are in the range of 60 to 80. It is preferentially selected as a distribution destination.
  • step S13 a range (hop count) for obtaining the reliability table is set.
  • the reliability table operation unit 205 sets a plurality of nodes that acquire the reliability table according to the number of divisions of data acquired from the data operation unit 206.
  • the setting method gives priority to the directly connected node (hop count 1) and adds nodes with a small hop count for connection. For example, if the range is up to 3 hops, the reliability table is obtained from a node that has 1, 2, or 3 hops.
  • the reliability table held by each node includes the reliability of the connection destination node (hop count 1) of the node. For example, if the node is PC1 in Fig. 3, a reliability table describing the reliability of PC2 and PC9 is created and maintained.
  • the range of nodes from which the reliability table is acquired needs to be set so that the number of nodes included in the plurality of reliability tables to be acquired is larger than the number of data divisions.
  • step S14 a reliability table is collected from the nodes in the acquisition range. That is, the reliability table operation unit 205 collects the reliability tables from the nodes within the acquisition range (hop count) set in step S13, and holds the acquired multiple reliability tables in the reliability table holding unit 202. To do.
  • the same node is acquired a plurality of times. For example, if the number of hops is 2, the force S will be connected via one node in the middle, and there will be two routes that connect to the same node via different nodes. .
  • a node reliability list is created from a plurality of reliability tables.
  • the reliability calculation unit 204 acquires the reliability table for the nodes in the acquisition range from the reliability table operation unit 205, creates a node reliability list by combining them, and stores it in the reliability holding unit 203.
  • the reliability table used for creation includes not only the reliability table acquired from other nodes but also the reliability table held by itself.
  • the node reliability list can be created by combining a plurality of reliability tables into one. For example, all nodes listed in multiple reliability tables should be listed in an appropriate order and listed with their reliability. These nodes are candidates for data distribution destinations.
  • node reliability in distinction from the reliability described in each reliability table.
  • c Select the node with the highest reliability from the multiple nodes each holding multiple reliability tables that describe the same node, and take the value of the reliability table held by that node.
  • the weight of the reliability table held by each node is weighted and averaged using the reliability of multiple nodes holding multiple reliability tables each containing the same node.
  • step S 16 nodes whose node reliability is within the set reliability tolerance range are extracted. That is, the reliability calculation unit 204 refers to the node reliability list of the reliability holding unit 203 and compares and compares it with the allowable reliability range acquired from the data operation unit 206, so that the node reliability is acceptable. Extract nodes that are within range.
  • step S17 it is determined whether there is a node extracted in step S16. When there are one or more extracted nodes (step S17: YES), the process proceeds to step S19, and a process of selecting a distribution destination node is performed. If there is no extracted node (step S17: NO), the process proceeds to step S18, and the reliability table acquisition range or the reliability range change processing is performed.
  • the power of one or more units, the force determined by whether or not This number may be set arbitrarily. Since this is the selection of the distribution destination node, the minimum required number of data divisions is set as the maximum value. Set the number. Of course, if the required number is not enough, it may be selected from outside the allowable range of reliability.
  • step S18 when there is no extracted node, the reliability calculation unit 204 links the data operation unit 206 with one or more nodes whose node reliability is within the allowable reliability range.
  • step S12 the reliability tolerance is widened from the previous time, and steps S13 to S15 are the same as the previous time!
  • step S12 is omitted because it is the same as the previous time, and the range (number of hops) for obtaining the reliability table in step S13 should be expanded from the previous time! /.
  • step S19 in the case where there is an extracted node the reliability calculation unit 204 preferentially selects the extracted node as a data distribution destination node. If the data distribution destination node is still insufficient, the node reliability may be selected by adding a near-resonance to the reliability tolerance range! /,
  • the selected data distribution destination node is held in the reliability holding unit 203.
  • step S12 to step S19 functions as a distribution destination selection process.
  • step S20 the divided data distribution process is performed. That is, the data operation part
  • the divided data allocated to each data distribution destination node is the data creation unit.
  • the data is sent to 209, formed into a network packet, and transmitted from the data transmission unit 210 to the designated distribution destination node.
  • step S20 functions as an information distribution process.
  • FIG. 10 to FIG. 15 will be used to describe information distribution arrangement processing example 1.
  • FIG. 10 is a diagram showing a connection state of the network 1 in the information distribution arrangement processing example 1.
  • FIG. 11 shows the contents of the reliability table held by each node.
  • the reliability tables in Tables 1 to 9 held by the PC1 to PC9 nodes are the PC1 reliability table to PC9 reliability table in Fig. 11, respectively.
  • the reliability of the node to which each node is connected is indicated by a numerical value from 0 to 100.
  • the node PC 9 holds data A to be distributed and held.
  • Data A is divided into 3 parts and distributed. Each divided data is data A-1, data A-2, and data A-3, and it is assumed that they are already held.
  • the number of candidate nodes for data distribution is sufficiently larger than 3! /.
  • the reliability table acquisition range is limited to 2 hops.
  • Figure 12 shows the range of nodes that acquire the reliability table when the number of hops is 2 as the reliability table acquisition range. From the perspective of PC9, nodes that can be reached via the arrow are nodes up to 2 hops, and the reliability table is obtained from 6 nodes including the local node.
  • the reliability table describes the reliability of the connection destination node of the node that holds it, nodes with up to 3 hops can be obtained as data distribution destination candidate nodes. Therefore, in this network, all nodes from PC1 to PC9 are data distribution destination candidates. [0183] In addition to the reliability table held by itself, PC9 obtains the reliability table held by PC1, PC2, PC7, and PC8 shown in FIG.
  • FIG. 13 shows the contents of the reliability table acquired by PC9.
  • these reliability tables include all node powers of PC1 to PC9 along with their reliability.
  • nodes underlined in each reliability table are nodes described in a plurality of reliability tables. To create a node confidence list, multiple confidence values for these same nodes must be combined.
  • FIG. 14 shows the contents of the created node reliability list. All nodes from PC1 to PC9 are listed along with node reliability as data distribution destination candidate nodes.
  • An underlined node is a node whose node reliability is within the reliability tolerance range set.
  • five nodes, PC1, PC3, PC6, PC7, and PC9, are extracted nodes.
  • FIG. 15 shows a state where the divided data of data A held by the PC 9 is distributed and distributed to the selected data distribution destination node.
  • the divided data, data A-1, data A-2, and data A-3, are distributed to the data distribution destination nodes PC9, PC1, and PC7, respectively.
  • FIG. 16 is a diagram showing a connection state of the network 1 in the information distribution arrangement processing example 2.
  • the connection topology is the same as in Fig. 3, but each node has its own reliability table (represented in Tables 1 to 9), as in the information distribution arrangement processing example 1 in Fig. 10.
  • the node PC 9 holds data B to be distributed and held.
  • Data B is divided and held in 5 parts. Each divided data is data B-1, data B-2, data B-3, data B-4, and data B-5, and they are already held.
  • the confidentiality of data B is designated as “confidential”, and its importance level is “2” according to FIG. Also, according to Fig. 9, the number of divisions is 5 and the allowable range of reliability is 61-80 reliability. This assumes the second from the top divided from 0 to 100.
  • the reliability table acquisition range is limited to 3 hops.
  • FIG. 17 shows the range of nodes that acquire the reliability table when the number of hops is 3 as the reliability table acquisition range.
  • the node that can be reached via the arrow is the node with up to 3 hops, and here the reliability table is obtained from all 9 nodes including the own node. Become. Therefore, in this network, all nodes from PC1 to PC9 are candidates for data distribution.
  • the PC 9 obtains a reliability table held by all the nodes shown in FIG.
  • FIG. 18 shows the contents of the reliability table acquired by PC9.
  • these reliability tables include all node powers of PC1 to PC9 along with their reliability.
  • the underlined nodes in each reliability table are nodes listed in a plurality of reliability tables, and here all the nodes correspond. To create a node reliability list, multiple reliability values for the same node must be combined.
  • FIG. 19 shows the contents of the created node reliability list. However, the fractional part was rounded down in the average value calculation. All node powers of PC1 to PC9 are listed along with node reliability as data distribution candidate nodes.
  • the nodes underlined in Fig. 19 are the nodes within the reliability tolerance range in which the node reliability has been changed. Here, PC6, PC7, and PC9 were extracted.
  • PC2, PC5, PC6, PC7, and PC9 are selected as the data distribution destination nodes.
  • FIG. 20 shows a state where the divided data of data B held by the PC 9 is distributed and distributed to the selected data distribution destination node.
  • Data B—1, Data B—2, Data B—3, Data B—4, and Data B—5, which are divided data, are distributed to the data distribution destination nodes PC9, PC2, PC5, PC6, and PC7, respectively. Has been.
  • the information management method and the information processing apparatus as a node, when dividing and distributing information to a plurality of nodes on the network, the following processing is performed. Will do.
  • a node whose reliability calculated based on the physical information of each node is within the reliability tolerance range set in advance according to the nature of the information to be stored is preferentially selected as a distribution destination node, and distributed. To do.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

It is an object to provide an information management method and an information processing device functioning as a node that can make an effective use of information distributed to, and held by, a plurality of nodes on a network, that are difficult to bring about obstruction that fails to acquire a part of distributed data, and that can suppress a load concentrated on a specific node. When this information management method divides information and distributes the divided information to a plurality of the nodes on the network, it selects such nodes with priority, as distribution destination nodes, that their reliability calculated in accordance with physical information of each node is in a tolerable range preset in advance in response to the nature of holding information and distributes the information to the nodes.

