Sharing data safely using service replication
First Claim
Patent Images
1. A data sharing computer system, comprising:
- a first computer system;
a second computer system;
a shared data storing unit operably connected to the first and second computer systems; and
an access control information storing unit;
wherein(A) the shared data storing device includes a plurality of data storing areas, which divides a shared data accessed by the first computer system and the second computer system, and stores the divided shared data to the plurality of data storing areas;
(B) the access control information storing device stores an access control information which indicates whether each data storing area of the shared data storing device is accessible or not accessible;
(C) the first computer system includes a first service unit, a first data access unit operably connected to the shared data storing device, and a first mutual exclusion unit operably connected to the access control information storing unit;
wherein (1) in response to the first service unit instructing the first data access unit and the first mutual exclusion unit to access an arbitrary data storing area, the first mutual exclusion unit obtains the access control information of the instructed data storing area, decides whether the instructed data storing area is accessible or not accessible, and changes the access control information associated with the instructed data storing area to not accessible if decided as accessible;
(2) the first data access unit accesses the instructed data storing area after the first mutual exclusion unit decides that the instructed data storing area is accessible and before the first mutual exclusion unit changes the access control information to not accessible; and
(3) the first mutual exclusion unit changes the access control information of the instructed data storing area to accessible after the first data access unit accesses the instructed data storing area;
(D) the second computer system includes a second service unit, a second data access unit operably connected to the shared data storing device, and a second mutual exclusion unit operably connected to the access control information storing unit;
wherein (4) in response to the second service unit instructing the second data access unit and the second mutual exclusion unit to access an arbitrary data storing area the second mutual exclusion unit obtains the access control information of the instructed data storing area, decides whether the instructed data storing area is accessible or not accessible, and changes the access control information associated with the instructed data storing area to not accessible if decided as accessible;
(5) the second data access unit accesses the instructed data storing area after the second mutual exclusion unit decides that the instructed data storing area is accessible and before the second mutual exclusion unit changes the access control information to not accessible; and
(6) the second mutual exclusion unit changes the access control information of the instructed data storing area to accessible after the second data access unit accesses the instructed data storing area.
1 Assignment
0 Petitions
Accused Products
Abstract
A service replicating server replicates service per each network and shares data safely between networks such as an interoffice network and the internet. The LAN side server connected to the LAN and an internet side server connected to the internet share data at the shared disk which performs mutual exclusion using a bus having bus lock function and supplies a consistent service to each network by using the shared data.
28 Citations
15 Claims
-
1. A data sharing computer system, comprising:
- a first computer system;
a second computer system;
a shared data storing unit operably connected to the first and second computer systems; and
an access control information storing unit;
wherein(A) the shared data storing device includes a plurality of data storing areas, which divides a shared data accessed by the first computer system and the second computer system, and stores the divided shared data to the plurality of data storing areas;
(B) the access control information storing device stores an access control information which indicates whether each data storing area of the shared data storing device is accessible or not accessible;
(C) the first computer system includes a first service unit, a first data access unit operably connected to the shared data storing device, and a first mutual exclusion unit operably connected to the access control information storing unit;
wherein(1) in response to the first service unit instructing the first data access unit and the first mutual exclusion unit to access an arbitrary data storing area, the first mutual exclusion unit obtains the access control information of the instructed data storing area, decides whether the instructed data storing area is accessible or not accessible, and changes the access control information associated with the instructed data storing area to not accessible if decided as accessible;
(2) the first data access unit accesses the instructed data storing area after the first mutual exclusion unit decides that the instructed data storing area is accessible and before the first mutual exclusion unit changes the access control information to not accessible; and
(3) the first mutual exclusion unit changes the access control information of the instructed data storing area to accessible after the first data access unit accesses the instructed data storing area;
(D) the second computer system includes a second service unit, a second data access unit operably connected to the shared data storing device, and a second mutual exclusion unit operably connected to the access control information storing unit;
wherein(4) in response to the second service unit instructing the second data access unit and the second mutual exclusion unit to access an arbitrary data storing area the second mutual exclusion unit obtains the access control information of the instructed data storing area, decides whether the instructed data storing area is accessible or not accessible, and changes the access control information associated with the instructed data storing area to not accessible if decided as accessible;
(5) the second data access unit accesses the instructed data storing area after the second mutual exclusion unit decides that the instructed data storing area is accessible and before the second mutual exclusion unit changes the access control information to not accessible; and
(6) the second mutual exclusion unit changes the access control information of the instructed data storing area to accessible after the second data access unit accesses the instructed data storing area. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
wherein the first computer system is connected to a first network system having a third computer system; wherein the first service unit supplies a first service to the third computer system via the first network system;
wherein the second computer system is connected to a second network system having a fourth computer system; and
wherein the second computer system is connected to a second network system having a fourth computer system; and
wherein the second service unit supplies a second service to the fourth computer system via the second network system.
- a first computer system;
-
3. The data sharing computer system according to claim 2, wherein the second service unit supplies the second service to the fourth computer system via the second network system which is substantially equivalent to the first service supplied by the first service unit to the third computer system via the first network system.
-
4. The data sharing computer system according to claim 1,
wherein the first mutual exclusion unit is connected to the access control information storing unit by a bus having bus lock function; -
wherein the first mutual exclusion unit locks the bus while obtaining the access control information of the instructed data storing area, deciding whether the instructed data storing area is accessible or not accessible, and changing the access control information associated with the instructed data storing area to not accessible if decided as accessible;
wherein the first mutual exclusion unit locks the bus while the access control information of the instructed data storing area is being changed to access possible;
wherein the second mutual exclusion unit is connected to the access control information storing unit by the bus having bus lock function;
wherein the second mutual exclusion unit locks the bus while obtaining the access control information of the instructed data storing area, deciding whether the instructed data storing area is accessible or not accessible, and changing the access control information associated with the instructed data storing area to not accessible if decided as accessible; and
wherein the second mutual exclusion unit locks the bus while the access control information of the instructed data storing area is being changed to access possible.
