Virtual communication channel and virtual private community, and agent collaboration system and agent collaboration method for controlling the same

US 7,171,441 B2
Filed: 02/21/2001
Issued: 01/30/2007
Est. Priority Date: 09/07/2000
Status: Expired due to Fees

First Claim

Patent Images

1. An agent collaboration system for connecting agents to each other through a virtual communication channel, each agent on the virtual communication channel comprising:

a policy storing part for storing a policy that is a collection of rules containing a rule representing a relationship between an attribute of an agent and a role assigned in accordance with the attribute, the policy being used to define a virtual communication channel;

a role assignment part having the policy storing part, for providing a role in accordance with the attributes of the agent based on the policy, said role assignment part specifying appropriate contents of a role to be assigned to the agents, based on the policy and the attribute of the agents distributed on the network;

a role-execution condition storing part for storing the role assigned by the role assignment part and conditions for executing contents of the role; and

a processing execution part for executing corresponding contents of a role when execution conditions for the contents of the role are satisfied,wherein the agent communicates with other agents through the virtual communication channel defined based on the policy; and

an authentication entity provided on the virtual communication channel adapted to authenticate access rights of each agent to the virtual communication channel and contents of a role held by the role-execution condition holding part of each agent, said authentication entity being divided into;

a policy approving authority issuing a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy;

an attribute authority issuing an attribute certification for certifying attributes of each agent; and

a certification authority issuing a public key certification for certifying that an agent on the network has been authenticated, each agent including a trust engine for interpreting the policy certification and the attribute certification.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A policy that relates attributes of an agent to a role is distributed to each agent on a network. A field connector generates an internal field in accordance with an instruction of a security manager. A ROLE manager uses attribute information from an attribute manager, and assigns each agent a ROLE in accordance with the attributes of each agent, and installs a ROLE method table and a ROLE execution part. When receiving a message from an external network, each agent searches for a corresponding ROLE by referring to the ROLE method table, and executes the ROLE. Thus, collaboration among agents is realized through a virtual communication channel by means of the exchange of a message.

Citations

27 Claims

1. An agent collaboration system for connecting agents to each other through a virtual communication channel, each agent on the virtual communication channel comprising:
- a policy storing part for storing a policy that is a collection of rules containing a rule representing a relationship between an attribute of an agent and a role assigned in accordance with the attribute, the policy being used to define a virtual communication channel;
  
  a role assignment part having the policy storing part, for providing a role in accordance with the attributes of the agent based on the policy, said role assignment part specifying appropriate contents of a role to be assigned to the agents, based on the policy and the attribute of the agents distributed on the network;
  
  a role-execution condition storing part for storing the role assigned by the role assignment part and conditions for executing contents of the role; and
  
  a processing execution part for executing corresponding contents of a role when execution conditions for the contents of the role are satisfied,wherein the agent communicates with other agents through the virtual communication channel defined based on the policy; and
  
  an authentication entity provided on the virtual communication channel adapted to authenticate access rights of each agent to the virtual communication channel and contents of a role held by the role-execution condition holding part of each agent, said authentication entity being divided into;
  
  a policy approving authority issuing a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy;
  
  an attribute authority issuing an attribute certification for certifying attributes of each agent; and
  