Description

明 細 書  Specification
情報の管理方法及び情報処理装置  Information management method and information processing apparatus
技術分野  Technical field
[0001] 本発明は、情報を分割し、複数のノード間で分散して保持するネットワークにおける 情報の管理方法、及びネットワークを構成するノードとしての情報処理装置に関する 背景技術  TECHNICAL FIELD [0001] The present invention relates to a method for managing information in a network in which information is divided and distributed and held among a plurality of nodes, and an information processing apparatus as a node constituting the network
[0002] 近年、ネットワークを構成する任意のノード間で自由にデータの送受信を行うような 通信形態を有するネットワークが盛んに利用されるようになってきた。  In recent years, a network having a communication form in which data is freely transmitted and received between arbitrary nodes constituting the network has been actively used.
[0003] 従来は、中央にホストの役目を担ったサーバなどがあり、クライアントとしての各端末 1S それぞれホストサーバにアクセスし、端末間でやり取りが必要であれば、ホストサ ーバが仲介して行うというタイプの中央集中処理型のネットワークが主流であった。  [0003] Conventionally, there is a server or the like serving as a host in the center, and each terminal 1S as a client accesses the host server for each terminal, and if communication between terminals is necessary, the host server mediates This type of centralized network was the mainstream.
[0004] これに対して、 V、わゆる分散処理型のネットワークが徐々に登場してきて!/、る。保存 する情報を分散する、またその処理を分散するといつた機構を実現するためには、通 信の機能も分散しなければならない。すなわち、ネットワークを構成する各ノード間で 、 自由にデータ通信が行われなければならない。  [0004] On the other hand, V, a so-called distributed processing network has gradually appeared! In order to realize the mechanism to distribute the stored information and to distribute the processing, the communication function must also be distributed. In other words, data communication must be freely performed between each node constituting the network.
[0005] 代表的な形態として、 P2P (Peer to Peer)と呼ばれる通信ネットワークの形態が ある。 P2Pは不特定多数のノード間で直接情報のやり取りを行うネットワークの利用 形態であり、技術的に中央サーバの媒介を要するものと、バケツリレー式にデータを 運ぶものの 2種類がある。  [0005] A typical form is a form of communication network called P2P (Peer to Peer). P2P is a network usage mode in which information is directly exchanged between an unspecified number of nodes. There are two types of technology, one that requires mediation from a central server and one that carries data in a bucket relay system.
[0006] 中央サーバを要する場合にも、中央サーバはファイル検索データベースの提供とノ ードの接続管理のみを行っており、データ自体のやり取りはノード間の直接接続によ つて fiわれている。  [0006] Even when a central server is required, the central server only provides a file search database and manages connection of nodes, and the exchange of data itself is performed by direct connection between nodes.
[0007] こういった分散処理のネットワーク形態を効率的に達成する技術が研究され、任意 のノード間でデータを分散して保持し、互いにデータ送受信を行うシステムが形成さ れている。  [0007] Technologies for efficiently achieving such a distributed processing network form have been studied, and a system has been formed in which data is distributed and held among arbitrary nodes and data is transmitted and received between them.
[0008] これらにより、ネットワークシステムの利用形態としての自由度は向上し、ユーザは 大きな利便性を手に入れた。また、任意のノード間で分割されたデータを分散保持 することにより、セキュリティを向上することができる。 [0008] With these, the degree of freedom as a use form of the network system is improved, and the user can Got great convenience. In addition, security can be improved by distributing and maintaining data divided between arbitrary nodes.
[0009] 例えば上記 P2Pのネットワークシステムにおいては、 SSL通信などで互いのデータ 送受信は機密性が守られており、分割されたデータが分散され保持されているノード すべてに第三者がアクセスすることは困難である。また一部のデータが漏れることが あっても、分散されたデータの全体に対しては安全が保たれ、情報漏洩などによるリ スクを最小限に抑えることができる。  [0009] For example, in the above P2P network system, the confidentiality of data transmission / reception is protected by SSL communication, etc., and a third party accesses all nodes where the divided data is distributed and held. It is difficult. Even if some data is leaked, the entire distributed data can be kept safe and the risk of information leaks can be minimized.
[0010] しかしながら一方では、データを分散して保持することは、データを集中管理するの と比較すると、効率という点からは負担となってしまう場合もある。  [0010] On the other hand, however, maintaining data in a distributed manner may be burdensome in terms of efficiency compared to centrally managing data.
[0011] 例えば、分割されたデータを分散して保持するとすれば、ネットワークの規模が大き ければ大きいほどデータを広く分散させることができ、セキュリティ面では向上するが 、広く分散されたデータを、ユーザは収集して復元処理しなければならない。従来の ように特定のサーバにアクセスすれば、それを取得できると!/、う訳には!/、かなレ、。  [0011] For example, if the divided data is distributed and held, the larger the scale of the network, the wider the data can be distributed, and although the security is improved, The user must collect and restore. If you access a specific server as before, you can get it! /, Or in other words! /, Kanare.
[0012] 広いネットワーク上から分散している必要なデータを収集してくるには、ネットワーク と各ノードにそれなりの負担を掛けることになり、待たされたり、場合によっては受信で きないといった障害が起こったりする可能性もある。また、多数のノードに分散して保 持すること自体、一部のノードに接続停止などの障害が生じてしまうと、全体のデータ を取得できなくなってしまうといった危険性もはらんでいる。 [0012] In order to collect the necessary data distributed over a wide network, the network and each node are burdened appropriately, and there is a problem such as waiting and receiving in some cases. It can happen. In addition, there is a risk that if all nodes are distributed and stored, a failure such as connection stoppage occurs in some nodes, the entire data cannot be acquired.
[0013] こういったデータの分散保持に伴うリスクを如何に軽減する力、が、今後重要な課題 となる。 [0013] The ability to reduce the risks associated with such distributed data retention will become an important issue in the future.
[0014] 例えば、特許文献 1では、各ノードの CPU使用率やメモリ使用率などの物理的情 報に基づいて信頼度を算出し、各ノードの信頼度に基づいて接続管理を行う技術が 提案されている。ノード間の送受信が最も効率的になされるように、ノード間の接続が 自己組織的に形成されるというものである。  For example, Patent Document 1 proposes a technique for calculating reliability based on physical information such as CPU usage rate and memory usage rate of each node, and managing connection based on the reliability level of each node. Has been. The connection between nodes is formed in a self-organizing manner so that transmission and reception between the nodes can be performed most efficiently.
[0015] しかしながら、この場合も接続管理、すなわちネットワークの接続のトポロジーを各ノ ードの信頼度に応じて最適化しているのみであり、実際のデータ分散処理に対して 最適であるとは限らない。  However, in this case as well, connection management, that is, the topology of the network connection is only optimized according to the reliability of each node, and is not necessarily optimal for actual data distribution processing. Absent.
[0016] すなわち、実際にどういう通信が行われるかは、データをどのように分散保持し、ど のように分散データを収集するかに依存するのであり、そういったデータ分散処理と 各ノードの信頼度とを適合させるよう、処理を行うべきである。 [0016] That is, what kind of communication is actually performed determines how data is distributed and held. Therefore, processing should be performed to match such data distribution processing with the reliability of each node.
特許文献 1 :特開 2005— 252596号公報  Patent Document 1: Japanese Patent Laid-Open No. 2005-252596
発明の開示  Disclosure of the invention
発明が解決しょうとする課題  Problems to be solved by the invention
[0017] ネットワークの接続形態を各ノードの信頼度に応じて最適化しても、例えば、たまた ま信頼度の低いノードにデータを分散すると、いくら接続管理を適正化しても、障害 の生ずる可能性は少なからずある。 [0017] Even if the network connection mode is optimized according to the reliability of each node, for example, if data is distributed to nodes with low reliability, failures may occur regardless of how much connection management is optimized. There are not a few sexes.
[0018] また、だからといって、逆に意図的に信頼度の高いノードにデータ分散するようにす ると、信頼度の高いノードに負荷が集中することが起こりやすくなり、力、えって非効率 になる可能性もある。 [0018] On the other hand, if data is intentionally distributed to nodes with high reliability, the load tends to concentrate on nodes with high reliability, which is inefficient. There is also a possibility.
[0019] 本発明の目的は、上記の課題を解決し、分割され、ネットワーク上の複数のノードに 分散して保持された情報を効率よく利用することができながら、分散されたデータの 一部を取得できないといった障害が発生しにくぐかつ特定のノードに負荷が集中す ることをも抑制できる情報の管理方法、及びノードとしての情報処理装置を提供する ことである。  [0019] An object of the present invention is to solve the above-described problems, and to efficiently use the information that is divided and distributed and held in a plurality of nodes on the network, and a part of the distributed data. It is an object of the present invention to provide an information management method and an information processing apparatus as a node that are less likely to cause a failure such as being unable to acquire information and can suppress the concentration of a load on a specific node.
課題を解決するための手段  Means for solving the problem
[0020] 上記の課題を解決するために、本発明は以下の特徴を有するものである。 In order to solve the above problems, the present invention has the following features.
[0021] 1. 情報を分割して複数のノードに分配して保持するネットワークシステムにおける 情報の管理方法であって、前記情報を複数のノードに分配するために分割し、分割 情報を生成する情報分割工程と、前記情報分割工程によって生成された前記分割 情報が分配される分配先ノードとして、それぞれのノードの物理的情報に基づき算出 された信頼度が、前記情報の性質に応じて予め設定された信頼度許容範囲内にあ るノードを優先的に選択する分配先選択工程と、前記分配先選択工程により選択さ れた分配先ノードに、前記分割情報をそれぞれ分配する情報分配工程と、を有する ことを特徴とする情報の管理方法。 [0021] 1. A method of managing information in a network system that divides information and distributes and holds the information to a plurality of nodes, the information being divided to distribute the information to a plurality of nodes and generating the divided information As a distribution destination node to which the division information generated by the division step and the information division step is distributed, reliability calculated based on physical information of each node is set in advance according to the property of the information. A distribution destination selection step for preferentially selecting nodes within the reliability tolerance range, and an information distribution step for distributing the division information to the distribution destination nodes selected by the distribution destination selection step. A method for managing information characterized by comprising:
[0022] 2. 前記分配先選択工程では、分配先候補のノードと、当該分配先候補のノード の物理的情報に基づき算出された信頼度とに関する情報を含むノード信頼度リスト から、前記分配先ノードが選択されることを特徴とする 1に記載の情報の管理方法。 [0022] 2. In the distribution destination selection step, a node reliability list including information on distribution destination candidate nodes and reliability calculated based on physical information of the distribution destination candidate nodes. 2. The information management method according to 1, wherein the distribution destination node is selected.
[0023] 3. 前記ノード信頼度リストは、複数のノードが保持する、当該ノードの接続先ノー ドの信頼度に関する情報を含む信頼度表を収集し、収集した複数の前記信頼度表 に基づいて作成されることを特徴とする 2に記載の情報の管理方法。 [0023] 3. The node reliability list collects a reliability table that includes information related to the reliability of the node to which the node is connected, held by a plurality of nodes, and is based on the plurality of collected reliability tables. 2. The information management method according to 2, wherein the information management method is created.
[0024] 4. 前記信頼度表は、当該信頼度表を保持するノードの接続先のノードにおいて 公開されている物理的情報を取得し、該物理的情報に基づき算出されたそれぞれの 接続先ノードの信頼度を含むことを特徴とする 3に記載の情報の管理方法。 [0024] 4. The reliability table acquires physical information published in a connection destination node of a node holding the reliability table, and each connection destination node calculated based on the physical information 3. The information management method according to 3, wherein the reliability of the information is included.
[0025] 5. 前記信頼度表は、それぞれの接続先ノードについての信頼度として、接続先ノ ードによってその物理的情報をもとに算出された値を含むことを特徴とする 3に記載 の情報の管理方法。 [0025] 5. The reliability table includes a value calculated based on physical information by a connection destination node as reliability for each connection destination node. Information management method.
[0026] 6. 前記ノード信頼度リストは、前記分割情報を分配するノードによって作成される ことを特徴とする 2に記載の情報の管理方法。  [0026] 6. The information management method according to 2, wherein the node reliability list is created by a node that distributes the division information.
[0027] 7. 前記ノード信頼度リストは、前記分割情報を分配するノードによって他のノード 力、ら取得されることを特徴とする 2に記載の情報の管理方法。 [0027] 7. The information management method according to 2, wherein the node reliability list is obtained from another node by a node that distributes the division information.
[0028] 8. 前記ノード信頼度リストは、前記情報の分割数に応じて、ホップ数の少ない接 続先を優先して前記複数のノードが選択され、該複数のノードの保持する前記複数 の信頼度表に基づいて作成されることを特徴とする 3に記載の情報の管理方法。 [0028] 8. In the node reliability list, the plurality of nodes are selected with priority given to a connection destination with a small number of hops according to the number of divisions of the information, and the plurality of nodes held by the plurality of nodes are stored. 3. The information management method according to 3, wherein the information management method is created based on a reliability table.
[0029] 9. 前記複数の信頼度表において、同一ノードに対して異なる複数の信頼度の値 が含まれる場合、平均値、最大値、最小値、または重み付きの平均値の何れ力、を用 いて当該ノードの信頼度が算出されることを特徴とする 3に記載の情報の管理方法。 [0029] 9. When the plurality of reliability tables include a plurality of different reliability values for the same node, the average value, the maximum value, the minimum value, or the weighted average value is used. 4. The information management method according to 3, wherein the reliability of the node is calculated using the method.
[0030] 10. 前記ノード信頼度リストは、所定の期間毎、もしくは各ノードの信頼度に影響 する処理が行われる毎に再作成されることを特徴とする 3に記載の情報の管理方法。 [0030] 10. The information management method according to 3, wherein the node reliability list is re-created every predetermined period or each time processing that affects the reliability of each node is performed.
[0031] 11. 前記物理的情報は、それぞれのノードにおける、 CPUのスペック情報、 CPU の使用率に関する情報、メモリの使用率に関する情報、及び接続時間に関する情報[0031] 11. The physical information includes CPU specification information, CPU usage rate information, memory usage rate information, and connection time information in each node.
、の少なくとも 1つ以上を含むことを特徴とする 1に記載の情報の管理方法。 2. The information management method according to 1, comprising at least one of the following.
[0032] 12. 前記信頼度許容範囲は、前記情報の性質としての、前記情報の重要度とそ の処理に対する計算量と、の少なくとも何れかに応じて予め設定されることを特徴と する 1に記載の情報の管理方法。 [0033] 13. 情報を分割して複数のノードに分配して保持するネットワークシステムにおけ るノードとしての情報処理装置であって、前記情報を複数のノードに分配するために 分割し、分割情報を生成する情報分割手段と、前記情報分割手段によって生成され た前記分割情報が分配される分配先ノードとして、それぞれのノードの物理的情報に 基づき算出された信頼度が、前記情報の性質に応じて予め設定された信頼度許容 範囲内にあるノードを優先的に選択する分配先選択手段と、前記分配先選択手段に より選択された分配先ノードに、前記分割情報をそれぞれ分配する情報分配手段と、 を有することを特徴とする情報処理装置。 [0032] 12. The reliability tolerance range is preset according to at least one of the importance of the information and the amount of calculation for the processing as the property of the information 1 Management method of information described in. [0033] 13. An information processing apparatus as a node in a network system that divides and distributes information to a plurality of nodes, and divides the information to distribute the information to a plurality of nodes. And the reliability calculated based on the physical information of each node as the distribution destination node to which the division information generated by the information division unit is distributed depends on the property of the information. Distribution destination selection means for preferentially selecting nodes within a predetermined reliability tolerance range, and information distribution means for distributing the division information to the distribution destination nodes selected by the distribution destination selection means. And an information processing apparatus comprising:
[0034] 14. 前記分配先選択手段は、分配先候補のノードと、当該分配先候補のノードの 物理的情報に基づき算出された信頼度とに関する情報を含むノード信頼度リストから 、前記分配先ノードを選択することを特徴とする 13に記載の情報処理装置。  [0034] 14. The distribution destination selection unit includes: a distribution destination candidate node, and a distribution destination from a node reliability list that includes information related to reliability calculated based on physical information of the distribution destination candidate node. 14. The information processing apparatus according to 13, wherein a node is selected.
[0035] 15. 前記分配先選択手段は、複数のノードが保持する、当該ノードの接続先ノー ドの信頼度に関する情報を含む信頼度表を収集し、収集した複数の前記信頼度表 に基づいて前記ノード信頼度リストを作成することを特徴とする 14に記載の情報処理 装置。  [0035] 15. The distribution destination selection unit collects a reliability table, which is held by a plurality of nodes, and includes information on the reliability of the connection destination node of the node, and is based on the collected plurality of reliability tables. 15. The information processing apparatus according to 14, wherein the node reliability list is created.