-
-
5. The data sharing computer system according to claim 1,
wherein the first mutual exclusion unit executes a series of operations which includes obtaining of the access control information associated with the instructed data storing area, deciding whether the instructed data storing area is accessible or not accessible, and changing of the access control information of the instructed data storing area to not accessible if decided as accessible, wherein the series of operation is executed using a single command; - and
wherein the second mutual exclusion unit executes a series of operation operations which includes obtaining of the access control information of the instructed data storing area, deciding whether the instructed data storing area is accessible or not accessible, and changing of the access control information associated with the instructed data storing area to not accessible if decided as accessible, wherein the series of operation is executed using a single command.
- and
-
6. The data sharing computer system according to claim 1, wherein the first computer system comprising:
-
(1) a data-encrypting key storing unit for storing a data-encrypting key used for encrypting and decrypting;
(2) a data encryption and decryption executing unit for encrypting by using a specified data-encrypting key when an encryption is instructed by specifying the data-encrypting key, and for decrypting by using a specified cipher key when a decryption is instructed by specifying the data-encrypting key;
(3) a data-encrypting key re-setting unit for changing the data-encrypting key stored in the data-encrypting key storing unit; and
(4) a data re-encrypting unit for instructing the first data access unit to read an encrypted data from the data storing area, for instructing the data encryption and decryption executing unit to decrypt the encrypted data read from the data storing area by specifying the data-encrypting key before changing the data-encrypting key, for instructing the data encryption and decryption executing unit to re-encrypt the decrypted data by specifying a new data-encrypting key after changing the data-encrypting key, and for instructing the first data access unit to write a re-encrypted data to the data storing area.
-
-
7. The data sharing computer system according to claim 1 further comprising a third computer system,
wherein the third computer system and the first computer system are connected to a first network system; -
wherein the first service unit supplies a service to the third computer system via the first network system; and
wherein the third computer system includes a shared data cache unit for caching the shared data accessed by the service supplied by the first service unit.
-
-
8. The data sharing computer system according to claim 1,
wherein the first service unit operates using a configuration information; -
wherein the shared data storing device stores the configuration information used by the first service unit;
wherein the second computer system includes another storing unit;
wherein the second computer system includes a configuration information replicating unit for reading the configuration information stored in the shared data storing device, and for writing the configuration information read to the another storing unit; and
wherein the second service unit updates the configuration information written to the another storing unit, and operates by using the updated configuration information.
-
-
9. The data sharing computer system according to claim 1, wherein the computer system comprises:
-
(1) an authentication method managing unit for storing an authentication method used in a user authentication by the first computer system;
(2) an authentication and permission database managing unit for previously storing a data used for the user authentication; and
(3) an authenticating function unit for receiving a data requiring the user authentication and an authentication request, and for authenticating by using the previously stored data used for the user authentication in the authentication and permission database managing unit and the data requiring the user authentication, based on the authentication method stored in the authentication method managing unit.
-
-
10. The data sharing computer system according to claim 1,
wherein the data sharing computer system is a shared memory type parallel computer comprising a bus; - and
wherein the shared memory type parallel computer includes the first computer system;
the second computer system;
the shared data storing device; and
the access control information storing unit connected via the bus.
- and
-
11. A method of replicating service in a computer system having a first server and a second server both of which are operably connected to a shared memory via a bus, the method comprising:
-
dividing the shared memory into a plurality of data storing areas;
storing access control information indicating whether associated data storing areas are accessible or not accessible;
in response to a data access request from the first server requesting data access to a first one of the data storing areas, determining whether the stored access control information indicates whether the first data storing area is accessible;
mutually excluding the second server by changing the access control information associated with the first data storing area to indicate not accessible by the second server;
accessing the first data storing area with the first server;
after said accessing is complete, changing the access control information associated with the first data storing area to indicate accessible. - View Dependent Claims (12, 13, 14, 15)
wherein the first server is connected to a first network system having a third computer system, and wherein the second server is connected to a second network system having a fourth computer system; - the method further comprising;
supplying a first service to the third computer system via the first network system; and
supplying a second service to the fourth computer system via the second network system.
-
-
13. The method according to claim 11, wherein the bus has a bus lock function, the method further comprising:
-
locking the bus during the data access request from the first server and while deciding whether the first data storing area is accessible or not accessible and, if said deciding step decides that the first data storing area is accessible, while changing the access control information to not accessible; and
also locking the bus while said changing step changes the access control information associated with the first data storing area to accessible.
-
-
14. The method according to claim 11, further comprising:
-
in response to a data access request from the second server requesting data access to a second one of the data storing areas, determining whether the stored access control information indicates whether the second data storing area is accessible;
mutually excluding the first server by changing the access control information associated with the second data storing area to indicate not accessible by the first server;
accessing the second data storing area with the second server;
after said accessing is complete, changing the access control information associated with the second data storing area to indicate accessible.
-
-
15. The method according to claim 14, wherein the bus has a bus lock function, the method further comprising:
-
locking the bus during the data access request from the second server and while deciding whether the second data storing area is accessible or not accessible and, if said deciding step decides that the second data storing area is accessible, while changing the access control information to not accessible; and
also locking the bus while said changing step changes the access control information associated with the second data storing area to accessible.
-
Specification