  a certification authority issuing a public key certification for certifying that an agent on the network has been authenticated, each agent including a trust engine for interpreting the policy certification and the attribute certification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. An agent collaboration system according to claim 1, wherein the policy comprises, in addition to the rule representing a relationship between attributes of the agent and a role assigned in accordance with the attributes, at least one of a rule representing a relationship between attributes of a data object and an agent'"'"'s reaction to operation with respect to the data object, a rule representing a relationship between a collection of the roles and a collection of the reactions, and a rule representing a relationship between the collections of the roles.
  - 3. An agent collaboration system according to claim 1, wherein, in each agent, contents of a policy stored in the policy storing part is updated, and deletion/alteration of the rules, and addition of a new rule are conducted.
  - 4. An agent collaboration system according to claim 1, wherein the processing execution part previously holds a processing function module, and selectively enables the processing function module in the processing execution part, based on the contents of a role held by the role-execution condition holding part, thereby installing a processing function.
  - 5. An agent collaboration system according to claim 4, wherein, in installment of a processing function in the processing execution part, in a case where the processing function module required for execution of the contents of a role is not previously held, the system receives a required processing function module from a resource on a network through the virtual communication channel to use it.
  - 6. An agent collaboration system according to claim 1, wherein a policy generated by an agent is distributed to another agent,the agent having received the distributed policy obtains a role in accordance with attributes of the agent using the role assignment part based on the policy, thereby installing the processing execution part, anda virtual communication channel is formed among agents having the distributed policy in common.
  - 7. An agent collaboration system according to claim 1, wherein a policy repository storing the policy is provided on the virtual communication channel, andeach agent obtains a required policy from the policy repository and stores it in the policy storing part.
  - 8. An agent collaboration system according to claim 1, wherein an authentication entity is provided on the virtual communication channel, andthe authentication entity authenticates access right of each agent to the virtual communication channel, and contents of a role held by the role-execution condition holding part of each agent.
  - 11. An agent collaboration system according to claim 1, wherein each agent is capable of selecting participation or nonparticipation on the virtual communication channel.
  - 12. An agent collaboration system according to claim 1, wherein the policy storing part generates and manages independent policies, and generates virtual private communities independently among agents exchanging information based on each policy on the virtual communication channel.
  - 13. An agent collaboration system according to claim 1, wherein the policy storing part integrates policy sets selected from policies independently generated and managed, and generates virtual private communities among agents exchanging information based on the integrated policy on the virtual communication channel.
  - 14. An agent collaboration system according to claim 1, wherein the policy storing part divides the policy into independent policies, and generates virtual private communities independently among agents exchanging information based on the respective policies on the virtual communication channel after policy division.
  - 15. An agent collaboration system according to claim 1, wherein the policy storing part stores a first policy and a second policy belonging to the first policy, in which a new rule is added to the first policy, and a virtual private community among agents based on the second policy are generated in a nested manner on a virtual private community among agents based on the first policy.
  - 16. An agent collaboration system according to claim 1, wherein an agent making a request with respect to another agent transmits request information having LABEL information based on the policy,the agent that receives the request information and responds to the request information transmits response information having LABEL information based on the policy, andthe agent that transmits the request receives response information having the LABEL information based on the policy.
  - 17. An agent collaboration system according to claim 1, wherein a role held by the role-execution condition storing part has an expiration date, and invalidates the role when the expiration date has come.
  - 18. An agent collaboration system according to claim 1, wherein the LABEL information has an expiration date, and a message having the LABEL information is ignored in each agent when the expiration date has come.
  - 19. An agent collaboration system according to claim 1, whereon the virtual communication channel has an expiration date, and the virtual communication channel is self-destroyed when the expiration date has come.
  - 20. An agent collaboration system according to claim 1, wherein an unauthorized access detecting part for detecting unauthorized access to the virtual communication channel is provided on the virtual communication channel or the agent, andas a result of that unauthorized access to the virtual communication channel is detected by the unauthorized access detecting part, each agent cancels connection to the virtual communication channel, thereby dynamically eliminating the virtual communication channel.
  - 21. An agent collaboration system according to claim 1, wherein each agent receives a request for destruction of the virtual communication channel from either one of the agents on the virtual communication channel, and cancels connection to the virtual communication channel, thereby dynamically eliminating the virtual communication channel.