[0036] 16. 前記分配先選択手段は、接続先ノードにおいて公開されている物理的情報 を取得し、該物理的情報に基づき算出した接続先ノードの信頼度を含む前記信頼度 表を保持することを特徴とする 15に記載の情報処理装置。  [0036] 16. The distribution destination selection unit acquires physical information published in the connection destination node, and holds the reliability table including the reliability of the connection destination node calculated based on the physical information. 16. The information processing device according to 15, wherein
[0037] 17. 前記分配先選択手段は、接続先ノードによってその物理的情報をもとに算出 された値を、その接続先ノードについての信頼度として含む前記信頼度表を保持す ることを特徴とする 15に記載の情報処理装置。 [0037] 17. The distribution destination selection means holds the reliability table including a value calculated by the connection destination node based on the physical information as the reliability of the connection destination node. 16. The information processing device according to 15,
[0038] 18. 前記分配先選択手段は、前記ノード信頼度リストを自ら作成することを特徴と する 14に記載の情報処理装置。 [0038] 18. The information processing apparatus according to 14, wherein the distribution destination selection unit creates the node reliability list itself.
[0039] 19. 前記分配先選択手段は、前記ノード信頼度リストを他のノードから取得するこ とを特徴とする 14に記載の情報処理装置。 [0039] 19. The information processing apparatus according to 14, wherein the distribution destination selection unit obtains the node reliability list from another node.
[0040] 20. 前記分配先選択手段は、前記情報の分割数に応じて、ホップ数の少ない接 続先を優先して前記複数のノードを選択し、該複数のノードの保持する前記複数の 信頼度表に基づいて、前記ノード信頼度リストを作成することを特徴とする 15に記載 の情報処理装置。 [0040] 20. The distribution destination selection unit preferentially selects the plurality of nodes according to the number of divisions of the information, giving priority to a connection destination with a small number of hops, and the plurality of nodes held by the plurality of nodes 16. The node reliability list is created based on a reliability table, 15. Information processing device.
[0041] 21. 前記分配先選択手段は、前記複数の信頼度表において、同一ノードに対し て異なる複数の信頼度の値が含まれる場合、平均値、最大値、最小値、または重み 付きの平均値の何れ力、を用いて、前記ノード信頼度リストにおける当該ノードの信頼 度を算出することを特徴とする 15に記載の情報処理装置。  [0041] 21. When the plurality of reliability tables include a plurality of different reliability values for the same node, the distribution destination selection means includes an average value, a maximum value, a minimum value, or a weighted value. 16. The information processing apparatus according to 15, wherein any one of the average values is used to calculate the reliability of the node in the node reliability list.
[0042] 22. 前記分配先選択手段は、所定の期間毎、もしくは各ノードの信頼度に影響す る処理が行われる毎に、前記ノード信頼度リストを再作成することを特徴とする 15に 記載の情報処理装置。  [0042] 22. The distribution destination selection unit re-creates the node reliability list every predetermined period or each time processing that affects the reliability of each node is performed. The information processing apparatus described.
[0043] 23. 前記物理的情報は、それぞれのノードにおける、 CPUのスペック情報、 CPU の使用率に関する情報、メモリの使用率に関する情報、及び接続時間に関する情報 、の少なくとも 1つ以上を含むことを特徴とする 13に記載の情報処理装置。  [0043] 23. The physical information includes at least one or more of CPU specification information, information on CPU usage, information on memory usage, and information on connection time in each node. 14. The information processing apparatus according to 13,
[0044] 24. 前記分配先選択手段は、前記情報の性質としての、前記情報の重要度とそ の処理に対する計算量と、の少なくとも何れかに応じて、前記信頼度許容範囲を予 め設定することを特徴とする 13に記載の情報処理装置。  [0044] 24. The distribution destination selection unit presets the reliability tolerance range in accordance with at least one of the importance of the information and the amount of calculation for the processing as the property of the information. 14. The information processing apparatus according to 13, wherein
発明の効果  The invention's effect
[0045] 本発明にかかる情報の管理方法、及びノードとしての情報処理装置によれば、ネッ トワーク上の複数のノードに情報を分割して分配するに際して、次のように処理する。 すなわち、各ノードの物理的情報に基づき算出された信頼度が、保持する情報の性 質に応じて予め設定された信頼度許容範囲内にあるノードを、分配先ノードとして優 先的に選択し、分配する。これにより、ネットワーク上の複数のノードに分散して保持 された情報に対して、分散された情報の一部を取得できな!/、と!/、つた障害が発生し にくく、かつ特定のノードに負荷が集中することをも抑制でき、分散された情報を効率 よく禾 IJ用することカでさる。  [0045] According to the information management method and the information processing apparatus as a node according to the present invention, when information is divided and distributed to a plurality of nodes on the network, the following processing is performed. In other words, a node whose reliability calculated based on the physical information of each node is within the reliability tolerance range set in advance according to the nature of the information to be stored is preferentially selected as a distribution destination node. To distribute. As a result, it is difficult to obtain a part of the distributed information for the information distributed and held in multiple nodes on the network. It is possible to prevent the load from being concentrated on the network, and to use the distributed information efficiently for IJ.
図面の簡単な説明  Brief Description of Drawings
[0046] [図 1]ネットワーク 1の全体構成例を示す図である。  FIG. 1 is a diagram showing an example of the overall configuration of a network 1.
[図 2]ネットワーク 1を構成するノード (端末装置) 2のハードウェア構成例を示す図で ある。  FIG. 2 is a diagram illustrating a hardware configuration example of a node (terminal device) 2 configuring the network 1.
[図 3]ネットワーク 1を構成する各ノード 2の接続形態、すなわちノードの論理的なトポ ロジ一の例を示す図である。 [Figure 3] The connection form of each node 2 constituting network 1, that is, the logical topology of the node It is a figure which shows the example of a logistic.
[図 4]図 3のように関連付けられたノード 2の接続テーブル TL例を示す図である。 園 5]ノード (端末装置) 2の機能構成例を示すブロック図である。  FIG. 4 is a diagram showing an example of a connection table TL of node 2 associated as shown in FIG. FIG. 5 is a block diagram illustrating a functional configuration example of the node (terminal device) 2.
[図 6]SSL通信のコネクションを確立する際の処理例を説明するためのシーケンス図 である。  FIG. 6 is a sequence diagram for explaining an example of processing when establishing a connection for SSL communication.
園 7]情報分割処理から、分配先選択処理、そして情報分配処理に至るまでの代表 的な処理の流れを示すフローチャートである。 [7] This is a flowchart showing a typical process flow from information division processing to distribution destination selection processing to information distribution processing.
[図 8]データの性質の判断処理の流れの例を示すフローチャートである。  FIG. 8 is a flowchart showing an example of a flow of data property determination processing.
[図 9]データの性質に応じた重要度レベルの設定についてのテーブル例を示す。 園 10]情報分散配置処理例 1におけるネットワーク 1の接続状態を示す図である。 園 11]図 10における各ノードの保持する信頼度表の記載内容を示す図である。 園 12]ホップ数 2を信頼度表取得範囲とした場合の信頼度表を取得するノードの範 囲を示す図である。 [Figure 9] Shows an example of a table for setting the importance level according to the nature of the data. FIG. 10] is a diagram showing a connection state of the network 1 in the information distribution arrangement processing example 1. 11] FIG. 11 is a diagram showing the description content of the reliability table held by each node in FIG. FIG. 12 is a diagram showing a range of nodes that acquire a reliability table when the number of hops is 2 as a reliability table acquisition range.
園 13]情報分散配置処理例 1において、 PC9の取得した信頼度表の記載内容を示 す図である。 13] This is a diagram showing the contents of the reliability table acquired by PC9 in the information distribution arrangement processing example 1.
園 14]情報分散配置処理例 1において、作成したノード信頼度リストの内容を示す図 である。 14] This is a diagram showing the contents of the created node reliability list in the information distribution arrangement processing example 1. FIG.
[図 15]情報分散配置処理例 1において、選択されたデータ分配先ノードに、分割デ ータを振り分け、分配した状態を示す図である。  FIG. 15 is a diagram showing a state in which divided data is distributed and distributed to a selected data distribution destination node in information distribution arrangement processing example 1;
園 16]情報分散配置処理例 2におけるネットワーク 1の接続状態を示す図である。 園 17]ホップ数 3を信頼度表取得範囲とした場合の信頼度表を取得するノードの範 囲を示す図である。 FIG. 16 is a diagram showing a connection state of the network 1 in the information distribution arrangement processing example 2. 17] This is a diagram showing the range of nodes that acquire the reliability table when the number of hops is 3 as the reliability table acquisition range.
園 18]情報分散配置処理例 2において、 PC9の取得した信頼度表の記載内容を示 す図である。 18] This is a diagram showing the contents of the reliability table acquired by PC9 in Example 2 of information distribution arrangement processing.
園 19]情報分散配置処理例 2において、作成したノード信頼度リストの内容を示す図 である。 19] This is a diagram showing the contents of the created node reliability list in the information distribution arrangement processing example 2. FIG.
[図 20]情報分散配置処理例 2において、選択されたデータ分配先ノードに、分割デ ータを振り分け、分配した状態を示す図である。 符号の説明 FIG. 20 is a diagram showing a state in which divided data is distributed and distributed to a selected data distribution destination node in the information distribution arrangement processing example 2. Explanation of symbols
1 ネットワーク(P2P)  1 Network (P2P)
2 端末装置 (ノード)  2 Terminal equipment (node)
4 ノレータ 4 Norator
5 認証サーバ  5 Authentication server
201 データ保持部  201 Data holding part
202 信頼度表保持部  202 Reliability table holder
203 信頼度保持部  203 Reliability retention unit
204 信頼度算出部  204 Reliability calculation part
205 信頼度表操作部  205 Reliability table operation section
206 データ操作部  206 Data operation part
207 データ受信部  207 Data receiver
208 データ解析部  208 Data analysis part
209 データ作成部  209 Data creation part
210 データ送信部  210 Data transmitter
211 その他情報保持部  211 Other information holding section
212 その他操作部  212 Other controls
TL 接続テーブル  TL connection table
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0048] 以下に、図を参照して本発明に係る実施形態を説明する。  [0048] Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[0049] (ネットワークの全体構成) [0049] (Overall network configuration)
図 1は本実施形態に係る情報の管理方法、及び情報処理装置により構成されるネ ットワーク 1の全体的な構成の例を示す図である。図 1を用いて本発明の実施形態に 係るネットワーク 1につ!/、て、その全体構成を説明する。  FIG. 1 is a diagram illustrating an example of an overall configuration of a network 1 configured by an information management method and an information processing apparatus according to the present embodiment. The overall configuration of the network 1 according to the embodiment of the present invention will be described with reference to FIG.
[0050] ネットワーク 1は、図 1に示すように、複数台の端末装置 2 (21、 22、 · · ·、 2n)、スイツ チンダハブ 3、ルータ 4、および認証サーバ 5などのノードによって構成される LAN (L ocal Area Network)である。これらの端末装置 2は、スイッチングハブ 3にツイスト ペアケーブルによってスター型に繋がれて!/、る。 [0050] As shown in FIG. 1, the network 1 includes a plurality of nodes such as terminal devices 2 (21, 22,..., 2n), a switch hub 3, a router 4, and an authentication server 5. LAN (Local Area Network). These terminal devices 2 are twisted to the switching hub 3. Connected in a star shape with a pair cable!
[0051] ネットワークを構成するノードとしての端末装置 2は、情報処理装置であり、パーソナ ルコンピュータ、ワークステーション、またはプリンタなどのような、他の装置との間で データの入出力の処理を実行する装置である。以下、ノードといえば単にこの端末装 置のことを指し、情報処理装置としてのパーソナルコンピュータが用いられるものとし て説明する。 [0051] The terminal device 2 as a node constituting the network is an information processing device, and executes data input / output processing with another device such as a personal computer, a workstation, or a printer. It is a device to do. In the following description, a node simply refers to this terminal device, and a personal computer as an information processing device will be used.
[0052] また本実施形態では、 P2P (Peer to Peer)と呼ばれる通信ネットワークの形態を 採って!/、る。 P2Pは不特定多数のノード間で直接情報のやり取りを行うネットワークの 利用形態であり、技術的に中央サーバの媒介を要するものと、バケツリレー式にデー タを運ぶものの 2種類がある。  In this embodiment, a communication network called P2P (Peer to Peer) is adopted! /. P2P is a network usage mode in which information is directly exchanged between an indefinite number of nodes. There are two types of technology, one that requires mediation of a central server technically and one that carries data in a bucket relay system.
[0053] 本実施形態では、中央サーバは用いず、後で図 3の接続トポロジーを説明するが、 予め関連付けられたノード (端末装置) 2間では直接接続を行い、通信する。その他 のノードとは、直接接続したノードを介して間接的に接続することになる。認証サーバ 5は認証のための証明書に関わる管理のみを担い、通信のための接続には直接関 わらない。またルータ 4もノード (端末装置)間の通信には直接関与しない。  In the present embodiment, the central server is not used, and the connection topology of FIG. 3 will be described later. However, the nodes (terminal devices) 2 associated in advance are directly connected to communicate with each other. Other nodes are indirectly connected through directly connected nodes. The authentication server 5 is only responsible for management related to the certificate for authentication, and is not directly related to the connection for communication. Router 4 is not directly involved in communication between nodes (terminal devices).
[0054] P2Pでは、直接ノード同士が通信するため、如何にお互いの正当性を認証するか 、不正の入り込む余地を抑制するかというセキュリティが重要である。そのために認証 サーバ 5の発行するディジタル証明書を用いる。後述する SSL通信においては、 X. 509仕様のディジタル証明書が使用される。  [0054] In P2P, since nodes communicate directly with each other, it is important to determine how to authenticate each other and how to prevent room for unauthorized entry. For this purpose, a digital certificate issued by the authentication server 5 is used. In SSL communication, which will be described later, a digital certificate of the X.509 specification is used.
[0055] ディジタル証明書の有効期間を過ぎたり、秘密鍵の紛失や盗難などでそのディジタ ル証明書の信頼性が損なわれると、認証局は証明書失効リスト(CRL: Certificate Revocation List)に掲載し、公開することにより失効させる。  [0055] When the validity period of a digital certificate expires or the trustworthiness of the digital certificate is compromised due to loss or theft of the private key, the certificate authority is placed on the Certificate Revocation List (CRL). And expire by publishing.
[0056] 以下、上記の観点から、本実施形態に係るネットワークにおいて、各ノードで分散し て保持する情報について、セキュリティを保持しながら、これらのノード 2同士がデー タ通信を行い、効率的に利用できるよう、各ノードの信頼度に応じて、情報を分割し て、分配先ノードを決定し、分配配置する場合について説明する。  [0056] Hereinafter, from the above viewpoint, in the network according to the present embodiment, with respect to information distributed and held in each node, these nodes 2 perform data communication with each other while maintaining security, and efficiently. A case will be described in which the information is divided according to the reliability of each node so that it can be used, the distribution destination node is determined, and distribution is performed.
[0057] (端末装置の構成)  [0057] (Configuration of terminal device)
図 2はノード (端末装置) 2のハードウェア構成の例を示す図である。 [0058] 端末装置 2は、図 2に示すように、 CPU20a、 RAM20b、 ROM20c、ハードデイス ク 20d、通信インタフェース 20e、画像インタフェース 20f、入出力インタフェース 20g 、その他の種々の回路または装置などによって構成される。 FIG. 2 is a diagram illustrating an example of a hardware configuration of the node (terminal device) 2. [0058] As shown in FIG. 2, the terminal device 2 includes a CPU 20a, a RAM 20b, a ROM 20c, a hard disk 20d, a communication interface 20e, an image interface 20f, an input / output interface 20g, and other various circuits or devices. .
[0059] 通信インタフェース 20eは、例えば NIC (Network Interface Card)であって、 ツイストペアケーブルを介してスイッチングハブ 3の!/、ずれかのポートに繋がれて!/、る 。画像インタフェース 20fは、モニタと繋がれており、画面を表示するための映像信号 をモニタに送出する。  [0059] The communication interface 20e is, for example, a NIC (Network Interface Card), and is connected to! /, Or one of the ports of the switching hub 3 via a twisted pair cable! The image interface 20f is connected to a monitor and sends a video signal for displaying a screen to the monitor.
[0060] 入出力インタフェース 20gは、キーボード若しくはマウスなどの入力装置または CD — ROMドライブなどの外部記憶装置などと繋がれている。そして、ユーザが入力装 置に対して行った操作の内容を示す信号を入力装置から入力する。または、 CD— R OMなどの記録媒体に記録されて!/、るデータを外部記憶装置に読み取らせ、これを 入力する。または、記録媒体に書き込むためのデータを外部記憶装置に出力する。  [0060] The input / output interface 20g is connected to an input device such as a keyboard or a mouse or an external storage device such as a CD-ROM drive. And the signal which shows the content of operation which the user performed with respect to the input device is input from an input device. Or, read the data recorded on a recording medium such as a CD—ROM into an external storage device and input it. Alternatively, data to be written to the recording medium is output to the external storage device.
[0061] ノ、ードディスク 20dには、後で機能ブロック図(図 5)を用いて説明するが、データ保 持部 201、信頼度表保持部 202、信頼度保持部 203、信頼度算出部 204、信頼度 表操作部 205、データ操作部 206、データ受信部 207、データ解析部 208、データ 作成部 209、データ送信部 210、その他情報保持部 211 ,及びその他操作部 212な どの機能を実現するためのプログラムおよびデータが格納されて!/、る。これらのプロ グラムおよびデータは必要に応じて RAM20bに読み出され、 CPU20aによってプロ グラムが実行される。  [0061] The data disk 20d will be described later with reference to a functional block diagram (FIG. 5). However, the data holding unit 201, the reliability table holding unit 202, the reliability holding unit 203, and the reliability calculating unit 204 , Reliability table operation unit 205, data operation unit 206, data reception unit 207, data analysis unit 208, data creation unit 209, data transmission unit 210, other information holding unit 211, and other operation unit 212, etc. Programs and data are stored for! / These programs and data are read into the RAM 20b as necessary, and the programs are executed by the CPU 20a.
