The present invention relates to a service supplying method between computer systems such as LAN (local area network) connected via an internet or a public channel and a computer system that uses the service supplying method. The computer system and the service supplying method of the present invention supplies a service safely and smoothly to a user, and this is made possible by the agent method.
Recently, a computer system that uses LAN is commonly being adopted in organizations. Commonly, a plurality of LANs located in various locations in an organization""s interoffice network are connected altogether to form an intranet. Extending further, an extranet which includes the organization""s allied companies to form a network altogether is also becoming widespread.
There are various ways to connect a plurality of LANs located in various locations. To give one example, there is a case of using a low-cost internet instead of a leased line. In this case, access from outside should be regulated, so a firewall is generally set at a boundary of outside and inside of the network. This helps to increase the safety factor inside the LANs. The firewall is a technique which only permits access from outside to a specific location or to a specific application of the LAN. An example of this technique is disclosed in Japanese unexamined patent publication HEI 7-87122.
Specifically, the firewall is mostly used in a system which only allows SMTP (simple mail transfer protocol), which is an electronic mail transfer protocol, to pass through. In this case, only an electronic mail message can pass through the firewall. As other examples, there are a system which allows HTTP (hyper text transfer protocol) to pass through, which is a data communication protocol of WWW (world wide web), a system which allows a CORBA (common object request broker architecture) communication protocol IIOP (internet inter-ORB protocol) to pass through, and a system which allows a communication protocol such as RMI prepared by JAVA processing system to pass through.
In a network computer system, services under a LAN environment such as file sharing, printing to common printer, or use of CPU server cannot be adopted because of the firewall.
Accordingly, in cases when one wishes to obtain a certain data or a program from other location, then the one can only rely on someone at the other location to transmit a required data or the program using an independent channel, or the one can only rely on a method of mailing media such as a tape.
The present invention attempts to eliminate disadvantages of conventional techniques such as those described above. An objective of the present invention is to request from outside via the internet for the services of computer system such as LAN where the firewall is being installed, and aims to supply a method to safely and smoothly receive the services.
A detailed example of the agent method adopted in the present invention is disclosed in Japanese unexamined patent publication HEI 7-182174 (corresponding to Japanese application U.S. Pat. No. 5,603,031 by General Magic Inc., U.S. company). An agent moves between agent processing systems responding to its needs. That is, the agent is configured to execute processing based on a data and a processing procedure stored in itself.
Also, as a related technique, a technique to set a delivery destination database and to manage the database in one-dimension in order to deliver an electronic mail to a plurality of LANs connected to the internet via the firewalls is disclosed in U.S. Pat. No. 005632011A. This system is configured to transmit an updated data of the delivery destination database as an electronic mail message.
According to one aspect of the present invention, an agent method for transferring an agent inside a network system including a first computer system having an access control unit which allows access in case of meeting a pre-determined communication condition and a second computer system, comprises steps of:
authenticating the second computer system for transmitting the agent, and transmitting the pre-determined communication condition of the first computer system to the authenticated second computer system;
receiving and storing the pre-determined communication condition, creating the agent, and transmitting the agent according to the pre-determined communication condition by the second computer system; and
receiving the agent via the access control unit and executing the agent by the first computer system.
According to another aspect of the present invention, the agent method further comprises a step of authenticating an agent issuing user.
According to another aspect of the present invention, the agent method includes the first computer system which can use a plurality of information exchanging methods. The agent method further comprises a step of selecting an information exchanging method based on an attribute of the information exchanging method of the first computer system by the second computer system.
According to another aspect of the present invention, the agent method includes the first computer system which has a plurality of agent processing systems that can execute the agent. The step of creating the agent includes a step of selecting the agent processing system based on an attribute of the agent processing system and a step of writing an identification information of the selected agent processing system to a part of the agent. The step of executing the agent includes a step of reading the identification information of the selected agent processing system and a step of transferring the agent to an agent processing system specified by the identification information.
According to another aspect of the present invention, the agent method includes the step of creating the agent including a step of writing an identification information of an agent issuing user to a part of the agent. The step of executing the agent includes a step of reading the identification information of the agent issuing user and a step of accessing a service according to an access right of the agent issuing user specified by the identification information.
According to another aspect of the present invention, the agent method further comprises a step of transmitting an agent execution status by the first computer system and a step of receiving the agent execution status by the second computer system.
According to another aspect of the present invention, the agent method further comprises a step of encrypting at least a part of the agent by the second computer system, and a step of decrypting the encrypted part of the agent by the first computer system.
According to another aspect of the present invention, the agent method further comprises a step of combining the predetermined communication conditions of a plurality of the first computer systems.
According to another aspect of the present invention, the agent method includes a second computer system which can use a plurality of information exchanging methods. The agent method further comprises a step of storing an agent transmission log including an identification information of the information exchanging method used in transmitting the agent, and a step of selecting the information exchanging method based on the agent transmission log by the second computer system.
According to another aspect of the present invention, the agent method includes the step of authenticating the second computer system includes a step of authenticating by a third party authenticating center.
According to another aspect of the present invention, the agent method further comprising a step of transmitting an user authentication data, and a step of receiving and storing the user authentication data by a plurality of the second computer systems, wherein the step of authenticating the agent issuing user includes a step of reading the user authentication data by the second computer system.
According to another aspect of the present invention, the agent method further comprising a step of combining attribute data of the agent processing systems, wherein the step of selecting the agent processing system includes a step of reading combined attribute data of the agent processing systems.
According to another aspect of the present invention, the agent method further comprises a step of combining the agent execution statuses.
According to another aspect of the present invention, the agent method further comprises a step of defining a management information transferring path based on an information exchange path information, and a step of deciding a transmitting destination of the agent execution status according to the management information transferring path.
According to another aspect of the present invention, the agent method further comprises a step of defining a management information transferring path based on an information exchange path information, and a step of deciding a transmitting destination of the pre-determined communication condition according to the management information transferring path.
According to another aspect of the present invention, a computer system having an accessible access control unit in case of meeting a pre-determined communication condition, and for communicating with an other computer system, comprises the followings:
a computer system authenticating unit for authenticating the other computer system for transmitting an agent;
a communication condition transmitting unit for transmitting the pre-determined communication condition to the authenticated other computer system;
an agent receiving unit for receiving the agent via the access control unit; and
an agent execution unit for executing the agent.
According to another aspect of the present invention, a computer system for communicating with an other computer system having an accessible access control unit in case of meeting a pre-determined communication condition comprises:
a communication condition receiving unit for receiving the pre-determined communication condition of the other computer system;
a communication condition storing unit for storing the pre-determined communication condition of the other computer system;
an agent creating unit for creating an agent executed in the other computer system; and
an agent transmitting unit for transmitting the agent according to the pre-determined communication condition of the other computer system.
According to another aspect of the present invention, the computer system comprises a network system having a plurality of computer systems.
According to another aspect of the present invention, the computer system comprises a network system having a plurality of computer systems.