9. An agent collaboration system for connecting agents to each other through a virtual communication channel, each agent on the virtual communication channel, comprising:
- a policy storing part for storing a policy that is a collection of rules containing a rule representing a relationship between an attribute of the agent and a role assigned in accordance with the attribute;
  
  a role assignment part having the policy storing part, for providing a role in accordance with the attributes of the agent based on the policy;
  
  a role-execution condition storing part for storing the role assigned by the role assignment part and conditions for executing contents of the role; and
  
  a processing execution pad for executing corresponding contents of a role in a case where the execution conditions for the contents of the role are satisfied, andwherein the agents collaborate with each other through the virtual communication channel based on the policy,an authentication entity is provided on the virtual communication channel and the authentication entity authenticates access right of each agent to the virtual communication channel and contents of a role held by the role-execution condition holding part of each agent,the authentication entity is divided into a policy approving authority, an attribute authority, and a certification authority, the policy approving authority issues a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy, the attribute authority issues an attribute certification for certifying attributes of each agent,the certification authority issues a public key certification for certifying that an agent on the network has been authenticated, andeach agent includes a trust engine for interpreting the policy certification and the attribute certification, and the role assignment pad specifies appropriate contents of a role to be assignedto the agents, based on the policy and the attribute of the agents distributed on the network.
- View Dependent Claims (10)
- - 10. An agent collaboration system according to claim 9, wherein, when logging in to a virtual communication channel, each agent uses the trust engine, and logs in to the communication channel while obtaining certification of a policy by receiving an input policy certification and an attribute certification corresponding to the virtual communication channel, anda policy is safely propagated among agents participating on the virtual communication channel by a log-in chain of each agent.

22. An agent collaboration method for brokering information communication among agents present on a network, comprising, in each agent on the virtual communication channel:
- storing a policy that is a collection of rules containing a rule representing a relationship between an attribute of an agent and a role assigned in accordance with the attribute, and assigning a role in accordance with the attributes of each agent based on the policy, the policy being used to define a virtual communication channel;
  
  specifying appropriate contents of a role to be assigned to agents, based on the policy and the attribute of the agents distributed on the network;
  
  storing the assigned role and conditions for executing contents of the role;
  
  executing corresponding contents of a role when execution conditions for the contents of the role are satisfied;
  
  allowing the agents to communicate with other agents through the virtual communication channel defined based on the policy;
  
  authenticating access rights of each agent to the virtual communication channel and contents of a role;
  
  issuing a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy;
  
  issuing an attribute certification for certifying attributes of each agent; and
  
  issuing a public key certification for certifying that an agent on the network has been authenticated, each agent including a trust engine for interpreting the policy certification and the attribute certification.

23. A computer-readable recording medium storing a processing program for causing a computer to execute a method for brokering information communication among agents present on a network, comprising:
- storing a policy that is a collection of rules containing a rule representing a relationship between an attribute of an agent and a role assigned in accordance with the attribute, and providing a role in accordance with the attributes of each agent based on the policy and the policy being used to define a virtual communication channel;
  
  specifying appropriate contents of a role to be assigned to agents, based on the policy and the attribute of the agents distributed on the network;
  
  storing the assigned role and conditions for executing the contents of the role;
  
  executing corresponding contents of a role when the conditions for executing the contents of the role are satisfied;
  
  controlling the defined virtual communication channel so that each agent exchanges a message with other agents in accordance with the assigned role based on the policy;
  
  authenticating access rights of each agent to the virtual communication channel and contents of a role;
  
  issuing a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy;
  
  issuing an attribute certification for certifying attributes of each agent; and
  
  issuing a public key certification for certifying that an agent on the network has been authenticated, each agent including a trust engine for interpreting the policy certification and the attribute certification.

24. A virtual communication channel for brokering information communication among agents present on a network, which is controlled based on a policy that defines a virtual communication channel and that is a collection of rules containing a rule representing a relationship between attributes of an agent and a role assigned in accordance with the attributes, wherein the channel:
- specifies appropriate contents of a role to be assigned to agents, based on the policy and the attribute of the agents distributed on the network;
  
  allows each agent to have a role in accordance with the attributes thereof based on the policy, and virtually connects the operating agents to other agents based on the policy through the virtual communication channel defined;
  
  brokers collaboration of each agent through execution of the contents of the role;
  
  authenticates access rights of each agent to the virtual communication channel and contents of a role;
  
  issues a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy;
  
  issues an attribute certification for certifying attributes of each agent; and
  
  issues a public key certification for certifying that an agent on the network has been authenticated, each agent including a trust engine for interpreting the policy certification and the attribute certification.