[0062] 各ノード 2には、それぞれ、他のノード 2との識別のために、ホスト名(マシン名)、 IP アドレス、および MACアドレスが与えられている。ホスト名は、ネットワーク 1の管理者 などが自由に付けることができる。 IPアドレスは、ネットワーク 1の規則に従って与えら れる。 MACアドレスは、そのノード 2の通信インタフェース 10eに対して固定的に与え られているアドレスである。  Each node 2 is given a host name (machine name), an IP address, and a MAC address for identification with other nodes 2. The host name can be freely assigned by the network 1 administrator. The IP address is given according to network 1 rules. The MAC address is a fixed address given to the communication interface 10e of the node 2.
[0063] 本実施形態では、ノード(端末装置) 21、 22、…ごとに「PC1」、「PC2」、…のような ホスト名が付されているものとする。以下、これらのノード 2をホスト名によって記載す ること力 sある。 In this embodiment, it is assumed that a host name such as “PC1”, “PC2”,... Is assigned to each of the nodes (terminal devices) 21, 22,. Hereinafter, these nodes 2 is Rukoto force s be stated by the host name.
[0064] (ノードの接続形態) 図 3はノードの接続形態、すなわち端末装置 2の論理的なトポロジーの例を示す図 である。図 3を用いてノード (端末装置)の接続形態を説明する。 [0064] (Node connection type) FIG. 3 is a diagram illustrating an example of a node topology, that is, a logical topology of the terminal device 2. The connection form of the node (terminal device) will be described with reference to FIG.
[0065] ノード 2は、図 3に示すように、仮想空間に配置されているものと仮想されている。そ して、点線で示すように、仮想空間内の近隣の少なくとも 1台の他のノード 2と関連付 けられている。かつ、これらの関連付けによって、すべてのノード 2が互いに直接的に または間接的に関連するようになっている。  As shown in FIG. 3, the node 2 is assumed to be arranged in the virtual space. It is associated with at least one other neighboring node 2 in the virtual space, as indicated by the dotted line. And by these associations, all nodes 2 are directly or indirectly related to each other.
[0066] なお、「直接的に関連」とは、図 3において 1本の点線で繋がれていること(例えば、 図 3の PC1と PC2または PC9とのような関係)を言い、「間接的に関連」とは、 2本以 上の点線および 1つ以上のノードで繋がれていること(例えば、図 3の PC1と PC4との ような関係)を言う。ノード 2は、自らに直接的に関連付けられている他のノード 2に対 してデータを送信する。  [0066] Note that “directly related” means that they are connected by a single dotted line in FIG. 3 (for example, the relationship between PC1 and PC2 or PC9 in FIG. 3). “Related to” refers to being connected by two or more dotted lines and one or more nodes (for example, the relationship between PC1 and PC4 in FIG. 3). Node 2 sends data to other nodes 2 that are directly associated with it.
[0067] 「直接的に関連」ある!/、は「間接的に関連」と!/、つた関連の度合!/、は接続の「ホップ 数」としても表現される。図 3でいうと 1本の点線で繋がれている場合はホップ数 1であ り、 2本以上の点線で繋がれている場合は、最短経路の本数がホップ数である。  [0067] “Directly related”! /, Is also “indirectly related” and! /, And the degree of association! / Is also expressed as the “hop count” of the connection. In Figure 3, the number of hops is 1 when connected by a single dotted line, and the number of shortest paths is the number of hops when connected by two or more dotted lines.
[0068] すなわち、ここでは、  [0068] That is, here,
ホップ数 =相手方ノードまでの最短経路において経由するノードの数 + 1 となる。但し、ホップ数としてルータを超えた回数を採用することもできる。  The number of hops = the number of nodes via the shortest route to the partner node + 1. However, the number of hops that exceed the router can also be used.
[0069] 図 4は、図 3のように関連付けられたノード 2の接続テーブル TLの例を示す図であ る。各ノード 2毎に、直接データ送信可能な、ホップ数 1の、すなわち「直接的に関連」 付けられている他のノード 2との接続のための情報のリストをテーブル化して保持して いる。  FIG. 4 is a diagram showing an example of the connection table TL of the node 2 associated as shown in FIG. For each node 2, a list of information for connection with other nodes 2 that can directly transmit data and have a hop number of 1, that is, “directly related” is stored in a table.
[0070] 例えば、図 3における PC1、 PC2、 PC6、 PC7、 PC8、および PC9には、それぞれ 図 4に示すような接続テーブル TL1、 TL2、 TL6、 TL7、 TL8、および TL9が保存さ れている。  [0070] For example, connection tables TL1, TL2, TL6, TL7, TL8, and TL9 as shown in FIG. 4 are stored in PC1, PC2, PC6, PC7, PC8, and PC9 in FIG. 3, respectively. .
[0071] (端末装置の各部の機能) [0071] (Function of each part of terminal device)
図 5はノード (端末装置) 2の機能的構成の例を示すブロック図である。図 5を用いて ノード 2の各部の処理機能について説明する。  FIG. 5 is a block diagram showing an example of the functional configuration of the node (terminal device) 2. The processing functions of each part of node 2 will be described with reference to FIG.
[0072] まず、データの分散保持に関わる処理以外の処理機能について説明する。 [0073] その他情報保持部 211は、そのノード 2またはユーザなどの属性を示す属性データ 、そのノード 2自身のディジタル証明書、失効リスト (CRL)、オペレーティングシステム (OS)またはアプリケーションソフトなどが使用するデータ、ユーザがアプリケーション ソフトによって作成したデータ、その他種々のデータを、ファイルとして保存している。 First, processing functions other than processing related to data distribution and holding will be described. [0073] The other information holding unit 211 is used by attribute data indicating attributes of the node 2 or the user, a digital certificate of the node 2 itself, a revocation list (CRL), an operating system (OS), or application software. Data, data created by the user with application software, and other various data are stored as files.
[0074] ディジタル証明書は、ノード 2の要請により認証サーバ 5が発行し、当該ノード 2が保 持し、ノード 2同士の通信時に互いを認証するのに利用される。失効リスト(CRUは、 ノードの脱退などによるディジタル証明書の失効を登録記載するもので、認証サーバ 5が管理するが、 P2P通信を行う本実施形態では、各ノード 2がそれぞれ失効リスト( CRL)を保持し、更新などの管理を行う。  [0074] The digital certificate is issued by the authentication server 5 at the request of the node 2, held by the node 2, and used to authenticate each other when the nodes 2 communicate with each other. Revocation list (CRU is a registration and description of digital certificate revocation due to node withdrawal, etc., which is managed by authentication server 5, but in this embodiment that performs P2P communication, each node 2 has its own revocation list (CRL). And manage updates.
[0075] また、その他情報保持部 211は、そのノード 2自身に直接的に関連付けられている 他のノード 2のホスト名、 IPアドレス、および MACアドレスなどの属性の一覧を示す接 続テーブル TLを保存している。例えば、図 3における PC1、 PC2、 PC6、 PC7、 PC 8、および PC9の接続テーブル保持部 201に、それぞれ接続テーブル TL1、TL2、 TL6、TL7、TL8、および TL9が保存されている例を、図 4を用いて既述した。これら の接続テーブル TLの内容は、各ノード 2の関連付けに基づいて管理者によって予め 作成される。  [0075] In addition, the other information holding unit 211 stores a connection table TL indicating a list of attributes such as the host name, IP address, and MAC address of the other node 2 directly associated with the node 2 itself. Saved. For example, an example in which the connection tables TL1, TL2, TL6, TL7, TL8, and TL9 are stored in the connection table holding unit 201 of PC1, PC2, PC6, PC7, PC8, and PC9 in FIG. As described above using 4. The contents of these connection tables TL are created in advance by the administrator based on the association of each node 2.
[0076] その他操作部 212は、上記その他情報保持部 211に保持される接続テーブル TL の管理を行う。  The other operation unit 212 manages the connection table TL held in the other information holding unit 211.
[0077] また、その他操作部 212は、その他情報保持部 211にデータを保存し、または保存 されているデータを更新するなどの処理を行う。例えば、ノード 2の環境または設定内 容が変わるごとに、属性データを更新する。または、失効リスト(CRL)を更新する処 理を行う。  Further, the other operation unit 212 performs processing such as storing data in the other information holding unit 211 or updating the stored data. For example, the attribute data is updated each time the environment or setting content of node 2 changes. Or, process to update the revocation list (CRL).
[0078] また、その他操作部 212は、他のノード 2から送信されて来たディジタル証明書など に基づ!/、て当該他のノード 2の認証の処理を行う。また送信されて来たディジタル証 明書が失効してレ、なレ、かどうかを、その他情報保持部 211に保存されて!/、る失効リス ト(CRL)を参照して確認する。また、当該ノード 2が新たにネットワークに参カロ、もしく は脱退しょうとする場合の処理などを行う。  Further, the other operation unit 212 performs authentication processing of the other node 2 based on a digital certificate transmitted from the other node 2 or the like. In addition, whether or not the digital certificate sent is revoked is checked with reference to the revocation list (CRL) stored in the other information holding unit 211 !. In addition, processing is performed when node 2 is about to newly join or leave the network.
[0079] その他操作部 212は、必要に応じてデータ受信部 207、データ送信部 210を介し てネットワーク 1の他のノード 2とデータ通信を行い、また必要に応じてその他情報保 持部 211のデータを参照、あるいは更新する。 [0079] Other operation unit 212 is connected via data reception unit 207 and data transmission unit 210 as necessary. The data communication with other nodes 2 of the network 1 is performed, and the data in the other information holding unit 211 is referred to or updated as necessary.
[0080] データ受信部 207は、他のノード 2とデータ通信を行うための制御処理を行う。デー タ受信部 207は、ネットワーク 1を流れるパケットのうち、そのノード 2に必要なものを受 信する。 The data receiving unit 207 performs a control process for performing data communication with other nodes 2. The data receiving unit 207 receives a packet necessary for the node 2 among the packets flowing through the network 1.
[0081] データ解析部 208は、データ受信部 207が受信した受信データから必要な情報を 抽出してその内容を解析することによって、その受信データの種類を判別する。  The data analysis unit 208 extracts necessary information from the reception data received by the data reception unit 207 and analyzes the content thereof to determine the type of the reception data.
[0082] データ作成部 209は、その他操作部 212の指示に基づいて、他のノード 2に送信 するための送信データを作成する。 The data creation unit 209 creates transmission data to be transmitted to another node 2 based on an instruction from the other operation unit 212.
[0083] データ送信部 210は、送信データ作成部 209によって生成され、パケット化された 送信データを他のノード 2に送信する。 The data transmission unit 210 transmits the transmission data generated by the transmission data generation unit 209 and packetized to the other node 2.
[0084] <情報分割、分配先選択、及び情報分配に関わる機能〉 <Functions related to information division, distribution destination selection, and information distribution>
次に、同じく図 5を用いて情報を分散して保持するに際しての、分配配置処理、す なわち情報分割、分配先選択、及び情報分配に関わる処理機能について説明する  Next, similarly to FIG. 5, processing functions relating to distribution arrangement processing, that is, information division, distribution destination selection, and information distribution when information is distributed and held will be described.
[0085] なお以降の説明では、分割され、各ノードに分配され、分散保持される情報のこと をすベてデータと呼称し、説明する。 In the following description, information that is divided, distributed to each node, and distributed and held is referred to as data and described.
[0086] データ操作部 206は、データ(情報)を参照し、分散配置するために分割する処理[0086] The data operation unit 206 refers to data (information), and performs processing for dividing the data to be distributed.
、決定した分配先ノードに分配する処理、また分配を受けたときには、データ保持部, Processing to distribute to the determined distribution destination node, and when receiving the distribution, the data holding unit
201に保持する処理等を行う。すなわち、データ操作部 206は情報分割手段、及び 情報分配手段として機能する。 The processing held in 201 is performed. That is, the data operation unit 206 functions as an information dividing unit and an information distributing unit.
[0087] また分散して保持されたデータの利用時には、各分配先ノードにアクセスして分割 されたデータを収集し、復元する処理も行う。 [0087] Further, when using data held in a distributed manner, the distribution destination nodes are accessed to collect and restore the divided data.
[0088] データ保持部 201は、データ操作部 206の処理の対象となるデータ、あるいは分割 されたデータを保持する。 The data holding unit 201 holds data to be processed by the data operation unit 206 or divided data.
[0089] 信頼度表操作部 205は、例えば分配先候補ノードの範囲を設定し、その範囲のノ ードから信頼度表を収集する処理、及び自らの保持する信頼度表を作成する処理を 行う。信頼度表作成は、信頼度算出部 204より接続先ノードの信頼度算出結果を取 得し、作成する。信頼度表については後述する。 The reliability table operation unit 205 sets, for example, a range of distribution destination candidate nodes, collects a reliability table from the nodes in the range, and generates a reliability table held by itself. Do. To create the reliability table, the reliability calculation unit 204 collects the reliability calculation result of the connection destination node. Get and create. The reliability table will be described later.
[0090] 信頼度算出部 204は、接続先ノードから物理的情報を取得し、信頼度を算出する 処理、及び信頼度表操作部 205から複数の分配先候補ノードの信頼度表を取得し、 ノード信頼度リストを作成する処理、あるいは他のノードからノード信頼度リストを取得 する処理、及びノード信頼度リストから分配先ノードを選択する処理を行う。詳細は後 述する。 [0090] The reliability calculation unit 204 acquires physical information from the connection destination node, calculates reliability, and acquires reliability tables of a plurality of distribution destination candidate nodes from the reliability table operation unit 205. A process for creating a node reliability list, a process for obtaining a node reliability list from another node, and a process for selecting a distribution destination node from the node reliability list are performed. Details will be described later.
[0091] また信頼度表保持部 202は、信頼度表操作部 205の処理対象である複数の分配 先候補ノードの信頼度表を保持する。信頼度表は、そのノードの接続先ノードの信頼 度に関する情報を含む。  Further, the reliability table holding unit 202 holds a reliability table of a plurality of distribution destination candidate nodes that are processing targets of the reliability table operation unit 205. The reliability table includes information on the reliability of the connection destination node of the node.
[0092] また信頼度保持部 203は、信頼度算出部 204の処理対象であるノード信頼度リスト とその作成に必要な情報とを保持する。また場合によっては、接続先ノードから入手 した信頼度や物理的情報なども保持する。  Further, the reliability holding unit 203 holds a node reliability list that is a processing target of the reliability calculation unit 204 and information necessary for the creation thereof. In some cases, it also holds the reliability and physical information obtained from the connected node.
[0093] 従って、信頼度表操作部 205、信頼度算出部 204、信頼度保持部 203、信頼度表 保持部 202は、分配先選択手段として機能する。  Accordingly, the reliability table operation unit 205, the reliability calculation unit 204, the reliability holding unit 203, and the reliability table holding unit 202 function as a distribution destination selection unit.
[0094] データ操作部 206、信頼度表操作部 205、信頼度算出部 204は、必要に応じてデ ータ受信部 207、データ送信部 210を介してネットワーク 1の他のノード 2とデータ通 信を行い、また必要に応じてデータ保持部 201、信頼度表保持部 202、信頼度保持 部 203のデータを参照、あるいは更新する。  [0094] The data operation unit 206, the reliability table operation unit 205, and the reliability calculation unit 204 communicate data with other nodes 2 of the network 1 via the data reception unit 207 and the data transmission unit 210 as necessary. The data in the data holding unit 201, the reliability table holding unit 202, and the reliability holding unit 203 are referred to or updated as necessary.
[0095] (ノード間の SSL通信)  [0095] (SSL communication between nodes)
ところで、本実施形態におけるノード 2は、直接的にまたは間接的に関連付けられ たノード 2との間で SSL (Secure Sockets Layer)通信を行うことができる。 SSLは 、ディジタル証明書を用いて暗号化を行うことにより、ネットワーク上でデータを安全 に送受信するためのプロトコルである。本実施形態における SSL通信のコネクション を確立する処理の流れについて、以下に説明する。  By the way, the node 2 in the present embodiment can perform SSL (Secure Sockets Layer) communication with the node 2 directly or indirectly associated. SSL is a protocol for securely transmitting and receiving data over a network by performing encryption using a digital certificate. The flow of processing for establishing a SSL communication connection in this embodiment will be described below.
[0096] なお、一般的なディジタル証明書および失効リスト(CRL)の標準仕様は、 ITU (Int ernational Telecommunication Union)によって X. 509として められている 。以下の SSL通信の説明においては、ディジタル証明書を X. 509証明書と呼称す [0097] 図 6は SSL通信のコネクションを確立する際の処理の流れの例を説明するための 図である。図 3のノード、例えば PC1と PC2とが目的の通信を行おうとする場合を例 に、図 6を参照しながらさらに詳細に説明する。 [0096] Note that the standard specification of general digital certificates and revocation lists (CRLs) is set as X.509 by the International Telecommunication Union (ITU). In the following description of SSL communication, digital certificates are referred to as X.509 certificates. FIG. 6 is a diagram for explaining an example of the flow of processing when establishing a connection for SSL communication. This will be described in more detail with reference to FIG. 6, taking as an example the case where the nodes in FIG.
[0098] SSL通信のコネクションを確立する前段階として、接続自体の確立が行われる。ま ず、例えば PC1において、 PC2と通信を行いたい旨のコマンドをユーザがキーボー ドなどを操作して入力したとする。すると、データ作成部 209は接続要求データを作 成し、データ送信部 210はその接続要求データを他方のノード PC2に対して送信す  [0098] As a step before establishing a connection for SSL communication, the connection itself is established. First, for example, assume that the user inputs a command to communicate with PC2 by operating the keyboard on PC1. Then, the data creation unit 209 creates connection request data, and the data transmission unit 210 transmits the connection request data to the other node PC2.
[0099] そうすると、 PC2において、データ受信部 207は PC1からの接続要求データを受信 し、データ解析部 208はそのデータの種類を解析する。ここでは、当然、接続要求デ ータであると解析される。データ作成部 209は接続を許可する旨を示す接続許可デ ータを生成し、 PC1に送信する。 [0099] Then, in PC2, data receiving section 207 receives connection request data from PC1, and data analysis section 208 analyzes the type of the data. Naturally, it is analyzed as connection request data. The data creation unit 209 generates connection permission data indicating that the connection is permitted, and transmits the connection permission data to the PC 1.
[0100] PC1のデータ受信部 207によって接続許可データが受信され、その後所定の処理 が行われると、 PC1と PC2とが接続される。但し、この時点では、まだ SSL通信のコネ クシヨンは確立されておらず、この後 SSL通信のコネクション確立のフローに入る。  [0100] When connection permission data is received by the data receiving unit 207 of PC1, and then a predetermined process is performed, PC1 and PC2 are connected. However, at this point, the connection for SSL communication has not been established yet, and then the flow for establishing a connection for SSL communication is entered.
[0101] まず、 PC1および PC2のうちのいずれか一方において、データ作成部 209は対応 可能な SSLのバージョンを示す SSLバージョンデータを生成し、データ送信部 210 はこれを他方に送信する(ステップ Sl)。図 6では、 PC1が PC2に対して SSLパージ ヨンデータを送信したものとする。  [0101] First, in either one of PC1 and PC2, the data creation unit 209 generates SSL version data indicating a compatible SSL version, and the data transmission unit 210 transmits this to the other (step Sl ). In Fig. 6, it is assumed that PC1 has sent SSL purge data to PC2.
[0102] そうすると、 PC2において、データ受信部 207が SSLバージョンデータを受信し、デ ータ解析部 208はそのデータの種類を解析し、データ作成部 209は SSLバージョン データに示されるバージョンのうち PC2で対応可能なバージョンを 1つ選択し、これを 示す SSLバージョン選択データを生成する。そして、データ送信部 210は、これを P C1に送信する(ステップ S2)。  [0102] Then, in PC2, the data reception unit 207 receives the SSL version data, the data analysis unit 208 analyzes the type of the data, and the data creation unit 209 uses the PC2 of the versions indicated in the SSL version data. Select one compatible version with, and generate SSL version selection data indicating this. Then, the data transmission unit 210 transmits this to PC1 (step S2).
[0103] PCIにおいて、 PC2からの SSLバージョン選択データがデータ受信部 207によつ て受信されると、それに示されるバージョンの SSLを、 目的の通信のためのプロトコル として採用することに決定する。 PC2においても、同様に決定する。  [0103] In PCI, when the SSL version selection data from the PC 2 is received by the data receiving unit 207, the version of SSL indicated in the data receiving unit 207 is determined to be adopted as the protocol for the target communication. The same determination is made for PC2.
[0104] 次いで PC2において、 X. 509ディジタル証明書を PC1に送信する。この X. 509証 明書が周知の認証サーバ 5によって署名されたものでなければ、そこに達するまでの 証明書のチェーンも送信する。 PC1においては認証サーバ 5自身を証明するルート 証明書を予め保持しており、そのなかに PC2から受信した X. 509証明書を署名した ものがあるかどうかを検証する。また当該証明書が、その署名を行った認証サーバ 5 の発行した証明書失効リスト(CRL)に記載がないかどうかを確認し、もし記載があれ ばこの時点で通信を終了する(ステップ S3)。 [0104] Next, in PC2, the X.509 digital certificate is transmitted to PC1. This X.509 certificate If the certificate is not signed by a well-known authentication server 5, it also sends a chain of certificates to reach it. PC1 holds in advance a root certificate that certifies authentication server 5 itself, and verifies whether any of them has signed an X.509 certificate received from PC2. Also, check if the certificate is not listed in the certificate revocation list (CRL) issued by the authentication server 5 that signed it, and if so, terminate communication at this point (step S3). .
[0105] 上記認証処理をクリアすれば、この後、 PC2は、応答終了の旨を PC1に対して通 知する(ステップ S4)。 [0105] If the above authentication processing is cleared, then PC2 notifies PC1 of the end of response (step S4).
[0106] PC2からの応答終了の通知を受けて、 PC1は、 SSL通信で使用する共通鍵を生 成するために、 384ビットのランダムな値であるプリマスターキーを生成する。 PC1の データ作成部 209は、プリマスターキーを、 PC2より受け取った X. 509証明書に含 まれる PC2の公開鍵によって暗号化して PC2に送信する(ステップ S5)。  [0106] Upon receiving a response end notification from PC2, PC1 generates a pre-master key, which is a 384-bit random value, in order to generate a common key used in SSL communication. The data creation unit 209 of the PC 1 encrypts the premaster key with the public key of the PC 2 included in the X.509 certificate received from the PC 2 and transmits it to the PC 2 (Step S5).
[0107] また、 PC1はこのプリマスターキーを基に、実際にデータの暗号化に使用する共通 鍵を生成して、通信用の暗号鍵をその共通鍵に切り替えるように制御を行う。また喑 号鍵を切り替える旨の暗号切り替え通知を PC2に送信する(ステップ S6)。  [0107] Also, the PC 1 performs control to generate a common key that is actually used for data encryption based on the pre-master key and to switch the communication encryption key to the common key. In addition, a cipher switch notification for switching the sign key is transmitted to the PC 2 (step S6).
[0108] PC1からの喑号切り替え終了の通知を受けると(ステップ S7)、 PC2においても、喑 号鍵の切り替えを行うベぐ PC1に喑号切り替えの通知を送信する(ステップ S8)。 P C2のデータ受信部 207は、 PC1から受信した自らの公開鍵で暗号化されたプリマス ターキーを、対応する自らの秘密鍵で復号する。データ解析部 208がこれを解析す ることによってデータの種類がプリマスターキーであることを確認すると、データ操作 部 204は、受信したプリマスターキーを基に共通鍵を生成し、以後、 PC1との間では その共通鍵による暗号化通信が行われるように制御を行う。つまり、暗号鍵の切替え を行う。  [0108] When the notification of the sign change end from PC1 is received (step S7), PC2 also transmits the sign change notice to PC1 that performs the sign key change (step S8). The data receiving unit 207 of PC2 decrypts the premaster key encrypted with its own public key received from PC1 with its corresponding private key. When the data analysis unit 208 analyzes this and confirms that the type of data is a premaster key, the data operation unit 204 generates a common key based on the received premaster key, and thereafter performs a communication with PC1. Then, control is performed so that encrypted communication using the common key is performed. In other words, the encryption key is switched.
[0109] PC2は、上記喑号鍵の切り替えを終了すると、 PC1に喑号切り替え終了の通知を 送信する (ステップ S9)。  [0109] When the switching of the above-mentioned number key is completed, the PC 2 transmits a notification of the completion of the number switching to the PC 1 (step S9).
[0110] 以上の処理によって、 PC1と PC2との間で SSL通信のコネクションが確立される。こ れにより、 目的の通信を安全に行うことができる。 [0110] Through the above processing, the SSL communication connection is established between PC1 and PC2. As a result, the desired communication can be performed safely.
[0111] なお、上述したコネクションの確立は、 PC2の X. 509証明書を PC1が確認する場 合を示したが、同時に PC1の X. 509証明書を PC2が確認する場合もある。これを S[0111] Note that the above-described connection establishment is performed when PC1 confirms the X.509 certificate of PC2. In some cases, PC2 may also check PC1's X.509 certificate. This is S
SLクライアント認証通信と呼ぶ。 This is called SL client authentication communication.
[0112] この SSLクライアント認証通信を PC同士、および認証サーバとの間で行うためには[0112] To perform this SSL client authentication communication between PCs and authentication server
、各々が X. 509証明書を保持している必要があり、また証明書を検証するためにル ート証明書も保持している必要がある。 Each must have an X.509 certificate and must also have a root certificate to verify the certificate.
[0113] このようにして、ネットワーク 1の各ノード 2は、互いに認証されたノードとして安全に 通信する動作を果たすことができる。 [0113] In this way, each node 2 of the network 1 can perform an operation of securely communicating as a mutually authenticated node.
[0114] (情報の分散保存とノードの信頼度) [0114] (Distributed information storage and node reliability)
本実施形態に係るネットワーク 1では、上述したように接続テーブル TLにより規定さ れた「関連付けられた」ノード(端末装置 2)間で相互認証し、 SSL通信を確立して、 互いにデータの送受信を行う。  In the network 1 according to the present embodiment, mutual authentication is performed between “associated” nodes (terminal devices 2) defined by the connection table TL as described above, SSL communication is established, and data is transmitted / received to / from each other. Do.
[0115] こういった通信をベースにして、分割されたデータが各ノードに分配され、保持され ることにより、また分散保持されたデータが検索、収集されることにより、任意のノード で分散したデータを利用することが可能となる。 [0115] Based on such communication, the divided data is distributed to each node and held, and the distributed and held data is searched and collected, and distributed at any node. Data can be used.
[0116] また、こういった通信により、分散データのセキュリティが維持される。 [0116] Also, the security of distributed data is maintained by such communication.
[0117] 例えば本実施形態に係る P2Pのネットワークシステム 1においては、任意のノード間 でのデータ通信が可能であり、データの分散保持が容易である。また、前述した SSL 通信などで互いのデータ送受信は機密性が守られており、データが分散され保持さ れて!/、るノードすべてに第三者がアクセスすることは困難である。また一部のデータ が漏れることがあっても、分散されたデータの全体に対しては安全が保たれ、情報漏 洩などによるリスクを最小限に抑えることができる。 [0117] For example, in the P2P network system 1 according to the present embodiment, data communication between arbitrary nodes is possible, and data can be easily distributed and held. In addition, the confidentiality of data transmission / reception is protected by SSL communication as described above, and it is difficult for third parties to access all nodes where data is distributed and held! Even if some data is leaked, the entire distributed data can be kept safe and the risk of information leaks can be minimized.
[0118] <信頼度、物理的情報、信頼度表、信頼度許容範囲について〉 [0118] <Reliability, physical information, reliability table, reliability tolerance range>
ここでいう信頼度とは物理的信頼度であり、処理性能、及び接続に関わる障害の発 生度合いに関するものである。本実施形態では、後述するように、各ノードのこういつ た信頼度に基づき、分配先ノードを選択することで、そういった障害の発生を抑制し ている。  The reliability here is the physical reliability, which relates to the processing performance and the degree of occurrence of a failure related to the connection. In this embodiment, as will be described later, the occurrence of such a failure is suppressed by selecting a distribution destination node based on the reliability of each node.
[0119] 本実施形態では、信頼度を各ノードの物理的情報力 算出する。物理的情報とし ては、例えば CPUのスペック情報、 CPUの使用率に関する情報、メモリの使用率に 関する情報、及び接続時間に関する情報等を用いればよい。これらの物理的情報か ら信頼度を算出する事例が、特許文献 1 (特開 2005— 252596号公報)に示されて いる。 In this embodiment, the reliability is calculated as the physical information power of each node. Physical information includes, for example, CPU specification information, information on CPU usage, and memory usage. Information on connection time, information on connection time, and the like may be used. An example of calculating reliability from these physical information is shown in Patent Document 1 (Japanese Patent Laid-Open No. 2005-252596).
[0120] また、物理的情報として、さらに地理的要素、専用ハードウェア利用状況、メンテナ ンス状況などを含めてもよい。地理的要素とは、例えば海外とのネットワークなどで電 力供給の安定性に違いがあるなどの要素である。専用ハードウェア利用状況とは、例 えば暗号 (復号)化処理が可能か、画像処理用かなど、そのデータにあった専用処 理機能を有するかといつた要素である。またメンテナンス状況は、例えば定期的にメ ンテナンスが行われて!/、る力、、メンテナンスが頻発して!/、な!/、かと!/、つた要素である。  [0120] Further, the physical information may further include geographical elements, dedicated hardware usage status, maintenance status, and the like. A geographical element is an element such as a difference in the stability of power supply in, for example, a network overseas. Dedicated hardware usage status refers to the factors such as whether encryption (decryption) processing is possible and whether it has dedicated processing functions for the data, such as whether it is for image processing. In addition, the maintenance status is, for example, regular maintenance! /, Power, maintenance frequent occurrence! /, Na! /, Kato! /, And other factors.
[0121] 信頼度は、処理性能、及び接続に関わる障害の発生度合いに関するものであり、 それに影響する上述のような物理的情報を任意に設定し、その影響を最も反映する ように自由に信頼度の算出方法を設定してもよい。  [0121] The reliability is related to the processing performance and the degree of occurrence of a failure related to the connection. The above-described physical information that affects the reliability is arbitrarily set, and it is freely trusted to reflect the effect most. A degree calculation method may be set.
[0122] 本実施形態では、上述のように予め定めた物理的情報と算出方法を用いて求めた 各ノードの信頼度を、その接続先のノードが信頼度表に記載して、保持する形態とし ている。つまり、各ノードの保持する信頼度表には、そのノードの「直接関連付けられ た」接続先ノードの信頼度が記載されている。  In the present embodiment, the reliability of each node obtained using the predetermined physical information and the calculation method as described above is stored in the reliability table by the connection destination node described in the reliability table. It is. In other words, the reliability table held by each node describes the reliability of the “directly associated” connection destination node of that node.
[0123] 本実施形態では、データの分配先を選択するに当たり、各ノードの保持するそれら の信頼度表を必要な範囲で取得して、データ分配先候補のノード信頼度リストを作 成し、このノード信頼度リストを参照することにより、データ分配先ノードを選択する。  [0123] In this embodiment, when selecting a data distribution destination, those reliability tables held by each node are acquired within a necessary range, and a node reliability list of data distribution destination candidates is created. By referring to this node reliability list, a data distribution destination node is selected.
[0124] これによつて、信頼度の低いノードにデータの一部が分配され、データの取得に手 間取ったり、最悪の場合はそのデータの一部が消失してしまったりといった障害の発 生を抑制することができる。  [0124] As a result, a part of the data is distributed to nodes with low reliability, and it takes time to acquire the data, or in the worst case, a part of the data is lost. Can suppress life.
[0125] 但し、本実施形態では、上述のようにノード信頼度リストを作成して求めた各ノード の信頼度に応じて、分配先ノードを選択するが、単純に上記信頼度の高いノードを 選択するような手法はとらな!/ヽ。  However, in this embodiment, the distribution destination node is selected according to the reliability of each node obtained by creating the node reliability list as described above, but a node with a high reliability is simply selected. No way to choose!
[0126] 信頼度の高いノードに優先的に割り振ると、どうしても信頼度の高いノードにデータ が分配される機会が多くなり、かえって負担の増大による処理効率の低下や障害の 発生のリスク増加を招くことになつてしまう。 [0127] 本実施形態では、分散して保持するデータの性質に応じて、そのデータを分配す る分配先ノードの信頼度許容範囲を設定し、その範囲内の信頼度を有するノードを 優先的に分配先ノードとして選択する。 [0126] Preferential allocation to nodes with high reliability inevitably increases the chances of data being distributed to nodes with high reliability, which leads to a decrease in processing efficiency due to an increased burden and an increased risk of failure. It will result. In the present embodiment, according to the nature of the data to be distributed and stored, the allowable reliability range of the distribution destination node that distributes the data is set, and the node having the reliability within the range is prioritized. As a distribution destination node.
[0128] データの性質とは、例えば、データの重要度であったり、そのデータの処理に対す る計算量であったりする。画像や暗号化データなど処理時の計算量を要するものは、 処理能力の高いノードを選択すべきであるし、重要度が高ぐデータの遅延や、破損 などを回避しなければならないものは、接続時の障害などの発生確率の低いノードを 選択すべきである。  [0128] The property of data is, for example, the importance of data or the amount of calculation for processing the data. For images and encrypted data that require a large amount of processing time, a node with high processing capacity should be selected. You should select a node with a low probability of connection failure.
[0129] 本実施形態では、このような信頼度と、負荷の集中を防ぐバランスから、上記データ の性質に応じて予め適切な信頼度許容範囲を設定して、高過ぎも低過ぎもしなレ、適 切な信頼度の分配先ノードを優先的に選択する。  In the present embodiment, an appropriate reliability tolerance range is set in advance according to the property of the data from the balance that prevents such reliability and load concentration, and the level may be too high or too low. Priority is given to the distribution-destination node with appropriate reliability.
[0130] 以下に、分配配置処理、すなわちデータの性質を判断し、それに基づレ、てデータ を分割し、信頼度許容範囲を設定し、ノードの信頼度に基づき分配先ノードを選択し 、分配する処理の全体的な流れにつ!/、て説明する。  [0130] In the following, distribution allocation processing, that is, the nature of the data is determined, the data is divided based on it, a reliability tolerance range is set, a distribution destination node is selected based on the reliability of the node, and Explain the overall flow of distributed processing!
[0131] (情報分散配置の全体処理例)  [0131] (Overall processing example of information distribution arrangement)
図 7は、情報分割処理から、分配先選択処理、そして情報分配処理に至るまでの 代表的な処理の流れを示すフローチャートである。図 8は、情報の分割処理、分配先 選択処理のために、データの性質を判断する処理の流れを示すフローチャートであ  FIG. 7 is a flowchart showing a typical process flow from information division processing to distribution destination selection processing to information distribution processing. FIG. 8 is a flowchart showing the flow of processing for determining the nature of data for information division processing and distribution destination selection processing.
[0132] 図 8を用いて、データの性質の判断処理を説明し、引き続き図 7を用いて、全体とし ての分配配置処理例を説明する。適宜図 5を参照する。 [0132] The data property determination process will be described with reference to FIG. 8, and the overall distribution arrangement process example will be described with reference to FIG. Refer to Figure 5 as appropriate.
[0133] <データの性質判断処理〉 <Data property judgment processing>