25. A virtual private community provided by a virtual communication channel for brokering information communication among agents present on a network, which is controlled based on a policy that is a collection of rules containing a rule representing a relationship between attributes of an agent and a role assigned in accordance with the attributes, wherein said channel:
- specifies appropriate contents of a role to be assigned to agents, based on the policy and the attribute of the agents distributed on the network;
  
  allows each agent to have a role in accordance with the attributes thereof based on the policy, and virtually connects the operating agents to each other based on the policy, and brokers collaboration of each agent through execution of the contents of the role;
  
  authenticates access rights of each agent to the virtual communication channel and contents of a role;
  
  issues a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy;
  
  issues an attribute certification for certifying attributes of each agent; and
  
  issues a public key certification for certifying that an agent on the network has been authenticated, each agent including a trust engine for interpreting the policy certification and the attribute certification.

26. A method of connecting agents of a network with each other through a virtual communication channel, comprising:
- assigning each of the agents a role in accordance with a corresponding attribute of each agent and based on policy information including rules representing a relationship between the corresponding attribute of each agent and the role assigned in accordance with the attribute,specifying appropriate contents of a role to be assigned to agents, based on the policy and the attribute of the agents distributed on the network, the policy being used to define a virtual communication channel;
  
  dynamically connecting the agents to each other based on the policy information through the virtual communication channel defined, where contents of the corresponding role assigned to the agents is executed when execution conditions of the respective role is satisfied;
  
  authenticating access rights of each agent to the virtual communication channel and contents of a role;
  
  issuing a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy;
  
  issuing an attribute certification for certifying attributes of each agent; and
  
  issuing a public key certification for certifying that an agent on the network has been authenticated, each agent including a trust engine for interpreting the policy certification and the attribute certification.

27. A method of connecting agents of a network via a virtual communication channel, comprising:
- defining a virtual communication channel for generating a virtual community among a selected number of the agents based on a role assigned to the agents and policy information including rules representing a relationship between attributes of the agents;
  
  specifying appropriate contents of a role to be assigned to agents, based on the policy and the attribute of the agents distributed on the network;
  
  connecting the selected number of agents to each other and exchanging information between the agents in the virtual community using the defined virtual communication channel;
  
  authenticating access rights of each agent to the virtual communication channel and contents of a role;
  
  issuing a policy certification for certifying that a policy is an authentic one, based on an electronic signature provided to data describing the policy;
  
  issuing an attribute certification for certifying attributes of each agent; and
  
  issuing a public key certification for certifying that an agent on the network has been authenticated, each agent including a trust engine for interpreting the policy certification and the attribute certification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Fukuta, Shigeki, Okada, Makoto, Mohri, Takao, Wada, Yuji, Iwao, Tadashige, Yamasaki, Shigeichiro, Nishigaya, Takashi, Shiouchi, Masatoshi
Primary Examiner(s)
Follansbee; John
Assistant Examiner(s)
PATEL, ASHOKKUMAR B

Application Number

US09/788,474
Publication Number

US 20020029278A1
Time in Patent Office

2,169 Days
Field of Search

719/317, 709/202, 713/201
US Class Current

709/202
CPC Class Codes

H04L 2463/102   applying security measure f...

H04L 41/046   comprising network manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

H04L 63/1416   Event detection, e.g. attac...

Virtual communication channel and virtual private community, and agent collaboration system and agent collaboration method for controlling the same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual communication channel and virtual private community, and agent collaboration system and agent collaboration method for controlling the same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links