図 8のフローチャートにおいて、データを保持するノードは、まずデータの性質を判 断し、データの重要度レベルを設定する。データの性質は、ここでは、データの秘密 性の度合いであり、またそのデータの処理に対する計算量などを示すデータの種類 である。  In the flowchart of Fig. 8, the node holding the data first determines the nature of the data and sets the importance level of the data. The nature of the data here is the degree of confidentiality of the data and the type of data indicating the amount of calculation for the processing of the data.
[0134] まずステップ S101で、データを保持するノードは、データの重要度を設定するため のユーザからの指示があるかどうかを判定する。すなわちデータ操作部 206は、ユー ザの操作による指示入力がデータ保持部 201に記憶されているかどうかを判定する First, in step S101, the node holding the data determines whether there is an instruction from the user for setting the importance of the data. That is, the data operation unit 206 It is determined whether or not the instruction input by the operation is stored in the data holding unit 201
[0135] ユーザ指示入力がある場合(ステップ S101 ; YES)は、ステップ S103の重要度レ ベルの設定を実行する。ユーザ指示入力がない場合 (ステップ S 101 ; NO)は、次の ステップ S 102を実行する。 [0135] If there is a user instruction input (step S101; YES), the importance level setting in step S103 is executed. If there is no user instruction input (step S101; NO), the next step S102 is executed.
[0136] ステップ S102では、データ操作部 206は、データの重要度レベルを設定するため にデータの性質を判断する。データの性質は、データの秘密性であり、またデータの 種類である。 [0136] In step S102, the data operation unit 206 determines the nature of the data in order to set the importance level of the data. The nature of data is the confidentiality of the data and the type of data.
[0137] 図 9にデータの秘密性やデータの種類による重要度レベルの設定についての対応 テーブルを示す。データ操作部 206は、データ保持部 201に保持するデータから、こ ういったテーブルに分類されるデータの性質を判断する。  [0137] Fig. 9 shows the correspondence table for data confidentiality and importance level settings based on data type. The data operation unit 206 determines the nature of data classified into such a table from the data held in the data holding unit 201.
[0138] 図 9によれば、データの秘密性は、秘密性の高!/、順に極秘、部外秘、社外秘、関係 会社に開示可、開示可または指定なし、などと分類され、それぞれ 1から 5の重要度 レベルが割り当てられる。これらは例えばデータに付加された情報を、あるいは埋め 込まれた情報を読み出すなどの方法で判定することができる。  [0138] According to FIG. 9, the confidentiality of data is classified as high confidentiality! /, In order, top secret, confidential, internal secret, disclosure to affiliated companies, disclosure possible or not specified, etc. A severity level of 5 is assigned. These can be determined by, for example, a method of reading information added to data or reading out embedded information.
[0139] またデータの種類については、画像や暗号化データなど処理時の計算量を要する ものは重要度が高ぐテキスト以外のデータ、さらにテキストデータなどと重要度が低 くなるように分類し、図 9の場合では、それぞれ 5から 7の重要度レベルが割り当てら れている。これらは例えばデータファイルの拡張子などから判断することができる。  [0139] In addition, the types of data are classified in such a way that those that require a large amount of computation, such as images and encrypted data, are less important than non-text data, which is more important, and text data. In the case of Fig. 9, importance levels 5 to 7 are assigned. These can be determined from the extension of the data file, for example.
[0140] ステップ S103では、データの性質に基づいて、対応する重要度レベルが設定され る。あるいはユーザからの指示がある場合は、それにしたがった重要度レベルを設定 する。すなわち、データ操作部 206は、データ保持部 201に保持するデータ及びこう V、つたテーブルを参照し、データの性質に基づき重要度レベルを設定する。  [0140] In step S103, the corresponding importance level is set based on the nature of the data. Or, if there is an instruction from the user, set the importance level according to it. That is, the data operation unit 206 refers to the data held in the data holding unit 201 and the table, and sets the importance level based on the property of the data.
[0141] またそれらのデータの性質に基づく重要度レベルは、それぞれデータを分割する 分割数、データを分配するノードの信頼度許容範囲とも対応しており、データの性質 に応じて分割数や信頼度許容範囲を変化させるよう指定されている。  [0141] The importance level based on the data properties also corresponds to the number of divisions for dividing the data and the reliability tolerance range of the nodes that distribute the data. The number of divisions and the reliability depend on the data properties. Specified to change the degree tolerance.
[0142] 引き続き図 7を用いて、データの重要度レベルに従った分配配置処理例を説明す る。適宜図 5を参照する。 [0143] <情報分割処理〉 [0142] Next, an example of distribution arrangement processing according to the importance level of data will be described with reference to FIG. Refer to Figure 5 as appropriate. [0143] <Information division processing>
まずステップ SI 1で、データを保持するノードは、データを各ノードに分配するため に、データを分割する。すなわち、データ操作部 206は、データ保持部 201に保持 する上記データを参照し、そのデータの性質に応じて、あるいはユーザの指示などに より設定された重要度レベルを取得する。またその重要度レベルに対応する分割数 と分割方法などを設定し、データを分割する。  First, in step SI 1, the node holding the data divides the data in order to distribute the data to each node. That is, the data operation unit 206 refers to the data held in the data holding unit 201, and acquires the importance level set according to the nature of the data or according to a user instruction. Also, the number of divisions and the division method corresponding to the importance level are set, and the data is divided.
[0144] 図 9に従えば、重要度レベルが高いほど分割数は多くなつている。分割数は、デー タの大きさやネットワークの規模、接続トポロジーなどに応じて、適切に設定されるよう 、予め定めておけばよい。  [0144] According to FIG. 9, the higher the importance level, the greater the number of divisions. The number of divisions may be determined in advance so as to be appropriately set according to the data size, network scale, connection topology, and the like.
[0145] データ分割法としては、例えば、文書などを行単位で分割するストライビングを用い てもよい。また、 2次元パリティ方式、多重パリティ方式、リードソロモン方式などの公 知方法を用いてもよい。また、情報破損や劣化を回避するために、分割時に冗長性 を持たせる様にしてもよい。  [0145] As the data division method, for example, a striping method for dividing a document or the like in units of lines may be used. Also, a public method such as a two-dimensional parity method, a multiple parity method, or a Reed-Solomon method may be used. Also, in order to avoid information damage and deterioration, redundancy may be provided at the time of division.
[0146] 分割されたデータは、分配に備えてデータ保持部 201に保持する。このように、ス テツプ S 11は情報分割工程として機能する。  The divided data is held in the data holding unit 201 in preparation for distribution. In this way, step S11 functions as an information dividing step.
[0147] <分配先選択処理〉  [0147] <Distribution destination selection processing>
次にステップ S12では、信頼度許容範囲が設定される。信頼度算出部 204は、デ ータ操作部 206からデータの性質に応じて設定された重要度レベルを取得する。ま たデータ分配先ノードの信頼度を照合するために、その重要度レベルに対応する信 頼度許容範囲を設定し、信頼度保持部 203に一時保存する。  Next, in step S12, a reliability tolerance range is set. The reliability calculation unit 204 acquires the importance level set according to the data property from the data operation unit 206. Further, in order to collate the reliability of the data distribution destination node, a reliability tolerance range corresponding to the importance level is set and temporarily stored in the reliability holding unit 203.
[0148] データの性質に応じた重要度レベルとは、例えば図 9に示したように、データの秘 密性ゃデータの種類(画像データや暗号化データなど)に対応するデータの重要性 である。例えば、重要度の高いデータは、その度合いに応じて信頼度許容範囲が高 めになるように、また画像などの処理に時間が掛かるデータもその度合いに応じて信 頼度許容範囲が高めになるように対応させておく。  [0148] The importance level according to the nature of the data refers to the importance of the data corresponding to the type of data (image data, encrypted data, etc.) as shown in Fig. 9, for example. is there. For example, data with high importance will have a higher reliability tolerance depending on the degree, and data such as images that will take longer to process will have a higher reliability tolerance depending on the degree. I will make it correspond.
[0149] 本実施形態は、信頼度を 0から 100の値で表すこととする。 0が最も信頼度が低ぐ  In this embodiment, the reliability is represented by a value from 0 to 100. 0 is least reliable
100が最も信頼度が高い状態とする。従って信頼度許容範囲は「信頼度 60— 80」と いったように表される。この場合、信頼度の値が 60から 80の範囲にあるノード力 分 配先として優先的に選択されることになる。 100 is the most reliable state. Therefore, the allowable range of reliability is expressed as “reliability 60-80”. In this case, nodal force components whose reliability values are in the range of 60 to 80. It is preferentially selected as a distribution destination.
[0150] 図 9に従えば、重要度が高いほど信頼度許容範囲は高い方にシフトしており、より 信頼度の高いノードに分配することが求められることになる。 [0150] According to Fig. 9, the higher the importance, the higher the allowable reliability range, and it is required to distribute to the nodes with higher reliability.
[0151] 次にステップ S13では、信頼度表を取得する範囲(ホップ数)が設定される。信頼度 表操作部 205は、データ操作部 206から取得したデータの分割数などに応じて、信 頼度表を取得する複数のノードを設定する。 [0151] Next, in step S13, a range (hop count) for obtaining the reliability table is set. The reliability table operation unit 205 sets a plurality of nodes that acquire the reliability table according to the number of divisions of data acquired from the data operation unit 206.
[0152] 設定方法は、直接接続している接続先ノード(ホップ数 1)を優先して、接続のため のホップ数が小さいノードを加えていく。例えば、ホップ数 3までの範囲といえば、ホッ プ数が 1、 2、 3の何れかであるノードから信頼度表を取得することになる。 [0152] The setting method gives priority to the directly connected node (hop count 1) and adds nodes with a small hop count for connection. For example, if the range is up to 3 hops, the reliability table is obtained from a node that has 1, 2, or 3 hops.
[0153] 各ノードの保持する信頼度表は、そのノードの接続先ノード (ホップ数 1)の信頼度 を含む。例えば、ノードが図 3の PC1であれば、 PC2と PC9の信頼度を記載した信頼 度表を作成し、保持していることになる。 [0153] The reliability table held by each node includes the reliability of the connection destination node (hop count 1) of the node. For example, if the node is PC1 in Fig. 3, a reliability table describing the reliability of PC2 and PC9 is created and maintained.
[0154] 信頼度表を取得するノードの範囲は、取得する複数の信頼度表に含まれるノードの 数がデータの分割数より多くなるように設定する必要がある。 [0154] The range of nodes from which the reliability table is acquired needs to be set so that the number of nodes included in the plurality of reliability tables to be acquired is larger than the number of data divisions.
[0155] 次にステップ S14では、取得範囲のノードから信頼度表を収集する。すなわち、信 頼度表操作部 205は、ステップ S 13で設定した取得範囲(ホップ数)のノードから信 頼度表を収集し、取得した複数の信頼度表を信頼度表保持部 202に保持する。 Next, in step S14, a reliability table is collected from the nodes in the acquisition range. That is, the reliability table operation unit 205 collects the reliability tables from the nodes within the acquisition range (hop count) set in step S13, and holds the acquired multiple reliability tables in the reliability table holding unit 202. To do.
[0156] この場合、同一のノードに対して複数回取得することも起こり得る。例えば、ホップ 数 2とすると、途中に 1台のノードを介在して接続することになる力 S、同一のノードに異 なるノードを介して接続する二通りの経路が存在するような場合である。 [0156] In this case, it may happen that the same node is acquired a plurality of times. For example, if the number of hops is 2, the force S will be connected via one node in the middle, and there will be two routes that connect to the same node via different nodes. .
[0157] 信頼度表を取得するノードを図 3の PC1とすると、 PC2を介して PC7に接続する場 合と、 PC9を介して PC7に接続する場合と、二度信頼度表を要求することになる。も ちろん、信頼度表保持部 202に同一の信頼度表を複数保持する必要はない。 [0157] Assuming that the node that obtains the reliability table is PC1 in Fig. 3, when connecting to PC7 via PC2, connecting to PC7 via PC9, and requesting the reliability table twice become. Of course, the reliability table holding unit 202 does not need to hold a plurality of the same reliability tables.
[0158] 次にステップ S 15では、複数の信頼度表からノード信頼度リストを作成する。すなわ ち、信頼度算出部 204は、信頼度表操作部 205から取得範囲のノードに対する信頼 度表を取得し、それらを総合してノード信頼度リストを作成し、信頼度保持部 203に 保持する。但し、作成に利用する信頼度表には、他のノードから取得した信頼度表だ けでなく、 自らの保持する信頼度表も含まれる。 [0159] ノード信頼度リストの作成方法は、複数の信頼度表を一つにまとめればよい。例え ば、複数の信頼度表に記載されているすべてのノードを適切な順序でリスト化し、そ の信頼度とともに記載すればよい。これらのノードがデータ分配先の候補となる。 Next, in step S 15, a node reliability list is created from a plurality of reliability tables. In other words, the reliability calculation unit 204 acquires the reliability table for the nodes in the acquisition range from the reliability table operation unit 205, creates a node reliability list by combining them, and stores it in the reliability holding unit 203. To do. However, the reliability table used for creation includes not only the reliability table acquired from other nodes but also the reliability table held by itself. [0159] The node reliability list can be created by combining a plurality of reliability tables into one. For example, all nodes listed in multiple reliability tables should be listed in an appropriate order and listed with their reliability. These nodes are candidates for data distribution destinations.
[0160] 但しその場合、複数の信頼度表に 2回以上記載されるノードが存在することが生じ 得る。ノード信頼度リストには、 1台のノードは一度だけ記載されればよい。従って複 数の信頼度表に記載されている場合は、次のようにして一つにまとめるとよい。ここで 、ノード信頼度リストに記載の一つにまとめた信頼度を、各信頼度表に記載の信頼度 と区別して、ノード信頼度と呼称することにする。  [0160] However, in that case, it may occur that a node described more than once in a plurality of reliability tables exists. One node need only be listed once in the node reliability list. Therefore, if they are listed in multiple reliability tables, they can be combined into one as follows. Here, the reliability grouped into one described in the node reliability list is referred to as node reliability, in distinction from the reliability described in each reliability table.
[0161] 例えばノード信頼度の算出には、次の aから dに示すような重み付け計算を用いる 方法がある。  [0161] For example, there is a method for calculating the node reliability using the weighting calculation as shown in the following a to d.
a 最も小さい (信頼度の低い)値を選択する。  a Select the smallest (low confidence) value.
b 平均値をとる。  b Take the average value.
c 同じノードが記載されている複数の信頼度表をそれぞれ保持する複数のノードか ら、最も信頼度の高いノードを選択し、そのノードが保持する信頼度表の値をとる。 d 同じノードが記載されている複数の信頼度表をそれぞれ保持する複数のノードの 信頼度を重みとして、それぞれのノードの保持する信頼度表の値を重み付け平均す  c Select the node with the highest reliability from the multiple nodes each holding multiple reliability tables that describe the same node, and take the value of the reliability table held by that node. d The weight of the reliability table held by each node is weighted and averaged using the reliability of multiple nodes holding multiple reliability tables each containing the same node.
[0162] 次にステップ S 16では、ノード信頼度が設定した信頼度許容範囲内にあるノードを 抽出する。すなわち、信頼度算出部 204は、信頼度保持部 203のノード信頼度リスト を参照し、データ操作部 206から取得した信頼度許容範囲と比較照合することで、ノ ード信頼度が信頼度許容範囲内にあるノードを抽出する。 Next, in step S 16, nodes whose node reliability is within the set reliability tolerance range are extracted. That is, the reliability calculation unit 204 refers to the node reliability list of the reliability holding unit 203 and compares and compares it with the allowable reliability range acquired from the data operation unit 206, so that the node reliability is acceptable. Extract nodes that are within range.
[0163] 続いて、ステップ S17では、ステップ S16で抽出されたノードがあるかどうかを判定 する。抽出されたノードが 1台以上ある場合 (ステップ S17 :YES)は、ステップ S19に 進み、分配先ノードを選択する処理を行う。抽出されたノードがない場合 (ステップ S1 7 : NO)は、ステップ S 18に進み、信頼度表の取得範囲、または信頼度範囲の変更 処理を行う。  [0163] Subsequently, in step S17, it is determined whether there is a node extracted in step S16. When there are one or more extracted nodes (step S17: YES), the process proceeds to step S19, and a process of selecting a distribution destination node is performed. If there is no extracted node (step S17: NO), the process proceeds to step S18, and the reliability table acquisition range or the reliability range change processing is performed.
[0164] ここでは、 1台以上力、どうかで判定した力 この台数は任意に設定すればよい。分配 先ノードの選択であるから、データの分割数を最大値として適切に最低限必要な台 数を設定すればよい。もちろん、必要な台数に足りなければ信頼度許容範囲外から 選択してもよい。 [0164] Here, the power of one or more units, the force determined by whether or not This number may be set arbitrarily. Since this is the selection of the distribution destination node, the minimum required number of data divisions is set as the maximum value. Set the number. Of course, if the required number is not enough, it may be selected from outside the allowable range of reliability.
[0165] 抽出されたノードがない場合のステップ S18では、信頼度算出部 204は、データ操 作部 206と連係して、ノード信頼度が信頼度許容範囲内にあるノード数を 1台以上と するため、  [0165] In step S18 when there is no extracted node, the reliability calculation unit 204 links the data operation unit 206 with one or more nodes whose node reliability is within the allowable reliability range. To do
(a)信頼度許容範囲を変更するか、  (a) Change the confidence level or
(b)信頼度表の取得範囲を変更するか  (b) Whether to change the acquisition range of the reliability table
を設定した上、ステップ S12に戻り、ステップ S17までを再度繰り返す。  Return to step S12 and repeat step S17 again.
[0166] 但し、(a)の場合であればステップ S12で信頼度許容範囲を前回よりも広くし、ステ ップ S 13からステップ S 15までは前回と同様と!/、うことで省略してもよ!/、。また(b)の場 合であれば、ステップ S12は前回と同様ということで省略し、ステップ S13で信頼度表 を取得する範囲(ホップ数)を前回よりも拡げればよ!/、。 [0166] However, in the case of (a), in step S12, the reliability tolerance is widened from the previous time, and steps S13 to S15 are the same as the previous time! Anyway! In the case of (b), step S12 is omitted because it is the same as the previous time, and the range (number of hops) for obtaining the reliability table in step S13 should be expanded from the previous time! /.
[0167] もちろん、信頼度許容範囲と信頼度表の取得範囲の両方を変更してもよい。 [0167] Of course, both the reliability tolerance range and the reliability table acquisition range may be changed.
[0168] 抽出されたノードがある場合のステップ S19では、信頼度算出部 204は、抽出した ノードを優先的にデータ分配先ノードとして選択する。データ分配先ノードがまだ足り なレ、場合は、ノード信頼度が信頼度許容範囲に近レゾードを追加して選択してもよ!/、 [0168] In step S19 in the case where there is an extracted node, the reliability calculation unit 204 preferentially selects the extracted node as a data distribution destination node. If the data distribution destination node is still insufficient, the node reliability may be selected by adding a near-resonance to the reliability tolerance range! /,
[0169] 選択されたデータ分配先ノードは、信頼度保持部 203に保持される。 [0169] The selected data distribution destination node is held in the reliability holding unit 203.
[0170] 以上に示したように、ステップ S12からステップ S19に至る工程は分配先選択工程 として機能する。  [0170] As described above, the process from step S12 to step S19 functions as a distribution destination selection process.
[0171] <情報分配処理〉 [0171] <Information distribution processing>
最後にステップ S20では、分割データの分配処理を行う。すなわち、データ操作部 Finally, in step S20, the divided data distribution process is performed. That is, the data operation part
206が信頼度算出部 204からデータ分配先ノードの情報を取得し、データ保持部 20206 acquires the information of the data distribution destination node from the reliability calculation unit 204, and the data holding unit 20
1に保持している分割データをデータ分配先ノードに割り振る。 Allocate the divided data held in 1 to the data distribution destination node.
[0172] それぞれのデータ分配先ノードに割り振られた分割されたデータは、データ作成部[0172] The divided data allocated to each data distribution destination node is the data creation unit.
209に送られ、ネットワークパケットの形に成形され、データ送信部 210から指定され た分配先ノードへ送信される。 The data is sent to 209, formed into a network packet, and transmitted from the data transmission unit 210 to the designated distribution destination node.
[0173] このように、ステップ S20は情報分配工程として機能する。 [0174] 以上で、情報の性質の判断処理、情報分割処理、分配先選択処理、そして情報分 配処理に至るまでの代表的な処理の流れ、すなわち全体としての情報分配配置処 理の説明を終わる。 Thus, step S20 functions as an information distribution process. [0174] This completes the description of the typical processing flow from the information property judgment processing, information division processing, distribution destination selection processing, and information distribution processing, that is, the information distribution arrangement processing as a whole. End.
[0175] (情報分散配置処理例 1)  [0175] (Distributed information processing example 1)
以下、図 10から図 15を用!/、て情報分散配置処理例 1を説明する。  Hereinafter, FIG. 10 to FIG. 15 will be used to describe information distribution arrangement processing example 1.
[0176] 図 10は、情報分散配置処理例 1におけるネットワーク 1の接続状態を示す図である 。図 3と同じ接続トポロジーを示すが、各ノード (PC1から PC9)はそれぞれ信頼度表 (表 1から表 9で表す)を保持している。  FIG. 10 is a diagram showing a connection state of the network 1 in the information distribution arrangement processing example 1. The same topology as in Fig. 3, but each node (PC1 to PC9) has a reliability table (represented in Table 1 to Table 9).
[0177] 図 11に、各ノードの保持する信頼度表の記載内容を示す。 PC1から PC9の各ノー ドの保持する表 1から表 9の信頼度表が、図 11の PC1信頼度表から PC9信頼度表で ある。それぞれの信頼度表には、それぞれのノードが接続するノードの信頼度が 0か ら 100の数値で示されている。  [0177] FIG. 11 shows the contents of the reliability table held by each node. The reliability tables in Tables 1 to 9 held by the PC1 to PC9 nodes are the PC1 reliability table to PC9 reliability table in Fig. 11, respectively. In each reliability table, the reliability of the node to which each node is connected is indicated by a numerical value from 0 to 100.
[0178] また図 10ではノード PC9が、分散して保持する対象となるデータ Aを保持している 。データ Aを 3分割して分散保持することとする。各分割データをデータ A— 1、デー タ A— 2、データ A— 3とし、既に保持されているものとする。  In FIG. 10, the node PC 9 holds data A to be distributed and held. Data A is divided into 3 parts and distributed. Each divided data is data A-1, data A-2, and data A-3, and it is assumed that they are already held.
[0179] データ Aには、秘密性のレベルは指定されておらず、その拡張子から画像/暗号 化データではなぐまたテキストデータでもないデータとして、図 9に従いデータ種類 別の重要度レベルを「6」とした。また図 9に従い、データは 3分割、信頼度許容範囲 は信頼度 34— 66とした。これは 0から 100を 3分割した真ん中を想定している。  [0179] For data A, the level of confidentiality is not specified, and as the data that is not image / encrypted data nor text data because of its extension, the importance level for each data type is set to " 6 ”. Also, according to Fig. 9, the data was divided into three parts and the reliability tolerance range was 34-66. This assumes the middle of 0 to 100 divided into three.
[0180] データ分割数は 3なので、データ分配先候補ノード数は 3を十分上回る数とした!/、。  [0180] Since the number of data divisions is 3, the number of candidate nodes for data distribution is sufficiently larger than 3! /.
図 10の接続形態を考慮して、信頼度表取得範囲は、ホップ数 2までとする。  Considering the connection form in Fig. 10, the reliability table acquisition range is limited to 2 hops.
[0181] 図 12にはホップ数 2を信頼度表取得範囲とした場合の信頼度表を取得するノード の範囲を示す。 PC9から見て、矢印を経由して到達できるのが、ホップ数 2までのノ ードであり、自ノードを含めて 6台のノードから信頼度表を取得することになる。  [0181] Figure 12 shows the range of nodes that acquire the reliability table when the number of hops is 2 as the reliability table acquisition range. From the perspective of PC9, nodes that can be reached via the arrow are nodes up to 2 hops, and the reliability table is obtained from 6 nodes including the local node.
[0182] 信頼度表には、それを保持するノードの接続先ノードの信頼度が記載されているた め、データ分配先候補ノードとしては、ホップ数 3までのノードが得られることになる。 従ってこのネットワークの場合、 PC1から PC9のすベてのノードがデータ分配先候補 となる。 [0183] PC9は、自らの保持する信頼度表以外に、図 12に示した PC1、 PC2、 PC7、 PC8 のそれぞれ保持する信頼度表を取得する。 [0182] Since the reliability table describes the reliability of the connection destination node of the node that holds it, nodes with up to 3 hops can be obtained as data distribution destination candidate nodes. Therefore, in this network, all nodes from PC1 to PC9 are data distribution destination candidates. [0183] In addition to the reliability table held by itself, PC9 obtains the reliability table held by PC1, PC2, PC7, and PC8 shown in FIG.
[0184] 図 13には、 PC9の取得した信頼度表の記載内容を示す。既に述べたように、これ らの信頼度表には PC1から PC9のすベてのノード力 その信頼度とともに記載されて いる。また、各信頼度表において下線を施したノードは、複数の信頼度表に記載のあ るノードである。ノード信頼度リストを作成するには、これら同一のノードに対する複数 の信頼度値を一つにまとめなければならない。  FIG. 13 shows the contents of the reliability table acquired by PC9. As already mentioned, these reliability tables include all node powers of PC1 to PC9 along with their reliability. In addition, nodes underlined in each reliability table are nodes described in a plurality of reliability tables. To create a node confidence list, multiple confidence values for these same nodes must be combined.
[0185] 既に説明した重み付け計算を用いる方法のうち、 a (最も小さい値を選択する)を採 用して、ノード信頼度リストを作成する。  [0185] Among the methods using the weighting calculation already described, a (select the smallest value) is used to create a node reliability list.
[0186] 図 14には、作成したノード信頼度リストの内容を示す。 PC1から PC9のすベてのノ ードが、データ分配先候補のノードとしてノード信頼度とともに記載されている。下線 を施したノードは、ノード信頼度が設定した信頼度許容範囲内にあるノードである。こ こでは、 PC1、 PC3、 PC6、 PC7、 PC9の 5台が抽出されたノードである。  FIG. 14 shows the contents of the created node reliability list. All nodes from PC1 to PC9 are listed along with node reliability as data distribution destination candidate nodes. An underlined node is a node whose node reliability is within the reliability tolerance range set. Here, five nodes, PC1, PC3, PC6, PC7, and PC9, are extracted nodes.
[0187] 抽出されたノード数力 必要なデータ分配先ノード数 3 (分割数 3による)を超えてい るので、これらのノードのうち任意の 3台を選択すればよいが、ここでは効率を考慮し て PC9に近い(ホップ数の小さい)ノードとして PC1、 PC7、 PC9の 3台を選択する。  [0187] Since the number of extracted nodes exceeds the required number of data distribution destination nodes 3 (depending on the number of divisions 3), any three of these nodes can be selected. Then, select PC1, PC7, and PC9 as nodes close to PC9 (small hop count).
[0188] 図 15には、選択されたデータ分配先ノードに、 PC9の保持するデータ Aの分割デ ータを振り分け、分配した状態を示す。分割データであるデータ A— 1、データ A— 2 、データ A— 3が、それぞれデータ分配先ノード PC9、 PC1、 PC7に振り分けられ、分 配されている。  FIG. 15 shows a state where the divided data of data A held by the PC 9 is distributed and distributed to the selected data distribution destination node. The divided data, data A-1, data A-2, and data A-3, are distributed to the data distribution destination nodes PC9, PC1, and PC7, respectively.
[0189] (情報分散配置処理例 2)  [0189] (Distributed information processing example 2)
以下、図 16から図 20を用いて情報分散配置処理例 2を説明する。  Hereinafter, the information distribution arrangement processing example 2 will be described with reference to FIGS.
[0190] 図 16は、情報分散配置処理例 2におけるネットワーク 1の接続状態を示す図である 。図 3と同じ接続トポロジーを示すが、各ノードがそれぞれ信頼度表(表 1から表 9で 表す)を保持しているのは、図 10の情報分散配置処理例 1と同様である。  FIG. 16 is a diagram showing a connection state of the network 1 in the information distribution arrangement processing example 2. The connection topology is the same as in Fig. 3, but each node has its own reliability table (represented in Tables 1 to 9), as in the information distribution arrangement processing example 1 in Fig. 10.
[0191] 各ノードの信頼度表の記載内容は、図 11の情報分散配置処理例 1の場合と同様 であり、図は省略する。  [0191] The contents described in the reliability table of each node are the same as in the case of the information distribution arrangement processing example 1 in FIG.
[0192] また図 16ではノード PC9が、分散して保持する対象となるデータ Bを保持している。 データ Bを 5分割して分散保持することとする。各分割データをデータ B— 1、データ B— 2、データ B— 3、データ B— 4、データ B— 5とし、既に保持されているものとする In FIG. 16, the node PC 9 holds data B to be distributed and held. Data B is divided and held in 5 parts. Each divided data is data B-1, data B-2, data B-3, data B-4, and data B-5, and they are already held.
[0193] ここで、データ Bは、その秘密性が「部外秘」として指定されており、その重要度レべ ルは図 9に従えば「2」である。また図 9に従って、分割数は 5、信頼度許容範囲は信 頼度 61—80であるものとした。これは 0から 100を 5分割した上から 2番目を想定して いる。 Here, the confidentiality of data B is designated as “confidential”, and its importance level is “2” according to FIG. Also, according to Fig. 9, the number of divisions is 5 and the allowable range of reliability is 61-80 reliability. This assumes the second from the top divided from 0 to 100.
[0194] データ分割数は 5なので、データ分配先候補ノード数は 5を十分上回る数とした!/、。  [0194] Since the number of data divisions is 5, the number of candidate nodes for data distribution is sufficiently larger than 5! /.
図 16の接続形態を考慮して、信頼度表取得範囲は、ホップ数 3までとする。  Considering the connection form in Fig. 16, the reliability table acquisition range is limited to 3 hops.
[0195] 図 17にはホップ数 3を信頼度表取得範囲とした場合の信頼度表を取得するノード の範囲を示す。 PC9から見て、矢印を経由して到達できるのが、ホップ数 3までのノ ードであり、自ノードを含めてここでは 9台すベてのノードから信頼度表を取得するこ とになる。従ってこのネットワークの場合、 PC1から PC9のすベてのノードがデータ分 配先候補となる。  FIG. 17 shows the range of nodes that acquire the reliability table when the number of hops is 3 as the reliability table acquisition range. As seen from PC9, the node that can be reached via the arrow is the node with up to 3 hops, and here the reliability table is obtained from all 9 nodes including the own node. Become. Therefore, in this network, all nodes from PC1 to PC9 are candidates for data distribution.
[0196] PC9は、自らの保持する信頼度表以外に、図 17に示したすべてのノードがそれぞ れ保持する信頼度表を取得する。  [0196] In addition to the reliability table held by itself, the PC 9 obtains a reliability table held by all the nodes shown in FIG.
[0197] 図 18には、 PC9の取得した信頼度表の記載内容を示す。既に述べたように、これ らの信頼度表には PC1から PC9のすベてのノード力 その信頼度とともに記載されて いる。また、各信頼度表において下線を施したノードは、複数の信頼度表に記載のあ るノードであり、ここではすべてのノードが該当する。ノード信頼度リストを作成するに は、これら同一のノードに対する複数の信頼度値を一つにまとめなければならない。  [0197] FIG. 18 shows the contents of the reliability table acquired by PC9. As already mentioned, these reliability tables include all node powers of PC1 to PC9 along with their reliability. In addition, the underlined nodes in each reliability table are nodes listed in a plurality of reliability tables, and here all the nodes correspond. To create a node reliability list, multiple reliability values for the same node must be combined.
[0198] 既に説明した重み付け計算を用いる方法のうち、 b (平均値をとる)を採用して、ノー ド信頼度リストを作成する。  [0198] Among the methods using the weight calculation described above, adopt b (take an average value) to create a node reliability list.
[0199] 図 19には、作成したノード信頼度リストの内容を示す。但し、平均値計算で小数点 以下は切り捨てた。 PC1から PC9のすベてのノード力 データ分配先候補のノードと してノード信頼度とともに記載されている。  FIG. 19 shows the contents of the created node reliability list. However, the fractional part was rounded down in the average value calculation. All node powers of PC1 to PC9 are listed along with node reliability as data distribution candidate nodes.
[0200] しかしながら信頼度許容範囲である信頼度 61— 80と照合すると、ノード信頼度が 信頼度許容範囲内であるノードは 1台も存在しないことが分かる。 [0201] 抽出されたノードが存在しない場合の処置として、ここでは信頼度許容範囲の変更 を行う。信頼度 61— 80を信頼度 51— 80に拡げることとした。 [0200] However, when comparing with the reliability 61-80, which is the allowable range of reliability, it can be seen that there is no node whose node reliability is within the allowable range of reliability. [0201] As a measure for the case where the extracted node does not exist, the reliability tolerance range is changed here. The reliability 61-80 was expanded to the reliability 51-80.
[0202] ノード信頼度リストはそのままで、再度頼度許容範囲内であるノードの抽出を行った[0202] The node reliability list was left as-is, and nodes that were within the allowable reliability range were extracted again
Yes
[0203] 図 19で下線を施したノードが、ノード信頼度が変更した信頼度許容範囲内にあるノ ードであり、ここでは、 PC6、 PC7、 PC9の 3台が抽出された。  [0203] The nodes underlined in Fig. 19 are the nodes within the reliability tolerance range in which the node reliability has been changed. Here, PC6, PC7, and PC9 were extracted.
[0204] 抽出されたノード数は、必要なデータ分配先ノード数 5 (分割数 5による)をまだ満た さないので、これらのノード以外に任意の 2台を選択する必要がある。残りの 2台とし て、ノード信頼度が信頼度許容範囲外であるが、信頼度許容範囲に最も近いノード を選択することにした。結果は、 PC2と PC5である。 [0204] Since the number of extracted nodes does not yet satisfy the required number of data distribution destination nodes 5 (depending on the number of divisions 5), it is necessary to select any two nodes other than these nodes. For the remaining two units, we decided to select the node whose node reliability is outside the allowable range of reliability but closest to the allowable range of reliability. The result is PC2 and PC5.
[0205] よってデータ分配先ノードとして選択されたのは、 PC2、 PC5、 PC6、 PC7、 PC9で ある。 [0205] Thus, PC2, PC5, PC6, PC7, and PC9 are selected as the data distribution destination nodes.
[0206] 図 20には、選択されたデータ分配先ノードに、 PC9の保持するデータ Bの分割デ ータを振り分け、分配した状態を示す。分割データであるデータ B— 1、データ B— 2 、データ B— 3、データ B— 4、データ B— 5が、それぞれデータ分配先ノード PC9、 P C2、 PC5、 PC6、 PC7に振り分けられ、分配されている。  FIG. 20 shows a state where the divided data of data B held by the PC 9 is distributed and distributed to the selected data distribution destination node. Data B—1, Data B—2, Data B—3, Data B—4, and Data B—5, which are divided data, are distributed to the data distribution destination nodes PC9, PC2, PC5, PC6, and PC7, respectively. Has been.
[0207] このように本実施形態に力、かる情報の管理方法、及びノードとしての情報処理装置 によれば、ネットワーク上の複数のノードに情報を分割して分配するに際して、次のよ うに処理することになる。すなわち、各ノードの物理的情報に基づき算出された信頼 度が、保持する情報の性質に応じて予め設定された信頼度許容範囲内にあるノード を、分配先ノードとして優先的に選択し、分配する。これにより、ネットワーク上の複数 のノードに分散して保持された情報に対して、分散された情報の一部を取得できな!/、 といった障害が発生しにくぐかつ特定のノードに負荷が集中することをも抑制でき、 分散された情報を効率よく利用することができる。  As described above, according to the present embodiment, the information management method and the information processing apparatus as a node, when dividing and distributing information to a plurality of nodes on the network, the following processing is performed. Will do. In other words, a node whose reliability calculated based on the physical information of each node is within the reliability tolerance range set in advance according to the nature of the information to be stored is preferentially selected as a distribution destination node, and distributed. To do. As a result, it is difficult for a part of the distributed information to be acquired for the information distributed and held in multiple nodes on the network, and the load is concentrated on a specific node. Can be suppressed, and distributed information can be used efficiently.
[0208] なお本発明の範囲は、上記実施形態に限定されるものではない。本発明の趣旨を 逸脱しない限り、それらの変更された形態もその範囲に含むものである。  [0208] The scope of the present invention is not limited to the above embodiment. As long as they do not depart from the spirit of the present invention, these modified forms are also included in the scope.

Claims

請求の範囲 The scope of the claims
[1] 情報を分割して複数のノードに分配して保持するネットワークシステムにおける情報 の管理方法であって、  [1] A method for managing information in a network system that divides information and distributes and holds the information among multiple nodes.
前記情報を複数のノードに分配するために分割し、分割情報を生成する情報分割ェ 程と、  An information dividing step of dividing the information to distribute to a plurality of nodes and generating divided information;
前記情報分割工程によって生成された前記分割情報が分配される分配先ノードとし て、それぞれのノードの物理的情報に基づき算出された信頼度が、前記情報の性質 に応じて予め設定された信頼度許容範囲内にあるノードを優先的に選択する分配先 選択工程と、  The reliability calculated based on the physical information of each node as a distribution destination node to which the division information generated by the information division step is distributed is a reliability set in advance according to the property of the information. Distribution destination selection process that preferentially selects nodes within the allowable range; and
前記分配先選択工程により選択された分配先ノードに、前記分割情報をそれぞれ分 配する情報分配工程と、を有する  An information distribution step of distributing the division information to the distribution destination nodes selected by the distribution destination selection step.
ことを特徴とする情報の管理方法。  Information management method characterized by the above.
[2] 前記分配先選択工程では、  [2] In the distribution destination selection step,
分配先候補のノードと、当該分配先候補のノードの物理的情報に基づき算出された 信頼度とに関する情報を含むノード信頼度リストから、前記分配先ノードが選択され る  The distribution destination node is selected from a node reliability list that includes information regarding the distribution destination candidate node and the reliability calculated based on physical information of the distribution destination candidate node.
ことを特徴とする請求の範囲第 1項に記載の情報の管理方法。  The information management method according to claim 1, characterized in that:
[3] 前記ノード信頼度リストは、  [3] The node reliability list is
複数のノードが保持する、当該ノードの接続先ノードの信頼度に関する情報を含む 信頼度表を収集し、収集した複数の前記信頼度表に基づいて作成される ことを特徴とする請求の範囲第 2項に記載の情報の管理方法。  A reliability table that includes information related to the reliability of a connection destination node of the node, which is held by a plurality of nodes, is collected and created based on the collected plurality of the reliability tables. Information management method described in item 2.
[4] 前記信頼度表は、  [4] The reliability table is
当該信頼度表を保持するノードの接続先のノードにおいて公開されている物理的情 報を取得し、該物理的情報に基づき算出されたそれぞれの接続先ノードの信頼度を 含む  Acquires the physical information published in the connection destination node of the node holding the reliability table, and includes the reliability of each connection destination node calculated based on the physical information
ことを特徴とする請求の範囲第 3項に記載の情報の管理方法。  The information management method according to claim 3, wherein:
[5] 前記信頼度表は、 [5] The reliability table is
それぞれの接続先ノードについての信頼度として、当該接続先ノードによってその物 理的情報をもとに算出された値を含む The reliability of each connection destination node is determined by the connection destination node. Includes values calculated based on rational information
ことを特徴とする請求の範囲第 3項に記載の情報の管理方法。  The information management method according to claim 3, wherein:
[6] 前記ノード信頼度リストは、  [6] The node reliability list is
前記分割情報を分配するノードによって作成される  Created by a node that distributes the division information
ことを特徴とする請求の範囲第 2項に記載の情報の管理方法。  The information management method according to claim 2, wherein:
[7] 前記ノード信頼度リストは、  [7] The node reliability list is
前記分割情報を分配するノードによって他のノードから取得される  Acquired from other nodes by the node that distributes the division information
ことを特徴とする請求の範囲第 2項に記載の情報の管理方法。  The information management method according to claim 2, wherein:
[8] 前記ノード信頼度リストは、  [8] The node reliability list is
前記情報の分割数に応じて、ホップ数の少な!/、接続先を優先して前記複数のノード が選択され、該複数のノードの保持する前記複数の信頼度表に基づレ、て作成される ことを特徴とする請求の範囲第 3項に記載の情報の管理方法。  Depending on the number of divisions of the information, the number of hops is small! /, The plurality of nodes are selected with priority given to the connection destination, and created based on the plurality of reliability tables held by the plurality of nodes The information management method according to claim 3, wherein the information management method is performed.
[9] 前記複数の信頼度表において、同一ノードに対して異なる複数の信頼度の値が含ま れる場合、平均値、最大値、最小値、または重み付きの平均値の何れ力、を用いて当 該ノードの信頼度が算出される  [9] When a plurality of different reliability values are included for the same node in the plurality of reliability tables, the average value, maximum value, minimum value, or weighted average value is used. The reliability of the node is calculated
ことを特徴とする請求の範囲第 3項に記載の情報の管理方法。  The information management method according to claim 3, wherein:
[10] 前記ノード信頼度リストは、 [10] The node reliability list is
所定の期間毎、もしくは各ノードの信頼度に影響する処理が行われる毎に再作成さ れる  Re-created every predetermined period or every time processing that affects the reliability of each node is performed
ことを特徴とする請求の範囲第 3項に記載の情報の管理方法。  The information management method according to claim 3, wherein:
[11] 前記物理的情報は、 [11] The physical information is:
それぞれのノードにおける、 CPUのスペック情報、 CPUの使用率に関する情報、メ モリの使用率に関する情報、及び接続時間に関する情報、の少なくとも 1つ以上を含 む  Includes at least one or more of CPU specification information, CPU usage information, memory usage information, and connection time information for each node.
ことを特徴とする請求の範囲第 1項に記載の情報の管理方法。  The information management method according to claim 1, characterized in that:
[12] 前記信頼度許容範囲は、 [12] The reliability tolerance range is:
前記情報の性質としての、前記情報の重要度とその処理に対する計算量と、の少な くとも何れかに応じて予め設定される ことを特徴とする請求の範囲第 1項に記載の情報の管理方法。 Pre-set according to at least one of the importance of the information and the amount of calculation for the processing as the nature of the information The information management method according to claim 1, characterized in that:
[13] 情報を分割して複数のノードに分配して保持するネットワークシステムにおけるノード としての情報処理装置であって、 [13] An information processing apparatus as a node in a network system that divides information and distributes and holds the information to a plurality of nodes,
前記情報を複数のノードに分配するために分割し、分割情報を生成する情報分割手 段と、  An information dividing means for dividing the information to distribute to a plurality of nodes and generating divided information;
前記情報分割手段によって生成された前記分割情報が分配される分配先ノードとし て、それぞれのノードの物理的情報に基づき算出された信頼度が、前記情報の性質 に応じて予め設定された信頼度許容範囲内にあるノードを優先的に選択する分配先 選択手段と、  As a distribution destination node to which the division information generated by the information division unit is distributed, the reliability calculated based on the physical information of each node is a reliability set in advance according to the nature of the information. Distribution destination selection means for preferentially selecting nodes within the allowable range;
前記分配先選択手段により選択された分配先ノードに、前記分割情報をそれぞれ分 配する情報分配手段と、を有する  Information distribution means for distributing the division information to the distribution destination nodes selected by the distribution destination selection means.
ことを特徴とする情報処理装置。  An information processing apparatus characterized by that.
[14] 前記分配先選択手段は、 [14] The distribution destination selection means includes:
分配先候補のノードと、当該分配先候補のノードの物理的情報に基づき算出された 信頼度とに関する情報を含むノード信頼度リストから、前記分配先ノードを選択する ことを特徴とする請求の範囲第 13項に記載の情報処理装置。  The distribution destination node is selected from a node reliability list including information on a distribution destination candidate node and reliability calculated based on physical information of the distribution destination candidate node. The information processing apparatus according to item 13.
[15] 前記分配先選択手段は、 [15] The distribution destination selection means includes:
複数のノードが保持する、当該ノードの接続先ノードの信頼度に関する情報を含む 信頼度表を収集し、収集した複数の前記信頼度表に基づいて前記ノード信頼度リス トを作成することを特徴とする請求の範囲第 14項に記載の情報処理装置。  Collecting a reliability table that includes information related to the reliability of the node to which the node is connected, held by multiple nodes, and creating the node reliability list based on the collected multiple reliability tables The information processing apparatus according to claim 14.
[16] 前記分配先選択手段は、 [16] The distribution destination selection means includes:
接続先ノードにおいて公開されている物理的情報を取得し、該物理的情報に基づき 算出した接続先ノードの信頼度を含む前記信頼度表を保持する  Obtains physical information published in the connection destination node, and holds the reliability table including the reliability of the connection destination node calculated based on the physical information
ことを特徴とする請求の範囲第 15項に記載の情報処理装置。  16. The information processing apparatus according to claim 15, wherein
[17] 前記分配先選択手段は、 [17] The distribution destination selection means includes:
接続先ノードによってその物理的情報をもとに算出された値を、その接続先ノードに つ!/、ての信頼度として含む前記信頼度表を保持する  Holds the reliability table containing the values calculated based on the physical information by the connection destination node as the reliability of the connection destination node!
ことを特徴とする請求の範囲第 15項に記載の情報処理装置。 16. The information processing apparatus according to claim 15, wherein
[18] 前記分配先選択手段は、 [18] The distribution destination selection means includes:
前記ノード信頼度リストを自ら作成する  Create the node reliability list by itself
ことを特徴とする請求の範囲第 14項に記載の情報処理装置。  15. The information processing apparatus according to claim 14, wherein
[19] 前記分配先選択手段は、 [19] The distribution destination selection means includes:
前記ノード信頼度リストを他のノードから取得する  Get the node reliability list from other nodes
ことを特徴とする請求の範囲第 14項に記載の情報処理装置。  15. The information processing apparatus according to claim 14, wherein
[20] 前記分配先選択手段は、 [20] The distribution destination selection means includes:
前記情報の分割数に応じて、ホップ数の少な!/、接続先を優先して前記複数のノード を選択し、該複数のノードの保持する前記複数の信頼度表に基づいて、前記ノード 信頼度リストを作成する  Depending on the number of divisions of the information, the number of hops is reduced, and the plurality of nodes are selected with priority on connection destinations, and the node reliability is determined based on the plurality of reliability tables held by the plurality of nodes. Create a degree list
ことを特徴とする請求の範囲第 15項に記載の情報処理装置。  16. The information processing apparatus according to claim 15, wherein
[21] 前記分配先選択手段は、 [21] The distribution destination selection means includes:
前記複数の信頼度表において、同一ノードに対して異なる複数の信頼度の値が含ま れる場合、平均値、最大値、最小値、または重み付きの平均値の何れ力、を用いて、 前記ノード信頼度リストにおける当該ノードの信頼度を算出する  In the plurality of reliability tables, when a plurality of different reliability values are included for the same node, the average value, the maximum value, the minimum value, or the weighted average value is used. Calculate the reliability of the node in the reliability list
ことを特徴とする請求の範囲第 15項に記載の情報処理装置。  16. The information processing apparatus according to claim 15, wherein
[22] 前記分配先選択手段は、 [22] The distribution destination selection means includes:
所定の期間毎、もしくは各ノードの信頼度に影響する処理が行われる毎に、前記ノー ド信頼度リストを再作成する  The node reliability list is re-created every predetermined period or each time processing that affects the reliability of each node is performed.
ことを特徴とする請求の範囲第 15項に記載の情報処理装置。  16. The information processing apparatus according to claim 15, wherein
[23] 前記物理的情報は、 [23] The physical information is:
それぞれのノードにおける、 CPUのスペック情報、 CPUの使用率に関する情報、メ モリの使用率に関する情報、及び接続時間に関する情報、の少なくとも 1つ以上を含 む  Includes at least one or more of CPU specification information, CPU usage information, memory usage information, and connection time information for each node.
ことを特徴とする請求の範囲第 13項に記載の情報処理装置。  The information processing apparatus according to claim 13, wherein:
[24] 前記分配先選択手段は、 [24] The distribution destination selection means includes:
前記情報の性質としての、前記情報の重要度とその処理に対する計算量と、の少な くとも何れかに応じて、前記信頼度許容範囲を予め設定する ことを特徴とする請求の範囲第 13項に記載の情報処理装置。 The reliability tolerance range is preset according to at least one of the importance of the information and the amount of calculation for the processing as the property of the information. The information processing apparatus according to claim 13, wherein:
PCT/JP2007/069942 2006-11-09 2007-10-12 Information management method and information processing device WO2008056507A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2008543017A JPWO2008056507A1 (en) 2006-11-09 2007-10-12 Information management method and information processing apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006-303836 2006-11-09
JP2006303836 2006-11-09

Publications (1)

Publication Number Publication Date
WO2008056507A1 true WO2008056507A1 (en) 2008-05-15

Family

ID=39364331

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/069942 WO2008056507A1 (en) 2006-11-09 2007-10-12 Information management method and information processing device

Country Status (2)

Country Link
JP (1) JPWO2008056507A1 (en)
WO (1) WO2008056507A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014513852A (en) * 2011-05-16 2014-06-05 オラクル・インターナショナル・コーポレイション Scalable centralized dynamic resource distribution in cluster data grids

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003330787A (en) * 2002-04-24 2003-11-21 Internatl Business Mach Corp <Ibm> Distributed file system using scatter-gather
JP2004126716A (en) * 2002-09-30 2004-04-22 Fujitsu Ltd Data storing method using wide area distributed storage system, program for making computer realize the method, recording medium, and controller in the system
JP2005252596A (en) * 2004-03-03 2005-09-15 Nippon Telegr & Teleph Corp <Ntt> P2p network construction method using physical reliability and connection state managing apparatus
JP2005275937A (en) * 2004-03-25 2005-10-06 Fujitsu Ltd P2p network system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003330787A (en) * 2002-04-24 2003-11-21 Internatl Business Mach Corp <Ibm> Distributed file system using scatter-gather
JP2004126716A (en) * 2002-09-30 2004-04-22 Fujitsu Ltd Data storing method using wide area distributed storage system, program for making computer realize the method, recording medium, and controller in the system
JP2005252596A (en) * 2004-03-03 2005-09-15 Nippon Telegr & Teleph Corp <Ntt> P2p network construction method using physical reliability and connection state managing apparatus
JP2005275937A (en) * 2004-03-25 2005-10-06 Fujitsu Ltd P2p network system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014513852A (en) * 2011-05-16 2014-06-05 オラクル・インターナショナル・コーポレイション Scalable centralized dynamic resource distribution in cluster data grids

Also Published As

Publication number Publication date
JPWO2008056507A1 (en) 2010-02-25

Similar Documents

Publication Publication Date Title
EP2269361B1 (en) Method and device for dynamic deployment of trust bridges in an ad hoc wireless network
US6185612B1 (en) Secure distribution and use of weighted network topology information
US8577044B2 (en) Method and apparatus for automatic and secure distribution of an asymmetric key security credential in a utility computing environment
Tysowski et al. The engineering of a scalable multi-site communications system utilizing quantum key distribution (QKD)
EP1966929B1 (en) Methods and system for managing security keys within a wireless network
WO2022193985A1 (en) Data processing method and apparatus, and device and storage medium
CN1681238B (en) Key allocating method and key allocation system for encrypted communication
JP4993733B2 (en) Cryptographic client device, cryptographic package distribution system, cryptographic container distribution system, and cryptographic management server device
JP5215289B2 (en) Method, apparatus and system for distributed delegation and verification
EP2965465B1 (en) Handling of digital certificates
EP2999172B1 (en) Method and devices to certify a trusted path in a software defined network
US20060285693A1 (en) Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment
JP2007507760A (en) Secure cluster configuration dataset transfer protocol
JP4155341B2 (en) Information management method and information processing apparatus
JP5813872B2 (en) COMMUNICATION CONTROL DEVICE, COMMUNICATION DEVICE, AND PROGRAM
CN112351019B (en) Identity authentication system and method
US20200236032A1 (en) Blockchain Routing Protocols
JP2013020314A (en) Data decentralization and storage system
JP6453154B2 (en) Network management system and network management method
Li et al. Securing distributed adaptation
US20200236031A1 (en) Blockchain Routing Protocols
CN116166749A (en) Data sharing method and device, electronic equipment and storage medium
WO2008056507A1 (en) Information management method and information processing device
Tsumak Securing BGP using blockchain technology
JP2020101875A (en) Communication device, communication method, and communication program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07829678

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2008543017

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07829678

Country of ref document: EP

Kind code of ref document: A1